Merge branch 'NIFI-655'
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/7726d069 Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/7726d069 Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/7726d069 Branch: refs/heads/master Commit: 7726d069cdc98ec1b9d9be32c163ab09973e0073 Parents: e5281f1 e22b51f Author: Matt Gilman <[email protected]> Authored: Tue Dec 1 11:20:56 2015 -0500 Committer: Matt Gilman <[email protected]> Committed: Tue Dec 1 11:20:56 2015 -0500 ---------------------------------------------------------------------- LICENSE | 22 + .../authentication/AuthenticationResponse.java | 65 + .../nifi/authentication/LoginCredentials.java | 39 + .../authentication/LoginIdentityProvider.java | 61 + ...ginIdentityProviderConfigurationContext.java | 48 + ...inIdentityProviderInitializationContext.java | 27 + .../LoginIdentityProviderLookup.java | 25 + .../LoginIdentityProviderContext.java | 35 + .../exception/IdentityAccessException.java | 33 + .../InvalidLoginCredentialsException.java | 33 + .../nifi/authorization/AuthorityProvider.java | 42 +- .../nifi/web/NiFiWebConfigurationContext.java | 2 +- .../org/apache/nifi/web/NiFiWebContext.java | 2 +- nifi-assembly/LICENSE | 22 + nifi-assembly/pom.xml | 8 + .../org/apache/nifi/util/NiFiProperties.java | 70 +- .../nifi/security/util/CertificateUtils.java | 51 +- .../src/main/asciidoc/administration-guide.adoc | 111 +- .../main/asciidoc/images/anonymous-access.png | Bin 0 -> 81725 bytes nifi-docs/src/main/asciidoc/images/login.png | Bin 0 -> 93233 bytes .../src/main/asciidoc/images/request-access.png | Bin 0 -> 94494 bytes nifi-docs/src/main/asciidoc/user-guide.adoc | 26 + .../nifi-framework/nifi-administration/pom.xml | 1 - .../nifi/admin/AuditDataSourceFactoryBean.java | 23 +- .../nifi/admin/UserDataSourceFactoryBean.java | 101 +- .../org/apache/nifi/admin/dao/DAOFactory.java | 2 + .../java/org/apache/nifi/admin/dao/KeyDAO.java | 56 + .../nifi/admin/dao/impl/DAOFactoryImpl.java | 6 + .../nifi/admin/dao/impl/StandardActionDAO.java | 10 +- .../nifi/admin/dao/impl/StandardKeyDAO.java | 179 ++ .../nifi/admin/dao/impl/StandardUserDAO.java | 53 +- .../apache/nifi/admin/service/UserService.java | 31 +- .../service/action/AbstractUserAction.java | 4 +- .../service/action/AuthorizeUserAction.java | 24 +- .../admin/service/action/DeleteKeysAction.java | 46 + .../admin/service/action/DeleteUserAction.java | 5 + .../admin/service/action/DisableUserAction.java | 11 +- .../service/action/DisableUserGroupAction.java | 13 +- .../admin/service/action/GetKeyByIdAction.java | 42 + .../service/action/GetKeyByIdentityAction.java | 42 + .../service/action/GetOrCreateKeyAction.java | 48 + .../action/RequestUserAccountAction.java | 14 +- .../service/action/SeedUserAccountsAction.java | 18 +- .../admin/service/action/UngroupUserAction.java | 6 +- .../admin/service/action/UpdateUserAction.java | 24 +- .../service/action/UpdateUserGroupAction.java | 32 +- .../admin/service/impl/StandardUserService.java | 97 +- .../src/main/java/org/apache/nifi/key/Key.java | 69 + .../java/org/apache/nifi/user/NiFiUser.java | 18 +- .../resources/nifi-administration-context.xml | 4 +- .../service/action/AuthorizeUserActionTest.java | 100 +- .../service/action/CreateUserActionTest.java | 12 +- .../service/action/DisableUserActionTest.java | 22 +- .../action/RequestUserAccountActionTest.java | 22 +- .../action/SeedUserAccountsActionTest.java | 44 +- .../action/SetUserAuthoritiesActionTest.java | 18 +- .../web/api/dto/AccessConfigurationDTO.java | 61 + .../nifi/web/api/dto/AccessStatusDTO.java | 101 + .../api/entity/AccessConfigurationEntity.java | 43 + .../nifi/web/api/entity/AccessStatusEntity.java | 43 + .../nifi/web/api/entity/IdentityEntity.java | 52 + .../org/apache/nifi/nar/ExtensionManager.java | 17 +- .../nifi/nar/NarThreadContextClassLoader.java | 2 + .../resources/conf/login-identity-providers.xml | 92 + .../src/main/resources/conf/nifi.properties | 4 + .../org/apache/nifi/web/server/JettyServer.java | 8 +- .../apache/nifi/audit/ControllerAuditor.java | 8 +- .../nifi/audit/ControllerServiceAuditor.java | 12 +- .../org/apache/nifi/audit/FunnelAuditor.java | 2 +- .../java/org/apache/nifi/audit/PortAuditor.java | 6 +- .../apache/nifi/audit/ProcessGroupAuditor.java | 6 +- .../org/apache/nifi/audit/ProcessorAuditor.java | 6 +- .../apache/nifi/audit/RelationshipAuditor.java | 4 +- .../nifi/audit/RemoteProcessGroupAuditor.java | 6 +- .../apache/nifi/audit/ReportingTaskAuditor.java | 6 +- .../org/apache/nifi/audit/SnippetAuditor.java | 2 +- .../org/apache/nifi/web/NiFiServiceFacade.java | 7 + .../nifi/web/NiFiWebApiConfiguration.java | 40 + .../web/NiFiWebApiSecurityConfiguration.java | 194 ++ .../nifi/web/StandardNiFiServiceFacade.java | 28 +- .../StandardNiFiWebConfigurationContext.java | 8 +- .../apache/nifi/web/StandardNiFiWebContext.java | 8 +- .../org/apache/nifi/web/api/AccessResource.java | 442 ++++ .../nifi/web/api/ApplicationResource.java | 18 +- .../apache/nifi/web/api/ControllerResource.java | 65 +- .../org/apache/nifi/web/api/UserResource.java | 49 +- .../api/config/AccessDeniedExceptionMapper.java | 2 +- .../InvalidAuthenticationExceptionMapper.java | 44 + .../org/apache/nifi/web/api/dto/DtoFactory.java | 2 +- .../nifi/web/controller/ControllerFacade.java | 17 +- .../web/dao/impl/StandardConnectionDAO.java | 2 +- .../apache/nifi/web/filter/RequestLogger.java | 6 +- .../src/main/resources/nifi-web-api-context.xml | 9 + .../src/main/webapp/WEB-INF/web.xml | 13 +- .../accesscontrol/AccessTokenEndpointTest.java | 292 +++ .../util/NiFiTestAuthorizationProvider.java | 3 +- .../util/NiFiTestLoginIdentityProvider.java | 75 + .../nifi/integration/util/NiFiTestServer.java | 9 +- .../nifi/integration/util/NiFiTestUser.java | 232 ++- ...he.nifi.authentication.LoginIdentityProvider | 15 + .../access-control/controller-services.xml | 18 - .../access-control/login-identity-providers.xml | 24 + .../resources/access-control/nifi.properties | 8 +- .../access-control/reporting-tasks.xml | 17 - .../nifi-web/nifi-web-security/pom.xml | 43 + .../org/apache/nifi/web/security/DnUtils.java | 85 - .../InvalidAuthenticationException.java | 35 + .../web/security/NiFiAuthenticationFilter.java | 231 +++ .../security/NiFiAuthenticationProvider.java | 73 + .../nifi/web/security/ProxiedEntitiesUtils.java | 147 ++ .../anonymous/NiFiAnonymousUserFilter.java | 56 +- .../NiFiAuthenticationEntryPoint.java | 69 - .../authorization/NiFiAuthorizationService.java | 46 +- .../authorization/NodeAuthorizedUserFilter.java | 128 -- .../security/jwt/JwtAuthenticationFilter.java | 83 + .../nifi/web/security/jwt/JwtService.java | 162 ++ .../security/node/NodeAuthorizedUserFilter.java | 127 ++ .../LoginIdentityProviderFactoryBean.java | 312 +++ ...ginIdentityProviderConfigurationContext.java | 51 + ...inIdentityProviderInitializationContext.java | 45 + .../token/LoginAuthenticationToken.java | 123 ++ .../NewAccountAuthorizationRequestToken.java | 40 + .../token/NewAccountAuthorizationToken.java | 46 + .../security/token/NiFiAuthorizationToken.java | 50 + .../token/NiFiAuthortizationRequestToken.java | 54 + .../web/security/user/NewAccountRequest.java | 47 + .../nifi/web/security/user/NiFiUserDetails.java | 3 +- .../nifi/web/security/user/NiFiUserUtils.java | 27 +- .../security/x509/X509AuthenticationFilter.java | 305 +-- .../security/x509/X509CertificateExtractor.java | 4 +- .../security/x509/X509CertificateValidator.java | 58 + .../web/security/x509/X509IdentityProvider.java | 94 + .../x509/ocsp/OcspCertificateValidator.java | 20 +- .../resources/nifi-web-security-context.xml | 83 +- .../src/main/xsd/login-identity-providers.xsd | 49 + .../NiFiAuthorizationServiceTest.java | 64 +- .../nifi/web/security/jwt/JwtServiceTest.java | 445 ++++ .../src/test/resources/logback-test.xml | 36 + .../nifi-framework/nifi-web/nifi-web-ui/pom.xml | 53 +- .../src/main/resources/META-INF/LICENSE | 22 + .../resources/filters/bulletin-board.properties | 1 + .../main/resources/filters/canvas.properties | 3 +- .../main/resources/filters/cluster.properties | 1 + .../main/resources/filters/counters.properties | 1 + .../main/resources/filters/history.properties | 1 + .../main/resources/filters/login-min.properties | 18 + .../src/main/resources/filters/login.properties | 25 + .../resources/filters/provenance.properties | 1 + .../main/resources/filters/summary.properties | 1 + .../main/resources/filters/templates.properties | 1 + .../src/main/resources/filters/users.properties | 1 + .../webapp/WEB-INF/pages/bulletin-board.jsp | 1 + .../src/main/webapp/WEB-INF/pages/canvas.jsp | 3 +- .../src/main/webapp/WEB-INF/pages/cluster.jsp | 1 + .../src/main/webapp/WEB-INF/pages/counters.jsp | 1 + .../src/main/webapp/WEB-INF/pages/history.jsp | 1 + .../src/main/webapp/WEB-INF/pages/login.jsp | 62 + .../main/webapp/WEB-INF/pages/message-page.jsp | 4 +- .../main/webapp/WEB-INF/pages/provenance.jsp | 1 + .../src/main/webapp/WEB-INF/pages/summary.jsp | 1 + .../src/main/webapp/WEB-INF/pages/templates.jsp | 1 + .../src/main/webapp/WEB-INF/pages/users.jsp | 1 + .../WEB-INF/partials/canvas/canvas-header.jsp | 13 +- .../WEB-INF/partials/canvas/registration.jsp | 44 - .../WEB-INF/partials/login/login-form.jsp | 32 + .../WEB-INF/partials/login/login-message.jsp | 21 + .../WEB-INF/partials/login/login-progress.jsp | 22 + .../WEB-INF/partials/login/login-submission.jsp | 20 + .../partials/login/nifi-registration-form.jsp | 38 + .../webapp/WEB-INF/partials/message-pane.jsp | 14 +- .../partials/users/user-details-dialog.jsp | 2 +- .../nifi-web-ui/src/main/webapp/WEB-INF/web.xml | 22 +- .../nifi-web-ui/src/main/webapp/css/canvas.css | 1 - .../nifi-web-ui/src/main/webapp/css/header.css | 38 +- .../nifi-web-ui/src/main/webapp/css/login.css | 110 + .../nifi-web-ui/src/main/webapp/css/main.css | 25 +- .../src/main/webapp/css/registration.css | 45 - .../src/main/webapp/js/jquery/jquery.base64.js | 123 ++ .../js/nf/bulletin-board/nf-bulletin-board.js | 2 + .../webapp/js/nf/canvas/nf-canvas-header.js | 48 +- .../src/main/webapp/js/nf/canvas/nf-canvas.js | 248 ++- .../main/webapp/js/nf/canvas/nf-registration.js | 71 - .../src/main/webapp/js/nf/canvas/nf-storage.js | 139 -- .../src/main/webapp/js/nf/cluster/nf-cluster.js | 2 + .../main/webapp/js/nf/counters/nf-counters.js | 2 + .../src/main/webapp/js/nf/history/nf-history.js | 2 + .../src/main/webapp/js/nf/login/nf-login.js | 309 +++ .../src/main/webapp/js/nf/nf-common.js | 1933 ++++++++++-------- .../src/main/webapp/js/nf/nf-dialog.js | 23 +- .../src/main/webapp/js/nf/nf-storage.js | 172 ++ .../webapp/js/nf/provenance/nf-provenance.js | 2 + .../src/main/webapp/js/nf/summary/nf-summary.js | 2 + .../main/webapp/js/nf/templates/nf-templates.js | 2 + .../src/main/webapp/js/nf/users/nf-users.js | 2 + .../nifi-ldap-iaa-providers-nar/pom.xml | 32 + .../nifi-ldap-iaa-providers/pom.xml | 60 + .../nifi/ldap/LdapAuthenticationStrategy.java | 27 + .../java/org/apache/nifi/ldap/LdapProvider.java | 284 +++ .../org/apache/nifi/ldap/ReferralStrategy.java | 39 + ...he.nifi.authentication.LoginIdentityProvider | 15 + .../nifi-ldap-iaa-providers-bundle/pom.xml | 38 + nifi-nar-bundles/pom.xml | 1 + pom.xml | 67 +- 203 files changed, 8952 insertions(+), 2634 deletions(-) ----------------------------------------------------------------------
