-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NIFI-6085 - Added /access/logout endpoint to allow JWT auth tokens to… #3362
Conversation
… be removed correctly. Added some tests. Found an error in the KeyDAO which did not allow key deletion.
@mcgilman Let me know what you think of this one. |
I tested this with a standalone instance secured using TLS Toolkit and a local LDAP server. I first verified the existing behavior (the bearer token is still valid for a curl request after the user logs out via the UI), then built with the PR and verified the expected behavior (the bearer token is no longer valid for a curl request after the user logs out via the UI). (Full steps to configure an LDAP server and connect via NiFi available on Pierre's blog; I use Selected command output: Existing behaviorBefore UI logout (token should be valid)
After UI logout (token should not be valid)
Expected behavior (after applying PR)Before UI logout (token should be valid)
After UI logout (token should not be valid)
|
… be removed correctly. Added some tests. Found an error in the KeyDAO which did not allow key deletion. NIFI-6085 - Updated logOut method to use NiFiUserUtils and updated tests. NIFI-6085 - Added some more integration tests. NIFI-6085 Suppressed stacktrace when token is used after being invalidated. This closes apache#3362. Signed-off-by: Andy LoPresto <alopresto@apache.org>
Suppressed an unnecessary stacktrace if token use was attempted after logout (commit here - b3c12d8). Ran |
… be removed correctly. Added some tests. Found an error in the KeyDAO which did not allow key deletion.
Thank you for submitting a contribution to Apache NiFi.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
For all changes:
Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
Has your PR been rebased against the latest commit within the target branch (typically master)?
Is your initial contribution a single, squashed commit?
For code changes:
For documentation related changes:
Note:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.