Github user ijokarumawak commented on a diff in the pull request:
https://github.com/apache/nifi/pull/3110#discussion_r230287180
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/queue/clustered/server/ClusterLoadBalanceAuthorizer.java
---
@@ -57,11 +79,35 @@ public String authorize(final Collection<String>
clientIdentities) throws NotAut
}
}
- final String message = String.format("Authorization failed for
Client ID's %s to Load Balance data because none of the ID's are known Cluster
Node Identifiers",
- clientIdentities);
+ // If there are no matches of Client IDs, try to verify it by
HostnameVerifier. In this way, we can support wildcard certificates.
+ for (final String nodeId : nodeIds) {
+ if (hostnameVerifier.verify(nodeId, sslSession)) {
+ final String clientId =
sslSocket.getInetAddress().getHostName();
+ logger.debug("The request was verified with node '{}'. The
hostname derived from the socket is '{}'. Authorizing Client to Load Balance
data", nodeId, clientId);
+ return clientId;
+ }
+ }
+
+ final String message = String.format("Authorization failed for
Client ID's to Load Balance data because none of the ID's are known Cluster
Node Identifiers");
--- End diff --
We don't have to use `String.format()` here, please the String to
`logger.warn()` directly.
---
