[ https://issues.apache.org/jira/browse/NIFI-12696?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Handermann resolved NIFI-12696. ------------------------------------- Fix Version/s: 2.0.0 Resolution: Fixed > Fix authorization issues when requesting FlowAnalysisResults > ------------------------------------------------------------ > > Key: NIFI-12696 > URL: https://issues.apache.org/jira/browse/NIFI-12696 > Project: Apache NiFi > Issue Type: Bug > Reporter: Tamas Palfy > Assignee: Tamas Palfy > Priority: Major > Fix For: 2.0.0 > > Time Spent: 20m > Remaining Estimate: 0h > > When requesting FlowAnalysisResults the authorization logic performed has a > couple of issues: > # Doesn't handle exceptions thrown when the a component producing a result is > tested to be a Port. The logic goes through possible component types and when > reaches Ports it throws an exception. > # As the logic goest through possible components, the mismatching ones throw > ResourceNotFoundExceptions. These are captured but this is a bad practice in > general. Throwing and capturing exceptions in non-exceptional cases is bad > from both design and performance perspective. > # The number of possible components checked is too limited. If a component is > unrecognized, the corresponding violation will have a PermissionDTO attached > with canRead and canWrite set to false, essentially rendering the result > unavailable and thus leading to a false negative. -- This message was sent by Atlassian Jira (v8.20.10#820010)