NIFI-655:

- Allowing the user to link back to the log in page from the new account page.
- Renaming DN to identity where possible.
This commit is contained in:
Matt Gilman 2015-11-06 09:55:40 -05:00
parent b6d09b86b6
commit 06a4736a58
48 changed files with 302 additions and 276 deletions

View File

@ -31,33 +31,33 @@ import org.apache.nifi.authorization.exception.UnknownIdentityException;
public interface AuthorityProvider {
/**
* @param dn of the user
* @return whether the user with the specified DN is known to this authority
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
* @return whether the user with the specified identity is known to this authority
* provider. It is not necessary for the user to have any authorities
*/
boolean doesDnExist(String dn) throws AuthorityAccessException;
boolean doesDnExist(String identity) throws AuthorityAccessException;
/**
* Get the authorities for the specified user. If the specified user exists
* but does not have any authorities, an empty set should be returned.
*
* @param dn of the user to lookup
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
* @return the authorities for the specified user. If the specified user
* exists but does not have any authorities, an empty set should be returned
* @throws UnknownIdentityException if identity is not known
* @throws AuthorityAccessException if unable to access authorities
*/
Set<Authority> getAuthorities(String dn) throws UnknownIdentityException, AuthorityAccessException;
Set<Authority> getAuthorities(String identity) throws UnknownIdentityException, AuthorityAccessException;
/**
* Sets the specified authorities for the specified user.
*
* @param dn the specified user
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
* @param authorities the new authorities for the user
* @throws UnknownIdentityException if identity is not known
* @throws AuthorityAccessException if unable to access authorities
*/
void setAuthorities(String dn, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException;
void setAuthorities(String identity, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException;
/**
* Gets the users for the specified authority.
@ -72,32 +72,32 @@ public interface AuthorityProvider {
* Revokes the specified user. Its up to the implementor to determine the
* semantics of revocation.
*
* @param dn the dn of the user
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
* @throws UnknownIdentityException if the user is not known
* @throws AuthorityAccessException if unable to access the authorities
*/
void revokeUser(String dn) throws UnknownIdentityException, AuthorityAccessException;
void revokeUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
/**
* Add the specified user.
*
* @param dn of the user
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
* @param group Optional
* @throws UnknownIdentityException if the user is not known
* @throws AuthorityAccessException if unable to access the authorities
*/
void addUser(String dn, String group) throws IdentityAlreadyExistsException, AuthorityAccessException;
void addUser(String identity, String group) throws IdentityAlreadyExistsException, AuthorityAccessException;
/**
* Gets the group for the specified user. Return null if the user does not
* belong to a group.
*
* @param dn the user
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
* @return the group of the given user
* @throws UnknownIdentityException if the user is not known
* @throws AuthorityAccessException if unable to access the authorities
*/
String getGroupForUser(String dn) throws UnknownIdentityException, AuthorityAccessException;
String getGroupForUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
/**
* Revokes all users for a specified group. Its up to the implementor to
@ -112,21 +112,21 @@ public interface AuthorityProvider {
/**
* Adds the specified users to the specified group.
*
* @param dn the set of users to add to the group
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
* @param group to add users to
* @throws UnknownIdentityException if the user is not known
* @throws AuthorityAccessException if unable to access the authorities
*/
void setUsersGroup(Set<String> dn, String group) throws UnknownIdentityException, AuthorityAccessException;
void setUsersGroup(Set<String> identity, String group) throws UnknownIdentityException, AuthorityAccessException;
/**
* Ungroups the specified user.
*
* @param dn of the user
* @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
* @throws UnknownIdentityException if the user is not known
* @throws AuthorityAccessException if unable to access the authorities
*/
void ungroupUser(String dn) throws UnknownIdentityException, AuthorityAccessException;
void ungroupUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
/**
* Ungroups the specified group. Since the semantics of revocation is up to
@ -143,18 +143,18 @@ public interface AuthorityProvider {
* Determines whether the user in the specified dnChain should be able to
* download the content for the flowfile with the specified attributes.
*
* The first dn in the chain is the end user that the request was issued on
* behalf of. The subsequent dn's in the chain represent entities proxying
* The first identity in the chain is the end user that the request was issued on
* behalf of. The subsequent identities in the chain represent entities proxying
* the user's request with the last being the proxy that sent the current
* request.
*
* @param dnChain of the user
* @param proxyChain proxy chain of user identities that for the download request
* @param attributes of the flowfile being requested
* @return the authorization result
* @throws UnknownIdentityException if the user is not known
* @throws AuthorityAccessException if unable to access the authorities
*/
DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException;
DownloadAuthorization authorizeDownload(List<String> proxyChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException;
/**
* Called immediately after instance creation for implementers to perform

View File

@ -54,7 +54,7 @@ public interface NiFiWebConfigurationContext {
void saveActions(NiFiWebRequestContext requestContext, Collection<ConfigurationAction> actions);
/**
* @return the current user dn. Returns null if no user is found
* @return the current user identity. The value may be a DN, an email, a username, or any string that identities the user. Returns null if no user is found
*/
String getCurrentUserDn();

View File

@ -51,7 +51,7 @@ public interface NiFiWebContext {
void saveActions(Collection<ProcessorConfigurationAction> actions);
/**
* @return the current user dn. Returns null if no user is found
* @return the current user identity. It may be a dn, an email, a username, or any string that identities the user. Returns null if no user is found
*/
String getCurrentUserDn();

View File

@ -67,8 +67,8 @@ public class UserDataSourceFactoryBean implements FactoryBean {
+ "ID, IDENTITY, USER_NAME, CREATION, LAST_VERIFIED, JUSTIFICATION, STATUS"
+ ") VALUES ("
+ "'" + UUID.randomUUID().toString() + "', "
+ "'" + NiFiUser.ANONYMOUS_USER_DN + "', "
+ "'" + NiFiUser.ANONYMOUS_USER_DN + "', "
+ "'" + NiFiUser.ANONYMOUS_USER_IDENTITY + "', "
+ "'" + NiFiUser.ANONYMOUS_USER_IDENTITY + "', "
+ "NOW(), "
+ "NOW(), "
+ "'Anonymous user needs no justification', "
@ -78,12 +78,12 @@ public class UserDataSourceFactoryBean implements FactoryBean {
private static final String INSERT_ANONYMOUS_AUTHORITY = "INSERT INTO AUTHORITY ("
+ "USER_ID, ROLE"
+ ") VALUES ("
+ "(SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_DN + "'), "
+ "(SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_IDENTITY + "'), "
+ "'%s'"
+ ")";
private static final String DELETE_ANONYMOUS_AUTHORITIES = "DELETE FROM AUTHORITY "
+ "WHERE USER_ID = (SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_DN + "')";
+ "WHERE USER_ID = (SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_IDENTITY + "')";
private static final String RENAME_DN_COLUMN = "ALTER TABLE USER ALTER COLUMN DN RENAME TO IDENTITY";
private static final String RESIZE_IDENTITY_COLUMN = "ALTER TABLE USER MODIFY IDENTITY VARCHAR(4096)";

View File

@ -194,7 +194,7 @@ public class StandardUserDAO implements UserDAO {
try {
// create the connection and obtain a statement
statement = connection.prepareStatement(SELECT_USERS);
statement.setString(1, NiFiUser.ANONYMOUS_USER_DN);
statement.setString(1, NiFiUser.ANONYMOUS_USER_IDENTITY);
// execute the query
rs = statement.executeQuery();
@ -211,7 +211,7 @@ public class StandardUserDAO implements UserDAO {
if (user == null || !userId.equals(user.getId())) {
user = new NiFiUser();
user.setId(userId);
user.setDn(rs.getString("IDENTITY"));
user.setIdentity(rs.getString("IDENTITY"));
user.setUserName(rs.getString("USER_NAME"));
user.setUserGroup(rs.getString("USER_GROUP"));
user.setJustification(rs.getString("JUSTIFICATION"));
@ -287,7 +287,7 @@ public class StandardUserDAO implements UserDAO {
try {
// create the connection and obtain a statement
statement = connection.prepareStatement(SELECT_USER_GROUP);
statement.setString(1, NiFiUser.ANONYMOUS_USER_DN);
statement.setString(1, NiFiUser.ANONYMOUS_USER_IDENTITY);
statement.setString(2, group);
// execute the query
@ -305,7 +305,7 @@ public class StandardUserDAO implements UserDAO {
if (user == null || !userId.equals(user.getId())) {
user = new NiFiUser();
user.setId(userId);
user.setDn(rs.getString("IDENTITY"));
user.setIdentity(rs.getString("IDENTITY"));
user.setUserName(rs.getString("USER_NAME"));
user.setUserGroup(rs.getString("USER_GROUP"));
user.setJustification(rs.getString("JUSTIFICATION"));
@ -366,7 +366,7 @@ public class StandardUserDAO implements UserDAO {
if (user == null) {
user = new NiFiUser();
user.setId(rs.getString("ID"));
user.setDn(rs.getString("IDENTITY"));
user.setIdentity(rs.getString("IDENTITY"));
user.setUserName(rs.getString("USER_NAME"));
user.setUserGroup(rs.getString("USER_GROUP"));
user.setJustification(rs.getString("JUSTIFICATION"));
@ -424,7 +424,7 @@ public class StandardUserDAO implements UserDAO {
if (user == null) {
user = new NiFiUser();
user.setId(rs.getString("ID"));
user.setDn(rs.getString("IDENTITY"));
user.setIdentity(rs.getString("IDENTITY"));
user.setUserName(rs.getString("USER_NAME"));
user.setUserGroup(rs.getString("USER_GROUP"));
user.setJustification(rs.getString("JUSTIFICATION"));
@ -463,19 +463,19 @@ public class StandardUserDAO implements UserDAO {
@Override
public NiFiUser createUser(NiFiUser user) throws DataAccessException {
if (user.getDn() == null) {
throw new IllegalArgumentException("User dn must be specified.");
if (user.getIdentity() == null) {
throw new IllegalArgumentException("User identity must be specified.");
}
PreparedStatement statement = null;
ResultSet rs = null;
try {
final String id = UUID.nameUUIDFromBytes(user.getDn().getBytes(StandardCharsets.UTF_8)).toString();
final String id = UUID.nameUUIDFromBytes(user.getIdentity().getBytes(StandardCharsets.UTF_8)).toString();
// create a statement
statement = connection.prepareStatement(INSERT_USER, Statement.RETURN_GENERATED_KEYS);
statement.setString(1, id);
statement.setString(2, StringUtils.left(user.getDn(), 4096));
statement.setString(2, StringUtils.left(user.getIdentity(), 4096));
statement.setString(3, StringUtils.left(user.getUserName(), 4096));
statement.setString(4, StringUtils.left(user.getUserGroup(), 100));
if (user.getLastVerified() != null) {
@ -531,7 +531,7 @@ public class StandardUserDAO implements UserDAO {
try {
// create a statement
statement = connection.prepareStatement(UPDATE_USER);
statement.setString(1, StringUtils.left(user.getDn(), 4096));
statement.setString(1, StringUtils.left(user.getIdentity(), 4096));
statement.setString(2, StringUtils.left(user.getUserName(), 4096));
statement.setString(3, StringUtils.left(user.getUserGroup(), 100));
statement.setString(6, StringUtils.left(user.getJustification(), 500));

View File

@ -76,14 +76,14 @@ public abstract class AbstractUserAction<T> implements AdministrationAction<T> {
*/
protected void verifyAccount(AuthorityProvider authorityProvider, NiFiUser user) {
// load the roles for the user
Set<Authority> authorities = authorityProvider.getAuthorities(user.getDn());
Set<Authority> authorities = authorityProvider.getAuthorities(user.getIdentity());
// update the user's authorities
user.getAuthorities().clear();
user.getAuthorities().addAll(authorities);
// get the user group
user.setUserGroup(authorityProvider.getGroupForUser(user.getDn()));
user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity()));
// update the users status in case they were previously pending or disabled
user.setStatus(AccountStatus.ACTIVE);

View File

@ -37,11 +37,11 @@ import org.apache.nifi.user.NiFiUser;
*/
public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
private final String dn;
private final String identity;
private final int cacheDurationSeconds;
public AuthorizeUserAction(String dn, int cacheDurationSeconds) {
this.dn = dn;
public AuthorizeUserAction(String identity, int cacheDurationSeconds) {
this.identity = identity;
this.cacheDurationSeconds = cacheDurationSeconds;
}
@ -50,14 +50,14 @@ public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
UserDAO userDao = daoFactory.getUserDAO();
// get the user
NiFiUser user = userDao.findUserByDn(dn);
NiFiUser user = userDao.findUserByDn(identity);
// verify the user was found
if (user == null) {
// determine whether this users exists
boolean doesDnExist = false;
try {
doesDnExist = authorityProvider.doesDnExist(dn);
doesDnExist = authorityProvider.doesDnExist(identity);
} catch (AuthorityAccessException aae) {
throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
}
@ -66,8 +66,8 @@ public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
if (doesDnExist) {
// create the user
user = new NiFiUser();
user.setDn(dn);
user.setUserName(CertificateUtils.extractUsername(dn));
user.setIdentity(identity);
user.setUserName(CertificateUtils.extractUsername(identity));
user.setJustification("User details specified by authority provider.");
try {
@ -86,12 +86,12 @@ public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
createUser.execute(daoFactory, authorityProvider);
} catch (UnknownIdentityException uie) {
// strange since the provider just reported this dn existed but handleing anyways...
throw new AccountNotFoundException(String.format("Unable to verify access for %s.", dn));
throw new AccountNotFoundException(String.format("Unable to verify access for %s.", identity));
} catch (AuthorityAccessException aae) {
throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
}
} else {
throw new AccountNotFoundException(String.format("Unable to verify access for %s.", dn));
throw new AccountNotFoundException(String.format("Unable to verify access for %s.", identity));
}
} else {
Throwable providerError = null;
@ -134,7 +134,7 @@ public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
updateUserAuthorities.execute(daoFactory, authorityProvider);
if (providerError != null) {
throw new AccountDisabledException(String.format("User credentials for %s were not found. This account has been disabled.", user.getDn()), providerError);
throw new AccountDisabledException(String.format("User credentials for %s were not found. This account has been disabled.", user.getIdentity()), providerError);
}
}
@ -165,9 +165,9 @@ public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
*/
private void checkAccountStatus(NiFiUser user) {
if (AccountStatus.DISABLED.equals(user.getStatus())) {
throw new AccountDisabledException(String.format("The account for %s has been disabled.", user.getDn()));
throw new AccountDisabledException(String.format("The account for %s has been disabled.", user.getIdentity()));
} else if (AccountStatus.PENDING.equals(user.getStatus())) {
throw new AccountPendingException(String.format("The account for %s is currently pending approval.", user.getDn()));
throw new AccountPendingException(String.format("The account for %s is currently pending approval.", user.getIdentity()));
}
}
}

View File

@ -63,12 +63,12 @@ public class DisableUserAction implements AdministrationAction<NiFiUser> {
try {
// revoke the user in the authority provider
authorityProvider.revokeUser(user.getDn());
authorityProvider.revokeUser(user.getIdentity());
} catch (UnknownIdentityException uie) {
// user identity is not known
logger.info(String.format("User %s has already been removed from the authority provider.", user.getDn()));
logger.info(String.format("User %s has already been removed from the authority provider.", user.getIdentity()));
} catch (AuthorityAccessException aae) {
throw new AdministrationException(String.format("Unable to revoke user '%s': %s", user.getDn(), aae.getMessage()), aae);
throw new AdministrationException(String.format("Unable to revoke user '%s': %s", user.getIdentity(), aae.getMessage()), aae);
}
return user;

View File

@ -30,11 +30,11 @@ import org.apache.nifi.user.NiFiUser;
*/
public class RequestUserAccountAction implements AdministrationAction<NiFiUser> {
private final String dn;
private final String identity;
private final String justification;
public RequestUserAccountAction(String dn, String justification) {
this.dn = dn;
public RequestUserAccountAction(String identity, String justification) {
this.identity = identity;
this.justification = justification;
}
@ -43,15 +43,15 @@ public class RequestUserAccountAction implements AdministrationAction<NiFiUser>
UserDAO userDao = daoFactory.getUserDAO();
// determine if this user already exists
NiFiUser user = userDao.findUserByDn(dn);
NiFiUser user = userDao.findUserByDn(identity);
if (user != null) {
throw new IllegalArgumentException(String.format("User account for %s already exists.", dn));
throw new IllegalArgumentException(String.format("User account for %s already exists.", identity));
}
// create the user
user = new NiFiUser();
user.setDn(dn);
user.setUserName(CertificateUtils.extractUsername(dn));
user.setIdentity(identity);
user.setUserName(CertificateUtils.extractUsername(identity));
user.setJustification(justification);
user.setStatus(AccountStatus.PENDING);

View File

@ -46,7 +46,7 @@ public class SeedUserAccountsAction extends AbstractUserAction<Void> {
@Override
public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
UserDAO userDao = daoFactory.getUserDAO();
Set<String> authorizedDns = new HashSet<>();
Set<String> authorizedIdentities = new HashSet<>();
// get the current user cache
final Set<NiFiUser> existingUsers;
@ -62,7 +62,7 @@ public class SeedUserAccountsAction extends AbstractUserAction<Void> {
try {
// all users for all roles
for (final Authority authority : Authority.values()) {
authorizedDns.addAll(authorityProvider.getUsers(authority));
authorizedIdentities.addAll(authorityProvider.getUsers(authority));
}
} catch (AuthorityAccessException aae) {
// unable to access the authority provider... honor the cache
@ -73,25 +73,25 @@ public class SeedUserAccountsAction extends AbstractUserAction<Void> {
final Set<NiFiUser> accountsToRevoke = new HashSet<>(existingUsers);
// persist the users
for (String dn : authorizedDns) {
for (String identity : authorizedIdentities) {
NiFiUser user = null;
try {
// locate the user for this dn
user = userDao.findUserByDn(dn);
user = userDao.findUserByDn(identity);
boolean newAccount = false;
// if the user does not exist, create a new account
if (user == null) {
logger.info(String.format("Creating user account: %s", dn));
logger.info(String.format("Creating user account: %s", identity));
newAccount = true;
// create the user
user = new NiFiUser();
user.setDn(dn);
user.setUserName(CertificateUtils.extractUsername(dn));
user.setIdentity(identity);
user.setUserName(CertificateUtils.extractUsername(identity));
user.setJustification("User details specified by authority provider.");
} else {
logger.info(String.format("User account already created: %s. Updating authorities...", dn));
logger.info(String.format("User account already created: %s. Updating authorities...", identity));
}
// verify the account
@ -142,7 +142,7 @@ public class SeedUserAccountsAction extends AbstractUserAction<Void> {
}
try {
logger.info(String.format("User not authorized with configured provider: %s. Disabling account...", user.getDn()));
logger.info(String.format("User not authorized with configured provider: %s. Disabling account...", user.getIdentity()));
// disable the account and reset its last verified timestamp since it was not found
// in the current configured authority provider

View File

@ -56,11 +56,11 @@ public class UngroupUserAction extends AbstractUserAction<Void> {
try {
// update the authority provider
authorityProvider.ungroupUser(user.getDn());
authorityProvider.ungroupUser(user.getIdentity());
} catch (UnknownIdentityException uie) {
throw new AccountNotFoundException(String.format("Unable to ungroup user '%s': %s", user.getDn(), uie.getMessage()), uie);
throw new AccountNotFoundException(String.format("Unable to ungroup user '%s': %s", user.getIdentity(), uie.getMessage()), uie);
} catch (AuthorityAccessException aae) {
throw new AdministrationException(String.format("Unable to ungroup user '%s': %s", user.getDn(), aae.getMessage()), aae);
throw new AdministrationException(String.format("Unable to ungroup user '%s': %s", user.getIdentity(), aae.getMessage()), aae);
}
return null;

View File

@ -61,41 +61,41 @@ public class UpdateUserAction extends AbstractUserAction<NiFiUser> {
}
// determine whether this users exists
boolean doesDnExist = false;
boolean doesIdentityExist = false;
try {
doesDnExist = authorityProvider.doesDnExist(user.getDn());
doesIdentityExist = authorityProvider.doesDnExist(user.getIdentity());
} catch (AuthorityAccessException aae) {
throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
}
// if the user already doesn't exist, add them
if (!doesDnExist) {
if (!doesIdentityExist) {
try {
// add the account account and group if necessary
authorityProvider.addUser(user.getDn(), user.getUserGroup());
authorityProvider.addUser(user.getIdentity(), user.getUserGroup());
} catch (final IdentityAlreadyExistsException iaee) {
logger.warn(String.format("User '%s' already exists in the authority provider. Continuing with user update.", user.getDn()));
logger.warn(String.format("User '%s' already exists in the authority provider. Continuing with user update.", user.getIdentity()));
} catch (AuthorityAccessException aae) {
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s", user.getDn(), aae.getMessage()), aae);
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s", user.getIdentity(), aae.getMessage()), aae);
}
}
try {
// update the authority provider as approprivate
authorityProvider.setAuthorities(user.getDn(), authorities);
authorityProvider.setAuthorities(user.getIdentity(), authorities);
} catch (UnknownIdentityException uie) {
throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getDn(), uie.getMessage()), uie);
throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
} catch (AuthorityAccessException aae) {
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getDn(), aae.getMessage()), aae);
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
}
try {
// get the user group
user.setUserGroup(authorityProvider.getGroupForUser(user.getDn()));
user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity()));
} catch (UnknownIdentityException uie) {
throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getDn(), uie.getMessage()), uie);
throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
} catch (AuthorityAccessException aae) {
throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getDn(), aae.getMessage()), aae);
throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
}
// since all the authorities were updated accordingly, set the authorities

View File

@ -61,7 +61,7 @@ public class UpdateUserGroupAction extends AbstractUserAction<Void> {
// record the new users being added to this group
final Set<NiFiUser> newUsers = new HashSet<>();
final Set<String> newUserDns = new HashSet<>();
final Set<String> newUserIdentities = new HashSet<>();
// if the user ids have been specified we need to create/update a group using the specified group name
if (userIds != null) {
@ -81,13 +81,13 @@ public class UpdateUserGroupAction extends AbstractUserAction<Void> {
try {
// if the user is unknown to the authority provider we cannot continue
if (!authorityProvider.doesDnExist(user.getDn()) || AccountStatus.DISABLED.equals(user.getStatus())) {
throw new IllegalStateException(String.format("Unable to group these users because access for '%s' is not %s.", user.getDn(), AccountStatus.ACTIVE.toString()));
if (!authorityProvider.doesDnExist(user.getIdentity()) || AccountStatus.DISABLED.equals(user.getStatus())) {
throw new IllegalStateException(String.format("Unable to group these users because access for '%s' is not %s.", user.getIdentity(), AccountStatus.ACTIVE.toString()));
}
// record the user being added to this group
newUsers.add(user);
newUserDns.add(user.getDn());
newUserIdentities.add(user.getIdentity());
} catch (final AuthorityAccessException aae) {
throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
}
@ -95,11 +95,11 @@ public class UpdateUserGroupAction extends AbstractUserAction<Void> {
try {
// update the authority provider
authorityProvider.setUsersGroup(newUserDns, group);
authorityProvider.setUsersGroup(newUserIdentities, group);
} catch (UnknownIdentityException uie) {
throw new AccountNotFoundException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserDns, ", "), uie.getMessage()), uie);
throw new AccountNotFoundException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserIdentities, ", "), uie.getMessage()), uie);
} catch (AuthorityAccessException aae) {
throw new AdministrationException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserDns, ", "), aae.getMessage()), aae);
throw new AdministrationException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserIdentities, ", "), aae.getMessage()), aae);
}
}
@ -118,35 +118,35 @@ public class UpdateUserGroupAction extends AbstractUserAction<Void> {
if (authorities != null) {
try {
// update the authority provider as approprivate
authorityProvider.setAuthorities(user.getDn(), authorities);
authorityProvider.setAuthorities(user.getIdentity(), authorities);
// since all the authorities were updated accordingly, set the authorities
user.getAuthorities().clear();
user.getAuthorities().addAll(authorities);
} catch (UnknownIdentityException uie) {
throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getDn(), uie.getMessage()), uie);
throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
} catch (AuthorityAccessException aae) {
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getDn(), aae.getMessage()), aae);
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
}
} else {
try {
// refresh the authorities according to the provider
user.getAuthorities().clear();
user.getAuthorities().addAll(authorityProvider.getAuthorities(user.getDn()));
user.getAuthorities().addAll(authorityProvider.getAuthorities(user.getIdentity()));
} catch (UnknownIdentityException uie) {
throw new AccountNotFoundException(String.format("Unable to determine the authorities for '%s': %s.", user.getDn(), uie.getMessage()), uie);
throw new AccountNotFoundException(String.format("Unable to determine the authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
} catch (AuthorityAccessException aae) {
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getDn(), aae.getMessage()), aae);
throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
}
}
try {
// get the user group
user.setUserGroup(authorityProvider.getGroupForUser(user.getDn()));
user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity()));
} catch (UnknownIdentityException uie) {
throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getDn(), uie.getMessage()), uie);
throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
} catch (AuthorityAccessException aae) {
throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getDn(), aae.getMessage()), aae);
throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
}
// update the users status in case they were previously pending or disabled

View File

@ -29,10 +29,10 @@ import org.apache.commons.lang3.StringUtils;
*/
public class NiFiUser implements Serializable {
public static final String ANONYMOUS_USER_DN = "anonymous";
public static final String ANONYMOUS_USER_IDENTITY = "anonymous";
private String id;
private String dn;
private String identity;
private String userName;
private String userGroup;
private String justification;
@ -55,12 +55,12 @@ public class NiFiUser implements Serializable {
this.creation = creation;
}
public String getDn() {
return dn;
public String getIdentity() {
return identity;
}
public void setDn(String dn) {
this.dn = dn;
public void setIdentity(String identity) {
this.identity = identity;
}
public String getUserName() {
@ -143,7 +143,7 @@ public class NiFiUser implements Serializable {
return false;
}
final NiFiUser other = (NiFiUser) obj;
if (!Objects.equals(this.dn, other.dn)) {
if (!Objects.equals(this.identity, other.identity)) {
return false;
}
return true;
@ -152,13 +152,13 @@ public class NiFiUser implements Serializable {
@Override
public int hashCode() {
int hash = 7;
hash = 53 * hash + Objects.hashCode(this.dn);
hash = 53 * hash + Objects.hashCode(this.identity);
return hash;
}
@Override
public String toString() {
return String.format("dn[%s], userName[%s], justification[%s], authorities[%s]", getDn(), getUserName(), getJustification(), StringUtils.join(getAuthorities(), ", "));
return String.format("identity[%s], userName[%s], justification[%s], authorities[%s]", getIdentity(), getUserName(), getJustification(), StringUtils.join(getAuthorities(), ", "));
}
}

View File

@ -54,17 +54,17 @@ public class AuthorizeUserActionTest {
private static final String USER_ID_10 = "10";
private static final String USER_ID_11 = "11";
private static final String USER_DN_1 = "authority access exception while searching for user";
private static final String USER_DN_2 = "unknown user";
private static final String USER_DN_3 = "user removed after checking existence";
private static final String USER_DN_4 = "access exception getting authorities";
private static final String USER_DN_5 = "error creating user account";
private static final String USER_DN_6 = "create user general sequence";
private static final String USER_DN_7 = "existing user requires verification";
private static final String USER_DN_8 = "existing user does not require verification";
private static final String USER_DN_9 = "existing pending user";
private static final String USER_DN_10 = "existing disabled user";
private static final String USER_DN_11 = "existing user is now unknown in the authority provider";
private static final String USER_IDENTITY_1 = "authority access exception while searching for user";
private static final String USER_IDENTITY_2 = "unknown user";
private static final String USER_IDENTITY_3 = "user removed after checking existence";
private static final String USER_IDENTITY_4 = "access exception getting authorities";
private static final String USER_IDENTITY_5 = "error creating user account";
private static final String USER_IDENTITY_6 = "create user general sequence";
private static final String USER_IDENTITY_7 = "existing user requires verification";
private static final String USER_IDENTITY_8 = "existing user does not require verification";
private static final String USER_IDENTITY_9 = "existing pending user";
private static final String USER_IDENTITY_10 = "existing disabled user";
private static final String USER_IDENTITY_11 = "existing user is now unknown in the authority provider";
private DAOFactory daoFactory;
private UserDAO userDao;
@ -85,18 +85,18 @@ public class AuthorizeUserActionTest {
if (USER_ID_7.equals(id)) {
user = new NiFiUser();
user.setId(USER_ID_7);
user.setDn(USER_DN_7);
user.setIdentity(USER_IDENTITY_7);
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
} else if (USER_ID_8.equals(id)) {
user = new NiFiUser();
user.setId(USER_ID_8);
user.setDn(USER_DN_8);
user.setIdentity(USER_IDENTITY_8);
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
user.setLastVerified(new Date());
} else if (USER_ID_11.equals(id)) {
user = new NiFiUser();
user.setId(USER_ID_11);
user.setDn(USER_DN_11);
user.setIdentity(USER_IDENTITY_11);
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
user.setStatus(AccountStatus.ACTIVE);
}
@ -112,35 +112,35 @@ public class AuthorizeUserActionTest {
NiFiUser user = null;
switch (dn) {
case USER_DN_7:
case USER_IDENTITY_7:
user = new NiFiUser();
user.setId(USER_ID_7);
user.setDn(USER_DN_7);
user.setIdentity(USER_IDENTITY_7);
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
break;
case USER_DN_8:
case USER_IDENTITY_8:
user = new NiFiUser();
user.setId(USER_ID_8);
user.setDn(USER_DN_8);
user.setIdentity(USER_IDENTITY_8);
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
user.setLastVerified(new Date());
break;
case USER_DN_9:
case USER_IDENTITY_9:
user = new NiFiUser();
user.setId(USER_ID_9);
user.setDn(USER_DN_9);
user.setIdentity(USER_IDENTITY_9);
user.setStatus(AccountStatus.PENDING);
break;
case USER_DN_10:
case USER_IDENTITY_10:
user = new NiFiUser();
user.setId(USER_ID_10);
user.setDn(USER_DN_10);
user.setIdentity(USER_IDENTITY_10);
user.setStatus(AccountStatus.DISABLED);
break;
case USER_DN_11:
case USER_IDENTITY_11:
user = new NiFiUser();
user.setId(USER_ID_11);
user.setDn(USER_DN_11);
user.setIdentity(USER_IDENTITY_11);
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
user.setStatus(AccountStatus.ACTIVE);
break;
@ -154,10 +154,10 @@ public class AuthorizeUserActionTest {
public Void answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
NiFiUser user = (NiFiUser) args[0];
switch (user.getDn()) {
case USER_DN_5:
switch (user.getIdentity()) {
case USER_IDENTITY_5:
throw new DataAccessException();
case USER_DN_6:
case USER_IDENTITY_6:
user.setId(USER_ID_6);
break;
}
@ -215,9 +215,9 @@ public class AuthorizeUserActionTest {
Object[] args = invocation.getArguments();
String dn = (String) args[0];
switch (dn) {
case USER_DN_1:
case USER_IDENTITY_1:
throw new AuthorityAccessException(StringUtils.EMPTY);
case USER_DN_2:
case USER_IDENTITY_2:
return false;
}
@ -231,21 +231,21 @@ public class AuthorizeUserActionTest {
String dn = (String) args[0];
Set<Authority> authorities = EnumSet.noneOf(Authority.class);
switch (dn) {
case USER_DN_3:
case USER_IDENTITY_3:
throw new UnknownIdentityException(StringUtils.EMPTY);
case USER_DN_4:
case USER_IDENTITY_4:
throw new AuthorityAccessException(StringUtils.EMPTY);
case USER_DN_6:
case USER_IDENTITY_6:
authorities.add(Authority.ROLE_MONITOR);
break;
case USER_DN_7:
case USER_IDENTITY_7:
authorities.add(Authority.ROLE_DFM);
break;
case USER_DN_9:
case USER_IDENTITY_9:
throw new UnknownIdentityException(StringUtils.EMPTY);
case USER_DN_10:
case USER_IDENTITY_10:
throw new UnknownIdentityException(StringUtils.EMPTY);
case USER_DN_11:
case USER_IDENTITY_11:
throw new UnknownIdentityException(StringUtils.EMPTY);
}
@ -272,7 +272,7 @@ public class AuthorizeUserActionTest {
*/
@Test(expected = AdministrationException.class)
public void testAuthorityAccessExceptionInDoesDnExist() throws Exception {
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_1, 0);
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_1, 0);
authorizeUser.execute(daoFactory, authorityProvider);
}
@ -283,7 +283,7 @@ public class AuthorizeUserActionTest {
*/
@Test(expected = AccountNotFoundException.class)
public void testUnknownUser() throws Exception {
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_2, 0);
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_2, 0);
authorizeUser.execute(daoFactory, authorityProvider);
}
@ -294,7 +294,7 @@ public class AuthorizeUserActionTest {
*/
@Test(expected = AccountNotFoundException.class)
public void testUserRemovedAfterCheckingExistence() throws Exception {
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_3, 0);
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_3, 0);
authorizeUser.execute(daoFactory, authorityProvider);
}
@ -305,7 +305,7 @@ public class AuthorizeUserActionTest {
*/
@Test(expected = AdministrationException.class)
public void testAuthorityAccessException() throws Exception {
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_4, 0);
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_4, 0);
authorizeUser.execute(daoFactory, authorityProvider);
}
@ -316,7 +316,7 @@ public class AuthorizeUserActionTest {
*/
@Test(expected = DataAccessException.class)
public void testErrorCreatingUserAccount() throws Exception {
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_5, 0);
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_5, 0);
authorizeUser.execute(daoFactory, authorityProvider);
}
@ -327,11 +327,11 @@ public class AuthorizeUserActionTest {
*/
@Test
public void testAccountCreation() throws Exception {
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_6, 0);
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_6, 0);
NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider);
// verify the user
Assert.assertEquals(USER_DN_6, user.getDn());
Assert.assertEquals(USER_IDENTITY_6, user.getIdentity());
Assert.assertEquals(1, user.getAuthorities().size());
Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_MONITOR));
@ -347,11 +347,11 @@ public class AuthorizeUserActionTest {
*/
@Test
public void testExistingUserRequiresVerification() throws Exception {
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_7, 0);
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_7, 0);
NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider);
// verify the user
Assert.assertEquals(USER_DN_7, user.getDn());
Assert.assertEquals(USER_IDENTITY_7, user.getIdentity());
Assert.assertEquals(1, user.getAuthorities().size());
Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_DFM));
@ -369,11 +369,11 @@ public class AuthorizeUserActionTest {
@Test
public void testExistingUserNoVerification() throws Exception {
// disabling verification by passing in a large cache duration
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_8, Integer.MAX_VALUE);
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_8, Integer.MAX_VALUE);
NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider);
// verify the user
Assert.assertEquals(USER_DN_8, user.getDn());
Assert.assertEquals(USER_IDENTITY_8, user.getIdentity());
Assert.assertEquals(1, user.getAuthorities().size());
Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_MONITOR));
@ -391,7 +391,7 @@ public class AuthorizeUserActionTest {
@Test(expected = AccountPendingException.class)
public void testExistingPendingUser() throws Exception {
// disabling verification by passing in a large cache duration
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_9, Integer.MAX_VALUE);
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_9, Integer.MAX_VALUE);
authorizeUser.execute(daoFactory, authorityProvider);
}
@ -403,7 +403,7 @@ public class AuthorizeUserActionTest {
@Test(expected = AccountDisabledException.class)
public void testExistingDisabledUser() throws Exception {
// disabling verification by passing in a large cache duration
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_10, Integer.MAX_VALUE);
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_10, Integer.MAX_VALUE);
authorizeUser.execute(daoFactory, authorityProvider);
}
@ -416,7 +416,7 @@ public class AuthorizeUserActionTest {
@Test
public void testExistingActiveUserNotFoundInProvider() throws Exception {
try {
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_11, 0);
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_11, 0);
authorizeUser.execute(daoFactory, authorityProvider);
Assert.fail();

View File

@ -40,8 +40,8 @@ public class CreateUserActionTest {
private final String USER_ID_2 = "2";
private final String USER_ID_3 = "3";
private final String USER_DN_1 = "data access exception when creating user";
private final String USER_DN_3 = "general create user case";
private final String USER_IDENTITY_1 = "data access exception when creating user";
private final String USER_IDENTITY_3 = "general create user case";
private DAOFactory daoFactory;
private UserDAO userDao;
@ -57,9 +57,9 @@ public class CreateUserActionTest {
Object[] args = invocation.getArguments();
NiFiUser user = (NiFiUser) args[0];
if (USER_DN_1.equals(user.getDn())) {
if (USER_IDENTITY_1.equals(user.getIdentity())) {
throw new DataAccessException();
} else if (USER_DN_3.equals(user.getDn())) {
} else if (USER_IDENTITY_3.equals(user.getIdentity())) {
user.setId(USER_ID_3);
}
@ -100,7 +100,7 @@ public class CreateUserActionTest {
@Test(expected = DataAccessException.class)
public void testExceptionCreatingUser() throws Exception {
NiFiUser user = new NiFiUser();
user.setDn(USER_DN_1);
user.setIdentity(USER_IDENTITY_1);
CreateUserAction createUser = new CreateUserAction(user);
createUser.execute(daoFactory, null);
@ -128,7 +128,7 @@ public class CreateUserActionTest {
@Test
public void testCreateUserAccount() throws Exception {
NiFiUser user = new NiFiUser();
user.setDn(USER_DN_3);
user.setIdentity(USER_IDENTITY_3);
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_DFM, Authority.ROLE_ADMIN));
CreateUserAction createUser = new CreateUserAction(user);

View File

@ -40,8 +40,8 @@ public class DisableUserActionTest {
private static final String USER_ID_3 = "3";
private static final String USER_ID_4 = "4";
private static final String USER_DN_3 = "authority access exception";
private static final String USER_DN_4 = "general disable user case";
private static final String USER_IDENTITY_3 = "authority access exception";
private static final String USER_IDENTITY_4 = "general disable user case";
private DAOFactory daoFactory;
private UserDAO userDao;
@ -66,11 +66,11 @@ public class DisableUserActionTest {
} else if (USER_ID_3.equals(id)) {
user = new NiFiUser();
user.setId(id);
user.setDn(USER_DN_3);
user.setIdentity(USER_IDENTITY_3);
} else if (USER_ID_4.equals(id)) {
user = new NiFiUser();
user.setId(id);
user.setDn(USER_DN_4);
user.setIdentity(USER_IDENTITY_4);
user.setStatus(AccountStatus.ACTIVE);
}
return user;
@ -103,7 +103,7 @@ public class DisableUserActionTest {
Object[] args = invocation.getArguments();
String dn = (String) args[0];
if (USER_DN_3.equals(dn)) {
if (USER_IDENTITY_3.equals(dn)) {
throw new AuthorityAccessException(StringUtils.EMPTY);
}
@ -158,11 +158,11 @@ public class DisableUserActionTest {
// verify the user
Assert.assertEquals(USER_ID_4, user.getId());
Assert.assertEquals(USER_DN_4, user.getDn());
Assert.assertEquals(USER_IDENTITY_4, user.getIdentity());
Assert.assertEquals(AccountStatus.DISABLED, user.getStatus());
// verify the interaction with the dao and provider
Mockito.verify(userDao, Mockito.times(1)).updateUser(user);
Mockito.verify(authorityProvider, Mockito.times(1)).revokeUser(USER_DN_4);
Mockito.verify(authorityProvider, Mockito.times(1)).revokeUser(USER_IDENTITY_4);
}
}

View File

@ -36,9 +36,9 @@ public class RequestUserAccountActionTest {
private static final String USER_ID_3 = "3";
private static final String USER_DN_1 = "existing user account dn";
private static final String USER_DN_2 = "data access exception";
private static final String USER_DN_3 = "new account request";
private static final String USER_IDENTITY_1 = "existing user account";
private static final String USER_IDENTITY_2 = "data access exception";
private static final String USER_IDENTITY_3 = "new account request";
private DAOFactory daoFactory;
private UserDAO userDao;
@ -54,7 +54,7 @@ public class RequestUserAccountActionTest {
String dn = (String) args[0];
NiFiUser user = null;
if (USER_DN_1.equals(dn)) {
if (USER_IDENTITY_1.equals(dn)) {
user = new NiFiUser();
}
return user;
@ -65,10 +65,10 @@ public class RequestUserAccountActionTest {
public Void answer(InvocationOnMock invocation) throws Throwable {
Object[] args = invocation.getArguments();
NiFiUser user = (NiFiUser) args[0];
switch (user.getDn()) {
case USER_DN_2:
switch (user.getIdentity()) {
case USER_IDENTITY_2:
throw new DataAccessException();
case USER_DN_3:
case USER_IDENTITY_3:
user.setId(USER_ID_3);
break;
}
@ -90,7 +90,7 @@ public class RequestUserAccountActionTest {
*/
@Test(expected = IllegalArgumentException.class)
public void testExistingAccount() throws Exception {
RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_1, StringUtils.EMPTY);
RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_1, StringUtils.EMPTY);
requestUserAccount.execute(daoFactory, null);
}
@ -102,7 +102,7 @@ public class RequestUserAccountActionTest {
*/
@Test(expected = DataAccessException.class)
public void testDataAccessException() throws Exception {
RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_2, StringUtils.EMPTY);
RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_2, StringUtils.EMPTY);
requestUserAccount.execute(daoFactory, null);
}
@ -113,12 +113,12 @@ public class RequestUserAccountActionTest {
*/
@Test
public void testRequestUserAccountAction() throws Exception {
RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_3, StringUtils.EMPTY);
RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_3, StringUtils.EMPTY);
NiFiUser user = requestUserAccount.execute(daoFactory, null);
// verfiy the user
Assert.assertEquals(USER_ID_3, user.getId());
Assert.assertEquals(USER_DN_3, user.getDn());
Assert.assertEquals(USER_IDENTITY_3, user.getIdentity());
Assert.assertEquals(AccountStatus.PENDING, user.getStatus());
// verify interaction with dao

View File

@ -44,10 +44,10 @@ public class SeedUserAccountsActionTest {
private static final String USER_ID_3 = "3";
private static final String USER_ID_4 = "4";
private static final String USER_DN_1 = "user dn 1 - active user - remove monitor and operator, add dfm";
private static final String USER_DN_2 = "user dn 2 - active user - no action";
private static final String USER_DN_3 = "user dn 3 - pending user - add operator";
private static final String USER_DN_4 = "user dn 4 - new user - add monitor";
private static final String USER_IDENTITY_1 = "user 1 - active user - remove monitor and operator, add dfm";
private static final String USER_IDENTITY_2 = "user 2 - active user - no action";
private static final String USER_IDENTITY_3 = "user 3 - pending user - add operator";
private static final String USER_IDENTITY_4 = "user 4 - new user - add monitor";
private DAOFactory daoFactory;
private UserDAO userDao;
@ -68,19 +68,19 @@ public class SeedUserAccountsActionTest {
if (USER_ID_1.equals(id)) {
user = new NiFiUser();
user.setId(USER_ID_1);
user.setDn(USER_DN_1);
user.setIdentity(USER_IDENTITY_1);
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
user.setStatus(AccountStatus.ACTIVE);
} else if (USER_ID_2.equals(id)) {
user = new NiFiUser();
user.setId(USER_ID_2);
user.setDn(USER_DN_2);
user.setIdentity(USER_IDENTITY_2);
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_ADMIN));
user.setStatus(AccountStatus.ACTIVE);
} else if (USER_ID_3.equals(id)) {
user = new NiFiUser();
user.setId(USER_ID_3);
user.setDn(USER_DN_3);
user.setIdentity(USER_IDENTITY_3);
user.setStatus(AccountStatus.PENDING);
}
return user;
@ -93,22 +93,22 @@ public class SeedUserAccountsActionTest {
String dn = (String) args[0];
NiFiUser user = null;
if (USER_DN_1.equals(dn)) {
if (USER_IDENTITY_1.equals(dn)) {
user = new NiFiUser();
user.setId(USER_ID_1);
user.setDn(USER_DN_1);
user.setIdentity(USER_IDENTITY_1);
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
user.setStatus(AccountStatus.ACTIVE);
} else if (USER_DN_2.equals(dn)) {
} else if (USER_IDENTITY_2.equals(dn)) {
user = new NiFiUser();
user.setId(USER_ID_2);
user.setDn(USER_DN_2);
user.setIdentity(USER_IDENTITY_2);
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_ADMIN));
user.setStatus(AccountStatus.ACTIVE);
} else if (USER_DN_3.equals(dn)) {
} else if (USER_IDENTITY_3.equals(dn)) {
user = new NiFiUser();
user.setId(USER_ID_3);
user.setDn(USER_DN_3);
user.setIdentity(USER_IDENTITY_3);
user.setStatus(AccountStatus.PENDING);
}
return user;
@ -120,7 +120,7 @@ public class SeedUserAccountsActionTest {
Object[] args = invocation.getArguments();
NiFiUser user = (NiFiUser) args[0];
if (USER_DN_4.equals(user.getDn())) {
if (USER_IDENTITY_4.equals(user.getIdentity())) {
user.setId(USER_ID_4);
}
@ -141,13 +141,13 @@ public class SeedUserAccountsActionTest {
Set<String> users = new HashSet<>();
if (Authority.ROLE_DFM.equals(role)) {
users.add(USER_DN_1);
users.add(USER_IDENTITY_1);
} else if (Authority.ROLE_ADMIN.equals(role)) {
users.add(USER_DN_2);
users.add(USER_IDENTITY_2);
} else if (Authority.ROLE_PROXY.equals(role)) {
users.add(USER_DN_3);
users.add(USER_IDENTITY_3);
} else if (Authority.ROLE_MONITOR.equals(role)) {
users.add(USER_DN_4);
users.add(USER_IDENTITY_4);
}
return users;
}
@ -160,16 +160,16 @@ public class SeedUserAccountsActionTest {
Set<Authority> authorities = EnumSet.noneOf(Authority.class);
switch (dn) {
case USER_DN_1:
case USER_IDENTITY_1:
authorities.add(Authority.ROLE_DFM);
break;
case USER_DN_2:
case USER_IDENTITY_2:
authorities.add(Authority.ROLE_ADMIN);
break;
case USER_DN_3:
case USER_IDENTITY_3:
authorities.add(Authority.ROLE_PROXY);
break;
case USER_DN_4:
case USER_IDENTITY_4:
authorities.add(Authority.ROLE_MONITOR);
break;
}

View File

@ -46,8 +46,8 @@ public class SetUserAuthoritiesActionTest {
private static final String USER_ID_2 = "2";
private static final String USER_ID_3 = "3";
private static final String USER_DN_2 = "user dn 2";
private static final String USER_DN_3 = "user dn 3";
private static final String USER_IDENTITY_2 = "user 2";
private static final String USER_IDENTITY_3 = "user 3";
private DAOFactory daoFactory;
private UserDAO userDao;
@ -70,11 +70,11 @@ public class SetUserAuthoritiesActionTest {
} else if (USER_ID_2.equals(id)) {
user = new NiFiUser();
user.setId(USER_ID_2);
user.setDn(USER_DN_2);
user.setIdentity(USER_IDENTITY_2);
} else if (USER_ID_3.equals(id)) {
user = new NiFiUser();
user.setId(USER_ID_3);
user.setDn(USER_DN_3);
user.setIdentity(USER_IDENTITY_3);
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
user.setStatus(AccountStatus.ACTIVE);
}
@ -88,10 +88,10 @@ public class SetUserAuthoritiesActionTest {
String dn = (String) args[0];
NiFiUser user = null;
if (USER_DN_3.equals(dn)) {
if (USER_IDENTITY_3.equals(dn)) {
user = new NiFiUser();
user.setId(USER_ID_3);
user.setDn(USER_DN_3);
user.setIdentity(USER_IDENTITY_3);
user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
user.setStatus(AccountStatus.ACTIVE);
}
@ -148,7 +148,7 @@ public class SetUserAuthoritiesActionTest {
String dn = (String) args[0];
Set<Authority> authorities = EnumSet.noneOf(Authority.class);
if (USER_DN_3.equals(dn)) {
if (USER_IDENTITY_3.equals(dn)) {
authorities.add(Authority.ROLE_DFM);
}
@ -162,7 +162,7 @@ public class SetUserAuthoritiesActionTest {
String dn = (String) args[0];
Set<Authority> authorites = (Set<Authority>) args[1];
if (USER_DN_2.equals(dn)) {
if (USER_IDENTITY_2.equals(dn)) {
throw new AuthorityAccessException(StringUtils.EMPTY);
}
@ -218,6 +218,6 @@ public class SetUserAuthoritiesActionTest {
Set<Authority> authoritiesAddedToProvider = EnumSet.of(Authority.ROLE_ADMIN);
// verify interaction with provider
Mockito.verify(authorityProvider, Mockito.times(1)).setAuthorities(USER_DN_3, authoritiesAddedToProvider);
Mockito.verify(authorityProvider, Mockito.times(1)).setAuthorities(USER_IDENTITY_3, authoritiesAddedToProvider);
}
}

View File

@ -78,7 +78,7 @@ public class ControllerAuditor extends NiFiAuditor {
// create the config action
FlowChangeAction configAction = new FlowChangeAction();
configAction.setUserIdentity(user.getDn());
configAction.setUserIdentity(user.getIdentity());
configAction.setUserName(user.getUserName());
configAction.setOperation(Operation.Configure);
configAction.setTimestamp(new Date());
@ -131,7 +131,7 @@ public class ControllerAuditor extends NiFiAuditor {
// create the config action
FlowChangeAction configAction = new FlowChangeAction();
configAction.setUserIdentity(user.getDn());
configAction.setUserIdentity(user.getIdentity());
configAction.setUserName(user.getUserName());
configAction.setOperation(Operation.Configure);
configAction.setTimestamp(new Date());
@ -184,7 +184,7 @@ public class ControllerAuditor extends NiFiAuditor {
// create the config action
FlowChangeAction configAction = new FlowChangeAction();
configAction.setUserIdentity(user.getDn());
configAction.setUserIdentity(user.getIdentity());
configAction.setUserName(user.getUserName());
configAction.setOperation(Operation.Configure);
configAction.setTimestamp(new Date());
@ -237,7 +237,7 @@ public class ControllerAuditor extends NiFiAuditor {
// create the config action
FlowChangeAction configAction = new FlowChangeAction();
configAction.setUserIdentity(user.getDn());
configAction.setUserIdentity(user.getIdentity());
configAction.setUserName(user.getUserName());
configAction.setOperation(Operation.Configure);
configAction.setTimestamp(new Date());

View File

@ -167,7 +167,7 @@ public class ControllerServiceAuditor extends NiFiAuditor {
// create a configuration action
FlowChangeAction configurationAction = new FlowChangeAction();
configurationAction.setUserIdentity(user.getDn());
configurationAction.setUserIdentity(user.getIdentity());
configurationAction.setUserName(user.getUserName());
configurationAction.setOperation(operation);
configurationAction.setTimestamp(actionTimestamp);
@ -187,7 +187,7 @@ public class ControllerServiceAuditor extends NiFiAuditor {
if (isDisabled != updateIsDisabled) {
// create a controller service action
FlowChangeAction serviceAction = new FlowChangeAction();
serviceAction.setUserIdentity(user.getDn());
serviceAction.setUserIdentity(user.getIdentity());
serviceAction.setUserName(user.getUserName());
serviceAction.setTimestamp(new Date());
serviceAction.setSourceId(controllerService.getIdentifier());
@ -271,7 +271,7 @@ public class ControllerServiceAuditor extends NiFiAuditor {
// create a processor action
FlowChangeAction processorAction = new FlowChangeAction();
processorAction.setUserIdentity(user.getDn());
processorAction.setUserIdentity(user.getIdentity());
processorAction.setUserName(user.getUserName());
processorAction.setTimestamp(new Date());
processorAction.setSourceId(processor.getIdentifier());
@ -289,7 +289,7 @@ public class ControllerServiceAuditor extends NiFiAuditor {
// create a reporting task action
FlowChangeAction reportingTaskAction = new FlowChangeAction();
reportingTaskAction.setUserIdentity(user.getDn());
reportingTaskAction.setUserIdentity(user.getIdentity());
reportingTaskAction.setUserName(user.getUserName());
reportingTaskAction.setTimestamp(new Date());
reportingTaskAction.setSourceId(reportingTask.getIdentifier());
@ -307,7 +307,7 @@ public class ControllerServiceAuditor extends NiFiAuditor {
// create a controller service action
FlowChangeAction serviceAction = new FlowChangeAction();
serviceAction.setUserIdentity(user.getDn());
serviceAction.setUserIdentity(user.getIdentity());
serviceAction.setUserName(user.getUserName());
serviceAction.setTimestamp(new Date());
serviceAction.setSourceId(controllerService.getIdentifier());
@ -387,7 +387,7 @@ public class ControllerServiceAuditor extends NiFiAuditor {
// create the controller service action for adding this controller service
action = new FlowChangeAction();
action.setUserIdentity(user.getDn());
action.setUserIdentity(user.getIdentity());
action.setUserName(user.getUserName());
action.setOperation(operation);
action.setTimestamp(new Date());

View File

@ -121,7 +121,7 @@ public class FunnelAuditor extends NiFiAuditor {
if (user != null) {
// create the action for adding this funnel
action = new FlowChangeAction();
action.setUserIdentity(user.getDn());
action.setUserIdentity(user.getIdentity());
action.setUserName(user.getUserName());
action.setOperation(operation);
action.setTimestamp(new Date());

View File

@ -205,7 +205,7 @@ public class PortAuditor extends NiFiAuditor {
for (ActionDetails detail : configurationDetails) {
// create the port action for updating the name
FlowChangeAction portAction = new FlowChangeAction();
portAction.setUserIdentity(user.getDn());
portAction.setUserIdentity(user.getIdentity());
portAction.setUserName(user.getUserName());
portAction.setOperation(Operation.Configure);
portAction.setTimestamp(timestamp);
@ -225,7 +225,7 @@ public class PortAuditor extends NiFiAuditor {
if (scheduledState != updatedScheduledState) {
// create a processor action
FlowChangeAction processorAction = new FlowChangeAction();
processorAction.setUserIdentity(user.getDn());
processorAction.setUserIdentity(user.getIdentity());
processorAction.setUserName(user.getUserName());
processorAction.setTimestamp(new Date());
processorAction.setSourceId(updatedPort.getIdentifier());
@ -323,7 +323,7 @@ public class PortAuditor extends NiFiAuditor {
// create the port action for adding this processor
action = new FlowChangeAction();
action.setUserIdentity(user.getDn());
action.setUserIdentity(user.getIdentity());
action.setUserName(user.getUserName());
action.setOperation(operation);
action.setTimestamp(new Date());

View File

@ -140,7 +140,7 @@ public class ProcessGroupAuditor extends NiFiAuditor {
// create the port action for updating the name
FlowChangeAction processGroupAction = new FlowChangeAction();
processGroupAction.setUserIdentity(user.getDn());
processGroupAction.setUserIdentity(user.getIdentity());
processGroupAction.setUserName(user.getUserName());
processGroupAction.setOperation(operation);
processGroupAction.setTimestamp(timestamp);
@ -157,7 +157,7 @@ public class ProcessGroupAuditor extends NiFiAuditor {
if (processGroupDTO.isRunning() != null) {
// create a process group action
FlowChangeAction processGroupAction = new FlowChangeAction();
processGroupAction.setUserIdentity(user.getDn());
processGroupAction.setUserIdentity(user.getIdentity());
processGroupAction.setUserName(user.getUserName());
processGroupAction.setSourceId(processGroup.getIdentifier());
processGroupAction.setSourceName(processGroup.getName());
@ -242,7 +242,7 @@ public class ProcessGroupAuditor extends NiFiAuditor {
// create the process group action for adding this process group
action = new FlowChangeAction();
action.setUserIdentity(user.getDn());
action.setUserIdentity(user.getIdentity());
action.setUserName(user.getUserName());
action.setOperation(operation);
action.setTimestamp(new Date());

View File

@ -177,7 +177,7 @@ public class ProcessorAuditor extends NiFiAuditor {
// create a configuration action
FlowChangeAction configurationAction = new FlowChangeAction();
configurationAction.setUserIdentity(user.getDn());
configurationAction.setUserIdentity(user.getIdentity());
configurationAction.setUserName(user.getUserName());
configurationAction.setOperation(operation);
configurationAction.setTimestamp(actionTimestamp);
@ -197,7 +197,7 @@ public class ProcessorAuditor extends NiFiAuditor {
if (scheduledState != updatedScheduledState) {
// create a processor action
FlowChangeAction processorAction = new FlowChangeAction();
processorAction.setUserIdentity(user.getDn());
processorAction.setUserIdentity(user.getIdentity());
processorAction.setUserName(user.getUserName());
processorAction.setTimestamp(new Date());
processorAction.setSourceId(processor.getIdentifier());
@ -294,7 +294,7 @@ public class ProcessorAuditor extends NiFiAuditor {
// create the processor action for adding this processor
action = new FlowChangeAction();
action.setUserIdentity(user.getDn());
action.setUserIdentity(user.getIdentity());
action.setUserName(user.getUserName());
action.setOperation(operation);
action.setTimestamp(new Date());

View File

@ -188,7 +188,7 @@ public class RelationshipAuditor extends NiFiAuditor {
// create a configuration action
FlowChangeAction configurationAction = new FlowChangeAction();
configurationAction.setUserIdentity(user.getDn());
configurationAction.setUserIdentity(user.getIdentity());
configurationAction.setUserName(user.getUserName());
configurationAction.setOperation(Operation.Configure);
configurationAction.setTimestamp(actionTimestamp);
@ -353,7 +353,7 @@ public class RelationshipAuditor extends NiFiAuditor {
// create a new relationship action
action = new FlowChangeAction();
action.setUserIdentity(user.getDn());
action.setUserIdentity(user.getIdentity());
action.setUserName(user.getUserName());
action.setOperation(operation);
action.setTimestamp(actionTimestamp);

View File

@ -246,7 +246,7 @@ public class RemoteProcessGroupAuditor extends NiFiAuditor {
for (ActionDetails detail : details) {
// create the port action for updating the name
FlowChangeAction remoteProcessGroupAction = new FlowChangeAction();
remoteProcessGroupAction.setUserIdentity(user.getDn());
remoteProcessGroupAction.setUserIdentity(user.getIdentity());
remoteProcessGroupAction.setUserName(user.getUserName());
remoteProcessGroupAction.setOperation(Operation.Configure);
remoteProcessGroupAction.setTimestamp(timestamp);
@ -267,7 +267,7 @@ public class RemoteProcessGroupAuditor extends NiFiAuditor {
if (transmissionState != updatedTransmissionState) {
// create a processor action
FlowChangeAction remoteProcessGroupAction = new FlowChangeAction();
remoteProcessGroupAction.setUserIdentity(user.getDn());
remoteProcessGroupAction.setUserIdentity(user.getIdentity());
remoteProcessGroupAction.setUserName(user.getUserName());
remoteProcessGroupAction.setTimestamp(new Date());
remoteProcessGroupAction.setSourceId(updatedRemoteProcessGroup.getIdentifier());
@ -356,7 +356,7 @@ public class RemoteProcessGroupAuditor extends NiFiAuditor {
// create the remote process group action
action = new FlowChangeAction();
action.setUserIdentity(user.getDn());
action.setUserIdentity(user.getIdentity());
action.setUserName(user.getUserName());
action.setOperation(operation);
action.setTimestamp(new Date());

View File

@ -160,7 +160,7 @@ public class ReportingTaskAuditor extends NiFiAuditor {
// create a configuration action
FlowChangeAction configurationAction = new FlowChangeAction();
configurationAction.setUserIdentity(user.getDn());
configurationAction.setUserIdentity(user.getIdentity());
configurationAction.setUserName(user.getUserName());
configurationAction.setOperation(operation);
configurationAction.setTimestamp(actionTimestamp);
@ -180,7 +180,7 @@ public class ReportingTaskAuditor extends NiFiAuditor {
if (scheduledState != updatedScheduledState) {
// create a reporting task action
FlowChangeAction taskAction = new FlowChangeAction();
taskAction.setUserIdentity(user.getDn());
taskAction.setUserIdentity(user.getIdentity());
taskAction.setUserName(user.getUserName());
taskAction.setTimestamp(new Date());
taskAction.setSourceId(reportingTask.getIdentifier());
@ -276,7 +276,7 @@ public class ReportingTaskAuditor extends NiFiAuditor {
// create the reporting task action for adding this reporting task
action = new FlowChangeAction();
action.setUserIdentity(user.getDn());
action.setUserIdentity(user.getIdentity());
action.setUserName(user.getUserName());
action.setOperation(operation);
action.setTimestamp(new Date());

View File

@ -232,7 +232,7 @@ public class SnippetAuditor extends NiFiAuditor {
if (user != null) {
// create the action for adding this funnel
action = new FlowChangeAction();
action.setUserIdentity(user.getDn());
action.setUserIdentity(user.getIdentity());
action.setUserName(user.getUserName());
action.setOperation(operation);
action.setTimestamp(timestamp);

View File

@ -765,7 +765,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
if (user == null) {
throw new WebApplicationException(new Throwable("Unable to access details for current user."));
}
final String userDn = user.getDn();
final String userDn = user.getIdentity();
if (Node.Status.CONNECTING.name().equalsIgnoreCase(nodeDTO.getStatus())) {
clusterManager.requestReconnection(nodeDTO.getNodeId(), userDn);
@ -1775,7 +1775,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
// create a purge action to record that records are being removed
FlowChangeAction purgeAction = new FlowChangeAction();
purgeAction.setUserIdentity(user.getDn());
purgeAction.setUserIdentity(user.getIdentity());
purgeAction.setUserName(user.getUserName());
purgeAction.setOperation(Operation.Purge);
purgeAction.setTimestamp(new Date());
@ -2261,7 +2261,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
final Set<String> allowedUsers = port.getUserAccessControl();
if (allowedUsers.contains(user.getDn())) {
if (allowedUsers.contains(user.getIdentity())) {
return true;
}
@ -2653,7 +2653,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
final UserDTO groupedUser = groupedUserDTOs.get(user.getUserGroup());
groupedUser.setId(groupedUser.getId() + "," + String.valueOf(user.getId()));
groupedUser.setUserName(groupedUser.getUserName() + ", " + user.getUserName());
groupedUser.setDn(groupedUser.getDn() + ", " + user.getDn());
groupedUser.setDn(groupedUser.getDn() + ", " + user.getIdentity());
groupedUser.setCreation(getOldestDate(groupedUser.getCreation(), user.getCreation()));
groupedUser.setLastAccessed(getNewestDate(groupedUser.getLastAccessed(), user.getLastAccessed()));
groupedUser.setLastVerified(getNewestDate(groupedUser.getLastVerified(), user.getLastVerified()));
@ -2752,7 +2752,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
throw new WebApplicationException(new Throwable("Unable to access details for current user."));
}
final String userDn = user.getDn();
final String userDn = user.getIdentity();
clusterManager.deleteNode(nodeId, userDn);
}

View File

@ -158,19 +158,19 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration
@Override
public String getCurrentUserDn() {
String userDn = NiFiUser.ANONYMOUS_USER_DN;
String userIdentity = NiFiUser.ANONYMOUS_USER_IDENTITY;
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user != null) {
userDn = user.getDn();
userIdentity = user.getIdentity();
}
return userDn;
return userIdentity;
}
@Override
public String getCurrentUserName() {
String userName = NiFiUser.ANONYMOUS_USER_DN;
String userName = NiFiUser.ANONYMOUS_USER_IDENTITY;
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user != null) {

View File

@ -129,19 +129,19 @@ public class StandardNiFiWebContext implements NiFiWebContext {
@Override
public String getCurrentUserDn() {
String userDn = NiFiUser.ANONYMOUS_USER_DN;
String userIdentity = NiFiUser.ANONYMOUS_USER_IDENTITY;
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user != null) {
userDn = user.getDn();
userIdentity = user.getIdentity();
}
return userDn;
return userIdentity;
}
@Override
public String getCurrentUserName() {
String userName = NiFiUser.ANONYMOUS_USER_DN;
String userName = NiFiUser.ANONYMOUS_USER_IDENTITY;
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user != null) {

View File

@ -103,7 +103,7 @@ public class UserResource extends ApplicationResource {
final NiFiUser nifiUser = NiFiUserUtils.getNiFiUser();
if (nifiUser != null) {
throw new IllegalArgumentException("User account already created " + nifiUser.getDn());
throw new IllegalArgumentException("User account already created " + nifiUser.getIdentity());
}
// create an account request for the current user

View File

@ -39,7 +39,7 @@ public class AccessDeniedExceptionMapper implements ExceptionMapper<AccessDenied
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user != null) {
logger.info(String.format("%s does not have permission to access the requested resource. Returning %s response.", user.getDn(), Response.Status.FORBIDDEN));
logger.info(String.format("%s does not have permission to access the requested resource. Returning %s response.", user.getIdentity(), Response.Status.FORBIDDEN));
} else {
logger.info(String.format("User does not have permission to access the requested resource. Returning %s response.", Response.Status.FORBIDDEN));
}

View File

@ -2338,7 +2338,7 @@ public final class DtoFactory {
// create the user
UserDTO userDTO = new UserDTO();
userDTO.setId(String.valueOf(user.getId()));
userDTO.setDn(user.getDn());
userDTO.setDn(user.getIdentity());
userDTO.setUserName(user.getUserName());
userDTO.setUserGroup(user.getUserGroup());
userDTO.setJustification(user.getJustification());

View File

@ -841,7 +841,7 @@ public class ControllerFacade {
final String type = event.getAttributes().get(CoreAttributes.MIME_TYPE.key());
// get the content
final InputStream content = flowController.getContent(event, contentDirection, user.getDn(), uri);
final InputStream content = flowController.getContent(event, contentDirection, user.getIdentity(), uri);
return new DownloadableContent(filename, type, content);
} catch (final ContentNotFoundException cnfe) {
throw new ResourceNotFoundException("Unable to find the specified content.");
@ -871,7 +871,7 @@ public class ControllerFacade {
}
// replay the flow file
final ProvenanceEventRecord event = flowController.replayFlowFile(originalEvent, user.getDn());
final ProvenanceEventRecord event = flowController.replayFlowFile(originalEvent, user.getIdentity());
// convert the event record
return createProvenanceEventDto(event);

View File

@ -52,13 +52,13 @@ public class RequestLogger implements Filter {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
// get the user details for the log message
String dn = "<no user found>";
String identity = "<no user found>";
if (user != null) {
dn = user.getDn();
identity = user.getIdentity();
}
// log the request attempt - response details will be logged later
logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", dn, request.getMethod(),
logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", identity, request.getMethod(),
request.getRequestURL().toString(), request.getRemoteAddr()));
}

View File

@ -80,7 +80,7 @@ public abstract class NiFiAuthenticationFilter implements Filter {
private boolean isAnonymousUser() {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
return user != null && NiFiUser.ANONYMOUS_USER_DN.equals(user.getDn());
return user != null && NiFiUser.ANONYMOUS_USER_IDENTITY.equals(user.getIdentity());
}
private void authenticate(final HttpServletRequest request, final HttpServletResponse response) throws IOException {

View File

@ -70,19 +70,19 @@ public class ProxiedEntitiesUtils {
*/
public static List<String> getXProxiedEntitiesChain(final NiFiUser user) {
// calculate the dn chain
final List<String> dnChain = new ArrayList<>();
final List<String> proxyChain = new ArrayList<>();
// build the dn chain
NiFiUser chainedUser = user;
do {
// add the entry for this user
dnChain.add(chainedUser.getDn());
proxyChain.add(chainedUser.getIdentity());
// go to the next user in the chain
chainedUser = chainedUser.getChain();
} while (chainedUser != null);
return dnChain;
return proxyChain;
}
/**

View File

@ -16,10 +16,12 @@
*/
package org.apache.nifi.web.security.anonymous;
import java.util.EnumSet;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.admin.service.AdministrationException;
import org.apache.nifi.admin.service.UserService;
import org.apache.nifi.authorization.Authority;
import org.apache.nifi.user.NiFiUser;
import org.apache.nifi.web.security.user.NiFiUserDetails;
import org.apache.nifi.web.security.token.NiFiAuthorizationToken;
@ -49,8 +51,13 @@ public class NiFiAnonymousUserFilter extends AnonymousAuthenticationFilter {
try {
// load the anonymous user from the database
NiFiUser user = userService.getUserByDn(NiFiUser.ANONYMOUS_USER_DN);
NiFiUser user = userService.getUserByDn(NiFiUser.ANONYMOUS_USER_IDENTITY);
// if this is an unsecure request allow full access
if (!request.isSecure()) {
user.getAuthorities().addAll(EnumSet.allOf(Authority.class));
}
// only create an authentication token if the anonymous user has some authorities
if (!user.getAuthorities().isEmpty()) {
NiFiUserDetails userDetails = new NiFiUserDetails(user);

View File

@ -132,7 +132,7 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF
if (loginIdentityProvider.authenticate(credentials)) {
return new LoginAuthenticationToken(credentials);
} else {
throw new BadCredentialsException("User could not be authenticated with the configured identity provider.");
throw new BadCredentialsException("The supplied username and password are not valid.");
}
}
}

View File

@ -106,7 +106,7 @@ public class NodeAuthorizedUserFilter extends GenericFilterBean {
final NiFiUser user = userDetails.getNiFiUser();
// log the request attempt - response details will be logged later
logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", user.getDn(), httpServletRequest.getMethod(),
logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", user.getIdentity(), httpServletRequest.getMethod(),
httpServletRequest.getRequestURL().toString(), request.getRemoteAddr()));
// we do not create the authentication token with the X509 certificate because the certificate is from the sending system, not the proxied user

View File

@ -73,7 +73,7 @@ public class NiFiUserDetails implements UserDetails {
@Override
public String getUsername() {
return user.getDn();
return user.getIdentity();
}
@Override

View File

@ -32,7 +32,11 @@
<div class="setting-field">
<textarea cols="30" rows="4" id="nifi-registration-justification" maxlength="500" class="setting-input"></textarea>
</div>
<div style="text-align: right; color: #666; margin-top: 2px;">
<div id="login-to-account-message" class="hidden">
<div style="font-style: italic;">Already have an account?</div>
<div style="margin-top: 2px;"><span id="login-to-account-link" class="link">Log in</span></div>
</div>
<div style="text-align: right; color: #666; margin-top: 2px; float: right;">
<span id="remaining-characters"></span>&nbsp;characters remaining
</div>
<div class="clear"></div>

View File

@ -25,7 +25,7 @@
<div class="clear"></div>
</div>
<div class="setting">
<div class="setting-name">DN</div>
<div class="setting-name">Identity</div>
<div class="setting-field">
<span id="user-dn-details-dialog"></span>
</div>

View File

@ -95,6 +95,15 @@ body.login-body input, body.login-body textarea {
height: 200px;
}
#login-to-account-message {
float: left;
margin-top: 2px;
}
#login-to-account-link {
text-decoration: underline;
}
/*
Submission
*/

View File

@ -70,6 +70,11 @@ nf.Login = (function () {
$('#nifi-registration-justification').count({
charCountField: '#remaining-characters'
});
// toggle between signup and login
$('#login-to-account-link').on('click', function () {
showLogin();
});
};
var showUserRegistration = function () {
@ -77,6 +82,7 @@ nf.Login = (function () {
$('div.nifi-submit-justification').hide();
$('#user-registration-container').show();
$('#login-to-account-message').show();
$('#login-submission-button').text('Create');
};