[
https://issues.apache.org/jira/browse/NIFI-4382?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16181307#comment-16181307
]
ASF GitHub Bot commented on NIFI-4382:
--------------------------------------
Github user alopresto commented on a diff in the pull request:
https://github.com/apache/nifi/pull/2177#discussion_r141148770
--- Diff:
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/knox/KnoxAuthenticationFilter.java
---
@@ -0,0 +1,74 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.knox;
+
+import org.apache.nifi.util.NiFiProperties;
+import org.apache.nifi.web.security.NiFiAuthenticationFilter;
+import org.springframework.security.core.Authentication;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+
+/**
+ */
+public class KnoxAuthenticationFilter extends NiFiAuthenticationFilter {
+
+ @Override
+ public Authentication attemptAuthentication(final HttpServletRequest
request) {
+ // only support knox login when running securely
+ if (!request.isSecure()) {
+ return null;
+ }
+
+ // ensure knox sso support is enabled
+ final NiFiProperties properties = getProperties();
+ if (!properties.isKnoxSsoEnabled()) {
+ return null;
+ }
+
+ // get the principal out of the user token
+ final String knoxJwt = getJwtFromCookie(request);
+
+ // if there is no cookie, return null to attempt another
authentication
+ if (knoxJwt == null) {
+ return null;
+ } else {
+ // otherwise create the authentication request token
+ return new KnoxAuthenticationRequestToken(knoxJwt,
request.getRemoteAddr());
+ }
+ }
+
+ public String getJwtFromCookie(final HttpServletRequest request) {
--- End diff --
Not a big deal, but I could see this method being reused in the future, so
accepting the `cookieName` as a parameter and providing it from the Knox method
might be useful. Not a blocker for this PR though.
> Add KnoxSSO support to NiFi
> ---------------------------
>
> Key: NIFI-4382
> URL: https://issues.apache.org/jira/browse/NIFI-4382
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework
> Reporter: Jeff Storck
> Assignee: Jeff Storck
>
> Add support for KnoxSSO to NiFi.
> Reference documentation:
> http://knox.apache.org/books/knox-0-13-0/dev-guide.html#KnoxSSO+Integration
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
