alopresto commented on a change in pull request #3482: NIFI-6280 - Broke out
the matching for /access/knox/** and /access/oi…
URL: https://github.com/apache/nifi/pull/3482#discussion_r285300191
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
##########
@@ -766,13 +766,17 @@ public Response logOut(@Context HttpServletRequest
httpServletRequest, @Context
throw new IllegalStateException("User authentication/authorization
is only supported when running over HTTPS.");
}
- String authorizationHeader =
httpServletRequest.getHeader(JwtAuthenticationFilter.AUTHORIZATION);
- final String token =
StringUtils.substringAfterLast(authorizationHeader, " ");
- try {
- jwtService.logOut(token);
- return generateOkResponse().build();
- } catch (final JwtException e) {
- return Response.serverError().build();
+ String userIdentity = NiFiUserUtils.getNiFiUserIdentity();
+
+ if(userIdentity != null && !userIdentity.isEmpty()) {
+ try {
+ jwtService.logOut(userIdentity);
+ return generateOkResponse().build();
+ } catch (final JwtException e) {
+ return Response.serverError().build();
Review comment:
I think error logging here makes sense (even if this is captured in the
`nifi-app.log` somewhere, we should log it in `nifi-user.log` as well).
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
