[jira] [Commented] (NIFI-2718) HTTP Site-to-Site doesn't report port auth failure well, compared to RAW

Thu, 08 Sep 2016 07:24:19 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-2718?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15473965#comment-15473965
 ] 

ASF GitHub Bot commented on NIFI-2718:
--------------------------------------

Github user mcgilman commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/996#discussion_r78013161
  
    --- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/DataTransferResource.java
 ---
    @@ -133,15 +133,18 @@ protected void authorizeDataTransfer(final 
AuthorizableLookup lookup, final Reso
             }
     
             // get the authorizable
    -        final DataTransferAuthorizable authorizable;
    +        final Authorizable authorizable;
             if (ResourceType.InputPort.equals(resourceType)) {
    -            authorizable = new 
DataTransferAuthorizable(lookup.getInputPort(identifier));
    +            authorizable = lookup.getInputPort(identifier);
             } else {
    -            authorizable = new 
DataTransferAuthorizable(lookup.getOutputPort(identifier));
    +            authorizable = lookup.getOutputPort(identifier);
             }
     
             // perform the authorization
    -        authorizable.authorize(authorizer, RequestAction.WRITE, user);
    +        final PortAuthorizationResult authorizationResult = 
((RootGroupPort) authorizable).checkUserAuthorization(user);
    --- End diff --
    
    @ijokarumawak Here is what I'm proposing to include in your commit [1]. It 
should address the potential ClassCastException while still deferring to the 
underlying component for authorization to be consistent with raw s2s. Let me 
know what you think... I'm still reviewing but looks good so far. Thanks.
    
    [1] 
https://github.com/mcgilman/nifi/commit/b97714a4839c7c2536b0426b53e3f67858b89c5e


> HTTP Site-to-Site doesn't report port auth failure well, compared to RAW
> ------------------------------------------------------------------------
>
>                 Key: NIFI-2718
>                 URL: https://issues.apache.org/jira/browse/NIFI-2718
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.0.0
>            Reporter: Koji Kawamura
>            Assignee: Koji Kawamura
>
> If 'send data via site-to-site' policy is removed for a client after the 
> client has already connected to that port, the client won't be able to 
> send/receive more data from the remote NiFi.
> This is true for both RAW and HTTP transfer protocol, however the way that 
> error is reported on NiFi UI is different. HTTP Site-to-Site doesn't report 
> port auth failure well, compared to RAW.
> Detail is reported here:
> https://github.com/apache/nifi/pull/971#issuecomment-243823632



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to