diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java index 723ec33085..716216d127 100644 --- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java +++ b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java @@ -31,33 +31,33 @@ import org.apache.nifi.authorization.exception.UnknownIdentityException; public interface AuthorityProvider { /** - * @param dn of the user - * @return whether the user with the specified DN is known to this authority + * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user. + * @return whether the user with the specified identity is known to this authority * provider. It is not necessary for the user to have any authorities */ - boolean doesDnExist(String dn) throws AuthorityAccessException; + boolean doesDnExist(String identity) throws AuthorityAccessException; /** * Get the authorities for the specified user. If the specified user exists * but does not have any authorities, an empty set should be returned. * - * @param dn of the user to lookup + * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user. * @return the authorities for the specified user. If the specified user * exists but does not have any authorities, an empty set should be returned * @throws UnknownIdentityException if identity is not known * @throws AuthorityAccessException if unable to access authorities */ - Set getAuthorities(String dn) throws UnknownIdentityException, AuthorityAccessException; + Set getAuthorities(String identity) throws UnknownIdentityException, AuthorityAccessException; /** * Sets the specified authorities for the specified user. * - * @param dn the specified user + * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user. * @param authorities the new authorities for the user * @throws UnknownIdentityException if identity is not known * @throws AuthorityAccessException if unable to access authorities */ - void setAuthorities(String dn, Set authorities) throws UnknownIdentityException, AuthorityAccessException; + void setAuthorities(String identity, Set authorities) throws UnknownIdentityException, AuthorityAccessException; /** * Gets the users for the specified authority. @@ -72,32 +72,32 @@ public interface AuthorityProvider { * Revokes the specified user. Its up to the implementor to determine the * semantics of revocation. * - * @param dn the dn of the user + * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user. * @throws UnknownIdentityException if the user is not known * @throws AuthorityAccessException if unable to access the authorities */ - void revokeUser(String dn) throws UnknownIdentityException, AuthorityAccessException; + void revokeUser(String identity) throws UnknownIdentityException, AuthorityAccessException; /** * Add the specified user. * - * @param dn of the user + * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user. * @param group Optional * @throws UnknownIdentityException if the user is not known * @throws AuthorityAccessException if unable to access the authorities */ - void addUser(String dn, String group) throws IdentityAlreadyExistsException, AuthorityAccessException; + void addUser(String identity, String group) throws IdentityAlreadyExistsException, AuthorityAccessException; /** * Gets the group for the specified user. Return null if the user does not * belong to a group. * - * @param dn the user + * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user. * @return the group of the given user * @throws UnknownIdentityException if the user is not known * @throws AuthorityAccessException if unable to access the authorities */ - String getGroupForUser(String dn) throws UnknownIdentityException, AuthorityAccessException; + String getGroupForUser(String identity) throws UnknownIdentityException, AuthorityAccessException; /** * Revokes all users for a specified group. Its up to the implementor to @@ -112,21 +112,21 @@ public interface AuthorityProvider { /** * Adds the specified users to the specified group. * - * @param dn the set of users to add to the group + * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user. * @param group to add users to * @throws UnknownIdentityException if the user is not known * @throws AuthorityAccessException if unable to access the authorities */ - void setUsersGroup(Set dn, String group) throws UnknownIdentityException, AuthorityAccessException; + void setUsersGroup(Set identity, String group) throws UnknownIdentityException, AuthorityAccessException; /** * Ungroups the specified user. * - * @param dn of the user + * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user. * @throws UnknownIdentityException if the user is not known * @throws AuthorityAccessException if unable to access the authorities */ - void ungroupUser(String dn) throws UnknownIdentityException, AuthorityAccessException; + void ungroupUser(String identity) throws UnknownIdentityException, AuthorityAccessException; /** * Ungroups the specified group. Since the semantics of revocation is up to @@ -143,18 +143,18 @@ public interface AuthorityProvider { * Determines whether the user in the specified dnChain should be able to * download the content for the flowfile with the specified attributes. * - * The first dn in the chain is the end user that the request was issued on - * behalf of. The subsequent dn's in the chain represent entities proxying + * The first identity in the chain is the end user that the request was issued on + * behalf of. The subsequent identities in the chain represent entities proxying * the user's request with the last being the proxy that sent the current * request. * - * @param dnChain of the user + * @param proxyChain proxy chain of user identities that for the download request * @param attributes of the flowfile being requested * @return the authorization result * @throws UnknownIdentityException if the user is not known * @throws AuthorityAccessException if unable to access the authorities */ - DownloadAuthorization authorizeDownload(List dnChain, Map attributes) throws UnknownIdentityException, AuthorityAccessException; + DownloadAuthorization authorizeDownload(List proxyChain, Map attributes) throws UnknownIdentityException, AuthorityAccessException; /** * Called immediately after instance creation for implementers to perform diff --git a/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebConfigurationContext.java b/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebConfigurationContext.java index ae32b10490..39bea4ffdc 100644 --- a/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebConfigurationContext.java +++ b/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebConfigurationContext.java @@ -54,7 +54,7 @@ public interface NiFiWebConfigurationContext { void saveActions(NiFiWebRequestContext requestContext, Collection actions); /** - * @return the current user dn. Returns null if no user is found + * @return the current user identity. The value may be a DN, an email, a username, or any string that identities the user. Returns null if no user is found */ String getCurrentUserDn(); diff --git a/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebContext.java b/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebContext.java index 55e90e867e..96261e52c0 100644 --- a/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebContext.java +++ b/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebContext.java @@ -51,7 +51,7 @@ public interface NiFiWebContext { void saveActions(Collection actions); /** - * @return the current user dn. Returns null if no user is found + * @return the current user identity. It may be a dn, an email, a username, or any string that identities the user. Returns null if no user is found */ String getCurrentUserDn(); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java index f30bfc76a4..acd34495ac 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java @@ -67,8 +67,8 @@ public class UserDataSourceFactoryBean implements FactoryBean { + "ID, IDENTITY, USER_NAME, CREATION, LAST_VERIFIED, JUSTIFICATION, STATUS" + ") VALUES (" + "'" + UUID.randomUUID().toString() + "', " - + "'" + NiFiUser.ANONYMOUS_USER_DN + "', " - + "'" + NiFiUser.ANONYMOUS_USER_DN + "', " + + "'" + NiFiUser.ANONYMOUS_USER_IDENTITY + "', " + + "'" + NiFiUser.ANONYMOUS_USER_IDENTITY + "', " + "NOW(), " + "NOW(), " + "'Anonymous user needs no justification', " @@ -78,12 +78,12 @@ public class UserDataSourceFactoryBean implements FactoryBean { private static final String INSERT_ANONYMOUS_AUTHORITY = "INSERT INTO AUTHORITY (" + "USER_ID, ROLE" + ") VALUES (" - + "(SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_DN + "'), " + + "(SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_IDENTITY + "'), " + "'%s'" + ")"; private static final String DELETE_ANONYMOUS_AUTHORITIES = "DELETE FROM AUTHORITY " - + "WHERE USER_ID = (SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_DN + "')"; + + "WHERE USER_ID = (SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_IDENTITY + "')"; private static final String RENAME_DN_COLUMN = "ALTER TABLE USER ALTER COLUMN DN RENAME TO IDENTITY"; private static final String RESIZE_IDENTITY_COLUMN = "ALTER TABLE USER MODIFY IDENTITY VARCHAR(4096)"; diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java index 807f87a5f4..8292cac2c2 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java @@ -194,7 +194,7 @@ public class StandardUserDAO implements UserDAO { try { // create the connection and obtain a statement statement = connection.prepareStatement(SELECT_USERS); - statement.setString(1, NiFiUser.ANONYMOUS_USER_DN); + statement.setString(1, NiFiUser.ANONYMOUS_USER_IDENTITY); // execute the query rs = statement.executeQuery(); @@ -211,7 +211,7 @@ public class StandardUserDAO implements UserDAO { if (user == null || !userId.equals(user.getId())) { user = new NiFiUser(); user.setId(userId); - user.setDn(rs.getString("IDENTITY")); + user.setIdentity(rs.getString("IDENTITY")); user.setUserName(rs.getString("USER_NAME")); user.setUserGroup(rs.getString("USER_GROUP")); user.setJustification(rs.getString("JUSTIFICATION")); @@ -287,7 +287,7 @@ public class StandardUserDAO implements UserDAO { try { // create the connection and obtain a statement statement = connection.prepareStatement(SELECT_USER_GROUP); - statement.setString(1, NiFiUser.ANONYMOUS_USER_DN); + statement.setString(1, NiFiUser.ANONYMOUS_USER_IDENTITY); statement.setString(2, group); // execute the query @@ -305,7 +305,7 @@ public class StandardUserDAO implements UserDAO { if (user == null || !userId.equals(user.getId())) { user = new NiFiUser(); user.setId(userId); - user.setDn(rs.getString("IDENTITY")); + user.setIdentity(rs.getString("IDENTITY")); user.setUserName(rs.getString("USER_NAME")); user.setUserGroup(rs.getString("USER_GROUP")); user.setJustification(rs.getString("JUSTIFICATION")); @@ -366,7 +366,7 @@ public class StandardUserDAO implements UserDAO { if (user == null) { user = new NiFiUser(); user.setId(rs.getString("ID")); - user.setDn(rs.getString("IDENTITY")); + user.setIdentity(rs.getString("IDENTITY")); user.setUserName(rs.getString("USER_NAME")); user.setUserGroup(rs.getString("USER_GROUP")); user.setJustification(rs.getString("JUSTIFICATION")); @@ -424,7 +424,7 @@ public class StandardUserDAO implements UserDAO { if (user == null) { user = new NiFiUser(); user.setId(rs.getString("ID")); - user.setDn(rs.getString("IDENTITY")); + user.setIdentity(rs.getString("IDENTITY")); user.setUserName(rs.getString("USER_NAME")); user.setUserGroup(rs.getString("USER_GROUP")); user.setJustification(rs.getString("JUSTIFICATION")); @@ -463,19 +463,19 @@ public class StandardUserDAO implements UserDAO { @Override public NiFiUser createUser(NiFiUser user) throws DataAccessException { - if (user.getDn() == null) { - throw new IllegalArgumentException("User dn must be specified."); + if (user.getIdentity() == null) { + throw new IllegalArgumentException("User identity must be specified."); } PreparedStatement statement = null; ResultSet rs = null; try { - final String id = UUID.nameUUIDFromBytes(user.getDn().getBytes(StandardCharsets.UTF_8)).toString(); + final String id = UUID.nameUUIDFromBytes(user.getIdentity().getBytes(StandardCharsets.UTF_8)).toString(); // create a statement statement = connection.prepareStatement(INSERT_USER, Statement.RETURN_GENERATED_KEYS); statement.setString(1, id); - statement.setString(2, StringUtils.left(user.getDn(), 4096)); + statement.setString(2, StringUtils.left(user.getIdentity(), 4096)); statement.setString(3, StringUtils.left(user.getUserName(), 4096)); statement.setString(4, StringUtils.left(user.getUserGroup(), 100)); if (user.getLastVerified() != null) { @@ -531,7 +531,7 @@ public class StandardUserDAO implements UserDAO { try { // create a statement statement = connection.prepareStatement(UPDATE_USER); - statement.setString(1, StringUtils.left(user.getDn(), 4096)); + statement.setString(1, StringUtils.left(user.getIdentity(), 4096)); statement.setString(2, StringUtils.left(user.getUserName(), 4096)); statement.setString(3, StringUtils.left(user.getUserGroup(), 100)); statement.setString(6, StringUtils.left(user.getJustification(), 500)); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java index b970dc18c3..69c6c1f59a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java @@ -76,14 +76,14 @@ public abstract class AbstractUserAction implements AdministrationAction { */ protected void verifyAccount(AuthorityProvider authorityProvider, NiFiUser user) { // load the roles for the user - Set authorities = authorityProvider.getAuthorities(user.getDn()); + Set authorities = authorityProvider.getAuthorities(user.getIdentity()); // update the user's authorities user.getAuthorities().clear(); user.getAuthorities().addAll(authorities); // get the user group - user.setUserGroup(authorityProvider.getGroupForUser(user.getDn())); + user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity())); // update the users status in case they were previously pending or disabled user.setStatus(AccountStatus.ACTIVE); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java index f83dc4d84a..ed4dfa1886 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java @@ -37,11 +37,11 @@ import org.apache.nifi.user.NiFiUser; */ public class AuthorizeUserAction extends AbstractUserAction { - private final String dn; + private final String identity; private final int cacheDurationSeconds; - public AuthorizeUserAction(String dn, int cacheDurationSeconds) { - this.dn = dn; + public AuthorizeUserAction(String identity, int cacheDurationSeconds) { + this.identity = identity; this.cacheDurationSeconds = cacheDurationSeconds; } @@ -50,14 +50,14 @@ public class AuthorizeUserAction extends AbstractUserAction { UserDAO userDao = daoFactory.getUserDAO(); // get the user - NiFiUser user = userDao.findUserByDn(dn); + NiFiUser user = userDao.findUserByDn(identity); // verify the user was found if (user == null) { // determine whether this users exists boolean doesDnExist = false; try { - doesDnExist = authorityProvider.doesDnExist(dn); + doesDnExist = authorityProvider.doesDnExist(identity); } catch (AuthorityAccessException aae) { throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae); } @@ -66,8 +66,8 @@ public class AuthorizeUserAction extends AbstractUserAction { if (doesDnExist) { // create the user user = new NiFiUser(); - user.setDn(dn); - user.setUserName(CertificateUtils.extractUsername(dn)); + user.setIdentity(identity); + user.setUserName(CertificateUtils.extractUsername(identity)); user.setJustification("User details specified by authority provider."); try { @@ -86,12 +86,12 @@ public class AuthorizeUserAction extends AbstractUserAction { createUser.execute(daoFactory, authorityProvider); } catch (UnknownIdentityException uie) { // strange since the provider just reported this dn existed but handleing anyways... - throw new AccountNotFoundException(String.format("Unable to verify access for %s.", dn)); + throw new AccountNotFoundException(String.format("Unable to verify access for %s.", identity)); } catch (AuthorityAccessException aae) { throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae); } } else { - throw new AccountNotFoundException(String.format("Unable to verify access for %s.", dn)); + throw new AccountNotFoundException(String.format("Unable to verify access for %s.", identity)); } } else { Throwable providerError = null; @@ -134,7 +134,7 @@ public class AuthorizeUserAction extends AbstractUserAction { updateUserAuthorities.execute(daoFactory, authorityProvider); if (providerError != null) { - throw new AccountDisabledException(String.format("User credentials for %s were not found. This account has been disabled.", user.getDn()), providerError); + throw new AccountDisabledException(String.format("User credentials for %s were not found. This account has been disabled.", user.getIdentity()), providerError); } } @@ -165,9 +165,9 @@ public class AuthorizeUserAction extends AbstractUserAction { */ private void checkAccountStatus(NiFiUser user) { if (AccountStatus.DISABLED.equals(user.getStatus())) { - throw new AccountDisabledException(String.format("The account for %s has been disabled.", user.getDn())); + throw new AccountDisabledException(String.format("The account for %s has been disabled.", user.getIdentity())); } else if (AccountStatus.PENDING.equals(user.getStatus())) { - throw new AccountPendingException(String.format("The account for %s is currently pending approval.", user.getDn())); + throw new AccountPendingException(String.format("The account for %s is currently pending approval.", user.getIdentity())); } } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java index c31f107912..9e9b798dbf 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java @@ -63,12 +63,12 @@ public class DisableUserAction implements AdministrationAction { try { // revoke the user in the authority provider - authorityProvider.revokeUser(user.getDn()); + authorityProvider.revokeUser(user.getIdentity()); } catch (UnknownIdentityException uie) { // user identity is not known - logger.info(String.format("User %s has already been removed from the authority provider.", user.getDn())); + logger.info(String.format("User %s has already been removed from the authority provider.", user.getIdentity())); } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to revoke user '%s': %s", user.getDn(), aae.getMessage()), aae); + throw new AdministrationException(String.format("Unable to revoke user '%s': %s", user.getIdentity(), aae.getMessage()), aae); } return user; diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java index 3dce6d9e2e..198a32dc7c 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java @@ -30,11 +30,11 @@ import org.apache.nifi.user.NiFiUser; */ public class RequestUserAccountAction implements AdministrationAction { - private final String dn; + private final String identity; private final String justification; - public RequestUserAccountAction(String dn, String justification) { - this.dn = dn; + public RequestUserAccountAction(String identity, String justification) { + this.identity = identity; this.justification = justification; } @@ -43,15 +43,15 @@ public class RequestUserAccountAction implements AdministrationAction UserDAO userDao = daoFactory.getUserDAO(); // determine if this user already exists - NiFiUser user = userDao.findUserByDn(dn); + NiFiUser user = userDao.findUserByDn(identity); if (user != null) { - throw new IllegalArgumentException(String.format("User account for %s already exists.", dn)); + throw new IllegalArgumentException(String.format("User account for %s already exists.", identity)); } // create the user user = new NiFiUser(); - user.setDn(dn); - user.setUserName(CertificateUtils.extractUsername(dn)); + user.setIdentity(identity); + user.setUserName(CertificateUtils.extractUsername(identity)); user.setJustification(justification); user.setStatus(AccountStatus.PENDING); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java index 6665ac09ac..c16cc712f2 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java @@ -46,7 +46,7 @@ public class SeedUserAccountsAction extends AbstractUserAction { @Override public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException { UserDAO userDao = daoFactory.getUserDAO(); - Set authorizedDns = new HashSet<>(); + Set authorizedIdentities = new HashSet<>(); // get the current user cache final Set existingUsers; @@ -62,7 +62,7 @@ public class SeedUserAccountsAction extends AbstractUserAction { try { // all users for all roles for (final Authority authority : Authority.values()) { - authorizedDns.addAll(authorityProvider.getUsers(authority)); + authorizedIdentities.addAll(authorityProvider.getUsers(authority)); } } catch (AuthorityAccessException aae) { // unable to access the authority provider... honor the cache @@ -73,25 +73,25 @@ public class SeedUserAccountsAction extends AbstractUserAction { final Set accountsToRevoke = new HashSet<>(existingUsers); // persist the users - for (String dn : authorizedDns) { + for (String identity : authorizedIdentities) { NiFiUser user = null; try { // locate the user for this dn - user = userDao.findUserByDn(dn); + user = userDao.findUserByDn(identity); boolean newAccount = false; // if the user does not exist, create a new account if (user == null) { - logger.info(String.format("Creating user account: %s", dn)); + logger.info(String.format("Creating user account: %s", identity)); newAccount = true; // create the user user = new NiFiUser(); - user.setDn(dn); - user.setUserName(CertificateUtils.extractUsername(dn)); + user.setIdentity(identity); + user.setUserName(CertificateUtils.extractUsername(identity)); user.setJustification("User details specified by authority provider."); } else { - logger.info(String.format("User account already created: %s. Updating authorities...", dn)); + logger.info(String.format("User account already created: %s. Updating authorities...", identity)); } // verify the account @@ -142,7 +142,7 @@ public class SeedUserAccountsAction extends AbstractUserAction { } try { - logger.info(String.format("User not authorized with configured provider: %s. Disabling account...", user.getDn())); + logger.info(String.format("User not authorized with configured provider: %s. Disabling account...", user.getIdentity())); // disable the account and reset its last verified timestamp since it was not found // in the current configured authority provider diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java index 01eaf5f1c7..2604a47ca6 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java @@ -56,11 +56,11 @@ public class UngroupUserAction extends AbstractUserAction { try { // update the authority provider - authorityProvider.ungroupUser(user.getDn()); + authorityProvider.ungroupUser(user.getIdentity()); } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to ungroup user '%s': %s", user.getDn(), uie.getMessage()), uie); + throw new AccountNotFoundException(String.format("Unable to ungroup user '%s': %s", user.getIdentity(), uie.getMessage()), uie); } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to ungroup user '%s': %s", user.getDn(), aae.getMessage()), aae); + throw new AdministrationException(String.format("Unable to ungroup user '%s': %s", user.getIdentity(), aae.getMessage()), aae); } return null; diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java index cef21d7d97..ecb91e602c 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java @@ -61,41 +61,41 @@ public class UpdateUserAction extends AbstractUserAction { } // determine whether this users exists - boolean doesDnExist = false; + boolean doesIdentityExist = false; try { - doesDnExist = authorityProvider.doesDnExist(user.getDn()); + doesIdentityExist = authorityProvider.doesDnExist(user.getIdentity()); } catch (AuthorityAccessException aae) { throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae); } // if the user already doesn't exist, add them - if (!doesDnExist) { + if (!doesIdentityExist) { try { // add the account account and group if necessary - authorityProvider.addUser(user.getDn(), user.getUserGroup()); + authorityProvider.addUser(user.getIdentity(), user.getUserGroup()); } catch (final IdentityAlreadyExistsException iaee) { - logger.warn(String.format("User '%s' already exists in the authority provider. Continuing with user update.", user.getDn())); + logger.warn(String.format("User '%s' already exists in the authority provider. Continuing with user update.", user.getIdentity())); } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to access authorities for '%s': %s", user.getDn(), aae.getMessage()), aae); + throw new AdministrationException(String.format("Unable to access authorities for '%s': %s", user.getIdentity(), aae.getMessage()), aae); } } try { // update the authority provider as approprivate - authorityProvider.setAuthorities(user.getDn(), authorities); + authorityProvider.setAuthorities(user.getIdentity(), authorities); } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getDn(), uie.getMessage()), uie); + throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie); } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getDn(), aae.getMessage()), aae); + throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae); } try { // get the user group - user.setUserGroup(authorityProvider.getGroupForUser(user.getDn())); + user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity())); } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getDn(), uie.getMessage()), uie); + throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getIdentity(), uie.getMessage()), uie); } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getDn(), aae.getMessage()), aae); + throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getIdentity(), aae.getMessage()), aae); } // since all the authorities were updated accordingly, set the authorities diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java index 56b214cd95..1d7941f9ba 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java @@ -61,7 +61,7 @@ public class UpdateUserGroupAction extends AbstractUserAction { // record the new users being added to this group final Set newUsers = new HashSet<>(); - final Set newUserDns = new HashSet<>(); + final Set newUserIdentities = new HashSet<>(); // if the user ids have been specified we need to create/update a group using the specified group name if (userIds != null) { @@ -81,13 +81,13 @@ public class UpdateUserGroupAction extends AbstractUserAction { try { // if the user is unknown to the authority provider we cannot continue - if (!authorityProvider.doesDnExist(user.getDn()) || AccountStatus.DISABLED.equals(user.getStatus())) { - throw new IllegalStateException(String.format("Unable to group these users because access for '%s' is not %s.", user.getDn(), AccountStatus.ACTIVE.toString())); + if (!authorityProvider.doesDnExist(user.getIdentity()) || AccountStatus.DISABLED.equals(user.getStatus())) { + throw new IllegalStateException(String.format("Unable to group these users because access for '%s' is not %s.", user.getIdentity(), AccountStatus.ACTIVE.toString())); } // record the user being added to this group newUsers.add(user); - newUserDns.add(user.getDn()); + newUserIdentities.add(user.getIdentity()); } catch (final AuthorityAccessException aae) { throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae); } @@ -95,11 +95,11 @@ public class UpdateUserGroupAction extends AbstractUserAction { try { // update the authority provider - authorityProvider.setUsersGroup(newUserDns, group); + authorityProvider.setUsersGroup(newUserIdentities, group); } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserDns, ", "), uie.getMessage()), uie); + throw new AccountNotFoundException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserIdentities, ", "), uie.getMessage()), uie); } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserDns, ", "), aae.getMessage()), aae); + throw new AdministrationException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserIdentities, ", "), aae.getMessage()), aae); } } @@ -118,35 +118,35 @@ public class UpdateUserGroupAction extends AbstractUserAction { if (authorities != null) { try { // update the authority provider as approprivate - authorityProvider.setAuthorities(user.getDn(), authorities); + authorityProvider.setAuthorities(user.getIdentity(), authorities); // since all the authorities were updated accordingly, set the authorities user.getAuthorities().clear(); user.getAuthorities().addAll(authorities); } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getDn(), uie.getMessage()), uie); + throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie); } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getDn(), aae.getMessage()), aae); + throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae); } } else { try { // refresh the authorities according to the provider user.getAuthorities().clear(); - user.getAuthorities().addAll(authorityProvider.getAuthorities(user.getDn())); + user.getAuthorities().addAll(authorityProvider.getAuthorities(user.getIdentity())); } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to determine the authorities for '%s': %s.", user.getDn(), uie.getMessage()), uie); + throw new AccountNotFoundException(String.format("Unable to determine the authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie); } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getDn(), aae.getMessage()), aae); + throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae); } } try { // get the user group - user.setUserGroup(authorityProvider.getGroupForUser(user.getDn())); + user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity())); } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getDn(), uie.getMessage()), uie); + throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getIdentity(), uie.getMessage()), uie); } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getDn(), aae.getMessage()), aae); + throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getIdentity(), aae.getMessage()), aae); } // update the users status in case they were previously pending or disabled diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/NiFiUser.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/NiFiUser.java index a47bde9b8c..231b13366e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/NiFiUser.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/NiFiUser.java @@ -29,10 +29,10 @@ import org.apache.commons.lang3.StringUtils; */ public class NiFiUser implements Serializable { - public static final String ANONYMOUS_USER_DN = "anonymous"; + public static final String ANONYMOUS_USER_IDENTITY = "anonymous"; private String id; - private String dn; + private String identity; private String userName; private String userGroup; private String justification; @@ -55,12 +55,12 @@ public class NiFiUser implements Serializable { this.creation = creation; } - public String getDn() { - return dn; + public String getIdentity() { + return identity; } - public void setDn(String dn) { - this.dn = dn; + public void setIdentity(String identity) { + this.identity = identity; } public String getUserName() { @@ -143,7 +143,7 @@ public class NiFiUser implements Serializable { return false; } final NiFiUser other = (NiFiUser) obj; - if (!Objects.equals(this.dn, other.dn)) { + if (!Objects.equals(this.identity, other.identity)) { return false; } return true; @@ -152,13 +152,13 @@ public class NiFiUser implements Serializable { @Override public int hashCode() { int hash = 7; - hash = 53 * hash + Objects.hashCode(this.dn); + hash = 53 * hash + Objects.hashCode(this.identity); return hash; } @Override public String toString() { - return String.format("dn[%s], userName[%s], justification[%s], authorities[%s]", getDn(), getUserName(), getJustification(), StringUtils.join(getAuthorities(), ", ")); + return String.format("identity[%s], userName[%s], justification[%s], authorities[%s]", getIdentity(), getUserName(), getJustification(), StringUtils.join(getAuthorities(), ", ")); } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java index 28ea4a943b..8d3c15a7e9 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java @@ -54,17 +54,17 @@ public class AuthorizeUserActionTest { private static final String USER_ID_10 = "10"; private static final String USER_ID_11 = "11"; - private static final String USER_DN_1 = "authority access exception while searching for user"; - private static final String USER_DN_2 = "unknown user"; - private static final String USER_DN_3 = "user removed after checking existence"; - private static final String USER_DN_4 = "access exception getting authorities"; - private static final String USER_DN_5 = "error creating user account"; - private static final String USER_DN_6 = "create user general sequence"; - private static final String USER_DN_7 = "existing user requires verification"; - private static final String USER_DN_8 = "existing user does not require verification"; - private static final String USER_DN_9 = "existing pending user"; - private static final String USER_DN_10 = "existing disabled user"; - private static final String USER_DN_11 = "existing user is now unknown in the authority provider"; + private static final String USER_IDENTITY_1 = "authority access exception while searching for user"; + private static final String USER_IDENTITY_2 = "unknown user"; + private static final String USER_IDENTITY_3 = "user removed after checking existence"; + private static final String USER_IDENTITY_4 = "access exception getting authorities"; + private static final String USER_IDENTITY_5 = "error creating user account"; + private static final String USER_IDENTITY_6 = "create user general sequence"; + private static final String USER_IDENTITY_7 = "existing user requires verification"; + private static final String USER_IDENTITY_8 = "existing user does not require verification"; + private static final String USER_IDENTITY_9 = "existing pending user"; + private static final String USER_IDENTITY_10 = "existing disabled user"; + private static final String USER_IDENTITY_11 = "existing user is now unknown in the authority provider"; private DAOFactory daoFactory; private UserDAO userDao; @@ -85,18 +85,18 @@ public class AuthorizeUserActionTest { if (USER_ID_7.equals(id)) { user = new NiFiUser(); user.setId(USER_ID_7); - user.setDn(USER_DN_7); + user.setIdentity(USER_IDENTITY_7); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); } else if (USER_ID_8.equals(id)) { user = new NiFiUser(); user.setId(USER_ID_8); - user.setDn(USER_DN_8); + user.setIdentity(USER_IDENTITY_8); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); user.setLastVerified(new Date()); } else if (USER_ID_11.equals(id)) { user = new NiFiUser(); user.setId(USER_ID_11); - user.setDn(USER_DN_11); + user.setIdentity(USER_IDENTITY_11); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); user.setStatus(AccountStatus.ACTIVE); } @@ -112,35 +112,35 @@ public class AuthorizeUserActionTest { NiFiUser user = null; switch (dn) { - case USER_DN_7: + case USER_IDENTITY_7: user = new NiFiUser(); user.setId(USER_ID_7); - user.setDn(USER_DN_7); + user.setIdentity(USER_IDENTITY_7); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); break; - case USER_DN_8: + case USER_IDENTITY_8: user = new NiFiUser(); user.setId(USER_ID_8); - user.setDn(USER_DN_8); + user.setIdentity(USER_IDENTITY_8); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); user.setLastVerified(new Date()); break; - case USER_DN_9: + case USER_IDENTITY_9: user = new NiFiUser(); user.setId(USER_ID_9); - user.setDn(USER_DN_9); + user.setIdentity(USER_IDENTITY_9); user.setStatus(AccountStatus.PENDING); break; - case USER_DN_10: + case USER_IDENTITY_10: user = new NiFiUser(); user.setId(USER_ID_10); - user.setDn(USER_DN_10); + user.setIdentity(USER_IDENTITY_10); user.setStatus(AccountStatus.DISABLED); break; - case USER_DN_11: + case USER_IDENTITY_11: user = new NiFiUser(); user.setId(USER_ID_11); - user.setDn(USER_DN_11); + user.setIdentity(USER_IDENTITY_11); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); user.setStatus(AccountStatus.ACTIVE); break; @@ -154,10 +154,10 @@ public class AuthorizeUserActionTest { public Void answer(InvocationOnMock invocation) throws Throwable { Object[] args = invocation.getArguments(); NiFiUser user = (NiFiUser) args[0]; - switch (user.getDn()) { - case USER_DN_5: + switch (user.getIdentity()) { + case USER_IDENTITY_5: throw new DataAccessException(); - case USER_DN_6: + case USER_IDENTITY_6: user.setId(USER_ID_6); break; } @@ -215,9 +215,9 @@ public class AuthorizeUserActionTest { Object[] args = invocation.getArguments(); String dn = (String) args[0]; switch (dn) { - case USER_DN_1: + case USER_IDENTITY_1: throw new AuthorityAccessException(StringUtils.EMPTY); - case USER_DN_2: + case USER_IDENTITY_2: return false; } @@ -231,21 +231,21 @@ public class AuthorizeUserActionTest { String dn = (String) args[0]; Set authorities = EnumSet.noneOf(Authority.class); switch (dn) { - case USER_DN_3: + case USER_IDENTITY_3: throw new UnknownIdentityException(StringUtils.EMPTY); - case USER_DN_4: + case USER_IDENTITY_4: throw new AuthorityAccessException(StringUtils.EMPTY); - case USER_DN_6: + case USER_IDENTITY_6: authorities.add(Authority.ROLE_MONITOR); break; - case USER_DN_7: + case USER_IDENTITY_7: authorities.add(Authority.ROLE_DFM); break; - case USER_DN_9: + case USER_IDENTITY_9: throw new UnknownIdentityException(StringUtils.EMPTY); - case USER_DN_10: + case USER_IDENTITY_10: throw new UnknownIdentityException(StringUtils.EMPTY); - case USER_DN_11: + case USER_IDENTITY_11: throw new UnknownIdentityException(StringUtils.EMPTY); } @@ -272,7 +272,7 @@ public class AuthorizeUserActionTest { */ @Test(expected = AdministrationException.class) public void testAuthorityAccessExceptionInDoesDnExist() throws Exception { - AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_1, 0); + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_1, 0); authorizeUser.execute(daoFactory, authorityProvider); } @@ -283,7 +283,7 @@ public class AuthorizeUserActionTest { */ @Test(expected = AccountNotFoundException.class) public void testUnknownUser() throws Exception { - AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_2, 0); + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_2, 0); authorizeUser.execute(daoFactory, authorityProvider); } @@ -294,7 +294,7 @@ public class AuthorizeUserActionTest { */ @Test(expected = AccountNotFoundException.class) public void testUserRemovedAfterCheckingExistence() throws Exception { - AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_3, 0); + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_3, 0); authorizeUser.execute(daoFactory, authorityProvider); } @@ -305,7 +305,7 @@ public class AuthorizeUserActionTest { */ @Test(expected = AdministrationException.class) public void testAuthorityAccessException() throws Exception { - AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_4, 0); + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_4, 0); authorizeUser.execute(daoFactory, authorityProvider); } @@ -316,7 +316,7 @@ public class AuthorizeUserActionTest { */ @Test(expected = DataAccessException.class) public void testErrorCreatingUserAccount() throws Exception { - AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_5, 0); + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_5, 0); authorizeUser.execute(daoFactory, authorityProvider); } @@ -327,11 +327,11 @@ public class AuthorizeUserActionTest { */ @Test public void testAccountCreation() throws Exception { - AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_6, 0); + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_6, 0); NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider); // verify the user - Assert.assertEquals(USER_DN_6, user.getDn()); + Assert.assertEquals(USER_IDENTITY_6, user.getIdentity()); Assert.assertEquals(1, user.getAuthorities().size()); Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_MONITOR)); @@ -347,11 +347,11 @@ public class AuthorizeUserActionTest { */ @Test public void testExistingUserRequiresVerification() throws Exception { - AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_7, 0); + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_7, 0); NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider); // verify the user - Assert.assertEquals(USER_DN_7, user.getDn()); + Assert.assertEquals(USER_IDENTITY_7, user.getIdentity()); Assert.assertEquals(1, user.getAuthorities().size()); Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_DFM)); @@ -369,11 +369,11 @@ public class AuthorizeUserActionTest { @Test public void testExistingUserNoVerification() throws Exception { // disabling verification by passing in a large cache duration - AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_8, Integer.MAX_VALUE); + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_8, Integer.MAX_VALUE); NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider); // verify the user - Assert.assertEquals(USER_DN_8, user.getDn()); + Assert.assertEquals(USER_IDENTITY_8, user.getIdentity()); Assert.assertEquals(1, user.getAuthorities().size()); Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_MONITOR)); @@ -391,7 +391,7 @@ public class AuthorizeUserActionTest { @Test(expected = AccountPendingException.class) public void testExistingPendingUser() throws Exception { // disabling verification by passing in a large cache duration - AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_9, Integer.MAX_VALUE); + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_9, Integer.MAX_VALUE); authorizeUser.execute(daoFactory, authorityProvider); } @@ -403,7 +403,7 @@ public class AuthorizeUserActionTest { @Test(expected = AccountDisabledException.class) public void testExistingDisabledUser() throws Exception { // disabling verification by passing in a large cache duration - AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_10, Integer.MAX_VALUE); + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_10, Integer.MAX_VALUE); authorizeUser.execute(daoFactory, authorityProvider); } @@ -416,7 +416,7 @@ public class AuthorizeUserActionTest { @Test public void testExistingActiveUserNotFoundInProvider() throws Exception { try { - AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_DN_11, 0); + AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_11, 0); authorizeUser.execute(daoFactory, authorityProvider); Assert.fail(); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java index 6486d32924..e372781867 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java @@ -40,8 +40,8 @@ public class CreateUserActionTest { private final String USER_ID_2 = "2"; private final String USER_ID_3 = "3"; - private final String USER_DN_1 = "data access exception when creating user"; - private final String USER_DN_3 = "general create user case"; + private final String USER_IDENTITY_1 = "data access exception when creating user"; + private final String USER_IDENTITY_3 = "general create user case"; private DAOFactory daoFactory; private UserDAO userDao; @@ -57,9 +57,9 @@ public class CreateUserActionTest { Object[] args = invocation.getArguments(); NiFiUser user = (NiFiUser) args[0]; - if (USER_DN_1.equals(user.getDn())) { + if (USER_IDENTITY_1.equals(user.getIdentity())) { throw new DataAccessException(); - } else if (USER_DN_3.equals(user.getDn())) { + } else if (USER_IDENTITY_3.equals(user.getIdentity())) { user.setId(USER_ID_3); } @@ -100,7 +100,7 @@ public class CreateUserActionTest { @Test(expected = DataAccessException.class) public void testExceptionCreatingUser() throws Exception { NiFiUser user = new NiFiUser(); - user.setDn(USER_DN_1); + user.setIdentity(USER_IDENTITY_1); CreateUserAction createUser = new CreateUserAction(user); createUser.execute(daoFactory, null); @@ -128,7 +128,7 @@ public class CreateUserActionTest { @Test public void testCreateUserAccount() throws Exception { NiFiUser user = new NiFiUser(); - user.setDn(USER_DN_3); + user.setIdentity(USER_IDENTITY_3); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_DFM, Authority.ROLE_ADMIN)); CreateUserAction createUser = new CreateUserAction(user); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java index b0e1ac10f6..ac2ab29103 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java @@ -40,8 +40,8 @@ public class DisableUserActionTest { private static final String USER_ID_3 = "3"; private static final String USER_ID_4 = "4"; - private static final String USER_DN_3 = "authority access exception"; - private static final String USER_DN_4 = "general disable user case"; + private static final String USER_IDENTITY_3 = "authority access exception"; + private static final String USER_IDENTITY_4 = "general disable user case"; private DAOFactory daoFactory; private UserDAO userDao; @@ -66,11 +66,11 @@ public class DisableUserActionTest { } else if (USER_ID_3.equals(id)) { user = new NiFiUser(); user.setId(id); - user.setDn(USER_DN_3); + user.setIdentity(USER_IDENTITY_3); } else if (USER_ID_4.equals(id)) { user = new NiFiUser(); user.setId(id); - user.setDn(USER_DN_4); + user.setIdentity(USER_IDENTITY_4); user.setStatus(AccountStatus.ACTIVE); } return user; @@ -103,7 +103,7 @@ public class DisableUserActionTest { Object[] args = invocation.getArguments(); String dn = (String) args[0]; - if (USER_DN_3.equals(dn)) { + if (USER_IDENTITY_3.equals(dn)) { throw new AuthorityAccessException(StringUtils.EMPTY); } @@ -158,11 +158,11 @@ public class DisableUserActionTest { // verify the user Assert.assertEquals(USER_ID_4, user.getId()); - Assert.assertEquals(USER_DN_4, user.getDn()); + Assert.assertEquals(USER_IDENTITY_4, user.getIdentity()); Assert.assertEquals(AccountStatus.DISABLED, user.getStatus()); // verify the interaction with the dao and provider Mockito.verify(userDao, Mockito.times(1)).updateUser(user); - Mockito.verify(authorityProvider, Mockito.times(1)).revokeUser(USER_DN_4); + Mockito.verify(authorityProvider, Mockito.times(1)).revokeUser(USER_IDENTITY_4); } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java index 7707b2cb44..7bc863b20f 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java @@ -36,9 +36,9 @@ public class RequestUserAccountActionTest { private static final String USER_ID_3 = "3"; - private static final String USER_DN_1 = "existing user account dn"; - private static final String USER_DN_2 = "data access exception"; - private static final String USER_DN_3 = "new account request"; + private static final String USER_IDENTITY_1 = "existing user account"; + private static final String USER_IDENTITY_2 = "data access exception"; + private static final String USER_IDENTITY_3 = "new account request"; private DAOFactory daoFactory; private UserDAO userDao; @@ -54,7 +54,7 @@ public class RequestUserAccountActionTest { String dn = (String) args[0]; NiFiUser user = null; - if (USER_DN_1.equals(dn)) { + if (USER_IDENTITY_1.equals(dn)) { user = new NiFiUser(); } return user; @@ -65,10 +65,10 @@ public class RequestUserAccountActionTest { public Void answer(InvocationOnMock invocation) throws Throwable { Object[] args = invocation.getArguments(); NiFiUser user = (NiFiUser) args[0]; - switch (user.getDn()) { - case USER_DN_2: + switch (user.getIdentity()) { + case USER_IDENTITY_2: throw new DataAccessException(); - case USER_DN_3: + case USER_IDENTITY_3: user.setId(USER_ID_3); break; } @@ -90,7 +90,7 @@ public class RequestUserAccountActionTest { */ @Test(expected = IllegalArgumentException.class) public void testExistingAccount() throws Exception { - RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_1, StringUtils.EMPTY); + RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_1, StringUtils.EMPTY); requestUserAccount.execute(daoFactory, null); } @@ -102,7 +102,7 @@ public class RequestUserAccountActionTest { */ @Test(expected = DataAccessException.class) public void testDataAccessException() throws Exception { - RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_2, StringUtils.EMPTY); + RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_2, StringUtils.EMPTY); requestUserAccount.execute(daoFactory, null); } @@ -113,12 +113,12 @@ public class RequestUserAccountActionTest { */ @Test public void testRequestUserAccountAction() throws Exception { - RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_DN_3, StringUtils.EMPTY); + RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_3, StringUtils.EMPTY); NiFiUser user = requestUserAccount.execute(daoFactory, null); // verfiy the user Assert.assertEquals(USER_ID_3, user.getId()); - Assert.assertEquals(USER_DN_3, user.getDn()); + Assert.assertEquals(USER_IDENTITY_3, user.getIdentity()); Assert.assertEquals(AccountStatus.PENDING, user.getStatus()); // verify interaction with dao diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java index 652d99209c..58db56a08b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java @@ -44,10 +44,10 @@ public class SeedUserAccountsActionTest { private static final String USER_ID_3 = "3"; private static final String USER_ID_4 = "4"; - private static final String USER_DN_1 = "user dn 1 - active user - remove monitor and operator, add dfm"; - private static final String USER_DN_2 = "user dn 2 - active user - no action"; - private static final String USER_DN_3 = "user dn 3 - pending user - add operator"; - private static final String USER_DN_4 = "user dn 4 - new user - add monitor"; + private static final String USER_IDENTITY_1 = "user 1 - active user - remove monitor and operator, add dfm"; + private static final String USER_IDENTITY_2 = "user 2 - active user - no action"; + private static final String USER_IDENTITY_3 = "user 3 - pending user - add operator"; + private static final String USER_IDENTITY_4 = "user 4 - new user - add monitor"; private DAOFactory daoFactory; private UserDAO userDao; @@ -68,19 +68,19 @@ public class SeedUserAccountsActionTest { if (USER_ID_1.equals(id)) { user = new NiFiUser(); user.setId(USER_ID_1); - user.setDn(USER_DN_1); + user.setIdentity(USER_IDENTITY_1); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); user.setStatus(AccountStatus.ACTIVE); } else if (USER_ID_2.equals(id)) { user = new NiFiUser(); user.setId(USER_ID_2); - user.setDn(USER_DN_2); + user.setIdentity(USER_IDENTITY_2); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_ADMIN)); user.setStatus(AccountStatus.ACTIVE); } else if (USER_ID_3.equals(id)) { user = new NiFiUser(); user.setId(USER_ID_3); - user.setDn(USER_DN_3); + user.setIdentity(USER_IDENTITY_3); user.setStatus(AccountStatus.PENDING); } return user; @@ -93,22 +93,22 @@ public class SeedUserAccountsActionTest { String dn = (String) args[0]; NiFiUser user = null; - if (USER_DN_1.equals(dn)) { + if (USER_IDENTITY_1.equals(dn)) { user = new NiFiUser(); user.setId(USER_ID_1); - user.setDn(USER_DN_1); + user.setIdentity(USER_IDENTITY_1); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); user.setStatus(AccountStatus.ACTIVE); - } else if (USER_DN_2.equals(dn)) { + } else if (USER_IDENTITY_2.equals(dn)) { user = new NiFiUser(); user.setId(USER_ID_2); - user.setDn(USER_DN_2); + user.setIdentity(USER_IDENTITY_2); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_ADMIN)); user.setStatus(AccountStatus.ACTIVE); - } else if (USER_DN_3.equals(dn)) { + } else if (USER_IDENTITY_3.equals(dn)) { user = new NiFiUser(); user.setId(USER_ID_3); - user.setDn(USER_DN_3); + user.setIdentity(USER_IDENTITY_3); user.setStatus(AccountStatus.PENDING); } return user; @@ -120,7 +120,7 @@ public class SeedUserAccountsActionTest { Object[] args = invocation.getArguments(); NiFiUser user = (NiFiUser) args[0]; - if (USER_DN_4.equals(user.getDn())) { + if (USER_IDENTITY_4.equals(user.getIdentity())) { user.setId(USER_ID_4); } @@ -141,13 +141,13 @@ public class SeedUserAccountsActionTest { Set users = new HashSet<>(); if (Authority.ROLE_DFM.equals(role)) { - users.add(USER_DN_1); + users.add(USER_IDENTITY_1); } else if (Authority.ROLE_ADMIN.equals(role)) { - users.add(USER_DN_2); + users.add(USER_IDENTITY_2); } else if (Authority.ROLE_PROXY.equals(role)) { - users.add(USER_DN_3); + users.add(USER_IDENTITY_3); } else if (Authority.ROLE_MONITOR.equals(role)) { - users.add(USER_DN_4); + users.add(USER_IDENTITY_4); } return users; } @@ -160,16 +160,16 @@ public class SeedUserAccountsActionTest { Set authorities = EnumSet.noneOf(Authority.class); switch (dn) { - case USER_DN_1: + case USER_IDENTITY_1: authorities.add(Authority.ROLE_DFM); break; - case USER_DN_2: + case USER_IDENTITY_2: authorities.add(Authority.ROLE_ADMIN); break; - case USER_DN_3: + case USER_IDENTITY_3: authorities.add(Authority.ROLE_PROXY); break; - case USER_DN_4: + case USER_IDENTITY_4: authorities.add(Authority.ROLE_MONITOR); break; } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java index 22504f7b1f..5effdbba8a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java @@ -46,8 +46,8 @@ public class SetUserAuthoritiesActionTest { private static final String USER_ID_2 = "2"; private static final String USER_ID_3 = "3"; - private static final String USER_DN_2 = "user dn 2"; - private static final String USER_DN_3 = "user dn 3"; + private static final String USER_IDENTITY_2 = "user 2"; + private static final String USER_IDENTITY_3 = "user 3"; private DAOFactory daoFactory; private UserDAO userDao; @@ -70,11 +70,11 @@ public class SetUserAuthoritiesActionTest { } else if (USER_ID_2.equals(id)) { user = new NiFiUser(); user.setId(USER_ID_2); - user.setDn(USER_DN_2); + user.setIdentity(USER_IDENTITY_2); } else if (USER_ID_3.equals(id)) { user = new NiFiUser(); user.setId(USER_ID_3); - user.setDn(USER_DN_3); + user.setIdentity(USER_IDENTITY_3); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); user.setStatus(AccountStatus.ACTIVE); } @@ -88,10 +88,10 @@ public class SetUserAuthoritiesActionTest { String dn = (String) args[0]; NiFiUser user = null; - if (USER_DN_3.equals(dn)) { + if (USER_IDENTITY_3.equals(dn)) { user = new NiFiUser(); user.setId(USER_ID_3); - user.setDn(USER_DN_3); + user.setIdentity(USER_IDENTITY_3); user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR)); user.setStatus(AccountStatus.ACTIVE); } @@ -148,7 +148,7 @@ public class SetUserAuthoritiesActionTest { String dn = (String) args[0]; Set authorities = EnumSet.noneOf(Authority.class); - if (USER_DN_3.equals(dn)) { + if (USER_IDENTITY_3.equals(dn)) { authorities.add(Authority.ROLE_DFM); } @@ -162,7 +162,7 @@ public class SetUserAuthoritiesActionTest { String dn = (String) args[0]; Set authorites = (Set) args[1]; - if (USER_DN_2.equals(dn)) { + if (USER_IDENTITY_2.equals(dn)) { throw new AuthorityAccessException(StringUtils.EMPTY); } @@ -218,6 +218,6 @@ public class SetUserAuthoritiesActionTest { Set authoritiesAddedToProvider = EnumSet.of(Authority.ROLE_ADMIN); // verify interaction with provider - Mockito.verify(authorityProvider, Mockito.times(1)).setAuthorities(USER_DN_3, authoritiesAddedToProvider); + Mockito.verify(authorityProvider, Mockito.times(1)).setAuthorities(USER_IDENTITY_3, authoritiesAddedToProvider); } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerAuditor.java index cede675022..4357633338 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerAuditor.java @@ -78,7 +78,7 @@ public class ControllerAuditor extends NiFiAuditor { // create the config action FlowChangeAction configAction = new FlowChangeAction(); - configAction.setUserIdentity(user.getDn()); + configAction.setUserIdentity(user.getIdentity()); configAction.setUserName(user.getUserName()); configAction.setOperation(Operation.Configure); configAction.setTimestamp(new Date()); @@ -131,7 +131,7 @@ public class ControllerAuditor extends NiFiAuditor { // create the config action FlowChangeAction configAction = new FlowChangeAction(); - configAction.setUserIdentity(user.getDn()); + configAction.setUserIdentity(user.getIdentity()); configAction.setUserName(user.getUserName()); configAction.setOperation(Operation.Configure); configAction.setTimestamp(new Date()); @@ -184,7 +184,7 @@ public class ControllerAuditor extends NiFiAuditor { // create the config action FlowChangeAction configAction = new FlowChangeAction(); - configAction.setUserIdentity(user.getDn()); + configAction.setUserIdentity(user.getIdentity()); configAction.setUserName(user.getUserName()); configAction.setOperation(Operation.Configure); configAction.setTimestamp(new Date()); @@ -237,7 +237,7 @@ public class ControllerAuditor extends NiFiAuditor { // create the config action FlowChangeAction configAction = new FlowChangeAction(); - configAction.setUserIdentity(user.getDn()); + configAction.setUserIdentity(user.getIdentity()); configAction.setUserName(user.getUserName()); configAction.setOperation(Operation.Configure); configAction.setTimestamp(new Date()); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerServiceAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerServiceAuditor.java index 0187ee408f..af8428d494 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerServiceAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ControllerServiceAuditor.java @@ -167,7 +167,7 @@ public class ControllerServiceAuditor extends NiFiAuditor { // create a configuration action FlowChangeAction configurationAction = new FlowChangeAction(); - configurationAction.setUserIdentity(user.getDn()); + configurationAction.setUserIdentity(user.getIdentity()); configurationAction.setUserName(user.getUserName()); configurationAction.setOperation(operation); configurationAction.setTimestamp(actionTimestamp); @@ -187,7 +187,7 @@ public class ControllerServiceAuditor extends NiFiAuditor { if (isDisabled != updateIsDisabled) { // create a controller service action FlowChangeAction serviceAction = new FlowChangeAction(); - serviceAction.setUserIdentity(user.getDn()); + serviceAction.setUserIdentity(user.getIdentity()); serviceAction.setUserName(user.getUserName()); serviceAction.setTimestamp(new Date()); serviceAction.setSourceId(controllerService.getIdentifier()); @@ -271,7 +271,7 @@ public class ControllerServiceAuditor extends NiFiAuditor { // create a processor action FlowChangeAction processorAction = new FlowChangeAction(); - processorAction.setUserIdentity(user.getDn()); + processorAction.setUserIdentity(user.getIdentity()); processorAction.setUserName(user.getUserName()); processorAction.setTimestamp(new Date()); processorAction.setSourceId(processor.getIdentifier()); @@ -289,7 +289,7 @@ public class ControllerServiceAuditor extends NiFiAuditor { // create a reporting task action FlowChangeAction reportingTaskAction = new FlowChangeAction(); - reportingTaskAction.setUserIdentity(user.getDn()); + reportingTaskAction.setUserIdentity(user.getIdentity()); reportingTaskAction.setUserName(user.getUserName()); reportingTaskAction.setTimestamp(new Date()); reportingTaskAction.setSourceId(reportingTask.getIdentifier()); @@ -307,7 +307,7 @@ public class ControllerServiceAuditor extends NiFiAuditor { // create a controller service action FlowChangeAction serviceAction = new FlowChangeAction(); - serviceAction.setUserIdentity(user.getDn()); + serviceAction.setUserIdentity(user.getIdentity()); serviceAction.setUserName(user.getUserName()); serviceAction.setTimestamp(new Date()); serviceAction.setSourceId(controllerService.getIdentifier()); @@ -387,7 +387,7 @@ public class ControllerServiceAuditor extends NiFiAuditor { // create the controller service action for adding this controller service action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/FunnelAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/FunnelAuditor.java index 51cb20cf20..3949028de7 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/FunnelAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/FunnelAuditor.java @@ -121,7 +121,7 @@ public class FunnelAuditor extends NiFiAuditor { if (user != null) { // create the action for adding this funnel action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/PortAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/PortAuditor.java index b07d64f169..e99a1aa043 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/PortAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/PortAuditor.java @@ -205,7 +205,7 @@ public class PortAuditor extends NiFiAuditor { for (ActionDetails detail : configurationDetails) { // create the port action for updating the name FlowChangeAction portAction = new FlowChangeAction(); - portAction.setUserIdentity(user.getDn()); + portAction.setUserIdentity(user.getIdentity()); portAction.setUserName(user.getUserName()); portAction.setOperation(Operation.Configure); portAction.setTimestamp(timestamp); @@ -225,7 +225,7 @@ public class PortAuditor extends NiFiAuditor { if (scheduledState != updatedScheduledState) { // create a processor action FlowChangeAction processorAction = new FlowChangeAction(); - processorAction.setUserIdentity(user.getDn()); + processorAction.setUserIdentity(user.getIdentity()); processorAction.setUserName(user.getUserName()); processorAction.setTimestamp(new Date()); processorAction.setSourceId(updatedPort.getIdentifier()); @@ -323,7 +323,7 @@ public class PortAuditor extends NiFiAuditor { // create the port action for adding this processor action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessGroupAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessGroupAuditor.java index d56355577d..89871e6a88 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessGroupAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessGroupAuditor.java @@ -140,7 +140,7 @@ public class ProcessGroupAuditor extends NiFiAuditor { // create the port action for updating the name FlowChangeAction processGroupAction = new FlowChangeAction(); - processGroupAction.setUserIdentity(user.getDn()); + processGroupAction.setUserIdentity(user.getIdentity()); processGroupAction.setUserName(user.getUserName()); processGroupAction.setOperation(operation); processGroupAction.setTimestamp(timestamp); @@ -157,7 +157,7 @@ public class ProcessGroupAuditor extends NiFiAuditor { if (processGroupDTO.isRunning() != null) { // create a process group action FlowChangeAction processGroupAction = new FlowChangeAction(); - processGroupAction.setUserIdentity(user.getDn()); + processGroupAction.setUserIdentity(user.getIdentity()); processGroupAction.setUserName(user.getUserName()); processGroupAction.setSourceId(processGroup.getIdentifier()); processGroupAction.setSourceName(processGroup.getName()); @@ -242,7 +242,7 @@ public class ProcessGroupAuditor extends NiFiAuditor { // create the process group action for adding this process group action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessorAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessorAuditor.java index b8a2c6993f..4f147fbe80 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessorAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessorAuditor.java @@ -177,7 +177,7 @@ public class ProcessorAuditor extends NiFiAuditor { // create a configuration action FlowChangeAction configurationAction = new FlowChangeAction(); - configurationAction.setUserIdentity(user.getDn()); + configurationAction.setUserIdentity(user.getIdentity()); configurationAction.setUserName(user.getUserName()); configurationAction.setOperation(operation); configurationAction.setTimestamp(actionTimestamp); @@ -197,7 +197,7 @@ public class ProcessorAuditor extends NiFiAuditor { if (scheduledState != updatedScheduledState) { // create a processor action FlowChangeAction processorAction = new FlowChangeAction(); - processorAction.setUserIdentity(user.getDn()); + processorAction.setUserIdentity(user.getIdentity()); processorAction.setUserName(user.getUserName()); processorAction.setTimestamp(new Date()); processorAction.setSourceId(processor.getIdentifier()); @@ -294,7 +294,7 @@ public class ProcessorAuditor extends NiFiAuditor { // create the processor action for adding this processor action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RelationshipAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RelationshipAuditor.java index f90d572163..95000d8118 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RelationshipAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RelationshipAuditor.java @@ -188,7 +188,7 @@ public class RelationshipAuditor extends NiFiAuditor { // create a configuration action FlowChangeAction configurationAction = new FlowChangeAction(); - configurationAction.setUserIdentity(user.getDn()); + configurationAction.setUserIdentity(user.getIdentity()); configurationAction.setUserName(user.getUserName()); configurationAction.setOperation(Operation.Configure); configurationAction.setTimestamp(actionTimestamp); @@ -353,7 +353,7 @@ public class RelationshipAuditor extends NiFiAuditor { // create a new relationship action action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(actionTimestamp); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RemoteProcessGroupAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RemoteProcessGroupAuditor.java index e145a626ac..5815634701 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RemoteProcessGroupAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RemoteProcessGroupAuditor.java @@ -246,7 +246,7 @@ public class RemoteProcessGroupAuditor extends NiFiAuditor { for (ActionDetails detail : details) { // create the port action for updating the name FlowChangeAction remoteProcessGroupAction = new FlowChangeAction(); - remoteProcessGroupAction.setUserIdentity(user.getDn()); + remoteProcessGroupAction.setUserIdentity(user.getIdentity()); remoteProcessGroupAction.setUserName(user.getUserName()); remoteProcessGroupAction.setOperation(Operation.Configure); remoteProcessGroupAction.setTimestamp(timestamp); @@ -267,7 +267,7 @@ public class RemoteProcessGroupAuditor extends NiFiAuditor { if (transmissionState != updatedTransmissionState) { // create a processor action FlowChangeAction remoteProcessGroupAction = new FlowChangeAction(); - remoteProcessGroupAction.setUserIdentity(user.getDn()); + remoteProcessGroupAction.setUserIdentity(user.getIdentity()); remoteProcessGroupAction.setUserName(user.getUserName()); remoteProcessGroupAction.setTimestamp(new Date()); remoteProcessGroupAction.setSourceId(updatedRemoteProcessGroup.getIdentifier()); @@ -356,7 +356,7 @@ public class RemoteProcessGroupAuditor extends NiFiAuditor { // create the remote process group action action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ReportingTaskAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ReportingTaskAuditor.java index 712f99ae48..77df12ae87 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ReportingTaskAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ReportingTaskAuditor.java @@ -160,7 +160,7 @@ public class ReportingTaskAuditor extends NiFiAuditor { // create a configuration action FlowChangeAction configurationAction = new FlowChangeAction(); - configurationAction.setUserIdentity(user.getDn()); + configurationAction.setUserIdentity(user.getIdentity()); configurationAction.setUserName(user.getUserName()); configurationAction.setOperation(operation); configurationAction.setTimestamp(actionTimestamp); @@ -180,7 +180,7 @@ public class ReportingTaskAuditor extends NiFiAuditor { if (scheduledState != updatedScheduledState) { // create a reporting task action FlowChangeAction taskAction = new FlowChangeAction(); - taskAction.setUserIdentity(user.getDn()); + taskAction.setUserIdentity(user.getIdentity()); taskAction.setUserName(user.getUserName()); taskAction.setTimestamp(new Date()); taskAction.setSourceId(reportingTask.getIdentifier()); @@ -276,7 +276,7 @@ public class ReportingTaskAuditor extends NiFiAuditor { // create the reporting task action for adding this reporting task action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/SnippetAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/SnippetAuditor.java index 34382b3630..4b7c38a3be 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/SnippetAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/SnippetAuditor.java @@ -232,7 +232,7 @@ public class SnippetAuditor extends NiFiAuditor { if (user != null) { // create the action for adding this funnel action = new FlowChangeAction(); - action.setUserIdentity(user.getDn()); + action.setUserIdentity(user.getIdentity()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(timestamp); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java index b4fcfb3dbd..b4b5188c6d 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java @@ -765,7 +765,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { if (user == null) { throw new WebApplicationException(new Throwable("Unable to access details for current user.")); } - final String userDn = user.getDn(); + final String userDn = user.getIdentity(); if (Node.Status.CONNECTING.name().equalsIgnoreCase(nodeDTO.getStatus())) { clusterManager.requestReconnection(nodeDTO.getNodeId(), userDn); @@ -1775,7 +1775,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { // create a purge action to record that records are being removed FlowChangeAction purgeAction = new FlowChangeAction(); - purgeAction.setUserIdentity(user.getDn()); + purgeAction.setUserIdentity(user.getIdentity()); purgeAction.setUserName(user.getUserName()); purgeAction.setOperation(Operation.Purge); purgeAction.setTimestamp(new Date()); @@ -2261,7 +2261,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { } final Set allowedUsers = port.getUserAccessControl(); - if (allowedUsers.contains(user.getDn())) { + if (allowedUsers.contains(user.getIdentity())) { return true; } @@ -2653,7 +2653,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { final UserDTO groupedUser = groupedUserDTOs.get(user.getUserGroup()); groupedUser.setId(groupedUser.getId() + "," + String.valueOf(user.getId())); groupedUser.setUserName(groupedUser.getUserName() + ", " + user.getUserName()); - groupedUser.setDn(groupedUser.getDn() + ", " + user.getDn()); + groupedUser.setDn(groupedUser.getDn() + ", " + user.getIdentity()); groupedUser.setCreation(getOldestDate(groupedUser.getCreation(), user.getCreation())); groupedUser.setLastAccessed(getNewestDate(groupedUser.getLastAccessed(), user.getLastAccessed())); groupedUser.setLastVerified(getNewestDate(groupedUser.getLastVerified(), user.getLastVerified())); @@ -2752,7 +2752,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { throw new WebApplicationException(new Throwable("Unable to access details for current user.")); } - final String userDn = user.getDn(); + final String userDn = user.getIdentity(); clusterManager.deleteNode(nodeId, userDn); } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java index 8e56fc2e68..9502bf2d81 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java @@ -158,19 +158,19 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration @Override public String getCurrentUserDn() { - String userDn = NiFiUser.ANONYMOUS_USER_DN; + String userIdentity = NiFiUser.ANONYMOUS_USER_IDENTITY; final NiFiUser user = NiFiUserUtils.getNiFiUser(); if (user != null) { - userDn = user.getDn(); + userIdentity = user.getIdentity(); } - return userDn; + return userIdentity; } @Override public String getCurrentUserName() { - String userName = NiFiUser.ANONYMOUS_USER_DN; + String userName = NiFiUser.ANONYMOUS_USER_IDENTITY; final NiFiUser user = NiFiUserUtils.getNiFiUser(); if (user != null) { diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebContext.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebContext.java index 03ce630e3d..7e9e77e08f 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebContext.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebContext.java @@ -129,19 +129,19 @@ public class StandardNiFiWebContext implements NiFiWebContext { @Override public String getCurrentUserDn() { - String userDn = NiFiUser.ANONYMOUS_USER_DN; + String userIdentity = NiFiUser.ANONYMOUS_USER_IDENTITY; final NiFiUser user = NiFiUserUtils.getNiFiUser(); if (user != null) { - userDn = user.getDn(); + userIdentity = user.getIdentity(); } - return userDn; + return userIdentity; } @Override public String getCurrentUserName() { - String userName = NiFiUser.ANONYMOUS_USER_DN; + String userName = NiFiUser.ANONYMOUS_USER_IDENTITY; final NiFiUser user = NiFiUserUtils.getNiFiUser(); if (user != null) { diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserResource.java index 8999f71ec2..4b9d2ae91f 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserResource.java @@ -103,7 +103,7 @@ public class UserResource extends ApplicationResource { final NiFiUser nifiUser = NiFiUserUtils.getNiFiUser(); if (nifiUser != null) { - throw new IllegalArgumentException("User account already created " + nifiUser.getDn()); + throw new IllegalArgumentException("User account already created " + nifiUser.getIdentity()); } // create an account request for the current user diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccessDeniedExceptionMapper.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccessDeniedExceptionMapper.java index bc6dded606..5d50e7010b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccessDeniedExceptionMapper.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccessDeniedExceptionMapper.java @@ -39,7 +39,7 @@ public class AccessDeniedExceptionMapper implements ExceptionMapper getXProxiedEntitiesChain(final NiFiUser user) { // calculate the dn chain - final List dnChain = new ArrayList<>(); + final List proxyChain = new ArrayList<>(); // build the dn chain NiFiUser chainedUser = user; do { // add the entry for this user - dnChain.add(chainedUser.getDn()); + proxyChain.add(chainedUser.getIdentity()); // go to the next user in the chain chainedUser = chainedUser.getChain(); } while (chainedUser != null); - return dnChain; + return proxyChain; } /** diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java index 7ffd673604..b267f26283 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java @@ -16,10 +16,12 @@ */ package org.apache.nifi.web.security.anonymous; +import java.util.EnumSet; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.admin.service.AdministrationException; import org.apache.nifi.admin.service.UserService; +import org.apache.nifi.authorization.Authority; import org.apache.nifi.user.NiFiUser; import org.apache.nifi.web.security.user.NiFiUserDetails; import org.apache.nifi.web.security.token.NiFiAuthorizationToken; @@ -49,8 +51,13 @@ public class NiFiAnonymousUserFilter extends AnonymousAuthenticationFilter { try { // load the anonymous user from the database - NiFiUser user = userService.getUserByDn(NiFiUser.ANONYMOUS_USER_DN); + NiFiUser user = userService.getUserByDn(NiFiUser.ANONYMOUS_USER_IDENTITY); + // if this is an unsecure request allow full access + if (!request.isSecure()) { + user.getAuthorities().addAll(EnumSet.allOf(Authority.class)); + } + // only create an authentication token if the anonymous user has some authorities if (!user.getAuthorities().isEmpty()) { NiFiUserDetails userDetails = new NiFiUserDetails(user); diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java index fb45363b06..456a2b2f65 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java @@ -132,7 +132,7 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF if (loginIdentityProvider.authenticate(credentials)) { return new LoginAuthenticationToken(credentials); } else { - throw new BadCredentialsException("User could not be authenticated with the configured identity provider."); + throw new BadCredentialsException("The supplied username and password are not valid."); } } } diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/node/NodeAuthorizedUserFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/node/NodeAuthorizedUserFilter.java index e73fd9e546..d1207b4b4a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/node/NodeAuthorizedUserFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/node/NodeAuthorizedUserFilter.java @@ -106,7 +106,7 @@ public class NodeAuthorizedUserFilter extends GenericFilterBean { final NiFiUser user = userDetails.getNiFiUser(); // log the request attempt - response details will be logged later - logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", user.getDn(), httpServletRequest.getMethod(), + logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", user.getIdentity(), httpServletRequest.getMethod(), httpServletRequest.getRequestURL().toString(), request.getRemoteAddr())); // we do not create the authentication token with the X509 certificate because the certificate is from the sending system, not the proxied user diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java index 5645f78973..b559269a4d 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java @@ -73,7 +73,7 @@ public class NiFiUserDetails implements UserDetails { @Override public String getUsername() { - return user.getDn(); + return user.getIdentity(); } @Override diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/nifi-registration-form.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/nifi-registration-form.jsp index 59191ce822..90d3556c41 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/nifi-registration-form.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/nifi-registration-form.jsp @@ -32,7 +32,11 @@
-
+ +
 characters remaining
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-details-dialog.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-details-dialog.jsp index 8587be3a69..8a818825d4 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-details-dialog.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-details-dialog.jsp @@ -25,7 +25,7 @@
-
DN
+
Identity
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/login.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/login.css index 38ce410168..29ef12ac84 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/login.css +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/login.css @@ -95,6 +95,15 @@ body.login-body input, body.login-body textarea { height: 200px; } +#login-to-account-message { + float: left; + margin-top: 2px; +} + +#login-to-account-link { + text-decoration: underline; +} + /* Submission */ diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js index 6152867c5c..f5411afba9 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js @@ -70,6 +70,11 @@ nf.Login = (function () { $('#nifi-registration-justification').count({ charCountField: '#remaining-characters' }); + + // toggle between signup and login + $('#login-to-account-link').on('click', function () { + showLogin(); + }); }; var showUserRegistration = function () { @@ -77,6 +82,7 @@ nf.Login = (function () { $('div.nifi-submit-justification').hide(); $('#user-registration-container').show(); + $('#login-to-account-message').show(); $('#login-submission-button').text('Create'); };