You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2015/11/27 16:06:08 UTC
nifi git commit: NIFI-655: - Fixing issue with filter bean
initialization when clustered.
Repository: nifi
Updated Branches:
refs/heads/NIFI-655 6bce858e4 -> c1cc165ed
NIFI-655:
- Fixing issue with filter bean initialization when clustered.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/c1cc165e
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/c1cc165e
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/c1cc165e
Branch: refs/heads/NIFI-655
Commit: c1cc165edb2fdacdcc958f8b4b1dcf97bf40eb5f
Parents: 6bce858
Author: Matt Gilman <ma...@gmail.com>
Authored: Fri Nov 27 10:05:58 2015 -0500
Committer: Matt Gilman <ma...@gmail.com>
Committed: Fri Nov 27 10:05:58 2015 -0500
----------------------------------------------------------------------
.../web/NiFiWebApiSecurityConfiguration.java | 72 ++++++++++++--------
.../web/security/NiFiAuthenticationFilter.java | 10 +--
2 files changed, 47 insertions(+), 35 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/c1cc165e/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
index bf12dee..73e9640 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
@@ -58,6 +58,11 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
private X509IdentityProvider certificateIdentityProvider;
private LoginIdentityProvider loginIdentityProvider;
+ private NodeAuthorizedUserFilter nodeAuthorizedUserFilter;
+ private JwtAuthenticationFilter jwtAuthenticationFilter;
+ private X509AuthenticationFilter x509AuthenticationFilter;
+ private NiFiAnonymousUserFilter anonymousAuthenticationFilter;
+
public NiFiWebApiSecurityConfiguration() {
super(true); // disable defaults
}
@@ -80,17 +85,17 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
.sessionCreationPolicy(SessionCreationPolicy.STATELESS);
// cluster authorized user
- http.addFilterBefore(buildNodeAuthorizedUserFilter(), AnonymousAuthenticationFilter.class);
+ http.addFilterBefore(nodeAuthorizedUserFilterBean(), AnonymousAuthenticationFilter.class);
// anonymous
- http.anonymous().authenticationFilter(buildAnonymousFilter());
+ http.anonymous().authenticationFilter(anonymousFilterBean());
// x509
- http.addFilterAfter(buildX509Filter(), AnonymousAuthenticationFilter.class);
+ http.addFilterAfter(x509FilterBean(), AnonymousAuthenticationFilter.class);
// jwt - consider when configured for log in
if (loginIdentityProvider != null) {
- http.addFilterAfter(buildJwtFilter(), AnonymousAuthenticationFilter.class);
+ http.addFilterAfter(jwtFilterBean(), AnonymousAuthenticationFilter.class);
}
}
@@ -106,35 +111,48 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
auth.authenticationProvider(new NiFiAuthenticationProvider(userDetailsService));
}
- private NodeAuthorizedUserFilter buildNodeAuthorizedUserFilter() {
- final NodeAuthorizedUserFilter nodeFilter = new NodeAuthorizedUserFilter();
- nodeFilter.setProperties(properties);
- nodeFilter.setCertificateExtractor(certificateExtractor);
- nodeFilter.setCertificateIdentityProvider(certificateIdentityProvider);
- return nodeFilter;
+ @Bean
+ public NodeAuthorizedUserFilter nodeAuthorizedUserFilterBean() throws Exception {
+ if (nodeAuthorizedUserFilter == null) {
+ nodeAuthorizedUserFilter = new NodeAuthorizedUserFilter();
+ nodeAuthorizedUserFilter.setProperties(properties);
+ nodeAuthorizedUserFilter.setCertificateExtractor(certificateExtractor);
+ nodeAuthorizedUserFilter.setCertificateIdentityProvider(certificateIdentityProvider);
+ }
+ return nodeAuthorizedUserFilter;
}
- private JwtAuthenticationFilter buildJwtFilter() throws Exception {
- final JwtAuthenticationFilter jwtFilter = new JwtAuthenticationFilter();
- jwtFilter.setProperties(properties);
- jwtFilter.setJwtService(jwtService);
- jwtFilter.setAuthenticationManager(authenticationManager());
- return jwtFilter;
+ @Bean
+ public JwtAuthenticationFilter jwtFilterBean() throws Exception {
+ // only consider the jwt authentication filter when configured for login
+ if (jwtAuthenticationFilter == null && loginIdentityProvider != null) {
+ jwtAuthenticationFilter = new JwtAuthenticationFilter();
+ jwtAuthenticationFilter.setProperties(properties);
+ jwtAuthenticationFilter.setJwtService(jwtService);
+ jwtAuthenticationFilter.setAuthenticationManager(authenticationManager());
+ }
+ return jwtAuthenticationFilter;
}
- private X509AuthenticationFilter buildX509Filter() throws Exception {
- final X509AuthenticationFilter x509Filter = new X509AuthenticationFilter();
- x509Filter.setProperties(properties);
- x509Filter.setCertificateExtractor(certificateExtractor);
- x509Filter.setCertificateIdentityProvider(certificateIdentityProvider);
- x509Filter.setAuthenticationManager(authenticationManager());
- return x509Filter;
+ @Bean
+ public X509AuthenticationFilter x509FilterBean() throws Exception {
+ if (x509AuthenticationFilter == null) {
+ x509AuthenticationFilter = new X509AuthenticationFilter();
+ x509AuthenticationFilter.setProperties(properties);
+ x509AuthenticationFilter.setCertificateExtractor(certificateExtractor);
+ x509AuthenticationFilter.setCertificateIdentityProvider(certificateIdentityProvider);
+ x509AuthenticationFilter.setAuthenticationManager(authenticationManager());
+ }
+ return x509AuthenticationFilter;
}
- private AnonymousAuthenticationFilter buildAnonymousFilter() {
- final NiFiAnonymousUserFilter anonymousFilter = new NiFiAnonymousUserFilter();
- anonymousFilter.setUserService(userService);
- return anonymousFilter;
+ @Bean
+ public NiFiAnonymousUserFilter anonymousFilterBean() throws Exception {
+ if (anonymousAuthenticationFilter == null) {
+ anonymousAuthenticationFilter = new NiFiAnonymousUserFilter();
+ anonymousAuthenticationFilter.setUserService(userService);
+ }
+ return anonymousAuthenticationFilter;
}
@Autowired
http://git-wip-us.apache.org/repos/asf/nifi/blob/c1cc165e/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
index 7ceca04..be781c2 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
@@ -18,9 +18,7 @@ package org.apache.nifi.web.security;
import java.io.IOException;
import java.io.PrintWriter;
-import javax.servlet.Filter;
import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
@@ -40,11 +38,12 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.web.filter.GenericFilterBean;
/**
*
*/
-public abstract class NiFiAuthenticationFilter implements Filter {
+public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
private static final Logger logger = LoggerFactory.getLogger(NiFiAuthenticationFilter.class);
@@ -52,11 +51,6 @@ public abstract class NiFiAuthenticationFilter implements Filter {
private NiFiProperties properties;
@Override
- public void init(final FilterConfig filterConfig) throws ServletException {
- throw new UnsupportedOperationException("Not supported yet."); //To change body of generated methods, choose Tools | Templates.
- }
-
- @Override
public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) throws IOException, ServletException {
if (logger.isDebugEnabled()) {
logger.debug("Checking secure context token: " + SecurityContextHolder.getContext().getAuthentication());