mirror of https://github.com/apache/nifi.git
NIFI-655:
- Allowing the user to link back to the log in page from the new account page. - Renaming DN to identity where possible.
This commit is contained in:
parent
b6d09b86b6
commit
06a4736a58
|
@ -31,33 +31,33 @@ import org.apache.nifi.authorization.exception.UnknownIdentityException;
|
|||
public interface AuthorityProvider {
|
||||
|
||||
/**
|
||||
* @param dn of the user
|
||||
* @return whether the user with the specified DN is known to this authority
|
||||
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
|
||||
* @return whether the user with the specified identity is known to this authority
|
||||
* provider. It is not necessary for the user to have any authorities
|
||||
*/
|
||||
boolean doesDnExist(String dn) throws AuthorityAccessException;
|
||||
boolean doesDnExist(String identity) throws AuthorityAccessException;
|
||||
|
||||
/**
|
||||
* Get the authorities for the specified user. If the specified user exists
|
||||
* but does not have any authorities, an empty set should be returned.
|
||||
*
|
||||
* @param dn of the user to lookup
|
||||
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
|
||||
* @return the authorities for the specified user. If the specified user
|
||||
* exists but does not have any authorities, an empty set should be returned
|
||||
* @throws UnknownIdentityException if identity is not known
|
||||
* @throws AuthorityAccessException if unable to access authorities
|
||||
*/
|
||||
Set<Authority> getAuthorities(String dn) throws UnknownIdentityException, AuthorityAccessException;
|
||||
Set<Authority> getAuthorities(String identity) throws UnknownIdentityException, AuthorityAccessException;
|
||||
|
||||
/**
|
||||
* Sets the specified authorities for the specified user.
|
||||
*
|
||||
* @param dn the specified user
|
||||
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
|
||||
* @param authorities the new authorities for the user
|
||||
* @throws UnknownIdentityException if identity is not known
|
||||
* @throws AuthorityAccessException if unable to access authorities
|
||||
*/
|
||||
void setAuthorities(String dn, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException;
|
||||
void setAuthorities(String identity, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException;
|
||||
|
||||
/**
|
||||
* Gets the users for the specified authority.
|
||||
|
@ -72,32 +72,32 @@ public interface AuthorityProvider {
|
|||
* Revokes the specified user. Its up to the implementor to determine the
|
||||
* semantics of revocation.
|
||||
*
|
||||
* @param dn the dn of the user
|
||||
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
|
||||
* @throws UnknownIdentityException if the user is not known
|
||||
* @throws AuthorityAccessException if unable to access the authorities
|
||||
*/
|
||||
void revokeUser(String dn) throws UnknownIdentityException, AuthorityAccessException;
|
||||
void revokeUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
|
||||
|
||||
/**
|
||||
* Add the specified user.
|
||||
*
|
||||
* @param dn of the user
|
||||
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
|
||||
* @param group Optional
|
||||
* @throws UnknownIdentityException if the user is not known
|
||||
* @throws AuthorityAccessException if unable to access the authorities
|
||||
*/
|
||||
void addUser(String dn, String group) throws IdentityAlreadyExistsException, AuthorityAccessException;
|
||||
void addUser(String identity, String group) throws IdentityAlreadyExistsException, AuthorityAccessException;
|
||||
|
||||
/**
|
||||
* Gets the group for the specified user. Return null if the user does not
|
||||
* belong to a group.
|
||||
*
|
||||
* @param dn the user
|
||||
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
|
||||
* @return the group of the given user
|
||||
* @throws UnknownIdentityException if the user is not known
|
||||
* @throws AuthorityAccessException if unable to access the authorities
|
||||
*/
|
||||
String getGroupForUser(String dn) throws UnknownIdentityException, AuthorityAccessException;
|
||||
String getGroupForUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
|
||||
|
||||
/**
|
||||
* Revokes all users for a specified group. Its up to the implementor to
|
||||
|
@ -112,21 +112,21 @@ public interface AuthorityProvider {
|
|||
/**
|
||||
* Adds the specified users to the specified group.
|
||||
*
|
||||
* @param dn the set of users to add to the group
|
||||
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
|
||||
* @param group to add users to
|
||||
* @throws UnknownIdentityException if the user is not known
|
||||
* @throws AuthorityAccessException if unable to access the authorities
|
||||
*/
|
||||
void setUsersGroup(Set<String> dn, String group) throws UnknownIdentityException, AuthorityAccessException;
|
||||
void setUsersGroup(Set<String> identity, String group) throws UnknownIdentityException, AuthorityAccessException;
|
||||
|
||||
/**
|
||||
* Ungroups the specified user.
|
||||
*
|
||||
* @param dn of the user
|
||||
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
|
||||
* @throws UnknownIdentityException if the user is not known
|
||||
* @throws AuthorityAccessException if unable to access the authorities
|
||||
*/
|
||||
void ungroupUser(String dn) throws UnknownIdentityException, AuthorityAccessException;
|
||||
void ungroupUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
|
||||
|
||||
/**
|
||||
* Ungroups the specified group. Since the semantics of revocation is up to
|
||||
|
@ -143,18 +143,18 @@ public interface AuthorityProvider {
|
|||
* Determines whether the user in the specified dnChain should be able to
|
||||
* download the content for the flowfile with the specified attributes.
|
||||
*
|
||||
* The first dn in the chain is the end user that the request was issued on
|
||||
* behalf of. The subsequent dn's in the chain represent entities proxying
|
||||
* The first identity in the chain is the end user that the request was issued on
|
||||
* behalf of. The subsequent identities in the chain represent entities proxying
|
||||
* the user's request with the last being the proxy that sent the current
|
||||
* request.
|
||||
*
|
||||
* @param dnChain of the user
|
||||
* @param proxyChain proxy chain of user identities that for the download request
|
||||
* @param attributes of the flowfile being requested
|
||||
* @return the authorization result
|
||||
* @throws UnknownIdentityException if the user is not known
|
||||
* @throws AuthorityAccessException if unable to access the authorities
|
||||
*/
|
||||
DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException;
|
||||
DownloadAuthorization authorizeDownload(List<String> proxyChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException;
|
||||
|
||||
/**
|
||||
* Called immediately after instance creation for implementers to perform
|
||||
|
|
|
@ -54,7 +54,7 @@ public interface NiFiWebConfigurationContext {
|
|||
void saveActions(NiFiWebRequestContext requestContext, Collection<ConfigurationAction> actions);
|
||||
|
||||
/**
|
||||
* @return the current user dn. Returns null if no user is found
|
||||
* @return the current user identity. The value may be a DN, an email, a username, or any string that identities the user. Returns null if no user is found
|
||||
*/
|
||||
String getCurrentUserDn();
|
||||
|
||||
|
|
|
@ -51,7 +51,7 @@ public interface NiFiWebContext {
|
|||
void saveActions(Collection<ProcessorConfigurationAction> actions);
|
||||
|
||||
/**
|
||||
* @return the current user dn. Returns null if no user is found
|
||||
* @return the current user identity. It may be a dn, an email, a username, or any string that identities the user. Returns null if no user is found
|
||||
*/
|
||||
String getCurrentUserDn();
|
||||
|
||||
|
|
|
@ -67,8 +67,8 @@ public class UserDataSourceFactoryBean implements FactoryBean {
|
|||
+ "ID, IDENTITY, USER_NAME, CREATION, LAST_VERIFIED, JUSTIFICATION, STATUS"
|
||||
+ ") VALUES ("
|
||||
+ "'" + UUID.randomUUID().toString() + "', "
|
||||
+ "'" + NiFiUser.ANONYMOUS_USER_DN + "', "
|
||||
+ "'" + NiFiUser.ANONYMOUS_USER_DN + "', "
|
||||
+ "'" + NiFiUser.ANONYMOUS_USER_IDENTITY + "', "
|
||||
+ "'" + NiFiUser.ANONYMOUS_USER_IDENTITY + "', "
|
||||
+ "NOW(), "
|
||||
+ "NOW(), "
|
||||
+ "'Anonymous user needs no justification', "
|
||||
|
@ -78,12 +78,12 @@ public class UserDataSourceFactoryBean implements FactoryBean {
|
|||
private static final String INSERT_ANONYMOUS_AUTHORITY = "INSERT INTO AUTHORITY ("
|
||||
+ "USER_ID, ROLE"
|
||||
+ ") VALUES ("
|
||||
+ "(SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_DN + "'), "
|
||||
+ "(SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_IDENTITY + "'), "
|
||||
+ "'%s'"
|
||||
+ ")";
|
||||
|
||||
private static final String DELETE_ANONYMOUS_AUTHORITIES = "DELETE FROM AUTHORITY "
|
||||
+ "WHERE USER_ID = (SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_DN + "')";
|
||||
+ "WHERE USER_ID = (SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_IDENTITY + "')";
|
||||
|
||||
private static final String RENAME_DN_COLUMN = "ALTER TABLE USER ALTER COLUMN DN RENAME TO IDENTITY";
|
||||
private static final String RESIZE_IDENTITY_COLUMN = "ALTER TABLE USER MODIFY IDENTITY VARCHAR(4096)";
|
||||
|
|
|
@ -194,7 +194,7 @@ public class StandardUserDAO implements UserDAO {
|
|||
try {
|
||||
// create the connection and obtain a statement
|
||||
statement = connection.prepareStatement(SELECT_USERS);
|
||||
statement.setString(1, NiFiUser.ANONYMOUS_USER_DN);
|
||||
statement.setString(1, NiFiUser.ANONYMOUS_USER_IDENTITY);
|
||||
|
||||
// execute the query
|
||||
rs = statement.executeQuery();
|
||||
|
@ -211,7 +211,7 @@ public class StandardUserDAO implements UserDAO {
|
|||
if (user == null || !userId.equals(user.getId())) {
|
||||
user = new NiFiUser();
|
||||
user.setId(userId);
|
||||
user.setDn(rs.getString("IDENTITY"));
|
||||
user.setIdentity(rs.getString("IDENTITY"));
|
||||
user.setUserName(rs.getString("USER_NAME"));
|
||||
user.setUserGroup(rs.getString("USER_GROUP"));
|
||||
user.setJustification(rs.getString("JUSTIFICATION"));
|
||||
|
@ -287,7 +287,7 @@ public class StandardUserDAO implements UserDAO {
|
|||
try {
|
||||
// create the connection and obtain a statement
|
||||
statement = connection.prepareStatement(SELECT_USER_GROUP);
|
||||
statement.setString(1, NiFiUser.ANONYMOUS_USER_DN);
|
||||
statement.setString(1, NiFiUser.ANONYMOUS_USER_IDENTITY);
|
||||
statement.setString(2, group);
|
||||
|
||||
// execute the query
|
||||
|
@ -305,7 +305,7 @@ public class StandardUserDAO implements UserDAO {
|
|||
if (user == null || !userId.equals(user.getId())) {
|
||||
user = new NiFiUser();
|
||||
user.setId(userId);
|
||||
user.setDn(rs.getString("IDENTITY"));
|
||||
user.setIdentity(rs.getString("IDENTITY"));
|
||||
user.setUserName(rs.getString("USER_NAME"));
|
||||
user.setUserGroup(rs.getString("USER_GROUP"));
|
||||
user.setJustification(rs.getString("JUSTIFICATION"));
|
||||
|
@ -366,7 +366,7 @@ public class StandardUserDAO implements UserDAO {
|
|||
if (user == null) {
|
||||
user = new NiFiUser();
|
||||
user.setId(rs.getString("ID"));
|
||||
user.setDn(rs.getString("IDENTITY"));
|
||||
user.setIdentity(rs.getString("IDENTITY"));
|
||||
user.setUserName(rs.getString("USER_NAME"));
|
||||
user.setUserGroup(rs.getString("USER_GROUP"));
|
||||
user.setJustification(rs.getString("JUSTIFICATION"));
|
||||
|
@ -424,7 +424,7 @@ public class StandardUserDAO implements UserDAO {
|
|||
if (user == null) {
|
||||
user = new NiFiUser();
|
||||
user.setId(rs.getString("ID"));
|
||||
user.setDn(rs.getString("IDENTITY"));
|
||||
user.setIdentity(rs.getString("IDENTITY"));
|
||||
user.setUserName(rs.getString("USER_NAME"));
|
||||
user.setUserGroup(rs.getString("USER_GROUP"));
|
||||
user.setJustification(rs.getString("JUSTIFICATION"));
|
||||
|
@ -463,19 +463,19 @@ public class StandardUserDAO implements UserDAO {
|
|||
|
||||
@Override
|
||||
public NiFiUser createUser(NiFiUser user) throws DataAccessException {
|
||||
if (user.getDn() == null) {
|
||||
throw new IllegalArgumentException("User dn must be specified.");
|
||||
if (user.getIdentity() == null) {
|
||||
throw new IllegalArgumentException("User identity must be specified.");
|
||||
}
|
||||
|
||||
PreparedStatement statement = null;
|
||||
ResultSet rs = null;
|
||||
try {
|
||||
final String id = UUID.nameUUIDFromBytes(user.getDn().getBytes(StandardCharsets.UTF_8)).toString();
|
||||
final String id = UUID.nameUUIDFromBytes(user.getIdentity().getBytes(StandardCharsets.UTF_8)).toString();
|
||||
|
||||
// create a statement
|
||||
statement = connection.prepareStatement(INSERT_USER, Statement.RETURN_GENERATED_KEYS);
|
||||
statement.setString(1, id);
|
||||
statement.setString(2, StringUtils.left(user.getDn(), 4096));
|
||||
statement.setString(2, StringUtils.left(user.getIdentity(), 4096));
|
||||
statement.setString(3, StringUtils.left(user.getUserName(), 4096));
|
||||
statement.setString(4, StringUtils.left(user.getUserGroup(), 100));
|
||||
if (user.getLastVerified() != null) {
|
||||
|
@ -531,7 +531,7 @@ public class StandardUserDAO implements UserDAO {
|
|||
try {
|
||||
// create a statement
|
||||
statement = connection.prepareStatement(UPDATE_USER);
|
||||
statement.setString(1, StringUtils.left(user.getDn(), 4096));
|
||||
statement.setString(1, StringUtils.left(user.getIdentity(), 4096));
|
||||
statement.setString(2, StringUtils.left(user.getUserName(), 4096));
|
||||
statement.setString(3, StringUtils.left(user.getUserGroup(), 100));
|
||||
statement.setString(6, StringUtils.left(user.getJustification(), 500));
|
||||
|
|
|
@ -76,14 +76,14 @@ public abstract class AbstractUserAction<T> implements AdministrationAction<T> {
|
|||
*/
|
||||
protected void verifyAccount(AuthorityProvider authorityProvider, NiFiUser user) {
|
||||
// load the roles for the user
|
||||
Set<Authority> authorities = authorityProvider.getAuthorities(user.getDn());
|
||||
Set<Authority> authorities = authorityProvider.getAuthorities(user.getIdentity());
|
||||
|
||||
// update the user's authorities
|
||||
user.getAuthorities().clear();
|
||||
user.getAuthorities().addAll(authorities);
|
||||
|
||||
// get the user group
|
||||
user.setUserGroup(authorityProvider.getGroupForUser(user.getDn()));
|
||||
user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity()));
|
||||
|
||||
// update the users status in case they were previously pending or disabled
|
||||
user.setStatus(AccountStatus.ACTIVE);
|
||||
|
|
|
@ -37,11 +37,11 @@ import org.apache.nifi.user.NiFiUser;
|
|||
*/
|
||||
public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
|
||||
|
||||
private final String dn;
|
||||
private final String identity;
|
||||
private final int cacheDurationSeconds;
|
||||
|
||||
public AuthorizeUserAction(String dn, int cacheDurationSeconds) {
|
||||
this.dn = dn;
|
||||
public AuthorizeUserAction(String identity, int cacheDurationSeconds) {
|
||||
this.identity = identity;
|
||||
this.cacheDurationSeconds = cacheDurationSeconds;
|
||||
}
|
||||
|
||||
|
@ -50,14 +50,14 @@ public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
|
|||
UserDAO userDao = daoFactory.getUserDAO();
|
||||
|
||||
// get the user
|
||||
NiFiUser user = userDao.findUserByDn(dn);
|
||||
NiFiUser user = userDao.findUserByDn(identity);
|
||||
|
||||
// verify the user was found
|
||||
if (user == null) {
|
||||
// determine whether this users exists
|
||||
boolean doesDnExist = false;
|
||||
try {
|
||||
doesDnExist = authorityProvider.doesDnExist(dn);
|
||||
doesDnExist = authorityProvider.doesDnExist(identity);
|
||||
} catch (AuthorityAccessException aae) {
|
||||
throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
|
||||
}
|
||||
|
@ -66,8 +66,8 @@ public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
|
|||
if (doesDnExist) {
|
||||
// create the user
|
||||
user = new NiFiUser();
|
||||
user.setDn(dn);
|
||||
user.setUserName(CertificateUtils.extractUsername(dn));
|
||||
user.setIdentity(identity);
|
||||
user.setUserName(CertificateUtils.extractUsername(identity));
|
||||
user.setJustification("User details specified by authority provider.");
|
||||
|
||||
try {
|
||||
|
@ -86,12 +86,12 @@ public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
|
|||
createUser.execute(daoFactory, authorityProvider);
|
||||
} catch (UnknownIdentityException uie) {
|
||||
// strange since the provider just reported this dn existed but handleing anyways...
|
||||
throw new AccountNotFoundException(String.format("Unable to verify access for %s.", dn));
|
||||
throw new AccountNotFoundException(String.format("Unable to verify access for %s.", identity));
|
||||
} catch (AuthorityAccessException aae) {
|
||||
throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
|
||||
}
|
||||
} else {
|
||||
throw new AccountNotFoundException(String.format("Unable to verify access for %s.", dn));
|
||||
throw new AccountNotFoundException(String.format("Unable to verify access for %s.", identity));
|
||||
}
|
||||
} else {
|
||||
Throwable providerError = null;
|
||||
|
@ -134,7 +134,7 @@ public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
|
|||
updateUserAuthorities.execute(daoFactory, authorityProvider);
|
||||
|
||||
if (providerError != null) {
|
||||
throw new AccountDisabledException(String.format("User credentials for %s were not found. This account has been disabled.", user.getDn()), providerError);
|
||||
throw new AccountDisabledException(String.format("User credentials for %s were not found. This account has been disabled.", user.getIdentity()), providerError);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -165,9 +165,9 @@ public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
|
|||
*/
|
||||
private void checkAccountStatus(NiFiUser user) {
|
||||
if (AccountStatus.DISABLED.equals(user.getStatus())) {
|
||||
throw new AccountDisabledException(String.format("The account for %s has been disabled.", user.getDn()));
|
||||
throw new AccountDisabledException(String.format("The account for %s has been disabled.", user.getIdentity()));
|
||||
} else if (AccountStatus.PENDING.equals(user.getStatus())) {
|
||||
throw new AccountPendingException(String.format("The account for %s is currently pending approval.", user.getDn()));
|
||||
throw new AccountPendingException(String.format("The account for %s is currently pending approval.", user.getIdentity()));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -63,12 +63,12 @@ public class DisableUserAction implements AdministrationAction<NiFiUser> {
|
|||
|
||||
try {
|
||||
// revoke the user in the authority provider
|
||||
authorityProvider.revokeUser(user.getDn());
|
||||
authorityProvider.revokeUser(user.getIdentity());
|
||||
} catch (UnknownIdentityException uie) {
|
||||
// user identity is not known
|
||||
logger.info(String.format("User %s has already been removed from the authority provider.", user.getDn()));
|
||||
logger.info(String.format("User %s has already been removed from the authority provider.", user.getIdentity()));
|
||||
} catch (AuthorityAccessException aae) {
|
||||
throw new AdministrationException(String.format("Unable to revoke user '%s': %s", user.getDn(), aae.getMessage()), aae);
|
||||
throw new AdministrationException(String.format("Unable to revoke user '%s': %s", user.getIdentity(), aae.getMessage()), aae);
|
||||
}
|
||||
|
||||
return user;
|
||||
|
|
|
@ -30,11 +30,11 @@ import org.apache.nifi.user.NiFiUser;
|
|||
*/
|
||||
public class RequestUserAccountAction implements AdministrationAction<NiFiUser> {
|
||||
|
||||
private final String dn;
|
||||
private final String identity;
|
||||
private final String justification;
|
||||
|
||||
public RequestUserAccountAction(String dn, String justification) {
|
||||
this.dn = dn;
|
||||
public RequestUserAccountAction(String identity, String justification) {
|
||||
this.identity = identity;
|
||||
this.justification = justification;
|
||||
}
|
||||
|
||||
|
@ -43,15 +43,15 @@ public class RequestUserAccountAction implements AdministrationAction<NiFiUser>
|
|||
UserDAO userDao = daoFactory.getUserDAO();
|
||||
|
||||
// determine if this user already exists
|
||||
NiFiUser user = userDao.findUserByDn(dn);
|
||||
NiFiUser user = userDao.findUserByDn(identity);
|
||||
if (user != null) {
|
||||
throw new IllegalArgumentException(String.format("User account for %s already exists.", dn));
|
||||
throw new IllegalArgumentException(String.format("User account for %s already exists.", identity));
|
||||
}
|
||||
|
||||
// create the user
|
||||
user = new NiFiUser();
|
||||
user.setDn(dn);
|
||||
user.setUserName(CertificateUtils.extractUsername(dn));
|
||||
user.setIdentity(identity);
|
||||
user.setUserName(CertificateUtils.extractUsername(identity));
|
||||
user.setJustification(justification);
|
||||
user.setStatus(AccountStatus.PENDING);
|
||||
|
||||
|
|
|
@ -46,7 +46,7 @@ public class SeedUserAccountsAction extends AbstractUserAction<Void> {
|
|||
@Override
|
||||
public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
|
||||
UserDAO userDao = daoFactory.getUserDAO();
|
||||
Set<String> authorizedDns = new HashSet<>();
|
||||
Set<String> authorizedIdentities = new HashSet<>();
|
||||
|
||||
// get the current user cache
|
||||
final Set<NiFiUser> existingUsers;
|
||||
|
@ -62,7 +62,7 @@ public class SeedUserAccountsAction extends AbstractUserAction<Void> {
|
|||
try {
|
||||
// all users for all roles
|
||||
for (final Authority authority : Authority.values()) {
|
||||
authorizedDns.addAll(authorityProvider.getUsers(authority));
|
||||
authorizedIdentities.addAll(authorityProvider.getUsers(authority));
|
||||
}
|
||||
} catch (AuthorityAccessException aae) {
|
||||
// unable to access the authority provider... honor the cache
|
||||
|
@ -73,25 +73,25 @@ public class SeedUserAccountsAction extends AbstractUserAction<Void> {
|
|||
final Set<NiFiUser> accountsToRevoke = new HashSet<>(existingUsers);
|
||||
|
||||
// persist the users
|
||||
for (String dn : authorizedDns) {
|
||||
for (String identity : authorizedIdentities) {
|
||||
NiFiUser user = null;
|
||||
try {
|
||||
// locate the user for this dn
|
||||
user = userDao.findUserByDn(dn);
|
||||
user = userDao.findUserByDn(identity);
|
||||
boolean newAccount = false;
|
||||
|
||||
// if the user does not exist, create a new account
|
||||
if (user == null) {
|
||||
logger.info(String.format("Creating user account: %s", dn));
|
||||
logger.info(String.format("Creating user account: %s", identity));
|
||||
newAccount = true;
|
||||
|
||||
// create the user
|
||||
user = new NiFiUser();
|
||||
user.setDn(dn);
|
||||
user.setUserName(CertificateUtils.extractUsername(dn));
|
||||
user.setIdentity(identity);
|
||||
user.setUserName(CertificateUtils.extractUsername(identity));
|
||||
user.setJustification("User details specified by authority provider.");
|
||||
} else {
|
||||
logger.info(String.format("User account already created: %s. Updating authorities...", dn));
|
||||
logger.info(String.format("User account already created: %s. Updating authorities...", identity));
|
||||
}
|
||||
|
||||
// verify the account
|
||||
|
@ -142,7 +142,7 @@ public class SeedUserAccountsAction extends AbstractUserAction<Void> {
|
|||
}
|
||||
|
||||
try {
|
||||
logger.info(String.format("User not authorized with configured provider: %s. Disabling account...", user.getDn()));
|
||||
logger.info(String.format("User not authorized with configured provider: %s. Disabling account...", user.getIdentity()));
|
||||
|
||||
// disable the account and reset its last verified timestamp since it was not found
|
||||
// in the current configured authority provider
|
||||
|
|
|
@ -56,11 +56,11 @@ public class UngroupUserAction extends AbstractUserAction<Void> {
|
|||
|
||||
try {
|
||||
// update the authority provider
|
||||
authorityProvider.ungroupUser(user.getDn());
|
||||
authorityProvider.ungroupUser(user.getIdentity());
|
||||
} catch (UnknownIdentityException uie) {
|
||||
throw new AccountNotFoundException(String.format("Unable to ungroup user '%s': %s", user.getDn(), uie.getMessage()), uie);
|
||||
throw new AccountNotFoundException(String.format("Unable to ungroup user '%s': %s", user.getIdentity(), uie.getMessage()), uie);
|
||||
} catch (AuthorityAccessException aae) {
|
||||
throw new AdministrationException(String.format("Unable to ungroup user '%s': %s", user.getDn(), aae.getMessage()), aae);
|
||||
throw new AdministrationException(String.format("Unable to ungroup user '%s': %s", user.getIdentity(), aae.getMessage()), aae);
|
||||
}
|
||||
|
||||
return null;
|
||||
|
|
|
@ -61,41 +61,41 @@ public class UpdateUserAction extends AbstractUserAction<NiFiUser> {
|
|||
}
|
||||
|
||||
// determine whether this users exists
|
||||
boolean doesDnExist = false;
|
||||
boolean doesIdentityExist = false;
|
||||
try {
|
||||
doesDnExist = authorityProvider.doesDnExist(user.getDn());
|
||||
doesIdentityExist = authorityProvider.doesDnExist(user.getIdentity());
|
||||
} catch (AuthorityAccessException aae) {
|
||||
throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
|
||||
}
|
||||
|
||||
// if the user already doesn't exist, add them
|
||||
if (!doesDnExist) {
|
||||
if (!doesIdentityExist) {
|
||||
try {
|
||||
// add the account account and group if necessary
|
||||
authorityProvider.addUser(user.getDn(), user.getUserGroup());
|
||||
authorityProvider.addUser(user.getIdentity(), user.getUserGroup());
|
||||
} catch (final IdentityAlreadyExistsException iaee) {
|
||||
logger.warn(String.format("User '%s' already exists in the authority provider. Continuing with user update.", user.getDn()));
|
||||
logger.warn(String.format("User '%s' already exists in the authority provider. Continuing with user update.", user.getIdentity()));
|
||||
} catch (AuthorityAccessException aae) {
|
||||
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s", user.getDn(), aae.getMessage()), aae);
|
||||
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s", user.getIdentity(), aae.getMessage()), aae);
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
// update the authority provider as approprivate
|
||||
authorityProvider.setAuthorities(user.getDn(), authorities);
|
||||
authorityProvider.setAuthorities(user.getIdentity(), authorities);
|
||||
} catch (UnknownIdentityException uie) {
|
||||
throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getDn(), uie.getMessage()), uie);
|
||||
throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
|
||||
} catch (AuthorityAccessException aae) {
|
||||
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getDn(), aae.getMessage()), aae);
|
||||
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
|
||||
}
|
||||
|
||||
try {
|
||||
// get the user group
|
||||
user.setUserGroup(authorityProvider.getGroupForUser(user.getDn()));
|
||||
user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity()));
|
||||
} catch (UnknownIdentityException uie) {
|
||||
throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getDn(), uie.getMessage()), uie);
|
||||
throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
|
||||
} catch (AuthorityAccessException aae) {
|
||||
throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getDn(), aae.getMessage()), aae);
|
||||
throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
|
||||
}
|
||||
|
||||
// since all the authorities were updated accordingly, set the authorities
|
||||
|
|
|
@ -61,7 +61,7 @@ public class UpdateUserGroupAction extends AbstractUserAction<Void> {
|
|||
|
||||
// record the new users being added to this group
|
||||
final Set<NiFiUser> newUsers = new HashSet<>();
|
||||
final Set<String> newUserDns = new HashSet<>();
|
||||
final Set<String> newUserIdentities = new HashSet<>();
|
||||
|
||||
// if the user ids have been specified we need to create/update a group using the specified group name
|
||||
if (userIds != null) {
|
||||
|
@ -81,13 +81,13 @@ public class UpdateUserGroupAction extends AbstractUserAction<Void> {
|
|||
|
||||
try {
|
||||
// if the user is unknown to the authority provider we cannot continue
|
||||
if (!authorityProvider.doesDnExist(user.getDn()) || AccountStatus.DISABLED.equals(user.getStatus())) {
|
||||
throw new IllegalStateException(String.format("Unable to group these users because access for '%s' is not %s.", user.getDn(), AccountStatus.ACTIVE.toString()));
|
||||
if (!authorityProvider.doesDnExist(user.getIdentity()) || AccountStatus.DISABLED.equals(user.getStatus())) {
|
||||
throw new IllegalStateException(String.format("Unable to group these users because access for '%s' is not %s.", user.getIdentity(), AccountStatus.ACTIVE.toString()));
|
||||
}
|
||||
|
||||
// record the user being added to this group
|
||||
newUsers.add(user);
|
||||
newUserDns.add(user.getDn());
|
||||
newUserIdentities.add(user.getIdentity());
|
||||
} catch (final AuthorityAccessException aae) {
|
||||
throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
|
||||
}
|
||||
|
@ -95,11 +95,11 @@ public class UpdateUserGroupAction extends AbstractUserAction<Void> {
|
|||
|
||||
try {
|
||||
// update the authority provider
|
||||
authorityProvider.setUsersGroup(newUserDns, group);
|
||||
authorityProvider.setUsersGroup(newUserIdentities, group);
|
||||
} catch (UnknownIdentityException uie) {
|
||||
throw new AccountNotFoundException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserDns, ", "), uie.getMessage()), uie);
|
||||
throw new AccountNotFoundException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserIdentities, ", "), uie.getMessage()), uie);
|
||||
} catch (AuthorityAccessException aae) {
|
||||
throw new AdministrationException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserDns, ", "), aae.getMessage()), aae);
|
||||
throw new AdministrationException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserIdentities, ", "), aae.getMessage()), aae);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -118,35 +118,35 @@ public class UpdateUserGroupAction extends AbstractUserAction<Void> {
|
|||
if (authorities != null) {
|
||||
try {
|
||||
// update the authority provider as approprivate
|
||||
authorityProvider.setAuthorities(user.getDn(), authorities);
|
||||
authorityProvider.setAuthorities(user.getIdentity(), authorities);
|
||||
|
||||
// since all the authorities were updated accordingly, set the authorities
|
||||
user.getAuthorities().clear();
|
||||
user.getAuthorities().addAll(authorities);
|
||||
} catch (UnknownIdentityException uie) {
|
||||
throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getDn(), uie.getMessage()), uie);
|
||||
throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
|
||||
} catch (AuthorityAccessException aae) {
|
||||
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getDn(), aae.getMessage()), aae);
|
||||
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
|
||||
}
|
||||
} else {
|
||||
try {
|
||||
// refresh the authorities according to the provider
|
||||
user.getAuthorities().clear();
|
||||
user.getAuthorities().addAll(authorityProvider.getAuthorities(user.getDn()));
|
||||
user.getAuthorities().addAll(authorityProvider.getAuthorities(user.getIdentity()));
|
||||
} catch (UnknownIdentityException uie) {
|
||||
throw new AccountNotFoundException(String.format("Unable to determine the authorities for '%s': %s.", user.getDn(), uie.getMessage()), uie);
|
||||
throw new AccountNotFoundException(String.format("Unable to determine the authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
|
||||
} catch (AuthorityAccessException aae) {
|
||||
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getDn(), aae.getMessage()), aae);
|
||||
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
// get the user group
|
||||
user.setUserGroup(authorityProvider.getGroupForUser(user.getDn()));
|
||||
user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity()));
|
||||
} catch (UnknownIdentityException uie) {
|
||||
throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getDn(), uie.getMessage()), uie);
|
||||
throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
|
||||
} catch (AuthorityAccessException aae) {
|
||||
throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getDn(), aae.getMessage()), aae);
|
||||
throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
|
||||
}
|
||||
|
||||
// update the users status in case they were previously pending or disabled
|
||||
|
|
|
@ -29,10 +29,10 @@ import org.apache.commons.lang3.StringUtils;
|
|||
*/
|
||||
public class NiFiUser implements Serializable {
|
||||
|
||||
public static final String ANONYMOUS_USER_DN = "anonymous";
|
||||
public static final String ANONYMOUS_USER_IDENTITY = "anonymous";
|
||||
|
||||
private String id;
|
||||
private String dn;
|
||||
private String identity;
|
||||
private String userName;
|
||||
private String userGroup;
|
||||
private String justification;
|
||||
|
@ -55,12 +55,12 @@ public class NiFiUser implements Serializable {
|
|||
this.creation = creation;
|
||||
}
|
||||
|
||||
public String getDn() {
|
||||
return dn;
|
||||
public String getIdentity() {
|
||||
return identity;
|
||||
}
|
||||
|
||||
public void setDn(String dn) {
|
||||
this.dn = dn;
|
||||
public void setIdentity(String identity) {
|
||||
this.identity = identity;
|
||||
}
|
||||
|
||||
public String getUserName() {
|
||||
|
@ -143,7 +143,7 @@ public class NiFiUser implements Serializable {
|
|||
return false;
|
||||
}
|
||||
final NiFiUser other = (NiFiUser) obj;
|
||||
if (!Objects.equals(this.dn, other.dn)) {
|
||||
if (!Objects.equals(this.identity, other.identity)) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
|
@ -152,13 +152,13 @@ public class NiFiUser implements Serializable {
|
|||
@Override
|
||||
public int hashCode() {
|
||||
int hash = 7;
|
||||
hash = 53 * hash + Objects.hashCode(this.dn);
|
||||
hash = 53 * hash + Objects.hashCode(this.identity);
|
||||
return hash;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
return String.format("dn[%s], userName[%s], justification[%s], authorities[%s]", getDn(), getUserName(), getJustification(), StringUtils.join(getAuthorities(), ", "));
|
||||
return String.format("identity[%s], userName[%s], justification[%s], authorities[%s]", getIdentity(), getUserName(), getJustification(), StringUtils.join(getAuthorities(), ", "));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -54,17 +54,17 @@ public class AuthorizeUserActionTest {
|
|||
private static final String USER_ID_10 = "10";
|
||||
private static final String USER_ID_11 = "11";
|
||||
|
||||
private static final String USER_DN_1 = "authority access exception while searching for user";
|
||||
private static final String USER_DN_2 = "unknown user";
|
||||
private static final String USER_DN_3 = "user removed after checking existence";
|
||||
private static final String USER_DN_4 = "access exception getting authorities";
|
||||
private static final String USER_DN_5 = "error creating user account";
|
||||
private static final String USER_DN_6 = "create user general sequence";
|
||||
private static final String USER_DN_7 = "existing user requires verification";
|
||||
private static final String USER_DN_8 = "existing user does not require verification";
|
||||
private static final String USER_DN_9 = "existing pending user";
|
||||
private static final String USER_DN_10 = "existing disabled user";
|
||||
private static final String USER_DN_11 = "existing user is now unknown in the authority provider";
|
||||
private static final String USER_IDENTITY_1 = "authority access exception while searching for user";
|
||||
private static final String USER_IDENTITY_2 = "unknown user";
|
||||
private static final String USER_IDENTITY_3 = "user removed after checking existence";
|
||||
private static final String USER_IDENTITY_4 = "access exception getting authorities";
|
||||
private static final String USER_IDENTITY_5 = "error creating user account";
|
||||
private static final String USER_IDENTITY_6 = "create user general sequence";
|
||||
private static final String USER_IDENTITY_7 = "existing user requires verification";
|
||||
private static final String USER_IDENTITY_8 = "existing user does not require verification";
|
||||
private static final String USER_IDENTITY_9 = "existing pending user";
|
||||
private static final String USER_IDENTITY_10 = "existing disabled user";
|
||||
private static final String USER_IDENTITY_11 = "existing user is now unknown in the authority provider";
|
||||
|
||||
private DAOFactory daoFactory;
|
||||
private UserDAO userDao;
|
||||
|
@ -85,18 +85,18 @@ public class AuthorizeUserActionTest {
|
|||
if (USER_ID_7.equals(id)) {
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_7);
|
||||
user.setDn(USER_DN_7);
|
||||
user.setIdentity(USER_IDENTITY_7);
|
||||
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
|
||||
} else if (USER_ID_8.equals(id)) {
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_8);
|
||||
user.setDn(USER_DN_8);
|
||||
user.setIdentity(USER_IDENTITY_8);
|
||||
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
|
||||
user.setLastVerified(new Date());
|
||||
} else if (USER_ID_11.equals(id)) {
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_11);
|
||||
user.setDn(USER_DN_11);
|
||||
user.setIdentity(USER_IDENTITY_11);
|
||||
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
|
||||
user.setStatus(AccountStatus.ACTIVE);
|
||||
}
|
||||
|
@ -112,35 +112,35 @@ public class AuthorizeUserActionTest {
|
|||
|
||||
NiFiUser user = null;
|
||||
switch (dn) {
|
||||
case USER_DN_7:
|
||||
case USER_IDENTITY_7:
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_7);
|
||||
user.setDn(USER_DN_7);
|
||||
user.setIdentity(USER_IDENTITY_7);
|
||||
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
|
||||
break;
|
||||
case USER_DN_8:
|
||||
case USER_IDENTITY_8:
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_8);
|
||||
user.setDn(USER_DN_8);
|
||||
user.setIdentity(USER_IDENTITY_8);
|
||||
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
|
||||
user.setLastVerified(new Date());
|
||||
break;
|
||||
case USER_DN_9:
|
||||
case USER_IDENTITY_9:
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_9);
|
||||
user.setDn(USER_DN_9);
|
||||
user.setIdentity(USER_IDENTITY_9);
|
||||
user.setStatus(AccountStatus.PENDING);
|
||||
break;
|
||||
case USER_DN_10:
|
||||
case USER_IDENTITY_10:
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_10);
|
||||
user.setDn(USER_DN_10);
|
||||
user.setIdentity(USER_IDENTITY_10);
|
||||
user.setStatus(AccountStatus.DISABLED);
|
||||
break;
|
||||
case USER_DN_11:
|
||||
case USER_IDENTITY_11:
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_11);
|
||||
user.setDn(USER_DN_11);
|
||||
user.setIdentity(USER_IDENTITY_11);
|
||||
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
|
||||
user.setStatus(AccountStatus.ACTIVE);
|
||||
break;
|
||||
|
@ -154,10 +154,10 @@ public class AuthorizeUserActionTest {
|
|||
public Void answer(InvocationOnMock invocation) throws Throwable {
|
||||
Object[] args = invocation.getArguments();
|
||||
NiFiUser user = (NiFiUser) args[0];
|
||||
switch (user.getDn()) {
|
||||
case USER_DN_5:
|
||||
switch (user.getIdentity()) {
|
||||
case USER_IDENTITY_5:
|
||||
throw new DataAccessException();
|
||||
case USER_DN_6:
|
||||
case USER_IDENTITY_6:
|
||||
user.setId(USER_ID_6);
|
||||
break;
|
||||
}
|
||||
|
@ -215,9 +215,9 @@ public class AuthorizeUserActionTest {
|
|||
Object[] args = invocation.getArguments();
|
||||
String dn = (String) args[0];
|
||||
switch (dn) {
|
||||
case USER_DN_1:
|
||||
case USER_IDENTITY_1:
|
||||
throw new AuthorityAccessException(StringUtils.EMPTY);
|
||||
case USER_DN_2:
|
||||
case USER_IDENTITY_2:
|
||||
return false;
|
||||
}
|
||||
|
||||
|
@ -231,21 +231,21 @@ public class AuthorizeUserActionTest {
|
|||
String dn = (String) args[0];
|
||||
Set<Authority> authorities = EnumSet.noneOf(Authority.class);
|
||||
switch (dn) {
|
||||
case USER_DN_3:
|
||||
case USER_IDENTITY_3:
|
||||
throw new UnknownIdentityException(StringUtils.EMPTY);
|
||||
case USER_DN_4:
|
||||
case USER_IDENTITY_4:
|
||||
throw new AuthorityAccessException(StringUtils.EMPTY);
|
||||
case USER_DN_6:
|
||||
case USER_IDENTITY_6:
|
||||
authorities.add(Authority.ROLE_MONITOR);
|
||||
break;
|
||||
case USER_DN_7:
|
||||
case USER_IDENTITY_7:
|
||||
authorities.add(Authority.ROLE_DFM);
|
||||
break;
|
||||
case USER_DN_9:
|
||||
case USER_IDENTITY_9:
|
||||
throw new UnknownIdentityException(StringUtils.EMPTY);
|
||||
case USER_DN_10:
|
||||
case USER_IDENTITY_10:
|
||||
throw new UnknownIdentityException(StringUtils.EMPTY);
|
||||
case USER_DN_11:
|
||||
case USER_IDENTITY_11:
|
||||
throw new UnknownIdentityException(StringUtils.EMPTY);
|
||||
}
|
||||
|
||||
|
@ -272,7 +272,7 @@ public class AuthorizeUserActionTest {
|
|||
*/
|
||||
@Test(expected = AdministrationException.class)
|
||||
public void testAuthorityAccessExceptionInDoesDnExist() throws Exception {
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_1, 0);
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_1, 0);
|
||||
authorizeUser.execute(daoFactory, authorityProvider);
|
||||
}
|
||||
|
||||
|
@ -283,7 +283,7 @@ public class AuthorizeUserActionTest {
|
|||
*/
|
||||
@Test(expected = AccountNotFoundException.class)
|
||||
public void testUnknownUser() throws Exception {
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_2, 0);
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_2, 0);
|
||||
authorizeUser.execute(daoFactory, authorityProvider);
|
||||
}
|
||||
|
||||
|
@ -294,7 +294,7 @@ public class AuthorizeUserActionTest {
|
|||
*/
|
||||
@Test(expected = AccountNotFoundException.class)
|
||||
public void testUserRemovedAfterCheckingExistence() throws Exception {
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_3, 0);
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_3, 0);
|
||||
authorizeUser.execute(daoFactory, authorityProvider);
|
||||
}
|
||||
|
||||
|
@ -305,7 +305,7 @@ public class AuthorizeUserActionTest {
|
|||
*/
|
||||
@Test(expected = AdministrationException.class)
|
||||
public void testAuthorityAccessException() throws Exception {
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_4, 0);
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_4, 0);
|
||||
authorizeUser.execute(daoFactory, authorityProvider);
|
||||
}
|
||||
|
||||
|
@ -316,7 +316,7 @@ public class AuthorizeUserActionTest {
|
|||
*/
|
||||
@Test(expected = DataAccessException.class)
|
||||
public void testErrorCreatingUserAccount() throws Exception {
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_5, 0);
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_5, 0);
|
||||
authorizeUser.execute(daoFactory, authorityProvider);
|
||||
}
|
||||
|
||||
|
@ -327,11 +327,11 @@ public class AuthorizeUserActionTest {
|
|||
*/
|
||||
@Test
|
||||
public void testAccountCreation() throws Exception {
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_6, 0);
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_6, 0);
|
||||
NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider);
|
||||
|
||||
// verify the user
|
||||
Assert.assertEquals(USER_DN_6, user.getDn());
|
||||
Assert.assertEquals(USER_IDENTITY_6, user.getIdentity());
|
||||
Assert.assertEquals(1, user.getAuthorities().size());
|
||||
Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_MONITOR));
|
||||
|
||||
|
@ -347,11 +347,11 @@ public class AuthorizeUserActionTest {
|
|||
*/
|
||||
@Test
|
||||
public void testExistingUserRequiresVerification() throws Exception {
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_7, 0);
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_7, 0);
|
||||
NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider);
|
||||
|
||||
// verify the user
|
||||
Assert.assertEquals(USER_DN_7, user.getDn());
|
||||
Assert.assertEquals(USER_IDENTITY_7, user.getIdentity());
|
||||
Assert.assertEquals(1, user.getAuthorities().size());
|
||||
Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_DFM));
|
||||
|
||||
|
@ -369,11 +369,11 @@ public class AuthorizeUserActionTest {
|
|||
@Test
|
||||
public void testExistingUserNoVerification() throws Exception {
|
||||
// disabling verification by passing in a large cache duration
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_8, Integer.MAX_VALUE);
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_8, Integer.MAX_VALUE);
|
||||
NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider);
|
||||
|
||||
// verify the user
|
||||
Assert.assertEquals(USER_DN_8, user.getDn());
|
||||
Assert.assertEquals(USER_IDENTITY_8, user.getIdentity());
|
||||
Assert.assertEquals(1, user.getAuthorities().size());
|
||||
Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_MONITOR));
|
||||
|
||||
|
@ -391,7 +391,7 @@ public class AuthorizeUserActionTest {
|
|||
@Test(expected = AccountPendingException.class)
|
||||
public void testExistingPendingUser() throws Exception {
|
||||
// disabling verification by passing in a large cache duration
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_9, Integer.MAX_VALUE);
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_9, Integer.MAX_VALUE);
|
||||
authorizeUser.execute(daoFactory, authorityProvider);
|
||||
}
|
||||
|
||||
|
@ -403,7 +403,7 @@ public class AuthorizeUserActionTest {
|
|||
@Test(expected = AccountDisabledException.class)
|
||||
public void testExistingDisabledUser() throws Exception {
|
||||
// disabling verification by passing in a large cache duration
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_10, Integer.MAX_VALUE);
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_10, Integer.MAX_VALUE);
|
||||
authorizeUser.execute(daoFactory, authorityProvider);
|
||||
}
|
||||
|
||||
|
@ -416,7 +416,7 @@ public class AuthorizeUserActionTest {
|
|||
@Test
|
||||
public void testExistingActiveUserNotFoundInProvider() throws Exception {
|
||||
try {
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_11, 0);
|
||||
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_11, 0);
|
||||
authorizeUser.execute(daoFactory, authorityProvider);
|
||||
|
||||
Assert.fail();
|
||||
|
|
|
@ -40,8 +40,8 @@ public class CreateUserActionTest {
|
|||
private final String USER_ID_2 = "2";
|
||||
private final String USER_ID_3 = "3";
|
||||
|
||||
private final String USER_DN_1 = "data access exception when creating user";
|
||||
private final String USER_DN_3 = "general create user case";
|
||||
private final String USER_IDENTITY_1 = "data access exception when creating user";
|
||||
private final String USER_IDENTITY_3 = "general create user case";
|
||||
|
||||
private DAOFactory daoFactory;
|
||||
private UserDAO userDao;
|
||||
|
@ -57,9 +57,9 @@ public class CreateUserActionTest {
|
|||
Object[] args = invocation.getArguments();
|
||||
NiFiUser user = (NiFiUser) args[0];
|
||||
|
||||
if (USER_DN_1.equals(user.getDn())) {
|
||||
if (USER_IDENTITY_1.equals(user.getIdentity())) {
|
||||
throw new DataAccessException();
|
||||
} else if (USER_DN_3.equals(user.getDn())) {
|
||||
} else if (USER_IDENTITY_3.equals(user.getIdentity())) {
|
||||
user.setId(USER_ID_3);
|
||||
}
|
||||
|
||||
|
@ -100,7 +100,7 @@ public class CreateUserActionTest {
|
|||
@Test(expected = DataAccessException.class)
|
||||
public void testExceptionCreatingUser() throws Exception {
|
||||
NiFiUser user = new NiFiUser();
|
||||
user.setDn(USER_DN_1);
|
||||
user.setIdentity(USER_IDENTITY_1);
|
||||
|
||||
CreateUserAction createUser = new CreateUserAction(user);
|
||||
createUser.execute(daoFactory, null);
|
||||
|
@ -128,7 +128,7 @@ public class CreateUserActionTest {
|
|||
@Test
|
||||
public void testCreateUserAccount() throws Exception {
|
||||
NiFiUser user = new NiFiUser();
|
||||
user.setDn(USER_DN_3);
|
||||
user.setIdentity(USER_IDENTITY_3);
|
||||
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_DFM, Authority.ROLE_ADMIN));
|
||||
|
||||
CreateUserAction createUser = new CreateUserAction(user);
|
||||
|
|
|
@ -40,8 +40,8 @@ public class DisableUserActionTest {
|
|||
private static final String USER_ID_3 = "3";
|
||||
private static final String USER_ID_4 = "4";
|
||||
|
||||
private static final String USER_DN_3 = "authority access exception";
|
||||
private static final String USER_DN_4 = "general disable user case";
|
||||
private static final String USER_IDENTITY_3 = "authority access exception";
|
||||
private static final String USER_IDENTITY_4 = "general disable user case";
|
||||
|
||||
private DAOFactory daoFactory;
|
||||
private UserDAO userDao;
|
||||
|
@ -66,11 +66,11 @@ public class DisableUserActionTest {
|
|||
} else if (USER_ID_3.equals(id)) {
|
||||
user = new NiFiUser();
|
||||
user.setId(id);
|
||||
user.setDn(USER_DN_3);
|
||||
user.setIdentity(USER_IDENTITY_3);
|
||||
} else if (USER_ID_4.equals(id)) {
|
||||
user = new NiFiUser();
|
||||
user.setId(id);
|
||||
user.setDn(USER_DN_4);
|
||||
user.setIdentity(USER_IDENTITY_4);
|
||||
user.setStatus(AccountStatus.ACTIVE);
|
||||
}
|
||||
return user;
|
||||
|
@ -103,7 +103,7 @@ public class DisableUserActionTest {
|
|||
Object[] args = invocation.getArguments();
|
||||
String dn = (String) args[0];
|
||||
|
||||
if (USER_DN_3.equals(dn)) {
|
||||
if (USER_IDENTITY_3.equals(dn)) {
|
||||
throw new AuthorityAccessException(StringUtils.EMPTY);
|
||||
}
|
||||
|
||||
|
@ -158,11 +158,11 @@ public class DisableUserActionTest {
|
|||
|
||||
// verify the user
|
||||
Assert.assertEquals(USER_ID_4, user.getId());
|
||||
Assert.assertEquals(USER_DN_4, user.getDn());
|
||||
Assert.assertEquals(USER_IDENTITY_4, user.getIdentity());
|
||||
Assert.assertEquals(AccountStatus.DISABLED, user.getStatus());
|
||||
|
||||
// verify the interaction with the dao and provider
|
||||
Mockito.verify(userDao, Mockito.times(1)).updateUser(user);
|
||||
Mockito.verify(authorityProvider, Mockito.times(1)).revokeUser(USER_DN_4);
|
||||
Mockito.verify(authorityProvider, Mockito.times(1)).revokeUser(USER_IDENTITY_4);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -36,9 +36,9 @@ public class RequestUserAccountActionTest {
|
|||
|
||||
private static final String USER_ID_3 = "3";
|
||||
|
||||
private static final String USER_DN_1 = "existing user account dn";
|
||||
private static final String USER_DN_2 = "data access exception";
|
||||
private static final String USER_DN_3 = "new account request";
|
||||
private static final String USER_IDENTITY_1 = "existing user account";
|
||||
private static final String USER_IDENTITY_2 = "data access exception";
|
||||
private static final String USER_IDENTITY_3 = "new account request";
|
||||
|
||||
private DAOFactory daoFactory;
|
||||
private UserDAO userDao;
|
||||
|
@ -54,7 +54,7 @@ public class RequestUserAccountActionTest {
|
|||
String dn = (String) args[0];
|
||||
|
||||
NiFiUser user = null;
|
||||
if (USER_DN_1.equals(dn)) {
|
||||
if (USER_IDENTITY_1.equals(dn)) {
|
||||
user = new NiFiUser();
|
||||
}
|
||||
return user;
|
||||
|
@ -65,10 +65,10 @@ public class RequestUserAccountActionTest {
|
|||
public Void answer(InvocationOnMock invocation) throws Throwable {
|
||||
Object[] args = invocation.getArguments();
|
||||
NiFiUser user = (NiFiUser) args[0];
|
||||
switch (user.getDn()) {
|
||||
case USER_DN_2:
|
||||
switch (user.getIdentity()) {
|
||||
case USER_IDENTITY_2:
|
||||
throw new DataAccessException();
|
||||
case USER_DN_3:
|
||||
case USER_IDENTITY_3:
|
||||
user.setId(USER_ID_3);
|
||||
break;
|
||||
}
|
||||
|
@ -90,7 +90,7 @@ public class RequestUserAccountActionTest {
|
|||
*/
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void testExistingAccount() throws Exception {
|
||||
RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_1, StringUtils.EMPTY);
|
||||
RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_1, StringUtils.EMPTY);
|
||||
requestUserAccount.execute(daoFactory, null);
|
||||
}
|
||||
|
||||
|
@ -102,7 +102,7 @@ public class RequestUserAccountActionTest {
|
|||
*/
|
||||
@Test(expected = DataAccessException.class)
|
||||
public void testDataAccessException() throws Exception {
|
||||
RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_2, StringUtils.EMPTY);
|
||||
RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_2, StringUtils.EMPTY);
|
||||
requestUserAccount.execute(daoFactory, null);
|
||||
}
|
||||
|
||||
|
@ -113,12 +113,12 @@ public class RequestUserAccountActionTest {
|
|||
*/
|
||||
@Test
|
||||
public void testRequestUserAccountAction() throws Exception {
|
||||
RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_3, StringUtils.EMPTY);
|
||||
RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_3, StringUtils.EMPTY);
|
||||
NiFiUser user = requestUserAccount.execute(daoFactory, null);
|
||||
|
||||
// verfiy the user
|
||||
Assert.assertEquals(USER_ID_3, user.getId());
|
||||
Assert.assertEquals(USER_DN_3, user.getDn());
|
||||
Assert.assertEquals(USER_IDENTITY_3, user.getIdentity());
|
||||
Assert.assertEquals(AccountStatus.PENDING, user.getStatus());
|
||||
|
||||
// verify interaction with dao
|
||||
|
|
|
@ -44,10 +44,10 @@ public class SeedUserAccountsActionTest {
|
|||
private static final String USER_ID_3 = "3";
|
||||
private static final String USER_ID_4 = "4";
|
||||
|
||||
private static final String USER_DN_1 = "user dn 1 - active user - remove monitor and operator, add dfm";
|
||||
private static final String USER_DN_2 = "user dn 2 - active user - no action";
|
||||
private static final String USER_DN_3 = "user dn 3 - pending user - add operator";
|
||||
private static final String USER_DN_4 = "user dn 4 - new user - add monitor";
|
||||
private static final String USER_IDENTITY_1 = "user 1 - active user - remove monitor and operator, add dfm";
|
||||
private static final String USER_IDENTITY_2 = "user 2 - active user - no action";
|
||||
private static final String USER_IDENTITY_3 = "user 3 - pending user - add operator";
|
||||
private static final String USER_IDENTITY_4 = "user 4 - new user - add monitor";
|
||||
|
||||
private DAOFactory daoFactory;
|
||||
private UserDAO userDao;
|
||||
|
@ -68,19 +68,19 @@ public class SeedUserAccountsActionTest {
|
|||
if (USER_ID_1.equals(id)) {
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_1);
|
||||
user.setDn(USER_DN_1);
|
||||
user.setIdentity(USER_IDENTITY_1);
|
||||
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
|
||||
user.setStatus(AccountStatus.ACTIVE);
|
||||
} else if (USER_ID_2.equals(id)) {
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_2);
|
||||
user.setDn(USER_DN_2);
|
||||
user.setIdentity(USER_IDENTITY_2);
|
||||
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_ADMIN));
|
||||
user.setStatus(AccountStatus.ACTIVE);
|
||||
} else if (USER_ID_3.equals(id)) {
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_3);
|
||||
user.setDn(USER_DN_3);
|
||||
user.setIdentity(USER_IDENTITY_3);
|
||||
user.setStatus(AccountStatus.PENDING);
|
||||
}
|
||||
return user;
|
||||
|
@ -93,22 +93,22 @@ public class SeedUserAccountsActionTest {
|
|||
String dn = (String) args[0];
|
||||
|
||||
NiFiUser user = null;
|
||||
if (USER_DN_1.equals(dn)) {
|
||||
if (USER_IDENTITY_1.equals(dn)) {
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_1);
|
||||
user.setDn(USER_DN_1);
|
||||
user.setIdentity(USER_IDENTITY_1);
|
||||
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
|
||||
user.setStatus(AccountStatus.ACTIVE);
|
||||
} else if (USER_DN_2.equals(dn)) {
|
||||
} else if (USER_IDENTITY_2.equals(dn)) {
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_2);
|
||||
user.setDn(USER_DN_2);
|
||||
user.setIdentity(USER_IDENTITY_2);
|
||||
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_ADMIN));
|
||||
user.setStatus(AccountStatus.ACTIVE);
|
||||
} else if (USER_DN_3.equals(dn)) {
|
||||
} else if (USER_IDENTITY_3.equals(dn)) {
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_3);
|
||||
user.setDn(USER_DN_3);
|
||||
user.setIdentity(USER_IDENTITY_3);
|
||||
user.setStatus(AccountStatus.PENDING);
|
||||
}
|
||||
return user;
|
||||
|
@ -120,7 +120,7 @@ public class SeedUserAccountsActionTest {
|
|||
Object[] args = invocation.getArguments();
|
||||
NiFiUser user = (NiFiUser) args[0];
|
||||
|
||||
if (USER_DN_4.equals(user.getDn())) {
|
||||
if (USER_IDENTITY_4.equals(user.getIdentity())) {
|
||||
user.setId(USER_ID_4);
|
||||
}
|
||||
|
||||
|
@ -141,13 +141,13 @@ public class SeedUserAccountsActionTest {
|
|||
|
||||
Set<String> users = new HashSet<>();
|
||||
if (Authority.ROLE_DFM.equals(role)) {
|
||||
users.add(USER_DN_1);
|
||||
users.add(USER_IDENTITY_1);
|
||||
} else if (Authority.ROLE_ADMIN.equals(role)) {
|
||||
users.add(USER_DN_2);
|
||||
users.add(USER_IDENTITY_2);
|
||||
} else if (Authority.ROLE_PROXY.equals(role)) {
|
||||
users.add(USER_DN_3);
|
||||
users.add(USER_IDENTITY_3);
|
||||
} else if (Authority.ROLE_MONITOR.equals(role)) {
|
||||
users.add(USER_DN_4);
|
||||
users.add(USER_IDENTITY_4);
|
||||
}
|
||||
return users;
|
||||
}
|
||||
|
@ -160,16 +160,16 @@ public class SeedUserAccountsActionTest {
|
|||
|
||||
Set<Authority> authorities = EnumSet.noneOf(Authority.class);
|
||||
switch (dn) {
|
||||
case USER_DN_1:
|
||||
case USER_IDENTITY_1:
|
||||
authorities.add(Authority.ROLE_DFM);
|
||||
break;
|
||||
case USER_DN_2:
|
||||
case USER_IDENTITY_2:
|
||||
authorities.add(Authority.ROLE_ADMIN);
|
||||
break;
|
||||
case USER_DN_3:
|
||||
case USER_IDENTITY_3:
|
||||
authorities.add(Authority.ROLE_PROXY);
|
||||
break;
|
||||
case USER_DN_4:
|
||||
case USER_IDENTITY_4:
|
||||
authorities.add(Authority.ROLE_MONITOR);
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -46,8 +46,8 @@ public class SetUserAuthoritiesActionTest {
|
|||
private static final String USER_ID_2 = "2";
|
||||
private static final String USER_ID_3 = "3";
|
||||
|
||||
private static final String USER_DN_2 = "user dn 2";
|
||||
private static final String USER_DN_3 = "user dn 3";
|
||||
private static final String USER_IDENTITY_2 = "user 2";
|
||||
private static final String USER_IDENTITY_3 = "user 3";
|
||||
|
||||
private DAOFactory daoFactory;
|
||||
private UserDAO userDao;
|
||||
|
@ -70,11 +70,11 @@ public class SetUserAuthoritiesActionTest {
|
|||
} else if (USER_ID_2.equals(id)) {
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_2);
|
||||
user.setDn(USER_DN_2);
|
||||
user.setIdentity(USER_IDENTITY_2);
|
||||
} else if (USER_ID_3.equals(id)) {
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_3);
|
||||
user.setDn(USER_DN_3);
|
||||
user.setIdentity(USER_IDENTITY_3);
|
||||
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
|
||||
user.setStatus(AccountStatus.ACTIVE);
|
||||
}
|
||||
|
@ -88,10 +88,10 @@ public class SetUserAuthoritiesActionTest {
|
|||
String dn = (String) args[0];
|
||||
|
||||
NiFiUser user = null;
|
||||
if (USER_DN_3.equals(dn)) {
|
||||
if (USER_IDENTITY_3.equals(dn)) {
|
||||
user = new NiFiUser();
|
||||
user.setId(USER_ID_3);
|
||||
user.setDn(USER_DN_3);
|
||||
user.setIdentity(USER_IDENTITY_3);
|
||||
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
|
||||
user.setStatus(AccountStatus.ACTIVE);
|
||||
}
|
||||
|
@ -148,7 +148,7 @@ public class SetUserAuthoritiesActionTest {
|
|||
String dn = (String) args[0];
|
||||
|
||||
Set<Authority> authorities = EnumSet.noneOf(Authority.class);
|
||||
if (USER_DN_3.equals(dn)) {
|
||||
if (USER_IDENTITY_3.equals(dn)) {
|
||||
authorities.add(Authority.ROLE_DFM);
|
||||
}
|
||||
|
||||
|
@ -162,7 +162,7 @@ public class SetUserAuthoritiesActionTest {
|
|||
String dn = (String) args[0];
|
||||
Set<Authority> authorites = (Set<Authority>) args[1];
|
||||
|
||||
if (USER_DN_2.equals(dn)) {
|
||||
if (USER_IDENTITY_2.equals(dn)) {
|
||||
throw new AuthorityAccessException(StringUtils.EMPTY);
|
||||
}
|
||||
|
||||
|
@ -218,6 +218,6 @@ public class SetUserAuthoritiesActionTest {
|
|||
Set<Authority> authoritiesAddedToProvider = EnumSet.of(Authority.ROLE_ADMIN);
|
||||
|
||||
// verify interaction with provider
|
||||
Mockito.verify(authorityProvider, Mockito.times(1)).setAuthorities(USER_DN_3, authoritiesAddedToProvider);
|
||||
Mockito.verify(authorityProvider, Mockito.times(1)).setAuthorities(USER_IDENTITY_3, authoritiesAddedToProvider);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -78,7 +78,7 @@ public class ControllerAuditor extends NiFiAuditor {
|
|||
|
||||
// create the config action
|
||||
FlowChangeAction configAction = new FlowChangeAction();
|
||||
configAction.setUserIdentity(user.getDn());
|
||||
configAction.setUserIdentity(user.getIdentity());
|
||||
configAction.setUserName(user.getUserName());
|
||||
configAction.setOperation(Operation.Configure);
|
||||
configAction.setTimestamp(new Date());
|
||||
|
@ -131,7 +131,7 @@ public class ControllerAuditor extends NiFiAuditor {
|
|||
|
||||
// create the config action
|
||||
FlowChangeAction configAction = new FlowChangeAction();
|
||||
configAction.setUserIdentity(user.getDn());
|
||||
configAction.setUserIdentity(user.getIdentity());
|
||||
configAction.setUserName(user.getUserName());
|
||||
configAction.setOperation(Operation.Configure);
|
||||
configAction.setTimestamp(new Date());
|
||||
|
@ -184,7 +184,7 @@ public class ControllerAuditor extends NiFiAuditor {
|
|||
|
||||
// create the config action
|
||||
FlowChangeAction configAction = new FlowChangeAction();
|
||||
configAction.setUserIdentity(user.getDn());
|
||||
configAction.setUserIdentity(user.getIdentity());
|
||||
configAction.setUserName(user.getUserName());
|
||||
configAction.setOperation(Operation.Configure);
|
||||
configAction.setTimestamp(new Date());
|
||||
|
@ -237,7 +237,7 @@ public class ControllerAuditor extends NiFiAuditor {
|
|||
|
||||
// create the config action
|
||||
FlowChangeAction configAction = new FlowChangeAction();
|
||||
configAction.setUserIdentity(user.getDn());
|
||||
configAction.setUserIdentity(user.getIdentity());
|
||||
configAction.setUserName(user.getUserName());
|
||||
configAction.setOperation(Operation.Configure);
|
||||
configAction.setTimestamp(new Date());
|
||||
|
|
|
@ -167,7 +167,7 @@ public class ControllerServiceAuditor extends NiFiAuditor {
|
|||
|
||||
// create a configuration action
|
||||
FlowChangeAction configurationAction = new FlowChangeAction();
|
||||
configurationAction.setUserIdentity(user.getDn());
|
||||
configurationAction.setUserIdentity(user.getIdentity());
|
||||
configurationAction.setUserName(user.getUserName());
|
||||
configurationAction.setOperation(operation);
|
||||
configurationAction.setTimestamp(actionTimestamp);
|
||||
|
@ -187,7 +187,7 @@ public class ControllerServiceAuditor extends NiFiAuditor {
|
|||
if (isDisabled != updateIsDisabled) {
|
||||
// create a controller service action
|
||||
FlowChangeAction serviceAction = new FlowChangeAction();
|
||||
serviceAction.setUserIdentity(user.getDn());
|
||||
serviceAction.setUserIdentity(user.getIdentity());
|
||||
serviceAction.setUserName(user.getUserName());
|
||||
serviceAction.setTimestamp(new Date());
|
||||
serviceAction.setSourceId(controllerService.getIdentifier());
|
||||
|
@ -271,7 +271,7 @@ public class ControllerServiceAuditor extends NiFiAuditor {
|
|||
|
||||
// create a processor action
|
||||
FlowChangeAction processorAction = new FlowChangeAction();
|
||||
processorAction.setUserIdentity(user.getDn());
|
||||
processorAction.setUserIdentity(user.getIdentity());
|
||||
processorAction.setUserName(user.getUserName());
|
||||
processorAction.setTimestamp(new Date());
|
||||
processorAction.setSourceId(processor.getIdentifier());
|
||||
|
@ -289,7 +289,7 @@ public class ControllerServiceAuditor extends NiFiAuditor {
|
|||
|
||||
// create a reporting task action
|
||||
FlowChangeAction reportingTaskAction = new FlowChangeAction();
|
||||
reportingTaskAction.setUserIdentity(user.getDn());
|
||||
reportingTaskAction.setUserIdentity(user.getIdentity());
|
||||
reportingTaskAction.setUserName(user.getUserName());
|
||||
reportingTaskAction.setTimestamp(new Date());
|
||||
reportingTaskAction.setSourceId(reportingTask.getIdentifier());
|
||||
|
@ -307,7 +307,7 @@ public class ControllerServiceAuditor extends NiFiAuditor {
|
|||
|
||||
// create a controller service action
|
||||
FlowChangeAction serviceAction = new FlowChangeAction();
|
||||
serviceAction.setUserIdentity(user.getDn());
|
||||
serviceAction.setUserIdentity(user.getIdentity());
|
||||
serviceAction.setUserName(user.getUserName());
|
||||
serviceAction.setTimestamp(new Date());
|
||||
serviceAction.setSourceId(controllerService.getIdentifier());
|
||||
|
@ -387,7 +387,7 @@ public class ControllerServiceAuditor extends NiFiAuditor {
|
|||
|
||||
// create the controller service action for adding this controller service
|
||||
action = new FlowChangeAction();
|
||||
action.setUserIdentity(user.getDn());
|
||||
action.setUserIdentity(user.getIdentity());
|
||||
action.setUserName(user.getUserName());
|
||||
action.setOperation(operation);
|
||||
action.setTimestamp(new Date());
|
||||
|
|
|
@ -121,7 +121,7 @@ public class FunnelAuditor extends NiFiAuditor {
|
|||
if (user != null) {
|
||||
// create the action for adding this funnel
|
||||
action = new FlowChangeAction();
|
||||
action.setUserIdentity(user.getDn());
|
||||
action.setUserIdentity(user.getIdentity());
|
||||
action.setUserName(user.getUserName());
|
||||
action.setOperation(operation);
|
||||
action.setTimestamp(new Date());
|
||||
|
|
|
@ -205,7 +205,7 @@ public class PortAuditor extends NiFiAuditor {
|
|||
for (ActionDetails detail : configurationDetails) {
|
||||
// create the port action for updating the name
|
||||
FlowChangeAction portAction = new FlowChangeAction();
|
||||
portAction.setUserIdentity(user.getDn());
|
||||
portAction.setUserIdentity(user.getIdentity());
|
||||
portAction.setUserName(user.getUserName());
|
||||
portAction.setOperation(Operation.Configure);
|
||||
portAction.setTimestamp(timestamp);
|
||||
|
@ -225,7 +225,7 @@ public class PortAuditor extends NiFiAuditor {
|
|||
if (scheduledState != updatedScheduledState) {
|
||||
// create a processor action
|
||||
FlowChangeAction processorAction = new FlowChangeAction();
|
||||
processorAction.setUserIdentity(user.getDn());
|
||||
processorAction.setUserIdentity(user.getIdentity());
|
||||
processorAction.setUserName(user.getUserName());
|
||||
processorAction.setTimestamp(new Date());
|
||||
processorAction.setSourceId(updatedPort.getIdentifier());
|
||||
|
@ -323,7 +323,7 @@ public class PortAuditor extends NiFiAuditor {
|
|||
|
||||
// create the port action for adding this processor
|
||||
action = new FlowChangeAction();
|
||||
action.setUserIdentity(user.getDn());
|
||||
action.setUserIdentity(user.getIdentity());
|
||||
action.setUserName(user.getUserName());
|
||||
action.setOperation(operation);
|
||||
action.setTimestamp(new Date());
|
||||
|
|
|
@ -140,7 +140,7 @@ public class ProcessGroupAuditor extends NiFiAuditor {
|
|||
|
||||
// create the port action for updating the name
|
||||
FlowChangeAction processGroupAction = new FlowChangeAction();
|
||||
processGroupAction.setUserIdentity(user.getDn());
|
||||
processGroupAction.setUserIdentity(user.getIdentity());
|
||||
processGroupAction.setUserName(user.getUserName());
|
||||
processGroupAction.setOperation(operation);
|
||||
processGroupAction.setTimestamp(timestamp);
|
||||
|
@ -157,7 +157,7 @@ public class ProcessGroupAuditor extends NiFiAuditor {
|
|||
if (processGroupDTO.isRunning() != null) {
|
||||
// create a process group action
|
||||
FlowChangeAction processGroupAction = new FlowChangeAction();
|
||||
processGroupAction.setUserIdentity(user.getDn());
|
||||
processGroupAction.setUserIdentity(user.getIdentity());
|
||||
processGroupAction.setUserName(user.getUserName());
|
||||
processGroupAction.setSourceId(processGroup.getIdentifier());
|
||||
processGroupAction.setSourceName(processGroup.getName());
|
||||
|
@ -242,7 +242,7 @@ public class ProcessGroupAuditor extends NiFiAuditor {
|
|||
|
||||
// create the process group action for adding this process group
|
||||
action = new FlowChangeAction();
|
||||
action.setUserIdentity(user.getDn());
|
||||
action.setUserIdentity(user.getIdentity());
|
||||
action.setUserName(user.getUserName());
|
||||
action.setOperation(operation);
|
||||
action.setTimestamp(new Date());
|
||||
|
|
|
@ -177,7 +177,7 @@ public class ProcessorAuditor extends NiFiAuditor {
|
|||
|
||||
// create a configuration action
|
||||
FlowChangeAction configurationAction = new FlowChangeAction();
|
||||
configurationAction.setUserIdentity(user.getDn());
|
||||
configurationAction.setUserIdentity(user.getIdentity());
|
||||
configurationAction.setUserName(user.getUserName());
|
||||
configurationAction.setOperation(operation);
|
||||
configurationAction.setTimestamp(actionTimestamp);
|
||||
|
@ -197,7 +197,7 @@ public class ProcessorAuditor extends NiFiAuditor {
|
|||
if (scheduledState != updatedScheduledState) {
|
||||
// create a processor action
|
||||
FlowChangeAction processorAction = new FlowChangeAction();
|
||||
processorAction.setUserIdentity(user.getDn());
|
||||
processorAction.setUserIdentity(user.getIdentity());
|
||||
processorAction.setUserName(user.getUserName());
|
||||
processorAction.setTimestamp(new Date());
|
||||
processorAction.setSourceId(processor.getIdentifier());
|
||||
|
@ -294,7 +294,7 @@ public class ProcessorAuditor extends NiFiAuditor {
|
|||
|
||||
// create the processor action for adding this processor
|
||||
action = new FlowChangeAction();
|
||||
action.setUserIdentity(user.getDn());
|
||||
action.setUserIdentity(user.getIdentity());
|
||||
action.setUserName(user.getUserName());
|
||||
action.setOperation(operation);
|
||||
action.setTimestamp(new Date());
|
||||
|
|
|
@ -188,7 +188,7 @@ public class RelationshipAuditor extends NiFiAuditor {
|
|||
|
||||
// create a configuration action
|
||||
FlowChangeAction configurationAction = new FlowChangeAction();
|
||||
configurationAction.setUserIdentity(user.getDn());
|
||||
configurationAction.setUserIdentity(user.getIdentity());
|
||||
configurationAction.setUserName(user.getUserName());
|
||||
configurationAction.setOperation(Operation.Configure);
|
||||
configurationAction.setTimestamp(actionTimestamp);
|
||||
|
@ -353,7 +353,7 @@ public class RelationshipAuditor extends NiFiAuditor {
|
|||
|
||||
// create a new relationship action
|
||||
action = new FlowChangeAction();
|
||||
action.setUserIdentity(user.getDn());
|
||||
action.setUserIdentity(user.getIdentity());
|
||||
action.setUserName(user.getUserName());
|
||||
action.setOperation(operation);
|
||||
action.setTimestamp(actionTimestamp);
|
||||
|
|
|
@ -246,7 +246,7 @@ public class RemoteProcessGroupAuditor extends NiFiAuditor {
|
|||
for (ActionDetails detail : details) {
|
||||
// create the port action for updating the name
|
||||
FlowChangeAction remoteProcessGroupAction = new FlowChangeAction();
|
||||
remoteProcessGroupAction.setUserIdentity(user.getDn());
|
||||
remoteProcessGroupAction.setUserIdentity(user.getIdentity());
|
||||
remoteProcessGroupAction.setUserName(user.getUserName());
|
||||
remoteProcessGroupAction.setOperation(Operation.Configure);
|
||||
remoteProcessGroupAction.setTimestamp(timestamp);
|
||||
|
@ -267,7 +267,7 @@ public class RemoteProcessGroupAuditor extends NiFiAuditor {
|
|||
if (transmissionState != updatedTransmissionState) {
|
||||
// create a processor action
|
||||
FlowChangeAction remoteProcessGroupAction = new FlowChangeAction();
|
||||
remoteProcessGroupAction.setUserIdentity(user.getDn());
|
||||
remoteProcessGroupAction.setUserIdentity(user.getIdentity());
|
||||
remoteProcessGroupAction.setUserName(user.getUserName());
|
||||
remoteProcessGroupAction.setTimestamp(new Date());
|
||||
remoteProcessGroupAction.setSourceId(updatedRemoteProcessGroup.getIdentifier());
|
||||
|
@ -356,7 +356,7 @@ public class RemoteProcessGroupAuditor extends NiFiAuditor {
|
|||
|
||||
// create the remote process group action
|
||||
action = new FlowChangeAction();
|
||||
action.setUserIdentity(user.getDn());
|
||||
action.setUserIdentity(user.getIdentity());
|
||||
action.setUserName(user.getUserName());
|
||||
action.setOperation(operation);
|
||||
action.setTimestamp(new Date());
|
||||
|
|
|
@ -160,7 +160,7 @@ public class ReportingTaskAuditor extends NiFiAuditor {
|
|||
|
||||
// create a configuration action
|
||||
FlowChangeAction configurationAction = new FlowChangeAction();
|
||||
configurationAction.setUserIdentity(user.getDn());
|
||||
configurationAction.setUserIdentity(user.getIdentity());
|
||||
configurationAction.setUserName(user.getUserName());
|
||||
configurationAction.setOperation(operation);
|
||||
configurationAction.setTimestamp(actionTimestamp);
|
||||
|
@ -180,7 +180,7 @@ public class ReportingTaskAuditor extends NiFiAuditor {
|
|||
if (scheduledState != updatedScheduledState) {
|
||||
// create a reporting task action
|
||||
FlowChangeAction taskAction = new FlowChangeAction();
|
||||
taskAction.setUserIdentity(user.getDn());
|
||||
taskAction.setUserIdentity(user.getIdentity());
|
||||
taskAction.setUserName(user.getUserName());
|
||||
taskAction.setTimestamp(new Date());
|
||||
taskAction.setSourceId(reportingTask.getIdentifier());
|
||||
|
@ -276,7 +276,7 @@ public class ReportingTaskAuditor extends NiFiAuditor {
|
|||
|
||||
// create the reporting task action for adding this reporting task
|
||||
action = new FlowChangeAction();
|
||||
action.setUserIdentity(user.getDn());
|
||||
action.setUserIdentity(user.getIdentity());
|
||||
action.setUserName(user.getUserName());
|
||||
action.setOperation(operation);
|
||||
action.setTimestamp(new Date());
|
||||
|
|
|
@ -232,7 +232,7 @@ public class SnippetAuditor extends NiFiAuditor {
|
|||
if (user != null) {
|
||||
// create the action for adding this funnel
|
||||
action = new FlowChangeAction();
|
||||
action.setUserIdentity(user.getDn());
|
||||
action.setUserIdentity(user.getIdentity());
|
||||
action.setUserName(user.getUserName());
|
||||
action.setOperation(operation);
|
||||
action.setTimestamp(timestamp);
|
||||
|
|
|
@ -765,7 +765,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
|
|||
if (user == null) {
|
||||
throw new WebApplicationException(new Throwable("Unable to access details for current user."));
|
||||
}
|
||||
final String userDn = user.getDn();
|
||||
final String userDn = user.getIdentity();
|
||||
|
||||
if (Node.Status.CONNECTING.name().equalsIgnoreCase(nodeDTO.getStatus())) {
|
||||
clusterManager.requestReconnection(nodeDTO.getNodeId(), userDn);
|
||||
|
@ -1775,7 +1775,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
|
|||
|
||||
// create a purge action to record that records are being removed
|
||||
FlowChangeAction purgeAction = new FlowChangeAction();
|
||||
purgeAction.setUserIdentity(user.getDn());
|
||||
purgeAction.setUserIdentity(user.getIdentity());
|
||||
purgeAction.setUserName(user.getUserName());
|
||||
purgeAction.setOperation(Operation.Purge);
|
||||
purgeAction.setTimestamp(new Date());
|
||||
|
@ -2261,7 +2261,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
|
|||
}
|
||||
|
||||
final Set<String> allowedUsers = port.getUserAccessControl();
|
||||
if (allowedUsers.contains(user.getDn())) {
|
||||
if (allowedUsers.contains(user.getIdentity())) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
@ -2653,7 +2653,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
|
|||
final UserDTO groupedUser = groupedUserDTOs.get(user.getUserGroup());
|
||||
groupedUser.setId(groupedUser.getId() + "," + String.valueOf(user.getId()));
|
||||
groupedUser.setUserName(groupedUser.getUserName() + ", " + user.getUserName());
|
||||
groupedUser.setDn(groupedUser.getDn() + ", " + user.getDn());
|
||||
groupedUser.setDn(groupedUser.getDn() + ", " + user.getIdentity());
|
||||
groupedUser.setCreation(getOldestDate(groupedUser.getCreation(), user.getCreation()));
|
||||
groupedUser.setLastAccessed(getNewestDate(groupedUser.getLastAccessed(), user.getLastAccessed()));
|
||||
groupedUser.setLastVerified(getNewestDate(groupedUser.getLastVerified(), user.getLastVerified()));
|
||||
|
@ -2752,7 +2752,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
|
|||
throw new WebApplicationException(new Throwable("Unable to access details for current user."));
|
||||
}
|
||||
|
||||
final String userDn = user.getDn();
|
||||
final String userDn = user.getIdentity();
|
||||
clusterManager.deleteNode(nodeId, userDn);
|
||||
}
|
||||
|
||||
|
|
|
@ -158,19 +158,19 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration
|
|||
|
||||
@Override
|
||||
public String getCurrentUserDn() {
|
||||
String userDn = NiFiUser.ANONYMOUS_USER_DN;
|
||||
String userIdentity = NiFiUser.ANONYMOUS_USER_IDENTITY;
|
||||
|
||||
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
||||
if (user != null) {
|
||||
userDn = user.getDn();
|
||||
userIdentity = user.getIdentity();
|
||||
}
|
||||
|
||||
return userDn;
|
||||
return userIdentity;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getCurrentUserName() {
|
||||
String userName = NiFiUser.ANONYMOUS_USER_DN;
|
||||
String userName = NiFiUser.ANONYMOUS_USER_IDENTITY;
|
||||
|
||||
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
||||
if (user != null) {
|
||||
|
|
|
@ -129,19 +129,19 @@ public class StandardNiFiWebContext implements NiFiWebContext {
|
|||
|
||||
@Override
|
||||
public String getCurrentUserDn() {
|
||||
String userDn = NiFiUser.ANONYMOUS_USER_DN;
|
||||
String userIdentity = NiFiUser.ANONYMOUS_USER_IDENTITY;
|
||||
|
||||
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
||||
if (user != null) {
|
||||
userDn = user.getDn();
|
||||
userIdentity = user.getIdentity();
|
||||
}
|
||||
|
||||
return userDn;
|
||||
return userIdentity;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getCurrentUserName() {
|
||||
String userName = NiFiUser.ANONYMOUS_USER_DN;
|
||||
String userName = NiFiUser.ANONYMOUS_USER_IDENTITY;
|
||||
|
||||
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
||||
if (user != null) {
|
||||
|
|
|
@ -103,7 +103,7 @@ public class UserResource extends ApplicationResource {
|
|||
|
||||
final NiFiUser nifiUser = NiFiUserUtils.getNiFiUser();
|
||||
if (nifiUser != null) {
|
||||
throw new IllegalArgumentException("User account already created " + nifiUser.getDn());
|
||||
throw new IllegalArgumentException("User account already created " + nifiUser.getIdentity());
|
||||
}
|
||||
|
||||
// create an account request for the current user
|
||||
|
|
|
@ -39,7 +39,7 @@ public class AccessDeniedExceptionMapper implements ExceptionMapper<AccessDenied
|
|||
// get the current user
|
||||
NiFiUser user = NiFiUserUtils.getNiFiUser();
|
||||
if (user != null) {
|
||||
logger.info(String.format("%s does not have permission to access the requested resource. Returning %s response.", user.getDn(), Response.Status.FORBIDDEN));
|
||||
logger.info(String.format("%s does not have permission to access the requested resource. Returning %s response.", user.getIdentity(), Response.Status.FORBIDDEN));
|
||||
} else {
|
||||
logger.info(String.format("User does not have permission to access the requested resource. Returning %s response.", Response.Status.FORBIDDEN));
|
||||
}
|
||||
|
|
|
@ -2338,7 +2338,7 @@ public final class DtoFactory {
|
|||
// create the user
|
||||
UserDTO userDTO = new UserDTO();
|
||||
userDTO.setId(String.valueOf(user.getId()));
|
||||
userDTO.setDn(user.getDn());
|
||||
userDTO.setDn(user.getIdentity());
|
||||
userDTO.setUserName(user.getUserName());
|
||||
userDTO.setUserGroup(user.getUserGroup());
|
||||
userDTO.setJustification(user.getJustification());
|
||||
|
|
|
@ -841,7 +841,7 @@ public class ControllerFacade {
|
|||
final String type = event.getAttributes().get(CoreAttributes.MIME_TYPE.key());
|
||||
|
||||
// get the content
|
||||
final InputStream content = flowController.getContent(event, contentDirection, user.getDn(), uri);
|
||||
final InputStream content = flowController.getContent(event, contentDirection, user.getIdentity(), uri);
|
||||
return new DownloadableContent(filename, type, content);
|
||||
} catch (final ContentNotFoundException cnfe) {
|
||||
throw new ResourceNotFoundException("Unable to find the specified content.");
|
||||
|
@ -871,7 +871,7 @@ public class ControllerFacade {
|
|||
}
|
||||
|
||||
// replay the flow file
|
||||
final ProvenanceEventRecord event = flowController.replayFlowFile(originalEvent, user.getDn());
|
||||
final ProvenanceEventRecord event = flowController.replayFlowFile(originalEvent, user.getIdentity());
|
||||
|
||||
// convert the event record
|
||||
return createProvenanceEventDto(event);
|
||||
|
|
|
@ -52,13 +52,13 @@ public class RequestLogger implements Filter {
|
|||
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
||||
|
||||
// get the user details for the log message
|
||||
String dn = "<no user found>";
|
||||
String identity = "<no user found>";
|
||||
if (user != null) {
|
||||
dn = user.getDn();
|
||||
identity = user.getIdentity();
|
||||
}
|
||||
|
||||
// log the request attempt - response details will be logged later
|
||||
logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", dn, request.getMethod(),
|
||||
logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", identity, request.getMethod(),
|
||||
request.getRequestURL().toString(), request.getRemoteAddr()));
|
||||
}
|
||||
|
||||
|
|
|
@ -80,7 +80,7 @@ public abstract class NiFiAuthenticationFilter implements Filter {
|
|||
|
||||
private boolean isAnonymousUser() {
|
||||
final NiFiUser user = NiFiUserUtils.getNiFiUser();
|
||||
return user != null && NiFiUser.ANONYMOUS_USER_DN.equals(user.getDn());
|
||||
return user != null && NiFiUser.ANONYMOUS_USER_IDENTITY.equals(user.getIdentity());
|
||||
}
|
||||
|
||||
private void authenticate(final HttpServletRequest request, final HttpServletResponse response) throws IOException {
|
||||
|
|
|
@ -70,19 +70,19 @@ public class ProxiedEntitiesUtils {
|
|||
*/
|
||||
public static List<String> getXProxiedEntitiesChain(final NiFiUser user) {
|
||||
// calculate the dn chain
|
||||
final List<String> dnChain = new ArrayList<>();
|
||||
final List<String> proxyChain = new ArrayList<>();
|
||||
|
||||
// build the dn chain
|
||||
NiFiUser chainedUser = user;
|
||||
do {
|
||||
// add the entry for this user
|
||||
dnChain.add(chainedUser.getDn());
|
||||
proxyChain.add(chainedUser.getIdentity());
|
||||
|
||||
// go to the next user in the chain
|
||||
chainedUser = chainedUser.getChain();
|
||||
} while (chainedUser != null);
|
||||
|
||||
return dnChain;
|
||||
return proxyChain;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -16,10 +16,12 @@
|
|||
*/
|
||||
package org.apache.nifi.web.security.anonymous;
|
||||
|
||||
import java.util.EnumSet;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.nifi.admin.service.AdministrationException;
|
||||
import org.apache.nifi.admin.service.UserService;
|
||||
import org.apache.nifi.authorization.Authority;
|
||||
import org.apache.nifi.user.NiFiUser;
|
||||
import org.apache.nifi.web.security.user.NiFiUserDetails;
|
||||
import org.apache.nifi.web.security.token.NiFiAuthorizationToken;
|
||||
|
@ -49,8 +51,13 @@ public class NiFiAnonymousUserFilter extends AnonymousAuthenticationFilter {
|
|||
|
||||
try {
|
||||
// load the anonymous user from the database
|
||||
NiFiUser user = userService.getUserByDn(NiFiUser.ANONYMOUS_USER_DN);
|
||||
NiFiUser user = userService.getUserByDn(NiFiUser.ANONYMOUS_USER_IDENTITY);
|
||||
|
||||
// if this is an unsecure request allow full access
|
||||
if (!request.isSecure()) {
|
||||
user.getAuthorities().addAll(EnumSet.allOf(Authority.class));
|
||||
}
|
||||
|
||||
// only create an authentication token if the anonymous user has some authorities
|
||||
if (!user.getAuthorities().isEmpty()) {
|
||||
NiFiUserDetails userDetails = new NiFiUserDetails(user);
|
||||
|
|
|
@ -132,7 +132,7 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF
|
|||
if (loginIdentityProvider.authenticate(credentials)) {
|
||||
return new LoginAuthenticationToken(credentials);
|
||||
} else {
|
||||
throw new BadCredentialsException("User could not be authenticated with the configured identity provider.");
|
||||
throw new BadCredentialsException("The supplied username and password are not valid.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -106,7 +106,7 @@ public class NodeAuthorizedUserFilter extends GenericFilterBean {
|
|||
final NiFiUser user = userDetails.getNiFiUser();
|
||||
|
||||
// log the request attempt - response details will be logged later
|
||||
logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", user.getDn(), httpServletRequest.getMethod(),
|
||||
logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", user.getIdentity(), httpServletRequest.getMethod(),
|
||||
httpServletRequest.getRequestURL().toString(), request.getRemoteAddr()));
|
||||
|
||||
// we do not create the authentication token with the X509 certificate because the certificate is from the sending system, not the proxied user
|
||||
|
|
|
@ -73,7 +73,7 @@ public class NiFiUserDetails implements UserDetails {
|
|||
|
||||
@Override
|
||||
public String getUsername() {
|
||||
return user.getDn();
|
||||
return user.getIdentity();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -32,7 +32,11 @@
|
|||
<div class="setting-field">
|
||||
<textarea cols="30" rows="4" id="nifi-registration-justification" maxlength="500" class="setting-input"></textarea>
|
||||
</div>
|
||||
<div style="text-align: right; color: #666; margin-top: 2px;">
|
||||
<div id="login-to-account-message" class="hidden">
|
||||
<div style="font-style: italic;">Already have an account?</div>
|
||||
<div style="margin-top: 2px;"><span id="login-to-account-link" class="link">Log in</span></div>
|
||||
</div>
|
||||
<div style="text-align: right; color: #666; margin-top: 2px; float: right;">
|
||||
<span id="remaining-characters"></span> characters remaining
|
||||
</div>
|
||||
<div class="clear"></div>
|
||||
|
|
|
@ -25,7 +25,7 @@
|
|||
<div class="clear"></div>
|
||||
</div>
|
||||
<div class="setting">
|
||||
<div class="setting-name">DN</div>
|
||||
<div class="setting-name">Identity</div>
|
||||
<div class="setting-field">
|
||||
<span id="user-dn-details-dialog"></span>
|
||||
</div>
|
||||
|
|
|
@ -95,6 +95,15 @@ body.login-body input, body.login-body textarea {
|
|||
height: 200px;
|
||||
}
|
||||
|
||||
#login-to-account-message {
|
||||
float: left;
|
||||
margin-top: 2px;
|
||||
}
|
||||
|
||||
#login-to-account-link {
|
||||
text-decoration: underline;
|
||||
}
|
||||
|
||||
/*
|
||||
Submission
|
||||
*/
|
||||
|
|
|
@ -70,6 +70,11 @@ nf.Login = (function () {
|
|||
$('#nifi-registration-justification').count({
|
||||
charCountField: '#remaining-characters'
|
||||
});
|
||||
|
||||
// toggle between signup and login
|
||||
$('#login-to-account-link').on('click', function () {
|
||||
showLogin();
|
||||
});
|
||||
};
|
||||
|
||||
var showUserRegistration = function () {
|
||||
|
@ -77,6 +82,7 @@ nf.Login = (function () {
|
|||
|
||||
$('div.nifi-submit-justification').hide();
|
||||
$('#user-registration-container').show();
|
||||
$('#login-to-account-message').show();
|
||||
$('#login-submission-button').text('Create');
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue