org.apache.nifi.web.security.authorization

Class NodeAuthorizedUserFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.apache.nifi.web.security.authorization.NodeAuthorizedUserFilter

All Implemented Interfaces:

javax.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.EnvironmentAware, org.springframework.web.context.ServletContextAware

public class NodeAuthorizedUserFilter
extends org.springframework.web.filter.GenericFilterBean

Custom filter to extract a user's authorities from the request where the user was authenticated by the cluster manager and populate the threadlocal with the authorized user. If the request contains the appropriate header with authorities and the application instance is a node connected to the cluster, then the authentication/authorization steps remaining in the filter chain are skipped. Checking if the application instance is a connected node is important because it prevents external clients from faking the request headers and bypassing the authentication processing chain.

Field Summary

Fields

Modifier and Type	Field and Description
private org.springframework.security.authentication.AuthenticationDetailsSource	authenticationDetailsSource
private X509CertificateExtractor	certificateExtractor
private static org.slf4j.Logger	LOGGER
private org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor	principalExtractor
private NiFiProperties	properties
static String	PROXY_USER_DETAILS

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor and Description
NodeAuthorizedUserFilter()

Method Summary

Methods

Modifier and Type	Method and Description
void	doFilter(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, javax.servlet.FilterChain chain)
void	setProperties(NiFiProperties properties)

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, afterPropertiesSet, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

LOGGER

private static final org.slf4j.Logger LOGGER

PROXY_USER_DETAILS

public static final String PROXY_USER_DETAILS

See Also:

Constant Field Values

properties

private NiFiProperties properties

authenticationDetailsSource

private final org.springframework.security.authentication.AuthenticationDetailsSource authenticationDetailsSource

certificateExtractor

private final X509CertificateExtractor certificateExtractor

principalExtractor

private final org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor principalExtractor

Constructor Detail

NodeAuthorizedUserFilter

public NodeAuthorizedUserFilter()

Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest request,
            javax.servlet.ServletResponse response,
            javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException

Throws:

IOException

javax.servlet.ServletException

setProperties

public void setProperties(NiFiProperties properties)