[GitHub] [nifi] turcsanyip commented on a change in pull request #4976: NIFI-3862: Added Issuer DN support to ListenHTTP

Mon, 19 Apr 2021 13:28:07 -0700 


turcsanyip commented on a change in pull request #4976:
URL: https://github.com/apache/nifi/pull/4976#discussion_r616139871



##########
File path: 
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenHTTP.java
##########
@@ -159,11 +160,20 @@ public AllowableValue getAllowableValue() {
             .build();
     public static final PropertyDescriptor AUTHORIZED_DN_PATTERN = new 
PropertyDescriptor.Builder()
         .name("Authorized DN Pattern")
-        .description("A Regular Expression to apply against the Distinguished 
Name of incoming connections. If the Pattern does not match the DN, the 
connection will be refused.")
+        .description("A Regular Expression to apply against the Subject's 
Distinguished Name of incoming connections. If the Pattern does not match the 
Subject DN, " +

Review comment:
       I would add "Subject" in the property name on the UI to make the Subject 
/ Issuer distinction more clear. It can be achieved via adding `displayName` 
with value "Authorized Subject DN Pattern".
   (The existing `name` cannot be changed due to backward compatibility.)

##########
File path: 
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/ListenHTTP.java
##########
@@ -159,11 +160,20 @@ public AllowableValue getAllowableValue() {
             .build();
     public static final PropertyDescriptor AUTHORIZED_DN_PATTERN = new 
PropertyDescriptor.Builder()
         .name("Authorized DN Pattern")
-        .description("A Regular Expression to apply against the Distinguished 
Name of incoming connections. If the Pattern does not match the DN, the 
connection will be refused.")
+        .description("A Regular Expression to apply against the Subject's 
Distinguished Name of incoming connections. If the Pattern does not match the 
Subject DN, " +
+                "the the processor will respond with a status of HTTP 403 
Forbidden.")
         .required(true)
-        .defaultValue(".*")
+        .defaultValue(MATCH_ALL)
         .addValidator(StandardValidators.REGULAR_EXPRESSION_VALIDATOR)
         .build();
+    public static final PropertyDescriptor AUTHORIZED_ISSUER_DN_PATTERN = new 
PropertyDescriptor.Builder()
+            .name("Authorized Issuer DN Pattern")

Review comment:
       It is preferred to use separate `name` / `displayName` attributes for 
new properties, like in case of "Multipart Request Max Size":
   ```
           .name("multipart-request-max-size")
           .displayName("Multipart Request Max Size")
   ```
   Could you please use the same pattern here?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to