You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by "Nathan Gough (JIRA)" <ji...@apache.org> on 2019/02/27 19:28:00 UTC
[jira] [Assigned] (NIFI-6085) Bearer Token isn't killed after user
logs out
[ https://issues.apache.org/jira/browse/NIFI-6085?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Nathan Gough reassigned NIFI-6085:
----------------------------------
Assignee: Nathan Gough
> Bearer Token isn't killed after user logs out
> ---------------------------------------------
>
> Key: NIFI-6085
> URL: https://issues.apache.org/jira/browse/NIFI-6085
> Project: Apache NiFi
> Issue Type: Bug
> Components: Security
> Affects Versions: 1.5.0
> Reporter: Abdu Sahin
> Assignee: Nathan Gough
> Priority: Major
>
> I observed that Authorization Bearer token is not invalidated after a logout.
> Steps to produce
> Step 1: Login to Nifi as usual.
> Step 2: Copy the authorisation bearer token after the login from /nifi-api/access/token response.
> Step 3: Make a request a curl request as below and observe http 200 response is received with status information.
> {code:java}
> curl -v -H "Authorization: Bearer <Token>" https://nifi-server/nifi-api/flow/status{code}
> Step 4: Log out from Nifi Console
> Step 5: Repeat Step 3 and observe again http 200 response is received with status information even though the user has logged out.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)