[jira] [Commented] (NIFI-12696) Fix authorization issues when requesting FlowAnalysisResults

Fri, 09 Feb 2024 06:29:03 -0800 


    [ 
https://issues.apache.org/jira/browse/NIFI-12696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17816083#comment-17816083
 ] 

ASF subversion and git services commented on NIFI-12696:
--------------------------------------------------------

Commit 49e599385d2527f8a05b929e00221b764b310eab in nifi's branch 
refs/heads/main from Tamas Palfy
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=49e599385d ]

NIFI-12696 Added Component Type to Rule Violations for Authorization

RuleViolations (these objects only reside in memory only) now contain the type 
of the component that is responsible for the violation. This is used in 
StandardNiFiServiceFacade to fix and improve the authorization logic.

This closes #8318

Signed-off-by: David Handermann <[email protected]>


> Fix authorization issues when requesting FlowAnalysisResults
> ------------------------------------------------------------
>
>                 Key: NIFI-12696
>                 URL: https://issues.apache.org/jira/browse/NIFI-12696
>             Project: Apache NiFi
>          Issue Type: Bug
>            Reporter: Tamas Palfy
>            Assignee: Tamas Palfy
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> When requesting FlowAnalysisResults the authorization logic performed has a 
> couple of issues:
> # Doesn't handle exceptions thrown when the a component producing a result is 
> tested to be a Port. The logic goes through possible component types and when 
> reaches Ports it throws an exception.
> # As the logic goest through possible components, the mismatching ones throw 
> ResourceNotFoundExceptions. These are captured but this is a bad practice in 
> general. Throwing and capturing exceptions in non-exceptional cases is bad 
> from both design and performance perspective.
> # The number of possible components checked is too limited. If a component is 
> unrecognized, the corresponding violation will have a PermissionDTO attached 
> with canRead and canWrite set to false, essentially rendering the result 
> unavailable and thus leading to a false negative.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to