[GitHub] [nifi] turcsanyip commented on a diff in pull request #7313: NIFI-11614 Improve Validation for JndiJmsConnectionFactoryProvider

Wed, 31 May 2023 06:57:32 -0700 


turcsanyip commented on code in PR #7313:
URL: https://github.com/apache/nifi/pull/7313#discussion_r1211762688


##########
nifi-nar-bundles/nifi-jms-bundle/nifi-jms-processors/src/main/java/org/apache/nifi/jms/cf/JndiJmsConnectionFactoryProperties.java:
##########
@@ -114,4 +119,67 @@ public static PropertyDescriptor 
getDynamicPropertyDescriptor(final String prope
                 .build();
     }
 
+    private static class JndiJmsContextFactoryValidator implements Validator {
+        private static final String DISALLOWED_CONTEXT_FACTORY = 
"LdapCtxFactory";
+
+        @Override
+        public ValidationResult validate(final String subject, final String 
input, final ValidationContext context) {
+            final ValidationResult.Builder builder = new 
ValidationResult.Builder().subject(subject).input(input);
+
+            if (input == null || input.isEmpty()) {
+                builder.valid(false);
+                builder.explanation("Context Factory is required");
+            } else if (input.endsWith(DISALLOWED_CONTEXT_FACTORY)) {
+                builder.valid(false);
+                builder.explanation(String.format("Context Factory [%s] not 
allowed", DISALLOWED_CONTEXT_FACTORY));
+            } else {
+                builder.valid(true);
+                builder.explanation("Context Factory allowed");
+            }
+
+            return builder.build();
+        }
+    }
+
+    private static class JndiJmsProviderUrlValidator implements Validator {
+        /** JNDI JMS URL Allowed Schemes based on ActiveMQ Connection Factory 
*/
+        private static final Set<String> ALLOWED_SCHEMES = 
Collections.unmodifiableSet(new LinkedHashSet<>(Arrays.asList(
+                "jgroups",
+                "tcp",
+                "udp",
+                "vm"
+        )));

Review Comment:
   @exceptionfactory I have concerns that we can enumerate all supported 
schemes because they are vendor specific. E.g. WebLogic uses `t3(s)://`. 
Basically, it can be an arbitrary name.
   
   I also understand that `ldap://` is problematic but WebSphere MQ relies on 
it when using JNDI (or the local `file://` can be used).
   
   Do you have any idea how to handle these shortcomings while keeping the 
validation logic?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to