Re: [PR] NIFI-15221 - Major upgrade to Spring 7 [nifi]

Wed, 10 Dec 2025 16:02:24 -0800 


kevdoran commented on code in PR #10554:
URL: https://github.com/apache/nifi/pull/10554#discussion_r2608634649


##########
nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/IdentityFilter.java:
##########
@@ -76,13 +80,24 @@ public void doFilter(ServletRequest servletRequest, 
ServletResponse servletRespo
         try {
             AuthenticationRequest authenticationRequest = 
identityProvider.extractCredentials((HttpServletRequest) servletRequest);
             if (authenticationRequest != null) {
-                Authentication authentication = new 
AuthenticationRequestToken(authenticationRequest, identityProvider.getClass(), 
servletRequest.getRemoteAddr());
+                Authentication authentication = new AuthenticationRequestToken(
+                        authenticationRequest,
+                        identityProvider.getClass(),
+                        servletRequest.getRemoteAddr());
                 logger.debug("Adding credentials claim to SecurityContext to 
be authenticated. Credentials extracted by {}: {}",
                         identityProvider.getClass().getSimpleName(),
                         authenticationRequest);
-                
SecurityContextHolder.getContext().setAuthentication(authentication);
-                // This filter's job, which is merely to search for and 
extract an identity claim, is done.
-                // The actual authentication of the identity claim will be 
handled by a corresponding IdentityAuthenticationProvider
+                if (authenticationManager != null) {
+                    try {
+                        Authentication authenticated = 
authenticationManager.authenticate(authentication);
+                        
SecurityContextHolder.getContext().setAuthentication(authenticated);
+                    } catch (AuthenticationException ex) {
+                        logger.debug("Authentication failed in IdentityFilter 
for provider {}: {}", identityProvider.getClass().getSimpleName(), 
ex.getMessage());
+                        throw ex;
+                    }
+                } else {
+                    
SecurityContextHolder.getContext().setAuthentication(authentication);
+                }

Review Comment:
   I dug up this old `nifi-registry` PR that shows the original design to make 
authentication a framework extension point (via the `IdentityProvider` API) and 
how to bridge the configured NiFi Registry IdentityProvider into Spring 
Security. 
   
   https://github.com/apache/nifi-registry/pull/37 
   
   This worked using the AuthenticationProvider interface in older versions of 
Spring Security, which looks like it has been deprecated, and the implicit call 
is no longer happening. I'm looking into refactoring the original extension 
point to work with the newer version of Spring Security



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to