alopresto commented on a change in pull request #3482: NIFI-6280 - Broke out
the matching for /access/knox/** and /access/oi…
URL: https://github.com/apache/nifi/pull/3482#discussion_r286114844
##########
File path:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
##########
@@ -766,13 +766,17 @@ public Response logOut(@Context HttpServletRequest
httpServletRequest, @Context
throw new IllegalStateException("User authentication/authorization
is only supported when running over HTTPS.");
}
- String authorizationHeader =
httpServletRequest.getHeader(JwtAuthenticationFilter.AUTHORIZATION);
- final String token =
StringUtils.substringAfterLast(authorizationHeader, " ");
- try {
- jwtService.logOut(token);
- return generateOkResponse().build();
- } catch (final JwtException e) {
- return Response.serverError().build();
+ String userIdentity = NiFiUserUtils.getNiFiUserIdentity();
+
+ if(userIdentity != null && !userIdentity.isEmpty()) {
+ try {
+ jwtService.logOut(userIdentity);
+ return generateOkResponse().build();
+ } catch (final JwtException e) {
+ return Response.serverError().build();
Review comment:
Sorry, I meant that even if the eventual error was logged somewhere in a
stacktrace, I would expect a line written here in the `nifi-user.log` file
showing the failure to logout. Just add `USER_FILE` appender, aka
`nifi-user.log`.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
