Repository: nifi Updated Branches: refs/heads/master f447fc73f -> 4ed7511be
http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/test/java/org/apache/nifi/web/revision/TestNaiveRevisionManager.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/test/java/org/apache/nifi/web/revision/TestNaiveRevisionManager.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/test/java/org/apache/nifi/web/revision/TestNaiveRevisionManager.java index a4ac9eb..6fa1865 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/test/java/org/apache/nifi/web/revision/TestNaiveRevisionManager.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-optimistic-locking/src/test/java/org/apache/nifi/web/revision/TestNaiveRevisionManager.java @@ -18,19 +18,19 @@ package org.apache.nifi.web.revision; -import java.util.HashSet; -import java.util.Set; - import org.apache.nifi.authorization.user.NiFiUser; -import org.apache.nifi.authorization.user.StandardNiFiUser; +import org.apache.nifi.authorization.user.StandardNiFiUser.Builder; import org.apache.nifi.web.FlowModification; import org.apache.nifi.web.Revision; +import java.util.HashSet; +import java.util.Set; + public class TestNaiveRevisionManager { private static final String CLIENT_1 = "client-1"; private static final String COMPONENT_1 = "component-1"; - private static final NiFiUser USER_1 = new StandardNiFiUser("user-1"); + private static final NiFiUser USER_1 = new Builder().identity("user-1").build(); private RevisionUpdate<Object> components(final Revision revision) { return new StandardRevisionUpdate<Object>(null, new FlowModification(revision, null)); http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java index 62d0858..5636c2d 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java @@ -16,8 +16,10 @@ */ package org.apache.nifi.web.security; +import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.util.IdentityMapping; import org.apache.nifi.authorization.util.IdentityMappingUtil; +import org.apache.nifi.authorization.util.UserGroupUtil; import org.apache.nifi.util.NiFiProperties; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -25,6 +27,7 @@ import org.springframework.security.authentication.AuthenticationProvider; import java.util.Collections; import java.util.List; +import java.util.Set; /** * Base AuthenticationProvider that provides common functionality to mapping identities. @@ -34,12 +37,13 @@ public abstract class NiFiAuthenticationProvider implements AuthenticationProvid private static final Logger LOGGER = LoggerFactory.getLogger(NiFiAuthenticationProvider.class); private NiFiProperties properties; + private Authorizer authorizer; private List<IdentityMapping> mappings; /** * @param properties the NiFiProperties instance */ - public NiFiAuthenticationProvider(final NiFiProperties properties) { + public NiFiAuthenticationProvider(final NiFiProperties properties, final Authorizer authorizer) { this.properties = properties; this.mappings = Collections.unmodifiableList(IdentityMappingUtil.getIdentityMappings(properties)); } @@ -52,4 +56,7 @@ public abstract class NiFiAuthenticationProvider implements AuthenticationProvid return IdentityMappingUtil.mapIdentity(identity, mappings); } + protected Set<String> getUserGroups(final String identity) { + return UserGroupUtil.getUserGroups(authorizer, identity); + } } http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java index 9b33f77..075720d 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java @@ -16,9 +16,11 @@ */ package org.apache.nifi.web.security.jwt; +import io.jsonwebtoken.JwtException; +import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.user.NiFiUser; import org.apache.nifi.authorization.user.NiFiUserDetails; -import org.apache.nifi.authorization.user.StandardNiFiUser; +import org.apache.nifi.authorization.user.StandardNiFiUser.Builder; import org.apache.nifi.util.NiFiProperties; import org.apache.nifi.web.security.InvalidAuthenticationException; import org.apache.nifi.web.security.NiFiAuthenticationProvider; @@ -26,8 +28,6 @@ import org.apache.nifi.web.security.token.NiFiAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import io.jsonwebtoken.JwtException; - /** * */ @@ -35,8 +35,8 @@ public class JwtAuthenticationProvider extends NiFiAuthenticationProvider { private final JwtService jwtService; - public JwtAuthenticationProvider(JwtService jwtService, NiFiProperties nifiProperties) { - super(nifiProperties); + public JwtAuthenticationProvider(JwtService jwtService, NiFiProperties nifiProperties, Authorizer authorizer) { + super(nifiProperties, authorizer); this.jwtService = jwtService; } @@ -46,7 +46,8 @@ public class JwtAuthenticationProvider extends NiFiAuthenticationProvider { try { final String jwtPrincipal = jwtService.getAuthenticationFromToken(request.getToken()); - final NiFiUser user = new StandardNiFiUser(mapIdentity(jwtPrincipal), request.getClientAddress()); + final String mappedIdentity = mapIdentity(jwtPrincipal); + final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build(); return new NiFiAuthenticationToken(new NiFiUserDetails(user)); } catch (JwtException e) { throw new InvalidAuthenticationException(e.getMessage(), e); http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java index 1e8825d..f375df2 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java @@ -16,9 +16,10 @@ */ package org.apache.nifi.web.security.otp; +import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.user.NiFiUser; import org.apache.nifi.authorization.user.NiFiUserDetails; -import org.apache.nifi.authorization.user.StandardNiFiUser; +import org.apache.nifi.authorization.user.StandardNiFiUser.Builder; import org.apache.nifi.util.NiFiProperties; import org.apache.nifi.web.security.InvalidAuthenticationException; import org.apache.nifi.web.security.NiFiAuthenticationProvider; @@ -33,8 +34,8 @@ public class OtpAuthenticationProvider extends NiFiAuthenticationProvider { private OtpService otpService; - public OtpAuthenticationProvider(OtpService otpService, NiFiProperties nifiProperties) { - super(nifiProperties); + public OtpAuthenticationProvider(OtpService otpService, NiFiProperties nifiProperties, Authorizer authorizer) { + super(nifiProperties, authorizer); this.otpService = otpService; } @@ -49,7 +50,8 @@ public class OtpAuthenticationProvider extends NiFiAuthenticationProvider { } else { otpPrincipal = otpService.getAuthenticationFromUiExtensionToken(request.getToken()); } - final NiFiUser user = new StandardNiFiUser(mapIdentity(otpPrincipal), request.getClientAddress()); + final String mappedIdentity = mapIdentity(otpPrincipal); + final NiFiUser user = new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build(); return new NiFiAuthenticationToken(new NiFiUserDetails(user)); } catch (OtpAuthenticationException e) { throw new InvalidAuthenticationException(e.getMessage(), e); http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java index b5835d0..510e136 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java @@ -16,11 +16,6 @@ */ package org.apache.nifi.web.security.x509; -import java.util.ArrayList; -import java.util.HashMap; -import java.util.List; -import java.util.ListIterator; -import java.util.Map; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authentication.AuthenticationResponse; import org.apache.nifi.authorization.AuthorizationRequest; @@ -33,6 +28,7 @@ import org.apache.nifi.authorization.resource.ResourceFactory; import org.apache.nifi.authorization.user.NiFiUser; import org.apache.nifi.authorization.user.NiFiUserDetails; import org.apache.nifi.authorization.user.StandardNiFiUser; +import org.apache.nifi.authorization.user.StandardNiFiUser.Builder; import org.apache.nifi.util.NiFiProperties; import org.apache.nifi.web.security.InvalidAuthenticationException; import org.apache.nifi.web.security.NiFiAuthenticationProvider; @@ -42,6 +38,13 @@ import org.apache.nifi.web.security.token.NiFiAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.ListIterator; +import java.util.Map; +import java.util.Set; + /** * */ @@ -51,7 +54,7 @@ public class X509AuthenticationProvider extends NiFiAuthenticationProvider { private Authorizer authorizer; public X509AuthenticationProvider(final X509IdentityProvider certificateIdentityProvider, final Authorizer authorizer, final NiFiProperties nifiProperties) { - super(nifiProperties); + super(nifiProperties, authorizer); this.certificateIdentityProvider = certificateIdentityProvider; this.authorizer = authorizer; } @@ -70,7 +73,7 @@ public class X509AuthenticationProvider extends NiFiAuthenticationProvider { if (StringUtils.isBlank(request.getProxiedEntitiesChain())) { final String mappedIdentity = mapIdentity(authenticationResponse.getIdentity()); - return new NiFiAuthenticationToken(new NiFiUserDetails(new StandardNiFiUser(mappedIdentity, request.getClientAddress()))); + return new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(mappedIdentity).groups(getUserGroups(mappedIdentity)).clientAddress(request.getClientAddress()).build())); } else { // build the entire proxy chain if applicable - <end-user><proxy1><proxy2> final List<String> proxyChain = new ArrayList<>(ProxiedEntitiesUtils.tokenizeProxiedEntitiesChain(request.getProxiedEntitiesChain())); @@ -89,10 +92,13 @@ public class X509AuthenticationProvider extends NiFiAuthenticationProvider { identity = mapIdentity(identity); } + final Set<String> groups = getUserGroups(identity); + if (chainIter.hasPrevious()) { // authorize this proxy in order to authenticate this user final AuthorizationRequest proxyAuthorizationRequest = new AuthorizationRequest.Builder() .identity(identity) + .groups(groups) .anonymous(isAnonymous) .accessAttempt(true) .action(RequestAction.WRITE) @@ -108,7 +114,7 @@ public class X509AuthenticationProvider extends NiFiAuthenticationProvider { // Only set the client address for user making the request because we don't know the client address of the proxies String clientAddress = (proxy == null) ? request.getClientAddress() : null; - proxy = createUser(identity, proxy, clientAddress, isAnonymous); + proxy = createUser(identity, groups, proxy, clientAddress, isAnonymous); } return new NiFiAuthenticationToken(new NiFiUserDetails(proxy)); @@ -124,11 +130,11 @@ public class X509AuthenticationProvider extends NiFiAuthenticationProvider { * @param isAnonymous if true, an anonymous user will be returned (identity will be ignored) * @return the populated user */ - protected static NiFiUser createUser(String identity, NiFiUser chain, String clientAddress, boolean isAnonymous) { + protected static NiFiUser createUser(String identity, Set<String> groups, NiFiUser chain, String clientAddress, boolean isAnonymous) { if (isAnonymous) { return StandardNiFiUser.populateAnonymousUser(chain, clientAddress); } else { - return new StandardNiFiUser(identity, chain, clientAddress); + return new Builder().identity(identity).groups(groups).chain(chain).clientAddress(clientAddress).build(); } } http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml index ff1aff1..369b33c 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml @@ -43,7 +43,7 @@ <bean id="x509AuthenticationProvider" class="org.apache.nifi.web.security.x509.X509AuthenticationProvider"> <constructor-arg ref="certificateIdentityProvider" index="0"/> <constructor-arg ref="authorizer" index="1"/> - <constructor-arg ref="nifiProperties"/> + <constructor-arg ref="nifiProperties" index="2"/> </bean> <!-- jwt service --> @@ -53,8 +53,9 @@ <!-- jwt authentication provider --> <bean id="jwtAuthenticationProvider" class="org.apache.nifi.web.security.jwt.JwtAuthenticationProvider"> - <constructor-arg ref="jwtService"/> - <constructor-arg ref="nifiProperties"/> + <constructor-arg ref="jwtService" index="0"/> + <constructor-arg ref="nifiProperties" index="1"/> + <constructor-arg ref="authorizer" index="2"/> </bean> <!-- otp service --> @@ -62,8 +63,9 @@ <!-- otp authentication provider --> <bean id="otpAuthenticationProvider" class="org.apache.nifi.web.security.otp.OtpAuthenticationProvider"> - <constructor-arg ref="otpService"/> - <constructor-arg ref="nifiProperties"/> + <constructor-arg ref="otpService" index="0"/> + <constructor-arg ref="nifiProperties" index="1"/> + <constructor-arg ref="authorizer" index="2"/> </bean> <!-- Kerberos service --> http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/NiFiAuthenticationProviderTest.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/NiFiAuthenticationProviderTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/NiFiAuthenticationProviderTest.java index eb89c22..479034a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/NiFiAuthenticationProviderTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/NiFiAuthenticationProviderTest.java @@ -16,10 +16,10 @@ */ package org.apache.nifi.web.security; +import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.util.IdentityMapping; import org.apache.nifi.util.NiFiProperties; import org.junit.Test; -import org.mockito.Mockito; import org.mockito.invocation.InvocationOnMock; import org.mockito.stubbing.Answer; import org.springframework.security.core.Authentication; @@ -30,6 +30,7 @@ import java.util.Properties; import static org.junit.Assert.assertEquals; import static org.mockito.Mockito.anyString; +import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; public class NiFiAuthenticationProviderTest { @@ -169,7 +170,7 @@ public class NiFiAuthenticationProviderTest { } private NiFiProperties getNiFiProperties(final Properties properties) { - final NiFiProperties nifiProperties = Mockito.mock(NiFiProperties.class); + final NiFiProperties nifiProperties = mock(NiFiProperties.class); when(nifiProperties.getPropertyKeys()).thenReturn(properties.stringPropertyNames()); when(nifiProperties.getProperty(anyString())).then(new Answer<String>() { @@ -186,7 +187,7 @@ public class NiFiAuthenticationProviderTest { * @param properties the NiFiProperties instance */ public TestableNiFiAuthenticationProvider(NiFiProperties properties) { - super(properties); + super(properties, mock(Authorizer.class)); } @Override http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationProviderTest.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationProviderTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationProviderTest.java index 1b5f447..1b649e8 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationProviderTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationProviderTest.java @@ -16,12 +16,12 @@ */ package org.apache.nifi.web.security.otp; +import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.user.NiFiUserDetails; import org.apache.nifi.util.NiFiProperties; import org.apache.nifi.web.security.token.NiFiAuthenticationToken; import org.junit.Before; import org.junit.Test; -import org.mockito.Mockito; import org.mockito.invocation.InvocationOnMock; import org.mockito.stubbing.Answer; @@ -75,7 +75,7 @@ public class OtpAuthenticationProviderTest { } }).when(otpService).getAuthenticationFromUiExtensionToken(anyString()); - otpAuthenticationProvider = new OtpAuthenticationProvider(otpService, Mockito.mock(NiFiProperties.class)); + otpAuthenticationProvider = new OtpAuthenticationProvider(otpService, mock(NiFiProperties.class), mock(Authorizer.class)); } @Test http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/x509/X509AuthenticationProviderTest.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/x509/X509AuthenticationProviderTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/x509/X509AuthenticationProviderTest.java index 43aea86..70df649 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/x509/X509AuthenticationProviderTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/x509/X509AuthenticationProviderTest.java @@ -16,20 +16,6 @@ */ package org.apache.nifi.web.security.x509; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; -import static org.mockito.Matchers.any; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; - -import java.security.Principal; -import java.security.cert.X509Certificate; -import java.util.Arrays; -import java.util.List; -import java.util.concurrent.TimeUnit; -import java.util.stream.Collectors; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authentication.AuthenticationResponse; import org.apache.nifi.authorization.AuthorizationRequest; @@ -45,6 +31,21 @@ import org.apache.nifi.web.security.token.NiFiAuthenticationToken; import org.junit.Before; import org.junit.Test; +import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.List; +import java.util.concurrent.TimeUnit; +import java.util.stream.Collectors; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; +import static org.mockito.Matchers.any; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; + public class X509AuthenticationProviderTest { private static final String INVALID_CERTIFICATE = "invalid-certificate"; @@ -190,7 +191,7 @@ public class X509AuthenticationProviderTest { String identity = "someone"; // Act - NiFiUser user = X509AuthenticationProvider.createUser(identity, null, null, true); + NiFiUser user = X509AuthenticationProvider.createUser(identity, null, null, null, true); // Assert assert user != null; @@ -205,7 +206,7 @@ public class X509AuthenticationProviderTest { String identity = "someone"; // Act - NiFiUser user = X509AuthenticationProvider.createUser(identity, null, null, false); + NiFiUser user = X509AuthenticationProvider.createUser(identity, null, null, null, false); // Assert assert user != null; http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp index c7064f8..13e2146 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp @@ -146,15 +146,15 @@ <i class="fa fa-history"></i>Flow Configuration History </a> </md-menu-item> - <md-menu-divider ng-if="appCtrl.nf.CanvasUtils.isConfigurableAuthorizer()"></md-menu-divider> - <md-menu-item layout-align="space-around center" ng-if="appCtrl.nf.CanvasUtils.isConfigurableAuthorizer()"> + <md-menu-divider ng-if="appCtrl.nf.CanvasUtils.isManagedAuthorizer()"></md-menu-divider> + <md-menu-item layout-align="space-around center" ng-if="appCtrl.nf.CanvasUtils.isManagedAuthorizer()"> <a id="users-link" layout="row" ng-click="appCtrl.serviceProvider.headerCtrl.globalMenuCtrl.users.shell.launch();" ng-class="{disabled: !(appCtrl.nf.Common.canAccessTenants())}"> <i class="fa fa-users"></i>Users </a> </md-menu-item> - <md-menu-item layout-align="space-around center" ng-if="appCtrl.nf.CanvasUtils.isConfigurableAuthorizer()"> + <md-menu-item layout-align="space-around center" ng-if="appCtrl.nf.CanvasUtils.isManagedAuthorizer()"> <a id="policies-link" layout="row" ng-click="appCtrl.serviceProvider.headerCtrl.globalMenuCtrl.policies.shell.launch();" ng-class="{disabled: !(appCtrl.nf.Common.canAccessTenants() && appCtrl.nf.Common.canModifyPolicies())}"> http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/navigation.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/navigation.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/navigation.jsp index 6d97b0e..0732b3d 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/navigation.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/navigation.jsp @@ -95,8 +95,8 @@ ng-disabled="!(appCtrl.serviceProvider.graphControlsCtrl.canConfigureOrOpenDetails())"> <div class="graph-control-action-icon fa fa-gear"></div></button> </div> - <div class="button-spacer-small" ng-if="appCtrl.nf.CanvasUtils.isConfigurableAuthorizer()"> </div> - <div id="operate-policy" class="action-button" title="Access Policies" ng-if="appCtrl.nf.CanvasUtils.isConfigurableAuthorizer()"> + <div class="button-spacer-small" ng-if="appCtrl.nf.CanvasUtils.isManagedAuthorizer()"> </div> + <div id="operate-policy" class="action-button" title="Access Policies" ng-if="appCtrl.nf.CanvasUtils.isManagedAuthorizer()"> <button ng-click="appCtrl.nf.Actions['managePolicies'](appCtrl.nf.CanvasUtils.getSelection());" ng-disabled="!(appCtrl.nf.CanvasUtils.canManagePolicies())"> <div class="graph-control-action-icon fa fa-key"></div></button> http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/policy-management.css ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/policy-management.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/policy-management.css index 0e92a9c..667291d 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/policy-management.css +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/policy-management.css @@ -35,12 +35,14 @@ #delete-policy-button { margin-top: -4px; + display: none; } #new-policy-user-button { margin-top: -4px; margin-right: 5px; padding-left: 5px; + display: none; } button.policy-button { http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/users.css ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/users.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/users.css index f380c89..dc2a404 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/users.css +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/users.css @@ -67,6 +67,7 @@ #new-user-button { float: right; padding-left: 5px; + display: none; } /* users table */ http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-bootstrap.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-bootstrap.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-bootstrap.js index cef0b49..2fa8a2b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-bootstrap.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-bootstrap.js @@ -325,7 +325,9 @@ var autoRefreshIntervalSeconds = parseInt(configDetails.autoRefreshIntervalSeconds, 10); // record whether we can configure the authorizer + nfCanvas.setManagedAuthorizer(configDetails.supportsManagedAuthorizer); nfCanvas.setConfigurableAuthorizer(configDetails.supportsConfigurableAuthorizer); + nfCanvas.setConfigurableUsersAndGroups(configDetails.supportsConfigurableUsersAndGroups); // init nfStorage nfStorage.init(); http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-utils.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-utils.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-utils.js index efa21c4..54f1d14 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-utils.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-utils.js @@ -1726,6 +1726,13 @@ }, /** + * Returns whether the authorizer is managed. + */ + isManagedAuthorizer: function () { + return nfCanvas.isManagedAuthorizer(); + }, + + /** * Returns whether the authorizer is configurable. */ isConfigurableAuthorizer: function () { @@ -1733,6 +1740,13 @@ }, /** + * Returns whether the authorizer support configurable users and groups. + */ + isConfigurableUsersAndGroups: function () { + return nfCanvas.isConfigurableUsersAndGroups(); + }, + + /** * Set the group id. * * @argument {string} gi The group id http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js index ecb1269..0180441 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js @@ -84,7 +84,9 @@ var groupName = null; var permissions = null; var parentGroupId = null; + var managedAuthorizer = false; var configurableAuthorizer = false; + var configurableUsersAndGroups = false; var svg = null; var canvas = null; @@ -878,6 +880,22 @@ }, /** + * Set whether the authorizer is managed. + * + * @param bool The boolean value representing whether the authorizer is managed + */ + setManagedAuthorizer: function (bool) { + managedAuthorizer = bool; + }, + + /** + * Returns whether the authorizer is managed. + */ + isManagedAuthorizer: function () { + return managedAuthorizer; + }, + + /** * Set whether the authorizer is configurable. * * @param bool The boolean value representing whether the authorizer is configurable. @@ -894,6 +912,22 @@ }, /** + * Set whether the users and groups is configurable. + * + * @param bool The boolean value representing whether the users and groups is configurable. + */ + setConfigurableUsersAndGroups: function(bool){ + configurableUsersAndGroups = bool; + }, + + /** + * Returns whether the users and groups is configurable. + */ + isConfigurableUsersAndGroups: function () { + return configurableUsersAndGroups; + }, + + /** * Whether the current user can read from this group. * * @returns {boolean} can write http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-context-menu.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-context-menu.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-context-menu.js index 1c16626..c5e05f9 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-context-menu.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-context-menu.js @@ -133,7 +133,7 @@ * @param {selection} selection The selection of currently selected components */ var canManagePolicies = function (selection) { - return nfCanvasUtils.isConfigurableAuthorizer() && nfCanvasUtils.canManagePolicies(selection); + return nfCanvasUtils.isManagedAuthorizer() && nfCanvasUtils.canManagePolicies(selection); }; /** http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-services.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-services.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-services.js index ef98d38..a4fb774 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-services.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-services.js @@ -882,7 +882,7 @@ } // allow policy configuration conditionally - if (nfCanvasUtils.isConfigurableAuthorizer() && nfCommon.canAccessTenants()) { + if (nfCanvasUtils.isManagedAuthorizer() && nfCommon.canAccessTenants()) { markup += '<div title="Access Policies" class="pointer edit-access-policies fa fa-key" style="margin-top: 2px;"></div>'; } http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js index c4c3cd8..c4ae1ba 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-policy-management.js @@ -567,8 +567,11 @@ sortable: true, resizable: true, formatter: identityFormatter - }, - { + } + ]; + + if (nfCanvasUtils.isConfigurableAuthorizer()) { + usersColumns.push({ id: 'actions', name: ' ', sortable: false, @@ -576,8 +579,8 @@ formatter: actionFormatter, width: 100, maxWidth: 100 - } - ]; + }); + } var usersOptions = { forceFitColumns: true, @@ -874,20 +877,24 @@ // see if the policy is for this resource if (resourceAndAction.resource === policy.resource) { - // allow remove when policy is not inherited - $('#delete-policy-button').prop('disabled', policyEntity.permissions.canWrite === false); + if (nfCanvasUtils.isConfigurableAuthorizer()) { + // allow remove when policy is not inherited + $('#delete-policy-button').prop('disabled', policyEntity.permissions.canWrite === false); - // allow modification if allowed - $('#new-policy-user-button').prop('disabled', policyEntity.permissions.canWrite === false); + // allow modification if allowed + $('#new-policy-user-button').prop('disabled', policyEntity.permissions.canWrite === false); + } } else { $('#policy-message').append(getResourceMessage(policy.resource)); - // policy is inherited, we do not know if the user has permissions to modify the desired policy... show button and let server decide - $('#override-policy-message').show(); + if (nfCanvasUtils.isConfigurableAuthorizer()) { + // policy is inherited, we do not know if the user has permissions to modify the desired policy... show button and let server decide + $('#override-policy-message').show(); - // do not support policy deletion/modification - $('#delete-policy-button').prop('disabled', true); - $('#new-policy-user-button').prop('disabled', true); + // do not support policy deletion/modification + $('#delete-policy-button').prop('disabled', true); + $('#new-policy-user-button').prop('disabled', true); + } } // populate the table @@ -928,8 +935,10 @@ // show an appropriate message $('#policy-message').text('No component specific administrators.'); - // we don't know if the user has permissions to the desired policy... show create button and allow the server to decide - $('#add-local-admin-message').show(); + if (nfCanvasUtils.isConfigurableAuthorizer()) { + // we don't know if the user has permissions to the desired policy... show create button and allow the server to decide + $('#add-local-admin-message').show(); + } } } else { // reset the policy @@ -938,8 +947,10 @@ // show an appropriate message $('#policy-message').text('No component specific administrators.'); - // we don't know if the user has permissions to the desired policy... show create button and allow the server to decide - $('#add-local-admin-message').show(); + if (nfCanvasUtils.isConfigurableAuthorizer()) { + // we don't know if the user has permissions to the desired policy... show create button and allow the server to decide + $('#add-local-admin-message').show(); + } } deferred.resolve(); @@ -951,8 +962,10 @@ // show an appropriate message $('#policy-message').text('No component specific administrators.'); - // we don't know if the user has permissions to the desired policy... show create button and allow the server to decide - $('#add-local-admin-message').show(); + if (nfCanvasUtils.isConfigurableAuthorizer()) { + // we don't know if the user has permissions to the desired policy... show create button and allow the server to decide + $('#add-local-admin-message').show(); + } deferred.resolve(); } else if (xhr.status === 403) { @@ -997,8 +1010,10 @@ // since we cannot read, the policy may be inherited or not... we cannot tell $('#policy-message').text('Not authorized to view the policy.'); - // allow option to override because we don't know if it's supported or not - $('#override-policy-message').show(); + if (nfCanvasUtils.isConfigurableAuthorizer()) { + // allow option to override because we don't know if it's supported or not + $('#override-policy-message').show(); + } } deferred.resolve(); @@ -1010,8 +1025,10 @@ // show an appropriate message $('#policy-message').text('No policy for the specified resource.'); - // we don't know if the user has permissions to the desired policy... show create button and allow the server to decide - $('#new-policy-message').show(); + if (nfCanvasUtils.isConfigurableAuthorizer()) { + // we don't know if the user has permissions to the desired policy... show create button and allow the server to decide + $('#new-policy-message').show(); + } deferred.resolve(); } else if (xhr.status === 403) { @@ -1183,9 +1200,11 @@ */ var resetPolicyMessage = function () { $('#policy-message').text('').empty(); - $('#new-policy-message').hide(); - $('#override-policy-message').hide(); - $('#add-local-admin-message').hide(); + if (nfCanvasUtils.isConfigurableAuthorizer()) { + $('#new-policy-message').hide(); + $('#override-policy-message').hide(); + $('#add-local-admin-message').hide(); + } }; /** @@ -1194,9 +1213,11 @@ var resetPolicy = function () { resetPolicyMessage(); - // reset button state - $('#delete-policy-button').prop('disabled', true); - $('#new-policy-user-button').prop('disabled', true); + if (nfCanvasUtils.isConfigurableAuthorizer()) { + // reset button state + $('#delete-policy-button').prop('disabled', true); + $('#new-policy-user-button').prop('disabled', true); + } // reset the current policy $('#policy-table').removeData('policy'); @@ -1229,6 +1250,11 @@ initAddTenantToPolicyDialog(); initPolicyTable(); + if (nfCanvasUtils.isConfigurableAuthorizer()) { + $('#delete-policy-button').show(); + $('#new-policy-user-button').show(); + } + $('#policy-refresh-button').on('click', function () { loadPolicy(); }); http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js index 075f712..3f346f5 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js @@ -871,7 +871,7 @@ } // allow policy configuration conditionally - if (nfCanvasUtils.isConfigurableAuthorizer() && nfCommon.canAccessTenants()) { + if (nfCanvasUtils.isManagedAuthorizer() && nfCommon.canAccessTenants()) { markup += '<div title="Access Policies" class="pointer edit-access-policies fa fa-key" style="margin-top: 2px;"></div>'; } http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/templates/nf-templates-table.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/templates/nf-templates-table.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/templates/nf-templates-table.js index c942bdb..89c7cf2 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/templates/nf-templates-table.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/templates/nf-templates-table.js @@ -293,7 +293,7 @@ // allow policy configuration conditionally if embedded in if (top !== window && nfCommon.canAccessTenants()) { - if (nfCommon.isDefinedAndNotNull(parent.nf) && nfCommon.isDefinedAndNotNull(parent.nf.CanvasUtils) && parent.nf.CanvasUtils.isConfigurableAuthorizer()) { + if (nfCommon.isDefinedAndNotNull(parent.nf) && nfCommon.isDefinedAndNotNull(parent.nf.CanvasUtils) && parent.nf.CanvasUtils.isManagedAuthorizer()) { markup += '<div title="Access Policies" class="pointer edit-access-policies fa fa-key" style="margin-top: 2px;"></div>'; } } http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js index 7623234..14c8fe7 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js @@ -750,7 +750,7 @@ /** * Initializes the processor list. */ - var initUsersTable = function () { + var initUsersTable = function (configurableUsersAndGroups) { // define the function for filtering the list $('#users-filter').keyup(function () { applyFilter(); @@ -797,7 +797,7 @@ var markup = ''; // ensure user can modify the user - if (nfCommon.canModifyTenants()) { + if (configurableUsersAndGroups && nfCommon.canModifyTenants()) { markup += '<div title="Edit" class="pointer edit-user fa fa-pencil" style="margin-right: 3px;"></div>'; markup += '<div title="Remove" class="pointer delete-user fa fa-trash"></div>'; } @@ -1215,28 +1215,32 @@ }; var nfUsersTable = { - init: function () { + init: function (configurableUsersAndGroups) { initUserDialog(); initUserPoliciesDialog(); initUserPoliciesTable(); initUserDeleteDialog(); - initUsersTable(); + initUsersTable(configurableUsersAndGroups); - if (nfCommon.canModifyTenants()) { - $('#new-user-button').on('click', function () { - buildUsersList(); - buildGroupsList(); + if (configurableUsersAndGroups) { + $('#new-user-button').show(); - // show the dialog - $('#user-dialog').modal('show'); + if (nfCommon.canModifyTenants()) { + $('#new-user-button').on('click', function () { + buildUsersList(); + buildGroupsList(); - // set the focus automatically, only when adding a new user - $('#user-identity-edit-dialog').focus(); - }); + // show the dialog + $('#user-dialog').modal('show'); - $('#new-user-button').prop('disabled', false); - } else { - $('#new-user-button').prop('disabled', true); + // set the focus automatically, only when adding a new user + $('#user-identity-edit-dialog').focus(); + }); + + $('#new-user-button').prop('disabled', false); + } else { + $('#new-user-button').prop('disabled', true); + } } }, http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users.js index e39e160..6b53ce8 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users.js @@ -66,7 +66,8 @@ urls: { banners: '../nifi-api/flow/banners', controllerAbout: '../nifi-api/flow/about', - currentUser: '../nifi-api/flow/current-user' + currentUser: '../nifi-api/flow/current-user', + flowConfig: '../nifi-api/flow/config' } }; @@ -83,6 +84,14 @@ }).fail(nfErrorHandler.handleAjaxError); }; + var getFlowConfig = function () { + return $.ajax({ + type: 'GET', + url: config.urls.flowConfig, + dataType: 'json' + }).fail(nfErrorHandler.handleAjaxError); + } + var initializeUsersPage = function () { // define mouse over event for the refresh button nfCommon.addHoverEffect('#user-refresh-button', 'button-refresh', 'button-refresh-hover').click(function () { @@ -149,9 +158,12 @@ nfClient.init(); // load the users authorities - ensureAccess().done(function () { + $.when(getFlowConfig(), ensureAccess()).done(function (configResult) { + var configResponse = configResult[0]; + var configDetails = configResponse.flowConfiguration; + // create the counters table - nfUsersTable.init(); + nfUsersTable.init(configDetails.supportsConfigurableUsersAndGroups); // load the users table nfUsersTable.loadUsersTable().done(function () { http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/src/test/java/org/apache/nifi/provenance/TestPersistentProvenanceRepository.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/src/test/java/org/apache/nifi/provenance/TestPersistentProvenanceRepository.java b/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/src/test/java/org/apache/nifi/provenance/TestPersistentProvenanceRepository.java index 5eeb7de..f031710 100644 --- a/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/src/test/java/org/apache/nifi/provenance/TestPersistentProvenanceRepository.java +++ b/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/src/test/java/org/apache/nifi/provenance/TestPersistentProvenanceRepository.java @@ -16,41 +16,6 @@ */ package org.apache.nifi.provenance; -import static org.apache.nifi.provenance.TestUtil.createFlowFile; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; -import static org.mockito.Mockito.mock; - -import java.io.DataOutputStream; -import java.io.File; -import java.io.FileFilter; -import java.io.FileInputStream; -import java.io.FileOutputStream; -import java.io.IOException; -import java.lang.reflect.Field; -import java.lang.reflect.InvocationTargetException; -import java.lang.reflect.Method; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashMap; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.UUID; -import java.util.concurrent.CountDownLatch; -import java.util.concurrent.ExecutorService; -import java.util.concurrent.Executors; -import java.util.concurrent.Future; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.atomic.AtomicInteger; -import java.util.concurrent.atomic.AtomicLong; -import java.util.stream.Collectors; -import java.util.zip.GZIPOutputStream; - import org.apache.lucene.analysis.Analyzer; import org.apache.lucene.analysis.core.SimpleAnalyzer; import org.apache.lucene.document.Document; @@ -90,7 +55,6 @@ import org.apache.nifi.util.NiFiProperties; import org.apache.nifi.util.file.FileUtils; import org.junit.After; import org.junit.Assert; -import static org.junit.Assume.assumeFalse; import org.junit.Before; import org.junit.BeforeClass; import org.junit.ClassRule; @@ -102,6 +66,42 @@ import org.junit.rules.TestName; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import java.io.DataOutputStream; +import java.io.File; +import java.io.FileFilter; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.lang.reflect.Field; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.UUID; +import java.util.concurrent.CountDownLatch; +import java.util.concurrent.ExecutorService; +import java.util.concurrent.Executors; +import java.util.concurrent.Future; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicInteger; +import java.util.concurrent.atomic.AtomicLong; +import java.util.stream.Collectors; +import java.util.zip.GZIPOutputStream; + +import static org.apache.nifi.provenance.TestUtil.createFlowFile; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; +import static org.junit.Assume.assumeFalse; +import static org.mockito.Mockito.mock; + public class TestPersistentProvenanceRepository { @Rule @@ -2273,6 +2273,11 @@ public class TestPersistentProvenanceRepository { } @Override + public Set<String> getGroups() { + return Collections.EMPTY_SET; + } + + @Override public NiFiUser getChain() { return null; } http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/src/test/java/org/apache/nifi/provenance/index/lucene/TestLuceneEventIndex.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/src/test/java/org/apache/nifi/provenance/index/lucene/TestLuceneEventIndex.java b/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/src/test/java/org/apache/nifi/provenance/index/lucene/TestLuceneEventIndex.java index 3079b87..44c5402 100644 --- a/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/src/test/java/org/apache/nifi/provenance/index/lucene/TestLuceneEventIndex.java +++ b/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-persistent-provenance-repository/src/test/java/org/apache/nifi/provenance/index/lucene/TestLuceneEventIndex.java @@ -16,23 +16,6 @@ */ package org.apache.nifi.provenance.index.lucene; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertTrue; - -import java.io.File; -import java.io.IOException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.UUID; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.atomic.AtomicLong; -import java.util.stream.Collectors; - import org.apache.nifi.authorization.AccessDeniedException; import org.apache.nifi.authorization.user.NiFiUser; import org.apache.nifi.events.EventReporter; @@ -56,7 +39,6 @@ import org.apache.nifi.provenance.serialization.StorageSummary; import org.apache.nifi.provenance.store.ArrayListEventStore; import org.apache.nifi.provenance.store.EventStore; import org.apache.nifi.provenance.store.StorageResult; -import static org.junit.Assume.assumeFalse; import org.junit.BeforeClass; import org.junit.Rule; import org.junit.Test; @@ -65,6 +47,25 @@ import org.mockito.Mockito; import org.mockito.invocation.InvocationOnMock; import org.mockito.stubbing.Answer; +import java.io.File; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.UUID; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.atomic.AtomicLong; +import java.util.stream.Collectors; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertTrue; +import static org.junit.Assume.assumeFalse; + public class TestLuceneEventIndex { private final AtomicLong idGenerator = new AtomicLong(0L); @@ -344,6 +345,11 @@ public class TestLuceneEventIndex { } @Override + public Set<String> getGroups() { + return Collections.EMPTY_SET; + } + + @Override public NiFiUser getChain() { return null; } http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-volatile-provenance-repository/src/test/java/org/apache/nifi/provenance/TestVolatileProvenanceRepository.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-volatile-provenance-repository/src/test/java/org/apache/nifi/provenance/TestVolatileProvenanceRepository.java b/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-volatile-provenance-repository/src/test/java/org/apache/nifi/provenance/TestVolatileProvenanceRepository.java index 942fea4..5ccf6ea 100644 --- a/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-volatile-provenance-repository/src/test/java/org/apache/nifi/provenance/TestVolatileProvenanceRepository.java +++ b/nifi-nar-bundles/nifi-provenance-repository-bundle/nifi-volatile-provenance-repository/src/test/java/org/apache/nifi/provenance/TestVolatileProvenanceRepository.java @@ -26,9 +26,11 @@ import org.junit.BeforeClass; import org.junit.Test; import java.io.IOException; +import java.util.Collections; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Set; import java.util.UUID; import static org.junit.Assert.assertEquals; @@ -186,6 +188,11 @@ public class TestVolatileProvenanceRepository { } @Override + public Set<String> getGroups() { + return Collections.EMPTY_SET; + } + + @Override public NiFiUser getChain() { return null; } http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/pom.xml ---------------------------------------------------------------------- diff --git a/pom.xml b/pom.xml index d3db7c6..bdab77a 100644 --- a/pom.xml +++ b/pom.xml @@ -1718,7 +1718,7 @@ <plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>jaxb2-maven-plugin</artifactId> - <version>1.6</version> + <version>2.3.1</version> </plugin> <plugin> <groupId>org.apache.maven.plugins</groupId>
