kevdoran commented on a change in pull request #194: NIFIREG-212 Separating
proxy into Read, Write, and Delete so some pro…
URL: https://github.com/apache/nifi-registry/pull/194#discussion_r290759669
##########
File path:
nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/x509/X509IdentityAuthenticationProvider.java
##########
@@ -97,16 +106,51 @@ protected AuthenticationSuccessToken
buildAuthenticatedToken(
proxy = createUser(identity, groups, proxy, clientAddress,
isAnonymous);
if (chainIter.hasPrevious()) {
- try {
- PROXY_AUTHORIZABLE.authorize(authorizer,
RequestAction.WRITE, proxy);
- } catch (final AccessDeniedException e) {
- throw new UntrustedProxyException(String.format("Untrusted
proxy [%s].", identity));
+ final String httpMethodStr =
x509RequestDetails.getHttpMethod().toUpperCase();
+ final HttpMethod httpMethod =
HttpMethod.resolve(httpMethodStr);
+ LOGGER.debug("HTTP method is {}", new Object[]{httpMethod});
Review comment:
This is minor as we never really run with deployments with more than one
proxy hop in practice, but this conversion to enum and logging the result could
be done outside of the proxy chain for loop.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
