You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2015/12/01 17:43:43 UTC
[05/51] [abbrv] nifi git commit: NIFI-655: - Keeping token expiration
between 1 minute and 12 hours.
NIFI-655:
- Keeping token expiration between 1 minute and 12 hours.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/4bb8b137
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/4bb8b137
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/4bb8b137
Branch: refs/heads/master
Commit: 4bb8b137f09219ecc7fbc81a25a3079140745b7e
Parents: a196207
Author: Matt Gilman <ma...@gmail.com>
Authored: Tue Nov 17 18:58:22 2015 -0500
Committer: Matt Gilman <ma...@gmail.com>
Committed: Tue Nov 17 18:58:22 2015 -0500
----------------------------------------------------------------------
.../org/apache/nifi/web/api/AccessResource.java | 20 ++++++++++++++++++--
1 file changed, 18 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/4bb8b137/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
index 67eb8b4..57de41d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
@@ -33,6 +33,7 @@ import java.net.URI;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
+import java.util.concurrent.TimeUnit;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.DefaultValue;
import javax.ws.rs.FormParam;
@@ -316,9 +317,24 @@ public class AccessResource extends ApplicationResource {
try {
// attempt to authenticate
final AuthenticationResponse authenticationResponse = loginIdentityProvider.authenticate(new LoginCredentials(username, password));
-
+ final long maxExpiration = TimeUnit.MILLISECONDS.convert(12, TimeUnit.HOURS);
+ final long minExpiration = TimeUnit.MILLISECONDS.convert(1, TimeUnit.MINUTES);
+
+ long expiration = authenticationResponse.getExpiration();
+ if (expiration > maxExpiration) {
+ expiration = maxExpiration;
+
+ logger.warn(String.format("Max token expiration exceeded. Setting expiration to %s from %s for %s", expiration,
+ authenticationResponse.getExpiration(), authenticationResponse.getIdentity()));
+ } else if (expiration < minExpiration) {
+ expiration = minExpiration;
+
+ logger.warn(String.format("Min token expiration not met. Setting expiration to %s from %s for %s", expiration,
+ authenticationResponse.getExpiration(), authenticationResponse.getIdentity()));
+ }
+
// create the authentication token
- loginAuthenticationToken = new LoginAuthenticationToken(authenticationResponse.getUsername(), authenticationResponse.getExpiration());
+ loginAuthenticationToken = new LoginAuthenticationToken(authenticationResponse.getUsername(), expiration);
} catch (final InvalidLoginCredentialsException ilce) {
throw new IllegalArgumentException("The supplied username and password are not valid.", ilce);
} catch (final IdentityAccessException iae) {