[
https://issues.apache.org/jira/browse/NIFI-12696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Tamas Palfy reassigned NIFI-12696:
----------------------------------
Assignee: Tamas Palfy
> Fix authorization issues when requesting FlowAnalysisResults
> ------------------------------------------------------------
>
> Key: NIFI-12696
> URL: https://issues.apache.org/jira/browse/NIFI-12696
> Project: Apache NiFi
> Issue Type: Bug
> Reporter: Tamas Palfy
> Assignee: Tamas Palfy
> Priority: Major
>
> When requesting FlowAnalysisResults the authorization logic performed has a
> couple of issues:
> # Doesn't handle exceptions thrown when the a component producing a result is
> tested to be a Port. The logic goes through possible component types and when
> reaches Ports it throws an exception.
> # As the logic goest through possible components, the mismatching ones throw
> ResourceNotFoundExceptions. These are captured but this is a bad practice in
> general. Throwing and capturing exceptions in non-exceptional cases is bad
> from both design and performance perspective.
> # The number of possible components checked is too limited. If a component is
> unrecognized, the corresponding violation will have a PermissionDTO attached
> with canRead and canWrite set to false, essentially rendering the result
> unavailable and thus leading to a false negative.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
