exceptionfactory opened a new pull request #5344:
URL: https://github.com/apache/nifi/pull/5344
#### Description of PR
NIFI-9049 Replaces browser-based persistence of JSON Web Tokens in
`localStorage` with a new `nf.AuthorizationStorage` component based on
`sessionStorage`.
The current implementation relies on persisting an expiration timestamp
along with the JSON Web Token, but the `localStorage` entry remains in the
browser across multiple tabs and browser restarts. With the introduction of
HTTP Session Cookies in #4988, this can result in the browser retaining the
token in `localStorage` after the browser has removed the HTTP Session Cookie.
This mismatch of persistence lifespan results in NiFi allowing access to the
user interface, but denying access when open custom UI extensions of viewing
provenance data content. Those user interface requests require the presence of
the HTTP Session Cookie for access.
Changing the persistent storage approach ensures that both the HTTP Session
Cookie and the `sessionStorage` contents will be removed when restarting the
browser.
Changes in this Pull Request also include checking for the existence of the
`Authorization` header in `AccessResource.getAccessStatus()`, and instructing
the browser to remove the Session Cookie when the `Authorization` header is
missing. Updating the `nf-canvas.js` loading process to call
`getAccessStatus()` ensures that both the HTTP Session Cookie and the JSON Web
Token from `sessionStorage` are present. This addresses scenarios where the
browser may have the Session Cookie, but not have the token, which then
redirects the browser to the login screen.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
### For all changes:
- [X] Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
- [X] Does your PR title start with **NIFI-XXXX** where XXXX is the JIRA
number you are trying to resolve? Pay particular attention to the hyphen "-"
character.
- [X] Has your PR been rebased against the latest commit within the target
branch (typically `main`)?
- [X] Is your initial contribution a single, squashed commit? _Additional
commits in response to PR reviewer feedback should be made on this branch and
pushed to allow change tracking. Do not `squash` or use `--force` when pushing
to allow for clean monitoring of changes._
### For code changes:
- [X] Have you ensured that the full suite of tests is executed via `mvn
-Pcontrib-check clean install` at the root `nifi` folder?
- [ ] Have you written or updated unit tests to verify your changes?
- [X] Have you verified that the full build is successful on JDK 8?
- [X] Have you verified that the full build is successful on JDK 11?
- [ ] If adding new dependencies to the code, are these dependencies
licensed in a way that is compatible for inclusion under [ASF
2.0](http://www.apache.org/legal/resolved.html#category-a)?
- [ ] If applicable, have you updated the `LICENSE` file, including the main
`LICENSE` file under `nifi-assembly`?
- [ ] If applicable, have you updated the `NOTICE` file, including the main
`NOTICE` file found under `nifi-assembly`?
- [ ] If adding new Properties, have you added `.displayName` in addition to
.name (programmatic access) for each of the new properties?
### For documentation related changes:
- [ ] Have you ensured that format looks appropriate for the output in which
it is rendered?
### Note:
Please ensure that once the PR is submitted, you check GitHub Actions CI for
build issues and submit an update to your PR as soon as possible.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
