[jira] [Updated] (NIFIREG-75) Composite and CompositeConfigurable UserGroupProviders don't consider all providers when looking up users and groups

Kevin Doran (JIRA) Thu, 21 Dec 2017 09:28:13 -0800

     [ 
https://issues.apache.org/jira/browse/NIFIREG-75?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Kevin Doran updated NIFIREG-75:
-------------------------------
    Summary: Composite and CompositeConfigurable UserGroupProviders don't 
consider all providers when looking up users and groups  (was: Composite and 
Composite UserGroupProviders don't consider all providers when looking up users 
and groups)

> Composite and CompositeConfigurable UserGroupProviders don't consider all 
> providers when looking up users and groups
> --------------------------------------------------------------------------------------------------------------------
>
>                 Key: NIFIREG-75
>                 URL: https://issues.apache.org/jira/browse/NIFIREG-75
>             Project: NiFi Registry
>          Issue Type: Bug
>            Reporter: Kevin Doran
>            Assignee: Kevin Doran
>             Fix For: 0.0.1
>
>
> In FileUserGroupProvider, when a new group is created, all the users in the 
> group are checked to ensure they are known to the FileUserGroupProvider prior 
> to creating the group.
> However, when a group is updated, a similar check does not exist, allowing 
> one to add invalid users to a group. This gets the server in a bad state with 
> unexpected behavior surrounding authorization actions.
> Note that this logic was ported from NiFi, so NiFi should probably be updated 
> with the same fix after verifying this is the intended behavior (having the 
> check on update).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (NIFIREG-75) Composite and CompositeConfigurable UserGroupProviders don't consider all providers when looking up users and groups

Reply via email to