[jira] [Commented] (NIFI-2718) HTTP Site-to-Site doesn't report port auth failure well, compared to RAW

Thu, 08 Sep 2016 10:45:28 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-2718?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15474534#comment-15474534
 ] 

ASF subversion and git services commented on NIFI-2718:
-------------------------------------------------------

Commit ae251c1a6f0550c02deee3b42ba64aadc934483e in nifi's branch 
refs/heads/master from [~ijokarumawak]
[ https://git-wip-us.apache.org/repos/asf?p=nifi.git;h=ae251c1 ]

NIFI-2718: Show HTTP S2S Auth error on bulletin

This commit fixes following two issues, that happens when a Root Group Port
policy for S2S data transfer is removed at a remote NiFi, after a client NiFi 
has
connected to that port:

1. At client side, Remote Process Group should show that authorization
is failing on its bulletin, but the Exception is caught and
ignored. Nothing is shown on the UI with HTTP transport protocol.
RAW S2S shows error on RPG bulletin. This commit fixes HTTP S2S to
behave the same.

2. At server side, corresponding input-port or output-port should show
that it is accessed by an unauthorized client on its bulletin, but it's
not shown with HTTP transport protocol.
RAW S2S shows warning messages for this. This commit fixes HTTP S2S to
behave the same.

In order to fix the 2nd issue above, request authorization at
DataTransferResource is changed from using DataTransferAuthorizable
directly, to call RootGroupPort.checkUserAuthorization().

Because the blettin is tied to the Port instance and it's
difficult to produce blettin message from this resource.

Since RootGroupPort.checkUserAuthorization uses
DataTransferAuthorizable inside, the check logic stays the same as
before.

Adding a RootGroupPortAuthorizable to provide access to necessary components 
for performing the authorization.

This closes #996


> HTTP Site-to-Site doesn't report port auth failure well, compared to RAW
> ------------------------------------------------------------------------
>
>                 Key: NIFI-2718
>                 URL: https://issues.apache.org/jira/browse/NIFI-2718
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.0.0
>            Reporter: Koji Kawamura
>            Assignee: Koji Kawamura
>
> If 'send data via site-to-site' policy is removed for a client after the 
> client has already connected to that port, the client won't be able to 
> send/receive more data from the remote NiFi.
> This is true for both RAW and HTTP transfer protocol, however the way that 
> error is reported on NiFi UI is different. HTTP Site-to-Site doesn't report 
> port auth failure well, compared to RAW.
> Detail is reported here:
> https://github.com/apache/nifi/pull/971#issuecomment-243823632



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to