Re: [PR] NIFI-15221 - Major upgrade to Spring 7 [nifi]

Fri, 21 Nov 2025 04:08:54 -0800 


pvillard31 commented on code in PR #10554:
URL: https://github.com/apache/nifi/pull/10554#discussion_r2549551933


##########
nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/IdentityFilter.java:
##########
@@ -76,13 +80,24 @@ public void doFilter(ServletRequest servletRequest, 
ServletResponse servletRespo
         try {
             AuthenticationRequest authenticationRequest = 
identityProvider.extractCredentials((HttpServletRequest) servletRequest);
             if (authenticationRequest != null) {
-                Authentication authentication = new 
AuthenticationRequestToken(authenticationRequest, identityProvider.getClass(), 
servletRequest.getRemoteAddr());
+                Authentication authentication = new AuthenticationRequestToken(
+                        authenticationRequest,
+                        identityProvider.getClass(),
+                        servletRequest.getRemoteAddr());
                 logger.debug("Adding credentials claim to SecurityContext to 
be authenticated. Credentials extracted by {}: {}",
                         identityProvider.getClass().getSimpleName(),
                         authenticationRequest);
-                
SecurityContextHolder.getContext().setAuthentication(authentication);
-                // This filter's job, which is merely to search for and 
extract an identity claim, is done.
-                // The actual authentication of the identity claim will be 
handled by a corresponding IdentityAuthenticationProvider
+                if (authenticationManager != null) {
+                    try {
+                        Authentication authenticated = 
authenticationManager.authenticate(authentication);
+                        
SecurityContextHolder.getContext().setAuthentication(authenticated);
+                    } catch (AuthenticationException ex) {
+                        logger.debug("Authentication failed in IdentityFilter 
for provider {}: {}", identityProvider.getClass().getSimpleName(), 
ex.getMessage());
+                        throw ex;
+                    }
+                } else {
+                    
SecurityContextHolder.getContext().setAuthentication(authentication);
+                }

Review Comment:
   A larger refactor would be needed for NiFi Registry when it comes to 
authentication but this is the only approach I could find to make it work with 
all the upgrades. Thoughts @exceptionfactory ?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to