NIFI-655:

- Fixing typo when loading the ldap connect timeout.
- Providing a better experience for session expiration.
- Using ellipsis for lengthly user name.
- Adding an issuer to the authentication response so the LIP can specify the appropriate value.

nifi-api/src/main/java/org/apache/nifi/authentication/AuthenticationResponse.java

@@ -24,6 +24,7 @@ public class AuthenticationResponse {
     private final String identity;
     private final String username;
     private final long expiration;
+    private final String issuer;
 
     /**
      * Creates an authentication response. The username and how long the authentication is valid in milliseconds
@@ -31,11 +32,13 @@ public class AuthenticationResponse {
      * @param identity The user identity
      * @param username The username
      * @param expiration The expiration in milliseconds
+     * @param issuer The issuer of the token
      */
-    public AuthenticationResponse(final String identity, final String username, final long expiration) {
+    public AuthenticationResponse(final String identity, final String username, final long expiration, final String issuer) {
         this.identity = identity;
         this.username = username;
         this.expiration = expiration;
+        this.issuer = issuer;
     }
 
     public String getIdentity() {
@@ -46,6 +49,10 @@ public class AuthenticationResponse {
         return username;
     }
 
+    public String getIssuer() {
+        return issuer;
+    }
+
     /**
      * Returns the expiration of a given authentication in milliseconds.
      *

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java

@@ -336,8 +336,7 @@ public class AccessResource extends ApplicationResource {
                 }
 
                 // create the authentication token
-                // TODO: Some Spring beans return "" for getClass().getSimpleName(). Using getName() temporarily, the way that NAR loader works, this value will always be an anonymous inner class
+                loginAuthenticationToken = new LoginAuthenticationToken(authenticationResponse.getIdentity(), expiration, authenticationResponse.getIssuer());
-                loginAuthenticationToken = new LoginAuthenticationToken(authenticationResponse.getIdentity(), expiration, loginIdentityProvider.getClass().getName());
             } catch (final InvalidLoginCredentialsException ilce) {
                 throw new IllegalArgumentException("The supplied username and password are not valid.", ilce);
             } catch (final IdentityAccessException iae) {
@@ -358,8 +357,7 @@ public class AccessResource extends ApplicationResource {
             authorizeProxyIfNecessary(proxyChain);
 
             // create the authentication token
-            // TODO: Some Spring beans return "" for getClass().getSimpleName(). Using getName() temporarilyy, the way that NAR loader works, this value will always be an anonymous inner class
+            loginAuthenticationToken = new LoginAuthenticationToken(proxyChain.get(0), authenticationResponse.getExpiration(), authenticationResponse.getIssuer());
-            loginAuthenticationToken = new LoginAuthenticationToken(proxyChain.get(0), authenticationResponse.getExpiration(), certificateIdentityProvider.getClass().getName());
         }
 
         // generate JWT for response

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java

@@ -57,7 +57,7 @@ public class NiFiTestLoginIdentityProvider implements LoginIdentityProvider {
     @Override
     public AuthenticationResponse authenticate(LoginCredentials credentials) throws InvalidLoginCredentialsException, IdentityAccessException {
         checkUser(credentials.getUsername(), credentials.getPassword());
-        return new AuthenticationResponse(credentials.getUsername(), credentials.getUsername(), TimeUnit.MILLISECONDS.convert(1, TimeUnit.DAYS));
+        return new AuthenticationResponse(credentials.getUsername(), credentials.getUsername(), TimeUnit.MILLISECONDS.convert(1, TimeUnit.DAYS), getClass().getSimpleName());
     }
 
     @Override

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509IdentityProvider.java

@@ -32,6 +32,8 @@ public class X509IdentityProvider {
 
     private static final Logger logger = LoggerFactory.getLogger(X509IdentityProvider.class);
     
+    private final String issuer = getClass().getSimpleName();
+    
     private X509CertificateValidator certificateValidator;
     private X509PrincipalExtractor principalExtractor;
 
@@ -77,7 +79,7 @@ public class X509IdentityProvider {
         }
 
         // build the authentication response
-        return new AuthenticationResponse(principal, principal, TimeUnit.MILLISECONDS.convert(1, TimeUnit.DAYS));
+        return new AuthenticationResponse(principal, principal, TimeUnit.MILLISECONDS.convert(1, TimeUnit.DAYS), issuer);
     }
 
     /* setters */

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css

@@ -519,6 +519,9 @@ div.search-glass-pane {
     float: left;
     margin-right: 8px;
     font-weight: bold;
+    max-width: 250px;
+    text-overflow: ellipsis;
+    overflow: hidden;
 }
 
 #utilities-container {

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js

@@ -155,7 +155,7 @@ nf.Common = (function () {
             }
             
             // set the interval to one hour
-            var interval = 10 * nf.Common.MILLIS_PER_MINUTE;
+            var interval = nf.Common.MILLIS_PER_MINUTE;
             
             var checkExpiration = function () {
                 var expiration = nf.Storage.getItemExpiration('jwt');
@@ -166,7 +166,7 @@ nf.Common = (function () {
                     var now = new Date();
 
                     // get the time remainging plus a little bonus time to reload the token
-                    var timeRemaining = expirationDate.valueOf() - now.valueOf() - nf.Common.MILLIS_PER_MINUTE;
+                    var timeRemaining = expirationDate.valueOf() - now.valueOf() - (30 * nf.Common.MILLIS_PER_SECOND);
                     if (timeRemaining < interval) {
                         if ($('#current-user').text() !== nf.Common.ANONYMOUS_USER_TEXT && !$('#anonymous-user-alert').is(':visible')) {
                             // if the token will expire before the next interval minus some bonus time, notify the user to re-login
@@ -320,9 +320,6 @@ nf.Common = (function () {
 
                     // show the error pane
                     $('#message-pane').show();
-
-                    // close the canvas
-                    nf.Common.closeCanvas();
                 } else {
                     nf.Dialog.showOkDialog({
                         dialogContent: 'Your session has expired. Please press Ok to log in again.',
@@ -332,6 +329,9 @@ nf.Common = (function () {
                         }
                     });
                 }
+                
+                // close the canvas
+                nf.Common.closeCanvas();
                 return;
             }
             
@@ -424,6 +424,12 @@ nf.Common = (function () {
          * Closes the canvas by removing the splash screen and stats poller.
          */
         closeCanvas: function () {
+            if (nf.Storage.getItem('jwt') === null) {
+                $('#user-logout-container').hide();
+            } else {
+                $('#user-logout-container').show();
+            }
+            
             // ensure this javascript has been loaded in the nf canvas page
             if (nf.Common.isDefinedAndNotNull(nf.Canvas)) {
                 // hide the splash screen if required
@@ -431,13 +437,6 @@ nf.Common = (function () {
                     nf.Canvas.hideSplash();
                 }
 
-                // update the log out link accordingly
-                if (nf.Storage.getItem('jwt') === null) {
-                    $('#user-logout-container').hide();
-                } else {
-                    $('#user-logout-container').show();
-                }
-
                 // hide the context menu
                 nf.ContextMenu.hide();
 

nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java

@@ -66,10 +66,12 @@ public class LdapProvider implements LoginIdentityProvider {
     private static final String TLS = "TLS";
 
     private AbstractLdapAuthenticationProvider provider;
+    private String issuer;
     private long expiration;
 
     @Override
     public final void initialize(final LoginIdentityProviderInitializationContext initializationContext) throws ProviderCreationException {
+        this.issuer = getClass().getSimpleName();
     }
 
     @Override
@@ -251,9 +253,9 @@ public class LdapProvider implements LoginIdentityProvider {
             // attempt to get the ldap user details to get the DN
             if (authentication.getPrincipal() instanceof LdapUserDetails) {
                 final LdapUserDetails userDetails = (LdapUserDetails) authentication.getPrincipal();
-                return new AuthenticationResponse(userDetails.getDn(), credentials.getUsername(), expiration);
+                return new AuthenticationResponse(userDetails.getDn(), credentials.getUsername(), expiration, issuer);
             } else {
-                return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration);
+                return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer);
             }
         } catch (final CommunicationException | AuthenticationServiceException e) {
             logger.error(e.getMessage());