[nifi] branch main updated: NIFI-10897 Replaced Spring Security Base64 with java.util.Base64

mthomsen Tue, 29 Nov 2022 09:21:00 -0800

This is an automated email from the ASF dual-hosted git repository.

mthomsen pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git



The following commit(s) were added to refs/heads/main by this push:
     new de296b5e65 NIFI-10897 Replaced Spring Security Base64 with 
java.util.Base64
de296b5e65 is described below

commit de296b5e659bd5826405c4ee7afdaa58e500ecaa
Author: exceptionfactory <exceptionfact...@apache.org>
AuthorDate: Wed Nov 23 09:45:40 2022 -0600

    NIFI-10897 Replaced Spring Security Base64 with java.util.Base64
    
    This closes #6728
    
    Signed-off-by: Mike Thomsen <mthom...@apache.org>
---
 .../apache/nifi/web/security/kerberos/KerberosService.java |  8 +++++---
 .../kerberos/KerberosSpnegoIdentityProvider.java           | 14 ++++++++------
 2 files changed, 13 insertions(+), 9 deletions(-)

diff --git 
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosService.java
 
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosService.java
index f3d57bbf3a..4e92a440eb 100644
--- 
a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosService.java
+++ 
b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosService.java
@@ -20,13 +20,13 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.crypto.codec.Base64;
 import 
org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
 import 
org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
 import 
org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 
 import javax.servlet.http.HttpServletRequest;
 import java.nio.charset.StandardCharsets;
+import java.util.Base64;
 
 /**
  *
@@ -39,8 +39,10 @@ public class KerberosService {
     public static final String AUTHENTICATION_CHALLENGE_HEADER_NAME = 
"WWW-Authenticate";
     public static final String AUTHORIZATION_NEGOTIATE = "Negotiate";
 
+    private static final Base64.Decoder decoder = Base64.getDecoder();
+
     private KerberosServiceAuthenticationProvider 
kerberosServiceAuthenticationProvider;
-    private AuthenticationDetailsSource<HttpServletRequest, ?> 
authenticationDetailsSource = new WebAuthenticationDetailsSource();
+    private final AuthenticationDetailsSource<HttpServletRequest, ?> 
authenticationDetailsSource = new WebAuthenticationDetailsSource();
 
     public void 
setKerberosServiceAuthenticationProvider(KerberosServiceAuthenticationProvider 
kerberosServiceAuthenticationProvider) {
         this.kerberosServiceAuthenticationProvider = 
kerberosServiceAuthenticationProvider;
@@ -59,7 +61,7 @@ public class KerberosService {
                 logger.debug("Received Negotiate Header for request " + 
request.getRequestURL() + ": " + header);
             }
             byte[] base64Token = header.substring(header.indexOf(" ") + 
1).getBytes(StandardCharsets.UTF_8);
-            byte[] kerberosTicket = Base64.decode(base64Token);
+            byte[] kerberosTicket = decoder.decode(base64Token);
             KerberosServiceRequestToken authenticationRequest = new 
KerberosServiceRequestToken(kerberosTicket);
             
authenticationRequest.setDetails(authenticationDetailsSource.buildDetails(request));
 
diff --git 
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider.java
 
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider.java
index 2dc074fd85..65ef338aca 100644
--- 
a/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider.java
+++ 
b/nifi-registry/nifi-registry-core/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/security/authentication/kerberos/KerberosSpnegoIdentityProvider.java
@@ -35,13 +35,13 @@ import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.crypto.codec.Base64;
 import 
org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
 import 
org.springframework.security.kerberos.authentication.KerberosServiceRequestToken;
 import 
org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 
 import javax.servlet.http.HttpServletRequest;
 import java.nio.charset.StandardCharsets;
+import java.util.Base64;
 import java.util.concurrent.TimeUnit;
 
 public class KerberosSpnegoIdentityProvider implements IdentityProvider {
@@ -67,9 +67,11 @@ public class KerberosSpnegoIdentityProvider implements 
IdentityProvider {
     private static final String AUTHORIZATION = "Authorization";
     private static final String AUTHORIZATION_NEGOTIATE = "Negotiate";
 
+    private static final Base64.Decoder decoder = Base64.getDecoder();
+
     private long expiration = TimeUnit.MILLISECONDS.convert(12, 
TimeUnit.HOURS);
-    private KerberosServiceAuthenticationProvider 
kerberosServiceAuthenticationProvider;
-    private AuthenticationDetailsSource<HttpServletRequest, ?> 
authenticationDetailsSource;
+    private final KerberosServiceAuthenticationProvider 
kerberosServiceAuthenticationProvider;
+    private final AuthenticationDetailsSource<HttpServletRequest, ?> 
authenticationDetailsSource;
 
     @Autowired
     public KerberosSpnegoIdentityProvider(
@@ -80,7 +82,7 @@ public class KerberosSpnegoIdentityProvider implements 
IdentityProvider {
 
         final String expirationFromProperties = 
properties.getKerberosSpnegoAuthenticationExpiration();
         if (expirationFromProperties != null) {
-            long expiration = 
FormatUtils.getTimeDuration(expirationFromProperties, TimeUnit.MILLISECONDS);
+            expiration = 
Math.round(FormatUtils.getPreciseTimeDuration(expirationFromProperties, 
TimeUnit.MILLISECONDS));
         }
     }
 
@@ -105,7 +107,7 @@ public class KerberosSpnegoIdentityProvider implements 
IdentityProvider {
 
         logger.debug("Detected 'Authorization: Negotiate header in request 
{}", request.getRequestURL());
         byte[] base64Token = headerValue.substring(headerValue.indexOf(" ") + 
1).getBytes(StandardCharsets.UTF_8);
-        byte[] kerberosTicket = Base64.decode(base64Token);
+        byte[] kerberosTicket = decoder.decode(base64Token);
         return new AuthenticationRequest(null, kerberosTicket, 
authenticationDetailsSource.buildDetails(request));
 
     }
@@ -119,7 +121,7 @@ public class KerberosSpnegoIdentityProvider implements 
IdentityProvider {
         }
 
         final Object credentials = authenticationRequest.getCredentials();
-        byte[] kerberosTicket = credentials != null && credentials instanceof 
byte[] ? (byte[]) authenticationRequest.getCredentials() : null;
+        byte[] kerberosTicket = credentials instanceof byte[] ? (byte[]) 
authenticationRequest.getCredentials() : null;
 
         if (credentials == null) {
             logger.info("Kerberos Ticket not found in authenticationRequest 
credentials, returning null.");

[nifi] branch main updated: NIFI-10897 Replaced Spring Security Base64 with java.util.Base64

Reply via email to