You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2015/12/01 14:52:00 UTC
nifi git commit: NIFI-655: - Adding additional logging when
proceeding as an anonymous user.
Repository: nifi
Updated Branches:
refs/heads/NIFI-655 2b0819a5f -> c100052da
NIFI-655:
- Adding additional logging when proceeding as an anonymous user.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/c100052d
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/c100052d
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/c100052d
Branch: refs/heads/NIFI-655
Commit: c100052dac7c1366767e78c088da50ffb27958b4
Parents: 2b0819a
Author: Matt Gilman <ma...@gmail.com>
Authored: Tue Dec 1 08:51:45 2015 -0500
Committer: Matt Gilman <ma...@gmail.com>
Committed: Tue Dec 1 08:51:45 2015 -0500
----------------------------------------------------------------------
.../web/security/NiFiAuthenticationFilter.java | 32 ++++++++++++--------
1 file changed, 20 insertions(+), 12 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/c100052d/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
index c9b5c88..f0000f8 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
@@ -45,15 +45,15 @@ import org.springframework.web.filter.GenericFilterBean;
*/
public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
- private static final Logger logger = LoggerFactory.getLogger(NiFiAuthenticationFilter.class);
+ private static final Logger log = LoggerFactory.getLogger(NiFiAuthenticationFilter.class);
private AuthenticationManager authenticationManager;
private NiFiProperties properties;
@Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
- if (logger.isDebugEnabled()) {
- logger.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
+ if (log.isDebugEnabled()) {
+ log.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());
}
if (requiresAuthentication((HttpServletRequest) request)) {
@@ -80,12 +80,14 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
}
private void authenticate(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException {
+ String dnChain = null;
try {
final NiFiAuthenticationRequestToken authenticated = attemptAuthentication(request);
if (authenticated != null) {
+ dnChain = ProxiedEntitiesUtils.formatProxyDn(StringUtils.join(authenticated.getChain(), "><"));
+
// log the request attempt - response details will be logged later
- logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)",
- ProxiedEntitiesUtils.formatProxyDn(StringUtils.join(authenticated.getChain(), "><")), request.getMethod(),
+ log.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", dnChain, request.getMethod(),
request.getRequestURL().toString(), request.getRemoteAddr()));
// attempt to authorize the user
@@ -101,6 +103,12 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
} catch (final AuthenticationException ae) {
// other authentication exceptions... if we are already the anonymous user, allow through otherwise error out
if (isAnonymousUser()) {
+ if (dnChain == null) {
+ log.info(String.format("Continuing as anonymous user. Unable to authenticate %s: %s", dnChain, ae));
+ } else {
+ log.info(String.format("Continuing as anonymous user. Unable to authenticate: %s", ae));
+ }
+
chain.doFilter(request, response);
} else {
unsuccessfulAuthorization(request, response, ae);
@@ -120,8 +128,8 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
public abstract NiFiAuthenticationRequestToken attemptAuthentication(HttpServletRequest request);
protected void successfulAuthorization(HttpServletRequest request, HttpServletResponse response, Authentication authResult) {
- if (logger.isDebugEnabled()) {
- logger.debug("Authentication success: " + authResult);
+ if (log.isDebugEnabled()) {
+ log.debug("Authentication success: " + authResult);
}
SecurityContextHolder.getContext().setAuthentication(authResult);
@@ -157,21 +165,21 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
out.println(ae.getMessage());
} else if (ae instanceof AuthenticationServiceException) {
- logger.error(String.format("Unable to authorize: %s", ae.getMessage()), ae);
+ log.error(String.format("Unable to authorize: %s", ae.getMessage()), ae);
response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
out.println(String.format("Unable to authorize: %s", ae.getMessage()));
} else {
- logger.error(String.format("Unable to authorize: %s", ae.getMessage()), ae);
+ log.error(String.format("Unable to authorize: %s", ae.getMessage()), ae);
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
out.println("Access is denied.");
}
// log the failure
- logger.info(String.format("Rejecting access to web api: %s", ae.getMessage()));
+ log.info(String.format("Rejecting access to web api: %s", ae.getMessage()));
// optionally log the stack trace
- if (logger.isDebugEnabled()) {
- logger.debug(StringUtils.EMPTY, ae);
+ if (log.isDebugEnabled()) {
+ log.debug(StringUtils.EMPTY, ae);
}
}