NIFI-655: - Updated user guide with screenshots of login process. - Tweaked wording in admin guide. - Triggering login on enter press in login form.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/6bce858e Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/6bce858e Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/6bce858e Branch: refs/heads/master Commit: 6bce858e4ae37fd10a6651428741a99a4b893d52 Parents: c073253 Author: Matt Gilman <[email protected]> Authored: Wed Nov 25 16:42:22 2015 -0500 Committer: Matt Gilman <[email protected]> Committed: Wed Nov 25 16:42:22 2015 -0500 ---------------------------------------------------------------------- .../src/main/asciidoc/administration-guide.adoc | 4 +-- .../main/asciidoc/images/anonymous-access.png | Bin 0 -> 81725 bytes nifi-docs/src/main/asciidoc/images/login.png | Bin 0 -> 93233 bytes .../src/main/asciidoc/images/request-access.png | Bin 0 -> 94494 bytes nifi-docs/src/main/asciidoc/user-guide.adoc | 26 +++++++++++++++++++ .../org/apache/nifi/web/api/AccessResource.java | 4 +-- .../src/main/webapp/js/nf/login/nf-login.js | 11 ++++++++ 7 files changed, 41 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/6bce858e/nifi-docs/src/main/asciidoc/administration-guide.adoc ---------------------------------------------------------------------- diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc index dcb1151..1e5d215 100644 --- a/nifi-docs/src/main/asciidoc/administration-guide.adoc +++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc @@ -150,8 +150,8 @@ NiFi provides several different configuration options for security purposes. The by the NiFi cluster protocol. If the Truststore properties are not set, this must be `false`. Otherwise, a value of `true` indicates that nodes in the cluster will be authenticated and must have certificates that are trusted by the Truststores. -|`nifi.security.anonymous.authorities` | Specifies the roles that should be granted to users that connect over HTTPS anonymously. All users will - be given this level access, however if they have been granted a particular level of access by an administrator +|`nifi.security.anonymous.authorities` | Specifies the roles that should be granted to users that connect over HTTPS anonymously. All users can make + use of anonymous access, however if they have been granted a particular level of access by an administrator it will take precedence if they access NiFi using a client certificate or once they have logged in. |================================================================================================================================================== http://git-wip-us.apache.org/repos/asf/nifi/blob/6bce858e/nifi-docs/src/main/asciidoc/images/anonymous-access.png ---------------------------------------------------------------------- diff --git a/nifi-docs/src/main/asciidoc/images/anonymous-access.png b/nifi-docs/src/main/asciidoc/images/anonymous-access.png new file mode 100644 index 0000000..1ecabcd Binary files /dev/null and b/nifi-docs/src/main/asciidoc/images/anonymous-access.png differ http://git-wip-us.apache.org/repos/asf/nifi/blob/6bce858e/nifi-docs/src/main/asciidoc/images/login.png ---------------------------------------------------------------------- diff --git a/nifi-docs/src/main/asciidoc/images/login.png b/nifi-docs/src/main/asciidoc/images/login.png new file mode 100644 index 0000000..f474a9e Binary files /dev/null and b/nifi-docs/src/main/asciidoc/images/login.png differ http://git-wip-us.apache.org/repos/asf/nifi/blob/6bce858e/nifi-docs/src/main/asciidoc/images/request-access.png ---------------------------------------------------------------------- diff --git a/nifi-docs/src/main/asciidoc/images/request-access.png b/nifi-docs/src/main/asciidoc/images/request-access.png new file mode 100644 index 0000000..f556894 Binary files /dev/null and b/nifi-docs/src/main/asciidoc/images/request-access.png differ http://git-wip-us.apache.org/repos/asf/nifi/blob/6bce858e/nifi-docs/src/main/asciidoc/user-guide.adoc ---------------------------------------------------------------------- diff --git a/nifi-docs/src/main/asciidoc/user-guide.adoc b/nifi-docs/src/main/asciidoc/user-guide.adoc index fd40526..64421d7 100644 --- a/nifi-docs/src/main/asciidoc/user-guide.adoc +++ b/nifi-docs/src/main/asciidoc/user-guide.adoc @@ -157,6 +157,32 @@ are in the cluster and how many are currently connected. image::status-bar.png["NiFi Status Bar"] +[[logging-in]] +Logging In +--------- + +If NiFi is configured to run securely, users will be able to request access to the DataFlow. For information on configuring NiFi to run +securely, see the link:administration-guide.html[Admin Guide]. If NiFi supports anonymous access, users will be given access +accordingly and given an option to log in. + +image::anonymous-access.png["Anonymous Access"] + +Clicking the 'login' link will open the log in page. If the user is logging in with their username/password they will be presented with +a form to do so. If NiFi is not configured to support anonymous access and the user is logging in with their username/password, they will +be immediately sent to the login form bypassing the canvas. + +image::login.png["Log In"] + +Once the user has logged in or if they are accessing NiFi using a client certificate loaded in their browser, they will be prompted +to request access by submitting a justification if this is the first time they have accessed this NiFi. Fill in an optional justification +that the administrator will review while granting the account access. If NiFi is not configured to support anonymous access and the +user is using a client certificate, they will be immediately sent to the form to request access bypassing the canvas and login form. + +image::request-access.png["Request Access"] + +Press Submit to send the account request. If NiFi supports anonymous access, the user can continue accessing the DataFlow by closing the +login page. Returning to the login page will check the status of the account request. If access has been granted, press the home link or +reload the page to assume the new roles. [[building-dataflow]] http://git-wip-us.apache.org/repos/asf/nifi/blob/6bce858e/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java index c73ec47..326aa00 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java @@ -208,7 +208,7 @@ public class AccessResource extends ApplicationResource { // no issues with authorization... verify authorities accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name()); if (userDetails.getAuthorities().isEmpty()) { - accessStatus.setMessage("Your account is active but is unauthorized as no authorities have been granted."); + accessStatus.setMessage("Your account is active but currently does not have any level of access."); } else { accessStatus.setMessage("Your account is active and you are already logged in."); } @@ -237,7 +237,7 @@ public class AccessResource extends ApplicationResource { // no issues with authorization... verify authorities accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name()); if (userDetails.getAuthorities().isEmpty()) { - accessStatus.setMessage("Your account is active but is unauthorized as no authorities have been granted."); + accessStatus.setMessage("Your account is active but currently does not have any level of access."); } else { accessStatus.setMessage("Your account is active and you are already logged in."); } http://git-wip-us.apache.org/repos/asf/nifi/blob/6bce858e/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js index 6c05664..f2c9d2a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js @@ -87,6 +87,9 @@ nf.Login = (function () { }; var login = function () { + // remove focus + $('#username, #password').blur(); + // show the logging message... $('#login-progress-label').text('Logging in...'); $('#login-progress-container').show(); @@ -218,6 +221,14 @@ nf.Login = (function () { if (nf.Storage.getItem('jwt') !== null) { showLogoutLink(); } + + // supporting logging in via enter press + $('#username, #password').on('keyup', function (e) { + var code = e.keyCode ? e.keyCode : e.which; + if (code === $.ui.keyCode.ENTER) { + login(); + } + }); // access status var accessStatus = $.ajax({
