Apache
/
nifi
mirror of https://github.com/apache/nifi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

NIFI-65: 

- Code clean up.
This commit is contained in:
Matt Gilman 2014-12-23 13:46:48 -05:00
parent 469502f30c
commit 2436b5338e
1 changed files with 13 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
nar-bundles/framework-bundle/framework/web/web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
View File

@ -51,10 +51,12 @@ public class NiFiAuthorizationService implements UserDetailsService {
private NiFiProperties properties; private NiFiProperties properties;
/** /**
* Loads the user details for the specified dn. Method must be synchronized * Loads the user details for the specified dn.
* since multiple requests from the same user may be sent simultaneously. *
* Since we don't want to run the account verification process multiple for * Synchronizing because we want each request to be authorized atomically since
* the same user, we treat each request atomically. * each may contain any number of DNs. We wanted an access decision made
* for each individual request as a whole (without other request potentially
* impacting it).
* *
* @param rawProxyChain * @param rawProxyChain
* @return * @return
@ -111,6 +113,12 @@ public class NiFiAuthorizationService implements UserDetailsService {
throw new UsernameNotFoundException(String.format("An account request was generated for the proxy '%s'.", dn)); throw new UsernameNotFoundException(String.format("An account request was generated for the proxy '%s'.", dn));
} catch (AdministrationException ae) { } catch (AdministrationException ae) {
throw new AuthenticationServiceException(String.format("Unable to create an account request for '%s': %s", dn, ae.getMessage()), ae); throw new AuthenticationServiceException(String.format("Unable to create an account request for '%s': %s", dn, ae.getMessage()), ae);
} catch (IllegalArgumentException iae) {
// check then modified... account didn't exist when getting the user details but did when
// attempting to auto create the user account request
final String message = String.format("Account request was already submitted for '%s'", dn);
logger.warn(message);
throw new AccountStatusException(message) {};
} }
} else { } else {
logger.warn(String.format("Untrusted proxy '%s' must be authorized with '%s' authority: %s", dn, Authority.ROLE_PROXY.toString(), unfe.getMessage())); logger.warn(String.format("Untrusted proxy '%s' must be authorized with '%s' authority: %s", dn, Authority.ROLE_PROXY.toString(), unfe.getMessage()));
@ -147,8 +155,7 @@ public class NiFiAuthorizationService implements UserDetailsService {
} catch (AdministrationException ase) { } catch (AdministrationException ase) {
throw new AuthenticationServiceException(String.format("An error occurred while accessing the user credentials for '%s': %s", dn, ase.getMessage()), ase); throw new AuthenticationServiceException(String.format("An error occurred while accessing the user credentials for '%s': %s", dn, ase.getMessage()), ase);
} catch (AccountDisabledException | AccountPendingException e) { } catch (AccountDisabledException | AccountPendingException e) {
throw new AccountStatusException(e.getMessage(), e) { throw new AccountStatusException(e.getMessage(), e) {};
};
} catch (AccountNotFoundException anfe) { } catch (AccountNotFoundException anfe) {
throw new UsernameNotFoundException(anfe.getMessage()); throw new UsernameNotFoundException(anfe.getMessage());
} }