[jira] [Commented] (NIFIREG-45) Refactor NiFi Registry LoginIdentityProvider

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/NIFIREG-45?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16259833#comment-16259833
 ] 

ASF GitHub Bot commented on NIFIREG-45:
---------------------------------------

Github user bbende commented on the issue:

    https://github.com/apache/nifi-registry/pull/37
  
    Nice work on this refactoring, seems like a good approach.
    
    Noticed one minor thing when I was testing (and didn't really know what I 
was doing), I happened to POST to the new token/identity-provider endpoint, but 
I still had my URL form-encoding set so it was missing the Basic header, and I 
got a NPE:
    
    ```
    Caused by: 
org.apache.nifi.registry.security.authentication.exception.IdentityAccessException:
 Unable to validate the supplied credentials. Please contact the system 
administrator.
        at 
org.apache.nifi.registry.security.ldap.LdapIdentityProvider.authenticate(LdapIdentityProvider.java:274)
 ~[nifi-registry-framework-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
        at 
org.apache.nifi.registry.web.api.AccessResource.createAccessTokenUsingIdentityProviderCredentials(AccessResource.java:220)
 ~[classes/:na]
        ... 89 common frames omitted
    Caused by: java.lang.NullPointerException: null
        at 
org.apache.nifi.registry.security.ldap.LdapIdentityProvider.authenticate(LdapIdentityProvider.java:238)
 ~[nifi-registry-framework-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
        ... 90 common frames omitted
    ```
    I'm guessing the call to extractCredentials returned null, but then not 
sure whats supposed to happen after that.


> Refactor NiFi Registry LoginIdentityProvider
> --------------------------------------------
>
>                 Key: NIFIREG-45
>                 URL: https://issues.apache.org/jira/browse/NIFIREG-45
>             Project: NiFi Registry
>          Issue Type: Improvement
>            Reporter: Kevin Doran
>            Assignee: Kevin Doran
>         Attachments: IdentityProviderDesign.png
>
>
> The initial implementation of identity provider implementation for NiFi 
> Registry was based on the current (at the time) implementation on NiFi that 
> used a LoginIdentityProvider Interface that authenticated a LoginCredentials 
> object holding a username/password. This was for legacy reasons that were 
> NiFi-specific relating to avoiding inclusion of servlet jars in the 
> dependency for the identity provider api module.
> This is not a constraint for Registry (or NiFi any more apparently), so this 
> ticket is to refactor this interface to be more general by authenticating a 
> ServletRequest object, which would open implementations up to supporting more 
> ways of the client passing in the identity claim (eg, cookie value).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)