You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2022/08/24 21:52:05 UTC

[GitHub] [nifi] exceptionfactory opened a new pull request, #6334: NIFI-10313 Remove Expiration Token on Authentication Errors

exceptionfactory opened a new pull request, #6334:
URL: https://github.com/apache/nifi/pull/6334

   # Summary
   
   [NIFI-10313](https://issues.apache.org/jira/browse/NIFI-10313) Corrects user interface error handling to remove the internal `Access-Token-Expiration` tracker from browser session storage when receiving specific HTTP authentication errors.
   
   Updates to the standard error handler include checking for the presence of the `WWW-Authenticate` HTTP response header and determining whether it starts with `Bearer`. The `StandardAuthenticationEntryPoint` introduced in [NIFI-10259](https://issues.apache.org/jira/browse/NIFI-10259) sets this header when encountering an error while parsing and verifying a JSON Web Token. The standard error handler removes the `Access-Token-Expiration` tracker from browser session storage, instructing the user interface to initiate a new authentication process when the user navigates to the application home screen.
   
   This update improves behavior for Kerberos SPNEGO authentication scenarios. Without these changes, the REST API instructs the browser to remove the session cookie, but the user interface does not remove the `Access-Token-Expiration` tracker. This results in the user interface displaying the log out link, which does not work, and the home link, which redirects to the login screen, requiring an additional click to the home screen to start a new session. With these changes, an expired session presents the standard error message and the home link, which starts a new authentication session as expected.
   
   # Tracking
   
   Please complete the following tracking steps prior to pull request creation.
   
   ### Issue Tracking
   
   - [X] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created
   
   ### Pull Request Tracking
   
   - [X] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-00000`
   - [X] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-00000`
   
   ### Pull Request Formatting
   
   - [X] Pull Request based on current revision of the `main` branch
   - [X] Pull Request refers to a feature branch with one commit containing changes
   
   # Verification
   
   Please indicate the verification steps performed prior to pull request creation.
   
   ### Build
   
   - [X] Build completed using `mvn clean install -P contrib-check`
     - [X] JDK 8
     - [ ] JDK 11
     - [ ] JDK 17
   
   ### Licensing
   
   - [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html)
   - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files
   
   ### Documentation
   
   - [ ] Documentation formatting appears as expected in rendered files
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] thenatog closed pull request #6334: NIFI-10313 Remove Expiration Token on Authentication Errors

Posted by GitBox <gi...@apache.org>.

thenatog closed pull request #6334: NIFI-10313 Remove Expiration Token on Authentication Errors
URL: https://github.com/apache/nifi/pull/6334


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] thenatog commented on pull request #6334: NIFI-10313 Remove Expiration Token on Authentication Errors

Posted by GitBox <gi...@apache.org>.

thenatog commented on PR #6334:
URL: https://github.com/apache/nifi/pull/6334#issuecomment-1227544352

   +1 will merge


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [nifi] thenatog commented on pull request #6334: NIFI-10313 Remove Expiration Token on Authentication Errors

Posted by GitBox <gi...@apache.org>.

thenatog commented on PR #6334:
URL: https://github.com/apache/nifi/pull/6334#issuecomment-1226452839

   Will review


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@nifi.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org