This is an automated email from the ASF dual-hosted git repository. mthomsen pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/nifi.git
The following commit(s) were added to refs/heads/main by this push: new de296b5e65 NIFI-10897 Replaced Spring Security Base64 with java.util.Base64 de296b5e65 is described below commit de296b5e659bd5826405c4ee7afdaa58e500ecaa Author: exceptionfactory <exceptionfact...@apache.org> AuthorDate: Wed Nov 23 09:45:40 2022 -0600 NIFI-10897 Replaced Spring Security Base64 with java.util.Base64 This closes #6728 Signed-off-by: Mike Thomsen <mthom...@apache.org> --- .../apache/nifi/web/security/kerberos/KerberosService.java | 8 +++++--- .../kerberos/KerberosSpnegoIdentityProvider.java | 14 ++++++++------ 2 files changed, 13 insertions(+), 9 deletions(-) diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosService.java index f3d57bbf3a..4e92a440eb 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosService.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosService.java @@ -20,13 +20,13 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.core.Authentication; -import org.springframework.security.crypto.codec.Base64; import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider; import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import javax.servlet.http.HttpServletRequest; import java.nio.charset.StandardCharsets; +import java.util.Base64; /** * @@ -39,8 +39,10 @@ public class KerberosService { public static final String AUTHENTICATION_CHALLENGE_HEADER_NAME = "WWW-Authenticate"; public static final String AUTHORIZATION_NEGOTIATE = "Negotiate"; + private static final Base64.Decoder decoder = Base64.getDecoder(); + private KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider; - private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource(); + private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource(); public void setKerberosServiceAuthenticationProvider(KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider) { this.kerberosServiceAuthenticationProvider = kerberosServiceAuthenticationProvider; @@ -59,7 +61,7 @@ public class KerberosService { logger.debug("Received Negotiate Header for request " + request.getRequestURL() + ": " + header); } byte[] base64Token = header.substring(header.indexOf(" ") + 1).getBytes(StandardCharsets.UTF_8); - byte[] kerberosTicket = Base64.decode(base64Token); + byte[] kerberosTicket = decoder.decode(base64Token); KerberosServiceRequestToken authenticationRequest = new KerberosServiceRequestToken(kerberosTicket); authenticationRequest.setDetails(authenticationDetailsSource.buildDetails(request)); diff --git a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider.java b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider.java index 2dc074fd85..65ef338aca 100644 --- a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider.java +++ b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider.java @@ -35,13 +35,13 @@ import org.springframework.lang.Nullable; import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.crypto.codec.Base64; import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider; import org.springframework.security.kerberos.authentication.KerberosServiceRequestToken; import org.springframework.security.web.authentication.WebAuthenticationDetailsSource; import javax.servlet.http.HttpServletRequest; import java.nio.charset.StandardCharsets; +import java.util.Base64; import java.util.concurrent.TimeUnit; public class KerberosSpnegoIdentityProvider implements IdentityProvider { @@ -67,9 +67,11 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider { private static final String AUTHORIZATION = "Authorization"; private static final String AUTHORIZATION_NEGOTIATE = "Negotiate"; + private static final Base64.Decoder decoder = Base64.getDecoder(); + private long expiration = TimeUnit.MILLISECONDS.convert(12, TimeUnit.HOURS); - private KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider; - private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource; + private final KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider; + private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource; @Autowired public KerberosSpnegoIdentityProvider( @@ -80,7 +82,7 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider { final String expirationFromProperties = properties.getKerberosSpnegoAuthenticationExpiration(); if (expirationFromProperties != null) { - long expiration = FormatUtils.getTimeDuration(expirationFromProperties, TimeUnit.MILLISECONDS); + expiration = Math.round(FormatUtils.getPreciseTimeDuration(expirationFromProperties, TimeUnit.MILLISECONDS)); } } @@ -105,7 +107,7 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider { logger.debug("Detected 'Authorization: Negotiate header in request {}", request.getRequestURL()); byte[] base64Token = headerValue.substring(headerValue.indexOf(" ") + 1).getBytes(StandardCharsets.UTF_8); - byte[] kerberosTicket = Base64.decode(base64Token); + byte[] kerberosTicket = decoder.decode(base64Token); return new AuthenticationRequest(null, kerberosTicket, authenticationDetailsSource.buildDetails(request)); } @@ -119,7 +121,7 @@ public class KerberosSpnegoIdentityProvider implements IdentityProvider { } final Object credentials = authenticationRequest.getCredentials(); - byte[] kerberosTicket = credentials != null && credentials instanceof byte[] ? (byte[]) authenticationRequest.getCredentials() : null; + byte[] kerberosTicket = credentials instanceof byte[] ? (byte[]) authenticationRequest.getCredentials() : null; if (credentials == null) { logger.info("Kerberos Ticket not found in authenticationRequest credentials, returning null.");