NIFI-655:

- Updated user guide with screenshots of login process.
- Tweaked wording in admin guide.
- Triggering login on enter press in login form.
This commit is contained in:
Matt Gilman 2015-11-25 16:42:22 -05:00
parent c073253366
commit 6bce858e4a
7 changed files with 41 additions and 4 deletions

View File

@ -150,8 +150,8 @@ NiFi provides several different configuration options for security purposes. The
by the NiFi cluster protocol. If the Truststore properties are not set, this must be `false`. Otherwise, a value by the NiFi cluster protocol. If the Truststore properties are not set, this must be `false`. Otherwise, a value
of `true` indicates that nodes in the cluster will be authenticated and must have certificates that are trusted of `true` indicates that nodes in the cluster will be authenticated and must have certificates that are trusted
by the Truststores. by the Truststores.
|`nifi.security.anonymous.authorities` | Specifies the roles that should be granted to users that connect over HTTPS anonymously. All users will |`nifi.security.anonymous.authorities` | Specifies the roles that should be granted to users that connect over HTTPS anonymously. All users can make
be given this level access, however if they have been granted a particular level of access by an administrator use of anonymous access, however if they have been granted a particular level of access by an administrator
it will take precedence if they access NiFi using a client certificate or once they have logged in. it will take precedence if they access NiFi using a client certificate or once they have logged in.
|================================================================================================================================================== |==================================================================================================================================================

Binary file not shown.

After

Width:  |  Height:  |  Size: 80 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 91 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 92 KiB

View File

@ -157,6 +157,32 @@ are in the cluster and how many are currently connected.
image::status-bar.png["NiFi Status Bar"] image::status-bar.png["NiFi Status Bar"]
[[logging-in]]
Logging In
---------
If NiFi is configured to run securely, users will be able to request access to the DataFlow. For information on configuring NiFi to run
securely, see the link:administration-guide.html[Admin Guide]. If NiFi supports anonymous access, users will be given access
accordingly and given an option to log in.
image::anonymous-access.png["Anonymous Access"]
Clicking the 'login' link will open the log in page. If the user is logging in with their username/password they will be presented with
a form to do so. If NiFi is not configured to support anonymous access and the user is logging in with their username/password, they will
be immediately sent to the login form bypassing the canvas.
image::login.png["Log In"]
Once the user has logged in or if they are accessing NiFi using a client certificate loaded in their browser, they will be prompted
to request access by submitting a justification if this is the first time they have accessed this NiFi. Fill in an optional justification
that the administrator will review while granting the account access. If NiFi is not configured to support anonymous access and the
user is using a client certificate, they will be immediately sent to the form to request access bypassing the canvas and login form.
image::request-access.png["Request Access"]
Press Submit to send the account request. If NiFi supports anonymous access, the user can continue accessing the DataFlow by closing the
login page. Returning to the login page will check the status of the account request. If access has been granted, press the home link or
reload the page to assume the new roles.
[[building-dataflow]] [[building-dataflow]]

View File

@ -208,7 +208,7 @@ public class AccessResource extends ApplicationResource {
// no issues with authorization... verify authorities // no issues with authorization... verify authorities
accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name()); accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name());
if (userDetails.getAuthorities().isEmpty()) { if (userDetails.getAuthorities().isEmpty()) {
accessStatus.setMessage("Your account is active but is unauthorized as no authorities have been granted."); accessStatus.setMessage("Your account is active but currently does not have any level of access.");
} else { } else {
accessStatus.setMessage("Your account is active and you are already logged in."); accessStatus.setMessage("Your account is active and you are already logged in.");
} }
@ -237,7 +237,7 @@ public class AccessResource extends ApplicationResource {
// no issues with authorization... verify authorities // no issues with authorization... verify authorities
accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name()); accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name());
if (userDetails.getAuthorities().isEmpty()) { if (userDetails.getAuthorities().isEmpty()) {
accessStatus.setMessage("Your account is active but is unauthorized as no authorities have been granted."); accessStatus.setMessage("Your account is active but currently does not have any level of access.");
} else { } else {
accessStatus.setMessage("Your account is active and you are already logged in."); accessStatus.setMessage("Your account is active and you are already logged in.");
} }

View File

@ -87,6 +87,9 @@ nf.Login = (function () {
}; };
var login = function () { var login = function () {
// remove focus
$('#username, #password').blur();
// show the logging message... // show the logging message...
$('#login-progress-label').text('Logging in...'); $('#login-progress-label').text('Logging in...');
$('#login-progress-container').show(); $('#login-progress-container').show();
@ -219,6 +222,14 @@ nf.Login = (function () {
showLogoutLink(); showLogoutLink();
} }
// supporting logging in via enter press
$('#username, #password').on('keyup', function (e) {
var code = e.keyCode ? e.keyCode : e.which;
if (code === $.ui.keyCode.ENTER) {
login();
}
});
// access status // access status
var accessStatus = $.ajax({ var accessStatus = $.ajax({
type: 'GET', type: 'GET',