diff --git a/nifi-api/src/main/java/org/apache/nifi/authentication/AuthenticationResponse.java b/nifi-api/src/main/java/org/apache/nifi/authentication/AuthenticationResponse.java index a64947bdc9..e9999fcc56 100644 --- a/nifi-api/src/main/java/org/apache/nifi/authentication/AuthenticationResponse.java +++ b/nifi-api/src/main/java/org/apache/nifi/authentication/AuthenticationResponse.java @@ -24,6 +24,7 @@ public class AuthenticationResponse { private final String identity; private final String username; private final long expiration; + private final String issuer; /** * Creates an authentication response. The username and how long the authentication is valid in milliseconds @@ -31,11 +32,13 @@ public class AuthenticationResponse { * @param identity The user identity * @param username The username * @param expiration The expiration in milliseconds + * @param issuer The issuer of the token */ - public AuthenticationResponse(final String identity, final String username, final long expiration) { + public AuthenticationResponse(final String identity, final String username, final long expiration, final String issuer) { this.identity = identity; this.username = username; this.expiration = expiration; + this.issuer = issuer; } public String getIdentity() { @@ -46,6 +49,10 @@ public class AuthenticationResponse { return username; } + public String getIssuer() { + return issuer; + } + /** * Returns the expiration of a given authentication in milliseconds. * diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java index 5e52186a7f..b486d74f2a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java @@ -336,8 +336,7 @@ public class AccessResource extends ApplicationResource { } // create the authentication token - // TODO: Some Spring beans return "" for getClass().getSimpleName(). Using getName() temporarily, the way that NAR loader works, this value will always be an anonymous inner class - loginAuthenticationToken = new LoginAuthenticationToken(authenticationResponse.getIdentity(), expiration, loginIdentityProvider.getClass().getName()); + loginAuthenticationToken = new LoginAuthenticationToken(authenticationResponse.getIdentity(), expiration, authenticationResponse.getIssuer()); } catch (final InvalidLoginCredentialsException ilce) { throw new IllegalArgumentException("The supplied username and password are not valid.", ilce); } catch (final IdentityAccessException iae) { @@ -358,8 +357,7 @@ public class AccessResource extends ApplicationResource { authorizeProxyIfNecessary(proxyChain); // create the authentication token - // TODO: Some Spring beans return "" for getClass().getSimpleName(). Using getName() temporarilyy, the way that NAR loader works, this value will always be an anonymous inner class - loginAuthenticationToken = new LoginAuthenticationToken(proxyChain.get(0), authenticationResponse.getExpiration(), certificateIdentityProvider.getClass().getName()); + loginAuthenticationToken = new LoginAuthenticationToken(proxyChain.get(0), authenticationResponse.getExpiration(), authenticationResponse.getIssuer()); } // generate JWT for response diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java index 8ee51d937a..c023ce1f6f 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java @@ -57,7 +57,7 @@ public class NiFiTestLoginIdentityProvider implements LoginIdentityProvider { @Override public AuthenticationResponse authenticate(LoginCredentials credentials) throws InvalidLoginCredentialsException, IdentityAccessException { checkUser(credentials.getUsername(), credentials.getPassword()); - return new AuthenticationResponse(credentials.getUsername(), credentials.getUsername(), TimeUnit.MILLISECONDS.convert(1, TimeUnit.DAYS)); + return new AuthenticationResponse(credentials.getUsername(), credentials.getUsername(), TimeUnit.MILLISECONDS.convert(1, TimeUnit.DAYS), getClass().getSimpleName()); } @Override diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509IdentityProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509IdentityProvider.java index 75a94d379b..cae1134898 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509IdentityProvider.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509IdentityProvider.java @@ -31,7 +31,9 @@ import org.springframework.security.web.authentication.preauth.x509.X509Principa public class X509IdentityProvider { private static final Logger logger = LoggerFactory.getLogger(X509IdentityProvider.class); - + + private final String issuer = getClass().getSimpleName(); + private X509CertificateValidator certificateValidator; private X509PrincipalExtractor principalExtractor; @@ -77,7 +79,7 @@ public class X509IdentityProvider { } // build the authentication response - return new AuthenticationResponse(principal, principal, TimeUnit.MILLISECONDS.convert(1, TimeUnit.DAYS)); + return new AuthenticationResponse(principal, principal, TimeUnit.MILLISECONDS.convert(1, TimeUnit.DAYS), issuer); } /* setters */ diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css index 8f2450c0cc..49dd3a0d0a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css @@ -519,6 +519,9 @@ div.search-glass-pane { float: left; margin-right: 8px; font-weight: bold; + max-width: 250px; + text-overflow: ellipsis; + overflow: hidden; } #utilities-container { diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js index 92028191c1..d71c8efa0e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js @@ -155,7 +155,7 @@ nf.Common = (function () { } // set the interval to one hour - var interval = 10 * nf.Common.MILLIS_PER_MINUTE; + var interval = nf.Common.MILLIS_PER_MINUTE; var checkExpiration = function () { var expiration = nf.Storage.getItemExpiration('jwt'); @@ -166,7 +166,7 @@ nf.Common = (function () { var now = new Date(); // get the time remainging plus a little bonus time to reload the token - var timeRemaining = expirationDate.valueOf() - now.valueOf() - nf.Common.MILLIS_PER_MINUTE; + var timeRemaining = expirationDate.valueOf() - now.valueOf() - (30 * nf.Common.MILLIS_PER_SECOND); if (timeRemaining < interval) { if ($('#current-user').text() !== nf.Common.ANONYMOUS_USER_TEXT && !$('#anonymous-user-alert').is(':visible')) { // if the token will expire before the next interval minus some bonus time, notify the user to re-login @@ -320,9 +320,6 @@ nf.Common = (function () { // show the error pane $('#message-pane').show(); - - // close the canvas - nf.Common.closeCanvas(); } else { nf.Dialog.showOkDialog({ dialogContent: 'Your session has expired. Please press Ok to log in again.', @@ -332,6 +329,9 @@ nf.Common = (function () { } }); } + + // close the canvas + nf.Common.closeCanvas(); return; } @@ -424,19 +424,18 @@ nf.Common = (function () { * Closes the canvas by removing the splash screen and stats poller. */ closeCanvas: function () { + if (nf.Storage.getItem('jwt') === null) { + $('#user-logout-container').hide(); + } else { + $('#user-logout-container').show(); + } + // ensure this javascript has been loaded in the nf canvas page if (nf.Common.isDefinedAndNotNull(nf.Canvas)) { // hide the splash screen if required if ($('#splash').is(':visible')) { nf.Canvas.hideSplash(); } - - // update the log out link accordingly - if (nf.Storage.getItem('jwt') === null) { - $('#user-logout-container').hide(); - } else { - $('#user-logout-container').show(); - } // hide the context menu nf.ContextMenu.hide(); diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java index cbd5ea4e22..f3abdb0010 100644 --- a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java +++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java @@ -66,10 +66,12 @@ public class LdapProvider implements LoginIdentityProvider { private static final String TLS = "TLS"; private AbstractLdapAuthenticationProvider provider; + private String issuer; private long expiration; @Override public final void initialize(final LoginIdentityProviderInitializationContext initializationContext) throws ProviderCreationException { + this.issuer = getClass().getSimpleName(); } @Override @@ -251,9 +253,9 @@ public class LdapProvider implements LoginIdentityProvider { // attempt to get the ldap user details to get the DN if (authentication.getPrincipal() instanceof LdapUserDetails) { final LdapUserDetails userDetails = (LdapUserDetails) authentication.getPrincipal(); - return new AuthenticationResponse(userDetails.getDn(), credentials.getUsername(), expiration); + return new AuthenticationResponse(userDetails.getDn(), credentials.getUsername(), expiration, issuer); } else { - return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration); + return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer); } } catch (final CommunicationException | AuthenticationServiceException e) { logger.error(e.getMessage());