You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@nifi.apache.org by kevdoran <gi...@git.apache.org> on 2018/01/30 16:50:36 UTC
[GitHub] nifi-registry pull request #96: NIFIREG-131 Surface auth failure details
GitHub user kevdoran opened a pull request:
https://github.com/apache/nifi-registry/pull/96
NIFIREG-131 Surface auth failure details
Adds logging of root cause for exceptions passed to
AuthenticationEntryPoint.
AuthenticationEntryPoint writes exception message to response body.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/kevdoran/nifi-registry NIFIREG-131
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/nifi-registry/pull/96.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #96
----
commit cd478f5a0cd4a38e4ea67cf115c2a9528bd2bdda
Author: Kevin Doran <kd...@...>
Date: 2018-01-30T16:47:49Z
NIFIREG-131 Surface auth failure details
Adds logging of root cause for exceptions passed to
AuthenticationEntryPoint.
AuthenticationEntryPoint writes exception message to response body.
----
---
[GitHub] nifi-registry issue #96: NIFIREG-131 Surface auth failure details
Posted by bbende <gi...@git.apache.org>.
Github user bbende commented on the issue:
https://github.com/apache/nifi-registry/pull/96
Reviewing...
---
[GitHub] nifi-registry issue #96: NIFIREG-131 Surface auth failure details
Posted by bbende <gi...@git.apache.org>.
Github user bbende commented on the issue:
https://github.com/apache/nifi-registry/pull/96
+1 Verified I got back the untrusted proxy error on the client side, and also saw it in the logs on registry server side, going to merge, thanks!
---
[GitHub] nifi-registry pull request #96: NIFIREG-131 Surface auth failure details
Posted by asfgit <gi...@git.apache.org>.
Github user asfgit closed the pull request at:
https://github.com/apache/nifi-registry/pull/96
---
[GitHub] nifi-registry issue #96: NIFIREG-131 Surface auth failure details
Posted by kevdoran <gi...@git.apache.org>.
Github user kevdoran commented on the issue:
https://github.com/apache/nifi-registry/pull/96
This change results in the following responses when testing a composite file+ldap authorizer and accessing and endpoint that requires authentication:
---
_No credentials:_
```
HTTP/1.1 401 Unauthorized
...
An Authentication object was not found in the SecurityContext. Contact the system administrator.
```
_Bad credentials:_
```
HTTP/1.1 401 Unauthorized
...
Unable to validate the access token. Contact the system administrator.
```
_Untrusted Proxy:_
```
HTTP/1.1 403 Forbidden
...
Untrusted proxy [CN=user1, OU=nifi]. Contact the system administrator.
```
---
Logging for the root cause exception has also been added to the AuthenticationEntryPoint bean.
---