nifi/nifi-nar-bundles/nifi-kerberos-iaa-providers.../nifi-kerberos-iaa-providers.../pom.xml

36 lines
1.7 KiB
XML
Raw Normal View History

NIFI-1274 Added Kerberos authentication mechanism. NIFI-1274 Cleaned up TODO statements. (+3 squashed commits) Squashed commits: [fd101cd] Removed logic to check for presence of services to determine if token support is enabled when username/password authentication is enabled (Kerberos also requires tokens). [c2ce29f] Reverted import changes to RulesResource.java. [c269d72] Added Kerberos authentication mechanism. Moved Kerberos service wiring from XML to Java to handle scenario where admin has not configured Kerberos (previously threw NullPointerException in FileSystemResource constructor). (+15 squashed commits) Squashed commits: [09fc694] Added Kerberos documentation to Admin Guide. [ecfb864] Cleaned up unused logic. [157efb3] Added logic to determine if client certificates are required for REST API (login, anonymous, and Kerberos service authentication all disabled). Cleaned up KerberosService by moving logic to NiFiProperties. [5438619] Added documentation for Kerberos login-identity-providers.xml. [3332d9f] Added NiFi properties for Kerberos SSO. [b14a557] Fixed canvas call to only attempt Kerberos login if JWT not present in local storage. Added logic to handle ticket validation failure in AccessResource. Changed wiring of Kerberos service beans to XML in nifi-web-security-context.xml for consistency. [c31ae3d] Kerberos SPNEGO works without additional filter (new entry endpoint accepts Kerberos ticket in Authorization header and returns JWT so the rest of the application functions the same as LDAP). [98460e7] Added check to only instantiate beans when Kerberos enabled to allow access control integration tests to pass. [6ed0724] Renamed Kerberos discovery method to be explicit about service vs. credential login. [ed67d2e] Removed temporary solution for Rules Resource access via Kerberos ticket. [c8b2b01] Added temporary solution for Rules Resource access via Kerberos ticket. [81ca80f] NIFI-1274 Added KerberosAuthenticationFilter to conduct SPNEGO authentication with local (client) Kerberos ticket. Added properties and accessors for service principal and keytab location for NiFi app server. Added KAF to NiFiWebApiSecurityConfiguration. Added AlternateKerberosUserDetailsService to provide user lookup without dependency on extension bundle (nifi-kerberos-iaa-provider). Added dependencies on spring-security-kerberos-core and -web modules to pom.xml. [0605ba8] Added working configuration files to test/resources in kerberos module to document necessary config. This version requires the user to enter their Kerberos username (without realm) and password into the NiFi login screen and will authenticate them against the running KDC. Also includes a sample keystore and root CA public key for configuring a secure instance. [49236c8] Added kerberos module dependencies to nifi/pom.xml and nifi-assembly/pom.xml. Added default properties to login-identity-providers.xml. [928c52b] Added nifi-kerberos-iaa-providers-bundle module to nifi/pom.xml. Added skeleton of Kerberos authenticator using Spring Security Kerberos plugin. This closes #284 Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>
2016-03-11 18:11:19 -05:00
<?xml version="1.0" encoding="UTF-8"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache.nifi</groupId>
<artifactId>nifi-kerberos-iaa-providers-bundle</artifactId>
<version>1.3.0-SNAPSHOT</version>
NIFI-1274 Added Kerberos authentication mechanism. NIFI-1274 Cleaned up TODO statements. (+3 squashed commits) Squashed commits: [fd101cd] Removed logic to check for presence of services to determine if token support is enabled when username/password authentication is enabled (Kerberos also requires tokens). [c2ce29f] Reverted import changes to RulesResource.java. [c269d72] Added Kerberos authentication mechanism. Moved Kerberos service wiring from XML to Java to handle scenario where admin has not configured Kerberos (previously threw NullPointerException in FileSystemResource constructor). (+15 squashed commits) Squashed commits: [09fc694] Added Kerberos documentation to Admin Guide. [ecfb864] Cleaned up unused logic. [157efb3] Added logic to determine if client certificates are required for REST API (login, anonymous, and Kerberos service authentication all disabled). Cleaned up KerberosService by moving logic to NiFiProperties. [5438619] Added documentation for Kerberos login-identity-providers.xml. [3332d9f] Added NiFi properties for Kerberos SSO. [b14a557] Fixed canvas call to only attempt Kerberos login if JWT not present in local storage. Added logic to handle ticket validation failure in AccessResource. Changed wiring of Kerberos service beans to XML in nifi-web-security-context.xml for consistency. [c31ae3d] Kerberos SPNEGO works without additional filter (new entry endpoint accepts Kerberos ticket in Authorization header and returns JWT so the rest of the application functions the same as LDAP). [98460e7] Added check to only instantiate beans when Kerberos enabled to allow access control integration tests to pass. [6ed0724] Renamed Kerberos discovery method to be explicit about service vs. credential login. [ed67d2e] Removed temporary solution for Rules Resource access via Kerberos ticket. [c8b2b01] Added temporary solution for Rules Resource access via Kerberos ticket. [81ca80f] NIFI-1274 Added KerberosAuthenticationFilter to conduct SPNEGO authentication with local (client) Kerberos ticket. Added properties and accessors for service principal and keytab location for NiFi app server. Added KAF to NiFiWebApiSecurityConfiguration. Added AlternateKerberosUserDetailsService to provide user lookup without dependency on extension bundle (nifi-kerberos-iaa-provider). Added dependencies on spring-security-kerberos-core and -web modules to pom.xml. [0605ba8] Added working configuration files to test/resources in kerberos module to document necessary config. This version requires the user to enter their Kerberos username (without realm) and password into the NiFi login screen and will authenticate them against the running KDC. Also includes a sample keystore and root CA public key for configuring a secure instance. [49236c8] Added kerberos module dependencies to nifi/pom.xml and nifi-assembly/pom.xml. Added default properties to login-identity-providers.xml. [928c52b] Added nifi-kerberos-iaa-providers-bundle module to nifi/pom.xml. Added skeleton of Kerberos authenticator using Spring Security Kerberos plugin. This closes #284 Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>
2016-03-11 18:11:19 -05:00
</parent>
<artifactId>nifi-kerberos-iaa-providers-nar</artifactId>
<packaging>nar</packaging>
<properties>
<maven.javadoc.skip>true</maven.javadoc.skip>
<source.skip>true</source.skip>
</properties>
<dependencies>
<dependency>
<groupId>org.apache.nifi</groupId>
<artifactId>nifi-kerberos-iaa-providers</artifactId>
</dependency>
</dependencies>
<name>nifi-kerberos-iaa-providers-nar</name>
</project>