Repository: nifi-registry
Updated Branches:
  refs/heads/master ed86f1a9a -> 1bb1e2b65


http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/1bb1e2b6/nifi-registry-web-ui/src/main/webapp/services/nf-registry.api.spec.js
----------------------------------------------------------------------
diff --git 
a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.api.spec.js 
b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.api.spec.js
index fcb8181..c544d22 100644
--- a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.api.spec.js
+++ b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.api.spec.js
@@ -39,13 +39,12 @@ var ngMoment = require('angular2-moment');
 var rxjs = require('rxjs/Rx');
 var ngCommonHttp = require('@angular/common/http');
 var NfRegistryTokenInterceptor = 
require('nifi-registry/services/nf-registry.token.interceptor.js');
-var NfRegistryAuthService = 
require('nifi-registry/services/nf-registry.auth.service.js');
 var NfStorage = require('nifi-registry/services/nf-storage.service.js');
 var NfLoginComponent = 
require('nifi-registry/components/login/nf-registry-login.js');
 var NfUserLoginComponent = 
require('nifi-registry/components/login/dialogs/nf-registry-user-login.js');
 var nfRegistryAuthGuardService = 
require('nifi-registry/services/nf-registry.auth-guard.service.js');
 
-xdescribe('NfRegistry API w/ Angular testing utils', function () {
+describe('NfRegistry API w/ Angular testing utils', function () {
     var nfRegistryApi;
     var nfRegistryService;
 
@@ -80,7 +79,6 @@ xdescribe('NfRegistry API w/ Angular testing utils', function 
() {
                 
nfRegistryAuthGuardService.NfRegistryWorkflowsAdministrationAuthGuard,
                 nfRegistryAuthGuardService.NfRegistryLoginAuthGuard,
                 nfRegistryAuthGuardService.NfRegistryResourcesAuthGuard,
-                NfRegistryAuthService,
                 NfRegistryApi,
                 NfStorage,
                 {
@@ -179,28 +177,6 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
         httpMock.verify();
     }));
 
-    it('should fail to GET to load the current user.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
-        // Spy
-        spyOn(nfRegistryApi.router, 'navigateByUrl').and.callFake(function () {
-        });
-
-        // api call
-        nfRegistryApi.loadCurrentUser().subscribe(function (response) {
-            var navigateByUrlCall = 
nfRegistryApi.router.navigateByUrl.calls.first();
-            expect(navigateByUrlCall.args[0]).toBe('/nifi-registry/login');
-        });
-
-        // the request it made
-        req = httpMock.expectOne('/nifi-registry-api/access');
-        expect(req.request.method).toEqual('GET');
-
-        // Next, fulfill the request by transmitting a response.
-        req.flush(null, {status: 401, statusText: 'GET current user mock 
error'});
-
-        // Finally, assert that there are no outstanding requests.
-        httpMock.verify();
-    }));
-
     it('should GET droplet snapshot metadata.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
         // api call
         
nfRegistryApi.getDropletSnapshotMetadata('flow/test').subscribe(function 
(response) {
@@ -292,7 +268,7 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
         nfRegistryApi.getDroplet('2f7f9e54-dc09-4ceb-aa58-9fe581319cdc', 
'flows', '2e04b4fb-9513-47bb-aa74-1ae34616bfdc').subscribe(function (response) {
             expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/buckets/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc/flows/2e04b4fb-9513-47bb-aa74-1ae34616bfdc:
 401 GET droplet mock error');
             var dialogServiceCall = 
nfRegistryApi.dialogService.openConfirm.calls.first();
-            expect(dialogServiceCall.args[0].title).toBe('Error');
+            expect(dialogServiceCall.args[0].title).toBe('Flow Not Found');
             expect(dialogServiceCall.args[0].message).toBe('Http failure 
response for 
/nifi-registry-api/buckets/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc/flows/2e04b4fb-9513-47bb-aa74-1ae34616bfdc:
 401 GET droplet mock error');
             expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
             
expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
@@ -360,18 +336,9 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
     }));
 
     it('should fail to GET all droplets across all buckets.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
-        // Spy
-        spyOn(nfRegistryApi.dialogService, 
'openConfirm').and.callFake(function () {
-        });
-
         // api call
         nfRegistryApi.getDroplets().subscribe(function (response) {
             expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/items: 401 GET droplet mock error');
-            var dialogServiceCall = 
nfRegistryApi.dialogService.openConfirm.calls.first();
-            expect(dialogServiceCall.args[0].title).toBe('Error');
-            expect(dialogServiceCall.args[0].message).toBe('Http failure 
response for /nifi-registry-api/items: 401 GET droplet mock error');
-            expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
-            
expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
         });
 
         // the request it made
@@ -419,18 +386,9 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
     }));
 
     it('should fail to GET all droplets across a single bucket.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
-        // Spy
-        spyOn(nfRegistryApi.dialogService, 
'openConfirm').and.callFake(function () {
-        });
-
         // api call
         
nfRegistryApi.getDroplets('2f7f9e54-dc09-4ceb-aa58-9fe581319cdc').subscribe(function
 (response) {
             expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/items/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc: 401 GET droplet 
mock error');
-            var dialogServiceCall = 
nfRegistryApi.dialogService.openConfirm.calls.first();
-            expect(dialogServiceCall.args[0].title).toBe('Error');
-            expect(dialogServiceCall.args[0].message).toBe('Http failure 
response for /nifi-registry-api/items/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc: 401 
GET droplet mock error');
-            expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
-            
expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
         });
 
         // the request it made
@@ -571,15 +529,6 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
     }));
 
     it('should GET bucket by ID.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
-        // Spy
-        spyOn(nfRegistryApi.dialogService, 
'openConfirm').and.callFake(function () {
-            return {
-                afterClosed: function () {
-                    return rxjs.Observable.of(true);
-                }
-            }
-        });
-
         // api call
         
nfRegistryApi.getBucket('2f7f9e54-dc09-4ceb-aa58-9fe581319cdc').subscribe(function
 (response) {
             
expect(response.identifier).toEqual('2f7f9e54-dc09-4ceb-aa58-9fe581319cdc');
@@ -613,7 +562,7 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
         
nfRegistryApi.getBucket('2f7f9e54-dc09-4ceb-aa58-9fe581319cdc').subscribe(function
 (response) {
             expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/buckets/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc: 401 GET bucket 
mock error');
             var dialogServiceCall = 
nfRegistryApi.dialogService.openConfirm.calls.first();
-            expect(dialogServiceCall.args[0].title).toBe('Error');
+            expect(dialogServiceCall.args[0].title).toBe('Bucket Not Found');
             expect(dialogServiceCall.args[0].message).toBe('Http failure 
response for /nifi-registry-api/buckets/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc: 
401 GET bucket mock error');
             expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
             
expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
@@ -659,7 +608,7 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
         nfRegistryApi.getBuckets().subscribe(function (response) {
             expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/buckets: 401 GET metadata mock error');
             var dialogServiceCall = 
nfRegistryApi.dialogService.openConfirm.calls.first();
-            expect(dialogServiceCall.args[0].title).toBe('Error');
+            expect(dialogServiceCall.args[0].title).toBe('Buckets Not Found');
             expect(dialogServiceCall.args[0].message).toBe('Http failure 
response for /nifi-registry-api/buckets: 401 GET metadata mock error');
             expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
             
expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
@@ -676,6 +625,89 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
         httpMock.verify();
     }));
 
+    it('should PUT to update a bucket name.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // api call
+        nfRegistryApi.updateBucket('2f7f9e54-dc09-4ceb-aa58-9fe581319cdc', 
'Bucket #1').subscribe(function (response) {
+            
expect(response[0].identifier).toEqual('2f7f9e54-dc09-4ceb-aa58-9fe581319cdc');
+            expect(response[0].name).toEqual('Bucket #1');
+        });
+        // the request it made
+        req = 
httpMock.expectOne('/nifi-registry-api/buckets/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc');
+        expect(req.request.method).toEqual('PUT');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush([{
+            'identifier': '2f7f9e54-dc09-4ceb-aa58-9fe581319cdc',
+            'name': 'Bucket #1'
+        }]);
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should fail to PUT to update a bucket name.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // api call
+        nfRegistryApi.updateBucket('2f7f9e54-dc09-4ceb-aa58-9fe581319cdc', 
'Bucket #1').subscribe(function (response) {
+            expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/buckets/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc: 401 PUT to 
update a bucket name mock error');
+        });
+
+        // the request it made
+        req = 
httpMock.expectOne('/nifi-registry-api/buckets/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc');
+        expect(req.request.method).toEqual('PUT');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush('Http failure response for 
/nifi-registry-api/buckets/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc: 401 PUT to 
update a bucket name mock error', {status: 401, statusText: 'PUT to update a 
bucket name mock error'});
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should GET user by id.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // api call
+        
nfRegistryApi.getUser('2f7f9e54-dc09-4ceb-aa58-9fe581319cdc').subscribe(function
 (response) {
+            
expect(response[0].identifier).toEqual('2f7f9e54-dc09-4ceb-aa58-9fe581319cdc');
+            expect(response[0].name).toEqual('User #1');
+        });
+        // the request it made
+        req = 
httpMock.expectOne('/nifi-registry-api/tenants/users/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc');
+        expect(req.request.method).toEqual('GET');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush([{
+            'identifier': '2f7f9e54-dc09-4ceb-aa58-9fe581319cdc',
+            'name': 'User #1'
+        }]);
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should fail to GET user by id.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // Spy
+        spyOn(nfRegistryApi.dialogService, 
'openConfirm').and.callFake(function () {
+        });
+
+        // api call
+        
nfRegistryApi.getUser('2f7f9e54-dc09-4ceb-aa58-9fe581319cdc').subscribe(function
 (response) {
+            expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/tenants/users/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc: 401 GET 
user by id mock error');
+            var dialogServiceCall = 
nfRegistryApi.dialogService.openConfirm.calls.first();
+            expect(dialogServiceCall.args[0].title).toBe('User Not Found');
+            expect(dialogServiceCall.args[0].message).toBe('Http failure 
response for 
/nifi-registry-api/tenants/users/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc: 401 GET 
user by id mock error');
+            expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
+            
expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
+        });
+
+        // the request it made
+        req = 
httpMock.expectOne('/nifi-registry-api/tenants/users/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc');
+        expect(req.request.method).toEqual('GET');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush('Http failure response for 
/nifi-registry-api/tenants/users/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc: 401 GET 
user by id mock error', {status: 401, statusText: 'GET user by id mock error', 
error: 'test'});
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
     it('should POST to add a new user.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
         // api call
         nfRegistryApi.addUser('test').subscribe(function (response) {
@@ -721,6 +753,43 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
         httpMock.verify();
     }));
 
+    it('should PUT to update a user name.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // api call
+        nfRegistryApi.updateUser('2f7f9e54-dc09-4ceb-aa58-9fe581319cdc', 'user 
#1').subscribe(function (response) {
+            
expect(response[0].identifier).toEqual('2f7f9e54-dc09-4ceb-aa58-9fe581319cdc');
+            expect(response[0].name).toEqual('user #1');
+        });
+        // the request it made
+        req = 
httpMock.expectOne('/nifi-registry-api/tenants/users/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc');
+        expect(req.request.method).toEqual('PUT');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush([{
+            'identifier': '2f7f9e54-dc09-4ceb-aa58-9fe581319cdc',
+            'name': 'user #1'
+        }]);
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should fail to PUT to update a user name.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // api call
+        nfRegistryApi.updateUser('2f7f9e54-dc09-4ceb-aa58-9fe581319cdc', 'user 
#1').subscribe(function (response) {
+            expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/tenants/users/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc: 401 PUT 
to update a user name mock error');
+        });
+
+        // the request it made
+        req = 
httpMock.expectOne('/nifi-registry-api/tenants/users/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc');
+        expect(req.request.method).toEqual('PUT');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush('Http failure response for 
/nifi-registry-api/tenants/users/2f7f9e54-dc09-4ceb-aa58-9fe581319cdc: 401 PUT 
to update a user name mock error', {status: 401, statusText: 'PUT to update a 
user name mock error'});
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
     it('should GET users.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
         // api call
         nfRegistryApi.getUsers().subscribe(function (response) {
@@ -750,7 +819,7 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
         nfRegistryApi.getUsers().subscribe(function (response) {
             expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/tenants/users: 401 GET users mock error');
             var dialogServiceCall = 
nfRegistryApi.dialogService.openConfirm.calls.first();
-            expect(dialogServiceCall.args[0].title).toBe('Error');
+            expect(dialogServiceCall.args[0].title).toBe('Users Not Found');
             expect(dialogServiceCall.args[0].message).toBe('Http failure 
response for /nifi-registry-api/tenants/users: 401 GET users mock error');
             expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
             
expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
@@ -842,7 +911,7 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
         nfRegistryApi.getUserGroups().subscribe(function (response) {
             expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/tenants/user-groups: 401 GET user groups mock error');
             var dialogServiceCall = 
nfRegistryApi.dialogService.openConfirm.calls.first();
-            expect(dialogServiceCall.args[0].title).toBe('Error');
+            expect(dialogServiceCall.args[0].title).toBe('Groups Not Found');
             expect(dialogServiceCall.args[0].message).toBe('Http failure 
response for /nifi-registry-api/tenants/user-groups: 401 GET user groups mock 
error');
             expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
             
expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
@@ -859,6 +928,267 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
         httpMock.verify();
     }));
 
+    it('should GET resource policies by resource identifier.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // api call
+        nfRegistryApi.getResourcePoliciesById('read', '/buckets', 
'123').subscribe(function (response) {
+            expect(response[0].identifier).toEqual('123');
+        });
+
+        // the request it made
+        req = 
httpMock.expectOne('/nifi-registry-api/policies/read/buckets/123');
+        expect(req.request.method).toEqual('GET');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush([{
+            'identifier': '123'
+        }]);
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should fail to GET resource policies by resource identifier.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // Spy
+        spyOn(nfRegistryApi.dialogService, 
'openConfirm').and.callFake(function () {
+        });
+
+        // api call
+        nfRegistryApi.getResourcePoliciesById('read', '/buckets', 
'123').subscribe(function (response) {
+            expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/policies/read/buckets/123: 401 GET get resource policies by 
id mock error');
+            var dialogServiceCall = 
nfRegistryApi.dialogService.openConfirm.calls.first();
+            expect(dialogServiceCall.args[0].title).toBe('Error');
+            expect(dialogServiceCall.args[0].message).toBe('Http failure 
response for /nifi-registry-api/policies/read/buckets/123: 401 GET get resource 
policies by id mock error');
+            expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
+            
expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
+        });
+
+        // the request it made
+        req = 
httpMock.expectOne('/nifi-registry-api/policies/read/buckets/123');
+        expect(req.request.method).toEqual('GET');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush('Http failure response for 
/nifi-registry-api/policies/read/buckets/123: 401 GET get resource policies by 
id mock error', {status: 401, statusText: 'GET get resource policies by id mock 
error'});
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should GET policy action resource.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // api call
+        nfRegistryApi.getPolicyActionResource('read', 
'/buckets').subscribe(function (response) {
+            expect(response[0].identifier).toEqual('123');
+        });
+
+        // the request it made
+        req = httpMock.expectOne('/nifi-registry-api/policies/read/buckets');
+        expect(req.request.method).toEqual('GET');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush([{
+            'identifier': '123'
+        }]);
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should fail to GET policy action resource.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // Spy
+        spyOn(nfRegistryApi.dialogService, 
'openConfirm').and.callFake(function () {
+        });
+
+        // api call
+        nfRegistryApi.getPolicyActionResource('read', 
'/buckets').subscribe(function (response) {
+            expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/policies/read/buckets: 401 GET policy action resource mock 
error');
+            var dialogServiceCall = 
nfRegistryApi.dialogService.openConfirm.calls.first();
+            expect(dialogServiceCall.args[0].title).toBe('Error');
+            expect(dialogServiceCall.args[0].message).toBe('Http failure 
response for /nifi-registry-api/policies/read/buckets: 401 GET policy action 
resource mock error');
+            expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
+            
expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
+        });
+
+        // the request it made
+        req = httpMock.expectOne('/nifi-registry-api/policies/read/buckets');
+        expect(req.request.method).toEqual('GET');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush('Http failure response for 
/nifi-registry-api/policies/read/buckets: 401 GET policy action resource mock 
error', {status: 401, statusText: 'GET policy action resource mock error'});
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should PUT policy action resource.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // api call
+        nfRegistryApi.putPolicyActionResource('123', 'read', '/buckets', [], 
[]).subscribe(function (response) {
+            expect(response[0].identifier).toEqual('123');
+        });
+
+        // the request it made
+        req = httpMock.expectOne('/nifi-registry-api/policies/123');
+        expect(req.request.method).toEqual('PUT');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush([{
+            'identifier': '123'
+        }]);
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should fail to PUT policy action resource.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // Spy
+        spyOn(nfRegistryApi.dialogService, 
'openConfirm').and.callFake(function () {
+        });
+
+        // api call
+        nfRegistryApi.putPolicyActionResource('123', 'read', '/buckets', [], 
[]).subscribe(function (response) {
+            expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/policies/123: 401 PUT policy action resource mock error');
+            var dialogServiceCall = 
nfRegistryApi.dialogService.openConfirm.calls.first();
+            expect(dialogServiceCall.args[0].title).toBe('Error');
+            expect(dialogServiceCall.args[0].message).toBe('Http failure 
response for /nifi-registry-api/policies/123: 401 PUT policy action resource 
mock error');
+            expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
+            
expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
+        });
+
+        // the request it made
+        req = httpMock.expectOne('/nifi-registry-api/policies/123');
+        expect(req.request.method).toEqual('PUT');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush('Http failure response for /nifi-registry-api/policies/123: 
401 PUT policy action resource mock error', {status: 401, statusText: 'PUT 
policy action resource mock error'});
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should POST policy action resource.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // api call
+        nfRegistryApi.postPolicyActionResource('read', '/buckets', [], 
[]).subscribe(function (response) {
+            expect(response[0].identifier).toEqual('123');
+        });
+
+        // the request it made
+        req = httpMock.expectOne('/nifi-registry-api/policies');
+        expect(req.request.method).toEqual('POST');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush([{
+            'identifier': '123'
+        }]);
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should fail to POST policy action resource.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // Spy
+        spyOn(nfRegistryApi.dialogService, 
'openConfirm').and.callFake(function () {
+        });
+
+        // api call
+        nfRegistryApi.postPolicyActionResource('read', '/buckets', [], 
[]).subscribe(function (response) {
+            expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/policies: 401 POST policy action resource mock error');
+            var dialogServiceCall = 
nfRegistryApi.dialogService.openConfirm.calls.first();
+            expect(dialogServiceCall.args[0].title).toBe('Error');
+            expect(dialogServiceCall.args[0].message).toBe('Http failure 
response for /nifi-registry-api/policies: 401 POST policy action resource mock 
error');
+            expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
+            
expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
+        });
+
+        // the request it made
+        req = httpMock.expectOne('/nifi-registry-api/policies');
+        expect(req.request.method).toEqual('POST');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush('Http failure response for /nifi-registry-api/policies: 401 
POST policy action resource mock error', {status: 401, statusText: 'POST policy 
action resource mock error'});
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should POST to login.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // api call
+        nfRegistryApi.postToLogin('username', 'password').subscribe(function 
(response) {
+            expect(response).toEqual('abc');
+        });
+
+        // the request it made
+        req = httpMock.expectOne('/nifi-registry-api/access/token/login');
+        expect(req.request.method).toEqual('POST');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush('abc');
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should fail to POST to login.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // Spy
+        spyOn(nfRegistryApi.dialogService, 
'openConfirm').and.callFake(function () {
+        });
+
+        // api call
+        nfRegistryApi.postToLogin('username', 'password').subscribe(function 
(response) {
+            expect(response).toEqual('');
+            var dialogServiceCall = 
nfRegistryApi.dialogService.openConfirm.calls.first();
+            expect(dialogServiceCall.args[0].title).toBe('Error');
+            expect(dialogServiceCall.args[0].message).toBe('Please contact 
your System Administrator.');
+            expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
+            
expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
+        });
+
+        // the request it made
+        req = httpMock.expectOne('/nifi-registry-api/access/token/login');
+        expect(req.request.method).toEqual('POST');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush('Http failure response for 
/nifi-registry-api/access/token/login: 401 POST to login mock error', {status: 
401, statusText: 'POST to login mock error'});
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should GET all access policies.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // api call
+        nfRegistryApi.getPolicies().subscribe(function (response) {
+            expect(response[0].identifier).toEqual('123');
+        });
+
+        // the request it made
+        req = httpMock.expectOne('/nifi-registry-api/policies');
+        expect(req.request.method).toEqual('GET');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush([
+            {
+                "identifier": "123",
+            }
+        ]);
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
+    it('should fail to GET all access policies.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
+        // api call
+        nfRegistryApi.getPolicies().subscribe(function (response) {
+            expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/policies: 401 GET policies mock error');
+        });
+
+        // the request it made
+        req = httpMock.expectOne('/nifi-registry-api/policies');
+        expect(req.request.method).toEqual('GET');
+
+        // Next, fulfill the request by transmitting a response.
+        req.flush('Http failure response for /nifi-registry-api/policies: 401 
GET policies mock error', {status: 401, statusText: 'GET policies mock error'});
+
+        // Finally, assert that there are no outstanding requests.
+        httpMock.verify();
+    }));
+
     it('should GET a user group.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
         // api call
         nfRegistryApi.getUserGroup(123).subscribe(function (response) {
@@ -888,7 +1218,7 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
         nfRegistryApi.getUserGroup(123).subscribe(function (response) {
             expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/tenants/user-groups/123: 401 GET user groups mock error');
             var dialogServiceCall = 
nfRegistryApi.dialogService.openConfirm.calls.first();
-            expect(dialogServiceCall.args[0].title).toBe('Error');
+            expect(dialogServiceCall.args[0].title).toBe('Group Not Found');
             expect(dialogServiceCall.args[0].message).toBe('Http failure 
response for /nifi-registry-api/tenants/user-groups/123: 401 GET user groups 
mock error');
             expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
             
expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
@@ -1033,15 +1363,12 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
     }));
 
     it('should fail to PUT to update a user group.', 
ngCoreTesting.inject([ngCommonHttpTesting.HttpTestingController], function 
(httpMock) {
-        // Spy
-        spyOn(nfRegistryApi.dialogService, 
'openConfirm').and.callFake(function () {
-        });
-
         // api call
         nfRegistryApi.updateUserGroup('123', 'Group #1', [{
             identity: 'User #1',
             identifier: '9999'
         }]).subscribe(function (response) {
+            expect(response.message).toEqual('Http failure response for 
/nifi-registry-api/tenants/user-groups/123: 401 PUT to update a user group name 
mock error');
         });
 
         // the request it made
@@ -1049,7 +1376,7 @@ xdescribe('NfRegistry API w/ Angular testing utils', 
function () {
         expect(req.request.method).toEqual('PUT');
 
         // Next, fulfill the request by transmitting a response.
-        req.flush(null, {status: 401, statusText: 'PUT user groups mock 
error'});
+        req.flush('Http failure response for 
/nifi-registry-api/tenants/user-groups/123: 401 PUT to update a user group name 
mock error', {status: 401, statusText: 'PUT to update a user group name mock 
error'});
 
         // Finally, assert that there are no outstanding requests.
         httpMock.verify();

http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/1bb1e2b6/nifi-registry-web-ui/src/main/webapp/services/nf-registry.auth-guard.service.js
----------------------------------------------------------------------
diff --git 
a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.auth-guard.service.js
 
b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.auth-guard.service.js
index a2f34f3..39a2289 100644
--- 
a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.auth-guard.service.js
+++ 
b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.auth-guard.service.js
@@ -16,15 +16,27 @@
  */
 
 var NfRegistryService = 
require('nifi-registry/services/nf-registry.service.js');
+var NfStorage = require('nifi-registry/services/nf-storage.service.js');
+var ngRouter = require('@angular/router');
+var fdsDialogsModule = require('@fluid-design-system/dialogs');
+var NfRegistryApi = require('nifi-registry/services/nf-registry.api.js');
 
 /**
  * NfRegistryUsersAdministrationAuthGuard constructor.
  *
- * @param nfRegistryService                 The nfRegistryService module.
+ * @param nfRegistryService         The nfRegistryService module.
+ * @param nfRegistryApi             The nfRegistryApi module.
+ * @param nfStorage                 The NfStorage module.
+ * @param router                    The angular router module.
+ * @param fdsDialogService          The FDS dialog service.
  * @constructor
  */
-function NfRegistryUsersAdministrationAuthGuard(nfRegistryService) {
+function NfRegistryUsersAdministrationAuthGuard(nfRegistryService, 
nfRegistryApi, nfStorage, router, fdsDialogService) {
     this.nfRegistryService = nfRegistryService;
+    this.nfRegistryApi = nfRegistryApi;
+    this.nfStorage = nfStorage;
+    this.router = router;
+    this.dialogService = fdsDialogService;
 };
 
 NfRegistryUsersAdministrationAuthGuard.prototype = {
@@ -48,24 +60,54 @@ NfRegistryUsersAdministrationAuthGuard.prototype = {
         this.nfRegistryService.redirectUrl = url;
 
         // attempt kerberos authentication
-        this.nfRegistryService.api.ticketExchange().subscribe(function (jwt) {
-            self.nfRegistryService.api.loadCurrentUser().subscribe(function 
(currentUser) {
-                self.nfRegistryService.currentUser = currentUser;
-                if (currentUser.anonymous === false) {
-                    // render the logout button if there is a token locally
-                    if (self.nfRegistryService.nfStorage.getItem('jwt') !== 
null) {
-                        self.nfRegistryService.currentUser.canLogout = true;
+        this.nfRegistryApi.ticketExchange().subscribe(function (jwt) {
+            self.nfRegistryApi.loadCurrentUser().subscribe(function 
(currentUser) {
+                // there is no anonymous access and we don't know this user - 
open the login page which handles login/registration/etc
+                if (currentUser.error) {
+                    if (currentUser.error.status === 401) {
+                        self.nfStorage.removeItem('jwt');
+                        self.router.navigateByUrl('/nifi-registry/login');
                     }
+                } else {
+                    self.nfRegistryService.currentUser = currentUser;
+                    if (currentUser.anonymous === false) {
+                        // render the logout button if there is a token locally
+                        if (self.nfStorage.getItem('jwt') !== null) {
+                            self.nfRegistryService.currentUser.canLogout = 
true;
+                        }
 
-                    // redirect to explorer perspective if not admin
-                    if 
(!currentUser.resourcePermissions.anyTopLevelResource.canRead) {
-                        
self.nfRegistryService.router.navigateByUrl('/nifi-registry/explorer');
+                        // redirect to explorer perspective if not admin
+                        if 
(!currentUser.resourcePermissions.anyTopLevelResource.canRead) {
+                            self.dialogService.openConfirm({
+                                title: 'Access denied',
+                                message: 'Please contact your system 
administrator.',
+                                acceptButton: 'Ok',
+                                acceptButtonColor: 'fds-warn'
+                            });
+                            
self.router.navigateByUrl('/nifi-registry/explorer');
+                        } else {
+                            if 
(currentUser.resourcePermissions.tenants.canRead) {
+                                self.router.navigateByUrl(url);
+                            } else {
+                                self.dialogService.openConfirm({
+                                    title: 'Access denied',
+                                    message: 'Please contact your system 
administrator.',
+                                    acceptButton: 'Ok',
+                                    acceptButtonColor: 'fds-warn'
+                                });
+                                
self.router.navigateByUrl('/nifi-registry/explorer');
+                            }
+                        }
                     } else {
-                        self.nfRegistryService.router.navigateByUrl(url);
+                        // registry security not configured, redirect to 
workflow perspective
+                        self.dialogService.openConfirm({
+                            title: 'Not Applicable',
+                            message: 'User administration is not configured 
for this registry.',
+                            acceptButton: 'Ok',
+                            acceptButtonColor: 'fds-warn'
+                        });
+                        
self.router.navigateByUrl('/nifi-registry/administration/workflow');
                     }
-                } else {
-                    // navigate to the login page
-                    
self.nfRegistryService.router.navigateByUrl('/nifi-registry/login');
                 }
             });
         });
@@ -75,17 +117,29 @@ NfRegistryUsersAdministrationAuthGuard.prototype = {
 };
 
 NfRegistryUsersAdministrationAuthGuard.parameters = [
-    NfRegistryService
+    NfRegistryService,
+    NfRegistryApi,
+    NfStorage,
+    ngRouter.Router,
+    fdsDialogsModule.FdsDialogService
 ];
 
 /**
  * NfRegistryWorkflowsAdministrationAuthGuard constructor.
  *
- * @param nfRegistryService                 The nfRegistryService module.
+ * @param nfRegistryService         The nfRegistryService module.
+ * @param nfRegistryApi             The nfRegistryApi module.
+ * @param nfStorage                 The NfStorage module.
+ * @param router                    The angular router module.
+ * @param fdsDialogService          The FDS dialog service.
  * @constructor
  */
-function NfRegistryWorkflowsAdministrationAuthGuard(nfRegistryService) {
+function NfRegistryWorkflowsAdministrationAuthGuard(nfRegistryService, 
nfRegistryApi, nfStorage, router, fdsDialogService) {
     this.nfRegistryService = nfRegistryService;
+    this.nfRegistryApi = nfRegistryApi;
+    this.nfStorage = nfStorage;
+    this.router = router;
+    this.dialogService = fdsDialogService;
 };
 
 NfRegistryWorkflowsAdministrationAuthGuard.prototype = {
@@ -109,28 +163,48 @@ NfRegistryWorkflowsAdministrationAuthGuard.prototype = {
         this.nfRegistryService.redirectUrl = url;
 
         // attempt kerberos authentication
-        this.nfRegistryService.api.ticketExchange().subscribe(function (jwt) {
-            self.nfRegistryService.api.loadCurrentUser().subscribe(function 
(currentUser) {
-                self.nfRegistryService.currentUser = currentUser;
-                if (currentUser.anonymous === false) {
-                    // render the logout button if there is a token locally
-                    if (self.nfRegistryService.nfStorage.getItem('jwt') !== 
null) {
-                        self.nfRegistryService.currentUser.canLogout = true;
+        this.nfRegistryApi.ticketExchange().subscribe(function (jwt) {
+            self.nfRegistryApi.loadCurrentUser().subscribe(function 
(currentUser) {
+                // there is no anonymous access and we don't know this user - 
open the login page which handles login/registration/etc
+                if (currentUser.error) {
+                    if (currentUser.error.status === 401) {
+                        self.nfStorage.removeItem('jwt');
+                        self.router.navigateByUrl('/nifi-registry/login');
                     }
+                } else {
+                    self.nfRegistryService.currentUser = currentUser;
+                    if (currentUser.anonymous === false) {
+                        // render the logout button if there is a token locally
+                        if (self.nfStorage.getItem('jwt') !== null) {
+                            self.nfRegistryService.currentUser.canLogout = 
true;
+                        }
 
-                    // redirect to explorer perspective if not admin
-                    if 
(!currentUser.resourcePermissions.anyTopLevelResource.canRead) {
-                        
self.nfRegistryService.router.navigateByUrl('/nifi-registry/explorer');
-                    } else {
-                        if (currentUser.resourcePermissions.buckets) {
-                            self.nfRegistryService.router.navigateByUrl(url);
+                        // redirect to explorer perspective if not admin
+                        if 
(!currentUser.resourcePermissions.anyTopLevelResource.canRead) {
+                            self.dialogService.openConfirm({
+                                title: 'Access denied',
+                                message: 'Please contact your system 
administrator.',
+                                acceptButton: 'Ok',
+                                acceptButtonColor: 'fds-warn'
+                            });
+                            
self.router.navigateByUrl('/nifi-registry/explorer');
                         } else {
-                            
self.nfRegistryService.router.navigateByUrl('/nifi-registry/administration/users');
+                            if 
(currentUser.resourcePermissions.buckets.canRead) {
+                                self.router.navigateByUrl(url);
+                            } else {
+                                self.dialogService.openConfirm({
+                                    title: 'Access denied',
+                                    message: 'Please contact your system 
administrator.',
+                                    acceptButton: 'Ok',
+                                    acceptButtonColor: 'fds-warn'
+                                });
+                                
self.router.navigateByUrl('/nifi-registry/administration/users');
+                            }
                         }
+                    } else {
+                        // registry security not configured, allow access to 
workflow perspective
+                        self.router.navigateByUrl(url);
                     }
-                } else {
-                    // Navigate to the login page
-                    self.nfRegistryService.router.navigateByUrl(url);
                 }
             });
         });
@@ -140,17 +214,27 @@ NfRegistryWorkflowsAdministrationAuthGuard.prototype = {
 };
 
 NfRegistryWorkflowsAdministrationAuthGuard.parameters = [
-    NfRegistryService
+    NfRegistryService,
+    NfRegistryApi,
+    NfStorage,
+    ngRouter.Router,
+    fdsDialogsModule.FdsDialogService
 ];
 
 /**
  * NfRegistryLoginAuthGuard constructor.
  *
- * @param nfRegistryService                 The nfRegistryService module.
+ * @param nfRegistryService         The nfRegistryService module.
+ * @param nfRegistryApi             The nfRegistryApi module.
+ * @param nfStorage                 The NfStorage module.
+ * @param router                    The angular router module.
  * @constructor
  */
-function NfRegistryLoginAuthGuard(nfRegistryService) {
+function NfRegistryLoginAuthGuard(nfRegistryService, nfRegistryApi, nfStorage, 
router) {
     this.nfRegistryService = nfRegistryService;
+    this.nfRegistryApi = nfRegistryApi;
+    this.nfStorage = nfStorage;
+    this.router = router;
 };
 
 NfRegistryLoginAuthGuard.prototype = {
@@ -170,19 +254,22 @@ NfRegistryLoginAuthGuard.prototype = {
         var self = this;
         if (this.nfRegistryService.currentUser.anonymous) { return true; }
         // attempt kerberos authentication
-        this.nfRegistryService.api.ticketExchange().subscribe(function (jwt) {
-            self.nfRegistryService.api.loadCurrentUser().subscribe(function 
(currentUser) {
+        this.nfRegistryApi.ticketExchange().subscribe(function (jwt) {
+            self.nfRegistryApi.loadCurrentUser().subscribe(function 
(currentUser) {
                 self.nfRegistryService.currentUser = currentUser;
                 if (currentUser.anonymous === false) {
                     // render the logout button if there is a token locally
-                    if (self.nfRegistryService.nfStorage.getItem('jwt') !== 
null) {
+                    if (self.nfStorage.getItem('jwt') !== null) {
                         self.nfRegistryService.currentUser.canLogout = true;
                     }
                     
self.nfRegistryService.currentUser.canActivateResourcesAuthGuard = true;
-                    
self.nfRegistryService.router.navigateByUrl(self.nfRegistryService.redirectUrl);
+                    
self.router.navigateByUrl(self.nfRegistryService.redirectUrl);
                 } else {
-                    self.nfRegistryService.currentUser.anonymous = true;
-                    
self.nfRegistryService.router.navigateByUrl('/nifi-registry/login');
+                    if(self.nfRegistryService.currentUser.anonymous){
+                        self.router.navigateByUrl('/nifi-registry');
+                    } else {
+                        self.router.navigateByUrl(url);
+                    }
                 }
             });
         });
@@ -192,17 +279,26 @@ NfRegistryLoginAuthGuard.prototype = {
 };
 
 NfRegistryLoginAuthGuard.parameters = [
-    NfRegistryService
+    NfRegistryService,
+    NfRegistryApi,
+    NfStorage,
+    ngRouter.Router
 ];
 
 /**
  * NfRegistryResourcesAuthGuard constructor.
  *
- * @param nfRegistryService                 The nfRegistryService module.
+ * @param nfRegistryService         The nfRegistryService module.
+ * @param nfRegistryApi             The nfRegistryApi module.
+ * @param nfStorage                 The NfStorage module.
+ * @param router                    The angular router module.
  * @constructor
  */
-function NfRegistryResourcesAuthGuard(nfRegistryService) {
+function NfRegistryResourcesAuthGuard(nfRegistryService, nfRegistryApi, 
nfStorage, router) {
     this.nfRegistryService = nfRegistryService;
+    this.nfRegistryApi = nfRegistryApi;
+    this.nfStorage = nfStorage;
+    this.router = router;
 };
 
 NfRegistryResourcesAuthGuard.prototype = {
@@ -226,24 +322,32 @@ NfRegistryResourcesAuthGuard.prototype = {
         this.nfRegistryService.redirectUrl = url;
 
         // attempt kerberos authentication
-        this.nfRegistryService.api.ticketExchange().subscribe(function (jwt) {
-            self.nfRegistryService.api.loadCurrentUser().subscribe(function 
(currentUser) {
-                self.nfRegistryService.currentUser = currentUser;
-                if (!currentUser || currentUser.anonymous === false) {
-                    if(self.nfRegistryService.nfStorage.hasItem('jwt')){
-                        self.nfRegistryService.currentUser.canLogout = true;
-                        
self.nfRegistryService.currentUser.canActivateResourcesAuthGuard = true;
-                        self.nfRegistryService.router.navigateByUrl(url);
-                    } else {
-                        
self.nfRegistryService.router.navigateByUrl('/nifi-registry/login');
+        this.nfRegistryApi.ticketExchange().subscribe(function (jwt) {
+            self.nfRegistryApi.loadCurrentUser().subscribe(function 
(currentUser) {
+                // there is no anonymous access and we don't know this user - 
open the login page which handles login/registration/etc
+                if (currentUser.error) {
+                    if (currentUser.error.status === 401) {
+                        self.nfStorage.removeItem('jwt');
+                        self.router.navigateByUrl('/nifi-registry/login');
                     }
-                } else if (currentUser.anonymous === true) {
-                    // render the logout button if there is a token locally
-                    if (self.nfRegistryService.nfStorage.getItem('jwt') !== 
null) {
-                        self.nfRegistryService.currentUser.canLogout = true;
+                } else {
+                    self.nfRegistryService.currentUser = currentUser;
+                    if (!currentUser || currentUser.anonymous === false) {
+                        if(self.nfStorage.hasItem('jwt')){
+                            self.nfRegistryService.currentUser.canLogout = 
true;
+                            
self.nfRegistryService.currentUser.canActivateResourcesAuthGuard = true;
+                            self.router.navigateByUrl(url);
+                        } else {
+                            self.router.navigateByUrl('/nifi-registry/login');
+                        }
+                    } else if (currentUser.anonymous === true) {
+                        // render the logout button if there is a token locally
+                        if (self.nfStorage.getItem('jwt') !== null) {
+                            self.nfRegistryService.currentUser.canLogout = 
true;
+                        }
+                        
self.nfRegistryService.currentUser.canActivateResourcesAuthGuard = true;
+                        self.router.navigateByUrl(url);
                     }
-                    
self.nfRegistryService.currentUser.canActivateResourcesAuthGuard = true;
-                    self.nfRegistryService.router.navigateByUrl(url);
                 }
             });
         });
@@ -253,7 +357,10 @@ NfRegistryResourcesAuthGuard.prototype = {
 };
 
 NfRegistryResourcesAuthGuard.parameters = [
-    NfRegistryService
+    NfRegistryService,
+    NfRegistryApi,
+    NfStorage,
+    ngRouter.Router
 ];
 
 module.exports = {

http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/1bb1e2b6/nifi-registry-web-ui/src/main/webapp/services/nf-registry.auth-guard.service.spec.js
----------------------------------------------------------------------
diff --git 
a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.auth-guard.service.spec.js
 
b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.auth-guard.service.spec.js
new file mode 100644
index 0000000..211f257
--- /dev/null
+++ 
b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.auth-guard.service.spec.js
@@ -0,0 +1,629 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the 'License'); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an 'AS IS' BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+var nfRegistryAuthGuardService = 
require('nifi-registry/services/nf-registry.auth-guard.service.js');
+var NfRegistryService = 
require('nifi-registry/services/nf-registry.service.js');
+var NfStorage = require('nifi-registry/services/nf-storage.service.js');
+var rxjs = require('rxjs/Rx');
+
+describe('NfRegistry Auth Guard Service NfRegistryResourcesAuthGuard isolated 
unit tests', function () {
+    var nfRegistryService;
+    var nfRegistryUsersAdministrationAuthGuard;
+    var nfRegistryWorkflowsAdministrationAuthGuard;
+    var nfRegistryLoginAuthGuard;
+    var nfRegistryResourcesAuthGuard;
+    var nfRegistryApi;
+    var nfStorage;
+    var router;
+    var dialogService;
+
+    beforeEach(function () {
+        router = {
+            navigateByUrl: function () {
+            }
+        };
+        dialogService = {
+            openConfirm: function () {
+            }
+        };
+        nfRegistryApi = {
+            ticketExchange: function () {
+            },
+            loadCurrentUser: function () {
+            }
+        };
+        nfStorage = new NfStorage();
+        nfRegistryService = new NfRegistryService(nfRegistryApi, nfStorage, 
{}, router, dialogService, {});
+
+        // Spy
+        spyOn(router, 'navigateByUrl');
+        spyOn(nfRegistryApi, 'ticketExchange').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({}));
+        spyOn(dialogService, 'openConfirm');
+    });
+
+    it('should navigate to test url (registry security not configured) ', 
function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            anonymous: true
+        }));
+        spyOn(nfStorage, 'getItem').and.callFake(function () {
+        }).and.returnValue(true);
+
+        nfRegistryResourcesAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryResourcesAuthGuard(nfRegistryService, 
nfRegistryApi, nfStorage, router);
+
+        // The function to test
+        nfRegistryResourcesAuthGuard.canActivate({}, {url: 'test'});
+
+        //assertions
+        expect(nfRegistryService.currentUser.canLogout).toBe(true);
+        
expect(nfRegistryService.currentUser.canActivateResourcesAuthGuard).toBe(true);
+        expect(nfRegistryService.currentUser.anonymous).toBe(true);
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        expect(navigateByUrlCall.args[0]).toBe('test');
+    });
+
+    it('should navigate to test url (registry security configured and we know 
who you are) ', function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            anonymous: false
+        }));
+        spyOn(nfStorage, 'hasItem').and.callFake(function () {
+        }).and.returnValue(true);
+
+        nfRegistryResourcesAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryResourcesAuthGuard(nfRegistryService, 
nfRegistryApi, nfStorage, router);
+
+        // The function to test
+        nfRegistryResourcesAuthGuard.canActivate({}, {url: 'test'});
+
+        //assertions
+        expect(nfRegistryService.currentUser.canLogout).toBe(true);
+        
expect(nfRegistryService.currentUser.canActivateResourcesAuthGuard).toBe(true);
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        expect(navigateByUrlCall.args[0]).toBe('test');
+    });
+
+    it('should navigate to login', function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            anonymous: false
+        }));
+
+        nfRegistryResourcesAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryResourcesAuthGuard(nfRegistryService, 
nfRegistryApi, nfStorage, router);
+
+        // The function to test
+        nfRegistryResourcesAuthGuard.canActivate({}, {url: 'test'});
+
+        //assertions
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        expect(navigateByUrlCall.args[0]).toBe('/nifi-registry/login');
+    });
+
+    it('should navigate to login (error loading current user)', function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            error: {
+                status: 401
+            }
+        }));
+        spyOn(nfStorage, 'removeItem');
+
+        nfRegistryResourcesAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryResourcesAuthGuard(nfRegistryService, 
nfRegistryApi, nfStorage, router, dialogService);
+
+        // The function to test
+        nfRegistryResourcesAuthGuard.canActivate({}, {url: 'test'});
+
+        //assertions
+        expect(nfStorage.removeItem).toHaveBeenCalled();
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        expect(navigateByUrlCall.args[0]).toBe('/nifi-registry/login');
+    });
+});
+
+describe('NfRegistry Auth Guard Service NfRegistryLoginAuthGuard isolated unit 
tests', function () {
+    var nfRegistryService;
+    var nfRegistryUsersAdministrationAuthGuard;
+    var nfRegistryWorkflowsAdministrationAuthGuard;
+    var nfRegistryLoginAuthGuard;
+    var nfRegistryResourcesAuthGuard;
+    var nfRegistryApi;
+    var nfStorage;
+    var router;
+    var dialogService;
+
+    beforeEach(function () {
+        router = {
+            navigateByUrl: function () {
+            }
+        };
+        dialogService = {
+            openConfirm: function () {
+            }
+        };
+        nfRegistryApi = {
+            ticketExchange: function () {
+            },
+            loadCurrentUser: function () {
+            }
+        };
+        nfStorage = new NfStorage();
+        nfRegistryService = new NfRegistryService(nfRegistryApi, nfStorage, 
{}, router, dialogService, {});
+
+        // Spy
+        spyOn(router, 'navigateByUrl');
+        spyOn(nfRegistryApi, 'ticketExchange').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({}));
+        spyOn(dialogService, 'openConfirm');
+    });
+
+    it('should navigate to base nifi-registry url', function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            anonymous: true
+        }));
+        nfRegistryLoginAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryLoginAuthGuard(nfRegistryService, 
nfRegistryApi, nfStorage, router);
+
+        // The function to test
+        nfRegistryLoginAuthGuard.canActivate({}, {url: 'test'});
+
+        //assertions
+        expect(nfRegistryService.currentUser.anonymous).toBe(true);
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        expect(navigateByUrlCall.args[0]).toBe('/nifi-registry');
+    });
+
+    it('should navigate to test url', function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            anonymous: false
+        }));
+        nfRegistryLoginAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryLoginAuthGuard(nfRegistryService, 
nfRegistryApi, nfStorage, router);
+
+        // The function to test
+        nfRegistryLoginAuthGuard.canActivate({}, {url: 'test'});
+
+        //assertions
+        
expect(nfRegistryService.currentUser.canActivateResourcesAuthGuard).toBe(true);
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        
expect(navigateByUrlCall.args[0]).toBe('/nifi-registry/explorer/grid-list');
+    });
+});
+
+describe('NfRegistry Auth Guard Service NfRegistryUsersAdministrationAuthGuard 
isolated unit tests', function () {
+    var nfRegistryService;
+    var nfRegistryUsersAdministrationAuthGuard;
+    var nfRegistryWorkflowsAdministrationAuthGuard;
+    var nfRegistryLoginAuthGuard;
+    var nfRegistryResourcesAuthGuard;
+    var nfRegistryApi;
+    var nfStorage;
+    var router;
+    var dialogService;
+
+    beforeEach(function () {
+        router = {
+            navigateByUrl: function () {
+            }
+        };
+        dialogService = {
+            openConfirm: function () {
+            }
+        };
+        nfRegistryApi = {
+            ticketExchange: function () {
+            },
+            loadCurrentUser: function () {
+            }
+        };
+        nfStorage = new NfStorage();
+        nfRegistryService = new NfRegistryService(nfRegistryApi, nfStorage, 
{}, router, dialogService, {});
+
+        // Spy
+        spyOn(router, 'navigateByUrl');
+        spyOn(nfRegistryApi, 'ticketExchange').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({}));
+        spyOn(dialogService, 'openConfirm');
+    });
+
+    it('should navigate to login', function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            error: {
+                status: 401
+            }
+        }));
+        nfRegistryUsersAdministrationAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryUsersAdministrationAuthGuard(nfRegistryService,
 nfRegistryApi, nfStorage, router, dialogService);
+
+        // The function to test
+        nfRegistryUsersAdministrationAuthGuard.canActivate({}, {url: 'test'});
+
+        //assertions
+        expect(nfRegistryService.redirectUrl).toBe('test');
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        expect(navigateByUrlCall.args[0]).toBe('/nifi-registry/login');
+    });
+
+    it('should deny access (registry security not configured) and navigate to 
administration workflow perspective', function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            anonymous: true
+        }));
+        nfRegistryUsersAdministrationAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryUsersAdministrationAuthGuard(nfRegistryService,
 nfRegistryApi, nfStorage, router, dialogService);
+
+        // The function to test
+        nfRegistryUsersAdministrationAuthGuard.canActivate({}, {url: 'test'});
+
+        //assertions
+        expect(nfRegistryService.redirectUrl).toBe('test');
+        var dialogServiceCall = dialogService.openConfirm.calls.first();
+        expect(dialogServiceCall.args[0].title).toBe('Not Applicable');
+        expect(dialogServiceCall.args[0].message).toBe('User administration is 
not configured for this registry.');
+        expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
+        expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        
expect(navigateByUrlCall.args[0]).toBe('/nifi-registry/administration/workflow');
+    });
+
+    it('should deny access (non-admin) and navigate to explorer perspective', 
function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            anonymous: false,
+            resourcePermissions: {
+                anyTopLevelResource: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                buckets: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                tenants: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                policies: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                proxy: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                }
+            }
+        }));
+        nfRegistryUsersAdministrationAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryUsersAdministrationAuthGuard(nfRegistryService,
 nfRegistryApi, nfStorage, router, dialogService);
+
+        // The function to test
+        nfRegistryUsersAdministrationAuthGuard.canActivate({}, {url: 'test'});
+
+        //assertions
+        expect(nfRegistryService.redirectUrl).toBe('test');
+        var dialogServiceCall = dialogService.openConfirm.calls.first();
+        expect(dialogServiceCall.args[0].title).toBe('Access denied');
+        expect(dialogServiceCall.args[0].message).toBe('Please contact your 
system administrator.');
+        expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
+        expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        expect(navigateByUrlCall.args[0]).toBe('/nifi-registry/explorer');
+    });
+
+    it('should deny access (no tenants permissions) and navigate to explorer 
perspective', function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            anonymous: false,
+            resourcePermissions: {
+                anyTopLevelResource: {
+                    canRead: true,
+                    canWrite: false,
+                    canDelete: false
+                },
+                buckets: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                tenants: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                policies: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                proxy: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                }
+            }
+        }));
+        nfRegistryUsersAdministrationAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryUsersAdministrationAuthGuard(nfRegistryService,
 nfRegistryApi, nfStorage, router, dialogService);
+
+        // The function to test
+        nfRegistryUsersAdministrationAuthGuard.canActivate({}, {url: 'test'});
+
+        //assertions
+        expect(nfRegistryService.redirectUrl).toBe('test');
+        var dialogServiceCall = dialogService.openConfirm.calls.first();
+        expect(dialogServiceCall.args[0].title).toBe('Access denied');
+        expect(dialogServiceCall.args[0].message).toBe('Please contact your 
system administrator.');
+        expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
+        expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        expect(navigateByUrlCall.args[0]).toBe('/nifi-registry/explorer');
+    });
+
+    it('should deny access (no tenants permissions) and navigate to test url', 
function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            anonymous: false,
+            resourcePermissions: {
+                anyTopLevelResource: {
+                    canRead: true,
+                    canWrite: false,
+                    canDelete: false
+                },
+                buckets: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                tenants: {
+                    canRead: true,
+                    canWrite: false,
+                    canDelete: false
+                },
+                policies: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                proxy: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                }
+            }
+        }));
+        nfRegistryUsersAdministrationAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryUsersAdministrationAuthGuard(nfRegistryService,
 nfRegistryApi, nfStorage, router, dialogService);
+
+        // The function to test
+        nfRegistryUsersAdministrationAuthGuard.canActivate({}, {url: 'test'});
+
+        //assertions
+        expect(nfRegistryService.redirectUrl).toBe('test');
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        expect(navigateByUrlCall.args[0]).toBe('test');
+    });
+});
+
+describe('NfRegistry Auth Guard Service 
NfRegistryWorkflowsAdministrationAuthGuard isolated unit tests', function () {
+    var nfRegistryService;
+    var nfRegistryUsersAdministrationAuthGuard;
+    var nfRegistryWorkflowsAdministrationAuthGuard;
+    var nfRegistryLoginAuthGuard;
+    var nfRegistryResourcesAuthGuard;
+    var nfRegistryApi;
+    var nfStorage;
+    var router;
+    var dialogService;
+
+    beforeEach(function () {
+        router = {
+            navigateByUrl: function () {
+            }
+        };
+        dialogService = {
+            openConfirm: function () {
+            }
+        };
+        nfRegistryApi = {
+            ticketExchange: function () {
+            },
+            loadCurrentUser: function () {
+            }
+        };
+        nfStorage = new NfStorage();
+        nfRegistryService = new NfRegistryService(nfRegistryApi, nfStorage, 
{}, router, dialogService, {});
+
+        // Spy
+        spyOn(router, 'navigateByUrl');
+        spyOn(nfRegistryApi, 'ticketExchange').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({}));
+        spyOn(dialogService, 'openConfirm');
+    });
+
+    it('should navigate to login', function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            error: {
+                status: 401
+            }
+        }));
+        nfRegistryWorkflowsAdministrationAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryWorkflowsAdministrationAuthGuard(nfRegistryService,
 nfRegistryApi, nfStorage, router, dialogService);
+
+        // The function to test
+        nfRegistryWorkflowsAdministrationAuthGuard.canActivate({}, {url: 
'test'});
+
+        //assertions
+        expect(nfRegistryService.redirectUrl).toBe('test');
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        expect(navigateByUrlCall.args[0]).toBe('/nifi-registry/login');
+    });
+
+    it('should (registry security not configured) navigate to test url', 
function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            anonymous: true
+        }));
+        nfRegistryWorkflowsAdministrationAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryWorkflowsAdministrationAuthGuard(nfRegistryService,
 nfRegistryApi, nfStorage, router, dialogService);
+
+        // The function to test
+        nfRegistryWorkflowsAdministrationAuthGuard.canActivate({}, {url: 
'test'});
+
+        //assertions
+        expect(nfRegistryService.redirectUrl).toBe('test');
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        expect(navigateByUrlCall.args[0]).toBe('test');
+    });
+
+    it('should deny access (non-admin) and navigate to explorer perspective', 
function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            anonymous: false,
+            resourcePermissions: {
+                anyTopLevelResource: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                buckets: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                tenants: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                policies: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                proxy: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                }
+            }
+        }));
+        nfRegistryWorkflowsAdministrationAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryWorkflowsAdministrationAuthGuard(nfRegistryService,
 nfRegistryApi, nfStorage, router, dialogService);
+
+        // The function to test
+        nfRegistryWorkflowsAdministrationAuthGuard.canActivate({}, {url: 
'test'});
+
+        //assertions
+        expect(nfRegistryService.redirectUrl).toBe('test');
+        var dialogServiceCall = dialogService.openConfirm.calls.first();
+        expect(dialogServiceCall.args[0].title).toBe('Access denied');
+        expect(dialogServiceCall.args[0].message).toBe('Please contact your 
system administrator.');
+        expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
+        expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        expect(navigateByUrlCall.args[0]).toBe('/nifi-registry/explorer');
+    });
+
+    it('should deny access (no buckets permissions) and navigate to users 
administration perspective', function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            anonymous: false,
+            resourcePermissions: {
+                anyTopLevelResource: {
+                    canRead: true,
+                    canWrite: false,
+                    canDelete: false
+                },
+                buckets: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                tenants: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                policies: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                proxy: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                }
+            }
+        }));
+        nfRegistryWorkflowsAdministrationAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryWorkflowsAdministrationAuthGuard(nfRegistryService,
 nfRegistryApi, nfStorage, router, dialogService);
+
+        // The function to test
+        nfRegistryWorkflowsAdministrationAuthGuard.canActivate({}, {url: 
'test'});
+
+        //assertions
+        expect(nfRegistryService.redirectUrl).toBe('test');
+        var dialogServiceCall = dialogService.openConfirm.calls.first();
+        expect(dialogServiceCall.args[0].title).toBe('Access denied');
+        expect(dialogServiceCall.args[0].message).toBe('Please contact your 
system administrator.');
+        expect(dialogServiceCall.args[0].acceptButton).toBe('Ok');
+        expect(dialogServiceCall.args[0].acceptButtonColor).toBe('fds-warn');
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        
expect(navigateByUrlCall.args[0]).toBe('/nifi-registry/administration/users');
+    });
+
+    it('should deny access (no tenants permissions) and navigate to test url', 
function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
+        }).and.returnValue(rxjs.Observable.of({
+            anonymous: false,
+            resourcePermissions: {
+                anyTopLevelResource: {
+                    canRead: true,
+                    canWrite: false,
+                    canDelete: false
+                },
+                buckets: {
+                    canRead: true,
+                    canWrite: false,
+                    canDelete: false
+                },
+                tenants: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                policies: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                },
+                proxy: {
+                    canRead: false,
+                    canWrite: false,
+                    canDelete: false
+                }
+            }
+        }));
+        nfRegistryWorkflowsAdministrationAuthGuard = new 
nfRegistryAuthGuardService.NfRegistryWorkflowsAdministrationAuthGuard(nfRegistryService,
 nfRegistryApi, nfStorage, router, dialogService);
+
+        // The function to test
+        nfRegistryWorkflowsAdministrationAuthGuard.canActivate({}, {url: 
'test'});
+
+        //assertions
+        expect(nfRegistryService.redirectUrl).toBe('test');
+        var navigateByUrlCall = router.navigateByUrl.calls.first();
+        expect(navigateByUrlCall.args[0]).toBe('test');
+    });
+});
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/1bb1e2b6/nifi-registry-web-ui/src/main/webapp/services/nf-registry.auth.service.js
----------------------------------------------------------------------
diff --git 
a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.auth.service.js 
b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.auth.service.js
deleted file mode 100644
index f2f143d..0000000
--- a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.auth.service.js
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-var NfStorage = require('nifi-registry/services/nf-storage.service.js');
-
-/**
- * NfRegistryAuth constructor.
- *
- * @param nfStorage             The NfStorage module.
- * @constructor
- */
-function NfRegistryAuth(nfStorage) {
-    this.nfStorage = nfStorage;
-};
-
-NfRegistryAuth.prototype = {
-    constructor: NfRegistryAuth,
-
-    /**
-     * Gets the jwt token.
-     * @returns {*}
-     */
-    getToken: function () {
-        return this.nfStorage.getItem('jwt');
-    }
-};
-
-NfRegistryAuth.parameters = [
-    NfStorage
-];
-
-module.exports = NfRegistryAuth;

http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/1bb1e2b6/nifi-registry-web-ui/src/main/webapp/services/nf-registry.service.js
----------------------------------------------------------------------
diff --git 
a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.service.js 
b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.service.js
index e6b2b79..3e6bc6a 100644
--- a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.service.js
+++ b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.service.js
@@ -810,31 +810,6 @@ NfRegistryService.prototype = {
     },
 
     /**
-     * Loads the current user and updates the current user locally.
-     *
-     * @returns xhr
-     */
-    loadCurrentUser: function () {
-        var self = this;
-        // get the current user
-        return 
rxjs.Observable.of(this.api.loadCurrentUser().subscribe(function (currentUser) {
-            // if the user is logged, we want to determine if they were logged 
in using a certificate
-            if (currentUser.anonymous === false) {
-                // render the users name
-                self.currentUser = currentUser;
-
-                // render the logout button if there is a token locally
-                if (self.nfStorage.getItem('jwt') !== null) {
-                    self.currentUser.canLogout = true;
-                }
-            } else {
-                // set the anonymous user label
-                self.nfRegistryService.currentUser.identity = 'Anonymous';
-            }
-        }));
-    },
-
-    /**
      * Adds a `searchTerm` to the `usersSearchTerms` and filters the `users` 
amd `groups`.
      *
      * @param {string} searchTerm   The search term to add.

http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/1bb1e2b6/nifi-registry-web-ui/src/main/webapp/services/nf-registry.service.spec.js
----------------------------------------------------------------------
diff --git 
a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.service.spec.js 
b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.service.spec.js
index 054bf86..1341abd 100644
--- a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.service.spec.js
+++ b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.service.spec.js
@@ -41,7 +41,6 @@ var fdsDialogsModule = 
require('@fluid-design-system/dialogs');
 var ngRouter = require('@angular/router');
 var ngCommonHttp = require('@angular/common/http');
 var NfRegistryTokenInterceptor = 
require('nifi-registry/services/nf-registry.token.interceptor.js');
-var NfRegistryAuthService = 
require('nifi-registry/services/nf-registry.auth.service.js');
 var NfStorage = require('nifi-registry/services/nf-storage.service.js');
 var NfLoginComponent = 
require('nifi-registry/components/login/nf-registry-login.js');
 var NfUserLoginComponent = 
require('nifi-registry/components/login/dialogs/nf-registry-user-login.js');
@@ -707,7 +706,6 @@ describe('NfRegistry Service w/ Angular testing utils', 
function () {
             ],
             providers: [
                 NfRegistryService,
-                NfRegistryAuthService,
                 NfRegistryApi,
                 NfStorage,
                 {
@@ -733,7 +731,7 @@ describe('NfRegistry Service w/ Angular testing utils', 
function () {
         });
         spyOn(nfRegistryApi, 'ticketExchange').and.callFake(function () {
         }).and.returnValue(rxjs.Observable.of({}));
-        spyOn(nfRegistryService, 'loadCurrentUser').and.callFake(function () {
+        spyOn(nfRegistryApi, 'loadCurrentUser').and.callFake(function () {
         }).and.returnValue(rxjs.Observable.of({}));
     });
 

http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/1bb1e2b6/nifi-registry-web-ui/src/main/webapp/services/nf-registry.token.interceptor.js
----------------------------------------------------------------------
diff --git 
a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.token.interceptor.js
 
b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.token.interceptor.js
index e1abb95..cc2f703 100644
--- 
a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.token.interceptor.js
+++ 
b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.token.interceptor.js
@@ -15,14 +15,16 @@
  * limitations under the License.
  */
 
-var NfRegistryAuthService = 
require('nifi-registry/services/nf-registry.auth.service.js');
+var NfStorage = require('nifi-registry/services/nf-storage.service.js');
 
 /**
  * NfRegistryTokenInterceptor constructor.
+ *
+ * @param nfStorage             The NfStorage module.
  * @constructor
  */
-function NfRegistryTokenInterceptor(nfRegistryAuthService) {
-    this.auth = nfRegistryAuthService;
+function NfRegistryTokenInterceptor(nfStorage) {
+    this.nfStorage = nfStorage;
 };
 
 NfRegistryTokenInterceptor.prototype = {
@@ -36,7 +38,7 @@ NfRegistryTokenInterceptor.prototype = {
      * @returns {Observable HTTPEvent}
      */
     intercept: function(request, next) {
-        var token = this.auth.getToken();
+        var token = this.nfStorage.getItem('jwt');
         if(token) {
             request = request.clone({headers: 
request.headers.set('Authorization', 'Bearer ' + token)});
         }
@@ -44,6 +46,8 @@ NfRegistryTokenInterceptor.prototype = {
     }
 };
 
-NfRegistryTokenInterceptor.parameters = [NfRegistryAuthService];
+NfRegistryTokenInterceptor.parameters = [
+    NfStorage
+];
 
 module.exports = NfRegistryTokenInterceptor;
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/1bb1e2b6/nifi-registry-web-ui/src/main/webapp/systemjs.builder.config.js
----------------------------------------------------------------------
diff --git a/nifi-registry-web-ui/src/main/webapp/systemjs.builder.config.js 
b/nifi-registry-web-ui/src/main/webapp/systemjs.builder.config.js
index e181ec6..fda4f9f 100644
--- a/nifi-registry-web-ui/src/main/webapp/systemjs.builder.config.js
+++ b/nifi-registry-web-ui/src/main/webapp/systemjs.builder.config.js
@@ -98,7 +98,6 @@
             'nifi-registry/services/nf-registry.api.js': 
'services/nf-registry.api.js',
             'nifi-registry/services/nf-registry.service.js': 
'services/nf-registry.service.js',
             'nifi-registry/services/nf-storage.service.js': 
'services/nf-storage.service.js',
-            'nifi-registry/services/nf-registry.auth.service.js': 
'services/nf-registry.auth.service.js',
             'nifi-registry/services/nf-registry.auth-guard.service.js': 
'services/nf-registry.auth-guard.service.js',
             'nifi-registry/services/nf-registry.token.interceptor.js': 
'services/nf-registry.token.interceptor.js',
             
'nifi-registry/components/page-not-found/nf-registry-page-not-found.js': 
'components/page-not-found/nf-registry-page-not-found.js',

Reply via email to