[GitHub] [nifi] exceptionfactory commented on a change in pull request #5753: NIFI-7333 - Added a new property to allow specifying whether to use N…

Tue, 08 Feb 2022 18:41:23 -0800 


exceptionfactory commented on a change in pull request #5753:
URL: https://github.com/apache/nifi/pull/5753#discussion_r802222570



##########
File path: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java
##########
@@ -110,6 +117,11 @@ public void initializeProvider() {
             return;
         }
 
+        // Decide whether to use NiFi truststore instead of system's cacerts 
when connecting to OIDC provider
+        if 
(TruststoreStrategy.valueOf(properties.getOidcClientTruststoreStrategy()) == 
TruststoreStrategy.NIFI) {

Review comment:
       It looks like the latest automated build failed in relation to this 
enum.  To avoid potential parsing failures related to 
`TruststoreStrategy.valueOf()`, this could be changed to check against the 
string value of the property:
   ```suggestion
           if 
(TruststoreStrategy.NIFI.name().equals(properties.getOidcClientTruststoreStrategy()))
 {
   ```

##########
File path: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java
##########
@@ -485,10 +503,17 @@ private HTTPRequest 
createUserInfoRequest(BearerAccessToken bearerAccessToken) {
     }
 
     private HTTPRequest formHTTPRequest(Request request) {
-        final HTTPRequest httpRequest = request.toHTTPRequest();
-        httpRequest.setConnectTimeout(oidcConnectTimeout);
-        httpRequest.setReadTimeout(oidcReadTimeout);
-        return httpRequest;
+        final HTTPRequest httpRequest = 
setHTTPRequestProperties(request.toHTTPRequest());
+        return (httpRequest);

Review comment:
       This could be simplified to a single line, or the parentheses could be 
removed.
   ```suggestion
           return setHTTPRequestProperties(request.toHTTPRequest());
   ```

##########
File path: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java
##########
@@ -122,6 +134,15 @@ public void initializeProvider() {
         validateOIDCProviderMetadata();
     }
 
+    private void establishSslContext() {

Review comment:
       What do you think about renaming this to `setSslContext()`?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to