You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by jo...@apache.org on 2022/03/14 19:53:00 UTC
[nifi] branch main updated: NIFI-9796 This closes #5866. Updated Registry Security Configuration to avoid warnings
This is an automated email from the ASF dual-hosted git repository.
joewitt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push:
new 36b3f18 NIFI-9796 This closes #5866. Updated Registry Security Configuration to avoid warnings
36b3f18 is described below
commit 36b3f184249c2184df7ae69a23c30144f5c2c2b2
Author: exceptionfactory <ex...@apache.org>
AuthorDate: Mon Mar 14 14:18:12 2022 -0500
NIFI-9796 This closes #5866. Updated Registry Security Configuration to avoid warnings
- Replaced WebSecurity.ignoring().antMatchers() with HttpSecurity.authorizeRequests().antMatchers()
Signed-off-by: Joe Witt <jo...@apache.org>
---
.../web/security/NiFiRegistrySecurityConfig.java | 25 +++++++++++-----------
1 file changed, 12 insertions(+), 13 deletions(-)
diff --git a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/NiFiRegistrySecurityConfig.java b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/NiFiRegistrySecurityConfig.java
index 8525727..86f956f 100644
--- a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/NiFiRegistrySecurityConfig.java
+++ b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/NiFiRegistrySecurityConfig.java
@@ -36,7 +36,6 @@ import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
@@ -45,7 +44,6 @@ import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
-import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
@@ -69,7 +67,7 @@ public class NiFiRegistrySecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private Authorizer authorizer;
- private AnonymousIdentityFilter anonymousAuthenticationFilter = new AnonymousIdentityFilter();
+ private final AnonymousIdentityFilter anonymousAuthenticationFilter = new AnonymousIdentityFilter();
@Autowired
private X509IdentityProvider x509IdentityProvider;
@@ -88,17 +86,18 @@ public class NiFiRegistrySecurityConfig extends WebSecurityConfigurerAdapter {
}
@Override
- public void configure(WebSecurity webSecurity) throws Exception {
- // allow any client to access the endpoint for logging in to generate an access token
- webSecurity.ignoring().antMatchers( "/access/token", "/access/token/kerberos",
- "/access/oidc/exchange", "/access/oidc/callback", "/access/oidc/request", "/access/token/identity-provider" );
- }
-
- @Override
protected void configure(HttpSecurity http) throws Exception {
http
.rememberMe().disable()
.authorizeRequests()
+ .antMatchers(
+ "/access/token",
+ "/access/token/identity-provider",
+ "/access/token/kerberos",
+ "/access/oidc/callback",
+ "/access/oidc/exchange",
+ "/access/oidc/request"
+ ).permitAll()
.anyRequest().fullyAuthenticated()
.and()
.exceptionHandling()
@@ -150,7 +149,7 @@ public class NiFiRegistrySecurityConfig extends WebSecurityConfigurerAdapter {
return super.authenticationManagerBean();
}
- private IdentityFilter x509AuthenticationFilter() throws Exception {
+ private IdentityFilter x509AuthenticationFilter() {
if (x509AuthenticationFilter == null) {
x509AuthenticationFilter = new IdentityFilter(x509IdentityProvider);
}
@@ -164,7 +163,7 @@ public class NiFiRegistrySecurityConfig extends WebSecurityConfigurerAdapter {
return x509AuthenticationProvider;
}
- private IdentityFilter jwtAuthenticationFilter() throws Exception {
+ private IdentityFilter jwtAuthenticationFilter() {
if (jwtAuthenticationFilter == null) {
jwtAuthenticationFilter = new IdentityFilter(jwtIdentityProvider);
}
@@ -198,7 +197,7 @@ public class NiFiRegistrySecurityConfig extends WebSecurityConfigurerAdapter {
public void commence(HttpServletRequest request,
HttpServletResponse response,
AuthenticationException authenticationException)
- throws IOException, ServletException {
+ throws IOException {
// return a 401 response
final int status = HttpServletResponse.SC_UNAUTHORIZED;