From f0811ca45adf15edf02f0f2d5f1d2d6929edd329 Mon Sep 17 00:00:00 2001
From: Matt Gilman <matt.c.gilman@gmail.com>
Date: Thu, 23 Jun 2016 15:55:18 -0400
Subject: [PATCH] NIFI-1554: - Addressing access controls for the Controller
 resource. - Addressing access controls for RAW site to site clients. -
 Addressing access controls for downloading content (from provenance and
 queue). - Addressing access controls for accessing queues. - Addressing
 access controls for cluster endpoints. - Addressing access controls for
 counter endpoints. - Removing redundant authorization calls. NIFI-2044: -
 Requiring revision when creating components. - Requiring component creation
 over POST requests. NIFI-1901 - Continuing to restore access control tests. -
 Converting access control tests to itegration tests. - Restoring contrib
 check to travis build. - This closes #567

---
 .travis.yml                                   |    2 +-
 .../java/org/apache/nifi/web/Revision.java    |   27 +-
 .../org/apache/nifi/web/TestRevision.java     |   61 +
 .../nifi-framework/nifi-authorizer/pom.xml    |    4 +
 .../api/dto/ControllerConfigurationDTO.java   |   54 +-
 .../web/api/dto/FlowConfigurationDTO.java     |   80 +
 .../apache/nifi/web/api/dto/RevisionDTO.java  |    3 +-
 .../entity/ControllerConfigurationEntity.java |   29 +-
 .../api/entity/FlowConfigurationEntity.java   |   48 +
 .../authorization/resource/Authorizable.java  |   26 +-
 .../resource/ResourceFactory.java             |   44 +
 .../authorization/resource/ResourceType.java  |    1 +
 .../nifi/authorization/user/NiFiUser.java     |    4 -
 .../ReportingTasksEndpointMerger.java         |    2 +-
 .../nifi/web/revision/UpdateRevisionTask.java |   32 -
 .../controller/StandardFlowServiceTest.java   |   22 +-
 .../scheduling/TestProcessorLifecycle.java    |   42 +-
 .../nifi/remote/StandardRootGroupPort.java    |   28 +-
 ...ttpServletConfigurationRequestContext.java |    6 +-
 .../nifi-web/nifi-web-api/pom.xml             |    2 +-
 .../apache/nifi/web/AuthorizableLookup.java   |    7 +
 .../apache/nifi/web/NiFiServiceFacade.java    |   70 +-
 .../nifi/web/StandardAuthorizableLookup.java  |    5 +
 .../nifi/web/StandardNiFiServiceFacade.java   |  467 +++---
 .../StandardNiFiWebConfigurationContext.java  |   12 +-
 .../org/apache/nifi/web/UpdateResult.java     |   40 -
 .../nifi/web/api/AccessPolicyResource.java    |   20 +-
 .../apache/nifi/web/api/ClusterResource.java  |  357 -----
 .../nifi/web/api/ConnectionResource.java      |   17 +-
 .../nifi/web/api/ControllerResource.java      |  651 +++++---
 .../web/api/ControllerServiceResource.java    |   23 +-
 .../apache/nifi/web/api/CountersResource.java |  252 ++++
 .../nifi/web/api/FlowFileQueueResource.java   |   69 +-
 .../org/apache/nifi/web/api/FlowResource.java |  386 ++++-
 .../apache/nifi/web/api/FunnelResource.java   |   17 +-
 .../apache/nifi/web/api/HistoryResource.java  |  525 -------
 .../nifi/web/api/InputPortResource.java       |   53 +-
 .../apache/nifi/web/api/LabelResource.java    |   51 +-
 .../org/apache/nifi/web/api/NodeResource.java |  219 ---
 .../nifi/web/api/OutputPortResource.java      |   53 +-
 .../nifi/web/api/ProcessGroupResource.java    |  151 +-
 .../nifi/web/api/ProcessorResource.java       |   17 +-
 .../web/api/RemoteProcessGroupResource.java   |   15 +-
 .../nifi/web/api/ReportingTaskResource.java   |   23 +-
 .../nifi/web/api/SiteToSiteResource.java      |   25 +-
 .../nifi/web/api/UserGroupsResource.java      |   16 +-
 .../apache/nifi/web/api/UsersResource.java    |   16 +-
 .../apache/nifi/web/api/dto/DtoFactory.java   |    7 +-
 .../nifi/web/api/dto/EntityFactory.java       |    9 +-
 .../nifi/web/controller/ControllerFacade.java |  107 +-
 .../web/dao/impl/StandardConnectionDAO.java   |   31 +-
 .../impl/StandardControllerServiceDAO.java    |    7 +-
 .../main/resources/nifi-web-api-context.xml   |   19 +-
 .../web/StandardNiFiServiceFacadeSpec.groovy  |  224 ++-
 .../nifi/integration/NiFiWebApiTest.java      |    6 +-
 .../accesscontrol/AccessControlHelper.java    |   31 +
 .../accesscontrol/AdminAccessControlTest.java | 1010 -------------
 .../accesscontrol/DfmAccessControlTest.java   | 1322 -----------------
 ...ntTest.java => ITAccessTokenEndpoint.java} |    4 +-
 ...st.java => ITConnectionAccessControl.java} |    8 +-
 .../ITCountersAccessControl.java              |   86 ++
 .../accesscontrol/ITFlowAccessControl.java    |  245 +++
 ...olTest.java => ITFunnelAccessControl.java} |    4 +-
 ...est.java => ITInputPortAccessControl.java} |    4 +-
 ...rolTest.java => ITLabelAccessControl.java} |    4 +-
 ...st.java => ITOutputPortAccessControl.java} |    4 +-
 ....java => ITProcessGroupAccessControl.java} |    4 +-
 ...est.java => ITProcessorAccessControl.java} |    4 +-
 .../ReadOnlyAccessControlTest.java            |  983 ------------
 .../util/NiFiFlowTestAuthorizer.java          |   87 ++
 .../integration/util/NiFiTestAuthorizer.java  |    4 +-
 .../nifi/integration/util/NiFiTestUser.java   |   16 +-
 .../nifi/web/api/TestSiteToSiteResource.java  |    4 +-
 .../org.apache.nifi.authorization.Authorizer  |    3 +-
 .../resources/access-control/authorizers.xml  |    4 +
 .../propertytable/jquery.propertytable.js     |    5 +
 .../components/nf-ng-funnel-component.js      |    5 +
 .../components/nf-ng-group-component.js       |    5 +
 .../components/nf-ng-input-port-component.js  |    5 +
 .../components/nf-ng-label-component.js       |    5 +
 .../components/nf-ng-output-port-component.js |    5 +
 .../components/nf-ng-processor-component.js   |    5 +
 .../nf-ng-remote-process-group-component.js   |    5 +
 .../src/main/webapp/js/nf/canvas/nf-canvas.js |    8 +-
 .../nf/canvas/nf-connection-configuration.js  |    5 +
 .../js/nf/canvas/nf-controller-service.js     |    4 +-
 .../js/nf/canvas/nf-controller-services.js    |    5 +
 .../nf/canvas/nf-processor-configuration.js   |    2 +-
 .../webapp/js/nf/canvas/nf-reporting-task.js  |    4 +-
 .../main/webapp/js/nf/canvas/nf-settings.js   |   17 +-
 .../webapp/js/nf/cluster/nf-cluster-table.js  |    2 +-
 .../js/nf/counters/nf-counters-table.js       |    2 +-
 .../webapp/js/nf/history/nf-history-model.js  |    2 +-
 .../webapp/js/nf/history/nf-history-table.js  |    2 +-
 .../main/webapp/js/nf/nf-processor-details.js |    2 +-
 .../js/nf/provenance/nf-provenance-table.js   |    2 +-
 .../webapp/js/nf/provenance/nf-provenance.js  |    2 +-
 .../webapp/js/nf/summary/nf-cluster-search.js |    2 +-
 .../webapp/js/nf/summary/nf-summary-table.js  |    6 +-
 .../main/webapp/js/nf/summary/nf-summary.js   |    2 +-
 .../processors/standard/TestGetJMSQueue.java  |   33 +-
 .../nifi/controller/MonitorMemoryTest.java    |   14 +-
 .../update/attributes/api/RuleResource.java   |    2 +-
 103 files changed, 2802 insertions(+), 5671 deletions(-)
 create mode 100644 nifi-api/src/test/java/org/apache/nifi/web/TestRevision.java
 create mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/FlowConfigurationDTO.java
 create mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/FlowConfigurationEntity.java
 delete mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/UpdateResult.java
 delete mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ClusterResource.java
 create mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/CountersResource.java
 delete mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/HistoryResource.java
 delete mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/NodeResource.java
 delete mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AdminAccessControlTest.java
 delete mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/DfmAccessControlTest.java
 rename nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/{AccessTokenEndpointTest.java => ITAccessTokenEndpoint.java} (99%)
 rename nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/{ConnectionAccessControlTest.java => ITConnectionAccessControl.java} (97%)
 create mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITCountersAccessControl.java
 create mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITFlowAccessControl.java
 rename nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/{FunnelAccessControlTest.java => ITFunnelAccessControl.java} (99%)
 rename nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/{InputPortAccessControlTest.java => ITInputPortAccessControl.java} (99%)
 rename nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/{LabelAccessControlTest.java => ITLabelAccessControl.java} (99%)
 rename nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/{OutputPortAccessControlTest.java => ITOutputPortAccessControl.java} (99%)
 rename nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/{ProcessGroupAccessControlTest.java => ITProcessGroupAccessControl.java} (99%)
 rename nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/{ProcessorAccessControlTest.java => ITProcessorAccessControl.java} (99%)
 delete mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ReadOnlyAccessControlTest.java
 create mode 100644 nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiFlowTestAuthorizer.java

diff --git a/.travis.yml b/.travis.yml
index db579ce0f5..811a4c2d0a 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -14,4 +14,4 @@ before_install:
   - sed -e "s/^\\(127\\.0\\.0\\.1.*\\)/\\1 $(hostname | cut -c1-63)/" /etc/hosts | sudo tee /etc/hosts
   - sed -i.bak -e 's|https://nexus.codehaus.org/snapshots/|https://oss.sonatype.org/content/repositories/codehaus-snapshots/|g' ~/.m2/settings.xml
 
-script: mvn clean install -T4
+script: mvn clean install -Pcontrib-check
diff --git a/nifi-api/src/main/java/org/apache/nifi/web/Revision.java b/nifi-api/src/main/java/org/apache/nifi/web/Revision.java
index 1308e1b752..d768faa409 100644
--- a/nifi-api/src/main/java/org/apache/nifi/web/Revision.java
+++ b/nifi-api/src/main/java/org/apache/nifi/web/Revision.java
@@ -17,7 +17,6 @@
 package org.apache.nifi.web;
 
 import java.io.Serializable;
-import java.util.Objects;
 
 /**
  * A model object representing a revision. Equality is defined as matching
@@ -46,15 +45,17 @@ public class Revision implements Serializable {
      */
     private final String componentId;
 
-    @Deprecated
-    public Revision(Long revision, String clientId) {
-        this(revision, clientId, "root");   // TODO: remove this constructor. This is to bridge the gap right now
-    }
+    public Revision(Long version, String clientId, String componentId) {
+        if (version == null) {
+            throw new IllegalArgumentException("The revision must be specified.");
+        }
+        if (componentId == null) {
+            throw new IllegalArgumentException("The componentId must be specified.");
+        }
 
-    public Revision(Long revision, String clientId, String componentId) {
-        this.version = revision;
+        this.version = version;
         this.clientId = clientId;
-        this.componentId = Objects.requireNonNull(componentId);
+        this.componentId = componentId;
     }
 
     public String getClientId() {
@@ -69,6 +70,16 @@ public class Revision implements Serializable {
         return componentId;
     }
 
+    /**
+     * Returns a new Revision that has the same Client ID and Component ID as this one
+     * but with a larger version
+     *
+     * @return the updated Revision
+     */
+    public Revision incrementRevision(final String clientId) {
+        return new Revision(version + 1, clientId, componentId);
+    }
+
     @Override
     public boolean equals(final Object obj) {
         if (obj == null) {
diff --git a/nifi-api/src/test/java/org/apache/nifi/web/TestRevision.java b/nifi-api/src/test/java/org/apache/nifi/web/TestRevision.java
new file mode 100644
index 0000000000..6d513fd79e
--- /dev/null
+++ b/nifi-api/src/test/java/org/apache/nifi/web/TestRevision.java
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web;
+
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ *
+ */
+public class TestRevision {
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testNullVersion() throws Exception {
+        new Revision(null, "client-id", "component-id");
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void testNullComponentId() throws Exception {
+        new Revision(0l, "client-id", null);
+    }
+
+    @Test
+    public void testIncrementRevision() throws Exception {
+        final String clientId = "client-id";
+        final String componentId = "component-id";
+        final Revision revision = new Revision(0l, clientId, componentId);
+        final Revision updatedRevision = revision.incrementRevision(clientId);
+        assertEquals(1, updatedRevision.getVersion().longValue());
+        assertEquals(clientId, updatedRevision.getClientId());
+        assertEquals(componentId, updatedRevision.getComponentId());
+    }
+
+    @Test
+    public void testIncrementRevisionNewClient() throws Exception {
+        final String clientId = "client-id";
+        final String newClientId = "new-client-id";
+        final String componentId = "component-id";
+        final Revision revision = new Revision(0l, clientId, componentId);
+        final Revision updatedRevision = revision.incrementRevision(newClientId);
+        assertEquals(1, updatedRevision.getVersion().longValue());
+        assertEquals(newClientId, updatedRevision.getClientId());
+        assertEquals(componentId, updatedRevision.getComponentId());
+    }
+
+}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml
index b8e1652fb4..ee9f85a3a9 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/pom.xml
@@ -69,6 +69,10 @@
             <groupId>org.apache.nifi</groupId>
             <artifactId>nifi-nar-utils</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.apache.nifi</groupId>
+            <artifactId>nifi-properties</artifactId>
+        </dependency>
     </dependencies>
 
 </project>
\ No newline at end of file
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/ControllerConfigurationDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/ControllerConfigurationDTO.java
index 2c7edf7784..aee65b4c4d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/ControllerConfigurationDTO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/ControllerConfigurationDTO.java
@@ -17,26 +17,18 @@
 package org.apache.nifi.web.api.dto;
 
 import com.wordnik.swagger.annotations.ApiModelProperty;
-import org.apache.nifi.web.api.dto.util.TimeAdapter;
 
 import javax.xml.bind.annotation.XmlType;
-import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
-import java.util.Date;
 
 /**
  * Details for the controller configuration.
  */
-@XmlType(name = "config")
+@XmlType(name = "controllerConfiguration")
 public class ControllerConfigurationDTO {
 
     private Integer maxTimerDrivenThreadCount;
     private Integer maxEventDrivenThreadCount;
 
-    private Long autoRefreshIntervalSeconds;
-
-    private Date currentTime;
-    private Integer timeOffset;
-
     /**
      * @return maximum number of timer driven threads this NiFi has available
      */
@@ -64,48 +56,4 @@ public class ControllerConfigurationDTO {
     public void setMaxEventDrivenThreadCount(Integer maxEventDrivenThreadCount) {
         this.maxEventDrivenThreadCount = maxEventDrivenThreadCount;
     }
-
-    /**
-     * @return interval in seconds between the automatic NiFi refresh requests. This value is read only
-     */
-    @ApiModelProperty(
-            value = "The interval in seconds between the automatic NiFi refresh requests.",
-            readOnly = true
-    )
-    public Long getAutoRefreshIntervalSeconds() {
-        return autoRefreshIntervalSeconds;
-    }
-
-    public void setAutoRefreshIntervalSeconds(Long autoRefreshIntervalSeconds) {
-        this.autoRefreshIntervalSeconds = autoRefreshIntervalSeconds;
-    }
-
-    /**
-     * @return current time on the server
-     */
-    @XmlJavaTypeAdapter(TimeAdapter.class)
-    @ApiModelProperty(
-            value = "The current time on the system."
-    )
-    public Date getCurrentTime() {
-        return currentTime;
-    }
-
-    public void setCurrentTime(Date currentTime) {
-        this.currentTime = currentTime;
-    }
-
-    /**
-     * @return time offset of the server
-     */
-    @ApiModelProperty(
-            value = "The time offset of the system."
-    )
-    public Integer getTimeOffset() {
-        return timeOffset;
-    }
-
-    public void setTimeOffset(Integer timeOffset) {
-        this.timeOffset = timeOffset;
-    }
 }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/FlowConfigurationDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/FlowConfigurationDTO.java
new file mode 100644
index 0000000000..d5028d254c
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/FlowConfigurationDTO.java
@@ -0,0 +1,80 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.api.dto;
+
+import com.wordnik.swagger.annotations.ApiModelProperty;
+import org.apache.nifi.web.api.dto.util.TimeAdapter;
+
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import java.util.Date;
+
+/**
+ * Details for the controller configuration.
+ */
+@XmlType(name = "flowConfiguration")
+public class FlowConfigurationDTO {
+
+    private Long autoRefreshIntervalSeconds;
+
+    private Date currentTime;
+    private Integer timeOffset;
+
+    /**
+     * @return interval in seconds between the automatic NiFi refresh requests. This value is read only
+     */
+    @ApiModelProperty(
+            value = "The interval in seconds between the automatic NiFi refresh requests.",
+            readOnly = true
+    )
+    public Long getAutoRefreshIntervalSeconds() {
+        return autoRefreshIntervalSeconds;
+    }
+
+    public void setAutoRefreshIntervalSeconds(Long autoRefreshIntervalSeconds) {
+        this.autoRefreshIntervalSeconds = autoRefreshIntervalSeconds;
+    }
+
+    /**
+     * @return current time on the server
+     */
+    @XmlJavaTypeAdapter(TimeAdapter.class)
+    @ApiModelProperty(
+            value = "The current time on the system."
+    )
+    public Date getCurrentTime() {
+        return currentTime;
+    }
+
+    public void setCurrentTime(Date currentTime) {
+        this.currentTime = currentTime;
+    }
+
+    /**
+     * @return time offset of the server
+     */
+    @ApiModelProperty(
+            value = "The time offset of the system."
+    )
+    public Integer getTimeOffset() {
+        return timeOffset;
+    }
+
+    public void setTimeOffset(Integer timeOffset) {
+        this.timeOffset = timeOffset;
+    }
+}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/RevisionDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/RevisionDTO.java
index 0e673f8dd7..e50e6e1ab1 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/RevisionDTO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/RevisionDTO.java
@@ -70,7 +70,8 @@ public class RevisionDTO {
      * @return The user that last modified the flow
      */
     @ApiModelProperty(
-            value = "The user that last modified the flow."
+            value = "The user that last modified the flow.",
+            readOnly = true
     )
     public String getLastModifier() {
         return lastModifier;
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ControllerConfigurationEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ControllerConfigurationEntity.java
index 4b1188c165..066950e471 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ControllerConfigurationEntity.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/ControllerConfigurationEntity.java
@@ -20,8 +20,11 @@ import com.wordnik.swagger.annotations.ApiModelProperty;
 import org.apache.nifi.web.api.dto.AccessPolicyDTO;
 import org.apache.nifi.web.api.dto.ControllerConfigurationDTO;
 import org.apache.nifi.web.api.dto.RevisionDTO;
+import org.apache.nifi.web.api.dto.util.TimeAdapter;
 
 import javax.xml.bind.annotation.XmlRootElement;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import java.util.Date;
 
 /**
  * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a ControllerConfigurationDTO.
@@ -29,7 +32,8 @@ import javax.xml.bind.annotation.XmlRootElement;
 @XmlRootElement(name = "controllerConfigurationEntity")
 public class ControllerConfigurationEntity extends Entity {
 
-    private ControllerConfigurationDTO config;
+    private Date currentTime;
+    private ControllerConfigurationDTO controllerConfiguration;
     private RevisionDTO revision;
     private AccessPolicyDTO accessPolicy;
 
@@ -59,12 +63,12 @@ public class ControllerConfigurationEntity extends Entity {
     @ApiModelProperty(
         value = "The controller configuration."
     )
-    public ControllerConfigurationDTO getConfig() {
-        return config;
+    public ControllerConfigurationDTO getControllerConfiguration() {
+        return controllerConfiguration;
     }
 
-    public void setConfig(ControllerConfigurationDTO config) {
-        this.config = config;
+    public void setControllerConfiguration(ControllerConfigurationDTO controllerConfiguration) {
+        this.controllerConfiguration = controllerConfiguration;
     }
 
     /**
@@ -82,4 +86,19 @@ public class ControllerConfigurationEntity extends Entity {
     public void setAccessPolicy(AccessPolicyDTO accessPolicy) {
         this.accessPolicy = accessPolicy;
     }
+
+    /**
+     * @return current time on the server
+     */
+    @XmlJavaTypeAdapter(TimeAdapter.class)
+    @ApiModelProperty(
+            value = "The current time on the system."
+    )
+    public Date getCurrentTime() {
+        return currentTime;
+    }
+
+    public void setCurrentTime(Date currentTime) {
+        this.currentTime = currentTime;
+    }
 }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/FlowConfigurationEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/FlowConfigurationEntity.java
new file mode 100644
index 0000000000..54af4d4e17
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/FlowConfigurationEntity.java
@@ -0,0 +1,48 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.api.entity;
+
+import com.wordnik.swagger.annotations.ApiModelProperty;
+import org.apache.nifi.web.api.dto.FlowConfigurationDTO;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+/**
+ * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a FlowConfigurationDTO.
+ */
+@XmlRootElement(name = "flowConfigurationEntity")
+public class FlowConfigurationEntity extends Entity {
+
+    private FlowConfigurationDTO flowConfiguration;
+
+    /**
+     * The FlowConfigurationDTO that is being serialized.
+     *
+     * @return The FlowConfigurationDTO object
+     */
+    @ApiModelProperty(
+        value = "The controller configuration."
+    )
+    public FlowConfigurationDTO getFlowConfiguration() {
+        return flowConfiguration;
+    }
+
+    public void setFlowConfiguration(FlowConfigurationDTO flowConfiguration) {
+        this.flowConfiguration = flowConfiguration;
+    }
+
+}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java
index c897be279b..50f7288d76 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java
@@ -65,18 +65,30 @@ public interface Authorizable {
      * @return is authorized
      */
     default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action) {
-        final NiFiUser user = NiFiUserUtils.getNiFiUser();
+        return checkAuthorization(authorizer, action, NiFiUserUtils.getNiFiUser());
+    }
 
+    /**
+     * Returns the result of an authorization request for the specified user for the specified action on the specified
+     * resource. This method does not imply the user is directly attempting to access the specified resource. If the user is
+     * attempting a direct access use Authorizable.authorize().
+     *
+     * @param authorizer authorizer
+     * @param action action
+     * @param user user
+     * @return is authorized
+     */
+    default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user) {
         // TODO - include user details context
 
         // build the request
         final AuthorizationRequest request = new AuthorizationRequest.Builder()
-            .identity(user.getIdentity())
-            .anonymous(user.isAnonymous())
-            .accessAttempt(false)
-            .action(action)
-            .resource(getResource())
-            .build();
+                .identity(user.getIdentity())
+                .anonymous(user.isAnonymous())
+                .accessAttempt(false)
+                .action(action)
+                .resource(getResource())
+                .build();
 
         // perform the authorization
         final AuthorizationResult result = authorizer.authorize(request);
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/ResourceFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/ResourceFactory.java
index 92d8e332ba..0454ad73ca 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/ResourceFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/ResourceFactory.java
@@ -169,6 +169,18 @@ public final class ResourceFactory {
         }
     };
 
+    private final static Resource COUNTERS_RESOURCE = new Resource() {
+        @Override
+        public String getIdentifier() {
+            return ResourceType.Counters.getValue();
+        }
+
+        @Override
+        public String getName() {
+            return "Counters";
+        }
+    };
+
     private final static Resource PROVENANCE_RESOURCE = new Resource() {
         @Override
         public String getIdentifier() {
@@ -436,6 +448,15 @@ public final class ResourceFactory {
         return PROCESS_GROUP_RESOURCE;
     }
 
+    /**
+     * Gets the Resource for accessing the Counters..
+     *
+     * @return  The resource for accessing the Controller
+     */
+    public static Resource getCountersResource() {
+        return COUNTERS_RESOURCE;
+    }
+
     /**
      * Gets the Resource for accessing provenance. Access to this Resource allows the user to access data provenance. However, additional authorization
      * is required based on the component that generated the event and the attributes of the event.
@@ -528,6 +549,29 @@ public final class ResourceFactory {
         return USER_RESOURCE;
     }
 
+    /**
+     * Gets a Resource for performing site to site on a port.
+     *
+     * @param identifier    The identifier of the component being accessed
+     * @param name          The name of the component being accessed
+     * @return              The resource
+     */
+    public static Resource getSiteToSiteResource(final String identifier, final String name) {
+        Objects.requireNonNull(identifier, "The component identifier must be specified.");
+
+        return new Resource() {
+            @Override
+            public String getIdentifier() {
+                return String.format("%s/%s", ResourceType.SiteToSite.getValue(), identifier);
+            }
+
+            @Override
+            public String getName() {
+                return name;
+            }
+        };
+    }
+
     /**
      * Gets the {@link Resource} for accessing {@link AccessPolicy}s.
      * @return The policies resource
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/ResourceType.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/ResourceType.java
index 784af6dd17..94b61181ef 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/ResourceType.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/resource/ResourceType.java
@@ -38,6 +38,7 @@ public enum ResourceType {
     System("/system"),
     Template("/templates"),
     Token("/token"),
+    Counters("/counters"),
     User("/users");
 
     final String value;
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/NiFiUser.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/NiFiUser.java
index 80e740625f..f560cd768b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/NiFiUser.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/NiFiUser.java
@@ -35,10 +35,6 @@ public class NiFiUser implements Serializable {
         this(identity, identity, null);
     }
 
-    public NiFiUser(String identity, String userName) {
-        this(identity, userName, null);
-    }
-
     public NiFiUser(String identity, NiFiUser chain) {
         this(identity, identity, chain);
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/ReportingTasksEndpointMerger.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/ReportingTasksEndpointMerger.java
index a5390e861f..8771722192 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/ReportingTasksEndpointMerger.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-cluster/src/main/java/org/apache/nifi/cluster/coordination/http/endpoints/ReportingTasksEndpointMerger.java
@@ -30,7 +30,7 @@ import java.util.Map;
 import java.util.Set;
 
 public class ReportingTasksEndpointMerger  implements EndpointResponseMerger {
-    public static final String REPORTING_TASKS_URI = "/nifi-api/controller/reporting-tasks";
+    public static final String REPORTING_TASKS_URI = "/nifi-api/flow/reporting-tasks";
 
     @Override
     public boolean canHandle(URI uri, String method) {
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/web/revision/UpdateRevisionTask.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/web/revision/UpdateRevisionTask.java
index f2f7914a18..bcf68b512b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/web/revision/UpdateRevisionTask.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/web/revision/UpdateRevisionTask.java
@@ -17,12 +17,6 @@
 
 package org.apache.nifi.web.revision;
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-
-import org.apache.nifi.web.Revision;
-
 /**
  * <p>
  * A task that is responsible for updating some component(s).
@@ -35,30 +29,4 @@ public interface UpdateRevisionTask<T> {
      * @return the updated revisions for the components
      */
     RevisionUpdate<T> update();
-
-    /**
-     * Returns a new Revision that has the same Client ID and Component ID as the given one
-     * but with a larger version
-     *
-     * @param revision the revision to update
-     * @return the updated Revision
-     */
-    default Revision incrementRevision(Revision revision) {
-        return new Revision(revision.getVersion() + 1, revision.getClientId(), revision.getComponentId());
-    }
-
-    /**
-     * Returns a Collection of Revisions that contains an updated version of all Revisions passed in
-     *
-     * @param revisions the Revisions to update
-     * @return a Collection of all Revisions that are passed in
-     */
-    default Collection<Revision> incrementRevisions(Revision... revisions) {
-        final List<Revision> updated = new ArrayList<>(revisions.length);
-        for (final Revision revision : revisions) {
-            updated.add(incrementRevision(revision));
-        }
-
-        return updated;
-    }
 }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/StandardFlowServiceTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/StandardFlowServiceTest.java
index b2d920aeb6..9dd9762657 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/StandardFlowServiceTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/StandardFlowServiceTest.java
@@ -16,14 +16,7 @@
  */
 package org.apache.nifi.controller;
 
-import static org.junit.Assert.fail;
-import static org.mockito.Mockito.mock;
-
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-
+import org.apache.commons.io.IOUtils;
 import org.apache.nifi.admin.service.AuditService;
 import org.apache.nifi.authorization.Authorizer;
 import org.apache.nifi.cluster.protocol.StandardDataFlow;
@@ -31,6 +24,8 @@ import org.apache.nifi.controller.repository.FlowFileEventRepository;
 import org.apache.nifi.controller.serialization.FlowSerializationException;
 import org.apache.nifi.controller.serialization.FlowSerializer;
 import org.apache.nifi.controller.serialization.StandardFlowSerializer;
+import org.apache.nifi.encrypt.StringEncryptor;
+import org.apache.nifi.events.VolatileBulletinRepository;
 import org.apache.nifi.util.NiFiProperties;
 import org.apache.nifi.web.api.dto.ConnectableDTO;
 import org.apache.nifi.web.api.dto.ConnectionDTO;
@@ -41,15 +36,20 @@ import org.apache.nifi.web.api.dto.ProcessGroupDTO;
 import org.apache.nifi.web.api.dto.ProcessorConfigDTO;
 import org.apache.nifi.web.api.dto.ProcessorDTO;
 import org.apache.nifi.web.revision.RevisionManager;
-import org.apache.commons.io.IOUtils;
-import org.apache.nifi.encrypt.StringEncryptor;
-import org.apache.nifi.events.VolatileBulletinRepository;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.junit.Assert.fail;
+import static org.mockito.Mockito.mock;
+
 /**
  */
 @Ignore
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/scheduling/TestProcessorLifecycle.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/scheduling/TestProcessorLifecycle.java
index 16f47845d1..0933013075 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/scheduling/TestProcessorLifecycle.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/scheduling/TestProcessorLifecycle.java
@@ -16,27 +16,6 @@
  */
 package org.apache.nifi.controller.scheduling;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import static org.mockito.Mockito.mock;
-
-import java.io.File;
-import java.lang.reflect.Method;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Random;
-import java.util.UUID;
-import java.util.concurrent.CountDownLatch;
-import java.util.concurrent.ExecutorService;
-import java.util.concurrent.Executors;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.locks.LockSupport;
-
 import org.apache.commons.io.FileUtils;
 import org.apache.nifi.admin.service.AuditService;
 import org.apache.nifi.annotation.lifecycle.OnScheduled;
@@ -71,6 +50,27 @@ import org.junit.Test;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.io.File;
+import java.lang.reflect.Method;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Random;
+import java.util.UUID;
+import java.util.concurrent.CountDownLatch;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.locks.LockSupport;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+import static org.mockito.Mockito.mock;
+
 /**
  * Validate Processor's life-cycle operation within the context of
  * {@link FlowController} and {@link StandardProcessScheduler}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardRootGroupPort.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardRootGroupPort.java
index cd10d5ca7a..9ad9987d3a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardRootGroupPort.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardRootGroupPort.java
@@ -16,7 +16,14 @@
  */
 package org.apache.nifi.remote;
 
+import org.apache.nifi.authorization.AuthorizationResult;
+import org.apache.nifi.authorization.AuthorizationResult.Result;
 import org.apache.nifi.authorization.Authorizer;
+import org.apache.nifi.authorization.RequestAction;
+import org.apache.nifi.authorization.Resource;
+import org.apache.nifi.authorization.resource.Authorizable;
+import org.apache.nifi.authorization.resource.ResourceFactory;
+import org.apache.nifi.authorization.user.NiFiUser;
 import org.apache.nifi.components.ValidationResult;
 import org.apache.nifi.connectable.ConnectableType;
 import org.apache.nifi.controller.AbstractPort;
@@ -72,6 +79,7 @@ public class StandardRootGroupPort extends AbstractPort implements RootGroupPort
     private final ProcessScheduler processScheduler;
     private final boolean secure;
     private final Authorizer authorizer;
+
     @SuppressWarnings("unused")
     private final BulletinRepository bulletinRepository;
     private final EventReporter eventReporter;
@@ -336,6 +344,16 @@ public class StandardRootGroupPort extends AbstractPort implements RootGroupPort
         }
     }
 
+    @Override
+    public Authorizable getParentAuthorizable() {
+        return null;
+    }
+
+    @Override
+    public Resource getResource() {
+        return ResourceFactory.getSiteToSiteResource(getIdentifier(), getName());
+    }
+
     @Override
     public PortAuthorizationResult checkUserAuthorization(final String dn) {
         if (!secure) {
@@ -349,7 +367,15 @@ public class StandardRootGroupPort extends AbstractPort implements RootGroupPort
             return new StandardPortAuthorizationResult(false, "User DN is not known");
         }
 
-        // TODO - Replace with call to Authorizer to authorize site to site data transfer
+        // attempt to authorize the specified user
+        final AuthorizationResult result = checkAuthorization(authorizer, RequestAction.WRITE, new NiFiUser(dn));
+        if (!Result.Approved.equals(result.getResult())) {
+            final String message = String.format("%s authorization failed for user %s because %s", this, dn, result.getExplanation());
+            logger.warn(message);
+            eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
+            return new StandardPortAuthorizationResult(false, message);
+        }
+
         return new StandardPortAuthorizationResult(true, "User is Authorized");
     }
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-custom-ui-utilities/src/main/java/org/apache/nifi/web/HttpServletConfigurationRequestContext.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-custom-ui-utilities/src/main/java/org/apache/nifi/web/HttpServletConfigurationRequestContext.java
index 986ce4cbc4..7c4131ff78 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-custom-ui-utilities/src/main/java/org/apache/nifi/web/HttpServletConfigurationRequestContext.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-custom-ui-utilities/src/main/java/org/apache/nifi/web/HttpServletConfigurationRequestContext.java
@@ -24,6 +24,7 @@ import javax.servlet.http.HttpServletRequest;
  */
 public class HttpServletConfigurationRequestContext extends HttpServletRequestContext implements NiFiWebConfigurationRequestContext {
 
+    private static final String ID_PARAM = "id";
     private static final String CLIENT_ID_PARAM = "clientId";
     private static final String REVISION_PARAM = "revision";
 
@@ -36,7 +37,7 @@ public class HttpServletConfigurationRequestContext extends HttpServletRequestCo
 
     /**
      * @return the revision retrieved from the request parameters with keys
-     * equal to "clientId" and "revision".
+     * equal to "clientId", "revision", and "id".
      */
     @Override
     public Revision getRevision() {
@@ -49,8 +50,9 @@ public class HttpServletConfigurationRequestContext extends HttpServletRequestCo
         }
 
         final String clientId = request.getParameter(CLIENT_ID_PARAM);
+        final String componentId = request.getParameter(ID_PARAM);
 
-        return new Revision(revision, clientId);
+        return new Revision(revision, clientId, componentId);
     }
 
 }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/pom.xml
index 98824865ea..38ce1a627a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/pom.xml
@@ -49,7 +49,7 @@
             </plugin>
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-surefire-plugin</artifactId>
+                <artifactId>maven-failsafe-plugin</artifactId>
                 <configuration>
                     <argLine>-Xms512m -Xmx512m</argLine>
                     <forkCount>1</forkCount>
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/AuthorizableLookup.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/AuthorizableLookup.java
index e03271813f..f98878082f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/AuthorizableLookup.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/AuthorizableLookup.java
@@ -24,6 +24,13 @@ import org.apache.nifi.controller.Snippet;
 
 public interface AuthorizableLookup {
 
+    /**
+     * Get the authorizable Controller.
+     *
+     * @return authorizable
+     */
+    Authorizable getController();
+
     /**
      * Get the authorizable Processor.
      *
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java
index f9a91cf432..1c08f7529d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java
@@ -73,6 +73,7 @@ import org.apache.nifi.web.api.entity.ConnectionEntity;
 import org.apache.nifi.web.api.entity.ControllerConfigurationEntity;
 import org.apache.nifi.web.api.entity.ControllerServiceEntity;
 import org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentsEntity;
+import org.apache.nifi.web.api.entity.FlowConfigurationEntity;
 import org.apache.nifi.web.api.entity.FlowEntity;
 import org.apache.nifi.web.api.entity.FunnelEntity;
 import org.apache.nifi.web.api.entity.LabelEntity;
@@ -289,6 +290,13 @@ public interface NiFiServiceFacade {
      */
     ControllerConfigurationEntity getControllerConfiguration();
 
+    /**
+     * Gets the configuration for the flow.
+     *
+     * @return Flow configuration transfer object
+     */
+    FlowConfigurationEntity getFlowConfiguration();
+
     /**
      * Updates the configuration for this controller.
      *
@@ -447,11 +455,12 @@ public interface NiFiServiceFacade {
     /**
      * Creates a new Processor.
      *
+     * @param revision revision
      * @param groupId Group id
      * @param processorDTO The processor DTO
      * @return The new processor DTO
      */
-    ProcessorEntity createProcessor(String groupId, ProcessorDTO processorDTO);
+    ProcessorEntity createProcessor(Revision revision, String groupId, ProcessorDTO processorDTO);
 
     /**
      * Gets the Processor transfer object for the specified id.
@@ -508,7 +517,7 @@ public interface NiFiServiceFacade {
      * @param processorDTO The processorDTO
      * @return The updated processor
      */
-    UpdateResult<ProcessorEntity> updateProcessor(Revision revision, ProcessorDTO processorDTO);
+    ProcessorEntity updateProcessor(Revision revision, ProcessorDTO processorDTO);
 
     /**
      * Verifies the specified processor can be removed.
@@ -565,11 +574,12 @@ public interface NiFiServiceFacade {
     /**
      * Creates a new Relationship target.
      *
+     * @param revision revision
      * @param groupId group
      * @param connectionDTO The Connection DTO
      * @return The Connection DTO
      */
-    ConnectionEntity createConnection(String groupId, ConnectionDTO connectionDTO);
+    ConnectionEntity createConnection(Revision revision, String groupId, ConnectionDTO connectionDTO);
 
     /**
      * Determines if this connection can be listed.
@@ -600,7 +610,7 @@ public interface NiFiServiceFacade {
      * @param connectionDTO The Connection DTO
      * @return The Connection DTO
      */
-    UpdateResult<ConnectionEntity> updateConnection(Revision revision, ConnectionDTO connectionDTO);
+    ConnectionEntity updateConnection(Revision revision, ConnectionDTO connectionDTO);
 
     /**
      * Determines if this connection can be removed.
@@ -690,11 +700,12 @@ public interface NiFiServiceFacade {
     /**
      * Creates a new input port.
      *
+     * @param revision revision
      * @param groupId The id of the group this port should be create in
      * @param inputPortDTO The input PortDTO
      * @return snapshot
      */
-    PortEntity createInputPort(String groupId, PortDTO inputPortDTO);
+    PortEntity createInputPort(Revision revision, String groupId, PortDTO inputPortDTO);
 
     /**
      * Gets an input port.
@@ -732,9 +743,9 @@ public interface NiFiServiceFacade {
      *
      * @param revision Revision to compare with current base revision
      * @param inputPortDTO The input PortDTO
-     * @return snapshort
+     * @return snapshot
      */
-    UpdateResult<PortEntity> updateInputPort(Revision revision, PortDTO inputPortDTO);
+    PortEntity updateInputPort(Revision revision, PortDTO inputPortDTO);
 
     /**
      * Determines if the input port could be deleted.
@@ -758,11 +769,12 @@ public interface NiFiServiceFacade {
     /**
      * Creates a new output port.
      *
+     * @param revision revision
      * @param groupId The id of the group this port should be create in
      * @param outputPortDTO The output PortDTO
      * @return snapshot
      */
-    PortEntity createOutputPort( String groupId, PortDTO outputPortDTO);
+    PortEntity createOutputPort(Revision revision, String groupId, PortDTO outputPortDTO);
 
     /**
      * Gets an output port.
@@ -802,7 +814,7 @@ public interface NiFiServiceFacade {
      * @param outputPortDTO The output PortDTO
      * @return snapshot
      */
-    UpdateResult<PortEntity> updateOutputPort(Revision revision, PortDTO outputPortDTO);
+    PortEntity updateOutputPort(Revision revision, PortDTO outputPortDTO);
 
     /**
      * Determines if the output port could be deleted.
@@ -838,11 +850,12 @@ public interface NiFiServiceFacade {
     /**
      * Creates a new process group.
      *
+     * @param revision revision
      * @param parentGroupId The id of the parent group
      * @param processGroupDTO The ProcessGroupDTO
      * @return snapshot
      */
-    ProcessGroupEntity createProcessGroup(String parentGroupId, ProcessGroupDTO processGroupDTO);
+    ProcessGroupEntity createProcessGroup(Revision revision, String parentGroupId, ProcessGroupDTO processGroupDTO);
 
     /**
      * Returns the process group.
@@ -886,7 +899,7 @@ public interface NiFiServiceFacade {
      * @param processGroupDTO The ProcessGroupDTO
      * @return snapshot
      */
-    UpdateResult<ProcessGroupEntity> updateProcessGroup(Revision revision, ProcessGroupDTO processGroupDTO);
+    ProcessGroupEntity updateProcessGroup(Revision revision, ProcessGroupDTO processGroupDTO);
 
     /**
      * Verifies the specified process group can be removed.
@@ -910,11 +923,12 @@ public interface NiFiServiceFacade {
     /**
      * Creates a new remote process group.
      *
+     * @param revision revision
      * @param groupId The id of the parent group
      * @param remoteProcessGroupDTO The RemoteProcessGroupDTO
      * @return snapshot
      */
-    RemoteProcessGroupEntity createRemoteProcessGroup(String groupId, RemoteProcessGroupDTO remoteProcessGroupDTO);
+    RemoteProcessGroupEntity createRemoteProcessGroup(Revision revision, String groupId, RemoteProcessGroupDTO remoteProcessGroupDTO);
 
     /**
      * Gets a remote process group.
@@ -978,7 +992,7 @@ public interface NiFiServiceFacade {
      * @param remoteProcessGroupDTO The RemoteProcessGroupDTO
      * @return snapshot
      */
-    UpdateResult<RemoteProcessGroupEntity> updateRemoteProcessGroup(Revision revision, RemoteProcessGroupDTO remoteProcessGroupDTO);
+    RemoteProcessGroupEntity updateRemoteProcessGroup(Revision revision, RemoteProcessGroupDTO remoteProcessGroupDTO);
 
     /**
      * Updates the specified remote process groups input port.
@@ -1022,11 +1036,12 @@ public interface NiFiServiceFacade {
     /**
      * Creates a funnel.
      *
+     * @param revision revision
      * @param groupId group
      * @param funnelDTO funnel
      * @return The funnel DTO
      */
-    FunnelEntity createFunnel(String groupId, FunnelDTO funnelDTO);
+    FunnelEntity createFunnel(Revision revision, String groupId, FunnelDTO funnelDTO);
 
     /**
      * Gets the specified funnel.
@@ -1045,13 +1060,13 @@ public interface NiFiServiceFacade {
     Set<FunnelEntity> getFunnels(String groupId);
 
     /**
-     * Updates the specified label.
+     * Updates the specified funnel.
      *
      * @param revision Revision to compare with current base revision
      * @param funnelDTO The funnel DTO
      * @return The funnel DTO
      */
-    UpdateResult<FunnelEntity> updateFunnel(Revision revision, FunnelDTO funnelDTO);
+    FunnelEntity updateFunnel(Revision revision, FunnelDTO funnelDTO);
 
     /**
      * Verifies the specified funnel can be deleted.
@@ -1145,11 +1160,12 @@ public interface NiFiServiceFacade {
     /**
      * Creates a label.
      *
+     * @param revision revision
      * @param groupId group
      * @param labelDTO The label DTO
      * @return The label DTO
      */
-    LabelEntity createLabel(String groupId, LabelDTO labelDTO);
+    LabelEntity createLabel(Revision revision, String groupId, LabelDTO labelDTO);
 
     /**
      * Gets the specified label.
@@ -1174,7 +1190,7 @@ public interface NiFiServiceFacade {
      * @param labelDTO The label DTO
      * @return The label DTO
      */
-    UpdateResult<LabelEntity> updateLabel(Revision revision, LabelDTO labelDTO);
+    LabelEntity updateLabel(Revision revision, LabelDTO labelDTO);
 
     /**
      * Deletes the specified label.
@@ -1210,7 +1226,7 @@ public interface NiFiServiceFacade {
      * @param userDTO The user DTO
      * @return The user transfer object
      */
-    UpdateResult<UserEntity> updateUser(Revision revision, UserDTO userDTO);
+    UserEntity updateUser(Revision revision, UserDTO userDTO);
 
     /**
      * Deletes the specified user.
@@ -1245,7 +1261,7 @@ public interface NiFiServiceFacade {
      * @param userGroupDTO The user group DTO
      * @return The user group transfer object
      */
-    UpdateResult<UserGroupEntity> updateUserGroup(Revision revision, UserGroupDTO userGroupDTO);
+    UserGroupEntity updateUserGroup(Revision revision, UserGroupDTO userGroupDTO);
 
     /**
      * Deletes the specified user group.
@@ -1279,7 +1295,7 @@ public interface NiFiServiceFacade {
      * @param accessPolicyDTO The access policy DTO
      * @return The access policy transfer object
      */
-    UpdateResult<AccessPolicyEntity> updateAccessPolicy(Revision revision, AccessPolicyDTO accessPolicyDTO);
+    AccessPolicyEntity updateAccessPolicy(Revision revision, AccessPolicyDTO accessPolicyDTO);
 
     /**
      * Deletes the specified access policy.
@@ -1295,11 +1311,12 @@ public interface NiFiServiceFacade {
     /**
      * Creates a controller service.
      *
+     * @param revision revision
      * @param groupId the ID of the Process Group to add the Controller Service to
      * @param controllerServiceDTO The controller service DTO
      * @return The controller service DTO
      */
-    ControllerServiceEntity createControllerService(String groupId, ControllerServiceDTO controllerServiceDTO);
+    ControllerServiceEntity createControllerService(Revision revision, String groupId, ControllerServiceDTO controllerServiceDTO);
 
     /**
      * Gets all controller services that belong to the given group and its parent/ancestor groups
@@ -1347,13 +1364,13 @@ public interface NiFiServiceFacade {
         Map<String, Revision> referenceRevisions, String controllerServiceId, ScheduledState scheduledState, ControllerServiceState controllerServiceState);
 
     /**
-     * Updates the specified label.
+     * Updates the specified controller service.
      *
      * @param revision Revision to compare with current base revision
      * @param controllerServiceDTO The controller service DTO
      * @return The controller service DTO
      */
-    UpdateResult<ControllerServiceEntity> updateControllerService(Revision revision, ControllerServiceDTO controllerServiceDTO);
+    ControllerServiceEntity updateControllerService(Revision revision, ControllerServiceDTO controllerServiceDTO);
 
     /**
      * Deletes the specified label.
@@ -1393,10 +1410,11 @@ public interface NiFiServiceFacade {
     /**
      * Creates a reporting task.
      *
+     * @param revision revision
      * @param reportingTaskDTO The reporting task DTO
      * @return The reporting task DTO
      */
-    ReportingTaskEntity createReportingTask(ReportingTaskDTO reportingTaskDTO);
+    ReportingTaskEntity createReportingTask(Revision revision, ReportingTaskDTO reportingTaskDTO);
 
     /**
      * Gets all reporting tasks.
@@ -1429,7 +1447,7 @@ public interface NiFiServiceFacade {
      * @param reportingTaskDTO The reporting task DTO
      * @return The reporting task DTO
      */
-    UpdateResult<ReportingTaskEntity> updateReportingTask(Revision revision, ReportingTaskDTO reportingTaskDTO);
+    ReportingTaskEntity updateReportingTask(Revision revision, ReportingTaskDTO reportingTaskDTO);
 
     /**
      * Deletes the specified reporting task.
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardAuthorizableLookup.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardAuthorizableLookup.java
index aef2798d6b..f702ffc6cc 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardAuthorizableLookup.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardAuthorizableLookup.java
@@ -66,6 +66,11 @@ class StandardAuthorizableLookup implements AuthorizableLookup {
     private TemplateDAO templateDAO;
     private AccessPolicyDAO accessPolicyDAO;
 
+    @Override
+    public Authorizable getController() {
+        return controllerFacade;
+    }
+
     @Override
     public Authorizable getProcessor(final String id) {
         return processorDAO.getProcessor(id);
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
index 50fa50553c..eaaef986bb 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
@@ -17,15 +17,16 @@
 package org.apache.nifi.web;
 
 import com.google.common.collect.Sets;
-import org.apache.commons.lang3.StringUtils;
 import org.apache.nifi.action.Action;
 import org.apache.nifi.action.Component;
 import org.apache.nifi.action.FlowChangeAction;
 import org.apache.nifi.action.Operation;
 import org.apache.nifi.action.details.FlowChangePurgeDetails;
 import org.apache.nifi.admin.service.AuditService;
-import org.apache.nifi.admin.service.KeyService;
+import org.apache.nifi.authorization.AccessDeniedException;
 import org.apache.nifi.authorization.AccessPolicy;
+import org.apache.nifi.authorization.AuthorizationResult;
+import org.apache.nifi.authorization.AuthorizationResult.Result;
 import org.apache.nifi.authorization.Authorizer;
 import org.apache.nifi.authorization.Group;
 import org.apache.nifi.authorization.RequestAction;
@@ -97,6 +98,7 @@ import org.apache.nifi.web.api.dto.DocumentedTypeDTO;
 import org.apache.nifi.web.api.dto.DropRequestDTO;
 import org.apache.nifi.web.api.dto.DtoFactory;
 import org.apache.nifi.web.api.dto.EntityFactory;
+import org.apache.nifi.web.api.dto.FlowConfigurationDTO;
 import org.apache.nifi.web.api.dto.FlowFileDTO;
 import org.apache.nifi.web.api.dto.FlowSnippetDTO;
 import org.apache.nifi.web.api.dto.FunnelDTO;
@@ -141,6 +143,7 @@ import org.apache.nifi.web.api.entity.ControllerConfigurationEntity;
 import org.apache.nifi.web.api.entity.ControllerServiceEntity;
 import org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentEntity;
 import org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentsEntity;
+import org.apache.nifi.web.api.entity.FlowConfigurationEntity;
 import org.apache.nifi.web.api.entity.FlowEntity;
 import org.apache.nifi.web.api.entity.FunnelEntity;
 import org.apache.nifi.web.api.entity.LabelEntity;
@@ -184,6 +187,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
@@ -240,7 +244,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
     // administrative services
     private AuditService auditService;
-    private KeyService keyService;
 
     // properties
     private NiFiProperties properties;
@@ -515,12 +518,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     // Write Operations
     // -----------------------------------------
     @Override
-    public UpdateResult<AccessPolicyEntity> updateAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) {
-        // if access policy does not exist, then create new access policy
-        if (!accessPolicyDAO.hasAccessPolicy(accessPolicyDTO.getId())) {
-            return new UpdateResult<>(createAccessPolicy(revision, accessPolicyDTO), false);
-        }
-
+    public AccessPolicyEntity updateAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) {
         final Authorizable accessPolicyAuthorizable = authorizableLookup.getAccessPolicyAuthorizable(accessPolicyDTO.getId());
         final RevisionUpdate<AccessPolicyDTO> snapshot = updateComponent(revision,
                 accessPolicyAuthorizable,
@@ -532,16 +530,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
                 });
 
         final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(accessPolicyAuthorizable);
-        return new UpdateResult<>(entityFactory.createAccessPolicyEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy), false);
+        return entityFactory.createAccessPolicyEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy);
     }
 
     @Override
-    public UpdateResult<UserEntity> updateUser(final Revision revision, final UserDTO userDTO) {
-        // if user does not exist, then create new user
-        if (!userDAO.hasUser(userDTO.getId())) {
-            return new UpdateResult<>(createUser(revision, userDTO), false);
-        }
-
+    public UserEntity updateUser(final Revision revision, final UserDTO userDTO) {
         final Authorizable usersAuthorizable = authorizableLookup.getUsersAuthorizable();
         final RevisionUpdate<UserDTO> snapshot = updateComponent(revision,
                 usersAuthorizable,
@@ -549,16 +542,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
                 user -> dtoFactory.createUserDto(user, user.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet())));
 
         final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable);
-        return new UpdateResult<>(entityFactory.createUserEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy), false);
+        return entityFactory.createUserEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy);
     }
 
     @Override
-    public UpdateResult<UserGroupEntity> updateUserGroup(final Revision revision, final UserGroupDTO userGroupDTO) {
-        // if user group does not exist, then create new user group
-        if (!userGroupDAO.hasUserGroup(userGroupDTO.getId())) {
-            return new UpdateResult<>(createUserGroup(revision, userGroupDTO), false);
-        }
-
+    public UserGroupEntity updateUserGroup(final Revision revision, final UserGroupDTO userGroupDTO) {
         final Authorizable userGroupsAuthorizable = authorizableLookup.getUserGroupsAuthorizable();
         final RevisionUpdate<UserGroupDTO> snapshot = updateComponent(revision,
                 userGroupsAuthorizable,
@@ -566,16 +554,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
                 userGroup -> dtoFactory.createUserGroupDto(userGroup, userGroup.getUsers().stream().map(userId -> getUser(userId, true)).collect(Collectors.toSet())));
 
         final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable);
-        return new UpdateResult<>(entityFactory.createUserGroupEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy), false);
+        return entityFactory.createUserGroupEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy);
     }
 
     @Override
-    public UpdateResult<ConnectionEntity> updateConnection(final Revision revision, final ConnectionDTO connectionDTO) {
-        // if connection does not exist, then create new connection
-        if (connectionDAO.hasConnection(connectionDTO.getId()) == false) {
-            return new UpdateResult<>(createConnection(connectionDTO.getParentGroupId(), connectionDTO), true);
-        }
-
+    public ConnectionEntity updateConnection(final Revision revision, final ConnectionDTO connectionDTO) {
         final Connection connectionNode = connectionDAO.getConnection(connectionDTO.getId());
 
         final RevisionUpdate<ConnectionDTO> snapshot = updateComponent(
@@ -586,16 +569,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
         final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(connectionNode);
         final ConnectionStatusDTO status = dtoFactory.createConnectionStatusDto(controllerFacade.getConnectionStatus(connectionNode.getIdentifier()));
-        return new UpdateResult<>(entityFactory.createConnectionEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status), false);
+        return entityFactory.createConnectionEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status);
     }
 
     @Override
-    public UpdateResult<ProcessorEntity> updateProcessor(final Revision revision, final ProcessorDTO processorDTO) {
-        // if processor does not exist, then create new processor
-        if (processorDAO.hasProcessor(processorDTO.getId()) == false) {
-            return new UpdateResult<>(createProcessor(processorDTO.getParentGroupId(), processorDTO), true);
-        }
-
+    public ProcessorEntity updateProcessor(final Revision revision, final ProcessorDTO processorDTO) {
         // get the component, ensure we have access to it, and perform the update request
         final ProcessorNode processorNode = processorDAO.getProcessor(processorDTO.getId());
         final RevisionUpdate<ProcessorDTO> snapshot = updateComponent(revision,
@@ -606,16 +584,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
         final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(processorNode);
         final ProcessorStatusDTO status = dtoFactory.createProcessorStatusDto(controllerFacade.getProcessorStatus(processorNode.getIdentifier()));
         final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(processorNode.getIdentifier()));
-        return new UpdateResult<>(entityFactory.createProcessorEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status, bulletins), false);
+        return entityFactory.createProcessorEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status, bulletins);
     }
 
     @Override
-    public UpdateResult<LabelEntity> updateLabel(final Revision revision, final LabelDTO labelDTO) {
-        // if label does not exist, then create new label
-        if (labelDAO.hasLabel(labelDTO.getId()) == false) {
-            return new UpdateResult<>(createLabel(labelDTO.getParentGroupId(), labelDTO), false);
-        }
-
+    public LabelEntity updateLabel(final Revision revision, final LabelDTO labelDTO) {
         final Label labelNode = labelDAO.getLabel(labelDTO.getId());
         final RevisionUpdate<LabelDTO> snapshot = updateComponent(revision,
                 labelNode,
@@ -623,16 +596,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
                 label -> dtoFactory.createLabelDto(label));
 
         final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(labelNode);
-        return new UpdateResult<>(entityFactory.createLabelEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy), false);
+        return entityFactory.createLabelEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy);
     }
 
     @Override
-    public UpdateResult<FunnelEntity> updateFunnel(final Revision revision, final FunnelDTO funnelDTO) {
-        // if label does not exist, then create new label
-        if (funnelDAO.hasFunnel(funnelDTO.getId()) == false) {
-            return new UpdateResult<>(createFunnel(funnelDTO.getParentGroupId(), funnelDTO), true);
-        }
-
+    public FunnelEntity updateFunnel(final Revision revision, final FunnelDTO funnelDTO) {
         final Funnel funnelNode = funnelDAO.getFunnel(funnelDTO.getId());
         final RevisionUpdate<FunnelDTO> snapshot = updateComponent(revision,
                 funnelNode,
@@ -640,7 +608,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
                 funnel -> dtoFactory.createFunnelDto(funnel));
 
         final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(funnelNode);
-        return new UpdateResult<>(entityFactory.createFunnelEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy), false);
+        return entityFactory.createFunnelEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy);
     }
 
 
@@ -657,7 +625,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
      */
     private <D, C> RevisionUpdate<D> updateComponent(final Revision revision, final Authorizable authorizable, final Supplier<C> daoUpdate, final Function<C, D> dtoCreation) {
         final NiFiUser user = NiFiUserUtils.getNiFiUser();
-        final String userName = NiFiUserUtils.getNiFiUserName();
         try {
             final RevisionUpdate<D> updatedComponent = revisionManager.updateRevision(new StandardRevisionClaim(revision), user, new UpdateRevisionTask<D>() {
                 @Override
@@ -668,10 +635,10 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
                     // save updated controller
                     controllerFacade.save();
 
-                    final Revision updatedRevision = incrementRevision(revision);
                     final D dto = dtoCreation.apply(component);
 
-                    final FlowModification lastModification = new FlowModification(updatedRevision, userName);
+                    final Revision updatedRevision = revisionManager.getRevision(revision.getComponentId()).incrementRevision(revision.getClientId());
+                    final FlowModification lastModification = new FlowModification(updatedRevision, user.getUserName());
                     return new StandardRevisionUpdate<>(dto, lastModification);
                 }
             });
@@ -717,7 +684,10 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
                     controllerFacade.save();
 
                     // increment the revisions
-                    final Set<Revision> updatedRevisions = revisions.stream().map(revision -> incrementRevision(revision)).collect(Collectors.toSet());
+                    final Set<Revision> updatedRevisions = revisions.stream().map(revision -> {
+                        final Revision currentRevision = revisionManager.getRevision(revision.getComponentId());
+                        return currentRevision.incrementRevision(revision.getClientId());
+                    }).collect(Collectors.toSet());
 
                     final SnippetDTO dto = dtoFactory.createSnippetDto(snippet);
                     return new StandardRevisionUpdate<>(dto, null, updatedRevisions);
@@ -731,12 +701,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     }
 
     @Override
-    public UpdateResult<PortEntity> updateInputPort(final Revision revision, final PortDTO inputPortDTO) {
-        // if input port does not exist, then create new input port
-        if (inputPortDAO.hasPort(inputPortDTO.getId()) == false) {
-            return new UpdateResult<>(createInputPort(inputPortDTO.getParentGroupId(), inputPortDTO), true);
-        }
-
+    public PortEntity updateInputPort(final Revision revision, final PortDTO inputPortDTO) {
         final Port inputPortNode = inputPortDAO.getPort(inputPortDTO.getId());
         final RevisionUpdate<PortDTO> snapshot = updateComponent(revision,
                 inputPortNode,
@@ -746,16 +711,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
         final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(inputPortNode);
         final PortStatusDTO status = dtoFactory.createPortStatusDto(controllerFacade.getInputPortStatus(inputPortNode.getIdentifier()));
         final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(inputPortNode.getIdentifier()));
-        return new UpdateResult<>(entityFactory.createPortEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status, bulletins), false);
+        return entityFactory.createPortEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status, bulletins);
     }
 
     @Override
-    public UpdateResult<PortEntity> updateOutputPort(final Revision revision, final PortDTO outputPortDTO) {
-        // if output port does not exist, then create new output port
-        if (outputPortDAO.hasPort(outputPortDTO.getId()) == false) {
-            return new UpdateResult<>(createOutputPort(outputPortDTO.getParentGroupId(), outputPortDTO), true);
-        }
-
+    public PortEntity updateOutputPort(final Revision revision, final PortDTO outputPortDTO) {
         final Port outputPortNode = outputPortDAO.getPort(outputPortDTO.getId());
         final RevisionUpdate<PortDTO> snapshot = updateComponent(revision,
                 outputPortNode,
@@ -765,16 +725,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
         final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(outputPortNode);
         final PortStatusDTO status = dtoFactory.createPortStatusDto(controllerFacade.getOutputPortStatus(outputPortNode.getIdentifier()));
         final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(outputPortNode.getIdentifier()));
-        return new UpdateResult<>(entityFactory.createPortEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status, bulletins), false);
+        return entityFactory.createPortEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, status, bulletins);
     }
 
     @Override
-    public UpdateResult<RemoteProcessGroupEntity> updateRemoteProcessGroup(final Revision revision, final RemoteProcessGroupDTO remoteProcessGroupDTO) {
-        // if controller reference does not exist, then create new controller reference
-        if (remoteProcessGroupDAO.hasRemoteProcessGroup(remoteProcessGroupDTO.getId()) == false) {
-            return new UpdateResult<>(createRemoteProcessGroup(remoteProcessGroupDTO.getParentGroupId(), remoteProcessGroupDTO), true);
-        }
-
+    public RemoteProcessGroupEntity updateRemoteProcessGroup(final Revision revision, final RemoteProcessGroupDTO remoteProcessGroupDTO) {
         final RemoteProcessGroup remoteProcessGroupNode = remoteProcessGroupDAO.getRemoteProcessGroup(remoteProcessGroupDTO.getId());
         final RevisionUpdate<RemoteProcessGroupDTO> snapshot = updateComponent(
                 revision,
@@ -786,7 +741,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
         final RevisionDTO updateRevision = dtoFactory.createRevisionDTO(snapshot.getLastModification());
         final RemoteProcessGroupStatusDTO status = dtoFactory.createRemoteProcessGroupStatusDto(controllerFacade.getRemoteProcessGroupStatus(remoteProcessGroupNode.getIdentifier()));
         final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(remoteProcessGroupNode.getIdentifier()));
-        return new UpdateResult<>(entityFactory.createRemoteProcessGroupEntity(snapshot.getComponent(), updateRevision, accessPolicy, status, bulletins), false);
+        return entityFactory.createRemoteProcessGroupEntity(snapshot.getComponent(), updateRevision, accessPolicy, status, bulletins);
     }
 
     @Override
@@ -822,16 +777,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     }
 
     @Override
-    public UpdateResult<ProcessGroupEntity> updateProcessGroup(final Revision revision, final ProcessGroupDTO processGroupDTO) {
-        // if process group does not exist, then create new process group
-        if (processGroupDAO.hasProcessGroup(processGroupDTO.getId()) == false) {
-            if (processGroupDTO.getParentGroupId() == null) {
-                throw new IllegalArgumentException("Unable to create the specified process group since the parent group was not specified.");
-            } else {
-                return new UpdateResult<>(createProcessGroup(processGroupDTO.getParentGroupId(), processGroupDTO), true);
-            }
-        }
-
+    public ProcessGroupEntity updateProcessGroup(final Revision revision, final ProcessGroupDTO processGroupDTO) {
         final ProcessGroup processGroupNode = processGroupDAO.getProcessGroup(processGroupDTO.getId());
         final RevisionUpdate<ProcessGroupDTO> snapshot = updateComponent(revision,
                 processGroupNode,
@@ -842,7 +788,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
         final RevisionDTO updatedRevision = dtoFactory.createRevisionDTO(snapshot.getLastModification());
         final ProcessGroupStatusDTO status = dtoFactory.createConciseProcessGroupStatusDto(controllerFacade.getProcessGroupStatus(processGroupNode.getIdentifier()));
         final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(processGroupNode.getIdentifier()));
-        return new UpdateResult<>(entityFactory.createProcessGroupEntity(snapshot.getComponent(), updatedRevision, accessPolicy, status, bulletins), false);
+        return entityFactory.createProcessGroupEntity(snapshot.getComponent(), updatedRevision, accessPolicy, status, bulletins);
     }
 
     @Override
@@ -859,8 +805,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
                         final Map<String, Revision> updatedRevisions = new HashMap<>();
                         for (final Revision revision : componentRevisions.values()) {
                             final Revision currentRevision = revisionManager.getRevision(revision.getComponentId());
-                            final Revision updatedRevision = incrementRevision(currentRevision);
-                            updatedRevisions.put(revision.getComponentId(), updatedRevision);
+                            updatedRevisions.put(revision.getComponentId(), currentRevision.incrementRevision(revision.getClientId()));
                         }
 
                         // gather details for response
@@ -887,9 +832,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
                         controllerFacade.setMaxEventDrivenThreadCount(controllerConfigurationDTO.getMaxEventDrivenThreadCount());
                     }
 
-                    return controllerConfigurationDTO;
-                },
-                controller -> dtoFactory.createControllerConfigurationDto(controllerFacade, properties.getAutoRefreshInterval()));
+                return controllerConfigurationDTO;
+            },
+            controller -> dtoFactory.createControllerConfigurationDto(controllerFacade));
 
         final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(controllerFacade);
         final RevisionDTO updateRevision = dtoFactory.createRevisionDTO(updatedComponent.getLastModification());
@@ -991,17 +936,12 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
     @Override
     public DropRequestDTO deleteFlowFileDropRequest(final String connectionId, final String dropRequestId) {
-        final Connection connection = connectionDAO.getConnection(connectionId);
-        connection.authorize(authorizer, RequestAction.WRITE);
-
         return dtoFactory.createDropRequestDTO(connectionDAO.deleteFlowFileDropRequest(connectionId, dropRequestId));
     }
 
     @Override
     public ListingRequestDTO deleteFlowFileListingRequest(final String connectionId, final String listingRequestId) {
         final Connection connection = connectionDAO.getConnection(connectionId);
-        connection.authorize(authorizer, RequestAction.WRITE);
-
         final ListingRequestDTO listRequest = dtoFactory.createListingRequestDTO(connectionDAO.deleteFlowFileListingRequest(connectionId, listingRequestId));
 
         // include whether the source and destination are running
@@ -1211,8 +1151,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     }
 
     @Override
-    public ConnectionEntity createConnection(final String groupId, final ConnectionDTO connectionDTO) {
+    public ConnectionEntity createConnection(final Revision revision, final String groupId, final ConnectionDTO connectionDTO) {
         final RevisionUpdate<ConnectionDTO> snapshot = createComponent(
+                revision,
                 connectionDTO,
                 () -> connectionDAO.createConnection(groupId, connectionDTO),
                 connection -> dtoFactory.createConnectionDto(connection));
@@ -1225,17 +1166,12 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
     @Override
     public DropRequestDTO createFlowFileDropRequest(final String connectionId, final String dropRequestId) {
-        final Connection connection = connectionDAO.getConnection(connectionId);
-        connection.authorize(authorizer, RequestAction.WRITE);
         return dtoFactory.createDropRequestDTO(connectionDAO.createFlowFileDropRequest(connectionId, dropRequestId));
     }
 
     @Override
     public ListingRequestDTO createFlowFileListingRequest(final String connectionId, final String listingRequestId) {
         final Connection connection = connectionDAO.getConnection(connectionId);
-        connection.authorize(authorizer, RequestAction.WRITE);
-
-        // create the listing request
         final ListingRequestDTO listRequest = dtoFactory.createListingRequestDTO(connectionDAO.createFlowFileListingRequest(connectionId, listingRequestId));
 
         // include whether the source and destination are running
@@ -1250,8 +1186,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     }
 
     @Override
-    public ProcessorEntity createProcessor(final String groupId, final ProcessorDTO processorDTO) {
+    public ProcessorEntity createProcessor(final Revision revision, final String groupId, final ProcessorDTO processorDTO) {
         final RevisionUpdate<ProcessorDTO> snapshot = createComponent(
+                revision,
                 processorDTO,
                 () -> processorDAO.createProcessor(groupId, processorDTO),
                 processor -> dtoFactory.createProcessorDto(processor));
@@ -1264,8 +1201,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     }
 
     @Override
-    public LabelEntity createLabel(final String groupId, final LabelDTO labelDTO) {
+    public LabelEntity createLabel(final Revision revision, final String groupId, final LabelDTO labelDTO) {
         final RevisionUpdate<LabelDTO> snapshot = createComponent(
+                revision,
                 labelDTO,
                 () -> labelDAO.createLabel(groupId, labelDTO),
                 label -> dtoFactory.createLabelDto(label));
@@ -1285,32 +1223,39 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
      * @param <C>          the NiFi Component Type
      * @return a RevisionUpdate that represents the updated configuration
      */
-    private <D, C> RevisionUpdate<D> createComponent(final ComponentDTO componentDto, final Supplier<C> daoCreation, final Function<C, D> dtoCreation) {
-        final String modifier = NiFiUserUtils.getNiFiUserName();
-
-        // ensure id is set
-        if (StringUtils.isBlank(componentDto.getId())) {
-            componentDto.setId(UUID.randomUUID().toString());
-        }
-
+    private <D, C> RevisionUpdate<D> createComponent(final Revision revision, final ComponentDTO componentDto, final Supplier<C> daoCreation, final Function<C, D> dtoCreation) {
+        final NiFiUser user = NiFiUserUtils.getNiFiUser();
         final String groupId = componentDto.getParentGroupId();
+
+        // read lock on the containing group
         return revisionManager.get(groupId, rev -> {
-            // add the component
-            final C component = daoCreation.get();
+            // request claim for component to be created... revision already verified (version == 0)
+            final RevisionClaim claim = revisionManager.requestClaim(revision, user);
+            try {
+                // update revision through revision manager
+                return revisionManager.updateRevision(claim, user, () -> {
+                    // add the component
+                    final C component = daoCreation.get();
 
-            // save the flow
-            controllerFacade.save();
+                    // save the flow
+                    controllerFacade.save();
 
-            final D dto = dtoCreation.apply(component);
-            final FlowModification lastMod = new FlowModification(new Revision(0L, rev.getClientId(), componentDto.getId()), modifier);
-            return new StandardRevisionUpdate<D>(dto, lastMod);
+                    final D dto = dtoCreation.apply(component);
+                    final FlowModification lastMod = new FlowModification(revision.incrementRevision(revision.getClientId()), user.getUserName());
+                    return new StandardRevisionUpdate<D>(dto, lastMod);
+                });
+            } finally {
+                // cancel in case of exception... noop if successful
+                revisionManager.cancelClaim(revision.getComponentId());
+            }
         });
     }
 
 
     @Override
-    public FunnelEntity createFunnel(final String groupId, final FunnelDTO funnelDTO) {
+    public FunnelEntity createFunnel(final Revision revision, final String groupId, final FunnelDTO funnelDTO) {
         final RevisionUpdate<FunnelDTO> snapshot = createComponent(
+                revision,
                 funnelDTO,
                 () -> funnelDAO.createFunnel(groupId, funnelDTO),
                 funnel -> dtoFactory.createFunnelDto(funnel));
@@ -1323,9 +1268,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     @Override
     public AccessPolicyEntity createAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) {
         final String creator = NiFiUserUtils.getNiFiUserName();
-        if (revision.getVersion() != 0) {
-            throw new IllegalArgumentException("The revision must start at 0.");
-        }
         final AccessPolicy newAccessPolicy = accessPolicyDAO.createAccessPolicy(accessPolicyDTO);
         final AccessPolicyDTO newAccessPolicyDto = dtoFactory.createAccessPolicyDto(newAccessPolicy,
                 newAccessPolicy.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()),
@@ -1338,9 +1280,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     @Override
     public UserEntity createUser(final Revision revision, final UserDTO userDTO) {
         final String creator = NiFiUserUtils.getNiFiUserName();
-        if (revision.getVersion() != 0) {
-            throw new IllegalArgumentException("The revision must start at 0.");
-        }
         final User newUser = userDAO.createUser(userDTO);
         final UserDTO newUserDto = dtoFactory.createUserDto(newUser, newUser.getGroups().stream().map(userGroupId -> getUserGroup(userGroupId, true)).collect(Collectors.toSet()));
 
@@ -1458,8 +1397,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     }
 
     @Override
-    public PortEntity createInputPort(final String groupId, final PortDTO inputPortDTO) {
+    public PortEntity createInputPort(final Revision revision, final String groupId, final PortDTO inputPortDTO) {
         final RevisionUpdate<PortDTO> snapshot = createComponent(
+                revision,
                 inputPortDTO,
                 () -> inputPortDAO.createPort(groupId, inputPortDTO),
                 port -> dtoFactory.createPortDto(port));
@@ -1472,8 +1412,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     }
 
     @Override
-    public PortEntity createOutputPort(final String groupId, final PortDTO outputPortDTO) {
+    public PortEntity createOutputPort(final Revision revision, final String groupId, final PortDTO outputPortDTO) {
         final RevisionUpdate<PortDTO> snapshot = createComponent(
+                revision,
                 outputPortDTO,
                 () -> outputPortDAO.createPort(groupId, outputPortDTO),
                 port -> dtoFactory.createPortDto(port));
@@ -1486,8 +1427,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     }
 
     @Override
-    public ProcessGroupEntity createProcessGroup(final String parentGroupId, final ProcessGroupDTO processGroupDTO) {
+    public ProcessGroupEntity createProcessGroup(final Revision revision, final String parentGroupId, final ProcessGroupDTO processGroupDTO) {
         final RevisionUpdate<ProcessGroupDTO> snapshot = createComponent(
+                revision,
                 processGroupDTO,
                 () -> processGroupDAO.createProcessGroup(parentGroupId, processGroupDTO),
                 processGroup -> dtoFactory.createProcessGroupDto(processGroup));
@@ -1500,8 +1442,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     }
 
     @Override
-    public RemoteProcessGroupEntity createRemoteProcessGroup(final String groupId, final RemoteProcessGroupDTO remoteProcessGroupDTO) {
+    public RemoteProcessGroupEntity createRemoteProcessGroup(final Revision revision, final String groupId, final RemoteProcessGroupDTO remoteProcessGroupDTO) {
         final RevisionUpdate<RemoteProcessGroupDTO> snapshot = createComponent(
+                revision,
                 remoteProcessGroupDTO,
                 () -> remoteProcessGroupDAO.createRemoteProcessGroup(groupId, remoteProcessGroupDTO),
                 remoteProcessGroup -> dtoFactory.createRemoteProcessGroupDto(remoteProcessGroup));
@@ -1639,49 +1582,60 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     }
 
     @Override
-    public ControllerServiceEntity createControllerService(final String groupId, final ControllerServiceDTO controllerServiceDTO) {
+    public ControllerServiceEntity createControllerService(final Revision revision, final String groupId, final ControllerServiceDTO controllerServiceDTO) {
         controllerServiceDTO.setParentGroupId(groupId);
 
-        final String modifier = NiFiUserUtils.getNiFiUserName();
+        final NiFiUser user = NiFiUserUtils.getNiFiUser();
 
-        // ensure id is set
-        if (StringUtils.isBlank(controllerServiceDTO.getId())) {
-            controllerServiceDTO.setId(UUID.randomUUID().toString());
-        }
+        // request claim for component to be created... revision already verified (version == 0)
+        final RevisionClaim claim = revisionManager.requestClaim(revision, user);
 
-        final ControllerServiceDTO updatedService;
+        final RevisionUpdate<ControllerServiceDTO> snapshot;
         if (groupId == null) {
-            // Unfortunately, we can not use the createComponent() method here because createComponent() wants to obtain the read lock
-            // on the group. The Controller Service may or may not have a Process Group (it won't if it's controller-scoped).
-            final ControllerServiceNode controllerService = controllerServiceDAO.createControllerService(controllerServiceDTO);
-            updatedService = dtoFactory.createControllerServiceDto(controllerService);
-            controllerFacade.save();
-        } else {
-            updatedService = revisionManager.get(groupId, new ReadOnlyRevisionCallback<ControllerServiceDTO>() {
-                @Override
-                public ControllerServiceDTO withRevision(final Revision groupRevision) {
+            try {
+                // update revision through revision manager
+                snapshot = revisionManager.updateRevision(claim, user, () -> {
+                    // Unfortunately, we can not use the createComponent() method here because createComponent() wants to obtain the read lock
+                    // on the group. The Controller Service may or may not have a Process Group (it won't if it's controller-scoped).
                     final ControllerServiceNode controllerService = controllerServiceDAO.createControllerService(controllerServiceDTO);
+                    final ControllerServiceDTO dto = dtoFactory.createControllerServiceDto(controllerService);
+
                     controllerFacade.save();
-                    return dtoFactory.createControllerServiceDto(controllerService);
+
+                    final FlowModification lastMod = new FlowModification(revision.incrementRevision(revision.getClientId()), user.getUserName());
+                    return new StandardRevisionUpdate<ControllerServiceDTO>(dto, lastMod);
+                });
+            } finally {
+                // cancel in case of exception... noop if successful
+                revisionManager.cancelClaim(revision.getComponentId());
+            }
+        } else {
+            snapshot = revisionManager.get(groupId, groupRevision -> {
+                try {
+                    return revisionManager.updateRevision(claim, user, () -> {
+                        final ControllerServiceNode controllerService = controllerServiceDAO.createControllerService(controllerServiceDTO);
+                        final ControllerServiceDTO dto = dtoFactory.createControllerServiceDto(controllerService);
+
+                        controllerFacade.save();
+
+                        final FlowModification lastMod = new FlowModification(revision.incrementRevision(revision.getClientId()), user.getUserName());
+                        return new StandardRevisionUpdate<ControllerServiceDTO>(dto, lastMod);
+                    });
+                } finally {
+                    // cancel in case of exception... noop if successful
+                    revisionManager.cancelClaim(revision.getComponentId());
                 }
             });
         }
 
-        final FlowModification lastMod = new FlowModification(new Revision(0L, null, controllerServiceDTO.getId()), modifier);
-
         final ControllerServiceNode controllerService = controllerServiceDAO.getControllerService(controllerServiceDTO.getId());
         final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(controllerService);
         final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(controllerServiceDTO.getId()));
-        return entityFactory.createControllerServiceEntity(updatedService, dtoFactory.createRevisionDTO(lastMod), accessPolicy, bulletins);
+        return entityFactory.createControllerServiceEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, bulletins);
     }
 
     @Override
-    public UpdateResult<ControllerServiceEntity> updateControllerService(final Revision revision, final ControllerServiceDTO controllerServiceDTO) {
-        // if controller service does not exist, then create new controller service
-        if (controllerServiceDAO.hasControllerService(controllerServiceDTO.getId()) == false) {
-            return new UpdateResult<>(createControllerService(controllerServiceDTO.getParentGroupId(), controllerServiceDTO), true);
-        }
-
+    public ControllerServiceEntity updateControllerService(final Revision revision, final ControllerServiceDTO controllerServiceDTO) {
         // get the component, ensure we have access to it, and perform the update request
         final ControllerServiceNode controllerService = controllerServiceDAO.getControllerService(controllerServiceDTO.getId());
         final RevisionUpdate<ControllerServiceDTO> snapshot = updateComponent(revision,
@@ -1691,7 +1645,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
         final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(controllerService);
         final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(controllerServiceDTO.getId()));
-        return new UpdateResult<>(entityFactory.createControllerServiceEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, bulletins), false);
+        return entityFactory.createControllerServiceEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, bulletins);
     }
 
     @Override
@@ -1705,27 +1659,14 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
                 new UpdateRevisionTask<ControllerServiceReferencingComponentsEntity>() {
                     @Override
                     public RevisionUpdate<ControllerServiceReferencingComponentsEntity> update() {
-                        final ControllerServiceNode controllerService = controllerServiceDAO.getControllerService(controllerServiceId);
-                        final ControllerServiceReference reference = controllerService.getReferences();
-                        for (final ConfiguredComponent component : reference.getReferencingComponents()) {
-                            if (component instanceof Authorizable) {
-                                // ensure we can write the referencing components
-                                ((Authorizable) component).authorize(authorizer, RequestAction.WRITE);
-                            }
-                        }
-
                         final Set<ConfiguredComponent> updated = controllerServiceDAO.updateControllerServiceReferencingComponents(controllerServiceId, scheduledState, controllerServiceState);
                         final ControllerServiceReference updatedReference = controllerServiceDAO.getControllerService(controllerServiceId).getReferences();
 
                         final Map<String, Revision> updatedRevisions = new HashMap<>();
-                        for (final Revision refRevision : referenceRevisions.values()) {
-                            updatedRevisions.put(refRevision.getComponentId(), refRevision);
-                        }
-
                         for (final ConfiguredComponent component : updated) {
                             final Revision currentRevision = revisionManager.getRevision(component.getIdentifier());
-                            final Revision updatedRevision = incrementRevision(currentRevision);
-                            updatedRevisions.put(component.getIdentifier(), updatedRevision);
+                            final Revision requestRevision = referenceRevisions.get(component.getIdentifier());
+                            updatedRevisions.put(component.getIdentifier(), currentRevision.incrementRevision(requestRevision.getClientId()));
                         }
 
                         final ControllerServiceReferencingComponentsEntity entity = createControllerServiceReferencingComponentsEntity(updatedReference, updatedRevisions);
@@ -1858,39 +1799,37 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
 
     @Override
-    public ReportingTaskEntity createReportingTask(final ReportingTaskDTO reportingTaskDTO) {
-        final String modifier = NiFiUserUtils.getNiFiUserName();
+    public ReportingTaskEntity createReportingTask(final Revision revision, final ReportingTaskDTO reportingTaskDTO) {
+        final NiFiUser user = NiFiUserUtils.getNiFiUser();
 
-        // ensure id is set
-        if (StringUtils.isBlank(reportingTaskDTO.getId())) {
-            reportingTaskDTO.setId(UUID.randomUUID().toString());
-        }
+        // request claim for component to be created... revision already verified (version == 0)
+        final RevisionClaim claim = revisionManager.requestClaim(revision, user);
+        try {
+            // update revision through revision manager
+            final RevisionUpdate<ReportingTaskDTO> snapshot = revisionManager.updateRevision(claim, user, () -> {
+                // create the reporting task
+                final ReportingTaskNode reportingTask = reportingTaskDAO.createReportingTask(reportingTaskDTO);
 
-        return revisionManager.get(controllerFacade.getInstanceId(), rev -> {
-            // ensure access to the controller
-            controllerFacade.authorize(authorizer, RequestAction.WRITE);
+                // save the update
+                controllerFacade.save();
 
-            // create the reporting task
-            final ReportingTaskNode reportingTask = reportingTaskDAO.createReportingTask(reportingTaskDTO);
+                final ReportingTaskDTO dto = dtoFactory.createReportingTaskDto(reportingTask);
+                final FlowModification lastMod = new FlowModification(revision.incrementRevision(revision.getClientId()), user.getUserName());
+                return new StandardRevisionUpdate<ReportingTaskDTO>(dto, lastMod);
+            });
 
-            // save the update
-            controllerFacade.save();
-
-            final ReportingTaskDTO dto = dtoFactory.createReportingTaskDto(reportingTask);
-            final FlowModification lastMod = new FlowModification(new Revision(0L, rev.getClientId(), dto.getId()), modifier);
+            final ReportingTaskNode reportingTask = reportingTaskDAO.getReportingTask(reportingTaskDTO.getId());
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(reportingTask);
             final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(reportingTask.getIdentifier()));
-            return entityFactory.createReportingTaskEntity(dto, dtoFactory.createRevisionDTO(lastMod), accessPolicy, bulletins);
-        });
+            return entityFactory.createReportingTaskEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, bulletins);
+        } finally {
+            // cancel in case of exception... noop if successful
+            revisionManager.cancelClaim(revision.getComponentId());
+        }
     }
 
     @Override
-    public UpdateResult<ReportingTaskEntity> updateReportingTask(final Revision revision, final ReportingTaskDTO reportingTaskDTO) {
-        // if reporting task does not exist, then create new reporting task
-        if (reportingTaskDAO.hasReportingTask(reportingTaskDTO.getId()) == false) {
-            return new UpdateResult<>(createReportingTask(reportingTaskDTO), true);
-        }
-
+    public ReportingTaskEntity updateReportingTask(final Revision revision, final ReportingTaskDTO reportingTaskDTO) {
         // get the component, ensure we have access to it, and perform the update request
         final ReportingTaskNode reportingTask = reportingTaskDAO.getReportingTask(reportingTaskDTO.getId());
         final RevisionUpdate<ReportingTaskDTO> snapshot = updateComponent(revision,
@@ -1900,7 +1839,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
         final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(reportingTask);
         final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(reportingTask.getIdentifier()));
-        return new UpdateResult<>(entityFactory.createReportingTaskEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, bulletins), false);
+        return entityFactory.createReportingTaskEntity(snapshot.getComponent(), dtoFactory.createRevisionDTO(snapshot.getLastModification()), accessPolicy, bulletins);
     }
 
     @Override
@@ -2079,9 +2018,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     @Override
     public Set<ConnectionEntity> getConnections(final String groupId) {
         return revisionManager.get(groupId, rev -> {
-            final ProcessGroup group = processGroupDAO.getProcessGroup(groupId);
-            group.authorize(authorizer, RequestAction.READ);
-
             final Set<Connection> connections = connectionDAO.getConnections(groupId);
             final Set<String> connectionIds = connections.stream().map(connection -> connection.getIdentifier()).collect(Collectors.toSet());
             return revisionManager.get(connectionIds, () -> {
@@ -2101,8 +2037,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     public ConnectionEntity getConnection(final String connectionId) {
         return revisionManager.get(connectionId, rev -> {
             final Connection connection = connectionDAO.getConnection(connectionId);
-            connection.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(connection);
             final ConnectionStatusDTO status = dtoFactory.createConnectionStatusDto(controllerFacade.getConnectionStatus(connectionId));
@@ -2112,16 +2046,12 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
     @Override
     public DropRequestDTO getFlowFileDropRequest(final String connectionId, final String dropRequestId) {
-        final Connection connection = connectionDAO.getConnection(connectionId);
-        connection.authorize(authorizer, RequestAction.WRITE);
         return dtoFactory.createDropRequestDTO(connectionDAO.getFlowFileDropRequest(connectionId, dropRequestId));
     }
 
     @Override
     public ListingRequestDTO getFlowFileListingRequest(final String connectionId, final String listingRequestId) {
         final Connection connection = connectionDAO.getConnection(connectionId);
-        connection.authorize(authorizer, RequestAction.WRITE);
-
         final ListingRequestDTO listRequest = dtoFactory.createListingRequestDTO(connectionDAO.getFlowFileListingRequest(connectionId, listingRequestId));
 
         // include whether the source and destination are running
@@ -2152,9 +2082,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
     @Override
     public Set<ProcessorEntity> getProcessors(final String groupId) {
-        final ProcessGroup group = processGroupDAO.getProcessGroup(groupId);
-        group.authorize(authorizer, RequestAction.READ);
-
         final Set<ProcessorNode> processors = processorDAO.getProcessors(groupId);
         final Set<String> ids = processors.stream().map(proc -> proc.getIdentifier()).collect(Collectors.toSet());
         return revisionManager.get(ids, () -> {
@@ -2219,8 +2146,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     public ProcessorEntity getProcessor(final String id) {
         return revisionManager.get(id, rev -> {
             final ProcessorNode processor = processorDAO.getProcessor(id);
-            processor.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final ProcessorStatusDTO status = dtoFactory.createProcessorStatusDto(controllerFacade.getProcessorStatus(id));
             final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(id));
@@ -2396,19 +2321,25 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     @Override
     public ControllerConfigurationEntity getControllerConfiguration() {
         return revisionManager.get(FlowController.class.getSimpleName(), rev -> {
-            final ControllerConfigurationDTO dto = dtoFactory.createControllerConfigurationDto(controllerFacade, properties.getAutoRefreshInterval());
+            final ControllerConfigurationDTO dto = dtoFactory.createControllerConfigurationDto(controllerFacade);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(controllerFacade);
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             return entityFactory.createControllerConfigurationEntity(dto, revision, accessPolicy);
         });
     }
 
+    @Override
+    public FlowConfigurationEntity getFlowConfiguration() {
+        final FlowConfigurationDTO dto = dtoFactory.createFlowConfigurationDto(properties.getAutoRefreshInterval());
+        final FlowConfigurationEntity entity = new FlowConfigurationEntity();
+        entity.setFlowConfiguration(dto);
+        return entity;
+    }
+
     @Override
     public AccessPolicyEntity getAccessPolicy(final String accessPolicyId) {
         return revisionManager.get(accessPolicyId, rev -> {
             final Authorizable accessPolicyAuthorizable = authorizableLookup.getAccessPolicyAuthorizable(accessPolicyId);
-            accessPolicyAuthorizable.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(accessPolicyAuthorizable);
             final AccessPolicy requestedAccessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyId);
@@ -2424,8 +2355,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     public UserEntity getUser(final String userId, final boolean prune) {
         return revisionManager.get(userId, rev -> {
             final Authorizable usersAuthorizable = authorizableLookup.getUsersAuthorizable();
-            usersAuthorizable.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable);
             final User user = userDAO.getUser(userId);
@@ -2439,8 +2368,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     private UserEntity getUserPruned(final String userId) {
         return revisionManager.get(userId, rev -> {
             final Authorizable usersAuthorizable = authorizableLookup.getUsersAuthorizable();
-            usersAuthorizable.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(usersAuthorizable);
             final User user = userDAO.getUser(userId);
@@ -2452,8 +2379,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     public UserGroupEntity getUserGroup(final String userGroupId, final boolean prune) {
         return revisionManager.get(userGroupId, rev -> {
             final Authorizable userGroupsAuthorizable = authorizableLookup.getUserGroupsAuthorizable();
-            userGroupsAuthorizable.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable);
             final Group userGroup = userGroupDAO.getUserGroup(userGroupId);
@@ -2466,8 +2391,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     private UserGroupEntity getUserGroupPruned(final String userGroupId) {
         return revisionManager.get(userGroupId, rev -> {
             final Authorizable userGroupsAuthorizable = authorizableLookup.getUserGroupsAuthorizable();
-            userGroupsAuthorizable.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(userGroupsAuthorizable);
             final Group userGroup = userGroupDAO.getUserGroup(userGroupId);
@@ -2477,9 +2400,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
     @Override
     public Set<LabelEntity> getLabels(final String groupId) {
-        final ProcessGroup group = processGroupDAO.getProcessGroup(groupId);
-        group.authorize(authorizer, RequestAction.READ);
-
         final Set<Label> labels = labelDAO.getLabels(groupId);
         final Set<String> ids = labels.stream().map(label -> label.getIdentifier()).collect(Collectors.toSet());
         return revisionManager.get(ids, () -> {
@@ -2497,8 +2417,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     public LabelEntity getLabel(final String labelId) {
         return revisionManager.get(labelId, rev -> {
             final Label label = labelDAO.getLabel(labelId);
-            label.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(label);
             return entityFactory.createLabelEntity(dtoFactory.createLabelDto(label), revision, accessPolicy);
@@ -2507,9 +2425,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
     @Override
     public Set<FunnelEntity> getFunnels(final String groupId) {
-        final ProcessGroup group = processGroupDAO.getProcessGroup(groupId);
-        group.authorize(authorizer, RequestAction.READ);
-
         final Set<Funnel> funnels = funnelDAO.getFunnels(groupId);
         final Set<String> funnelIds = funnels.stream().map(funnel -> funnel.getIdentifier()).collect(Collectors.toSet());
         return revisionManager.get(funnelIds, () -> {
@@ -2527,8 +2442,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     public FunnelEntity getFunnel(final String funnelId) {
         return revisionManager.get(funnelId, rev -> {
             final Funnel funnel = funnelDAO.getFunnel(funnelId);
-            funnel.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(funnel);
             return entityFactory.createFunnelEntity(dtoFactory.createFunnelDto(funnel), revision, accessPolicy);
@@ -2537,9 +2450,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
     @Override
     public Set<PortEntity> getInputPorts(final String groupId) {
-        final ProcessGroup group = processGroupDAO.getProcessGroup(groupId);
-        group.authorize(authorizer, RequestAction.READ);
-
         final Set<Port> inputPorts = inputPortDAO.getPorts(groupId);
         final Set<String> portIds = inputPorts.stream().map(port -> port.getIdentifier()).collect(Collectors.toSet());
         return revisionManager.get(portIds, () -> {
@@ -2557,9 +2467,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
     @Override
     public Set<PortEntity> getOutputPorts(final String groupId) {
-        final ProcessGroup group = processGroupDAO.getProcessGroup(groupId);
-        group.authorize(authorizer, RequestAction.READ);
-
         final Set<Port> ports = outputPortDAO.getPorts(groupId);
         final Set<String> ids = ports.stream().map(port -> port.getIdentifier()).collect(Collectors.toSet());
 
@@ -2578,9 +2485,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
     @Override
     public Set<ProcessGroupEntity> getProcessGroups(final String parentGroupId) {
-        final ProcessGroup parentGroup = processGroupDAO.getProcessGroup(parentGroupId);
-        parentGroup.authorize(authorizer, RequestAction.READ);
-
         final Set<ProcessGroup> groups = processGroupDAO.getProcessGroups(parentGroupId);
         final Set<String> ids = groups.stream().map(group -> group.getIdentifier()).collect(Collectors.toSet());
         return revisionManager.get(ids, () -> {
@@ -2598,12 +2502,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
 
     @Override
     public Set<RemoteProcessGroupEntity> getRemoteProcessGroups(final String groupId) {
-        final ProcessGroup group = processGroupDAO.getProcessGroup(groupId);
-        group.authorize(authorizer, RequestAction.READ);
-
         final Set<RemoteProcessGroup> rpgs = remoteProcessGroupDAO.getRemoteProcessGroups(groupId);
         final Set<String> ids = rpgs.stream().map(rpg -> rpg.getIdentifier()).collect(Collectors.toSet());
-
         return revisionManager.get(ids, () -> {
             return rpgs.stream()
                     .map(rpg -> {
@@ -2621,8 +2521,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     public PortEntity getInputPort(final String inputPortId) {
         return revisionManager.get(inputPortId, rev -> {
             final Port port = inputPortDAO.getPort(inputPortId);
-            port.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(port);
             final PortStatusDTO status = dtoFactory.createPortStatusDto(controllerFacade.getInputPortStatus(inputPortId));
@@ -2640,8 +2538,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     public PortEntity getOutputPort(final String outputPortId) {
         return revisionManager.get(outputPortId, rev -> {
             final Port port = outputPortDAO.getPort(outputPortId);
-            port.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(port);
             final PortStatusDTO status = dtoFactory.createPortStatusDto(controllerFacade.getOutputPortStatus(outputPortId));
@@ -2659,8 +2555,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     public RemoteProcessGroupEntity getRemoteProcessGroup(final String remoteProcessGroupId) {
         return revisionManager.get(remoteProcessGroupId, rev -> {
             final RemoteProcessGroup rpg = remoteProcessGroupDAO.getRemoteProcessGroup(remoteProcessGroupId);
-            rpg.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(rpg);
             final RemoteProcessGroupStatusDTO status = dtoFactory.createRemoteProcessGroupStatusDto(controllerFacade.getRemoteProcessGroupStatus(rpg.getIdentifier()));
@@ -2727,8 +2621,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     public ProcessGroupEntity getProcessGroup(final String groupId) {
         return revisionManager.get(groupId, rev -> {
             final ProcessGroup processGroup = processGroupDAO.getProcessGroup(groupId);
-            processGroup.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(processGroup);
             final ProcessGroupStatusDTO status = dtoFactory.createConciseProcessGroupStatusDto(controllerFacade.getProcessGroupStatus(groupId));
@@ -2764,8 +2656,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     public ControllerServiceEntity getControllerService(final String controllerServiceId) {
         return revisionManager.get(controllerServiceId, rev -> {
             final ControllerServiceNode controllerService = controllerServiceDAO.getControllerService(controllerServiceId);
-            controllerService.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(controllerService);
             final ControllerServiceDTO dto = dtoFactory.createControllerServiceDto(controllerService);
@@ -2826,8 +2716,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
     public ReportingTaskEntity getReportingTask(final String reportingTaskId) {
         return revisionManager.get(reportingTaskId, rev -> {
             final ReportingTaskNode reportingTask = reportingTaskDAO.getReportingTask(reportingTaskId);
-            reportingTask.authorize(authorizer, RequestAction.READ);
-
             final RevisionDTO revision = dtoFactory.createRevisionDTO(rev);
             final AccessPolicyDTO accessPolicy = dtoFactory.createAccessPolicyDto(reportingTask);
             final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForSource(reportingTaskId));
@@ -2853,6 +2741,56 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
         return controllerFacade.getProcessGroupStatusHistory(groupId);
     }
 
+    private boolean authorizeAction(final Action action) {
+        final String sourceId = action.getSourceId();
+        final Component type = action.getSourceType();
+
+        final Authorizable authorizable;
+        try {
+            switch (type) {
+                case Processor:
+                    authorizable = authorizableLookup.getProcessor(sourceId);
+                    break;
+                case ReportingTask:
+                    authorizable = authorizableLookup.getReportingTask(sourceId);
+                    break;
+                case ControllerService:
+                    authorizable = authorizableLookup.getControllerService(sourceId);
+                    break;
+                case Controller:
+                    authorizable = controllerFacade;
+                    break;
+                case InputPort:
+                    authorizable = authorizableLookup.getInputPort(sourceId);
+                    break;
+                case OutputPort:
+                    authorizable = authorizableLookup.getOutputPort(sourceId);
+                    break;
+                case ProcessGroup:
+                    authorizable = authorizableLookup.getProcessGroup(sourceId);
+                    break;
+                case RemoteProcessGroup:
+                    authorizable = authorizableLookup.getRemoteProcessGroup(sourceId);
+                    break;
+                case Funnel:
+                    authorizable = authorizableLookup.getFunnel(sourceId);
+                    break;
+                case Connection:
+                    authorizable = authorizableLookup.getConnection(sourceId);
+                    break;
+                default:
+                    throw new WebApplicationException(Response.serverError().entity("An unexpected type of component is the source of this action.").build());
+            }
+        } catch (final ResourceNotFoundException e) {
+            // if the underlying component is gone, disallow
+            return false;
+        }
+
+        // perform the authorization
+        final AuthorizationResult result = authorizable.checkAuthorization(authorizer, RequestAction.READ);
+        return Result.Approved.equals(result.getResult());
+    }
+
     @Override
     public HistoryDTO getActions(final HistoryQueryDTO historyQueryDto) {
         // extract the query criteria
@@ -2869,6 +2807,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
         // perform the query
         final History history = auditService.getActions(historyQuery);
 
+        // only retain authorized actions
+        history.getActions().stream().filter(action -> authorizeAction(action)).collect(Collectors.toList());
+
         // create the response
         return dtoFactory.createHistoryDto(history);
     }
@@ -2883,6 +2824,10 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
             throw new ResourceNotFoundException(String.format("Unable to find action with id '%s'.", actionId));
         }
 
+        if (!authorizeAction(action)) {
+            throw new AccessDeniedException("Access is denied.");
+        }
+
         // return the action
         return dtoFactory.createActionDto(action);
     }
@@ -3027,10 +2972,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
         this.auditService = auditService;
     }
 
-    public void setKeyService(final KeyService keyService) {
-        this.keyService = keyService;
-    }
-
     public void setRevisionManager(final RevisionManager revisionManager) {
         this.revisionManager = revisionManager;
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java
index 1dc9b89ac0..901f83d128 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java
@@ -428,8 +428,8 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration
                 try {
 
                     ProcessorDTO processorDTO = buildProcessorDto(id,annotationData,properties);
-                    final UpdateResult<ProcessorEntity> entity = serviceFacade.updateProcessor(revision,processorDTO);
-                    processor = entity.getResult().getComponent();
+                    final ProcessorEntity entity = serviceFacade.updateProcessor(revision,processorDTO);
+                    processor = entity.getComponent();
 
                 } finally {
                     // ensure the revision is canceled.. if the operation succeed, this is a noop
@@ -582,8 +582,8 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration
                 serviceFacade.claimRevision(revision, user);
                 try {
                     // perform the update
-                    final UpdateResult<ControllerServiceEntity> updateResult = serviceFacade.updateControllerService(revision, controllerServiceDto);
-                    controllerService = updateResult.getResult().getComponent();
+                    final ControllerServiceEntity entity = serviceFacade.updateControllerService(revision, controllerServiceDto);
+                    controllerService = entity.getComponent();
                 } finally {
                     // ensure the revision is canceled.. if the operation succeed, this is a noop
                     serviceFacade.cancelRevision(revision);
@@ -749,8 +749,8 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration
                 // claim the revision
                 serviceFacade.claimRevision(revision, user);
                 try {
-                    final UpdateResult<ReportingTaskEntity> updateResult = serviceFacade.updateReportingTask(revision, reportingTaskDto);
-                    reportingTask = updateResult.getResult().getComponent();
+                    final ReportingTaskEntity entity = serviceFacade.updateReportingTask(revision, reportingTaskDto);
+                    reportingTask = entity.getComponent();
                 } finally {
                     // ensure the revision is canceled.. if the operation succeed, this is a noop
                     serviceFacade.cancelRevision(revision);
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/UpdateResult.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/UpdateResult.java
deleted file mode 100644
index 66247e38d8..0000000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/UpdateResult.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web;
-
-/**
- * Result from an update operation.
- */
-@SuppressWarnings("serial")
-public class UpdateResult<T>  {
-
-    private final T result;
-    private final boolean isNew;
-
-    public UpdateResult(T result, boolean isNew) {
-        this.result = result;
-        this.isNew = isNew;
-    }
-
-    public T getResult() {
-        return result;
-    }
-
-    public boolean isNew() {
-        return isNew;
-    }
-}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java
index a00cf18586..2c1129c622 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java
@@ -31,7 +31,6 @@ import org.apache.nifi.cluster.coordination.http.replication.RequestReplicator;
 import org.apache.nifi.util.NiFiProperties;
 import org.apache.nifi.web.NiFiServiceFacade;
 import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.UpdateResult;
 import org.apache.nifi.web.api.dto.AccessPolicyDTO;
 import org.apache.nifi.web.api.dto.RevisionDTO;
 import org.apache.nifi.web.api.entity.AccessPolicyEntity;
@@ -188,6 +187,10 @@ public class AccessPolicyResource extends ApplicationResource {
             throw new IllegalArgumentException("Access policy details must be specified.");
         }
 
+        if (accessPolicyEntity.getRevision() == null || (accessPolicyEntity.getRevision().getVersion() == null || accessPolicyEntity.getRevision().getVersion() != 0)) {
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor.");
+        }
+
         if (accessPolicyEntity.getComponent().getId() != null) {
             throw new IllegalArgumentException("Access policy ID cannot be specified.");
         }
@@ -343,23 +346,16 @@ public class AccessPolicyResource extends ApplicationResource {
                 serviceFacade,
                 revision,
                 lookup -> {
-                    final Authorizable accessPolicy = lookup.getAccessPolicyAuthorizable(id);
-                    accessPolicy.authorize(authorizer, RequestAction.WRITE);
+                    Authorizable authorizable  = lookup.getAccessPolicyAuthorizable(id);
+                    authorizable.authorize(authorizer, RequestAction.WRITE);
                 },
                 null,
                 () -> {
                     // update the access policy
-                    final UpdateResult<AccessPolicyEntity> updateResult = serviceFacade.updateAccessPolicy(revision, accessPolicyDTO);
-
-                    // get the results
-                    final AccessPolicyEntity entity = updateResult.getResult();
+                    final AccessPolicyEntity entity = serviceFacade.updateAccessPolicy(revision, accessPolicyDTO);
                     populateRemainingAccessPolicyEntityContent(entity);
 
-                    if (updateResult.isNew()) {
-                        return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
-                    } else {
-                        return clusterContext(generateOkResponse(entity)).build();
-                    }
+                    return clusterContext(generateOkResponse(entity)).build();
                 }
         );
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ClusterResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ClusterResource.java
deleted file mode 100644
index d98c75545e..0000000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ClusterResource.java
+++ /dev/null
@@ -1,357 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.GET;
-import javax.ws.rs.HEAD;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.cluster.coordination.node.NodeConnectionState;
-import org.apache.nifi.web.IllegalClusterResourceRequestException;
-import org.apache.nifi.web.NiFiServiceFacade;
-import org.apache.nifi.web.api.dto.ClusterDTO;
-import org.apache.nifi.web.api.dto.NodeDTO;
-import org.apache.nifi.web.api.dto.search.NodeSearchResultDTO;
-import org.apache.nifi.web.api.entity.ClusterEntity;
-import org.apache.nifi.web.api.entity.ClusterSearchResultsEntity;
-import org.apache.nifi.web.api.entity.NodeEntity;
-
-import com.sun.jersey.api.core.ResourceContext;
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiParam;
-import com.wordnik.swagger.annotations.ApiResponse;
-import com.wordnik.swagger.annotations.ApiResponses;
-import com.wordnik.swagger.annotations.Authorization;
-
-
-/**
- * RESTful endpoint for managing a cluster.
- */
-@Path("/cluster")
-@Api(
-        value = "/cluster",
-        description = "Endpoint for managing the cluster."
-)
-public class ClusterResource extends ApplicationResource {
-
-    @Context
-    private ResourceContext resourceContext;
-    private NiFiServiceFacade serviceFacade;
-
-    /**
-     * Returns a 200 OK response to indicate this is a valid cluster endpoint.
-     *
-     * @return An OK response with an empty entity body.
-     */
-    @HEAD
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.WILDCARD)
-    public Response getClusterHead() {
-        if (isConnectedToCluster()) {
-            return Response.ok().build();
-        } else {
-            return Response.status(Response.Status.NOT_FOUND).entity("NiFi instance is not clustered").build();
-        }
-    }
-
-    /**
-     * Gets the contents of this NiFi cluster. This includes all nodes and their status.
-     *
-     * @return A clusterEntity
-     */
-    @GET
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.APPLICATION_JSON)
-    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
-    @ApiOperation(
-            value = "Gets the contents of the cluster",
-            notes = "Returns the contents of the cluster including all nodes and their status.",
-            response = ClusterEntity.class,
-            authorizations = {
-                @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
-                @Authorization(value = "DFM", type = "ROLE_DFM"),
-                @Authorization(value = "Admin", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response getCluster() {
-
-        if (isConnectedToCluster()) {
-            final ClusterDTO dto = serviceFacade.getCluster();
-
-            // create entity
-            final ClusterEntity entity = new ClusterEntity();
-            entity.setCluster(dto);
-
-            // generate the response
-            return generateOkResponse(entity).build();
-        }
-
-        throw new IllegalClusterResourceRequestException("Only a node connected to a cluster can process the request.");
-    }
-
-    /**
-     * Searches the cluster for a node with a given address.
-     *
-     * @param value Search value that will be matched against a node's address
-     * @return Nodes that match the specified criteria
-     */
-    @GET
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Path("/search-results")
-    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
-    @ApiOperation(
-            value = "Searches the cluster for a node with the specified address",
-            response = ClusterSearchResultsEntity.class,
-            authorizations = {
-                @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
-                @Authorization(value = "DFM", type = "ROLE_DFM"),
-                @Authorization(value = "Admin", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                @ApiResponse(code = 404, message = "The specified resource could not be found."),
-                @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response searchCluster(
-            @ApiParam(
-                    value = "Node address to search for.",
-                    required = true
-            )
-            @QueryParam("q") @DefaultValue(StringUtils.EMPTY) String value) {
-
-        // ensure this is the cluster manager
-        if (isConnectedToCluster()) {
-            final List<NodeSearchResultDTO> nodeMatches = new ArrayList<>();
-
-            // get the nodes in the cluster
-            final ClusterDTO cluster = serviceFacade.getCluster();
-
-            // check each to see if it matches the search term
-            for (NodeDTO node : cluster.getNodes()) {
-                // ensure the node is connected
-                if (!NodeConnectionState.CONNECTED.name().equals(node.getStatus())) {
-                    continue;
-                }
-
-                // determine the current nodes address
-                final String address = node.getAddress() + ":" + node.getApiPort();
-
-                // count the node if there is no search or it matches the address
-                if (StringUtils.isBlank(value) || StringUtils.containsIgnoreCase(address, value)) {
-                    final NodeSearchResultDTO nodeMatch = new NodeSearchResultDTO();
-                    nodeMatch.setId(node.getNodeId());
-                    nodeMatch.setAddress(address);
-                    nodeMatches.add(nodeMatch);
-                }
-            }
-
-            // build the response
-            ClusterSearchResultsEntity results = new ClusterSearchResultsEntity();
-            results.setNodeResults(nodeMatches);
-
-            // generate an 200 - OK response
-            return noCache(Response.ok(results)).build();
-        }
-
-        throw new IllegalClusterResourceRequestException("Only a node connected to a cluster can process the request.");
-    }
-
-    /**
-     * Gets the contents of the specified node in this NiFi cluster.
-     *
-     * @param id The node id.
-     * @return A nodeEntity.
-     */
-    @GET
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Path("nodes/{id}")
-    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
-    @ApiOperation(
-            value = "Gets a node in the cluster",
-            response = NodeEntity.class,
-            authorizations = {
-                    @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
-                    @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
-                    @Authorization(value = "Administrator", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                    @ApiResponse(code = 404, message = "The specified resource could not be found."),
-                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response getNode(
-            @ApiParam(
-                    value = "The node id.",
-                    required = true
-            )
-            @PathParam("id") String id) {
-
-        // get the specified relationship
-        final NodeDTO dto = serviceFacade.getNode(id);
-
-        // create the response entity
-        final NodeEntity entity = new NodeEntity();
-        entity.setNode(dto);
-
-        // generate the response
-        return generateOkResponse(entity).build();
-    }
-
-    /**
-     * Updates the contents of the specified node in this NiFi cluster.
-     *
-     * @param id The id of the node
-     * @param nodeEntity A nodeEntity
-     * @return A nodeEntity
-     */
-    @PUT
-    @Consumes(MediaType.APPLICATION_JSON)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Path("nodes/{id}")
-    // TODO - @PreAuthorize("hasAnyRole('ROLE_ADMIN')")
-    @ApiOperation(
-            value = "Updates a node in the cluster",
-            response = NodeEntity.class,
-            authorizations = {
-                    @Authorization(value = "Administrator", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                    @ApiResponse(code = 404, message = "The specified resource could not be found."),
-                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response updateNode(
-            @ApiParam(
-                    value = "The node id.",
-                    required = true
-            )
-            @PathParam("id") String id,
-            @ApiParam(
-                    value = "The node configuration. The only configuration that will be honored at this endpoint is the status or primary flag.",
-                    required = true
-            ) NodeEntity nodeEntity) {
-
-        if (nodeEntity == null || nodeEntity.getNode() == null) {
-            throw new IllegalArgumentException("Node details must be specified.");
-        }
-
-        // get the request node
-        final NodeDTO requestNodeDTO = nodeEntity.getNode();
-        if (!id.equals(requestNodeDTO.getNodeId())) {
-            throw new IllegalArgumentException(String.format("The node id (%s) in the request body does "
-                + "not equal the node id of the requested resource (%s).", requestNodeDTO.getNodeId(), id));
-        }
-
-        // update the node
-        final NodeDTO node = serviceFacade.updateNode(requestNodeDTO);
-
-        // create the response entity
-        NodeEntity entity = new NodeEntity();
-        entity.setNode(node);
-
-        // generate the response
-        return generateOkResponse(entity).build();
-    }
-
-    /**
-     * Removes the specified from this NiFi cluster.
-     *
-     * @param id The id of the node
-     * @return A nodeEntity
-     */
-    @DELETE
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Path("nodes/{id}")
-    // TODO - @PreAuthorize("hasAnyRole('ROLE_ADMIN')")
-    @ApiOperation(
-            value = "Removes a node from the cluster",
-            response = NodeEntity.class,
-            authorizations = {
-                    @Authorization(value = "Administrator", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                    @ApiResponse(code = 404, message = "The specified resource could not be found."),
-                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response deleteNode(
-            @ApiParam(
-                    value = "The node id.",
-                    required = true
-            )
-            @PathParam("id") String id) {
-
-        serviceFacade.deleteNode(id);
-
-        // create the response entity
-        final NodeEntity entity = new NodeEntity();
-
-        // generate the response
-        return generateOkResponse(entity).build();
-    }
-
-    // setters
-    public void setServiceFacade(NiFiServiceFacade serviceFacade) {
-        this.serviceFacade = serviceFacade;
-    }
-}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java
index caa7b36729..67a76fdac9 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java
@@ -28,7 +28,6 @@ import org.apache.nifi.authorization.RequestAction;
 import org.apache.nifi.authorization.resource.Authorizable;
 import org.apache.nifi.web.NiFiServiceFacade;
 import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.UpdateResult;
 import org.apache.nifi.web.api.dto.ConnectionDTO;
 import org.apache.nifi.web.api.dto.FlowFileSummaryDTO;
 import org.apache.nifi.web.api.dto.ListingRequestDTO;
@@ -50,7 +49,6 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import java.net.URI;
 import java.util.Set;
 
 /**
@@ -271,23 +269,16 @@ public class ConnectionResource extends ApplicationResource {
             serviceFacade,
             revision,
             lookup -> {
-                final Authorizable conn = lookup.getConnection(id);
-                conn.authorize(authorizer, RequestAction.WRITE);
+                Authorizable authorizable = lookup.getConnection(id);
+                authorizable.authorize(authorizer, RequestAction.WRITE);
             },
             () -> serviceFacade.verifyUpdateConnection(connection),
             () -> {
-                // update the relationship target
-                final UpdateResult<ConnectionEntity> updateResult = serviceFacade.updateConnection(revision, connection);
-
-                final ConnectionEntity entity = updateResult.getResult();
+                final ConnectionEntity entity = serviceFacade.updateConnection(revision, connection);
                 populateRemainingConnectionEntityContent(entity);
 
                 // generate the response
-                if (updateResult.isNew()) {
-                    return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
-                } else {
-                    return clusterContext(generateOkResponse(entity)).build();
-                }
+                return clusterContext(generateOkResponse(entity)).build();
             });
     }
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java
index 4f75347e63..bb07751bb5 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java
@@ -16,25 +16,13 @@
  */
 package org.apache.nifi.web.api;
 
-import java.net.URI;
-import java.util.Collections;
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.GET;
-import javax.ws.rs.HttpMethod;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-
+import com.sun.jersey.api.core.ResourceContext;
+import com.wordnik.swagger.annotations.Api;
+import com.wordnik.swagger.annotations.ApiOperation;
+import com.wordnik.swagger.annotations.ApiParam;
+import com.wordnik.swagger.annotations.ApiResponse;
+import com.wordnik.swagger.annotations.ApiResponses;
+import com.wordnik.swagger.annotations.Authorization;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.nifi.authorization.AccessDeniedException;
 import org.apache.nifi.authorization.AuthorizationRequest;
@@ -45,30 +33,45 @@ import org.apache.nifi.authorization.RequestAction;
 import org.apache.nifi.authorization.resource.ResourceFactory;
 import org.apache.nifi.authorization.user.NiFiUser;
 import org.apache.nifi.authorization.user.NiFiUserUtils;
-import org.apache.nifi.cluster.coordination.http.replication.RequestReplicator;
-import org.apache.nifi.cluster.manager.NodeResponse;
-import org.apache.nifi.cluster.manager.exception.UnknownNodeException;
-import org.apache.nifi.cluster.protocol.NodeIdentifier;
+import org.apache.nifi.cluster.coordination.node.NodeConnectionState;
 import org.apache.nifi.controller.FlowController;
+import org.apache.nifi.web.IllegalClusterResourceRequestException;
 import org.apache.nifi.web.NiFiServiceFacade;
 import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.api.dto.CounterDTO;
-import org.apache.nifi.web.api.dto.CountersDTO;
+import org.apache.nifi.web.api.dto.ClusterDTO;
+import org.apache.nifi.web.api.dto.NodeDTO;
+import org.apache.nifi.web.api.dto.RevisionDTO;
+import org.apache.nifi.web.api.dto.search.NodeSearchResultDTO;
+import org.apache.nifi.web.api.entity.ClusterEntity;
+import org.apache.nifi.web.api.entity.ClusterSearchResultsEntity;
 import org.apache.nifi.web.api.entity.ControllerConfigurationEntity;
 import org.apache.nifi.web.api.entity.ControllerServiceEntity;
-import org.apache.nifi.web.api.entity.CounterEntity;
-import org.apache.nifi.web.api.entity.CountersEntity;
-import org.apache.nifi.web.api.entity.Entity;
+import org.apache.nifi.web.api.entity.HistoryEntity;
+import org.apache.nifi.web.api.entity.NodeEntity;
 import org.apache.nifi.web.api.entity.ProcessGroupEntity;
 import org.apache.nifi.web.api.entity.ReportingTaskEntity;
+import org.apache.nifi.web.api.request.ClientIdParameter;
+import org.apache.nifi.web.api.request.DateTimeParameter;
 
-import com.sun.jersey.api.core.ResourceContext;
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiParam;
-import com.wordnik.swagger.annotations.ApiResponse;
-import com.wordnik.swagger.annotations.ApiResponses;
-import com.wordnik.swagger.annotations.Authorization;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.GET;
+import javax.ws.rs.HEAD;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
 
 /**
  * RESTful endpoint for managing a Flow Controller.
@@ -150,8 +153,14 @@ public class ControllerResource extends ApplicationResource {
         }
 
         // handle expects request (usually from the cluster manager)
-        final String expects = httpServletRequest.getHeader(RequestReplicator.REQUEST_VALIDATION_HTTP_HEADER);
-        if (expects != null) {
+        final boolean validationPhase = isValidationPhase(httpServletRequest);
+        if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
+            // authorize access
+            serviceFacade.authorizeAccess(lookup -> {
+                authorizeController(RequestAction.WRITE);
+            });
+        }
+        if (validationPhase) {
             return generateContinueResponse().build();
         }
 
@@ -163,141 +172,6 @@ public class ControllerResource extends ApplicationResource {
         return clusterContext(generateCreatedResponse(uri, entity)).build();
     }
 
-    /**
-     * Retrieves the counters report for this NiFi.
-     *
-     * @return A countersEntity.
-     * @throws InterruptedException if interrupted
-     */
-    @GET
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Path("counters")
-    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
-    @ApiOperation(
-            value = "Gets the current counters for this NiFi",
-            response = Entity.class,
-            authorizations = {
-                @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
-                @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
-                @Authorization(value = "Administrator", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response getCounters(
-            @ApiParam(
-                value = "Whether or not to include the breakdown per node. Optional, defaults to false",
-                required = false
-            )
-            @QueryParam("nodewise") @DefaultValue(NODEWISE) final Boolean nodewise,
-            @ApiParam(
-                value = "The id of the node where to get the status.",
-                required = false
-            )
-        @QueryParam("clusterNodeId") final String clusterNodeId) throws InterruptedException {
-
-        // ensure a valid request
-        if (Boolean.TRUE.equals(nodewise) && clusterNodeId != null) {
-            throw new IllegalArgumentException("Nodewise requests cannot be directed at a specific node.");
-        }
-
-        // replicate if necessary
-        if (isReplicateRequest()) {
-            // determine where this request should be sent
-            if (clusterNodeId == null) {
-                final NodeResponse nodeResponse = getRequestReplicator().replicate(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).awaitMergedResponse();
-                final CountersEntity entity = (CountersEntity) nodeResponse.getUpdatedEntity();
-
-                // ensure there is an updated entity (result of merging) and prune the response as necessary
-                if (entity != null && !nodewise) {
-                    entity.getCounters().setNodeSnapshots(null);
-                }
-
-                return nodeResponse.getResponse();
-            } else {
-                // get the target node and ensure it exists
-                final NodeIdentifier targetNode = getClusterCoordinator().getNodeIdentifier(clusterNodeId);
-                if (targetNode == null) {
-                    throw new UnknownNodeException("The specified cluster node does not exist.");
-                }
-
-                final Set<NodeIdentifier> targetNodes = Collections.singleton(targetNode);
-
-                // replicate the request to the specific node
-                return getRequestReplicator().replicate(targetNodes, HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).awaitMergedResponse().getResponse();
-            }
-        }
-
-        final CountersDTO countersReport = serviceFacade.getCounters();
-
-        // create the response entity
-        final CountersEntity entity = new CountersEntity();
-        entity.setCounters(countersReport);
-
-        // generate the response
-        return clusterContext(generateOkResponse(entity)).build();
-    }
-
-    /**
-     * Update the specified counter. This will reset the counter value to 0.
-     *
-     * @param httpServletRequest request
-     * @param id The id of the counter.
-     * @return A counterEntity.
-     */
-    @PUT
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Path("counters/{id}")
-    // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
-    @ApiOperation(
-            value = "Updates the specified counter. This will reset the counter value to 0",
-            response = CounterEntity.class,
-            authorizations = {
-                @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
-            }
-    )
-    @ApiResponses(
-            value = {
-                @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                @ApiResponse(code = 404, message = "The specified resource could not be found."),
-                @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response updateCounter(
-            @Context final HttpServletRequest httpServletRequest,
-            @PathParam("id") final String id) {
-
-        if (isReplicateRequest()) {
-            return replicate(HttpMethod.PUT);
-        }
-
-        // handle expects request (usually from the cluster manager)
-        final String expects = httpServletRequest.getHeader(RequestReplicator.REQUEST_VALIDATION_HTTP_HEADER);
-        if (expects != null) {
-            return generateContinueResponse().build();
-        }
-
-        // reset the specified counter
-        final CounterDTO counter = serviceFacade.updateCounter(id);
-
-        // create the response entity
-        final CounterEntity entity = new CounterEntity();
-        entity.setCounter(counter);
-
-        // generate the response
-        return clusterContext(generateOkResponse(entity)).build();
-    }
-
     /**
      * Retrieves the configuration for this NiFi.
      *
@@ -309,7 +183,7 @@ public class ControllerResource extends ApplicationResource {
     @Path("config")
     // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN', 'ROLE_NIFI')")
     @ApiOperation(
-            value = "Retrieves the configuration for this NiFi",
+            value = "Retrieves the configuration for this NiFi Controller",
             response = ControllerConfigurationEntity.class,
             authorizations = {
                 @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
@@ -327,8 +201,8 @@ public class ControllerResource extends ApplicationResource {
             }
     )
     public Response getControllerConfig() {
-        // TODO
-//        authorizeController(RequestAction.READ);
+
+        authorizeController(RequestAction.READ);
 
         if (isReplicateRequest()) {
             return replicate(HttpMethod.GET);
@@ -372,7 +246,7 @@ public class ControllerResource extends ApplicationResource {
                     required = true
             ) final ControllerConfigurationEntity configEntity) {
 
-        if (configEntity == null || configEntity.getConfig() == null) {
+        if (configEntity == null || configEntity.getControllerConfiguration() == null) {
             throw new IllegalArgumentException("Controller configuration must be specified");
         }
 
@@ -393,7 +267,7 @@ public class ControllerResource extends ApplicationResource {
                 },
                 null,
                 () -> {
-                    final ControllerConfigurationEntity entity = serviceFacade.updateControllerConfiguration(revision, configEntity.getConfig());
+                    final ControllerConfigurationEntity entity = serviceFacade.updateControllerConfiguration(revision, configEntity.getControllerConfiguration());
                     return clusterContext(generateOkResponse(entity)).build();
                 }
         );
@@ -441,6 +315,10 @@ public class ControllerResource extends ApplicationResource {
             throw new IllegalArgumentException("Reporting task details must be specified.");
         }
 
+        if (reportingTaskEntity.getRevision() == null || (reportingTaskEntity.getRevision().getVersion() == null || reportingTaskEntity.getRevision().getVersion() != 0)) {
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Reporting task.");
+        }
+
         if (reportingTaskEntity.getComponent().getId() != null) {
             throw new IllegalArgumentException("Reporting task ID cannot be specified.");
         }
@@ -454,8 +332,14 @@ public class ControllerResource extends ApplicationResource {
         }
 
         // handle expects request (usually from the cluster manager)
-        final String expects = httpServletRequest.getHeader(RequestReplicator.REQUEST_VALIDATION_HTTP_HEADER);
-        if (expects != null) {
+        final boolean validationPhase = isValidationPhase(httpServletRequest);
+        if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
+            // authorize access
+            serviceFacade.authorizeAccess(lookup -> {
+                authorizeController(RequestAction.WRITE);
+            });
+        }
+        if (validationPhase) {
             return generateContinueResponse().build();
         }
 
@@ -463,7 +347,8 @@ public class ControllerResource extends ApplicationResource {
         reportingTaskEntity.getComponent().setId(generateUuid());
 
         // create the reporting task and generate the json
-        final ReportingTaskEntity entity = serviceFacade.createReportingTask(reportingTaskEntity.getComponent());
+        final Revision revision = getRevision(reportingTaskEntity, reportingTaskEntity.getComponent().getId());
+        final ReportingTaskEntity entity = serviceFacade.createReportingTask(revision, reportingTaskEntity.getComponent());
         reportingTaskResource.populateRemainingReportingTaskEntityContent(entity);
 
         // build the response
@@ -512,6 +397,10 @@ public class ControllerResource extends ApplicationResource {
             throw new IllegalArgumentException("Controller service details must be specified.");
         }
 
+        if (controllerServiceEntity.getRevision() == null || (controllerServiceEntity.getRevision().getVersion() == null || controllerServiceEntity.getRevision().getVersion() != 0)) {
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Controller service.");
+        }
+
         if (controllerServiceEntity.getComponent().getId() != null) {
             throw new IllegalArgumentException("Controller service ID cannot be specified.");
         }
@@ -529,7 +418,7 @@ public class ControllerResource extends ApplicationResource {
         if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
             // authorize access
             serviceFacade.authorizeAccess(lookup -> {
-                // TODO - authorize controller access
+                authorizeController(RequestAction.WRITE);
             });
         }
         if (validationPhase) {
@@ -540,13 +429,411 @@ public class ControllerResource extends ApplicationResource {
         controllerServiceEntity.getComponent().setId(generateUuid());
 
         // create the controller service and generate the json
-        final ControllerServiceEntity entity = serviceFacade.createControllerService(null, controllerServiceEntity.getComponent());
+        final Revision revision = getRevision(controllerServiceEntity, controllerServiceEntity.getComponent().getId());
+        final ControllerServiceEntity entity = serviceFacade.createControllerService(revision, null, controllerServiceEntity.getComponent());
         controllerServiceResource.populateRemainingControllerServiceContent(entity.getComponent());
 
         // build the response
         return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
     }
 
+    // -------
+    // cluster
+    // -------
+
+    /**
+     * Returns a 200 OK response to indicate this is a valid cluster endpoint.
+     *
+     * @return An OK response with an empty entity body.
+     */
+    @HEAD
+    @Consumes(MediaType.WILDCARD)
+    @Produces(MediaType.WILDCARD)
+    @Path("cluster")
+    public Response getClusterHead() {
+        // TODO - remove once cluster detection is part of /flow
+        if (isConnectedToCluster()) {
+            return Response.ok().build();
+        } else {
+            return Response.status(Response.Status.NOT_FOUND).entity("NiFi instance is not clustered").build();
+        }
+    }
+
+    /**
+     * Gets the contents of this NiFi cluster. This includes all nodes and their status.
+     *
+     * @return A clusterEntity
+     */
+    @GET
+    @Consumes(MediaType.WILDCARD)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Path("cluster")
+    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+    @ApiOperation(
+            value = "Gets the contents of the cluster",
+            notes = "Returns the contents of the cluster including all nodes and their status.",
+            response = ClusterEntity.class,
+            authorizations = {
+                    @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
+                    @Authorization(value = "DFM", type = "ROLE_DFM"),
+                    @Authorization(value = "Admin", type = "ROLE_ADMIN")
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
+                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+            }
+    )
+    public Response getCluster() {
+
+        authorizeController(RequestAction.READ);
+
+        // ensure connected to the cluster
+        if (!isConnectedToCluster()) {
+            throw new IllegalClusterResourceRequestException("Only a node connected to a cluster can process the request.");
+        }
+
+        final ClusterDTO dto = serviceFacade.getCluster();
+
+        // create entity
+        final ClusterEntity entity = new ClusterEntity();
+        entity.setCluster(dto);
+
+        // generate the response
+        return generateOkResponse(entity).build();
+    }
+
+    /**
+     * Searches the cluster for a node with a given address.
+     *
+     * @param value Search value that will be matched against a node's address
+     * @return Nodes that match the specified criteria
+     */
+    @GET
+    @Consumes(MediaType.WILDCARD)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Path("cluster/search-results")
+    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+    @ApiOperation(
+            value = "Searches the cluster for a node with the specified address",
+            response = ClusterSearchResultsEntity.class,
+            authorizations = {
+                    @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
+                    @Authorization(value = "DFM", type = "ROLE_DFM"),
+                    @Authorization(value = "Admin", type = "ROLE_ADMIN")
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
+                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+                    @ApiResponse(code = 404, message = "The specified resource could not be found."),
+                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+            }
+    )
+    public Response searchCluster(
+            @ApiParam(
+                    value = "Node address to search for.",
+                    required = true
+            )
+            @QueryParam("q") @DefaultValue(StringUtils.EMPTY) String value) {
+
+        authorizeController(RequestAction.READ);
+
+        // ensure connected to the cluster
+        if (!isConnectedToCluster()) {
+            throw new IllegalClusterResourceRequestException("Only a node connected to a cluster can process the request.");
+        }
+
+        final List<NodeSearchResultDTO> nodeMatches = new ArrayList<>();
+
+        // get the nodes in the cluster
+        final ClusterDTO cluster = serviceFacade.getCluster();
+
+        // check each to see if it matches the search term
+        for (NodeDTO node : cluster.getNodes()) {
+            // ensure the node is connected
+            if (!NodeConnectionState.CONNECTED.name().equals(node.getStatus())) {
+                continue;
+            }
+
+            // determine the current nodes address
+            final String address = node.getAddress() + ":" + node.getApiPort();
+
+            // count the node if there is no search or it matches the address
+            if (StringUtils.isBlank(value) || StringUtils.containsIgnoreCase(address, value)) {
+                final NodeSearchResultDTO nodeMatch = new NodeSearchResultDTO();
+                nodeMatch.setId(node.getNodeId());
+                nodeMatch.setAddress(address);
+                nodeMatches.add(nodeMatch);
+            }
+        }
+
+        // build the response
+        ClusterSearchResultsEntity results = new ClusterSearchResultsEntity();
+        results.setNodeResults(nodeMatches);
+
+        // generate an 200 - OK response
+        return noCache(Response.ok(results)).build();
+    }
+
+    /**
+     * Gets the contents of the specified node in this NiFi cluster.
+     *
+     * @param id The node id.
+     * @return A nodeEntity.
+     */
+    @GET
+    @Consumes(MediaType.WILDCARD)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Path("cluster/nodes/{id}")
+    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+    @ApiOperation(
+            value = "Gets a node in the cluster",
+            response = NodeEntity.class,
+            authorizations = {
+                    @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
+                    @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
+                    @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
+                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+                    @ApiResponse(code = 404, message = "The specified resource could not be found."),
+                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+            }
+    )
+    public Response getNode(
+            @ApiParam(
+                    value = "The node id.",
+                    required = true
+            )
+            @PathParam("id") String id) {
+
+        authorizeController(RequestAction.READ);
+
+        // ensure connected to the cluster
+        if (!isConnectedToCluster()) {
+            throw new IllegalClusterResourceRequestException("Only a node connected to a cluster can process the request.");
+        }
+
+        // get the specified relationship
+        final NodeDTO dto = serviceFacade.getNode(id);
+
+        // create the response entity
+        final NodeEntity entity = new NodeEntity();
+        entity.setNode(dto);
+
+        // generate the response
+        return generateOkResponse(entity).build();
+    }
+
+    /**
+     * Updates the contents of the specified node in this NiFi cluster.
+     *
+     * @param id The id of the node
+     * @param nodeEntity A nodeEntity
+     * @return A nodeEntity
+     */
+    @PUT
+    @Consumes(MediaType.APPLICATION_JSON)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Path("cluster/nodes/{id}")
+    // TODO - @PreAuthorize("hasAnyRole('ROLE_ADMIN')")
+    @ApiOperation(
+            value = "Updates a node in the cluster",
+            response = NodeEntity.class,
+            authorizations = {
+                    @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
+                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+                    @ApiResponse(code = 404, message = "The specified resource could not be found."),
+                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+            }
+    )
+    public Response updateNode(
+            @ApiParam(
+                    value = "The node id.",
+                    required = true
+            )
+            @PathParam("id") String id,
+            @ApiParam(
+                    value = "The node configuration. The only configuration that will be honored at this endpoint is the status or primary flag.",
+                    required = true
+            ) NodeEntity nodeEntity) {
+
+        authorizeController(RequestAction.WRITE);
+
+        // ensure connected to the cluster
+        if (!isConnectedToCluster()) {
+            throw new IllegalClusterResourceRequestException("Only a node connected to a cluster can process the request.");
+        }
+
+        if (nodeEntity == null || nodeEntity.getNode() == null) {
+            throw new IllegalArgumentException("Node details must be specified.");
+        }
+
+        // get the request node
+        final NodeDTO requestNodeDTO = nodeEntity.getNode();
+        if (!id.equals(requestNodeDTO.getNodeId())) {
+            throw new IllegalArgumentException(String.format("The node id (%s) in the request body does "
+                    + "not equal the node id of the requested resource (%s).", requestNodeDTO.getNodeId(), id));
+        }
+
+        // update the node
+        final NodeDTO node = serviceFacade.updateNode(requestNodeDTO);
+
+        // create the response entity
+        NodeEntity entity = new NodeEntity();
+        entity.setNode(node);
+
+        // generate the response
+        return generateOkResponse(entity).build();
+    }
+
+    /**
+     * Removes the specified from this NiFi cluster.
+     *
+     * @param id The id of the node
+     * @return A nodeEntity
+     */
+    @DELETE
+    @Consumes(MediaType.WILDCARD)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Path("cluster/nodes/{id}")
+    // TODO - @PreAuthorize("hasAnyRole('ROLE_ADMIN')")
+    @ApiOperation(
+            value = "Removes a node from the cluster",
+            response = NodeEntity.class,
+            authorizations = {
+                    @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
+                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+                    @ApiResponse(code = 404, message = "The specified resource could not be found."),
+                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+            }
+    )
+    public Response deleteNode(
+            @ApiParam(
+                    value = "The node id.",
+                    required = true
+            )
+            @PathParam("id") String id) {
+
+        authorizeController(RequestAction.WRITE);
+
+        // ensure connected to the cluster
+        if (!isConnectedToCluster()) {
+            throw new IllegalClusterResourceRequestException("Only a node connected to a cluster can process the request.");
+        }
+
+        serviceFacade.deleteNode(id);
+
+        // create the response entity
+        final NodeEntity entity = new NodeEntity();
+
+        // generate the response
+        return generateOkResponse(entity).build();
+    }
+
+    // -------
+    // history
+    // -------
+
+    /**
+     * Deletes flow history from the specified end date.
+     *
+     * @param clientId Optional client id. If the client id is not specified, a
+     * new one will be generated. This value (whether specified or generated) is
+     * included in the response.
+     * @param endDate The end date for the purge action.
+     * @return A historyEntity
+     */
+    @DELETE
+    @Consumes(MediaType.WILDCARD)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Path("history")
+    // TODO - @PreAuthorize("hasRole('ROLE_ADMIN')")
+    @ApiOperation(
+            value = "Purges history",
+            response = HistoryEntity.class,
+            authorizations = {
+                    @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
+                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+            }
+    )
+    public Response deleteHistory(
+            @Context final HttpServletRequest httpServletRequest,
+            @ApiParam(
+                    value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
+                    required = false
+            )
+            @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
+            @ApiParam(
+                    value = "Purge actions before this date/time.",
+                    required = true
+            )
+            @QueryParam("endDate") DateTimeParameter endDate) {
+
+        // ensure the end date is specified
+        if (endDate == null) {
+            throw new IllegalArgumentException("The end date must be specified.");
+        }
+
+        if (isReplicateRequest()) {
+            return replicate(HttpMethod.DELETE);
+        }
+
+        // handle expects request (usually from the cluster manager)
+        final boolean validationPhase = isValidationPhase(httpServletRequest);
+        if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
+            // authorize access
+            serviceFacade.authorizeAccess(lookup -> {
+                authorizeController(RequestAction.WRITE);
+            });
+        }
+        if (validationPhase) {
+            return generateContinueResponse().build();
+        }
+
+        // purge the actions
+        serviceFacade.deleteActions(endDate.getDateTime());
+
+        // create the revision
+        final RevisionDTO revision = new RevisionDTO();
+        revision.setClientId(clientId.getClientId());
+
+        // create the response entity
+        final HistoryEntity entity = new HistoryEntity();
+
+        // generate the response
+        return generateOkResponse(entity).build();
+    }
+
     // setters
     public void setServiceFacade(final NiFiServiceFacade serviceFacade) {
         this.serviceFacade = serviceFacade;
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java
index e05552ff3e..b79ee621e9 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java
@@ -33,7 +33,6 @@ import org.apache.nifi.ui.extension.UiExtensionMapping;
 import org.apache.nifi.web.NiFiServiceFacade;
 import org.apache.nifi.web.Revision;
 import org.apache.nifi.web.UiExtensionType;
-import org.apache.nifi.web.UpdateResult;
 import org.apache.nifi.web.api.dto.ComponentStateDTO;
 import org.apache.nifi.web.api.dto.ControllerServiceDTO;
 import org.apache.nifi.web.api.dto.PropertyDescriptorDTO;
@@ -64,7 +63,6 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import java.net.URI;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -371,12 +369,10 @@ public class ControllerServiceResource extends ApplicationResource {
         if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
             // authorize access
             serviceFacade.authorizeAccess(lookup -> {
-                final Authorizable controllerService = lookup.getControllerService(id);
-                controllerService.authorize(authorizer, RequestAction.WRITE);
+                final Authorizable processor = lookup.getControllerService(id);
+                processor.authorize(authorizer, RequestAction.WRITE);
             });
         }
-
-        // handle expects request (usually from the cluster manager)
         if (validationPhase) {
             serviceFacade.verifyCanClearControllerServiceState(id);
             return generateContinueResponse().build();
@@ -624,23 +620,16 @@ public class ControllerServiceResource extends ApplicationResource {
             serviceFacade,
             revision,
             lookup -> {
-                final Authorizable controllerService = lookup.getControllerService(id);
-                controllerService.authorize(authorizer, RequestAction.WRITE);
+                Authorizable authorizable = lookup.getControllerService(id);
+                authorizable.authorize(authorizer, RequestAction.WRITE);
             },
             () -> serviceFacade.verifyUpdateControllerService(requestControllerServiceDTO),
             () -> {
                 // update the controller service
-                final UpdateResult<ControllerServiceEntity> updateResult = serviceFacade.updateControllerService(revision, requestControllerServiceDTO);
-
-                // build the response entity
-                final ControllerServiceEntity entity = updateResult.getResult();
+                final ControllerServiceEntity entity = serviceFacade.updateControllerService(revision, requestControllerServiceDTO);
                 populateRemainingControllerServiceContent(entity.getComponent());
 
-                if (updateResult.isNew()) {
-                    return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
-                } else {
-                    return clusterContext(generateOkResponse(entity)).build();
-                }
+                return clusterContext(generateOkResponse(entity)).build();
             }
         );
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/CountersResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/CountersResource.java
new file mode 100644
index 0000000000..7428fb029f
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/CountersResource.java
@@ -0,0 +1,252 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.api;
+
+import com.sun.jersey.api.core.ResourceContext;
+import com.wordnik.swagger.annotations.Api;
+import com.wordnik.swagger.annotations.ApiOperation;
+import com.wordnik.swagger.annotations.ApiParam;
+import com.wordnik.swagger.annotations.ApiResponse;
+import com.wordnik.swagger.annotations.ApiResponses;
+import com.wordnik.swagger.annotations.Authorization;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.authorization.AccessDeniedException;
+import org.apache.nifi.authorization.AuthorizationRequest;
+import org.apache.nifi.authorization.AuthorizationResult;
+import org.apache.nifi.authorization.AuthorizationResult.Result;
+import org.apache.nifi.authorization.Authorizer;
+import org.apache.nifi.authorization.RequestAction;
+import org.apache.nifi.authorization.resource.ResourceFactory;
+import org.apache.nifi.authorization.user.NiFiUser;
+import org.apache.nifi.authorization.user.NiFiUserUtils;
+import org.apache.nifi.cluster.manager.NodeResponse;
+import org.apache.nifi.cluster.manager.exception.UnknownNodeException;
+import org.apache.nifi.cluster.protocol.NodeIdentifier;
+import org.apache.nifi.web.NiFiServiceFacade;
+import org.apache.nifi.web.api.dto.CounterDTO;
+import org.apache.nifi.web.api.dto.CountersDTO;
+import org.apache.nifi.web.api.entity.CounterEntity;
+import org.apache.nifi.web.api.entity.CountersEntity;
+import org.apache.nifi.web.api.entity.Entity;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.GET;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.util.Collections;
+import java.util.Set;
+
+
+/**
+ * RESTful endpoint for managing a cluster.
+ */
+@Path("/counters")
+@Api(
+        value = "/counters",
+        description = "Endpoint for managing counters."
+)
+public class CountersResource extends ApplicationResource {
+
+    @Context
+    private ResourceContext resourceContext;
+
+    private NiFiServiceFacade serviceFacade;
+    private Authorizer authorizer;
+
+    /**
+     * Authorizes access to the flow.
+     */
+    private void authorizeCounters(final RequestAction action) {
+        final NiFiUser user = NiFiUserUtils.getNiFiUser();
+
+        final AuthorizationRequest request = new AuthorizationRequest.Builder()
+                .resource(ResourceFactory.getCountersResource())
+                .identity(user.getIdentity())
+                .anonymous(user.isAnonymous())
+                .accessAttempt(true)
+                .action(action)
+                .build();
+
+        final AuthorizationResult result = authorizer.authorize(request);
+        if (!Result.Approved.equals(result.getResult())) {
+            final String message = StringUtils.isNotBlank(result.getExplanation()) ? result.getExplanation() : "Access is denied";
+            throw new AccessDeniedException(message);
+        }
+    }
+
+    /**
+     * Retrieves the counters report for this NiFi.
+     *
+     * @return A countersEntity.
+     * @throws InterruptedException if interrupted
+     */
+    @GET
+    @Consumes(MediaType.WILDCARD)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Path("") // necessary due to a bug in swagger
+    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+    @ApiOperation(
+            value = "Gets the current counters for this NiFi",
+            response = Entity.class,
+            authorizations = {
+                    @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
+                    @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
+                    @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
+                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+            }
+    )
+    public Response getCounters(
+            @ApiParam(
+                    value = "Whether or not to include the breakdown per node. Optional, defaults to false",
+                    required = false
+            )
+            @QueryParam("nodewise") @DefaultValue(NODEWISE) final Boolean nodewise,
+            @ApiParam(
+                    value = "The id of the node where to get the status.",
+                    required = false
+            )
+            @QueryParam("clusterNodeId") final String clusterNodeId) throws InterruptedException {
+
+        authorizeCounters(RequestAction.READ);
+
+        // ensure a valid request
+        if (Boolean.TRUE.equals(nodewise) && clusterNodeId != null) {
+            throw new IllegalArgumentException("Nodewise requests cannot be directed at a specific node.");
+        }
+
+        // replicate if necessary
+        if (isReplicateRequest()) {
+            // determine where this request should be sent
+            if (clusterNodeId == null) {
+                final NodeResponse nodeResponse = getRequestReplicator().replicate(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).awaitMergedResponse();
+                final CountersEntity entity = (CountersEntity) nodeResponse.getUpdatedEntity();
+
+                // ensure there is an updated entity (result of merging) and prune the response as necessary
+                if (entity != null && !nodewise) {
+                    entity.getCounters().setNodeSnapshots(null);
+                }
+
+                return nodeResponse.getResponse();
+            } else {
+                // get the target node and ensure it exists
+                final NodeIdentifier targetNode = getClusterCoordinator().getNodeIdentifier(clusterNodeId);
+                if (targetNode == null) {
+                    throw new UnknownNodeException("The specified cluster node does not exist.");
+                }
+
+                final Set<NodeIdentifier> targetNodes = Collections.singleton(targetNode);
+
+                // replicate the request to the specific node
+                return getRequestReplicator().replicate(targetNodes, HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).awaitMergedResponse().getResponse();
+            }
+        }
+
+        final CountersDTO countersReport = serviceFacade.getCounters();
+
+        // create the response entity
+        final CountersEntity entity = new CountersEntity();
+        entity.setCounters(countersReport);
+
+        // generate the response
+        return clusterContext(generateOkResponse(entity)).build();
+    }
+
+    /**
+     * Update the specified counter. This will reset the counter value to 0.
+     *
+     * @param httpServletRequest request
+     * @param id The id of the counter.
+     * @return A counterEntity.
+     */
+    @PUT
+    @Consumes(MediaType.WILDCARD)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Path("{id}")
+    // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
+    @ApiOperation(
+            value = "Updates the specified counter. This will reset the counter value to 0",
+            response = CounterEntity.class,
+            authorizations = {
+                    @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
+                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+                    @ApiResponse(code = 404, message = "The specified resource could not be found."),
+                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+            }
+    )
+    public Response updateCounter(
+            @Context final HttpServletRequest httpServletRequest,
+            @PathParam("id") final String id) {
+
+        if (isReplicateRequest()) {
+            return replicate(HttpMethod.PUT);
+        }
+
+        // handle expects request (usually from the cluster manager)
+        final boolean validationPhase = isValidationPhase(httpServletRequest);
+        if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
+            // authorize access
+            serviceFacade.authorizeAccess(lookup -> {
+                authorizeCounters(RequestAction.WRITE);
+            });
+        }
+        if (validationPhase) {
+            return generateContinueResponse().build();
+        }
+
+        // reset the specified counter
+        final CounterDTO counter = serviceFacade.updateCounter(id);
+
+        // create the response entity
+        final CounterEntity entity = new CounterEntity();
+        entity.setCounter(counter);
+
+        // generate the response
+        return clusterContext(generateOkResponse(entity)).build();
+    }
+
+    // setters
+
+    public void setServiceFacade(NiFiServiceFacade serviceFacade) {
+        this.serviceFacade = serviceFacade;
+    }
+
+    public void setAuthorizer(Authorizer authorizer) {
+        this.authorizer = authorizer;
+    }
+}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowFileQueueResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowFileQueueResource.java
index 1798473725..2956bb567d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowFileQueueResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowFileQueueResource.java
@@ -26,7 +26,6 @@ import org.apache.commons.lang3.StringUtils;
 import org.apache.nifi.authorization.Authorizer;
 import org.apache.nifi.authorization.RequestAction;
 import org.apache.nifi.authorization.resource.Authorizable;
-import org.apache.nifi.cluster.coordination.http.replication.RequestReplicator;
 import org.apache.nifi.cluster.manager.exception.UnknownNodeException;
 import org.apache.nifi.cluster.protocol.NodeIdentifier;
 import org.apache.nifi.stream.io.StreamUtils;
@@ -339,15 +338,16 @@ public class FlowFileQueueResource extends ApplicationResource {
             return replicate(HttpMethod.POST);
         }
 
-        // authorize access
-        serviceFacade.authorizeAccess(lookup -> {
-            final Authorizable connection = lookup.getConnection(id);
-            connection.authorize(authorizer, RequestAction.WRITE);
-        });
-
         // handle expects request (usually from the cluster manager)
-        final String expects = httpServletRequest.getHeader(RequestReplicator.REQUEST_VALIDATION_HTTP_HEADER);
-        if (expects != null) {
+        final boolean validationPhase = isValidationPhase(httpServletRequest);
+        if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
+            // authorize access
+            serviceFacade.authorizeAccess(lookup -> {
+                final Authorizable connection = lookup.getConnection(id);
+                connection.authorize(authorizer, RequestAction.WRITE);
+            });
+        }
+        if (validationPhase) {
             serviceFacade.verifyListQueue(id);
             return generateContinueResponse().build();
         }
@@ -476,17 +476,18 @@ public class FlowFileQueueResource extends ApplicationResource {
         }
 
         // handle expects request (usually from the cluster manager)
-        final String expects = httpServletRequest.getHeader(RequestReplicator.REQUEST_VALIDATION_HTTP_HEADER);
-        if (expects != null) {
+        final boolean validationPhase = isValidationPhase(httpServletRequest);
+        if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
+            // authorize access
+            serviceFacade.authorizeAccess(lookup -> {
+                final Authorizable connection = lookup.getConnection(connectionId);
+                connection.authorize(authorizer, RequestAction.WRITE);
+            });
+        }
+        if (validationPhase) {
             return generateContinueResponse().build();
         }
 
-        // authorize access
-        serviceFacade.authorizeAccess(lookup -> {
-            final Authorizable connection = lookup.getConnection(connectionId);
-            connection.authorize(authorizer, RequestAction.WRITE);
-        });
-
         // delete the listing request
         final ListingRequestDTO listingRequest = serviceFacade.deleteFlowFileListingRequest(connectionId, listingRequestId);
 
@@ -544,15 +545,16 @@ public class FlowFileQueueResource extends ApplicationResource {
             return replicate(HttpMethod.POST);
         }
 
-        // authorize access
-        serviceFacade.authorizeAccess(lookup -> {
-            final Authorizable connection = lookup.getConnection(id);
-            connection.authorize(authorizer, RequestAction.WRITE);
-        });
-
         // handle expects request (usually from the cluster manager)
-        final String expects = httpServletRequest.getHeader(RequestReplicator.REQUEST_VALIDATION_HTTP_HEADER);
-        if (expects != null) {
+        final boolean validationPhase = isValidationPhase(httpServletRequest);
+        if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
+            // authorize access
+            serviceFacade.authorizeAccess(lookup -> {
+                final Authorizable connection = lookup.getConnection(id);
+                connection.authorize(authorizer, RequestAction.WRITE);
+            });
+        }
+        if (validationPhase) {
             return generateContinueResponse().build();
         }
 
@@ -679,15 +681,16 @@ public class FlowFileQueueResource extends ApplicationResource {
             return replicate(HttpMethod.DELETE);
         }
 
-        // authorize access
-        serviceFacade.authorizeAccess(lookup -> {
-            final Authorizable connection = lookup.getConnection(connectionId);
-            connection.authorize(authorizer, RequestAction.WRITE);
-        });
-
         // handle expects request (usually from the cluster manager)
-        final String expects = httpServletRequest.getHeader(RequestReplicator.REQUEST_VALIDATION_HTTP_HEADER);
-        if (expects != null) {
+        final boolean validationPhase = isValidationPhase(httpServletRequest);
+        if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
+            // authorize access
+            serviceFacade.authorizeAccess(lookup -> {
+                final Authorizable connection = lookup.getConnection(connectionId);
+                connection.authorize(authorizer, RequestAction.WRITE);
+            });
+        }
+        if (validationPhase) {
             return generateContinueResponse().build();
         }
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowResource.java
index 1e3c7761b1..e04ed4411c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowResource.java
@@ -46,6 +46,9 @@ import org.apache.nifi.web.api.dto.BulletinBoardDTO;
 import org.apache.nifi.web.api.dto.BulletinQueryDTO;
 import org.apache.nifi.web.api.dto.ProcessGroupDTO;
 import org.apache.nifi.web.api.dto.RevisionDTO;
+import org.apache.nifi.web.api.dto.action.ActionDTO;
+import org.apache.nifi.web.api.dto.action.HistoryDTO;
+import org.apache.nifi.web.api.dto.action.HistoryQueryDTO;
 import org.apache.nifi.web.api.dto.flow.FlowDTO;
 import org.apache.nifi.web.api.dto.flow.ProcessGroupFlowDTO;
 import org.apache.nifi.web.api.dto.search.SearchResultsDTO;
@@ -59,15 +62,19 @@ import org.apache.nifi.web.api.dto.status.ProcessorStatusDTO;
 import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO;
 import org.apache.nifi.web.api.dto.status.StatusHistoryDTO;
 import org.apache.nifi.web.api.entity.AboutEntity;
+import org.apache.nifi.web.api.entity.ActionEntity;
 import org.apache.nifi.web.api.entity.AuthorityEntity;
 import org.apache.nifi.web.api.entity.BannerEntity;
 import org.apache.nifi.web.api.entity.BulletinBoardEntity;
+import org.apache.nifi.web.api.entity.ComponentHistoryEntity;
 import org.apache.nifi.web.api.entity.ConnectionStatusEntity;
 import org.apache.nifi.web.api.entity.ControllerServiceEntity;
 import org.apache.nifi.web.api.entity.ControllerServiceTypesEntity;
 import org.apache.nifi.web.api.entity.ControllerServicesEntity;
 import org.apache.nifi.web.api.entity.ControllerStatusEntity;
 import org.apache.nifi.web.api.entity.Entity;
+import org.apache.nifi.web.api.entity.FlowConfigurationEntity;
+import org.apache.nifi.web.api.entity.HistoryEntity;
 import org.apache.nifi.web.api.entity.IdentityEntity;
 import org.apache.nifi.web.api.entity.PortStatusEntity;
 import org.apache.nifi.web.api.entity.PrioritizerTypesEntity;
@@ -85,6 +92,7 @@ import org.apache.nifi.web.api.entity.SearchResultsEntity;
 import org.apache.nifi.web.api.entity.StatusHistoryEntity;
 import org.apache.nifi.web.api.request.BulletinBoardPatternParameter;
 import org.apache.nifi.web.api.request.ClientIdParameter;
+import org.apache.nifi.web.api.request.DateTimeParameter;
 import org.apache.nifi.web.api.request.IntegerParameter;
 import org.apache.nifi.web.api.request.LongParameter;
 
@@ -187,7 +195,7 @@ public class FlowResource extends ApplicationResource {
     /**
      * Authorizes access to the flow.
      */
-    private void authorizeFlow() {
+    private void authorizeFlow(final RequestAction action) {
         final NiFiUser user = NiFiUserUtils.getNiFiUser();
 
         final AuthorizationRequest request = new AuthorizationRequest.Builder()
@@ -195,7 +203,7 @@ public class FlowResource extends ApplicationResource {
             .identity(user.getIdentity())
             .anonymous(user.isAnonymous())
             .accessAttempt(true)
-            .action(RequestAction.READ)
+            .action(action)
             .build();
 
         final AuthorizationResult result = authorizer.authorize(request);
@@ -233,10 +241,50 @@ public class FlowResource extends ApplicationResource {
             }
     )
     public Response generateClientId() {
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
         return clusterContext(generateOkResponse(generateUuid())).build();
     }
 
+    /**
+     * Retrieves the configuration for the flow.
+     *
+     * @return A flowConfigurationEntity.
+     */
+    @GET
+    @Consumes(MediaType.WILDCARD)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Path("config")
+    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN', 'ROLE_NIFI')")
+    @ApiOperation(
+            value = "Retrieves the configuration for this NiFi flow",
+            response = FlowConfigurationEntity.class,
+            authorizations = {
+                    @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
+                    @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
+                    @Authorization(value = "Administrator", type = "ROLE_ADMIN"),
+                    @Authorization(value = "ROLE_NIFI", type = "ROLE_NIFI")
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
+                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+            }
+    )
+    public Response getFlowConfig() {
+
+        authorizeFlow(RequestAction.READ);
+
+        if (isReplicateRequest()) {
+            return replicate(HttpMethod.GET);
+        }
+
+        final FlowConfigurationEntity entity = serviceFacade.getFlowConfiguration();
+        return clusterContext(generateOkResponse(entity)).build();
+    }
+
     /**
      * Retrieves the identity of the user making the request.
      *
@@ -252,7 +300,7 @@ public class FlowResource extends ApplicationResource {
     )
     public Response getIdentity() {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // note that the cluster manager will handle this request directly
         final NiFiUser user = NiFiUserUtils.getNiFiUser();
@@ -301,9 +349,8 @@ public class FlowResource extends ApplicationResource {
             }
     )
     public Response getAuthorities() {
-
-        // TODO - Remove
-        authorizeFlow();
+        // TODO - remove this method once authorities are completely removed
+        authorizeFlow(RequestAction.READ);
 
         // note that the cluster manager will handle this request directly
         final NiFiUser user = NiFiUserUtils.getNiFiUser();
@@ -368,7 +415,7 @@ public class FlowResource extends ApplicationResource {
         )
         @QueryParam("recursive") @DefaultValue(RECURSIVE) Boolean recursive) throws InterruptedException {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         if (isReplicateRequest()) {
             return replicate(HttpMethod.GET);
@@ -413,6 +460,8 @@ public class FlowResource extends ApplicationResource {
     )
     public Response getControllerServicesFromController() {
 
+        authorizeFlow(RequestAction.READ);
+
         if (isReplicateRequest()) {
             return replicate(HttpMethod.GET);
         }
@@ -464,6 +513,8 @@ public class FlowResource extends ApplicationResource {
         )
         @PathParam("id") String groupId) throws InterruptedException {
 
+        authorizeFlow(RequestAction.READ);
+
         // get all the controller services
         final Set<ControllerServiceEntity> controllerServices = serviceFacade.getControllerServices(groupId);
         controllerServiceResource.populateRemainingControllerServiceEntitiesContent(controllerServices);
@@ -517,6 +568,8 @@ public class FlowResource extends ApplicationResource {
         )
         @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId) {
 
+        authorizeFlow(RequestAction.READ);
+
         if (isReplicateRequest()) {
             return replicate(HttpMethod.GET);
         }
@@ -571,6 +624,8 @@ public class FlowResource extends ApplicationResource {
         @PathParam("id") String id,
         ScheduleComponentsEntity scheduleComponentsEntity) {
 
+        authorizeFlow(RequestAction.READ);
+
         // ensure the same id is being used
         if (!id.equals(scheduleComponentsEntity.getId())) {
             throw new IllegalArgumentException(String.format("The process group id (%s) in the request body does "
@@ -595,7 +650,6 @@ public class FlowResource extends ApplicationResource {
 
         // if the components are not specified, gather all components and their current revision
         if (scheduleComponentsEntity.getComponents() == null) {
-            // TODO - this will break while clustered until nodes are able to process/replicate requests
             // get the current revisions for the components being updated
             final Set<Revision> revisions = serviceFacade.getRevisionsFromGroup(id, group -> {
                 final Set<String> componentIds = new HashSet<>();
@@ -652,9 +706,6 @@ public class FlowResource extends ApplicationResource {
             serviceFacade,
             revisions,
             lookup -> {
-                // ensure access to the flow
-                authorizeFlow();
-
                 // ensure access to every component being scheduled
                 componentsToSchedule.keySet().forEach(componentId -> {
                     final Authorizable connectable = lookup.getConnectable(componentId);
@@ -704,7 +755,7 @@ public class FlowResource extends ApplicationResource {
             }
     )
     public Response searchFlow(@QueryParam("q") @DefaultValue(StringUtils.EMPTY) String value) throws InterruptedException {
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // query the controller
         final SearchResultsDTO results = serviceFacade.searchController(value);
@@ -747,7 +798,7 @@ public class FlowResource extends ApplicationResource {
     )
     public Response getControllerStatus() throws InterruptedException {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         if (isReplicateRequest()) {
             return replicate(HttpMethod.GET);
@@ -792,7 +843,7 @@ public class FlowResource extends ApplicationResource {
     )
     public Response getBanners() {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // get the banner from the properties - will come from the NCM when clustered
         final String bannerText = getProperties().getBannerText();
@@ -839,7 +890,7 @@ public class FlowResource extends ApplicationResource {
             }
     )
     public Response getProcessorTypes() throws InterruptedException {
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // create response entity
         final ProcessorTypesEntity entity = new ProcessorTypesEntity();
@@ -884,7 +935,7 @@ public class FlowResource extends ApplicationResource {
                     required = false
             )
         @QueryParam("serviceType") String serviceType) throws InterruptedException {
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // create response entity
         final ControllerServiceTypesEntity entity = new ControllerServiceTypesEntity();
@@ -923,7 +974,7 @@ public class FlowResource extends ApplicationResource {
             }
     )
     public Response getReportingTaskTypes() throws InterruptedException {
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // create response entity
         final ReportingTaskTypesEntity entity = new ReportingTaskTypesEntity();
@@ -962,7 +1013,7 @@ public class FlowResource extends ApplicationResource {
             }
     )
     public Response getPrioritizers() throws InterruptedException {
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // create response entity
         final PrioritizerTypesEntity entity = new PrioritizerTypesEntity();
@@ -1000,7 +1051,7 @@ public class FlowResource extends ApplicationResource {
             }
     )
     public Response getAboutInfo() {
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // create the about dto
         final AboutDTO aboutDTO = new AboutDTO();
@@ -1090,7 +1141,7 @@ public class FlowResource extends ApplicationResource {
         )
         @QueryParam("limit") IntegerParameter limit) throws InterruptedException {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // replicate if cluster manager
         if (isReplicateRequest()) {
@@ -1181,7 +1232,7 @@ public class FlowResource extends ApplicationResource {
         )
         @PathParam("id") String id) throws InterruptedException {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // ensure a valid request
         if (Boolean.TRUE.equals(nodewise) && clusterNodeId != null) {
@@ -1263,7 +1314,7 @@ public class FlowResource extends ApplicationResource {
         )
         @PathParam("id") String id) throws InterruptedException {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // ensure a valid request
         if (Boolean.TRUE.equals(nodewise) && clusterNodeId != null) {
@@ -1345,7 +1396,7 @@ public class FlowResource extends ApplicationResource {
         )
         @PathParam("id") String id) throws InterruptedException {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // ensure a valid request
         if (Boolean.TRUE.equals(nodewise) && clusterNodeId != null) {
@@ -1427,7 +1478,7 @@ public class FlowResource extends ApplicationResource {
         )
         @PathParam("id") String id) throws InterruptedException {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // ensure a valid request
         if (Boolean.TRUE.equals(nodewise) && clusterNodeId != null) {
@@ -1518,7 +1569,7 @@ public class FlowResource extends ApplicationResource {
         )
         @PathParam("id") String groupId) throws InterruptedException {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // ensure a valid request
         if (Boolean.TRUE.equals(nodewise) && clusterNodeId != null) {
@@ -1621,7 +1672,7 @@ public class FlowResource extends ApplicationResource {
         )
         @PathParam("id") String id) throws InterruptedException {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // ensure a valid request
         if (Boolean.TRUE.equals(nodewise) && clusterNodeId != null) {
@@ -1697,7 +1748,7 @@ public class FlowResource extends ApplicationResource {
         )
         @PathParam("id") String id) throws InterruptedException {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // replicate if cluster manager
         if (isReplicateRequest()) {
@@ -1752,7 +1803,7 @@ public class FlowResource extends ApplicationResource {
         )
         @PathParam("id") String groupId) throws InterruptedException {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // replicate if cluster manager
         if (isReplicateRequest()) {
@@ -1807,7 +1858,7 @@ public class FlowResource extends ApplicationResource {
         )
         @PathParam("id") String id) throws InterruptedException {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // replicate if cluster manager
         if (isReplicateRequest()) {
@@ -1862,7 +1913,7 @@ public class FlowResource extends ApplicationResource {
         )
         @PathParam("id") String id) throws InterruptedException {
 
-        authorizeFlow();
+        authorizeFlow(RequestAction.READ);
 
         // replicate if cluster manager
         if (isReplicateRequest()) {
@@ -1880,6 +1931,279 @@ public class FlowResource extends ApplicationResource {
         return clusterContext(generateOkResponse(entity)).build();
     }
 
+    // -------
+    // history
+    // -------
+
+    /**
+     * Queries the history of this Controller.
+     *
+     * @param offset The offset into the data. This parameter is required and is
+     * used in conjunction with count.
+     * @param count The number of rows that should be returned. This parameter
+     * is required and is used in conjunction with page.
+     * @param sortColumn The column to sort on. This parameter is optional. If
+     * not specified the results will be returned with the most recent first.
+     * @param sortOrder The sort order.
+     * @param startDate The start date/time for the query. The start date/time
+     * must be formatted as 'MM/dd/yyyy HH:mm:ss'. This parameter is optional
+     * and must be specified in the timezone of the server. The server's
+     * timezone can be determined by inspecting the result of a status or
+     * history request.
+     * @param endDate The end date/time for the query. The end date/time must be
+     * formatted as 'MM/dd/yyyy HH:mm:ss'. This parameter is optional and must
+     * be specified in the timezone of the server. The server's timezone can be
+     * determined by inspecting the result of a status or history request.
+     * @param userName The user name of the user who's actions are being
+     * queried. This parameter is optional.
+     * @param sourceId The id of the source being queried (usually a processor
+     * id). This parameter is optional.
+     * @return A historyEntity.
+     */
+    @GET
+    @Consumes(MediaType.WILDCARD)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Path("history")
+    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+    @ApiOperation(
+            value = "Gets configuration history",
+            response = HistoryEntity.class,
+            authorizations = {
+                    @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
+                    @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
+                    @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
+                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+            }
+    )
+    public Response queryHistory(
+            @ApiParam(
+                    value = "The offset into the result set.",
+                    required = true
+            )
+            @QueryParam("offset") IntegerParameter offset,
+            @ApiParam(
+                    value = "The number of actions to return.",
+                    required = true
+            )
+            @QueryParam("count") IntegerParameter count,
+            @ApiParam(
+                    value = "The field to sort on.",
+                    required = false
+            )
+            @QueryParam("sortColumn") String sortColumn,
+            @ApiParam(
+                    value = "The direction to sort.",
+                    required = false
+            )
+            @QueryParam("sortOrder") String sortOrder,
+            @ApiParam(
+                    value = "Include actions after this date.",
+                    required = false
+            )
+            @QueryParam("startDate") DateTimeParameter startDate,
+            @ApiParam(
+                    value = "Include actions before this date.",
+                    required = false
+            )
+            @QueryParam("endDate") DateTimeParameter endDate,
+            @ApiParam(
+                    value = "Include actions performed by this user.",
+                    required = false
+            )
+            @QueryParam("userName") String userName,
+            @ApiParam(
+                    value = "Include actions on this component.",
+                    required = false
+            )
+            @QueryParam("sourceId") String sourceId) {
+
+        authorizeFlow(RequestAction.READ);
+
+        // ensure the page is specified
+        if (offset == null) {
+            throw new IllegalArgumentException("The desired offset must be specified.");
+        } else if (offset.getInteger() < 0) {
+            throw new IllegalArgumentException("The desired offset must be an integer value greater than or equal to 0.");
+        }
+
+        // ensure the row count is specified
+        if (count == null) {
+            throw new IllegalArgumentException("The desired row count must be specified.");
+        } else if (count.getInteger() < 1) {
+            throw new IllegalArgumentException("The desired row count must be an integer value greater than 0.");
+        }
+
+        // normalize the sort order
+        if (sortOrder != null) {
+            if (!sortOrder.equalsIgnoreCase("asc") && !sortOrder.equalsIgnoreCase("desc")) {
+                throw new IllegalArgumentException("The sort order must be 'asc' or 'desc'.");
+            }
+        }
+
+        // ensure the start and end dates are specified
+        if (endDate != null && startDate != null) {
+            if (endDate.getDateTime().before(startDate.getDateTime())) {
+                throw new IllegalArgumentException("The start date/time must come before the end date/time.");
+            }
+        }
+
+        if (isReplicateRequest()) {
+            return replicate(HttpMethod.GET);
+        }
+
+        // create a history query
+        final HistoryQueryDTO query = new HistoryQueryDTO();
+        query.setSortColumn(sortColumn);
+        query.setSortOrder(sortOrder);
+        query.setOffset(offset.getInteger());
+        query.setCount(count.getInteger());
+
+        // optionally set the start date
+        if (startDate != null) {
+            query.setStartDate(startDate.getDateTime());
+        }
+
+        // optionally set the end date
+        if (endDate != null) {
+            query.setEndDate(endDate.getDateTime());
+        }
+
+        // optionally set the user id
+        if (userName != null) {
+            query.setUserName(userName);
+        }
+
+        // optionally set the processor id
+        if (sourceId != null) {
+            query.setSourceId(sourceId);
+        }
+
+        // perform the query
+        final HistoryDTO history = serviceFacade.getActions(query);
+
+        // create the response entity
+        final HistoryEntity entity = new HistoryEntity();
+        entity.setHistory(history);
+
+        // generate the response
+        return generateOkResponse(entity).build();
+    }
+
+    /**
+     * Gets the action for the corresponding id.
+     *
+     * @param id The id of the action to get.
+     * @return An actionEntity.
+     */
+    @GET
+    @Consumes(MediaType.WILDCARD)
+    @Produces(MediaType.APPLICATION_JSON)
+    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+    @Path("history/{id}")
+    @ApiOperation(
+            value = "Gets an action",
+            response = ActionEntity.class,
+            authorizations = {
+                    @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
+                    @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
+                    @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
+                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+                    @ApiResponse(code = 404, message = "The specified resource could not be found."),
+                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+            }
+    )
+    public Response getAction(
+            @ApiParam(
+                    value = "The action id.",
+                    required = true
+            )
+            @PathParam("id") IntegerParameter id) {
+
+        authorizeFlow(RequestAction.READ);
+
+        // ensure the id was specified
+        if (id == null) {
+            throw new IllegalArgumentException("The action id must be specified.");
+        }
+
+        if (isReplicateRequest()) {
+            return replicate(HttpMethod.GET);
+        }
+
+        // get the specified action
+        final ActionDTO action = serviceFacade.getAction(id.getInteger());
+
+        // create the response entity
+        final ActionEntity entity = new ActionEntity();
+        entity.setAction(action);
+
+        // generate the response
+        return generateOkResponse(entity).build();
+    }
+
+    /**
+     * Gets the actions for the specified component.
+     *
+     * @param componentId The id of the component.
+     * @return An processorHistoryEntity.
+     */
+    @GET
+    @Consumes(MediaType.WILDCARD)
+    @Produces(MediaType.APPLICATION_JSON)
+    @Path("history/components/{componentId}")
+    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+    @ApiOperation(
+            value = "Gets configuration history for a processor",
+            response = ComponentHistoryEntity.class,
+            authorizations = {
+                    @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
+                    @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
+                    @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+            }
+    )
+    @ApiResponses(
+            value = {
+                    @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+                    @ApiResponse(code = 401, message = "Client could not be authenticated."),
+                    @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+                    @ApiResponse(code = 404, message = "The specified resource could not be found."),
+                    @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+            }
+    )
+    public Response getComponentHistory(
+            @ApiParam(
+                    value = "The component id.",
+                    required = true
+            )
+            @PathParam("componentId") final String componentId) {
+
+        authorizeFlow(RequestAction.READ);
+
+        if (isReplicateRequest()) {
+            return replicate(HttpMethod.GET);
+        }
+
+        // create the response entity
+        final ComponentHistoryEntity entity = new ComponentHistoryEntity();
+        entity.setComponentHistory(serviceFacade.getComponentHistory(componentId));
+
+        // generate the response
+        return generateOkResponse(entity).build();
+    }
+
     // setters
     public void setServiceFacade(NiFiServiceFacade serviceFacade) {
         this.serviceFacade = serviceFacade;
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FunnelResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FunnelResource.java
index acaa2b4baf..de2179ca7a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FunnelResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FunnelResource.java
@@ -28,7 +28,6 @@ import org.apache.nifi.authorization.RequestAction;
 import org.apache.nifi.authorization.resource.Authorizable;
 import org.apache.nifi.web.NiFiServiceFacade;
 import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.UpdateResult;
 import org.apache.nifi.web.api.dto.FunnelDTO;
 import org.apache.nifi.web.api.entity.FunnelEntity;
 import org.apache.nifi.web.api.request.ClientIdParameter;
@@ -48,7 +47,6 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import java.net.URI;
 import java.util.Set;
 
 /**
@@ -231,23 +229,16 @@ public class FunnelResource extends ApplicationResource {
             serviceFacade,
             revision,
             lookup -> {
-                final Authorizable funnel = lookup.getFunnel(id);
-                funnel.authorize(authorizer, RequestAction.WRITE);
+                Authorizable authorizable = lookup.getFunnel(id);
+                authorizable.authorize(authorizer, RequestAction.WRITE);
             },
             null,
             () -> {
                 // update the funnel
-                final UpdateResult<FunnelEntity> updateResult = serviceFacade.updateFunnel(revision, requestFunnelDTO);
-
-                // get the results
-                final FunnelEntity entity = updateResult.getResult();
+                final FunnelEntity entity = serviceFacade.updateFunnel(revision, requestFunnelDTO);
                 populateRemainingFunnelEntityContent(entity);
 
-                if (updateResult.isNew()) {
-                    return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
-                } else {
-                    return clusterContext(generateOkResponse(entity)).build();
-                }
+                return clusterContext(generateOkResponse(entity)).build();
             }
         );
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/HistoryResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/HistoryResource.java
deleted file mode 100644
index 714d83e271..0000000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/HistoryResource.java
+++ /dev/null
@@ -1,525 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api;
-
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiParam;
-import com.wordnik.swagger.annotations.ApiResponse;
-import com.wordnik.swagger.annotations.ApiResponses;
-import com.wordnik.swagger.annotations.Authorization;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.web.NiFiServiceFacade;
-import org.apache.nifi.web.api.dto.RevisionDTO;
-import org.apache.nifi.web.api.dto.action.ActionDTO;
-import org.apache.nifi.web.api.dto.action.HistoryDTO;
-import org.apache.nifi.web.api.dto.action.HistoryQueryDTO;
-import org.apache.nifi.web.api.entity.ActionEntity;
-import org.apache.nifi.web.api.entity.ComponentHistoryEntity;
-import org.apache.nifi.web.api.entity.HistoryEntity;
-import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.nifi.web.api.request.DateTimeParameter;
-import org.apache.nifi.web.api.request.IntegerParameter;
-
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.GET;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-
-/**
- * RESTful endpoint for querying the history of this Controller.
- */
-@Path("/history")
-@Api(
-    value = "/history",
-    description = "Endpoint for accessing flow history."
-)
-public class HistoryResource extends ApplicationResource {
-
-    private NiFiServiceFacade serviceFacade;
-
-    /**
-     * Queries the history of this Controller.
-     *
-     * @param clientId Optional client id. If the client id is not specified, a
-     * new one will be generated. This value (whether specified or generated) is
-     * included in the response.
-     * @param offset The offset into the data. This parameter is required and is
-     * used in conjunction with count.
-     * @param count The number of rows that should be returned. This parameter
-     * is required and is used in conjunction with page.
-     * @param sortColumn The column to sort on. This parameter is optional. If
-     * not specified the results will be returned with the most recent first.
-     * @param sortOrder The sort order.
-     * @param startDate The start date/time for the query. The start date/time
-     * must be formatted as 'MM/dd/yyyy HH:mm:ss'. This parameter is optional
-     * and must be specified in the timezone of the server. The server's
-     * timezone can be determined by inspecting the result of a status or
-     * history request.
-     * @param endDate The end date/time for the query. The end date/time must be
-     * formatted as 'MM/dd/yyyy HH:mm:ss'. This parameter is optional and must
-     * be specified in the timezone of the server. The server's timezone can be
-     * determined by inspecting the result of a status or history request.
-     * @param userName The user name of the user who's actions are being
-     * queried. This parameter is optional.
-     * @param sourceId The id of the source being queried (usually a processor
-     * id). This parameter is optional.
-     * @return A historyEntity.
-     */
-    @GET
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Path("") // necessary due to bug in swagger
-    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
-    @ApiOperation(
-            value = "Gets configuration history",
-            response = HistoryEntity.class,
-            authorizations = {
-                @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
-                @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
-                @Authorization(value = "Administrator", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response queryHistory(
-            @ApiParam(
-                    value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
-                    required = false
-            )
-            @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
-            @ApiParam(
-                    value = "The offset into the result set.",
-                    required = true
-            )
-            @QueryParam("offset") IntegerParameter offset,
-            @ApiParam(
-                    value = "The number of actions to return.",
-                    required = true
-            )
-            @QueryParam("count") IntegerParameter count,
-            @ApiParam(
-                    value = "The field to sort on.",
-                    required = false
-            )
-            @QueryParam("sortColumn") String sortColumn,
-            @ApiParam(
-                    value = "The direction to sort.",
-                    required = false
-            )
-            @QueryParam("sortOrder") String sortOrder,
-            @ApiParam(
-                    value = "Include actions after this date.",
-                    required = false
-            )
-            @QueryParam("startDate") DateTimeParameter startDate,
-            @ApiParam(
-                    value = "Include actions before this date.",
-                    required = false
-            )
-            @QueryParam("endDate") DateTimeParameter endDate,
-            @ApiParam(
-                    value = "Include actions performed by this user.",
-                    required = false
-            )
-            @QueryParam("userName") String userName,
-            @ApiParam(
-                    value = "Include actions on this component.",
-                    required = false
-            )
-            @QueryParam("sourceId") String sourceId) {
-
-        // ensure the page is specified
-        if (offset == null) {
-            throw new IllegalArgumentException("The desired offset must be specified.");
-        } else if (offset.getInteger() < 0) {
-            throw new IllegalArgumentException("The desired offset must be an integer value greater than or equal to 0.");
-        }
-
-        // ensure the row count is specified
-        if (count == null) {
-            throw new IllegalArgumentException("The desired row count must be specified.");
-        } else if (count.getInteger() < 1) {
-            throw new IllegalArgumentException("The desired row count must be an integer value greater than 0.");
-        }
-
-        // normalize the sort order
-        if (sortOrder != null) {
-            if (!sortOrder.equalsIgnoreCase("asc") && !sortOrder.equalsIgnoreCase("desc")) {
-                throw new IllegalArgumentException("The sort order must be 'asc' or 'desc'.");
-            }
-        }
-
-        // ensure the start and end dates are specified
-        if (endDate != null && startDate != null) {
-            if (endDate.getDateTime().before(startDate.getDateTime())) {
-                throw new IllegalArgumentException("The start date/time must come before the end date/time.");
-            }
-        }
-
-        // create a history query
-        final HistoryQueryDTO query = new HistoryQueryDTO();
-        query.setSortColumn(sortColumn);
-        query.setSortOrder(sortOrder);
-        query.setOffset(offset.getInteger());
-        query.setCount(count.getInteger());
-
-        // optionally set the start date
-        if (startDate != null) {
-            query.setStartDate(startDate.getDateTime());
-        }
-
-        // optionally set the end date
-        if (endDate != null) {
-            query.setEndDate(endDate.getDateTime());
-        }
-
-        // optionally set the user id
-        if (userName != null) {
-            query.setUserName(userName);
-        }
-
-        // optionally set the processor id
-        if (sourceId != null) {
-            query.setSourceId(sourceId);
-        }
-
-        // perform the query
-        final HistoryDTO history = serviceFacade.getActions(query);
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(clientId.getClientId());
-
-        // create the response entity
-        final HistoryEntity entity = new HistoryEntity();
-        entity.setHistory(history);
-
-        // generate the response
-        return generateOkResponse(entity).build();
-    }
-
-    /**
-     * Gets the action for the corresponding id.
-     *
-     * @param clientId Optional client id. If the client id is not specified, a
-     * new one will be generated. This value (whether specified or generated) is
-     * included in the response.
-     * @param id The id of the action to get.
-     * @return An actionEntity.
-     */
-    @GET
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.APPLICATION_JSON)
-    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
-    @Path("{id}")
-    @ApiOperation(
-            value = "Gets an action",
-            response = ActionEntity.class,
-            authorizations = {
-                @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
-                @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
-                @Authorization(value = "Administrator", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                @ApiResponse(code = 404, message = "The specified resource could not be found."),
-                @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response getAction(
-            @ApiParam(
-                    value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
-                    required = false
-            )
-            @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
-            @ApiParam(
-                    value = "The action id.",
-                    required = true
-            )
-            @PathParam("id") IntegerParameter id) {
-
-        // ensure the id was specified
-        if (id == null) {
-            throw new IllegalArgumentException("The action id must be specified.");
-        }
-
-        // get the specified action
-        final ActionDTO action = serviceFacade.getAction(id.getInteger());
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(clientId.getClientId());
-
-        // create the response entity
-        final ActionEntity entity = new ActionEntity();
-        entity.setAction(action);
-
-        // generate the response
-        return generateOkResponse(entity).build();
-    }
-
-    /**
-     * Deletes flow history from the specified end date.
-     *
-     * @param clientId Optional client id. If the client id is not specified, a
-     * new one will be generated. This value (whether specified or generated) is
-     * included in the response.
-     * @param endDate The end date for the purge action.
-     * @return A historyEntity
-     */
-    @DELETE
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Path("") // necessary due to bug in swagger
-    // TODO - @PreAuthorize("hasRole('ROLE_ADMIN')")
-    @ApiOperation(
-            value = "Purges history",
-            response = HistoryEntity.class,
-            authorizations = {
-                @Authorization(value = "Administrator", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response deleteHistory(
-            @ApiParam(
-                    value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
-                    required = false
-            )
-            @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
-            @ApiParam(
-                    value = "Purge actions before this date/time.",
-                    required = true
-            )
-            @QueryParam("endDate") DateTimeParameter endDate) {
-
-        // ensure the end date is specified
-        if (endDate == null) {
-            throw new IllegalArgumentException("The end date must be specified.");
-        }
-
-        // purge the actions
-        serviceFacade.deleteActions(endDate.getDateTime());
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(clientId.getClientId());
-
-        // create the response entity
-        final HistoryEntity entity = new HistoryEntity();
-
-        // generate the response
-        return generateOkResponse(entity).build();
-    }
-
-    /**
-     * Gets the actions for the specified processor.
-     *
-     * @param clientId Optional client id. If the client id is not specified, a
-     * new one will be generated. This value (whether specified or generated) is
-     * included in the response.
-     * @param processorId The id of the processor.
-     * @return An processorHistoryEntity.
-     */
-    @GET
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Path("processors/{processorId}")
-    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
-    @ApiOperation(
-            value = "Gets configuration history for a processor",
-            response = ComponentHistoryEntity.class,
-            authorizations = {
-                @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
-                @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
-                @Authorization(value = "Administrator", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                @ApiResponse(code = 404, message = "The specified resource could not be found."),
-                @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response getProcessorHistory(
-            @ApiParam(
-                    value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
-                    required = false
-            )
-            @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
-            @ApiParam(
-                    value = "The processor id.",
-                    required = true
-            )
-            @PathParam("processorId") final String processorId) {
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(clientId.getClientId());
-
-        // create the response entity
-        final ComponentHistoryEntity entity = new ComponentHistoryEntity();
-        entity.setComponentHistory(serviceFacade.getComponentHistory(processorId));
-
-        // generate the response
-        return generateOkResponse(entity).build();
-    }
-
-    /**
-     * Gets the actions for the specified controller service.
-     *
-     * @param clientId Optional client id. If the client id is not specified, a
-     * new one will be generated. This value (whether specified or generated) is
-     * included in the response.
-     * @param controllerServiceId The id of the controller service.
-     * @return An componentHistoryEntity.
-     */
-    @GET
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Path("controller-services/{controllerServiceId}")
-    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
-    @ApiOperation(
-            value = "Gets configuration history for a controller service",
-            response = ComponentHistoryEntity.class,
-            authorizations = {
-                @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
-                @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
-                @Authorization(value = "Administrator", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                @ApiResponse(code = 404, message = "The specified resource could not be found."),
-                @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response getControllerServiceHistory(
-            @ApiParam(
-                    value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
-                    required = false
-            )
-            @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
-            @ApiParam(
-                    value = "The controller service id.",
-                    required = true
-            )
-            @PathParam("controllerServiceId") final String controllerServiceId) {
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(clientId.getClientId());
-
-        // create the response entity
-        final ComponentHistoryEntity entity = new ComponentHistoryEntity();
-        entity.setComponentHistory(serviceFacade.getComponentHistory(controllerServiceId));
-
-        // generate the response
-        return generateOkResponse(entity).build();
-    }
-
-    /**
-     * Gets the actions for the specified reporting task.
-     *
-     * @param clientId Optional client id. If the client id is not specified, a
-     * new one will be generated. This value (whether specified or generated) is
-     * included in the response.
-     * @param reportingTaskId The id of the reporting task.
-     * @return An componentHistoryEntity.
-     */
-    @GET
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Path("reporting-tasks/{reportingTaskId}")
-    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
-    @ApiOperation(
-            value = "Gets configuration history for a reporting task",
-            response = ComponentHistoryEntity.class,
-            authorizations = {
-                @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
-                @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
-                @Authorization(value = "Administrator", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                @ApiResponse(code = 404, message = "The specified resource could not be found."),
-                @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response getReportingTaskHistory(
-            @ApiParam(
-                    value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
-                    required = false
-            )
-            @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
-            @ApiParam(
-                    value = "The reporting task id.",
-                    required = true
-            )
-            @PathParam("reportingTaskId") final String reportingTaskId) {
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(clientId.getClientId());
-
-        // create the response entity
-        final ComponentHistoryEntity entity = new ComponentHistoryEntity();
-        entity.setComponentHistory(serviceFacade.getComponentHistory(reportingTaskId));
-
-        // generate the response
-        return generateOkResponse(entity).build();
-    }
-
-    /* setters */
-    public void setServiceFacade(NiFiServiceFacade serviceFacade) {
-        this.serviceFacade = serviceFacade;
-    }
-
-}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/InputPortResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/InputPortResource.java
index e0b92a95af..53e11ba520 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/InputPortResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/InputPortResource.java
@@ -16,8 +16,22 @@
  */
 package org.apache.nifi.web.api;
 
-import java.net.URI;
-import java.util.Set;
+import com.wordnik.swagger.annotations.Api;
+import com.wordnik.swagger.annotations.ApiOperation;
+import com.wordnik.swagger.annotations.ApiParam;
+import com.wordnik.swagger.annotations.ApiResponse;
+import com.wordnik.swagger.annotations.ApiResponses;
+import com.wordnik.swagger.annotations.Authorization;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.authorization.Authorizer;
+import org.apache.nifi.authorization.RequestAction;
+import org.apache.nifi.authorization.resource.Authorizable;
+import org.apache.nifi.web.NiFiServiceFacade;
+import org.apache.nifi.web.Revision;
+import org.apache.nifi.web.api.dto.PortDTO;
+import org.apache.nifi.web.api.entity.PortEntity;
+import org.apache.nifi.web.api.request.ClientIdParameter;
+import org.apache.nifi.web.api.request.LongParameter;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.Consumes;
@@ -33,25 +47,7 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.Authorizer;
-import org.apache.nifi.authorization.RequestAction;
-import org.apache.nifi.authorization.resource.Authorizable;
-import org.apache.nifi.web.NiFiServiceFacade;
-import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.UpdateResult;
-import org.apache.nifi.web.api.dto.PortDTO;
-import org.apache.nifi.web.api.entity.PortEntity;
-import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.nifi.web.api.request.LongParameter;
-
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiParam;
-import com.wordnik.swagger.annotations.ApiResponse;
-import com.wordnik.swagger.annotations.ApiResponses;
-import com.wordnik.swagger.annotations.Authorization;
+import java.util.Set;
 
 /**
  * RESTful endpoint for managing an Input Port.
@@ -233,23 +229,16 @@ public class InputPortResource extends ApplicationResource {
             serviceFacade,
             revision,
             lookup -> {
-                final Authorizable inputPort = lookup.getInputPort(id);
-                inputPort.authorize(authorizer, RequestAction.WRITE);
+                Authorizable authorizable = lookup.getInputPort(id);
+                authorizable.authorize(authorizer, RequestAction.WRITE);
             },
             () -> serviceFacade.verifyUpdateInputPort(requestPortDTO),
             () -> {
                 // update the input port
-                final UpdateResult<PortEntity> updateResult = serviceFacade.updateInputPort(revision, requestPortDTO);
-
-                // build the response entity
-                final PortEntity entity = updateResult.getResult();
+                final PortEntity entity = serviceFacade.updateInputPort(revision, requestPortDTO);
                 populateRemainingInputPortEntityContent(entity);
 
-                if (updateResult.isNew()) {
-                    return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
-                } else {
-                    return clusterContext(generateOkResponse(entity)).build();
-                }
+                return clusterContext(generateOkResponse(entity)).build();
             }
         );
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/LabelResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/LabelResource.java
index 157260f498..f21882bc84 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/LabelResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/LabelResource.java
@@ -16,8 +16,22 @@
  */
 package org.apache.nifi.web.api;
 
-import java.net.URI;
-import java.util.Set;
+import com.wordnik.swagger.annotations.Api;
+import com.wordnik.swagger.annotations.ApiOperation;
+import com.wordnik.swagger.annotations.ApiParam;
+import com.wordnik.swagger.annotations.ApiResponse;
+import com.wordnik.swagger.annotations.ApiResponses;
+import com.wordnik.swagger.annotations.Authorization;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.authorization.Authorizer;
+import org.apache.nifi.authorization.RequestAction;
+import org.apache.nifi.authorization.resource.Authorizable;
+import org.apache.nifi.web.NiFiServiceFacade;
+import org.apache.nifi.web.Revision;
+import org.apache.nifi.web.api.dto.LabelDTO;
+import org.apache.nifi.web.api.entity.LabelEntity;
+import org.apache.nifi.web.api.request.ClientIdParameter;
+import org.apache.nifi.web.api.request.LongParameter;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.Consumes;
@@ -33,25 +47,7 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.Authorizer;
-import org.apache.nifi.authorization.RequestAction;
-import org.apache.nifi.authorization.resource.Authorizable;
-import org.apache.nifi.web.NiFiServiceFacade;
-import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.UpdateResult;
-import org.apache.nifi.web.api.dto.LabelDTO;
-import org.apache.nifi.web.api.entity.LabelEntity;
-import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.nifi.web.api.request.LongParameter;
-
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiParam;
-import com.wordnik.swagger.annotations.ApiResponse;
-import com.wordnik.swagger.annotations.ApiResponses;
-import com.wordnik.swagger.annotations.Authorization;
+import java.util.Set;
 
 /**
  * RESTful endpoint for managing a Label.
@@ -233,21 +229,16 @@ public class LabelResource extends ApplicationResource {
             serviceFacade,
             revision,
             lookup -> {
-                final Authorizable label = lookup.getLabel(id);
-                label.authorize(authorizer, RequestAction.WRITE);
+                Authorizable authorizable  = lookup.getLabel(id);
+                authorizable.authorize(authorizer, RequestAction.WRITE);
             },
             null,
             () -> {
                 // update the label
-                final UpdateResult<LabelEntity> result = serviceFacade.updateLabel(revision, requestLabelDTO);
-                final LabelEntity entity = result.getResult();
+                final LabelEntity entity = serviceFacade.updateLabel(revision, requestLabelDTO);
                 populateRemainingLabelEntityContent(entity);
 
-                if (result.isNew()) {
-                    return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
-                } else {
-                    return clusterContext(generateOkResponse(entity)).build();
-                }
+                return clusterContext(generateOkResponse(entity)).build();
             }
         );
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/NodeResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/NodeResource.java
deleted file mode 100644
index 6722e52167..0000000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/NodeResource.java
+++ /dev/null
@@ -1,219 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api;
-
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.GET;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-
-import org.apache.nifi.web.IllegalClusterResourceRequestException;
-import org.apache.nifi.web.NiFiServiceFacade;
-import org.apache.nifi.web.api.dto.NodeDTO;
-import org.apache.nifi.web.api.entity.NodeEntity;
-
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiParam;
-import com.wordnik.swagger.annotations.ApiResponse;
-import com.wordnik.swagger.annotations.ApiResponses;
-import com.wordnik.swagger.annotations.Authorization;
-
-/**
- * RESTful endpoint for managing a cluster connection.
- */
-@Api(hidden = true)
-public class NodeResource extends ApplicationResource {
-
-    private NiFiServiceFacade serviceFacade;
-
-    /**
-     * Gets the contents of the specified node in this NiFi cluster.
-     *
-     * @param id The node id.
-     * @return A nodeEntity.
-     */
-    @GET
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Path("/{id}")
-    // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
-    @ApiOperation(
-            value = "Gets a node in the cluster",
-            response = NodeEntity.class,
-            authorizations = {
-                @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
-                @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
-                @Authorization(value = "Administrator", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                @ApiResponse(code = 404, message = "The specified resource could not be found."),
-                @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response getNode(
-            @ApiParam(
-                    value = "The node id.",
-                    required = true
-            )
-            @PathParam("id") String id) {
-
-        if (isConnectedToCluster()) {
-            // get the specified relationship
-            final NodeDTO dto = serviceFacade.getNode(id);
-
-            // create the response entity
-            final NodeEntity entity = new NodeEntity();
-            entity.setNode(dto);
-
-            // generate the response
-            return generateOkResponse(entity).build();
-
-        }
-
-        throw new IllegalClusterResourceRequestException("Only a cluster manager can process the request.");
-    }
-
-    /**
-     * Updates the contents of the specified node in this NiFi cluster.
-     *
-     * @param id The id of the node
-     * @param nodeEntity A nodeEntity
-     * @return A nodeEntity
-     */
-    @PUT
-    @Consumes(MediaType.APPLICATION_JSON)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Path("/{id}")
-    // TODO - @PreAuthorize("hasAnyRole('ROLE_ADMIN')")
-    @ApiOperation(
-            value = "Updates a node in the cluster",
-            response = NodeEntity.class,
-            authorizations = {
-                @Authorization(value = "Administrator", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                @ApiResponse(code = 404, message = "The specified resource could not be found."),
-                @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response updateNode(
-            @ApiParam(
-                    value = "The node id.",
-                    required = true
-            )
-            @PathParam("id") String id,
-            @ApiParam(
-                    value = "The node configuration. The only configuration that will be honored at this endpoint is the status or primary flag.",
-                    required = true
-            )
-            NodeEntity nodeEntity) {
-
-        if (isConnectedToCluster()) {
-            if (nodeEntity == null || nodeEntity.getNode() == null) {
-                throw new IllegalArgumentException("Node details must be specified.");
-            }
-
-            // get the request node
-            final NodeDTO requestNodeDTO = nodeEntity.getNode();
-            if (!id.equals(requestNodeDTO.getNodeId())) {
-                throw new IllegalArgumentException(String.format("The node id (%s) in the request body does "
-                        + "not equal the node id of the requested resource (%s).", requestNodeDTO.getNodeId(), id));
-            }
-
-            // update the node
-            final NodeDTO node = serviceFacade.updateNode(requestNodeDTO);
-
-            // create the response entity
-            NodeEntity entity = new NodeEntity();
-            entity.setNode(node);
-
-            // generate the response
-            return generateOkResponse(entity).build();
-        }
-
-        throw new IllegalClusterResourceRequestException("Only a cluster manager can process the request.");
-    }
-
-    /**
-     * Removes the specified from this NiFi cluster.
-     *
-     * @param id The id of the node
-     * @return A nodeEntity
-     */
-    @DELETE
-    @Consumes(MediaType.WILDCARD)
-    @Produces(MediaType.APPLICATION_JSON)
-    @Path("/{id}")
-    // TODO - @PreAuthorize("hasAnyRole('ROLE_ADMIN')")
-    @ApiOperation(
-            value = "Removes a node from the cluster",
-            response = NodeEntity.class,
-            authorizations = {
-                @Authorization(value = "Administrator", type = "ROLE_ADMIN")
-            }
-    )
-    @ApiResponses(
-            value = {
-                @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
-                @ApiResponse(code = 401, message = "Client could not be authenticated."),
-                @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
-                @ApiResponse(code = 404, message = "The specified resource could not be found."),
-                @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
-            }
-    )
-    public Response deleteNode(
-            @ApiParam(
-                    value = "The node id.",
-                    required = true
-            )
-            @PathParam("id") String id) {
-
-        if (isConnectedToCluster()) {
-            serviceFacade.deleteNode(id);
-
-            // create the response entity
-            final NodeEntity entity = new NodeEntity();
-
-            // generate the response
-            return generateOkResponse(entity).build();
-        }
-
-        throw new IllegalClusterResourceRequestException("Only a cluster manager can process the request.");
-
-    }
-
-    // setters
-    public void setServiceFacade(NiFiServiceFacade serviceFacade) {
-        this.serviceFacade = serviceFacade;
-    }
-}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OutputPortResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OutputPortResource.java
index 13dc8c3e32..bfaed4b32b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OutputPortResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OutputPortResource.java
@@ -16,8 +16,22 @@
  */
 package org.apache.nifi.web.api;
 
-import java.net.URI;
-import java.util.Set;
+import com.wordnik.swagger.annotations.Api;
+import com.wordnik.swagger.annotations.ApiOperation;
+import com.wordnik.swagger.annotations.ApiParam;
+import com.wordnik.swagger.annotations.ApiResponse;
+import com.wordnik.swagger.annotations.ApiResponses;
+import com.wordnik.swagger.annotations.Authorization;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.authorization.Authorizer;
+import org.apache.nifi.authorization.RequestAction;
+import org.apache.nifi.authorization.resource.Authorizable;
+import org.apache.nifi.web.NiFiServiceFacade;
+import org.apache.nifi.web.Revision;
+import org.apache.nifi.web.api.dto.PortDTO;
+import org.apache.nifi.web.api.entity.PortEntity;
+import org.apache.nifi.web.api.request.ClientIdParameter;
+import org.apache.nifi.web.api.request.LongParameter;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.ws.rs.Consumes;
@@ -33,25 +47,7 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.Authorizer;
-import org.apache.nifi.authorization.RequestAction;
-import org.apache.nifi.authorization.resource.Authorizable;
-import org.apache.nifi.web.NiFiServiceFacade;
-import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.UpdateResult;
-import org.apache.nifi.web.api.dto.PortDTO;
-import org.apache.nifi.web.api.entity.PortEntity;
-import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.nifi.web.api.request.LongParameter;
-
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiParam;
-import com.wordnik.swagger.annotations.ApiResponse;
-import com.wordnik.swagger.annotations.ApiResponses;
-import com.wordnik.swagger.annotations.Authorization;
+import java.util.Set;
 
 /**
  * RESTful endpoint for managing an Output Port.
@@ -233,23 +229,16 @@ public class OutputPortResource extends ApplicationResource {
             serviceFacade,
             revision,
             lookup -> {
-                final Authorizable outputPort = lookup.getOutputPort(id);
-                outputPort.authorize(authorizer, RequestAction.WRITE);
+                Authorizable authorizable = lookup.getOutputPort(id);
+                authorizable.authorize(authorizer, RequestAction.WRITE);
             },
             () -> serviceFacade.verifyUpdateOutputPort(requestPortDTO),
             () -> {
                 // update the output port
-                final UpdateResult<PortEntity> updateResult = serviceFacade.updateOutputPort(revision, requestPortDTO);
-
-                // get the results
-                final PortEntity entity = updateResult.getResult();
+                final PortEntity entity = serviceFacade.updateOutputPort(revision, requestPortDTO);
                 populateRemainingOutputPortEntityContent(entity);
 
-                if (updateResult.isNew()) {
-                    return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
-                } else {
-                    return clusterContext(generateOkResponse(entity)).build();
-                }
+                return clusterContext(generateOkResponse(entity)).build();
             }
         );
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java
index 6a90d1f59d..b6671b22dd 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java
@@ -16,36 +16,14 @@
  */
 package org.apache.nifi.web.api;
 
-import java.io.InputStream;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.GET;
-import javax.ws.rs.HttpMethod;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.transform.stream.StreamSource;
-
+import com.sun.jersey.api.core.ResourceContext;
+import com.sun.jersey.multipart.FormDataParam;
+import com.wordnik.swagger.annotations.Api;
+import com.wordnik.swagger.annotations.ApiOperation;
+import com.wordnik.swagger.annotations.ApiParam;
+import com.wordnik.swagger.annotations.ApiResponse;
+import com.wordnik.swagger.annotations.ApiResponses;
+import com.wordnik.swagger.annotations.Authorization;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.nifi.authorization.Authorizer;
 import org.apache.nifi.authorization.RequestAction;
@@ -54,7 +32,6 @@ import org.apache.nifi.controller.Snippet;
 import org.apache.nifi.web.AuthorizableLookup;
 import org.apache.nifi.web.NiFiServiceFacade;
 import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.UpdateResult;
 import org.apache.nifi.web.api.dto.ConnectionDTO;
 import org.apache.nifi.web.api.dto.ProcessGroupDTO;
 import org.apache.nifi.web.api.dto.RemoteProcessGroupDTO;
@@ -88,14 +65,34 @@ import org.apache.nifi.web.api.request.LongParameter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import com.sun.jersey.api.core.ResourceContext;
-import com.sun.jersey.multipart.FormDataParam;
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiParam;
-import com.wordnik.swagger.annotations.ApiResponse;
-import com.wordnik.swagger.annotations.ApiResponses;
-import com.wordnik.swagger.annotations.Authorization;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.GET;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.transform.stream.StreamSource;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
 
 /**
  * RESTful endpoint for managing a Group.
@@ -320,21 +317,16 @@ public class ProcessGroupResource extends ApplicationResource {
             serviceFacade,
             revision,
             lookup -> {
-                final Authorizable processGroup = lookup.getProcessGroup(id);
-                processGroup.authorize(authorizer, RequestAction.WRITE);
+                Authorizable authorizable = lookup.getProcessGroup(id);
+                authorizable.authorize(authorizer, RequestAction.WRITE);
             },
             null,
             () -> {
                 // update the process group
-                final UpdateResult<ProcessGroupEntity> updateResult = serviceFacade.updateProcessGroup(revision, requestProcessGroupDTO);
-                final ProcessGroupEntity entity = updateResult.getResult();
+                final ProcessGroupEntity entity = serviceFacade.updateProcessGroup(revision, requestProcessGroupDTO);
                 populateRemainingProcessGroupEntityContent(entity);
 
-                if (updateResult.isNew()) {
-                    return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
-                } else {
-                    return clusterContext(generateOkResponse(entity)).build();
-                }
+                return clusterContext(generateOkResponse(entity)).build();
             }
         );
     }
@@ -457,6 +449,10 @@ public class ProcessGroupResource extends ApplicationResource {
             throw new IllegalArgumentException("Process group details must be specified.");
         }
 
+        if (processGroupEntity.getRevision() == null || (processGroupEntity.getRevision().getVersion() == null || processGroupEntity.getRevision().getVersion() != 0)) {
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Process group.");
+        }
+
         if (processGroupEntity.getComponent().getId() != null) {
             throw new IllegalArgumentException("Process group ID cannot be specified.");
         }
@@ -488,7 +484,8 @@ public class ProcessGroupResource extends ApplicationResource {
         processGroupEntity.getComponent().setId(generateUuid());
 
         // create the process group contents
-        final ProcessGroupEntity entity = serviceFacade.createProcessGroup(groupId, processGroupEntity.getComponent());
+        final Revision revision = getRevision(processGroupEntity, processGroupEntity.getComponent().getId());
+        final ProcessGroupEntity entity = serviceFacade.createProcessGroup(revision, groupId, processGroupEntity.getComponent());
         populateRemainingProcessGroupEntityContent(entity);
 
         // generate a 201 created response
@@ -608,6 +605,10 @@ public class ProcessGroupResource extends ApplicationResource {
             throw new IllegalArgumentException("Processor details must be specified.");
         }
 
+        if (processorEntity.getRevision() == null || (processorEntity.getRevision().getVersion() == null || processorEntity.getRevision().getVersion() != 0)) {
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor.");
+        }
+
         if (processorEntity.getComponent().getId() != null) {
             throw new IllegalArgumentException("Processor ID cannot be specified.");
         }
@@ -643,7 +644,8 @@ public class ProcessGroupResource extends ApplicationResource {
         processorEntity.getComponent().setId(generateUuid());
 
         // create the new processor
-        final ProcessorEntity entity = serviceFacade.createProcessor(groupId, processorEntity.getComponent());
+        final Revision revision = getRevision(processorEntity, processorEntity.getComponent().getId());
+        final ProcessorEntity entity = serviceFacade.createProcessor(revision, groupId, processorEntity.getComponent());
         processorResource.populateRemainingProcessorEntityContent(entity);
 
         // generate a 201 created response
@@ -757,6 +759,10 @@ public class ProcessGroupResource extends ApplicationResource {
             throw new IllegalArgumentException("Port details must be specified.");
         }
 
+        if (portEntity.getRevision() == null || (portEntity.getRevision().getVersion() == null || portEntity.getRevision().getVersion() != 0)) {
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Input port.");
+        }
+
         if (portEntity.getComponent().getId() != null) {
             throw new IllegalArgumentException("Input port ID cannot be specified.");
         }
@@ -788,7 +794,8 @@ public class ProcessGroupResource extends ApplicationResource {
         portEntity.getComponent().setId(generateUuid());
 
         // create the input port and generate the json
-        final PortEntity entity = serviceFacade.createInputPort(groupId, portEntity.getComponent());
+        final Revision revision = getRevision(portEntity, portEntity.getComponent().getId());
+        final PortEntity entity = serviceFacade.createInputPort(revision, groupId, portEntity.getComponent());
         inputPortResource.populateRemainingInputPortEntityContent(entity);
 
         // build the response
@@ -899,6 +906,10 @@ public class ProcessGroupResource extends ApplicationResource {
             throw new IllegalArgumentException("Port details must be specified.");
         }
 
+        if (portEntity.getRevision() == null || (portEntity.getRevision().getVersion() == null || portEntity.getRevision().getVersion() != 0)) {
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Output port.");
+        }
+
         if (portEntity.getComponent().getId() != null) {
             throw new IllegalArgumentException("Output port ID cannot be specified.");
         }
@@ -930,7 +941,8 @@ public class ProcessGroupResource extends ApplicationResource {
         portEntity.getComponent().setId(generateUuid());
 
         // create the output port and generate the json
-        final PortEntity entity = serviceFacade.createOutputPort(groupId, portEntity.getComponent());
+        final Revision revision = getRevision(portEntity, portEntity.getComponent().getId());
+        final PortEntity entity = serviceFacade.createOutputPort(revision, groupId, portEntity.getComponent());
         outputPortResource.populateRemainingOutputPortEntityContent(entity);
 
         // build the response
@@ -1042,6 +1054,10 @@ public class ProcessGroupResource extends ApplicationResource {
             throw new IllegalArgumentException("Funnel details must be specified.");
         }
 
+        if (funnelEntity.getRevision() == null || (funnelEntity.getRevision().getVersion() == null || funnelEntity.getRevision().getVersion() != 0)) {
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Funnel.");
+        }
+
         if (funnelEntity.getComponent().getId() != null) {
             throw new IllegalArgumentException("Funnel ID cannot be specified.");
         }
@@ -1073,7 +1089,8 @@ public class ProcessGroupResource extends ApplicationResource {
         funnelEntity.getComponent().setId(generateUuid());
 
         // create the funnel and generate the json
-        final FunnelEntity entity = serviceFacade.createFunnel(groupId, funnelEntity.getComponent());
+        final Revision revision = getRevision(funnelEntity, funnelEntity.getComponent().getId());
+        final FunnelEntity entity = serviceFacade.createFunnel(revision, groupId, funnelEntity.getComponent());
         funnelResource.populateRemainingFunnelEntityContent(entity);
 
         // build the response
@@ -1185,6 +1202,10 @@ public class ProcessGroupResource extends ApplicationResource {
             throw new IllegalArgumentException("Label details must be specified.");
         }
 
+        if (labelEntity.getRevision() == null || (labelEntity.getRevision().getVersion() == null || labelEntity.getRevision().getVersion() != 0)) {
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Label.");
+        }
+
         if (labelEntity.getComponent().getId() != null) {
             throw new IllegalArgumentException("Label ID cannot be specified.");
         }
@@ -1216,7 +1237,8 @@ public class ProcessGroupResource extends ApplicationResource {
         labelEntity.getComponent().setId(generateUuid());
 
         // create the label and generate the json
-        final LabelEntity entity = serviceFacade.createLabel(groupId, labelEntity.getComponent());
+        final Revision revision = getRevision(labelEntity, labelEntity.getComponent().getId());
+        final LabelEntity entity = serviceFacade.createLabel(revision, groupId, labelEntity.getComponent());
         labelResource.populateRemainingLabelEntityContent(entity);
 
         // build the response
@@ -1328,6 +1350,10 @@ public class ProcessGroupResource extends ApplicationResource {
             throw new IllegalArgumentException("Remote process group details must be specified.");
         }
 
+        if (remoteProcessGroupEntity.getRevision() == null || (remoteProcessGroupEntity.getRevision().getVersion() == null || remoteProcessGroupEntity.getRevision().getVersion() != 0)) {
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Remote process group.");
+        }
+
         final RemoteProcessGroupDTO requestProcessGroupDTO = remoteProcessGroupEntity.getComponent();
 
         if (requestProcessGroupDTO.getId() != null) {
@@ -1391,7 +1417,8 @@ public class ProcessGroupResource extends ApplicationResource {
         requestProcessGroupDTO.setTargetUri(controllerUri);
 
         // create the remote process group
-        final RemoteProcessGroupEntity entity = serviceFacade.createRemoteProcessGroup(groupId, requestProcessGroupDTO);
+        final Revision revision = getRevision(remoteProcessGroupEntity, requestProcessGroupDTO.getId());
+        final RemoteProcessGroupEntity entity = serviceFacade.createRemoteProcessGroup(revision, groupId, requestProcessGroupDTO);
         remoteProcessGroupResource.populateRemainingRemoteProcessGroupEntityContent(entity);
 
         return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
@@ -1517,6 +1544,10 @@ public class ProcessGroupResource extends ApplicationResource {
             throw new IllegalArgumentException("Connection details must be specified.");
         }
 
+        if (connectionEntity.getRevision() == null || (connectionEntity.getRevision().getVersion() == null || connectionEntity.getRevision().getVersion() != 0)) {
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Connection.");
+        }
+
         if (connectionEntity.getComponent().getId() != null) {
             throw new IllegalArgumentException("Connection ID cannot be specified.");
         }
@@ -1552,7 +1583,8 @@ public class ProcessGroupResource extends ApplicationResource {
         connection.setId(generateUuid());
 
         // create the new relationship target
-        final ConnectionEntity entity = serviceFacade.createConnection(groupId, connection);
+        final Revision revision = getRevision(connectionEntity, connection.getId());
+        final ConnectionEntity entity = serviceFacade.createConnection(revision, groupId, connection);
         connectionResource.populateRemainingConnectionEntityContent(entity);
 
         // extract the href and build the response
@@ -2127,6 +2159,10 @@ public class ProcessGroupResource extends ApplicationResource {
             throw new IllegalArgumentException("Controller service details must be specified.");
         }
 
+        if (controllerServiceEntity.getRevision() == null || (controllerServiceEntity.getRevision().getVersion() == null || controllerServiceEntity.getRevision().getVersion() != 0)) {
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Controller service.");
+        }
+
         if (controllerServiceEntity.getComponent().getId() != null) {
             throw new IllegalArgumentException("Controller service ID cannot be specified.");
         }
@@ -2162,7 +2198,8 @@ public class ProcessGroupResource extends ApplicationResource {
         controllerServiceEntity.getComponent().setId(generateUuid());
 
         // create the controller service and generate the json
-        final ControllerServiceEntity entity = serviceFacade.createControllerService(groupId, controllerServiceEntity.getComponent());
+        final Revision revision = getRevision(controllerServiceEntity, controllerServiceEntity.getComponent().getId());
+        final ControllerServiceEntity entity = serviceFacade.createControllerService(revision, groupId, controllerServiceEntity.getComponent());
         controllerServiceResource.populateRemainingControllerServiceContent(entity.getComponent());
 
         // build the response
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessorResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessorResource.java
index dccb1f3163..0847fe0330 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessorResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessorResource.java
@@ -31,7 +31,6 @@ import org.apache.nifi.ui.extension.UiExtensionMapping;
 import org.apache.nifi.web.NiFiServiceFacade;
 import org.apache.nifi.web.Revision;
 import org.apache.nifi.web.UiExtensionType;
-import org.apache.nifi.web.UpdateResult;
 import org.apache.nifi.web.api.dto.ComponentStateDTO;
 import org.apache.nifi.web.api.dto.ProcessorConfigDTO;
 import org.apache.nifi.web.api.dto.ProcessorDTO;
@@ -58,7 +57,6 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import java.net.URI;
 import java.util.List;
 import java.util.Set;
 
@@ -383,8 +381,6 @@ public class ProcessorResource extends ApplicationResource {
                 processor.authorize(authorizer, RequestAction.WRITE);
             });
         }
-
-        // handle expects request (usually from the cluster manager)
         if (isValidationPhase) {
             serviceFacade.verifyCanClearProcessorState(id);
             return generateContinueResponse().build();
@@ -467,21 +463,16 @@ public class ProcessorResource extends ApplicationResource {
             serviceFacade,
             revision,
             lookup -> {
-                final Authorizable processor = lookup.getProcessor(id);
-                processor.authorize(authorizer, RequestAction.WRITE);
+                Authorizable authorizable = lookup.getProcessor(id);
+                authorizable.authorize(authorizer, RequestAction.WRITE);
             },
             () -> serviceFacade.verifyUpdateProcessor(requestProcessorDTO),
             () -> {
                 // update the processor
-                final UpdateResult<ProcessorEntity> result = serviceFacade.updateProcessor(revision, requestProcessorDTO);
-                final ProcessorEntity entity = result.getResult();
+                final ProcessorEntity entity = serviceFacade.updateProcessor(revision, requestProcessorDTO);
                 populateRemainingProcessorEntityContent(entity);
 
-                if (result.isNew()) {
-                    return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
-                } else {
-                    return clusterContext(generateOkResponse(entity)).build();
-                }
+                return clusterContext(generateOkResponse(entity)).build();
             }
         );
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java
index 1e9e720d58..9739c8c2eb 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java
@@ -28,7 +28,6 @@ import org.apache.nifi.authorization.RequestAction;
 import org.apache.nifi.authorization.resource.Authorizable;
 import org.apache.nifi.web.NiFiServiceFacade;
 import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.UpdateResult;
 import org.apache.nifi.web.api.dto.RemoteProcessGroupDTO;
 import org.apache.nifi.web.api.dto.RemoteProcessGroupPortDTO;
 import org.apache.nifi.web.api.dto.RevisionDTO;
@@ -492,8 +491,8 @@ public class RemoteProcessGroupResource extends ApplicationResource {
             serviceFacade,
             revision,
             lookup -> {
-                final Authorizable remoteProcessGroup = lookup.getRemoteProcessGroup(id);
-                remoteProcessGroup.authorize(authorizer, RequestAction.WRITE);
+                Authorizable authorizable = lookup.getRemoteProcessGroup(id);
+                authorizable.authorize(authorizer, RequestAction.WRITE);
             },
             () -> serviceFacade.verifyUpdateRemoteProcessGroup(requestRemoteProcessGroup),
             () -> {
@@ -530,16 +529,10 @@ public class RemoteProcessGroupResource extends ApplicationResource {
                 }
 
                 // update the specified remote process group
-                final UpdateResult<RemoteProcessGroupEntity> updateResult = serviceFacade.updateRemoteProcessGroup(revision, requestRemoteProcessGroup);
-
-                final RemoteProcessGroupEntity entity = updateResult.getResult();
+                final RemoteProcessGroupEntity entity = serviceFacade.updateRemoteProcessGroup(revision, requestRemoteProcessGroup);
                 populateRemainingRemoteProcessGroupEntityContent(entity);
 
-                if (updateResult.isNew()) {
-                    return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
-                } else {
-                    return clusterContext(generateOkResponse(entity)).build();
-                }
+                return clusterContext(generateOkResponse(entity)).build();
             }
         );
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java
index f1fa30454b..54e63b3db0 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java
@@ -31,7 +31,6 @@ import org.apache.nifi.ui.extension.UiExtensionMapping;
 import org.apache.nifi.web.NiFiServiceFacade;
 import org.apache.nifi.web.Revision;
 import org.apache.nifi.web.UiExtensionType;
-import org.apache.nifi.web.UpdateResult;
 import org.apache.nifi.web.api.dto.ComponentStateDTO;
 import org.apache.nifi.web.api.dto.PropertyDescriptorDTO;
 import org.apache.nifi.web.api.dto.ReportingTaskDTO;
@@ -57,7 +56,6 @@ import javax.ws.rs.QueryParam;
 import javax.ws.rs.core.Context;
 import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.Response;
-import java.net.URI;
 import java.util.List;
 import java.util.Set;
 
@@ -359,12 +357,10 @@ public class ReportingTaskResource extends ApplicationResource {
         if (isValidationPhase || !isTwoPhaseRequest(httpServletRequest)) {
             // authorize access
             serviceFacade.authorizeAccess(lookup -> {
-                final Authorizable reportingTask = lookup.getReportingTask(id);
-                reportingTask.authorize(authorizer, RequestAction.WRITE);
+                final Authorizable processor = lookup.getReportingTask(id);
+                processor.authorize(authorizer, RequestAction.WRITE);
             });
         }
-
-        // handle expects request (usually from the cluster manager)
         if (isValidationPhase) {
             serviceFacade.verifyCanClearReportingTaskState(id);
             return generateContinueResponse().build();
@@ -446,23 +442,16 @@ public class ReportingTaskResource extends ApplicationResource {
             serviceFacade,
             revision,
             lookup -> {
-                final Authorizable reportingTask = lookup.getReportingTask(id);
-                reportingTask.authorize(authorizer, RequestAction.WRITE);
+                Authorizable authorizable = lookup.getReportingTask(id);
+                authorizable.authorize(authorizer, RequestAction.WRITE);
             },
             () -> serviceFacade.verifyUpdateReportingTask(requestReportingTaskDTO),
             () -> {
                 // update the reporting task
-                final UpdateResult<ReportingTaskEntity> controllerResponse = serviceFacade.updateReportingTask(revision, requestReportingTaskDTO);
-
-                // get the results
-                final ReportingTaskEntity entity = controllerResponse.getResult();
+                final ReportingTaskEntity entity = serviceFacade.updateReportingTask(revision, requestReportingTaskDTO);
                 populateRemainingReportingTaskEntityContent(entity);
 
-                if (controllerResponse.isNew()) {
-                    return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
-                } else {
-                    return clusterContext(generateOkResponse(entity)).build();
-                }
+                return clusterContext(generateOkResponse(entity)).build();
             }
         );
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SiteToSiteResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SiteToSiteResource.java
index 0cde5cb9ec..d689749d66 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SiteToSiteResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SiteToSiteResource.java
@@ -24,6 +24,7 @@ import com.wordnik.swagger.annotations.ApiResponse;
 import com.wordnik.swagger.annotations.ApiResponses;
 import com.wordnik.swagger.annotations.Authorization;
 import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.authorization.Authorizer;
 import org.apache.nifi.authorization.user.NiFiUser;
 import org.apache.nifi.authorization.user.NiFiUserUtils;
 import org.apache.nifi.remote.HttpRemoteSiteListener;
@@ -38,11 +39,11 @@ import org.apache.nifi.remote.exception.NotAuthorizedException;
 import org.apache.nifi.remote.exception.RequestExpiredException;
 import org.apache.nifi.remote.io.http.HttpOutput;
 import org.apache.nifi.remote.io.http.HttpServerCommunicationsSession;
+import org.apache.nifi.remote.protocol.HandshakeProperty;
+import org.apache.nifi.remote.protocol.ResponseCode;
 import org.apache.nifi.remote.protocol.http.HttpFlowFileServerProtocol;
 import org.apache.nifi.remote.protocol.http.HttpFlowFileServerProtocolImpl;
 import org.apache.nifi.remote.protocol.http.HttpHeaders;
-import org.apache.nifi.remote.protocol.HandshakeProperty;
-import org.apache.nifi.remote.protocol.ResponseCode;
 import org.apache.nifi.stream.io.ByteArrayOutputStream;
 import org.apache.nifi.web.NiFiServiceFacade;
 import org.apache.nifi.web.api.dto.ControllerDTO;
@@ -82,17 +83,17 @@ import java.util.ArrayList;
 
 import static javax.ws.rs.core.Response.Status.NOT_FOUND;
 import static org.apache.commons.lang3.StringUtils.isEmpty;
-import static org.apache.nifi.remote.protocol.http.HttpHeaders.HANDSHAKE_PROPERTY_USE_COMPRESSION;
-import static org.apache.nifi.remote.protocol.http.HttpHeaders.HANDSHAKE_PROPERTY_BATCH_COUNT;
-import static org.apache.nifi.remote.protocol.http.HttpHeaders.HANDSHAKE_PROPERTY_BATCH_DURATION;
-import static org.apache.nifi.remote.protocol.http.HttpHeaders.HANDSHAKE_PROPERTY_BATCH_SIZE;
-import static org.apache.nifi.remote.protocol.http.HttpHeaders.HANDSHAKE_PROPERTY_REQUEST_EXPIRATION;
-import static org.apache.nifi.remote.protocol.http.HttpHeaders.LOCATION_URI_INTENT_NAME;
-import static org.apache.nifi.remote.protocol.http.HttpHeaders.LOCATION_URI_INTENT_VALUE;
 import static org.apache.nifi.remote.protocol.HandshakeProperty.BATCH_COUNT;
 import static org.apache.nifi.remote.protocol.HandshakeProperty.BATCH_DURATION;
 import static org.apache.nifi.remote.protocol.HandshakeProperty.BATCH_SIZE;
 import static org.apache.nifi.remote.protocol.HandshakeProperty.REQUEST_EXPIRATION_MILLIS;
+import static org.apache.nifi.remote.protocol.http.HttpHeaders.HANDSHAKE_PROPERTY_BATCH_COUNT;
+import static org.apache.nifi.remote.protocol.http.HttpHeaders.HANDSHAKE_PROPERTY_BATCH_DURATION;
+import static org.apache.nifi.remote.protocol.http.HttpHeaders.HANDSHAKE_PROPERTY_BATCH_SIZE;
+import static org.apache.nifi.remote.protocol.http.HttpHeaders.HANDSHAKE_PROPERTY_REQUEST_EXPIRATION;
+import static org.apache.nifi.remote.protocol.http.HttpHeaders.HANDSHAKE_PROPERTY_USE_COMPRESSION;
+import static org.apache.nifi.remote.protocol.http.HttpHeaders.LOCATION_URI_INTENT_NAME;
+import static org.apache.nifi.remote.protocol.http.HttpHeaders.LOCATION_URI_INTENT_VALUE;
 
 /**
  * RESTful endpoint for managing a SiteToSite connection.
@@ -114,6 +115,7 @@ public class SiteToSiteResource extends ApplicationResource {
     private static final String PORT_TYPE_OUTPUT = "output-ports";
 
     private NiFiServiceFacade serviceFacade;
+    private Authorizer authorizer;
     private final ResponseCreator responseCreator = new ResponseCreator();
     private final VersionNegotiator transportProtocolVersionNegotiator = new TransportProtocolVersionNegotiator(1);
     private final HttpRemoteSiteListener transactionManager = HttpRemoteSiteListener.getInstance();
@@ -143,7 +145,7 @@ public class SiteToSiteResource extends ApplicationResource {
                 @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
             }
     )
-    public Response getController(
+    public Response getSiteToSite(
             @Context HttpServletRequest req) {
 
         if (isReplicateRequest()) {
@@ -996,6 +998,9 @@ public class SiteToSiteResource extends ApplicationResource {
         this.serviceFacade = serviceFacade;
     }
 
+    public void setAuthorizer(Authorizer authorizer) {
+        this.authorizer = authorizer;
+    }
 
     private class ResponseCreator {
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserGroupsResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserGroupsResource.java
index 553f8c6d93..a770e8b01a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserGroupsResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserGroupsResource.java
@@ -31,7 +31,6 @@ import org.apache.nifi.cluster.coordination.http.replication.RequestReplicator;
 import org.apache.nifi.util.NiFiProperties;
 import org.apache.nifi.web.NiFiServiceFacade;
 import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.UpdateResult;
 import org.apache.nifi.web.api.dto.RevisionDTO;
 import org.apache.nifi.web.api.dto.UserGroupDTO;
 import org.apache.nifi.web.api.entity.UserGroupEntity;
@@ -133,6 +132,10 @@ public class UserGroupsResource extends ApplicationResource {
             throw new IllegalArgumentException("User group details must be specified.");
         }
 
+        if (userGroupEntity.getRevision() == null || (userGroupEntity.getRevision().getVersion() == null || userGroupEntity.getRevision().getVersion() != 0)) {
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor.");
+        }
+
         if (userGroupEntity.getComponent().getId() != null) {
             throw new IllegalArgumentException("User group ID cannot be specified.");
         }
@@ -294,17 +297,10 @@ public class UserGroupsResource extends ApplicationResource {
                 null,
                 () -> {
                     // update the user group
-                    final UpdateResult<UserGroupEntity> updateResult = serviceFacade.updateUserGroup(revision, userGroupDTO);
-
-                    // get the results
-                    final UserGroupEntity entity = updateResult.getResult();
+                    final UserGroupEntity entity = serviceFacade.updateUserGroup(revision, userGroupDTO);
                     populateRemainingUserGroupEntityContent(entity);
 
-                    if (updateResult.isNew()) {
-                        return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
-                    } else {
-                        return clusterContext(generateOkResponse(entity)).build();
-                    }
+                    return clusterContext(generateOkResponse(entity)).build();
                 }
         );
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UsersResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UsersResource.java
index 01deb93d30..4a7bc4b541 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UsersResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UsersResource.java
@@ -31,7 +31,6 @@ import org.apache.nifi.cluster.coordination.http.replication.RequestReplicator;
 import org.apache.nifi.util.NiFiProperties;
 import org.apache.nifi.web.NiFiServiceFacade;
 import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.UpdateResult;
 import org.apache.nifi.web.api.dto.RevisionDTO;
 import org.apache.nifi.web.api.dto.UserDTO;
 import org.apache.nifi.web.api.entity.UserEntity;
@@ -133,6 +132,10 @@ public class UsersResource extends ApplicationResource {
             throw new IllegalArgumentException("User details must be specified.");
         }
 
+        if (userEntity.getRevision() == null || (userEntity.getRevision().getVersion() == null || userEntity.getRevision().getVersion() != 0)) {
+            throw new IllegalArgumentException("A revision of 0 must be specified when creating a new Processor.");
+        }
+
         if (userEntity.getComponent().getId() != null) {
             throw new IllegalArgumentException("User ID cannot be specified.");
         }
@@ -294,17 +297,10 @@ public class UsersResource extends ApplicationResource {
                 null,
                 () -> {
                     // update the user
-                    final UpdateResult<UserEntity> updateResult = serviceFacade.updateUser(revision, userDTO);
-
-                    // get the results
-                    final UserEntity entity = updateResult.getResult();
+                    final UserEntity entity = serviceFacade.updateUser(revision, userDTO);
                     populateRemainingUserEntityContent(entity);
 
-                    if (updateResult.isNew()) {
-                        return clusterContext(generateCreatedResponse(URI.create(entity.getComponent().getUri()), entity)).build();
-                    } else {
-                        return clusterContext(generateOkResponse(entity)).build();
-                    }
+                    return clusterContext(generateOkResponse(entity)).build();
                 }
         );
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
index 5aaddcdfaf..0577b034fe 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
@@ -185,10 +185,15 @@ public final class DtoFactory {
     private EntityFactory entityFactory;
     private Authorizer authorizer;
 
-    public ControllerConfigurationDTO createControllerConfigurationDto(final ControllerFacade controllerFacade, final String autoRefreshInterval) {
+    public ControllerConfigurationDTO createControllerConfigurationDto(final ControllerFacade controllerFacade) {
         final ControllerConfigurationDTO dto = new ControllerConfigurationDTO();
         dto.setMaxTimerDrivenThreadCount(controllerFacade.getMaxTimerDrivenThreadCount());
         dto.setMaxEventDrivenThreadCount(controllerFacade.getMaxEventDrivenThreadCount());
+        return dto;
+    }
+
+    public FlowConfigurationDTO createFlowConfigurationDto(final String autoRefreshInterval) {
+        final FlowConfigurationDTO dto = new FlowConfigurationDTO();
 
         // get the refresh interval
         final long refreshInterval = FormatUtils.getTimeDuration(autoRefreshInterval, TimeUnit.SECONDS);
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java
index fa5620af81..e1c183bad5 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/EntityFactory.java
@@ -42,6 +42,7 @@ import org.apache.nifi.web.api.entity.SnippetEntity;
 import org.apache.nifi.web.api.entity.UserEntity;
 import org.apache.nifi.web.api.entity.UserGroupEntity;
 
+import java.util.Date;
 import java.util.List;
 
 public final class EntityFactory {
@@ -49,12 +50,12 @@ public final class EntityFactory {
     public ControllerConfigurationEntity createControllerConfigurationEntity(final ControllerConfigurationDTO dto, final RevisionDTO revision, final AccessPolicyDTO accessPolicy) {
         final ControllerConfigurationEntity entity = new ControllerConfigurationEntity();
         entity.setRevision(revision);
+        entity.setCurrentTime(new Date());
         if (dto != null) {
             entity.setAccessPolicy(accessPolicy);
-            // TODO - remove this once contents of ControllerConfigurationEntity is updated
-//            if (accessPolicy != null && accessPolicy.getCanRead()) {
-                entity.setConfig(dto);
-//            }
+            if (accessPolicy != null && accessPolicy.getCanRead()) {
+                entity.setControllerConfiguration(dto);
+            }
         }
         return entity;
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
index 68208ec150..5d41c2c4c1 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
@@ -19,7 +19,12 @@ package org.apache.nifi.web.controller;
 import org.apache.commons.collections4.CollectionUtils;
 import org.apache.commons.lang3.ClassUtils;
 import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.admin.service.KeyService;
+import org.apache.nifi.authorization.AccessDeniedException;
+import org.apache.nifi.authorization.AuthorizationRequest;
+import org.apache.nifi.authorization.AuthorizationResult;
+import org.apache.nifi.authorization.AuthorizationResult.Result;
+import org.apache.nifi.authorization.Authorizer;
+import org.apache.nifi.authorization.RequestAction;
 import org.apache.nifi.authorization.Resource;
 import org.apache.nifi.authorization.resource.Authorizable;
 import org.apache.nifi.authorization.resource.ResourceFactory;
@@ -111,6 +116,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
 import java.io.IOException;
 import java.io.InputStream;
 import java.text.Collator;
@@ -130,6 +136,8 @@ import java.util.TimeZone;
 import java.util.TreeSet;
 import java.util.concurrent.TimeUnit;
 
+import static org.apache.nifi.controller.FlowController.ROOT_GROUP_ID_ALIAS;
+
 public class ControllerFacade implements Authorizable {
 
     private static final Logger logger = LoggerFactory.getLogger(ControllerFacade.class);
@@ -137,14 +145,15 @@ public class ControllerFacade implements Authorizable {
     // nifi components
     private FlowController flowController;
     private FlowService flowService;
-    private KeyService keyService;
     private ClusterCoordinator clusterCoordinator;
     private BulletinRepository bulletinRepository;
+    private Authorizer authorizer;
 
     // properties
     private NiFiProperties properties;
     private DtoFactory dtoFactory;
 
+
     /**
      * Creates an archive of the current flow.
      *
@@ -264,6 +273,14 @@ public class ControllerFacade implements Authorizable {
      * @return status history
      */
     public StatusHistoryDTO getProcessorStatusHistory(final String processorId) {
+        final ProcessGroup root = flowController.getGroup(flowController.getRootGroupId());
+        final ProcessorNode processor = root.findProcessor(processorId);
+
+        // ensure the processor was found
+        if (processor == null) {
+            throw new ResourceNotFoundException(String.format("Unable to locate processor with id '%s'.", processorId));
+        }
+
         return flowController.getProcessorStatusHistory(processorId);
     }
 
@@ -274,6 +291,14 @@ public class ControllerFacade implements Authorizable {
      * @return status history
      */
     public StatusHistoryDTO getConnectionStatusHistory(final String connectionId) {
+        final ProcessGroup root = flowController.getGroup(flowController.getRootGroupId());
+        final Connection connection = root.findConnection(connectionId);
+
+        // ensure the connection was found
+        if (connection == null) {
+            throw new ResourceNotFoundException(String.format("Unable to locate connection with id '%s'.", connectionId));
+        }
+
         return flowController.getConnectionStatusHistory(connectionId);
     }
 
@@ -284,6 +309,15 @@ public class ControllerFacade implements Authorizable {
      * @return status history
      */
     public StatusHistoryDTO getProcessGroupStatusHistory(final String groupId) {
+        final String searchId = groupId.equals(ROOT_GROUP_ID_ALIAS) ? flowController.getRootGroupId() : groupId;
+        final ProcessGroup root = flowController.getGroup(flowController.getRootGroupId());
+        final ProcessGroup group = root.findProcessGroup(searchId);
+
+        // ensure the processor was found
+        if (group == null) {
+            throw new ResourceNotFoundException(String.format("Unable to locate process group with id '%s'.", groupId));
+        }
+
         return flowController.getProcessGroupStatusHistory(groupId);
     }
 
@@ -294,6 +328,14 @@ public class ControllerFacade implements Authorizable {
      * @return status history
      */
     public StatusHistoryDTO getRemoteProcessGroupStatusHistory(final String remoteProcessGroupId) {
+        final ProcessGroup root = flowController.getGroup(flowController.getRootGroupId());
+        final RemoteProcessGroup remoteProcessGroup = root.findRemoteProcessGroup(remoteProcessGroupId);
+
+        // ensure the output port was found
+        if (remoteProcessGroup == null) {
+            throw new ResourceNotFoundException(String.format("Unable to locate remote process group with id '%s'.", remoteProcessGroupId));
+        }
+
         return flowController.getRemoteProcessGroupStatusHistory(remoteProcessGroupId);
     }
 
@@ -1085,9 +1127,6 @@ public class ControllerFacade implements Authorizable {
     public DownloadableContent getContent(final Long eventId, final String uri, final ContentDirection contentDirection) {
         try {
             final NiFiUser user = NiFiUserUtils.getNiFiUser();
-            if (user == null) {
-                throw new WebApplicationException(new Throwable("Unable to access details for current user."));
-            }
 
             // get the event in order to get the filename
             final ProvenanceEventRecord event = flowController.getProvenanceRepository().getEvent(eventId);
@@ -1105,12 +1144,56 @@ public class ControllerFacade implements Authorizable {
 
             // calculate the dn chain
             final List<String> dnChain = ProxiedEntitiesUtils.buildProxiedEntitiesChain(user);
+            dnChain.forEach(identity -> {
+                final String rootGroupId = flowController.getRootGroupId();
+                final ProcessGroup rootGroup = flowController.getGroup(rootGroupId);
 
-            // TODO - ensure the users in this chain are allowed to download this content
-//            final DownloadAuthorization downloadAuthorization = keyService.authorizeDownload(dnChain, attributes);
-//            if (!downloadAuthorization.isApproved()) {
-//                throw new AccessDeniedException(downloadAuthorization.getExplanation());
-//            }
+                final Resource eventResource;
+                if (rootGroupId.equals(event.getComponentId())) {
+                    eventResource = ResourceFactory.getComponentProvenanceResource(ResourceType.ProcessGroup, rootGroup.getIdentifier(), rootGroup.getName());
+                } else {
+                    final Connectable connectable = rootGroup.findConnectable(event.getComponentId());
+
+                    if (connectable == null) {
+                        throw new AccessDeniedException("The component that generated this event is no longer part of the data flow. Unable to determine access policy.");
+                    }
+
+                    switch (connectable.getConnectableType()) {
+                        case PROCESSOR:
+                            eventResource = ResourceFactory.getComponentProvenanceResource(ResourceType.Processor, connectable.getIdentifier(), connectable.getName());
+                            break;
+                        case INPUT_PORT:
+                        case REMOTE_INPUT_PORT:
+                            eventResource = ResourceFactory.getComponentProvenanceResource(ResourceType.InputPort, connectable.getIdentifier(), connectable.getName());
+                            break;
+                        case OUTPUT_PORT:
+                        case REMOTE_OUTPUT_PORT:
+                            eventResource = ResourceFactory.getComponentProvenanceResource(ResourceType.OutputPort, connectable.getIdentifier(), connectable.getName());
+                            break;
+                        case FUNNEL:
+                            eventResource = ResourceFactory.getComponentProvenanceResource(ResourceType.Funnel, connectable.getIdentifier(), connectable.getName());
+                            break;
+                        default:
+                            throw new WebApplicationException(Response.serverError().entity("An unexpected type of component generated this event.").build());
+                    }
+                }
+
+                // build the request
+                final AuthorizationRequest request = new AuthorizationRequest.Builder()
+                        .identity(identity)
+                        .anonymous(user.isAnonymous()) // allow current user to drive anonymous flag as anonymous users are never chained... supports single user case
+                        .accessAttempt(false)
+                        .action(RequestAction.READ)
+                        .resource(eventResource)
+                        .eventAttributes(attributes)
+                        .build();
+
+                // perform the authorization
+                final AuthorizationResult result = authorizer.authorize(request);
+                if (!Result.Approved.equals(result.getResult())) {
+                    throw new AccessDeniedException(result.getExplanation());
+                }
+            });
 
             // get the filename and fall back to the identifier (should never happen)
             String filename = attributes.get(CoreAttributes.FILENAME.key());
@@ -1687,8 +1770,8 @@ public class ControllerFacade implements Authorizable {
         this.properties = properties;
     }
 
-    public void setKeyService(KeyService keyService) {
-        this.keyService = keyService;
+    public void setAuthorizer(Authorizer authorizer) {
+        this.authorizer = authorizer;
     }
 
     public void setFlowService(FlowService flowService) {
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardConnectionDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardConnectionDAO.java
index f5c6f85e83..e16dd0567d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardConnectionDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardConnectionDAO.java
@@ -16,6 +16,10 @@
  */
 package org.apache.nifi.web.dao.impl;
 
+import org.apache.nifi.authorization.AccessDeniedException;
+import org.apache.nifi.authorization.AuthorizationRequest;
+import org.apache.nifi.authorization.AuthorizationResult;
+import org.apache.nifi.authorization.AuthorizationResult.Result;
 import org.apache.nifi.authorization.Authorizer;
 import org.apache.nifi.authorization.RequestAction;
 import org.apache.nifi.authorization.user.NiFiUser;
@@ -579,9 +583,6 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
     public DownloadableContent getContent(String id, String flowFileUuid, String requestUri) {
         try {
             final NiFiUser user = NiFiUserUtils.getNiFiUser();
-            if (user == null) {
-                throw new WebApplicationException(new Throwable("Unable to access details for current user."));
-            }
 
             final Connection connection = locateConnection(id);
             final FlowFileQueue queue = connection.getFlowFileQueue();
@@ -591,15 +592,27 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
                 throw new ResourceNotFoundException(String.format("The FlowFile with UUID %s is no longer in the active queue.", flowFileUuid));
             }
 
+            final Map<String, String> attributes = flowFile.getAttributes();
+
             // calculate the dn chain
             final List<String> dnChain = ProxiedEntitiesUtils.buildProxiedEntitiesChain(user);
+            dnChain.forEach(identity -> {
+                // build the request
+                final AuthorizationRequest request = new AuthorizationRequest.Builder()
+                        .identity(identity)
+                        .anonymous(user.isAnonymous())
+                        .accessAttempt(false)
+                        .action(RequestAction.WRITE)
+                        .resource(connection.getResource())
+                        .eventAttributes(attributes)
+                        .build();
 
-            // TODO - ensure the users in this chain are allowed to download this content
-            final Map<String, String> attributes = flowFile.getAttributes();
-//            final DownloadAuthorization downloadAuthorization = keyService.authorizeDownload(dnChain, attributes);
-//            if (!downloadAuthorization.isApproved()) {
-//                throw new AccessDeniedException(downloadAuthorization.getExplanation());
-//            }
+                // perform the authorization
+                final AuthorizationResult result = authorizer.authorize(request);
+                if (!Result.Approved.equals(result.getResult())) {
+                    throw new AccessDeniedException(result.getExplanation());
+                }
+            });
 
             // get the filename and fall back to the identifier (should never happen)
             String filename = attributes.get(CoreAttributes.FILENAME.key());
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardControllerServiceDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardControllerServiceDAO.java
index 3db3973e15..099d4ece71 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardControllerServiceDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardControllerServiceDAO.java
@@ -39,6 +39,8 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import static org.apache.nifi.controller.FlowController.ROOT_GROUP_ID_ALIAS;
+
 public class StandardControllerServiceDAO extends ComponentDAO implements ControllerServiceDAO {
 
     private ControllerServiceProvider serviceProvider;
@@ -79,7 +81,7 @@ public class StandardControllerServiceDAO extends ComponentDAO implements Contro
                 flowController.addRootControllerService(controllerService);
             } else {
                 final ProcessGroup group;
-                if (groupId.equals(FlowController.ROOT_GROUP_ID_ALIAS)) {
+                if (groupId.equals(ROOT_GROUP_ID_ALIAS)) {
                     group = flowController.getGroup(flowController.getRootGroupId());
                 } else {
                     group = flowController.getGroup(flowController.getRootGroupId()).findProcessGroup(groupId);
@@ -113,7 +115,8 @@ public class StandardControllerServiceDAO extends ComponentDAO implements Contro
         if (groupId == null) {
             return flowController.getRootControllerServices();
         } else {
-            final ProcessGroup procGroup = flowController.getGroup(flowController.getRootGroupId()).findProcessGroup(groupId);
+            final String searchId = groupId.equals(ROOT_GROUP_ID_ALIAS) ? flowController.getRootGroupId() : groupId;
+            final ProcessGroup procGroup = flowController.getGroup(flowController.getRootGroupId()).findProcessGroup(searchId);
             if (procGroup == null) {
                 throw new ResourceNotFoundException("Could not find Process Group with ID " + groupId);
             }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
index bff775b9fc..6eb9a3af20 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
@@ -116,7 +116,7 @@
         <property name="flowController" ref="flowController"/>
         <property name="flowService" ref="flowService"/>
         <property name="clusterCoordinator" ref="clusterCoordinator" />
-        <property name="keyService" ref="keyService"/>
+        <property name="authorizer" ref="authorizer"/>
         <property name="dtoFactory" ref="dtoFactory"/>
         <property name="bulletinRepository" ref="bulletinRepository"/>
     </bean>
@@ -157,7 +157,6 @@
         <property name="userGroupDAO" ref="policyBasedAuthorizerDAO"/>
         <property name="userDAO" ref="policyBasedAuthorizerDAO"/>
         <property name="auditService" ref="auditService"/>
-        <property name="keyService" ref="keyService"/>
         <property name="snippetUtils" ref="snippetUtils"/>
         <property name="revisionManager" ref="revisionManager" />
         <property name="dtoFactory" ref="dtoFactory"/>
@@ -219,6 +218,7 @@
         <property name="properties" ref="nifiProperties"/>
         <property name="clusterCoordinator" ref="clusterCoordinator"/>
         <property name="requestReplicator" ref="requestReplicator" />
+        <property name="authorizer" ref="authorizer"/>
     </bean>
     <bean id="snippetResource" class="org.apache.nifi.web.api.SnippetResource" scope="singleton">
         <property name="serviceFacade" ref="serviceFacade"/>
@@ -320,12 +320,6 @@
         <property name="requestReplicator" ref="requestReplicator" />
         <property name="authorizer" ref="authorizer" />
     </bean>
-    <bean id="historyResource" class="org.apache.nifi.web.api.HistoryResource" scope="singleton">
-        <property name="serviceFacade" ref="serviceFacade"/>
-        <property name="properties" ref="nifiProperties"/>
-        <property name="clusterCoordinator" ref="clusterCoordinator"/>
-        <property name="requestReplicator" ref="requestReplicator" />
-    </bean>
     <bean id="provenanceResource" class="org.apache.nifi.web.api.ProvenanceResource" scope="singleton">
         <property name="serviceFacade" ref="serviceFacade"/>
         <property name="properties" ref="nifiProperties"/>
@@ -333,17 +327,12 @@
         <property name="requestReplicator" ref="requestReplicator" />
         <property name="authorizer" ref="authorizer"/>
     </bean>
-    <bean id="clusterResource" class="org.apache.nifi.web.api.ClusterResource" scope="singleton">
-        <property name="serviceFacade" ref="serviceFacade"/>
-        <property name="properties" ref="nifiProperties"/>
-        <property name="clusterCoordinator" ref="clusterCoordinator"/>
-        <property name="requestReplicator" ref="requestReplicator" />
-    </bean>
-    <bean id="nodeResource" class="org.apache.nifi.web.api.NodeResource" scope="singleton">
+    <bean id="countersResource" class="org.apache.nifi.web.api.CountersResource" scope="singleton">
         <property name="serviceFacade" ref="serviceFacade"/>
         <property name="properties" ref="nifiProperties"/>
         <property name="clusterCoordinator" ref="clusterCoordinator"/>
         <property name="requestReplicator" ref="requestReplicator" />
+        <property name="authorizer" ref="authorizer"/>
     </bean>
     <bean id="systemDiagnosticsResource" class="org.apache.nifi.web.api.SystemDiagnosticsResource" scope="singleton">
         <property name="serviceFacade" ref="serviceFacade"/>
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/StandardNiFiServiceFacadeSpec.groovy b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/StandardNiFiServiceFacadeSpec.groovy
index a4c2b37e4a..7b5f594d47 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/StandardNiFiServiceFacadeSpec.groovy
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/groovy/org/apache/nifi/web/StandardNiFiServiceFacadeSpec.groovy
@@ -20,6 +20,7 @@ import org.apache.nifi.authorization.*
 import org.apache.nifi.authorization.resource.Authorizable
 import org.apache.nifi.authorization.resource.ResourceFactory
 import org.apache.nifi.authorization.user.NiFiUser
+import org.apache.nifi.authorization.user.NiFiUserDetails
 import org.apache.nifi.controller.service.ControllerServiceProvider
 import org.apache.nifi.web.api.dto.*
 import org.apache.nifi.web.api.entity.UserEntity
@@ -28,11 +29,25 @@ import org.apache.nifi.web.dao.AccessPolicyDAO
 import org.apache.nifi.web.dao.UserDAO
 import org.apache.nifi.web.dao.UserGroupDAO
 import org.apache.nifi.web.revision.*
+import org.apache.nifi.web.security.token.NiFiAuthenticationToken
+import org.springframework.security.core.context.SecurityContextHolder
+import spock.lang.Ignore
 import spock.lang.Specification
 import spock.lang.Unroll
 
+@Ignore
 class StandardNiFiServiceFacadeSpec extends Specification {
 
+    def setup() {
+        final NiFiUser user = new NiFiUser("nifi-user");
+        final NiFiAuthenticationToken auth = new NiFiAuthenticationToken(new NiFiUserDetails(user));
+        SecurityContextHolder.getContext().setAuthentication(auth);
+    }
+
+    def cleanup() {
+        SecurityContextHolder.getContext().setAuthentication(null);
+    }
+
     @Unroll
     def "CreateUser: isAuthorized: #isAuthorized"() {
         given:
@@ -48,7 +63,7 @@ class StandardNiFiServiceFacadeSpec extends Specification {
         def newUser = new User.Builder().identifier(userDto.id).identity(userDto.identity).build()
 
         when:
-        def userEntity = niFiServiceFacade.createUser(new Revision(0L, 'client-1'), userDto)
+        def userEntity = niFiServiceFacade.createUser(new Revision(0L, 'client-1', userDto.id), userDto)
 
         then:
         1 * userDao.createUser(_) >> newUser
@@ -97,19 +112,19 @@ class StandardNiFiServiceFacadeSpec extends Specification {
         }
 
         then:
-        if (isAuthorized) {
-            1 * userDao.getUser(userDto.id) >> requestedUser
-        }
+        1 * userDao.getUser(userDto.id) >> requestedUser
         1 * revisionManager.get(_, _) >> { String id, ReadOnlyRevisionCallback callback ->
             callback.withRevision(new Revision(1L, 'client1', 'root'))
         }
         1 * authorizableLookup.getUsersAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.getUsersResource(),
                 isAuthorized, authorizationResult)
         0 * _
+
+        assert userEntity != null
         if (isAuthorized) {
-            assert userEntity?.component?.id?.equals(userDto.id)
+            assert userEntity.component?.id?.equals(userDto.id)
         } else {
-            assert exception instanceof AccessDeniedException
+            assert userEntity.component == null
         }
 
         where:
@@ -149,6 +164,7 @@ class StandardNiFiServiceFacadeSpec extends Specification {
             1 * revisionManager.updateRevision(_, _, _) >> { RevisionClaim revisionClaim, NiFiUser niFiUser, UpdateRevisionTask callback ->
                 callback.update()
             }
+            1 * revisionManager.getRevision(currentRevision.componentId) >> currentRevision.incrementRevision(currentRevision.clientId)
         }
         1 * authorizableLookup.getUsersAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.getUsersResource(),
                 isAuthorized, authorizationResult)
@@ -215,11 +231,11 @@ class StandardNiFiServiceFacadeSpec extends Specification {
         }
 
         where:
-        userExists | currentRevision             | userDto         | isAuthorized | authorizationResult
-        true       | new Revision(1L, 'client1') | createUserDTO() | true         | AuthorizationResult.approved()
-        false      | null                        | createUserDTO() | true         | AuthorizationResult.approved()
-        true       | new Revision(1L, 'client1') | createUserDTO() | false        | AuthorizationResult.denied()
-        false      | null                        | createUserDTO() | false        | AuthorizationResult.denied()
+        userExists | currentRevision                       | userDto         | isAuthorized | authorizationResult
+        true       | new Revision(1L, 'client1', 'user-1') | createUserDTO() | true         | AuthorizationResult.approved()
+        false      | null                                  | createUserDTO() | true         | AuthorizationResult.approved()
+        true       | new Revision(1L, 'client1', 'user-1') | createUserDTO() | false        | AuthorizationResult.denied()
+        false      | null                                  | createUserDTO() | false        | AuthorizationResult.denied()
     }
 
     @Unroll
@@ -249,26 +265,22 @@ class StandardNiFiServiceFacadeSpec extends Specification {
 
         when:
         try {
-            userGroupEntity = niFiServiceFacade.createUserGroup(new Revision(0L, 'client-1'), userGroupDto)
+            userGroupEntity = niFiServiceFacade.createUserGroup(new Revision(0L, 'client-1', userGroupDto.id), userGroupDto)
         } catch (AccessDeniedException e) {
             exception = e
         }
 
         then:
-        if (isAuthorized) {
-            1 * authorizableLookup.getUserGroupsAuthorizable() >>
-                    new SimpleAuthorizable(null, ResourceFactory.userGroupsResource, isAuthorized, authorizationResult.get(ResourceFactory.userGroupsResource))
-        }
+        1 * authorizableLookup.getUserGroupsAuthorizable() >>
+                new SimpleAuthorizable(null, ResourceFactory.userGroupsResource, isAuthorized, authorizationResult.get(ResourceFactory.userGroupsResource))
         1 * authorizableLookup.getUsersAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.usersResource, isAuthorized, authorizationResult.get(ResourceFactory.usersResource))
         1 * userGroupDao.createUserGroup(_) >> newUserGroup
-        if (authorizationResult.get(ResourceFactory.usersResource) == AuthorizationResult.approved()) {
-            1 * userDao.getUser(_) >> { String userId ->
-                def userEntity = userGroupDto.users.find { it.id.equals(userId) }?.component
-                assert userEntity != null
-                new User.Builder().identifier(userEntity.id).identity(userEntity.identity)
-                        .addGroups(userEntity.groups.collect { it.id } as Set)
-                        .build()
-            }
+        1 * userDao.getUser(_) >> { String userId ->
+            def userEntity = userGroupDto.users.find { it.id.equals(userId) }?.component
+            assert userEntity != null
+            new User.Builder().identifier(userEntity.id).identity(userEntity.identity)
+                    .addGroups(userEntity.groups.collect { it.id } as Set)
+                    .build()
         }
         userGroupDto.users.size() * revisionManager.get(_, _) >> { String id, ReadOnlyRevisionCallback callback ->
             assert userGroupDto.users.collect { it.id }.contains(id)
@@ -276,6 +288,8 @@ class StandardNiFiServiceFacadeSpec extends Specification {
             callback.withRevision new Revision(revisionDTO.version, revisionDTO.clientId, id)
         }
         0 * _
+
+        assert userGroupEntity != null
         if (isAuthorized) {
             assert userGroupEntity?.component?.id == userGroupDto.id
             assert userGroupEntity?.component?.users?.equals(userGroupDto.users)
@@ -283,7 +297,6 @@ class StandardNiFiServiceFacadeSpec extends Specification {
             assert userGroupEntity?.accessPolicy?.canWrite
         } else {
             assert userGroupEntity?.component == null
-            assert exception instanceof AccessDeniedException
         }
 
 
@@ -322,27 +335,25 @@ class StandardNiFiServiceFacadeSpec extends Specification {
         }
 
         then:
-        if (isAuthorized) {
-            1 * userGroupDao.getUserGroup(userGroupDto.id) >> requestedUserGroup
-            1 * authorizableLookup.getUsersAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.usersResource, isAuthorized, authorizationResult)
-        }
+        1 * userGroupDao.getUserGroup(userGroupDto.id) >> requestedUserGroup
+        1 * authorizableLookup.getUsersAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.usersResource, isAuthorized, authorizationResult)
         1 * authorizableLookup.getUserGroupsAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.getUserGroupsResource(),
                 isAuthorized, authorizationResult)
         _ * revisionManager.get(_, _) >> { String id, ReadOnlyRevisionCallback callback ->
             callback.withRevision(new Revision(1L, 'client1', 'root'))
         }
-        if (authorizationResult == AuthorizationResult.approved()) {
-            1 * userDao.getUser(_) >> { String userId ->
-                def userEntity = userGroupDto.users.find { it.id.equals(userId) }?.component
-                assert userEntity != null
-                new User.Builder().identifier(userEntity.id).identity(userEntity.identity).build()
-            }
+        1 * userDao.getUser(_) >> { String userId ->
+            def userEntity = userGroupDto.users.find { it.id.equals(userId) }?.component
+            assert userEntity != null
+            new User.Builder().identifier(userEntity.id).identity(userEntity.identity).build()
         }
         0 * _
+
+        assert userGroupEntity != null
         if (isAuthorized) {
             assert userGroupEntity?.component?.id?.equals(userGroupDto.id)
         } else {
-            assert exception instanceof AccessDeniedException
+            assert userGroupEntity.component == null
         }
 
         where:
@@ -393,32 +404,30 @@ class StandardNiFiServiceFacadeSpec extends Specification {
             1 * revisionManager.updateRevision(_, _, _) >> { RevisionClaim revisionClaim, NiFiUser niFiUser, UpdateRevisionTask callback ->
                 callback.update()
             }
+            1 * revisionManager.getRevision(currentRevision.componentId) >> currentRevision.incrementRevision(currentRevision.clientId)
             1 * authorizableLookup.getUsersAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.usersResource,
                     isAuthorized, authorizationResult.get(ResourceFactory.usersResource))
         }
-        if (isAuthorized || userGroupExists) {
-            1 * authorizableLookup.getUserGroupsAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.userGroupsResource,
-                    isAuthorized, authorizationResult.get(ResourceFactory.userGroupsResource))
-        }
+        1 * authorizableLookup.getUserGroupsAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.userGroupsResource,
+                isAuthorized, authorizationResult.get(ResourceFactory.userGroupsResource))
         _ * revisionManager.get(_, _) >> { String id, ReadOnlyRevisionCallback callback ->
             callback.withRevision(new Revision(1L, 'client1', 'root'))
         }
-        if (authorizationResult.get(ResourceFactory.userGroupsResource) == AuthorizationResult.approved()) {
-            1 * userDao.getUser(_) >> { String userId ->
-                def userEntity = userGroupDto.users.find { it.id.equals(userId) }?.component
-                assert userEntity != null
-                new User.Builder().identifier(userEntity.id).identity(userEntity.identity).build()
-            }
+        1 * userDao.getUser(_) >> { String userId ->
+            def userEntity = userGroupDto.users.find { it.id.equals(userId) }?.component
+            assert userEntity != null
+            new User.Builder().identifier(userEntity.id).identity(userEntity.identity).build()
         }
         0 * _
         def userGroupEntity = userGroupsEntityUpdateResult?.result
+
+        assert userGroupEntity != null
         if (isAuthorized) {
             assert userGroupEntity?.component?.id?.equals(userGroupDto.id)
             assert userGroupEntity?.accessPolicy?.canRead
             assert userGroupEntity?.accessPolicy?.canWrite
         } else {
-            assert userGroupEntity?.component == null
-            assert exception instanceof AccessDeniedException
+            assert userGroupEntity.component == null
         }
 
         where:
@@ -467,27 +476,23 @@ class StandardNiFiServiceFacadeSpec extends Specification {
         then:
         if (userGroupExists) {
             1 * userGroupDao.getUserGroup(userGroupDto.id) >> userGroup
-            if (isAuthorized) {
-                1 * userGroupDao.deleteUserGroup(userGroupDto.id) >> userGroup
-            }
+            1 * userGroupDao.deleteUserGroup(userGroupDto.id) >> userGroup
             1 * authorizableLookup.getUsersAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.getUsersResource(),
                     isAuthorized, authorizationResult.get(ResourceFactory.getUsersResource()))
         } else {
             1 * userGroupDao.getUserGroup(userGroupDto.id) >> null
             1 * userGroupDao.deleteUserGroup(userGroupDto.id) >> null
         }
-        if (!(!isAuthorized && userGroupExists)) {
-            1 * authorizableLookup.getUserGroupsAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.userGroupsResource,
-                    isAuthorized, authorizationResult.get(ResourceFactory.userGroupsResource))
-            1 * revisionManager.deleteRevision(_, _, _) >> { RevisionClaim revisionClaim, NiFiUser nifiUser, DeleteRevisionTask task ->
-                task.performTask()
-            }
-            1 * controllerFacade.save()
+        1 * authorizableLookup.getUserGroupsAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.userGroupsResource,
+                isAuthorized, authorizationResult.get(ResourceFactory.userGroupsResource))
+        1 * revisionManager.deleteRevision(_, _, _) >> { RevisionClaim revisionClaim, NiFiUser nifiUser, DeleteRevisionTask task ->
+            task.performTask()
         }
+        1 * controllerFacade.save()
         _ * revisionManager.get(_, _) >> { String id, ReadOnlyRevisionCallback callback ->
             callback.withRevision(new Revision(1L, 'client1', 'root'))
         }
-        if (authorizationResult.get(ResourceFactory.userGroupsResource) == AuthorizationResult.approved() && userGroupExists) {
+        if (userGroupExists) {
             1 * userDao.getUser(_) >> { String userId ->
                 def userEntity = userGroupDto.users.find { it.id.equals(userId) }?.component
                 assert userEntity != null
@@ -496,14 +501,11 @@ class StandardNiFiServiceFacadeSpec extends Specification {
         }
         0 * _
         userGroupEntity?.component?.id == null
-        if (userGroupExists && isAuthorized) {
+        if (userGroupExists) {
             assert userGroupEntity?.id?.equals(userGroupDto.id)
         } else {
             assert userGroupEntity?.id == null
         }
-        if (authorizationResult.get(ResourceFactory.usersResource) == AuthorizationResult.denied()) {
-            assert exception instanceof AccessDeniedException
-        }
 
         where:
         userGroupExists | currentRevision                     | userGroupDto                                                               | isAuthorized |
@@ -550,37 +552,34 @@ class StandardNiFiServiceFacadeSpec extends Specification {
 
         when:
         try {
-            accessPolicyEntity = niFiServiceFacade.createAccessPolicy(new Revision(0L, 'client-1'), accessPolicyDto)
+            accessPolicyEntity = niFiServiceFacade.createAccessPolicy(new Revision(0L, 'client-1', accessPolicyDto.id), accessPolicyDto)
         } catch (AccessDeniedException e) {
             exception = e
         }
 
         then:
         1 * accessPolicyDao.createAccessPolicy(accessPolicyDto) >> newAccessPolicy
-        if (isAuthorized) {
-            1 * authorizableLookup.getAccessPolicyAuthorizable(accessPolicyDto.id) >> new SimpleAuthorizable(null, ResourceFactory.getPolicyResource(accessPolicyDto.id),
-                    isAuthorized, authorizationResult)
-        }
+        1 * authorizableLookup.getAccessPolicyAuthorizable(accessPolicyDto.id) >> new SimpleAuthorizable(null, ResourceFactory.getPolicyResource(accessPolicyDto.id),
+                isAuthorized, authorizationResult)
         1 * authorizableLookup.getUsersAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.getUsersResource(),
                 isAuthorized, authorizationResult)
-        if (authorizationResult == AuthorizationResult.approved()) {
-            1 * userDao.getUser(_) >> { String userId ->
-                def userEntity = accessPolicyDto.users.find { it.id.equals(userId) }?.component
-                assert userEntity != null
-                new User.Builder().identifier(userEntity.id).identity(userEntity.identity).build()
-            }
+        1 * userDao.getUser(_) >> { String userId ->
+            def userEntity = accessPolicyDto.users.find { it.id.equals(userId) }?.component
+            assert userEntity != null
+            new User.Builder().identifier(userEntity.id).identity(userEntity.identity).build()
         }
         1 * revisionManager.get(_, _) >> { String id, ReadOnlyRevisionCallback callback ->
             callback.withRevision(new Revision(1L, 'client1', 'root'))
         }
         0 * _
+
+        assert accessPolicyEntity != null
         if (isAuthorized) {
             assert accessPolicyEntity?.component?.id?.equals(accessPolicyDto.id)
             assert accessPolicyEntity?.accessPolicy?.canRead
             assert accessPolicyEntity?.accessPolicy?.canWrite
         } else {
-            assert accessPolicyEntity?.component == null
-            assert exception instanceof AccessDeniedException
+            assert accessPolicyEntity.component == null
         }
 
         where:
@@ -626,28 +625,26 @@ class StandardNiFiServiceFacadeSpec extends Specification {
         }
 
         then:
-        if (isAuthorized) {
-            1 * accessPolicyDao.getAccessPolicy(accessPolicyDto.id) >> requestedAccessPolicy
-            1 * authorizableLookup.getUsersAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.getUsersResource(),
-                    isAuthorized, authorizationResult)
-        }
+        1 * accessPolicyDao.getAccessPolicy(accessPolicyDto.id) >> requestedAccessPolicy
+        1 * authorizableLookup.getUsersAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.getUsersResource(),
+                isAuthorized, authorizationResult)
         _ * revisionManager.get(_, _) >> { String id, ReadOnlyRevisionCallback callback ->
             callback.withRevision(new Revision(1L, 'client1', 'root'))
         }
         1 * authorizableLookup.getAccessPolicyAuthorizable(accessPolicyDto.id) >> new SimpleAuthorizable(null, ResourceFactory.getPolicyResource(accessPolicyDto.id),
                 isAuthorized, authorizationResult)
-        if (authorizationResult == AuthorizationResult.approved()) {
-            1 * userDao.getUser(_) >> { String userId ->
-                def userEntity = accessPolicyDto.users.find { it.id.equals(userId) }?.component
-                assert userEntity != null
-                new User.Builder().identifier(userEntity.id).identity(userEntity.identity).build()
-            }
+        1 * userDao.getUser(_) >> { String userId ->
+            def userEntity = accessPolicyDto.users.find { it.id.equals(userId) }?.component
+            assert userEntity != null
+            new User.Builder().identifier(userEntity.id).identity(userEntity.identity).build()
         }
         0 * _
+
+        assert accessPolicyEntity != null
         if (isAuthorized) {
             assert accessPolicyEntity?.component?.id?.equals(accessPolicyDto.id)
         } else {
-            assert exception instanceof AccessDeniedException
+            assert accessPolicyEntity.component == null
         }
 
         where:
@@ -704,32 +701,30 @@ class StandardNiFiServiceFacadeSpec extends Specification {
             1 * revisionManager.updateRevision(_, _, _) >> { RevisionClaim revisionClaim, NiFiUser niFiUser, UpdateRevisionTask callback ->
                 callback.update()
             }
+            1 * revisionManager.getRevision(currentRevision.componentId) >> currentRevision.incrementRevision(currentRevision.clientId)
         }
         1 * authorizableLookup.getUsersAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.getUsersResource(),
                 isAuthorized, authorizationResult)
-        if (isAuthorized || hasPolicy) {
-            1 * authorizableLookup.getAccessPolicyAuthorizable(accessPolicyDto.id) >> new SimpleAuthorizable(null, ResourceFactory.getPolicyResource(accessPolicyDto.id),
-                    isAuthorized, authorizationResult)
-        }
-        if (authorizationResult == AuthorizationResult.approved()) {
-            1 * userDao.getUser(_) >> { String userId ->
-                def userEntity = accessPolicyDto.users.find { it.id.equals(userId) }?.component
-                assert userEntity != null
-                new User.Builder().identifier(userEntity.id).identity(userEntity.identity).build()
-            }
+        1 * authorizableLookup.getAccessPolicyAuthorizable(accessPolicyDto.id) >> new SimpleAuthorizable(null, ResourceFactory.getPolicyResource(accessPolicyDto.id),
+                isAuthorized, authorizationResult)
+        1 * userDao.getUser(_) >> { String userId ->
+            def userEntity = accessPolicyDto.users.find { it.id.equals(userId) }?.component
+            assert userEntity != null
+            new User.Builder().identifier(userEntity.id).identity(userEntity.identity).build()
         }
         1 * revisionManager.get(_, _) >> { String id, ReadOnlyRevisionCallback callback ->
             callback.withRevision(new Revision(1L, 'client1', 'root'))
         }
         0 * _
         def accessPolicyEntity = accessPolicyEntityUpdateResult?.result
+
+        assert accessPolicyEntity != null
         if (isAuthorized) {
             assert accessPolicyEntity?.component?.id?.equals(accessPolicyDto.id)
             assert accessPolicyEntity?.accessPolicy?.canRead
             assert accessPolicyEntity?.accessPolicy?.canWrite
         } else {
-            assert accessPolicyEntity?.component == null
-            assert exception instanceof AccessDeniedException
+            assert accessPolicyEntity.component == null
         }
 
         where:
@@ -787,27 +782,23 @@ class StandardNiFiServiceFacadeSpec extends Specification {
         then:
         if (hasPolicy) {
             1 * accessPolicyDao.getAccessPolicy(accessPolicyDto.id) >> accessPolicy
-            if (isAuthorized) {
-                1 * accessPolicyDao.deleteAccessPolicy(accessPolicyDto.id) >> accessPolicy
-            }
+            1 * accessPolicyDao.deleteAccessPolicy(accessPolicyDto.id) >> accessPolicy
             1 * authorizableLookup.getUsersAuthorizable() >> new SimpleAuthorizable(null, ResourceFactory.usersResource,
                     isAuthorized, authorizationResult)
         } else {
             1 * accessPolicyDao.getAccessPolicy(accessPolicyDto.id) >> null
             1 * accessPolicyDao.deleteAccessPolicy(accessPolicyDto.id) >> null
         }
-        if (!(!isAuthorized && hasPolicy)) {
-            1 * authorizableLookup.getAccessPolicyAuthorizable(accessPolicyDto.id) >> new SimpleAuthorizable(null, ResourceFactory.getPolicyResource(accessPolicyDto.id),
-                    isAuthorized, authorizationResult)
-            1 * revisionManager.deleteRevision(_, _, _) >> { RevisionClaim revisionClaim, NiFiUser nifiUser, DeleteRevisionTask task ->
-                task.performTask()
-            }
-            1 * controllerFacade.save()
+        1 * authorizableLookup.getAccessPolicyAuthorizable(accessPolicyDto.id) >> new SimpleAuthorizable(null, ResourceFactory.getPolicyResource(accessPolicyDto.id),
+                isAuthorized, authorizationResult)
+        1 * revisionManager.deleteRevision(_, _, _) >> { RevisionClaim revisionClaim, NiFiUser nifiUser, DeleteRevisionTask task ->
+            task.performTask()
         }
+        1 * controllerFacade.save()
         _ * revisionManager.get(_, _) >> { String id, ReadOnlyRevisionCallback callback ->
             callback.withRevision(new Revision(1L, 'client1', 'root'))
         }
-        if (authorizationResult == AuthorizationResult.approved() && hasPolicy) {
+        if (hasPolicy) {
             1 * userDao.getUser(_) >> { String userId ->
                 def userEntity = accessPolicyDto.users.find { it.id.equals(userId) }?.component
                 assert userEntity != null
@@ -815,14 +806,13 @@ class StandardNiFiServiceFacadeSpec extends Specification {
             }
         }
         0 * _
-        if (hasPolicy && isAuthorized) {
+
+        assert accessPolicyEntity != null
+        if (hasPolicy) {
             assert accessPolicyEntity?.id?.equals(accessPolicyDto.id)
         } else {
             assert accessPolicyEntity?.id == null
         }
-        if (!isAuthorized && hasPolicy) {
-            assert exception instanceof AccessDeniedException
-        }
 
         where:
         hasPolicy | currentRevision                     | accessPolicyDto                                                                                                             | isAuthorized |
@@ -831,9 +821,9 @@ class StandardNiFiServiceFacadeSpec extends Specification {
                 AuthorizationResult.approved()
         false     | null                                | new AccessPolicyDTO(id: '1', resource: ResourceFactory.flowResource.identifier, users: [createUserEntity()], canRead: true) | true         |
                 AuthorizationResult.approved()
-        true       | new Revision(1L, 'client1', 'root') | new AccessPolicyDTO(id: '1', resource: ResourceFactory.flowResource.identifier, users: [createUserEntity()], canRead: true) | false        |
+        true      | new Revision(1L, 'client1', 'root') | new AccessPolicyDTO(id: '1', resource: ResourceFactory.flowResource.identifier, users: [createUserEntity()], canRead: true) | false        |
                 AuthorizationResult.denied()
-        false      | null                                | new AccessPolicyDTO(id: '1', resource: ResourceFactory.flowResource.identifier, users: [createUserEntity()], canRead: true) | false        |
+        false     | null                                | new AccessPolicyDTO(id: '1', resource: ResourceFactory.flowResource.identifier, users: [createUserEntity()], canRead: true) | false        |
                 AuthorizationResult.denied()
     }
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/NiFiWebApiTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/NiFiWebApiTest.java
index 8067491fb6..556c6bc453 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/NiFiWebApiTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/NiFiWebApiTest.java
@@ -48,10 +48,6 @@ import java.util.Set;
 @Ignore
 public class NiFiWebApiTest {
 
-    public static void populateFlow(Client client, String baseUrl, String clientId) throws Exception {
-
-    }
-
     public static void populateFlow(Client client, String baseUrl, NiFiTestUser user, String clientId) throws Exception {
 
         // -----------------------------------------------
@@ -66,7 +62,7 @@ public class NiFiWebApiTest {
         // create the revision
         final RevisionDTO revision = new RevisionDTO();
         revision.setClientId(clientId);
-        revision.setVersion(NiFiTestUser.REVISION);
+        revision.setVersion(0l);
 
         // create the local selection processor entity
         ProcessorEntity processorEntity = new ProcessorEntity();
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessControlHelper.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessControlHelper.java
index 2576253735..27f1c5ea4c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessControlHelper.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessControlHelper.java
@@ -16,6 +16,7 @@
  */
 package org.apache.nifi.integration.accesscontrol;
 
+import com.sun.jersey.api.client.ClientResponse;
 import org.apache.nifi.integration.NiFiWebApiTest;
 import org.apache.nifi.integration.util.NiFiTestAuthorizer;
 import org.apache.nifi.integration.util.NiFiTestServer;
@@ -26,6 +27,8 @@ import org.apache.nifi.util.NiFiProperties;
 
 import java.io.File;
 
+import static org.junit.Assert.assertEquals;
+
 /**
  * Access control test for the dfm user.
  */
@@ -48,6 +51,10 @@ public class AccessControlHelper {
     private String baseUrl;
 
     public AccessControlHelper(final String flowXmlPath) throws Exception {
+        this(flowXmlPath, null);
+    }
+
+    public AccessControlHelper(final String flowXmlPath, final String overrideAuthorizer) throws Exception {
         this.flowXmlPath = flowXmlPath;
 
         // look for the flow.xml and toss it
@@ -64,6 +71,10 @@ public class AccessControlHelper {
         NiFiProperties props = NiFiProperties.getInstance();
         props.setProperty(NiFiProperties.FLOW_CONFIGURATION_FILE, flowXmlPath);
 
+        if (overrideAuthorizer != null) {
+            props.setProperty(NiFiProperties.SECURITY_USER_AUTHORIZER, overrideAuthorizer);
+        }
+
         // load extensions
         NarClassLoaders.load(props);
         ExtensionManager.discoverExtensions();
@@ -102,6 +113,26 @@ public class AccessControlHelper {
         return noneUser;
     }
 
+    public void testGenericGetUri(final String uri) throws Exception {
+        ClientResponse response;
+
+        // read
+        response = getReadUser().testGet(uri);
+        assertEquals(200, response.getStatus());
+
+        // read/write
+        response = getReadWriteUser().testGet(uri);
+        assertEquals(200, response.getStatus());
+
+        // write
+        response = getWriteUser().testGet(uri);
+        assertEquals(403, response.getStatus());
+
+        // none
+        response = getNoneUser().testGet(uri);
+        assertEquals(403, response.getStatus());
+    }
+
     public String getBaseUrl() {
         return baseUrl;
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AdminAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AdminAccessControlTest.java
deleted file mode 100644
index 6077bc3b52..0000000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AdminAccessControlTest.java
+++ /dev/null
@@ -1,1010 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.integration.accesscontrol;
-
-import com.sun.jersey.api.client.ClientResponse;
-import org.apache.commons.collections4.CollectionUtils;
-import org.apache.nifi.integration.NiFiWebApiTest;
-import org.apache.nifi.integration.util.NiFiTestServer;
-import org.apache.nifi.integration.util.NiFiTestUser;
-import org.apache.nifi.nar.ExtensionManager;
-import org.apache.nifi.nar.NarClassLoaders;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.api.dto.FlowSnippetDTO;
-import org.apache.nifi.web.api.dto.ProcessGroupDTO;
-import org.apache.nifi.web.api.dto.RevisionDTO;
-import org.apache.nifi.web.api.dto.UserDTO;
-import org.apache.nifi.web.api.entity.AuthorityEntity;
-import org.apache.nifi.web.api.entity.BannerEntity;
-import org.apache.nifi.web.api.entity.ConnectionEntity;
-import org.apache.nifi.web.api.entity.ConnectionsEntity;
-import org.apache.nifi.web.api.entity.ControllerConfigurationEntity;
-import org.apache.nifi.web.api.entity.InputPortsEntity;
-import org.apache.nifi.web.api.entity.LabelEntity;
-import org.apache.nifi.web.api.entity.LabelsEntity;
-import org.apache.nifi.web.api.entity.OutputPortsEntity;
-import org.apache.nifi.web.api.entity.PortEntity;
-import org.apache.nifi.web.api.entity.PrioritizerTypesEntity;
-import org.apache.nifi.web.api.entity.ProcessGroupEntity;
-import org.apache.nifi.web.api.entity.ProcessGroupsEntity;
-import org.apache.nifi.web.api.entity.ProcessorEntity;
-import org.apache.nifi.web.api.entity.ProcessorTypesEntity;
-import org.apache.nifi.web.api.entity.ProcessorsEntity;
-import org.apache.nifi.web.api.entity.UsersEntity;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.Ignore;
-import org.junit.Test;
-
-import java.io.File;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * Access control test for the admin user.
- */
-@Ignore
-public class AdminAccessControlTest {
-
-    public static final String ADMIN_USER_DN = "CN=Lastname Firstname Middlename admin, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown";
-
-    private static final String CLIENT_ID = "admin-client-id";
-    private static final String CONTEXT_PATH = "/nifi-api";
-    private static final String FLOW_XML_PATH = "target/test-classes/access-control/flow-admin.xml";
-
-    private static NiFiTestServer SERVER;
-    private static NiFiTestUser ADMIN_USER;
-    private static String BASE_URL;
-
-    @BeforeClass
-    public static void setup() throws Exception {
-        // configure the location of the nifi properties
-        File nifiPropertiesFile = new File("src/test/resources/access-control/nifi.properties");
-        System.setProperty(NiFiProperties.PROPERTIES_FILE_PATH, nifiPropertiesFile.getAbsolutePath());
-
-        // update the flow.xml property
-        NiFiProperties props = NiFiProperties.getInstance();
-        props.setProperty("nifi.flow.configuration.file", FLOW_XML_PATH);
-
-        // load extensions
-        NarClassLoaders.load(props);
-        ExtensionManager.discoverExtensions();
-
-        // start the server
-        SERVER = new NiFiTestServer("src/main/webapp", CONTEXT_PATH);
-        SERVER.startServer();
-        SERVER.loadFlow();
-
-        // get the base url
-        BASE_URL = SERVER.getBaseUrl() + CONTEXT_PATH;
-
-        // create the user
-        ADMIN_USER = new NiFiTestUser(SERVER.getClient(), ADMIN_USER_DN);
-
-        // populate the flow
-        NiFiWebApiTest.populateFlow(SERVER.getClient(), BASE_URL, CLIENT_ID);
-    }
-
-    // ----------------------------------------------
-    // PROCESS GROUPS
-    // ----------------------------------------------
-    /**
-     * Ensures the admin user can get a groups content.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testGroupGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root";
-
-        // build the query params
-        Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("verbose", Boolean.TRUE.toString());
-
-        ClientResponse response = ADMIN_USER.testGet(url, queryParams);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // extract the process group
-        ProcessGroupEntity processGroupEntity = response.getEntity(ProcessGroupEntity.class);
-
-        // ensure there is content
-        Assert.assertNotNull(processGroupEntity);
-
-        // extract the process group dto
-        ProcessGroupDTO processGroupDTO = processGroupEntity.getComponent();
-        FlowSnippetDTO processGroupContentsDTO = processGroupDTO.getContents();
-
-        // verify graph
-        Assert.assertEquals(2, processGroupContentsDTO.getProcessors().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getConnections().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getProcessGroups().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getInputPorts().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getOutputPorts().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getLabels().size());
-    }
-
-    /**
-     * Verifies the admin user cannot update a group.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testGroupPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root";
-
-        // create the entity body
-        Map<String, String> formData = new HashMap<>();
-        formData.put("revision", String.valueOf(NiFiTestUser.REVISION));
-        formData.put("clientId", CLIENT_ID);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPut(url, formData);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // CONTROLLER
-    // ----------------------------------------------
-    /**
-     * Verifies the admin user can retrieve the controller configuration.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testControllerConfigurationGet() throws Exception {
-        String url = BASE_URL + "/controller/config";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the results
-        ControllerConfigurationEntity entity = response.getEntity(ControllerConfigurationEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getConfig());
-        Assert.assertEquals(10, entity.getConfig().getMaxTimerDrivenThreadCount().intValue());
-        Assert.assertEquals(5, entity.getConfig().getMaxEventDrivenThreadCount().intValue());
-        Assert.assertEquals(30, entity.getConfig().getAutoRefreshIntervalSeconds().intValue());
-    }
-
-    /**
-     * Verifies the admin user cannot update the controller configuration.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testControllerConfigurationPut() throws Exception {
-        String url = BASE_URL + "/controller/config";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setVersion(0L);
-
-        // create the entity body
-        ControllerConfigurationEntity entity = new ControllerConfigurationEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies the read only user cannot create a new flow archive.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testFlowConfigurationArchivePost() throws Exception {
-        String url = BASE_URL + "/controller/archive";
-
-        // create the entity body
-        Map<String, String> formData = new HashMap<>();
-        formData.put("revision", String.valueOf(NiFiTestUser.REVISION));
-        formData.put("clientId", CLIENT_ID);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPost(url, formData);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies the admin user can retrieve his credentials.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testAuthoritiesGet() throws Exception {
-        String url = BASE_URL + "/controller/authorities";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the result
-        AuthorityEntity entity = response.getEntity(AuthorityEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getAuthorities());
-        Assert.assertEquals(1, entity.getAuthorities().size());
-        Assert.assertEquals("ROLE_ADMIN", entity.getAuthorities().toArray()[0]);
-    }
-
-    /**
-     * Verifies the admin user can retrieve the banners.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testBannersGet() throws Exception {
-        String url = BASE_URL + "/controller/banners";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the result
-        BannerEntity entity = response.getEntity(BannerEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getBanners());
-        Assert.assertEquals("TEST BANNER", entity.getBanners().getHeaderText());
-        Assert.assertEquals("TEST BANNER", entity.getBanners().getFooterText());
-    }
-
-    /**
-     * Verifies the admin user can retrieve the processor types.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorTypesGet() throws Exception {
-        String url = BASE_URL + "/controller/processor-types";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the result
-        ProcessorTypesEntity entity = response.getEntity(ProcessorTypesEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getProcessorTypes());
-        Assert.assertFalse(entity.getProcessorTypes().isEmpty());
-    }
-
-    /**
-     * Verifies the admin user can retrieve the prioritizer types.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testPrioritizerTypesGet() throws Exception {
-        String url = BASE_URL + "/controller/prioritizers";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the result
-        PrioritizerTypesEntity entity = response.getEntity(PrioritizerTypesEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getPrioritizerTypes());
-        Assert.assertFalse(entity.getPrioritizerTypes().isEmpty());
-    }
-
-    // ----------------------------------------------
-    // PROCESS GROUP
-    // ----------------------------------------------
-    /**
-     * Verifies that the admin user can get process groups.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorGroupsGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/process-group-references";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url);
-
-        // get the response
-        ProcessGroupsEntity entity = response.getEntity(ProcessGroupsEntity.class);
-
-        // ensure the request was successful
-        Assert.assertEquals(200, response.getStatus());
-        Assert.assertNotNull(entity.getProcessGroups());
-        Assert.assertEquals(1, entity.getProcessGroups().size());
-    }
-
-    /**
-     * Verifies that the operator user cannot create new process groups.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessGroupPost() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/process-group-references";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ProcessGroupEntity entity = new ProcessGroupEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPost(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the operator user cannot update process group configuration.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessGroupPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/process-group-references/1";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ProcessGroupEntity entity = new ProcessGroupEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the operator user cannot delete process groups.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessGroupDelete() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/process-group-references/1";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testDelete(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // PROCESSOR
-    // ----------------------------------------------
-    /**
-     * Verifies that the admin user can get processors.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorsGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/processors";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url);
-
-        // get the response
-        ProcessorsEntity entity = response.getEntity(ProcessorsEntity.class);
-
-        // ensure the request was successful
-        Assert.assertEquals(200, response.getStatus());
-        Assert.assertNotNull(entity.getProcessors());
-        Assert.assertEquals(2, entity.getProcessors().size());
-    }
-
-    /**
-     * Verifies that the admin user cannot create new processors.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorPost() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/processors";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ProcessorEntity entity = new ProcessorEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPost(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the admin user cannot create new processors.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/processors/1";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ProcessorEntity entity = new ProcessorEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the admin user cannot delete processors.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorDelete() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/processors/1";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testDelete(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // CONNECTION
-    // ----------------------------------------------
-    /**
-     * Verifies that the admin user can get connections.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testConnectionsGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/connections";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url);
-
-        // get the response
-        ConnectionsEntity entity = response.getEntity(ConnectionsEntity.class);
-
-        // ensure the request was successful
-        Assert.assertEquals(200, response.getStatus());
-        Assert.assertNotNull(entity.getConnections());
-        Assert.assertEquals(1, entity.getConnections().size());
-    }
-
-    /**
-     * Verifies that the admin user cannot create connections.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testConnectionPost() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/connections";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ConnectionEntity entity = new ConnectionEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPost(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the admin user cannot create connections.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testConnectionPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/connections/1";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ConnectionEntity entity = new ConnectionEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the admin user cannot delete connections.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testConnectionDelete() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/connections/1";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testDelete(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // INPUT PORTS
-    // ----------------------------------------------
-    /**
-     * Verifies that the admin user can get input ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testInputPortsGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/input-ports";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url);
-
-        // get the response
-        InputPortsEntity entity = response.getEntity(InputPortsEntity.class);
-
-        // ensure the request was successful
-        Assert.assertEquals(200, response.getStatus());
-        Assert.assertNotNull(entity.getInputPorts());
-        Assert.assertEquals(1, entity.getInputPorts().size());
-    }
-
-    /**
-     * Verifies that the admin user cannot create input ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testInputPortPost() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/input-ports";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        PortEntity entity = new PortEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPost(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the admin user cannot create input ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testInputPortPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/input-ports/1";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        PortEntity entity = new PortEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the admin user cannot delete input ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testInputPortDelete() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/input-ports/1";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testDelete(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // OUTPUT PORTS
-    // ----------------------------------------------
-    /**
-     * Verifies that the admin user can get output ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testOutputPortsGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/output-ports";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url);
-
-        // get the response
-        OutputPortsEntity entity = response.getEntity(OutputPortsEntity.class);
-
-        // ensure the request was successful
-        Assert.assertEquals(200, response.getStatus());
-        Assert.assertNotNull(entity.getOutputPorts());
-        Assert.assertEquals(1, entity.getOutputPorts().size());
-    }
-
-    /**
-     * Verifies that the admin user cannot create output ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testOutputPortPost() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/output-ports";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        PortEntity entity = new PortEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPost(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the admin user cannot create input ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testOutputPortPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/output-ports/1";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        PortEntity entity = new PortEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the admin user cannot delete output ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testOutputPortDelete() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/output-ports/1";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testDelete(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // LABEL
-    // ----------------------------------------------
-    /**
-     * Verifies that the admin user can get input ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testLabelsGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/labels";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url);
-
-        // get the response
-        LabelsEntity entity = response.getEntity(LabelsEntity.class);
-
-        // ensure the request was successful
-        Assert.assertEquals(200, response.getStatus());
-        Assert.assertNotNull(entity.getLabels());
-        Assert.assertEquals(1, entity.getLabels().size());
-    }
-
-    /**
-     * Verifies that the admin user cannot create labels.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testLabelPost() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/labels";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        LabelEntity entity = new LabelEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPost(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the admin user cannot create labels.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testLabelPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/labels/1";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        LabelEntity entity = new LabelEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the admin user cannot delete labels.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testLabelDelete() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/labels/1";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testDelete(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // REMOTE PROCESS GROUP
-    // ----------------------------------------------
-    // ----------------------------------------------
-    // HISTORY
-    // ----------------------------------------------
-    /**
-     * Tests the ability to retrieve the NiFi history.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testHistoryGet() throws Exception {
-        String url = BASE_URL + "/controller/history";
-
-        Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("offset", "1");
-        queryParams.put("count", "1");
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url, queryParams);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    /**
-     * Tests the ability to retrieve a specific action.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testActionGet() throws Exception {
-        int nonExistentActionId = 98775;
-        String url = BASE_URL + "/controller/history/" + nonExistentActionId;
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(404, response.getStatus());
-    }
-
-    /**
-     * Verifies the admin user can purge history.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testHistoryDelete() throws Exception {
-        String url = BASE_URL + "/controller/history/";
-
-        // create the form data
-        Map<String, String> formData = new HashMap<>();
-        formData.put("endDate", "06/15/2011 13:45:50");
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testDelete(url, formData);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // USER
-    // ----------------------------------------------
-    /**
-     * Tests the ability to retrieve the NiFi users.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testUsersGet() throws Exception {
-        String url = BASE_URL + "/controller/users";
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    /**
-     * Tests the ability to retrieve a specific user.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testUserGet() throws Exception {
-        int nonExistentActionId = 98775;
-        String url = BASE_URL + "/controller/users/" + nonExistentActionId;
-
-        // perform the request
-        ClientResponse response = ADMIN_USER.testGet(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(404, response.getStatus());
-    }
-
-    /**
-     * Verifies the admin user can update a person.
-     *
-     * @throws Exception ex
-     */
-    //@Test
-    public void testUserUpdate() throws Exception {
-        String url = BASE_URL + "/controller/users";
-
-        // get all the users
-        ClientResponse getResponse = ADMIN_USER.testGet(url);
-        Assert.assertEquals(200, getResponse.getStatus());
-
-        // get the response entity
-        UsersEntity userCollectionEntity = getResponse.getEntity(UsersEntity.class);
-        Assert.assertTrue(CollectionUtils.isNotEmpty(userCollectionEntity.getUsers()));
-
-        // get the first user
-        UserDTO userDTO = (UserDTO) userCollectionEntity.getUsers().toArray()[0];
-
-        // create the form data
-        Map<String, String> formData = new HashMap<>();
-        formData.put("status", "ACTIVE");
-        formData.put("authorities[]", "ROLE_MONITOR");
-
-        // perform the request
-        ClientResponse putResponse = ADMIN_USER.testPut(url + "/" + userDTO.getId(), formData);
-
-        // ensure the request succeeded
-        Assert.assertEquals(200, putResponse.getStatus());
-        Assert.assertEquals("ACTIVE", null);  // FIXME test should fail, needs to be updated to test updating user by changing the groups the user is in and the name of the user
-    }
-
-    @AfterClass
-    public static void cleanup() throws Exception {
-        // shutdown the server
-        SERVER.shutdownServer();
-        SERVER = null;
-
-        // look for the flow.xml
-        File flow = new File(FLOW_XML_PATH);
-        if (flow.exists()) {
-            flow.delete();
-        }
-    }
-}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/DfmAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/DfmAccessControlTest.java
deleted file mode 100644
index 769c9965ce..0000000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/DfmAccessControlTest.java
+++ /dev/null
@@ -1,1322 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.integration.accesscontrol;
-
-import com.sun.jersey.api.client.ClientResponse;
-import com.sun.jersey.multipart.BodyPart;
-import com.sun.jersey.multipart.FormDataBodyPart;
-import com.sun.jersey.multipart.FormDataMultiPart;
-import org.apache.nifi.connectable.ConnectableType;
-import org.apache.nifi.controller.ScheduledState;
-import org.apache.nifi.integration.NiFiWebApiTest;
-import org.apache.nifi.integration.util.NiFiTestServer;
-import org.apache.nifi.integration.util.NiFiTestUser;
-import org.apache.nifi.integration.util.SourceTestProcessor;
-import org.apache.nifi.nar.ExtensionManager;
-import org.apache.nifi.nar.NarClassLoaders;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.api.dto.ConnectableDTO;
-import org.apache.nifi.web.api.dto.ConnectionDTO;
-import org.apache.nifi.web.api.dto.ControllerConfigurationDTO;
-import org.apache.nifi.web.api.dto.FlowSnippetDTO;
-import org.apache.nifi.web.api.dto.LabelDTO;
-import org.apache.nifi.web.api.dto.PortDTO;
-import org.apache.nifi.web.api.dto.ProcessGroupDTO;
-import org.apache.nifi.web.api.dto.ProcessorDTO;
-import org.apache.nifi.web.api.dto.RevisionDTO;
-import org.apache.nifi.web.api.dto.TemplateDTO;
-import org.apache.nifi.web.api.entity.AuthorityEntity;
-import org.apache.nifi.web.api.entity.BannerEntity;
-import org.apache.nifi.web.api.entity.ConnectionEntity;
-import org.apache.nifi.web.api.entity.ConnectionsEntity;
-import org.apache.nifi.web.api.entity.ControllerConfigurationEntity;
-import org.apache.nifi.web.api.entity.InputPortsEntity;
-import org.apache.nifi.web.api.entity.LabelEntity;
-import org.apache.nifi.web.api.entity.LabelsEntity;
-import org.apache.nifi.web.api.entity.OutputPortsEntity;
-import org.apache.nifi.web.api.entity.PortEntity;
-import org.apache.nifi.web.api.entity.PrioritizerTypesEntity;
-import org.apache.nifi.web.api.entity.ProcessGroupEntity;
-import org.apache.nifi.web.api.entity.ProcessGroupsEntity;
-import org.apache.nifi.web.api.entity.ProcessorEntity;
-import org.apache.nifi.web.api.entity.ProcessorTypesEntity;
-import org.apache.nifi.web.api.entity.ProcessorsEntity;
-import org.apache.nifi.web.api.entity.TemplateEntity;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.Ignore;
-import org.junit.Test;
-
-import javax.ws.rs.core.MediaType;
-import java.io.File;
-import java.nio.file.DirectoryStream;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * Access control test for the dfm user.
- */
-@Ignore
-public class DfmAccessControlTest {
-
-    public static final String DFM_USER_DN = "CN=Lastname Firstname Middlename dfm, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown";
-
-    private static final String CLIENT_ID = "dfm-client-id";
-    private static final String CONTEXT_PATH = "/nifi-api";
-    private static final String FLOW_XML_PATH = "target/test-classes/access-control/flow-dfm.xml";
-    private static final String FLOW_TEMPLATES_PATH = "target/test-classes/access-control/templates";
-
-    private static NiFiTestServer SERVER;
-    private static NiFiTestUser DFM_USER;
-    private static String BASE_URL;
-
-    @BeforeClass
-    public static void setup() throws Exception {
-        // look for the flow.xml and toss it
-        File flow = new File(FLOW_XML_PATH);
-        if (flow.exists()) {
-            flow.delete();
-        }
-        // look for templates and toss them
-        final Path templatePath = Paths.get(FLOW_TEMPLATES_PATH);
-        if (Files.exists(templatePath)) {
-            final DirectoryStream<Path> dirStream = Files.newDirectoryStream(Paths.get(FLOW_TEMPLATES_PATH), "*.template");
-            for (final Path path : dirStream) {
-                Files.delete(path);
-            }
-        }
-
-        // configure the location of the nifi properties
-        File nifiPropertiesFile = new File("src/test/resources/access-control/nifi.properties");
-        System.setProperty(NiFiProperties.PROPERTIES_FILE_PATH, nifiPropertiesFile.getAbsolutePath());
-
-        // update the flow.xml property
-        NiFiProperties props = NiFiProperties.getInstance();
-        props.setProperty(NiFiProperties.FLOW_CONFIGURATION_FILE, FLOW_XML_PATH);
-
-        // load extensions
-        NarClassLoaders.load(props);
-        ExtensionManager.discoverExtensions();
-
-        // start the server
-        SERVER = new NiFiTestServer("src/main/webapp", CONTEXT_PATH);
-        SERVER.startServer();
-        SERVER.loadFlow();
-
-        // get the base url
-        BASE_URL = SERVER.getBaseUrl() + CONTEXT_PATH;
-
-        // create the user
-        DFM_USER = new NiFiTestUser(SERVER.getClient(), DFM_USER_DN);
-
-        // populate the flow
-        NiFiWebApiTest.populateFlow(SERVER.getClient(), BASE_URL, CLIENT_ID);
-    }
-
-    // ----------------------------------------------
-    // PROCESS GROUPS
-    // ----------------------------------------------
-    @Test
-    public void testGroupGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root";
-
-        // build the query params
-        Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("verbose", Boolean.TRUE.toString());
-
-        // perform the request
-        ClientResponse response = DFM_USER.testGet(url, queryParams);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // extract the process group
-        ProcessGroupEntity processGroupEntity = response.getEntity(ProcessGroupEntity.class);
-
-        // ensure there is content
-        Assert.assertNotNull(processGroupEntity);
-
-        // extract the process group dto
-        ProcessGroupDTO processGroupDTO = processGroupEntity.getComponent();
-        FlowSnippetDTO processGroupContentsDTO = processGroupDTO.getContents();
-
-        // verify graph
-        Assert.assertEquals(2, processGroupContentsDTO.getProcessors().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getConnections().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getProcessGroups().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getInputPorts().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getOutputPorts().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getLabels().size());
-//        Assert.assertEquals(1, processGroupContentsDTO.getRemoteProcessGroups().size());
-    }
-
-    /**
-     * Verifies the dfm user can update a group.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testGroupPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root";
-
-        // create the entity body
-        Map<String, String> formData = new HashMap<>();
-        formData.put("revision", String.valueOf(NiFiTestUser.REVISION));
-        formData.put("clientId", CLIENT_ID);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPut(url, formData);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // CONTROLLER
-    // ----------------------------------------------
-    /**
-     * Verifies the dfm user can retrieve the controller configuration.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testControllerConfiguration() throws Exception {
-        String url = BASE_URL + "/controller/config";
-
-        // create the controller configuration
-        ControllerConfigurationDTO controllerConfig = new ControllerConfigurationDTO();
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ControllerConfigurationEntity entity = new ControllerConfigurationEntity();
-        entity.setRevision(revision);
-        entity.setConfig(controllerConfig);
-
-        // update the config
-        ClientResponse response = DFM_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the results
-        entity = response.getEntity(ControllerConfigurationEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getConfig());
-        Assert.assertEquals(10, entity.getConfig().getMaxTimerDrivenThreadCount().intValue());
-        Assert.assertEquals(5, entity.getConfig().getMaxEventDrivenThreadCount().intValue());
-        Assert.assertEquals(30, entity.getConfig().getAutoRefreshIntervalSeconds().intValue());
-    }
-
-    /**
-     * Verifies the read only user cannot create a new flow archive.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testFlowConfigurationArchivePost() throws Exception {
-        String url = BASE_URL + "/controller/archive";
-
-        // create the entity body
-        Map<String, String> formData = new HashMap<>();
-        formData.put("revision", String.valueOf(NiFiTestUser.REVISION));
-        formData.put("clientId", CLIENT_ID);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPost(url, formData);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(201, response.getStatus());
-    }
-
-    /**
-     * Verifies the dfm user can retrieve his credentials.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testAuthoritiesGet() throws Exception {
-        String url = BASE_URL + "/controller/authorities";
-
-        // perform the request
-        ClientResponse response = DFM_USER.testGet(url);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the result
-        AuthorityEntity entity = response.getEntity(AuthorityEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getAuthorities());
-        Assert.assertEquals(1, entity.getAuthorities().size());
-        Assert.assertEquals("ROLE_DFM", entity.getAuthorities().toArray()[0]);
-    }
-
-    /**
-     * Verifies the dfm user can retrieve the banners.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testBannersGet() throws Exception {
-        String url = BASE_URL + "/controller/banners";
-
-        // perform the request
-        ClientResponse response = DFM_USER.testGet(url);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the result
-        BannerEntity entity = response.getEntity(BannerEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getBanners());
-        Assert.assertEquals("TEST BANNER", entity.getBanners().getHeaderText());
-        Assert.assertEquals("TEST BANNER", entity.getBanners().getFooterText());
-    }
-
-    /**
-     * Verifies the dfm user can retrieve the processor types.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorTypesGet() throws Exception {
-        String url = BASE_URL + "/controller/processor-types";
-
-        // perform the request
-        ClientResponse response = DFM_USER.testGet(url);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the result
-        ProcessorTypesEntity entity = response.getEntity(ProcessorTypesEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getProcessorTypes());
-        Assert.assertFalse(entity.getProcessorTypes().isEmpty());
-    }
-
-    /**
-     * Verifies the dfm user can retrieve the prioritizer types.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    @Ignore
-    public void testPrioritizerTypesGet() throws Exception {
-        String url = BASE_URL + "/controller/prioritizers";
-
-        // perform the request
-        ClientResponse response = DFM_USER.testGet(url);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the result
-        PrioritizerTypesEntity entity = response.getEntity(PrioritizerTypesEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getPrioritizerTypes());
-        Assert.assertFalse(entity.getPrioritizerTypes().isEmpty());
-    }
-
-    // ----------------------------------------------
-    // GET and PUT
-    // ----------------------------------------------
-    /**
-     * Verifies that the dfm user can update a process group state.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessGroupPutState() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/process-group-references";
-
-        // get a processor and update its configuration state
-        ProcessGroupDTO processGroup = getRandomProcessGroup();
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ProcessGroupEntity entity = new ProcessGroupEntity();
-        entity.setRevision(revision);
-        entity.setComponent(processGroup);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPut(url + "/" + processGroup.getId(), entity);
-
-        // ensure the request succeeded
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    /**
-     * Verifies that the dfm user can update a process group configuration.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessGroupPutConfiguration() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/process-group-references";
-
-        // get a processor and update its configuration state
-        ProcessGroupDTO processGroup = getRandomProcessGroup();
-        processGroup.setName("new group name");
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ProcessGroupEntity entity = new ProcessGroupEntity();
-        entity.setRevision(revision);
-        entity.setComponent(processGroup);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPut(url + "/" + processGroup.getId(), entity);
-
-        // ensure the request succeeded
-        Assert.assertEquals(200, response.getStatus());
-
-        // get the result
-        entity = response.getEntity(ProcessGroupEntity.class);
-        Assert.assertNotNull(entity.getComponent());
-        Assert.assertEquals("new group name", entity.getComponent().getName());
-    }
-
-    /**
-     * Verifies that the dfm user can update processor state.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorPutState() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/processors";
-
-        // get a processor and update its configuration state
-        ProcessorDTO processor = getRandomProcessor();
-        processor.setState(ScheduledState.STOPPED.toString());
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ProcessorEntity entity = new ProcessorEntity();
-        entity.setRevision(revision);
-        entity.setComponent(processor);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPut(url + "/" + processor.getId(), entity);
-
-        // ensure the request succeeded
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    /**
-     * Verifies that the dfm user can update processor state.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorPutConfiguration() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/processors";
-
-        // get a processor and update its configuration state
-        ProcessorDTO processor = getRandomProcessor();
-        processor.setName("new processor name");
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ProcessorEntity entity = new ProcessorEntity();
-        entity.setRevision(revision);
-        entity.setComponent(processor);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPut(url + "/" + processor.getId(), entity);
-
-        // ensure the request succeeded
-        Assert.assertEquals(200, response.getStatus());
-
-        // get the result
-        entity = response.getEntity(ProcessorEntity.class);
-        Assert.assertNotNull(entity.getComponent());
-        Assert.assertEquals("new processor name", entity.getComponent().getName());
-    }
-
-    /**
-     * Verifies that the dfm user can update connections.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testConnectionPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/connections";
-
-        // get a random connection
-        ConnectionDTO connection = getRandomConnection();
-        connection.setName("new name");
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ConnectionEntity entity = new ConnectionEntity();
-        entity.setRevision(revision);
-        entity.setComponent(connection);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPut(url + "/" + connection.getId(), entity);
-
-        // ensure the request succeeded
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    /**
-     * Verifies that the dfm user can update labels.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testLabelPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/labels";
-
-        // get a random label
-        LabelDTO label = getRandomLabel();
-        label.setLabel("new label");
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        LabelEntity entity = new LabelEntity();
-        entity.setRevision(revision);
-        entity.setComponent(label);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPut(url + "/" + label.getId(), entity);
-
-        // ensure the request succeeded
-        Assert.assertEquals(200, response.getStatus());
-
-        // get the result
-        entity = response.getEntity(LabelEntity.class);
-        Assert.assertNotNull(entity.getComponent());
-        Assert.assertEquals("new label", entity.getComponent().getLabel());
-    }
-
-    /**
-     * Verifies that the dfm user can update input ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testInputPortPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/input-ports";
-
-        // get a random input port
-        PortDTO inputPort = getRandomInputPort();
-        inputPort.setName("new input port name");
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        PortEntity entity = new PortEntity();
-        entity.setRevision(revision);
-        entity.setComponent(inputPort);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPut(url + "/" + inputPort.getId(), entity);
-
-        // ensure the request succeeded
-        Assert.assertEquals(200, response.getStatus());
-
-        // get the result
-        entity = response.getEntity(PortEntity.class);
-        Assert.assertNotNull(entity.getComponent());
-        Assert.assertEquals("new input port name", entity.getComponent().getName());
-    }
-
-    /**
-     * Verifies that the dfm user can update output ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testOutputPortPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/output-ports";
-
-        // get a random output port
-        PortDTO outputPort = getRandomOutputPort();
-        outputPort.setName("new output port name");
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        PortEntity entity = new PortEntity();
-        entity.setRevision(revision);
-        entity.setComponent(outputPort);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPut(url + "/" + outputPort.getId(), entity);
-
-        // ensure the request succeeded
-        Assert.assertEquals(200, response.getStatus());
-
-        // get the result
-        entity = response.getEntity(PortEntity.class);
-        Assert.assertNotNull(entity.getComponent());
-        Assert.assertEquals("new output port name", entity.getComponent().getName());
-    }
-
-    // ----------------------------------------------
-    // POST and DELETE
-    // ----------------------------------------------
-    /**
-     * Verifies that the dfm user can create/delete processors.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorCreateDelete() throws Exception {
-        ProcessorDTO processor = createProcessor();
-        deleteProcessor(processor.getId());
-    }
-
-    /**
-     * Verifies that the dfm user can create/delete process groups.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessGroupCreateDelete() throws Exception {
-        ProcessGroupDTO processGroup = createProcessGroup();
-        deleteProcessGroup(processGroup.getId());
-    }
-
-    /**
-     * Verifies that the dfm user can create/delete input ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testInputPortCreateDelete() throws Exception {
-        PortDTO portDTO = createInputPort();
-        deleteInputPort(portDTO.getId());
-    }
-
-    /**
-     * Verifies that the dfm user can create/delete output ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testOutputPortCreateDelete() throws Exception {
-        PortDTO portDTO = createOutputPort();
-        deleteOutputPort(portDTO.getId());
-    }
-
-    /**
-     * Verifies that the dfm user can create/delete connections.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testConnectionCreateDelete() throws Exception {
-        ProcessorDTO target = getRandomProcessor();
-        ProcessorDTO source = createProcessor();
-        ConnectionDTO connection = createConnection(source.getId(), target.getId(), "success");
-        deleteConnection(connection.getId());
-        deleteProcessor(source.getId());
-    }
-
-    /**
-     * Verifies that the dfm user can create/delete labels.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testLabelCreateDelete() throws Exception {
-        LabelDTO label = createLabel();
-        deleteLabel(label.getId());
-    }
-
-    // ----------------------------------------------
-    // HISTORY
-    // ----------------------------------------------
-    /**
-     * Tests the ability to retrieve the NiFi history.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testHistoryGet() throws Exception {
-        String url = BASE_URL + "/controller/history";
-
-        Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("offset", "1");
-        queryParams.put("count", "1");
-
-        // perform the request
-        ClientResponse response = DFM_USER.testGet(url, queryParams);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    /**
-     * Tests the ability to retrieve a specific action.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testActionGet() throws Exception {
-        int nonExistentActionId = 98775;
-        String url = BASE_URL + "/controller/history/" + nonExistentActionId;
-
-        // perform the request
-        ClientResponse response = DFM_USER.testGet(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(404, response.getStatus());
-    }
-
-    /**
-     * Verifies the dfm user can purge history.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testHistoryDelete() throws Exception {
-        String url = BASE_URL + "/controller/history/";
-
-        // create the form data
-        Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("endDate", "06/15/2011 13:45:50");
-
-        // perform the request
-        ClientResponse response = DFM_USER.testDelete(url, queryParams);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // Create resource utility methods
-    // ----------------------------------------------
-    private ProcessGroupDTO getRandomProcessGroup() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/process-group-references";
-
-        // get the process groups
-        ClientResponse response = DFM_USER.testGet(url);
-
-        // ensure the response was successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // get the process group dtos
-        ProcessGroupsEntity processGroupEntity = response.getEntity(ProcessGroupsEntity.class);
-        Collection<ProcessGroupEntity> processGroups = processGroupEntity.getProcessGroups();
-
-        // ensure the correct number of processor groups
-        Assert.assertFalse(processGroups.isEmpty());
-
-        // use the first process group as the target
-        Iterator<ProcessGroupEntity> processorIter = processGroups.iterator();
-        Assert.assertTrue(processorIter.hasNext());
-        return processorIter.next().getComponent();
-    }
-
-    private ProcessorDTO getRandomProcessor() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/processors";
-
-        // get the processors
-        ClientResponse response = DFM_USER.testGet(url);
-
-        // ensure the response was successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // get the processor dtos
-        ProcessorsEntity processorsEntity = response.getEntity(ProcessorsEntity.class);
-        Collection<ProcessorEntity> processors = processorsEntity.getProcessors();
-
-        // ensure the correct number of processors
-        Assert.assertFalse(processors.isEmpty());
-
-        // use the first processor as the target
-        Iterator<ProcessorEntity> processorIter = processors.iterator();
-        Assert.assertTrue(processorIter.hasNext());
-        return processorIter.next().getComponent();
-    }
-
-    private ConnectionDTO getRandomConnection() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/connections";
-
-        // get the connections
-        ClientResponse response = DFM_USER.testGet(url);
-
-        // ensure the response was successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // get the connection dtos
-        ConnectionsEntity connectionEntity = response.getEntity(ConnectionsEntity.class);
-        Collection<ConnectionEntity> connections = connectionEntity.getConnections();
-
-        // ensure the correct number of connections
-        Assert.assertFalse(connections.isEmpty());
-
-        // use the first connection as the target
-        Iterator<ConnectionEntity> connectionIter = connections.iterator();
-        Assert.assertTrue(connectionIter.hasNext());
-        return connectionIter.next().getComponent();
-    }
-
-    private LabelDTO getRandomLabel() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/labels";
-
-        // get the labels
-        ClientResponse response = DFM_USER.testGet(url);
-
-        // ensure the response was successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // get the label dtos
-        LabelsEntity labelEntity = response.getEntity(LabelsEntity.class);
-        Collection<LabelEntity> labels = labelEntity.getLabels();
-
-        // ensure the correct number of labels
-        Assert.assertFalse(labels.isEmpty());
-
-        // use the first label as the target
-        Iterator<LabelEntity> labelIter = labels.iterator();
-        Assert.assertTrue(labelIter.hasNext());
-        return labelIter.next().getComponent();
-    }
-
-    private PortDTO getRandomInputPort() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/input-ports";
-
-        // get the input ports
-        ClientResponse response = DFM_USER.testGet(url);
-
-        // ensure the response was successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // get the port dtos
-        InputPortsEntity inputPortsEntity = response.getEntity(InputPortsEntity.class);
-        Collection<PortEntity> inputPorts = inputPortsEntity.getInputPorts();
-
-        // ensure the correct number of ports
-        Assert.assertFalse(inputPorts.isEmpty());
-
-        // use the first port as the target
-        Iterator<PortEntity> inputPortsIter = inputPorts.iterator();
-        Assert.assertTrue(inputPortsIter.hasNext());
-        return inputPortsIter.next().getComponent();
-    }
-
-    private PortDTO getRandomOutputPort() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/output-ports";
-
-        // get the output ports
-        ClientResponse response = DFM_USER.testGet(url);
-
-        // ensure the response was successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // get the port dtos
-        OutputPortsEntity outputPortsEntity = response.getEntity(OutputPortsEntity.class);
-        Collection<PortEntity> outputPorts = outputPortsEntity.getOutputPorts();
-
-        // ensure the correct number of ports
-        Assert.assertFalse(outputPorts.isEmpty());
-
-        // use the first port as the target
-        Iterator<PortEntity> inputPortsIter = outputPorts.iterator();
-        Assert.assertTrue(inputPortsIter.hasNext());
-        return inputPortsIter.next().getComponent();
-    }
-
-    // ----------------------------------------------
-    // Create resource utility methods
-    // ----------------------------------------------
-    private ProcessGroupDTO createProcessGroup() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/process-group-references";
-
-        // create the processor
-        ProcessGroupDTO processGroup = new ProcessGroupDTO();
-        processGroup.setName("Group1");
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ProcessGroupEntity entity = new ProcessGroupEntity();
-        entity.setRevision(revision);
-        entity.setComponent(processGroup);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPost(url, entity);
-
-        // ensure the request is successful
-        Assert.assertEquals(201, response.getStatus());
-
-        // get the entity body
-        entity = response.getEntity(ProcessGroupEntity.class);
-
-        // verify creation
-        processGroup = entity.getComponent();
-        Assert.assertEquals("Group1", processGroup.getName());
-
-        // get the process group
-        return processGroup;
-    }
-
-    private PortDTO createInputPort() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/input-ports";
-
-        // create the processor
-        PortDTO portDTO = new PortDTO();
-        portDTO.setName("Input Port");
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        PortEntity entity = new PortEntity();
-        entity.setRevision(revision);
-        entity.setComponent(portDTO);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPost(url, entity);
-
-        // ensure the request is successful
-        Assert.assertEquals(201, response.getStatus());
-
-        // get the entity body
-        entity = response.getEntity(PortEntity.class);
-
-        // verify creation
-        portDTO = entity.getComponent();
-        Assert.assertEquals("Input Port", portDTO.getName());
-
-        // get the process group
-        return portDTO;
-    }
-
-    private PortDTO createOutputPort() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/output-ports";
-
-        // create the processor
-        PortDTO portDTO = new PortDTO();
-        portDTO.setName("Output Port");
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        PortEntity entity = new PortEntity();
-        entity.setRevision(revision);
-        entity.setComponent(portDTO);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPost(url, entity);
-
-        // ensure the request is successful
-        Assert.assertEquals(201, response.getStatus());
-
-        // get the entity body
-        entity = response.getEntity(PortEntity.class);
-
-        // verify creation
-        portDTO = entity.getComponent();
-        Assert.assertEquals("Output Port", portDTO.getName());
-
-        // get the process group
-        return portDTO;
-    }
-
-    private ProcessorDTO createProcessor() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/processors";
-
-        // create the processor
-        ProcessorDTO processor = new ProcessorDTO();
-        processor.setName("Copy");
-        processor.setType(SourceTestProcessor.class.getName());
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ProcessorEntity entity = new ProcessorEntity();
-        entity.setRevision(revision);
-        entity.setComponent(processor);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPost(url, entity);
-
-        // ensure the request is successful
-        Assert.assertEquals(201, response.getStatus());
-
-        // get the entity body
-        entity = response.getEntity(ProcessorEntity.class);
-
-        // verify creation
-        processor = entity.getComponent();
-        Assert.assertEquals("Copy", processor.getName());
-        Assert.assertEquals("org.apache.nifi.integration.util.SourceTestProcessor", processor.getType());
-
-        // get the processor id
-        return processor;
-    }
-
-    private ConnectionDTO createConnection(String sourceId, String targetId, String relationship) throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/connections";
-
-        // create the source connectable
-        ConnectableDTO source = new ConnectableDTO();
-        source.setId(sourceId);
-        source.setType(ConnectableType.PROCESSOR.name());
-
-        // create the target connectable
-        ConnectableDTO target = new ConnectableDTO();
-        target.setId(targetId);
-        target.setType(ConnectableType.PROCESSOR.name());
-
-        // create the relationships
-        Set<String> relationships = new HashSet<>();
-        relationships.add(relationship);
-
-        // create the connection
-        ConnectionDTO connection = new ConnectionDTO();
-        connection.setSource(source);
-        connection.setDestination(target);
-        connection.setSelectedRelationships(relationships);
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ConnectionEntity entity = new ConnectionEntity();
-        entity.setRevision(revision);
-        entity.setComponent(connection);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPost(url, entity);
-
-        // ensure the request is successful
-        Assert.assertEquals(201, response.getStatus());
-
-        // get the entity body
-        entity = response.getEntity(ConnectionEntity.class);
-
-        // verify the results
-        connection = entity.getComponent();
-        Assert.assertEquals(sourceId, connection.getSource().getId());
-        Assert.assertEquals(targetId, connection.getDestination().getId());
-        Assert.assertEquals(1, connection.getSelectedRelationships().size());
-        Assert.assertEquals("success", connection.getSelectedRelationships().toArray()[0]);
-
-        // get the connection id
-        return connection;
-    }
-
-    public LabelDTO createLabel() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/labels";
-
-        // create the label
-        LabelDTO label = new LabelDTO();
-        label.setLabel("Label2");
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        LabelEntity entity = new LabelEntity();
-        entity.setRevision(revision);
-        entity.setComponent(label);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPost(url, entity);
-
-        // ensure the request is successful
-        Assert.assertEquals(201, response.getStatus());
-
-        // get the entity body
-        entity = response.getEntity(LabelEntity.class);
-
-        // verify the results
-        label = entity.getComponent();
-        Assert.assertEquals("Label2", label.getLabel());
-
-        // get the label id
-        return label;
-    }
-
-    // ----------------------------------------------
-    // Delete resource utility methods
-    // ----------------------------------------------
-    private void deleteProcessGroup(String processGroupId) throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/process-group-references/" + processGroupId;
-
-        // create the entity body
-        Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("revision", String.valueOf(NiFiTestUser.REVISION));
-        queryParams.put("clientId", CLIENT_ID);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testDelete(url, queryParams);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    private void deleteInputPort(String portId) throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/input-ports/" + portId;
-
-        // create the entity body
-        Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("revision", String.valueOf(NiFiTestUser.REVISION));
-        queryParams.put("clientId", CLIENT_ID);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testDelete(url, queryParams);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    private void deleteOutputPort(String portId) throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/output-ports/" + portId;
-
-        // create the entity body
-        Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("revision", String.valueOf(NiFiTestUser.REVISION));
-        queryParams.put("clientId", CLIENT_ID);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testDelete(url, queryParams);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    private void deleteProcessor(String processorId) throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/processors/" + processorId;
-
-        // create the entity body
-        Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("revision", String.valueOf(NiFiTestUser.REVISION));
-        queryParams.put("clientId", CLIENT_ID);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testDelete(url, queryParams);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    private void deleteConnection(String connectionId) throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/connections/" + connectionId;
-
-        // create the entity body
-        Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("revision", String.valueOf(NiFiTestUser.REVISION));
-        queryParams.put("clientId", CLIENT_ID);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testDelete(url, queryParams);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    private void deleteLabel(String labelId) throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/labels/" + labelId;
-
-        // create the entity body
-        Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("revision", String.valueOf(NiFiTestUser.REVISION));
-        queryParams.put("clientId", CLIENT_ID);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testDelete(url, queryParams);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    private void deleteRemoteProcessGroup(String remoteProcessGroupId) throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/remote-process-groups/" + remoteProcessGroupId;
-
-        // create the entity body
-        Map<String, String> formData = new HashMap<>();
-        formData.put("revision", String.valueOf(NiFiTestUser.REVISION));
-        formData.put("clientId", CLIENT_ID);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testDelete(url, formData);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // TEMPLATE
-    // ----------------------------------------------
-    @Test
-    public void testImportTemplate() throws Exception {
-        String url = BASE_URL + "/controller/templates";
-
-        // build the template
-        TemplateDTO template = new TemplateDTO();
-        template.setName("template-name");
-        template.setSnippet(new FlowSnippetDTO());
-
-        // build the body part
-        BodyPart body = new FormDataBodyPart("template", template, MediaType.APPLICATION_XML_TYPE);
-
-        // build the form
-        FormDataMultiPart form = new FormDataMultiPart();
-        form.bodyPart(body);
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPostMultiPart(url, form);
-
-        // verify success
-        Assert.assertEquals(201, response.getStatus());
-
-        // ensure the template is returned
-        TemplateEntity responseTemplate = response.getEntity(TemplateEntity.class);
-        Assert.assertEquals("template-name", responseTemplate.getTemplate().getName());
-    }
-
-    // ----------------------------------------------
-    // USER
-    // ----------------------------------------------
-    /**
-     * Tests the ability to retrieve the NiFi users.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testUsersGet() throws Exception {
-        String url = BASE_URL + "/controller/users";
-
-        // perform the request
-        ClientResponse response = DFM_USER.testGet(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Tests the ability to retrieve a specific user.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testUserGet() throws Exception {
-        int nonExistentUserId = 98775;
-        String url = BASE_URL + "/controller/users/" + nonExistentUserId;
-
-        // perform the request
-        ClientResponse response = DFM_USER.testGet(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies the admin user can update a person.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testUserPut() throws Exception {
-        int nonExistentUserId = 98775;
-        String url = BASE_URL + "/controller/users/" + nonExistentUserId;
-
-        // create the form data
-        Map<String, String> formData = new HashMap<>();
-        formData.put("status", "DISABLED");
-
-        // perform the request
-        ClientResponse response = DFM_USER.testPut(url, formData);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    @AfterClass
-    public static void cleanup() throws Exception {
-        // shutdown the server
-        SERVER.shutdownServer();
-        SERVER = null;
-
-        // look for the flow.xml and toss it
-        File flow = new File(FLOW_XML_PATH);
-        if (flow.exists()) {
-            flow.delete();
-        }
-        // look for templates and toss them
-        final DirectoryStream<Path> dirStream = Files.newDirectoryStream(Paths.get(FLOW_TEMPLATES_PATH), "*.template");
-        for (final Path path : dirStream) {
-            Files.delete(path);
-        }
-    }
-}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessTokenEndpointTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITAccessTokenEndpoint.java
similarity index 99%
rename from nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessTokenEndpointTest.java
rename to nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITAccessTokenEndpoint.java
index 6f30b03539..55fa1a440d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessTokenEndpointTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITAccessTokenEndpoint.java
@@ -47,7 +47,7 @@ import java.util.Map;
 /**
  * Access token endpoint test.
  */
-public class AccessTokenEndpointTest {
+public class ITAccessTokenEndpoint {
 
     private static final String CLIENT_ID = "token-endpoint-id";
     private static final String CONTEXT_PATH = "/nifi-api";
@@ -159,7 +159,7 @@ public class AccessTokenEndpointTest {
         // create the revision
         final RevisionDTO revision = new RevisionDTO();
         revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
+        revision.setVersion(0l);
 
         // create the entity body
         ProcessorEntity entity = new ProcessorEntity();
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ConnectionAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITConnectionAccessControl.java
similarity index 97%
rename from nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ConnectionAccessControlTest.java
rename to nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITConnectionAccessControl.java
index ab01ea87be..1d8e597bdd 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ConnectionAccessControlTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITConnectionAccessControl.java
@@ -50,7 +50,7 @@ import static org.junit.Assert.assertTrue;
 /**
  * Access control test for connections.
  */
-public class ConnectionAccessControlTest {
+public class ITConnectionAccessControl {
 
     private static final String FLOW_XML_PATH = "target/test-classes/access-control/flow-connections.xml";
 
@@ -354,8 +354,8 @@ public class ConnectionAccessControlTest {
         String url = helper.getBaseUrl() + "/process-groups/root/connections";
 
         // get two processors
-        final ProcessorEntity one = ProcessorAccessControlTest.createProcessor(helper, "one");
-        final ProcessorEntity two = ProcessorAccessControlTest.createProcessor(helper, "two");
+        final ProcessorEntity one = ITProcessorAccessControl.createProcessor(helper, "one");
+        final ProcessorEntity two = ITProcessorAccessControl.createProcessor(helper, "two");
 
         // create the source connectable
         ConnectableDTO source = new ConnectableDTO();
@@ -410,7 +410,7 @@ public class ConnectionAccessControlTest {
 
         // create the entity body
         final Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("revision", String.valueOf(entity.getRevision().getVersion()));
+        queryParams.put("version", String.valueOf(entity.getRevision().getVersion()));
         queryParams.put("clientId", clientId);
 
         // perform the request
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITCountersAccessControl.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITCountersAccessControl.java
new file mode 100644
index 0000000000..2f017f8d59
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITCountersAccessControl.java
@@ -0,0 +1,86 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.integration.accesscontrol;
+
+import com.sun.jersey.api.client.ClientResponse;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.util.Collections;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * Access control test for funnels.
+ */
+public class ITCountersAccessControl {
+
+    private static final String FLOW_XML_PATH = "target/test-classes/access-control/flow-counters.xml";
+
+    private static AccessControlHelper helper;
+    private static String uri;
+
+    @BeforeClass
+    public static void setup() throws Exception {
+        helper = new AccessControlHelper(FLOW_XML_PATH);
+        uri = helper.getBaseUrl() + "/counters";
+    }
+
+    /**
+     * Test get counters.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testGetCounters() throws Exception {
+        helper.testGenericGetUri(uri);
+    }
+
+    /**
+     * Ensures the READ user can get counters.
+     *
+     * @throws Exception ex
+     */
+    @Test
+    public void testUpdateCounters() throws Exception {
+        final String counterUri = uri + "/my-counter";
+
+        ClientResponse response;
+
+        // read
+        response = helper.getReadUser().testPut(counterUri, Collections.emptyMap());
+        assertEquals(403, response.getStatus());
+
+        // read/write
+        response = helper.getReadWriteUser().testPut(counterUri, Collections.emptyMap());
+        assertEquals(404, response.getStatus());
+
+        // write
+        response = helper.getWriteUser().testPut(counterUri, Collections.emptyMap());
+        assertEquals(404, response.getStatus());
+
+        // none
+        response = helper.getNoneUser().testPut(counterUri, Collections.emptyMap());
+        assertEquals(403, response.getStatus());
+    }
+
+    @AfterClass
+    public static void cleanup() throws Exception {
+        helper.cleanup();
+    }
+}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITFlowAccessControl.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITFlowAccessControl.java
new file mode 100644
index 0000000000..9202c42fbc
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITFlowAccessControl.java
@@ -0,0 +1,245 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.integration.accesscontrol;
+
+import com.sun.jersey.api.client.ClientResponse;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+/**
+ * Access control test for funnels.
+ */
+public class ITFlowAccessControl {
+
+    private static final String FLOW_XML_PATH = "target/test-classes/access-control/flow-flow.xml";
+
+    private static AccessControlHelper helper;
+
+    @BeforeClass
+    public static void setup() throws Exception {
+        helper = new AccessControlHelper(FLOW_XML_PATH, "flow-test-provider");
+    }
+
+    /**
+     * Test get flow.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testGetFlow() throws Exception {
+        helper.testGenericGetUri(helper.getBaseUrl() + "/flow/process-groups/root");
+    }
+
+    // TODO - test update flow
+
+    /**
+     * Test generate client.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testGenerateClientId() throws Exception {
+        helper.testGenericGetUri(helper.getBaseUrl() + "/flow/client-id");
+    }
+
+    /**
+     * Test get identity.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testGetIdentity() throws Exception {
+        helper.testGenericGetUri(helper.getBaseUrl() + "/flow/identity");
+    }
+
+    /**
+     * Test get controller services.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testGetControllerServices() throws Exception {
+        helper.testGenericGetUri(helper.getBaseUrl() + "/flow/controller/controller-services");
+        helper.testGenericGetUri(helper.getBaseUrl() + "/flow/process-groups/root/controller-services");
+    }
+
+    /**
+     * Test get reporting tasks.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testGetReportingTasks() throws Exception {
+        helper.testGenericGetUri(helper.getBaseUrl() + "/flow/reporting-tasks");
+    }
+
+    /**
+     * Test search.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testSearch() throws Exception {
+        helper.testGenericGetUri(helper.getBaseUrl() + "/flow/search-results");
+    }
+
+    /**
+     * Test status.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testStatus() throws Exception {
+        helper.testGenericGetUri(helper.getBaseUrl() + "/flow/status");
+    }
+
+    /**
+     * Test banners.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testBanners() throws Exception {
+        helper.testGenericGetUri(helper.getBaseUrl() + "/flow/status");
+    }
+
+    /**
+     * Test bulletin board.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testBulletinBoard() throws Exception {
+        helper.testGenericGetUri(helper.getBaseUrl() + "/flow/bulletin-board");
+    }
+
+    /**
+     * Test about.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testAbout() throws Exception {
+        helper.testGenericGetUri(helper.getBaseUrl() + "/flow/about");
+    }
+
+    /**
+     * Test get flow config.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testGetFlowConfig() throws Exception {
+        helper.testGenericGetUri(helper.getBaseUrl() + "/flow/config");
+    }
+
+    /**
+     * Test get status.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testGetStatus() throws Exception {
+        testComponentSpecificGetUri(helper.getBaseUrl() + "/flow/processors/my-component/status");
+        testComponentSpecificGetUri(helper.getBaseUrl() + "/flow/input-ports/my-component/status");
+        testComponentSpecificGetUri(helper.getBaseUrl() + "/flow/output-ports/my-component/status");
+        testComponentSpecificGetUri(helper.getBaseUrl() + "/flow/remote-process-groups/my-component/status");
+        testComponentSpecificGetUri(helper.getBaseUrl() + "/flow/process-groups/my-component/status");
+        testComponentSpecificGetUri(helper.getBaseUrl() + "/flow/connections/my-component/status");
+    }
+
+    /**
+     * Test get status history.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testGetStatusHistory() throws Exception {
+        testComponentSpecificGetUri(helper.getBaseUrl() + "/flow/processors/my-component/status/history");
+        testComponentSpecificGetUri(helper.getBaseUrl() + "/flow/remote-process-groups/my-component/status/history");
+        testComponentSpecificGetUri(helper.getBaseUrl() + "/flow/process-groups/my-component/status/history");
+        testComponentSpecificGetUri(helper.getBaseUrl() + "/flow/connections/my-component/status/history");
+    }
+
+    /**
+     * Test get action.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testGetAction() throws Exception {
+        final String uri = helper.getBaseUrl() + "/flow/history/1";
+
+        ClientResponse response;
+
+        // the action does not exist... all users should return 403
+
+        // read
+        response = helper.getReadUser().testGet(uri);
+        assertEquals(403, response.getStatus());
+
+        // read/write
+        response = helper.getReadWriteUser().testGet(uri);
+        assertEquals(403, response.getStatus());
+
+        // write
+        response = helper.getWriteUser().testGet(uri);
+        assertEquals(403, response.getStatus());
+
+        // none
+        response = helper.getNoneUser().testGet(uri);
+        assertEquals(403, response.getStatus());
+    }
+
+    /**
+     * Test get action.
+     *
+     * @throws Exception exception
+     */
+    @Test
+    public void testGetComponentHistory() throws Exception {
+        helper.testGenericGetUri(helper.getBaseUrl() + "/flow/history/components/my-component");
+    }
+
+    public void testComponentSpecificGetUri(final String uri) throws Exception {
+        ClientResponse response;
+
+        // read
+        response = helper.getReadUser().testGet(uri);
+        assertEquals(404, response.getStatus());
+
+        // read/write
+        response = helper.getReadWriteUser().testGet(uri);
+        assertEquals(404, response.getStatus());
+
+        // write
+        response = helper.getWriteUser().testGet(uri);
+        assertEquals(403, response.getStatus());
+
+        // none
+        response = helper.getNoneUser().testGet(uri);
+        assertEquals(403, response.getStatus());
+    }
+
+    @AfterClass
+    public static void cleanup() throws Exception {
+        helper.cleanup();
+    }
+}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/FunnelAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITFunnelAccessControl.java
similarity index 99%
rename from nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/FunnelAccessControlTest.java
rename to nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITFunnelAccessControl.java
index 26590b9a06..5d835fcfaa 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/FunnelAccessControlTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITFunnelAccessControl.java
@@ -46,7 +46,7 @@ import static org.junit.Assert.assertTrue;
 /**
  * Access control test for funnels.
  */
-public class FunnelAccessControlTest {
+public class ITFunnelAccessControl {
 
     private static final String FLOW_XML_PATH = "target/test-classes/access-control/flow-funnels.xml";
 
@@ -344,7 +344,7 @@ public class FunnelAccessControlTest {
 
         // create the entity body
         final Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("revision", String.valueOf(entity.getRevision().getVersion()));
+        queryParams.put("version", String.valueOf(entity.getRevision().getVersion()));
         queryParams.put("clientId", clientId);
 
         // perform the request
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/InputPortAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITInputPortAccessControl.java
similarity index 99%
rename from nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/InputPortAccessControlTest.java
rename to nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITInputPortAccessControl.java
index 9f9a966d0c..3dc8f199d8 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/InputPortAccessControlTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITInputPortAccessControl.java
@@ -46,7 +46,7 @@ import static org.junit.Assert.assertTrue;
 /**
  * Access control test for input ports.
  */
-public class InputPortAccessControlTest {
+public class ITInputPortAccessControl {
 
     private static final String FLOW_XML_PATH = "target/test-classes/access-control/flow-input-ports.xml";
 
@@ -388,7 +388,7 @@ public class InputPortAccessControlTest {
 
         // create the entity body
         final Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("revision", String.valueOf(entity.getRevision().getVersion()));
+        queryParams.put("version", String.valueOf(entity.getRevision().getVersion()));
         queryParams.put("clientId", clientId);
 
         // perform the request
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/LabelAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITLabelAccessControl.java
similarity index 99%
rename from nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/LabelAccessControlTest.java
rename to nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITLabelAccessControl.java
index ebfc3c2a59..3a44d5346a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/LabelAccessControlTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITLabelAccessControl.java
@@ -46,7 +46,7 @@ import static org.junit.Assert.assertTrue;
 /**
  * Access control test for labels.
  */
-public class LabelAccessControlTest {
+public class ITLabelAccessControl {
 
     private static final String FLOW_XML_PATH = "target/test-classes/access-control/flow-labels.xml";
 
@@ -385,7 +385,7 @@ public class LabelAccessControlTest {
 
         // create the entity body
         final Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("revision", String.valueOf(entity.getRevision().getVersion()));
+        queryParams.put("version", String.valueOf(entity.getRevision().getVersion()));
         queryParams.put("clientId", clientId);
 
         // perform the request
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/OutputPortAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITOutputPortAccessControl.java
similarity index 99%
rename from nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/OutputPortAccessControlTest.java
rename to nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITOutputPortAccessControl.java
index 900b11ff92..5de49df1a0 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/OutputPortAccessControlTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITOutputPortAccessControl.java
@@ -46,7 +46,7 @@ import static org.junit.Assert.assertTrue;
 /**
  * Access control test for output ports.
  */
-public class OutputPortAccessControlTest {
+public class ITOutputPortAccessControl {
 
     private static final String FLOW_XML_PATH = "target/test-classes/access-control/flow-output-ports.xml";
 
@@ -388,7 +388,7 @@ public class OutputPortAccessControlTest {
 
         // create the entity body
         final Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("revision", String.valueOf(entity.getRevision().getVersion()));
+        queryParams.put("version", String.valueOf(entity.getRevision().getVersion()));
         queryParams.put("clientId", clientId);
 
         // perform the request
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ProcessGroupAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITProcessGroupAccessControl.java
similarity index 99%
rename from nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ProcessGroupAccessControlTest.java
rename to nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITProcessGroupAccessControl.java
index b3179b1884..59af06304d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ProcessGroupAccessControlTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITProcessGroupAccessControl.java
@@ -46,7 +46,7 @@ import static org.junit.Assert.assertTrue;
 /**
  * Access control test for process groups.
  */
-public class ProcessGroupAccessControlTest {
+public class ITProcessGroupAccessControl {
 
     private static final String FLOW_XML_PATH = "target/test-classes/access-control/flow-processors.xml";
 
@@ -388,7 +388,7 @@ public class ProcessGroupAccessControlTest {
 
         // create the entity body
         final Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("revision", String.valueOf(entity.getRevision().getVersion()));
+        queryParams.put("version", String.valueOf(entity.getRevision().getVersion()));
         queryParams.put("clientId", clientId);
 
         // perform the request
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ProcessorAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITProcessorAccessControl.java
similarity index 99%
rename from nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ProcessorAccessControlTest.java
rename to nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITProcessorAccessControl.java
index 80b6b764f5..143d60e412 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ProcessorAccessControlTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ITProcessorAccessControl.java
@@ -47,7 +47,7 @@ import static org.junit.Assert.assertTrue;
 /**
  * Access control test for processors.
  */
-public class ProcessorAccessControlTest {
+public class ITProcessorAccessControl {
 
     private static final String FLOW_XML_PATH = "target/test-classes/access-control/flow-processors.xml";
 
@@ -472,7 +472,7 @@ public class ProcessorAccessControlTest {
 
         // create the entity body
         final Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("revision", String.valueOf(entity.getRevision().getVersion()));
+        queryParams.put("version", String.valueOf(entity.getRevision().getVersion()));
         queryParams.put("clientId", clientId);
 
         // perform the request
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ReadOnlyAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ReadOnlyAccessControlTest.java
deleted file mode 100644
index d7e6a7abff..0000000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ReadOnlyAccessControlTest.java
+++ /dev/null
@@ -1,983 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements.  See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.integration.accesscontrol;
-
-import com.sun.jersey.api.client.ClientResponse;
-import org.apache.nifi.integration.NiFiWebApiTest;
-import org.apache.nifi.integration.util.NiFiTestServer;
-import org.apache.nifi.integration.util.NiFiTestUser;
-import org.apache.nifi.nar.ExtensionManager;
-import org.apache.nifi.nar.NarClassLoaders;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.api.dto.FlowSnippetDTO;
-import org.apache.nifi.web.api.dto.ProcessGroupDTO;
-import org.apache.nifi.web.api.dto.RevisionDTO;
-import org.apache.nifi.web.api.entity.AuthorityEntity;
-import org.apache.nifi.web.api.entity.BannerEntity;
-import org.apache.nifi.web.api.entity.ConnectionEntity;
-import org.apache.nifi.web.api.entity.ConnectionsEntity;
-import org.apache.nifi.web.api.entity.ControllerConfigurationEntity;
-import org.apache.nifi.web.api.entity.InputPortsEntity;
-import org.apache.nifi.web.api.entity.LabelEntity;
-import org.apache.nifi.web.api.entity.LabelsEntity;
-import org.apache.nifi.web.api.entity.OutputPortsEntity;
-import org.apache.nifi.web.api.entity.PortEntity;
-import org.apache.nifi.web.api.entity.PrioritizerTypesEntity;
-import org.apache.nifi.web.api.entity.ProcessGroupEntity;
-import org.apache.nifi.web.api.entity.ProcessGroupsEntity;
-import org.apache.nifi.web.api.entity.ProcessorEntity;
-import org.apache.nifi.web.api.entity.ProcessorTypesEntity;
-import org.apache.nifi.web.api.entity.ProcessorsEntity;
-import org.junit.AfterClass;
-import org.junit.Assert;
-import org.junit.BeforeClass;
-import org.junit.Ignore;
-import org.junit.Test;
-
-import java.io.File;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- * Access control test for a read only user.
- */
-@Ignore
-public class ReadOnlyAccessControlTest {
-
-    public static final String READ_ONLY_USER_DN = "CN=Lastname Firstname Middlename monitor, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown";
-
-    private static final String CLIENT_ID = "readonly-client-id";
-    private static final String CONTEXT_PATH = "/nifi-api";
-    private static final String FLOW_XML_PATH = "target/test-classes/access-control/flow-monitor.xml";
-
-    private static NiFiTestServer SERVER;
-    private static NiFiTestUser READ_ONLY_USER;
-    private static String BASE_URL;
-
-    @BeforeClass
-    public static void setup() throws Exception {
-        // configure the location of the nifi properties
-        File nifiPropertiesFile = new File("src/test/resources/access-control/nifi.properties");
-        System.setProperty(NiFiProperties.PROPERTIES_FILE_PATH, nifiPropertiesFile.getAbsolutePath());
-
-        // update the flow.xml property
-        NiFiProperties props = NiFiProperties.getInstance();
-        props.setProperty("nifi.flow.configuration.file", FLOW_XML_PATH);
-
-        // load extensions
-        NarClassLoaders.load(props);
-        ExtensionManager.discoverExtensions();
-
-        // start the server
-        SERVER = new NiFiTestServer("src/main/webapp", CONTEXT_PATH);
-        SERVER.startServer();
-        SERVER.loadFlow();
-
-        // get the base url
-        BASE_URL = SERVER.getBaseUrl() + CONTEXT_PATH;
-
-        // create the user
-        READ_ONLY_USER = new NiFiTestUser(SERVER.getClient(), READ_ONLY_USER_DN);
-
-        // populate the flow
-        NiFiWebApiTest.populateFlow(SERVER.getClient(), BASE_URL, CLIENT_ID);
-    }
-
-    // ----------------------------------------------
-    // PROCESS GROUPS
-    // ----------------------------------------------
-    /**
-     * Ensures the admin user can get a groups content.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testGroupGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root";
-
-        // build the query params
-        Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("verbose", Boolean.TRUE.toString());
-
-        ClientResponse response = READ_ONLY_USER.testGet(url, queryParams);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // extract the process group
-        ProcessGroupEntity processGroupEntity = response.getEntity(ProcessGroupEntity.class);
-
-        // ensure there is content
-        Assert.assertNotNull(processGroupEntity);
-
-        // extract the process group dto
-        ProcessGroupDTO processGroupDTO = processGroupEntity.getComponent();
-        FlowSnippetDTO processGroupContentsDTO = processGroupDTO.getContents();
-
-        // verify graph
-        Assert.assertEquals(2, processGroupContentsDTO.getProcessors().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getConnections().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getProcessGroups().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getInputPorts().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getOutputPorts().size());
-        Assert.assertEquals(1, processGroupContentsDTO.getLabels().size());
-    }
-
-    /**
-     * Verifies the admin user cannot update a group.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testGroupPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root";
-
-        // create the entity body
-        Map<String, String> formData = new HashMap<>();
-        formData.put("revision", String.valueOf(NiFiTestUser.REVISION));
-        formData.put("clientId", CLIENT_ID);
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPut(url, formData);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // CONTROLLER
-    // ----------------------------------------------
-    /**
-     * Verifies the read only user can retrieve the controller configuration.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testControllerConfigurationGet() throws Exception {
-        String url = BASE_URL + "/controller/config";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the results
-        ControllerConfigurationEntity entity = response.getEntity(ControllerConfigurationEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getConfig());
-        Assert.assertEquals(10, entity.getConfig().getMaxTimerDrivenThreadCount().intValue());
-        Assert.assertEquals(5, entity.getConfig().getMaxEventDrivenThreadCount().intValue());
-        Assert.assertEquals(30, entity.getConfig().getAutoRefreshIntervalSeconds().intValue());
-    }
-
-    /**
-     * Verifies the read only user cannot update the controller configuration.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testControllerConfigurationPut() throws Exception {
-        String url = BASE_URL + "/controller/config";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ControllerConfigurationEntity entity = new ControllerConfigurationEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies the read only user cannot create a new flow archive.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testFlowConfigurationArchivePost() throws Exception {
-        String url = BASE_URL + "/controller/archive";
-
-        // create the entity body
-        Map<String, String> formData = new HashMap<>();
-        formData.put("revision", String.valueOf(NiFiTestUser.REVISION));
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPost(url, formData);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies the read only user can retrieve his credentials.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testAuthoritiesGet() throws Exception {
-        String url = BASE_URL + "/controller/authorities";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the result
-        AuthorityEntity entity = response.getEntity(AuthorityEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getAuthorities());
-        Assert.assertEquals(1, entity.getAuthorities().size());
-        Assert.assertEquals("ROLE_MONITOR", entity.getAuthorities().toArray()[0]);
-    }
-
-    /**
-     * Verifies the read only user can retrieve the banners.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testBannersGet() throws Exception {
-        String url = BASE_URL + "/controller/banners";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the result
-        BannerEntity entity = response.getEntity(BannerEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getBanners());
-        Assert.assertEquals("TEST BANNER", entity.getBanners().getHeaderText());
-        Assert.assertEquals("TEST BANNER", entity.getBanners().getFooterText());
-    }
-
-    /**
-     * Verifies the read only user can retrieve the processor types.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorTypesGet() throws Exception {
-        String url = BASE_URL + "/controller/processor-types";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the result
-        ProcessorTypesEntity entity = response.getEntity(ProcessorTypesEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getProcessorTypes());
-        Assert.assertFalse(entity.getProcessorTypes().isEmpty());
-    }
-
-    /**
-     * Verifies the read only user can retrieve the prioritizer types.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testPrioritizerTypesGet() throws Exception {
-        String url = BASE_URL + "/controller/prioritizers";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url);
-
-        // ensure the request is successful
-        Assert.assertEquals(200, response.getStatus());
-
-        // verify the result
-        PrioritizerTypesEntity entity = response.getEntity(PrioritizerTypesEntity.class);
-        Assert.assertNotNull(entity);
-        Assert.assertNotNull(entity.getPrioritizerTypes());
-        Assert.assertFalse(entity.getPrioritizerTypes().isEmpty());
-    }
-
-    // ----------------------------------------------
-    // PROCESS GROUP
-    // ----------------------------------------------
-    /**
-     * Verifies that the admin user can get process groups.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorGroupsGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/process-group-references";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url);
-
-        // get the response
-        ProcessGroupsEntity entity = response.getEntity(ProcessGroupsEntity.class);
-
-        // ensure the request was successful
-        Assert.assertEquals(200, response.getStatus());
-        Assert.assertNotNull(entity.getProcessGroups());
-        Assert.assertEquals(1, entity.getProcessGroups().size());
-    }
-
-    /**
-     * Verifies that the operator user cannot create new process groups.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessGroupPost() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/process-group-references";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ProcessGroupEntity entity = new ProcessGroupEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPost(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the operator user cannot update process group configuration.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessGroupPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/process-group-references/1";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ProcessGroupEntity entity = new ProcessGroupEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the operator user cannot delete process groups.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessGroupDelete() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/process-group-references/1";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testDelete(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // PROCESSOR
-    // ----------------------------------------------
-    /**
-     * Verifies that the admin user can get processors.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorsGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/processors";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url);
-
-        // get the response
-        ProcessorsEntity entity = response.getEntity(ProcessorsEntity.class);
-
-        // ensure the request was successful
-        Assert.assertEquals(200, response.getStatus());
-        Assert.assertNotNull(entity.getProcessors());
-        Assert.assertEquals(2, entity.getProcessors().size());
-    }
-
-    /**
-     * Verifies that the read only user cannot create new processors.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorPost() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/processors";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ProcessorEntity entity = new ProcessorEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPost(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the read only user cannot create new processors.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/processors/1";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ProcessorEntity entity = new ProcessorEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the read only user cannot delete processors.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testProcessorDelete() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/processors/1";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testDelete(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // CONNECTION
-    // ----------------------------------------------
-    /**
-     * Verifies that the admin user can get connections.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testConnectionsGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/connections";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url);
-
-        // get the response
-        ConnectionsEntity entity = response.getEntity(ConnectionsEntity.class);
-
-        // ensure the request was successful
-        Assert.assertEquals(200, response.getStatus());
-        Assert.assertNotNull(entity.getConnections());
-        Assert.assertEquals(1, entity.getConnections().size());
-    }
-
-    /**
-     * Verifies that the read only user cannot create connections.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testConnectionPost() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/connections";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ConnectionEntity entity = new ConnectionEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPost(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the read only user cannot create connections.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testConnectionPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/connections/1";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        ConnectionEntity entity = new ConnectionEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the read only user cannot delete connections.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testConnectionDelete() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/connections/1";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testDelete(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // INPUT PORTS
-    // ----------------------------------------------
-    /**
-     * Verifies that the admin user can get input ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testInputPortsGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/input-ports";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url);
-
-        // get the response
-        InputPortsEntity entity = response.getEntity(InputPortsEntity.class);
-
-        // ensure the request was successful
-        Assert.assertEquals(200, response.getStatus());
-        Assert.assertNotNull(entity.getInputPorts());
-        Assert.assertEquals(1, entity.getInputPorts().size());
-    }
-
-    /**
-     * Verifies that the admin user cannot create input ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testInputPortPost() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/input-ports";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        PortEntity entity = new PortEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPost(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the admin user cannot create input ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testInputPortPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/input-ports/1";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        PortEntity entity = new PortEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the admin user cannot delete input ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testInputPortDelete() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/input-ports/1";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testDelete(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // OUTPUT PORTS
-    // ----------------------------------------------
-    /**
-     * Verifies that the admin user can get output ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testOutputPortsGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/output-ports";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url);
-
-        // get the response
-        OutputPortsEntity entity = response.getEntity(OutputPortsEntity.class);
-
-        // ensure the request was successful
-        Assert.assertEquals(200, response.getStatus());
-        Assert.assertNotNull(entity.getOutputPorts());
-        Assert.assertEquals(1, entity.getOutputPorts().size());
-    }
-
-    /**
-     * Verifies that the admin user cannot create output ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testOutputPortPost() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/output-ports";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        PortEntity entity = new PortEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPost(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the admin user cannot create input ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testOutputPortPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/output-ports/1";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setClientId(CLIENT_ID);
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        PortEntity entity = new PortEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the admin user cannot delete output ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testOutputPortDelete() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/output-ports/1";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testDelete(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // LABEL
-    // ----------------------------------------------
-    /**
-     * Verifies that the admin user can get input ports.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testLabelsGet() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/labels";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url);
-
-        // get the response
-        LabelsEntity entity = response.getEntity(LabelsEntity.class);
-
-        // ensure the request was successful
-        Assert.assertEquals(200, response.getStatus());
-        Assert.assertNotNull(entity.getLabels());
-        Assert.assertEquals(1, entity.getLabels().size());
-    }
-
-    /**
-     * Verifies that the read only user cannot create labels.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testLabelPost() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/labels";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        LabelEntity entity = new LabelEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPost(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the read only user cannot create labels.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testLabelPut() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/labels/1";
-
-        // create the revision
-        final RevisionDTO revision = new RevisionDTO();
-        revision.setVersion(NiFiTestUser.REVISION);
-
-        // create the entity body
-        LabelEntity entity = new LabelEntity();
-        entity.setRevision(revision);
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPut(url, entity);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies that the read only user cannot delete labels.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testLabelDelete() throws Exception {
-        String url = BASE_URL + "/controller/process-groups/root/labels/1";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testDelete(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // HISTORY
-    // ----------------------------------------------
-    /**
-     * Tests the ability to retrieve the NiFi history.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testHistoryGet() throws Exception {
-        String url = BASE_URL + "/controller/history";
-
-        Map<String, String> queryParams = new HashMap<>();
-        queryParams.put("offset", "1");
-        queryParams.put("count", "1");
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url, queryParams);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(200, response.getStatus());
-    }
-
-    /**
-     * Tests the ability to retrieve a specific action.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testActionGet() throws Exception {
-        int nonExistentActionId = 98775;
-        String url = BASE_URL + "/controller/history/" + nonExistentActionId;
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(404, response.getStatus());
-    }
-
-    /**
-     * Verifies the read only user cannot purge history.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testHistoryDelete() throws Exception {
-        String url = BASE_URL + "/controller/history";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testDelete(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    // ----------------------------------------------
-    // USER
-    // ----------------------------------------------
-    /**
-     * Tests the ability to retrieve the NiFi users.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testUsersGet() throws Exception {
-        String url = BASE_URL + "/controller/users";
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Tests the ability to retrieve a specific user.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testUserGet() throws Exception {
-        int nonExistentUserId = 98775;
-        String url = BASE_URL + "/controller/users/" + nonExistentUserId;
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testGet(url);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    /**
-     * Verifies the admin user can update a person.
-     *
-     * @throws Exception ex
-     */
-    @Test
-    public void testUserPut() throws Exception {
-        int nonExistentUserId = 98775;
-        String url = BASE_URL + "/controller/users/" + nonExistentUserId;
-
-        // create the form data
-        Map<String, String> formData = new HashMap<>();
-        formData.put("status", "DISABLED");
-
-        // perform the request
-        ClientResponse response = READ_ONLY_USER.testPut(url, formData);
-
-        // ensure the request is failed with a forbidden status code
-        Assert.assertEquals(403, response.getStatus());
-    }
-
-    @AfterClass
-    public static void cleanup() throws Exception {
-        // shutdown the server
-        if (SERVER != null) {
-            SERVER.shutdownServer();
-        }
-        SERVER = null;
-
-        // look for the flow.xml
-        File flow = new File(FLOW_XML_PATH);
-        if (flow.exists()) {
-            flow.delete();
-        }
-    }
-}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiFlowTestAuthorizer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiFlowTestAuthorizer.java
new file mode 100644
index 0000000000..07d69067a4
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiFlowTestAuthorizer.java
@@ -0,0 +1,87 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.integration.util;
+
+import org.apache.nifi.authorization.AuthorizationRequest;
+import org.apache.nifi.authorization.AuthorizationResult;
+import org.apache.nifi.authorization.Authorizer;
+import org.apache.nifi.authorization.AuthorizerConfigurationContext;
+import org.apache.nifi.authorization.AuthorizerInitializationContext;
+import org.apache.nifi.authorization.RequestAction;
+import org.apache.nifi.authorization.exception.AuthorizationAccessException;
+import org.apache.nifi.authorization.exception.AuthorizerCreationException;
+import org.apache.nifi.authorization.resource.ResourceFactory;
+
+/**
+ *
+ */
+public class NiFiFlowTestAuthorizer implements Authorizer {
+
+    public static final String NO_POLICY_COMPONENT_NAME = "No policies";
+
+    public static final String PROXY_DN = "CN=localhost, OU=Apache NiFi, O=Apache, L=Santa Monica, ST=CA, C=US";
+
+    public static final String NONE_USER_DN = "none@nifi";
+    public static final String READ_USER_DN = "read@nifi";
+    public static final String WRITE_USER_DN = "write@nifi";
+    public static final String READ_WRITE_USER_DN = "readwrite@nifi";
+
+    public static final String TOKEN_USER = "user@nifi";
+
+    /**
+     * Creates a new FileAuthorizationProvider.
+     */
+    public NiFiFlowTestAuthorizer() {
+    }
+
+    @Override
+    public void initialize(AuthorizerInitializationContext initializationContext) throws AuthorizerCreationException {
+    }
+
+    @Override
+    public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
+    }
+
+    @Override
+    public AuthorizationResult authorize(AuthorizationRequest request) throws AuthorizationAccessException {
+        // allow proxy
+        if (ResourceFactory.getProxyResource().getIdentifier().equals(request.getResource().getIdentifier()) && PROXY_DN.equals(request.getIdentity())) {
+            return AuthorizationResult.approved();
+        }
+
+        // read access
+        if (READ_USER_DN.equals(request.getIdentity()) || READ_WRITE_USER_DN.equals(request.getIdentity())) {
+            if (RequestAction.READ.equals(request.getAction())) {
+                return AuthorizationResult.approved();
+            }
+        }
+
+        // write access
+        if (WRITE_USER_DN.equals(request.getIdentity()) || READ_WRITE_USER_DN.equals(request.getIdentity())) {
+            if (RequestAction.WRITE.equals(request.getAction())) {
+                return AuthorizationResult.approved();
+            }
+        }
+
+        return AuthorizationResult.denied();
+    }
+
+    @Override
+    public void preDestruction() {
+    }
+
+}
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizer.java
index 419235f2f7..f5d70cf7ec 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizer.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizer.java
@@ -27,7 +27,7 @@ import org.apache.nifi.authorization.exception.AuthorizerCreationException;
 import org.apache.nifi.authorization.resource.ResourceFactory;
 
 /**
- *
+ * Contains extra rules to convenience when in component based access control tests.
  */
 public class NiFiTestAuthorizer implements Authorizer {
 
@@ -63,7 +63,7 @@ public class NiFiTestAuthorizer implements Authorizer {
             return AuthorizationResult.approved();
         }
 
-        // allow flow
+        // allow flow for all users unless explicitly disable
         if (ResourceFactory.getFlowResource().getIdentifier().equals(request.getResource().getIdentifier())) {
             return AuthorizationResult.approved();
         }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestUser.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestUser.java
index 80b3384a6f..77f8910e67 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestUser.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestUser.java
@@ -30,8 +30,6 @@ import java.util.Map;
  */
 public class NiFiTestUser {
 
-    public static final long REVISION = 0L;
-
     private final Client client;
     private final String proxyDn;
 
@@ -100,7 +98,7 @@ public class NiFiTestUser {
         }
 
         // get the builder
-        WebResource.Builder builder = addProxiedEntities(resource.accept(MediaType.APPLICATION_JSON));
+        WebResource.Builder builder = addProxiedEntities(resource.getRequestBuilder());
 
         // append any headers
         if (headers != null && !headers.isEmpty()) {
@@ -147,7 +145,7 @@ public class NiFiTestUser {
      */
     public ClientResponse testPostWithHeaders(String url, Object entity, Map<String, String> headers) throws Exception {
         // get the resource
-        WebResource.Builder resourceBuilder = addProxiedEntities(client.resource(url).accept(MediaType.APPLICATION_JSON).type(MediaType.APPLICATION_JSON));
+        WebResource.Builder resourceBuilder = addProxiedEntities(client.resource(url).type(MediaType.APPLICATION_JSON));
 
         // include the request entity
         if (entity != null) {
@@ -235,7 +233,7 @@ public class NiFiTestUser {
         }
 
         // get the resource
-        WebResource.Builder resourceBuilder = addProxiedEntities(client.resource(url).accept(MediaType.APPLICATION_JSON).type(MediaType.APPLICATION_FORM_URLENCODED));
+        WebResource.Builder resourceBuilder = addProxiedEntities(client.resource(url).type(MediaType.APPLICATION_FORM_URLENCODED));
 
         // add the form data if necessary
         if (!entity.isEmpty()) {
@@ -276,7 +274,7 @@ public class NiFiTestUser {
      */
     public ClientResponse testPutWithHeaders(String url, Object entity, Map<String, String> headers) throws Exception {
         // get the resource
-        WebResource.Builder resourceBuilder = addProxiedEntities(client.resource(url).accept(MediaType.APPLICATION_JSON).type(MediaType.APPLICATION_JSON));
+        WebResource.Builder resourceBuilder = addProxiedEntities(client.resource(url).type(MediaType.APPLICATION_JSON));
 
         // include the request entity
         if (entity != null) {
@@ -323,7 +321,7 @@ public class NiFiTestUser {
         }
 
         // get the resource
-        WebResource.Builder resourceBuilder = addProxiedEntities(client.resource(url).accept(MediaType.APPLICATION_JSON).type(MediaType.APPLICATION_FORM_URLENCODED));
+        WebResource.Builder resourceBuilder = addProxiedEntities(client.resource(url).type(MediaType.APPLICATION_FORM_URLENCODED));
 
         // add the form data if necessary
         if (!entity.isEmpty()) {
@@ -362,7 +360,7 @@ public class NiFiTestUser {
      */
     public ClientResponse testDeleteWithHeaders(String url, Map<String, String> headers) throws Exception {
         // get the resource
-        WebResource.Builder resourceBuilder = addProxiedEntities(client.resource(url).accept(MediaType.APPLICATION_JSON));
+        WebResource.Builder resourceBuilder = addProxiedEntities(client.resource(url).getRequestBuilder());
 
         // append any headers
         if (headers != null && !headers.isEmpty()) {
@@ -395,7 +393,7 @@ public class NiFiTestUser {
         }
 
         // perform the request
-        return addProxiedEntities(resource.accept(MediaType.APPLICATION_JSON).type(MediaType.APPLICATION_FORM_URLENCODED)).delete(ClientResponse.class);
+        return addProxiedEntities(resource.type(MediaType.APPLICATION_FORM_URLENCODED)).delete(ClientResponse.class);
     }
 
     /**
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/TestSiteToSiteResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/TestSiteToSiteResource.java
index 6457067d17..79cb623942 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/TestSiteToSiteResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/web/api/TestSiteToSiteResource.java
@@ -83,7 +83,7 @@ public class TestSiteToSiteResource {
         final SiteToSiteResource resource = new SiteToSiteResource();
         resource.setProperties(NiFiProperties.getInstance());
         resource.setServiceFacade(serviceFacade);
-        final Response response = resource.getController(req);
+        final Response response = resource.getSiteToSite(req);
 
         ControllerEntity resultEntity = (ControllerEntity)response.getEntity();
 
@@ -110,7 +110,7 @@ public class TestSiteToSiteResource {
         final SiteToSiteResource resource = new SiteToSiteResource();
         resource.setProperties(NiFiProperties.getInstance());
         resource.setServiceFacade(serviceFacade);
-        final Response response = resource.getController(req);
+        final Response response = resource.getSiteToSite(req);
 
         ControllerEntity resultEntity = (ControllerEntity)response.getEntity();
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.Authorizer b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.Authorizer
index e7d65f492c..09116c92eb 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.Authorizer
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.Authorizer
@@ -12,4 +12,5 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-org.apache.nifi.integration.util.NiFiTestAuthorizer
\ No newline at end of file
+org.apache.nifi.integration.util.NiFiTestAuthorizer
+org.apache.nifi.integration.util.NiFiFlowTestAuthorizer
\ No newline at end of file
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/authorizers.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/authorizers.xml
index 18161d6118..201c370f12 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/authorizers.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/authorizers.xml
@@ -21,4 +21,8 @@
         <identifier>test-provider</identifier>
         <class>org.apache.nifi.integration.util.NiFiTestAuthorizer</class>
     </authorizer>
+    <authorizer>
+        <identifier>flow-test-provider</identifier>
+        <class>org.apache.nifi.integration.util.NiFiFlowTestAuthorizer</class>
+    </authorizer>
 </authorizers>
\ No newline at end of file
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/jquery/propertytable/jquery.propertytable.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/jquery/propertytable/jquery.propertytable.js
index 4c8478c244..aba2841b7f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/jquery/propertytable/jquery.propertytable.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/jquery/propertytable/jquery.propertytable.js
@@ -956,6 +956,11 @@
 
                     // build the controller service entity
                     var controllerServiceEntity = {
+                        'revision': nf.Client.getRevision({
+                            'revision': {
+                                'version': 0,
+                            }
+                        }),
                         'component': {
                             'type': newControllerServiceType
                         }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-funnel-component.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-funnel-component.js
index 0823756e47..99e8a9d11b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-funnel-component.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-funnel-component.js
@@ -74,6 +74,11 @@ nf.ng.FunnelComponent = function (serviceProvider) {
          */
         createFunnel: function(pt) {
             var outputPortEntity = {
+                'revision': nf.Client.getRevision({
+                    'revision': {
+                        'version': 0
+                    }
+                }),
                 'component': {
                     'position': {
                         'x': pt.x,
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-group-component.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-group-component.js
index 046748f799..fb08a9d030 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-group-component.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-group-component.js
@@ -28,6 +28,11 @@ nf.ng.GroupComponent = function (serviceProvider) {
      */
     var createGroup = function (groupName, pt) {
         var processGroupEntity = {
+            'revision': nf.Client.getRevision({
+                'revision': {
+                    'version': 0
+                }
+            }),
             'component': {
                 'name': groupName,
                 'position': {
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-input-port-component.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-input-port-component.js
index 7f6654ed5e..287a10e4ab 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-input-port-component.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-input-port-component.js
@@ -28,6 +28,11 @@ nf.ng.InputPortComponent = function (serviceProvider) {
      */
     var createInputPort = function (portName, pt) {
         var inputPortEntity = {
+            'revision': nf.Client.getRevision({
+                'revision': {
+                    'version': 0
+                }
+            }),
             'component': {
                 'name': portName,
                 'position': {
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-label-component.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-label-component.js
index 307dd3c1bf..aab216b1ed 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-label-component.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-label-component.js
@@ -74,6 +74,11 @@ nf.ng.LabelComponent = function (serviceProvider) {
          */
         createLabel: function(pt) {
             var labelEntity = {
+                'revision': nf.Client.getRevision({
+                    'revision': {
+                        'version': 0
+                    }
+                }),
                 'component': {
                     'width': nf.Label.config.width,
                     'height': nf.Label.config.height,
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-output-port-component.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-output-port-component.js
index 7dda894eb9..f7f4fead4b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-output-port-component.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-output-port-component.js
@@ -28,6 +28,11 @@ nf.ng.OutputPortComponent = function (serviceProvider) {
      */
     var createOutputPort = function (portName, pt) {
         var outputPortEntity = {
+            'revision': nf.Client.getRevision({
+                'revision': {
+                    'version': 0
+                }
+            }),
             'component': {
                 'name': portName,
                 'position': {
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-processor-component.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-processor-component.js
index 8181d40729..9514874e70 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-processor-component.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-processor-component.js
@@ -202,6 +202,11 @@ nf.ng.ProcessorComponent = function (serviceProvider) {
      */
     var createProcessor = function (name, processorType, pt) {
         var processorEntity = {
+            'revision': nf.Client.getRevision({
+                'revision': {
+                    'version': 0
+                }
+            }),
             'component': {
                 'type': processorType,
                 'name': name,
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-remote-process-group-component.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-remote-process-group-component.js
index 3f862caebd..77ddfa4862 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-remote-process-group-component.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/header/components/nf-ng-remote-process-group-component.js
@@ -28,6 +28,11 @@ nf.ng.RemoteProcessGroupComponent = function (serviceProvider) {
     var createRemoteProcessGroup = function (pt) {
 
         var remoteProcessGroupEntity = {
+            'revision': nf.Client.getRevision({
+                'revision': {
+                    'version': 0
+                }
+            }),
             'component': {
                 'targetUri': $('#new-remote-process-group-uri').val(),
                 'position': {
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js
index 0f8c9e3849..d8331cfee0 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js
@@ -131,8 +131,8 @@ nf.Canvas = (function () {
             kerberos: '../nifi-api/access/kerberos',
             revision: '../nifi-api/flow/revision',
             banners: '../nifi-api/flow/banners',
-            controllerConfig: '../nifi-api/controller/config',
-            cluster: '../nifi-api/cluster'
+            flowConfig: '../nifi-api/flow/config',
+            cluster: '../nifi-api/controller/cluster'
         }
     };
     
@@ -811,7 +811,7 @@ nf.Canvas = (function () {
                 // get the controller config to register the status poller
                 var configXhr = $.ajax({
                     type: 'GET',
-                    url: config.urls.controllerConfig,
+                    url: config.urls.flowConfig,
                     dataType: 'json'
                 });
 
@@ -842,7 +842,7 @@ nf.Canvas = (function () {
                     nf.Canvas.CANVAS_OFFSET = canvasContainer.offset().top;
 
                     // get the config details
-                    var configDetails = configResponse.config;
+                    var configDetails = configResponse.flowConfiguration;
 
                     // when both request complete, load the application
                     isClusteredRequest.done(function () {
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-connection-configuration.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-connection-configuration.js
index b4f6ba0375..e6593cd240 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-connection-configuration.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-connection-configuration.js
@@ -864,6 +864,11 @@ nf.ConnectionConfiguration = (function () {
 
         if (validateSettings()) {
             var connectionEntity = {
+                'revision': nf.Client.getRevision({
+                    'revision': {
+                        'version': 0
+                    }
+                }),
                 'component': {
                     'name': connectionName,
                     'source': {
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-service.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-service.js
index 16d778727a..5f1954b88f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-service.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-service.js
@@ -1691,7 +1691,7 @@ nf.ControllerService = (function () {
             // get the controller service history
             var loadHistory = $.ajax({
                 type: 'GET',
-                url: '../nifi-api/history/controller-services/' + encodeURIComponent(controllerServiceEntity.id),
+                url: '../nifi-api/flow/history/components/' + encodeURIComponent(controllerServiceEntity.id),
                 dataType: 'json'
             });
 
@@ -1856,7 +1856,7 @@ nf.ControllerService = (function () {
             // get the controller service history
             var loadHistory = $.ajax({
                 type: 'GET',
-                url: '../nifi-api/history/controller-services/' + encodeURIComponent(controllerServiceEntity.id),
+                url: '../nifi-api/flow/history/components/' + encodeURIComponent(controllerServiceEntity.id),
                 dataType: 'json'
             });
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-services.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-services.js
index 66d57a2d59..24c8a38e63 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-services.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-services.js
@@ -218,6 +218,11 @@ nf.ControllerServices = (function () {
     var addControllerService = function (controllerServicesUri, serviceTable, controllerServiceType) {
         // build the controller service entity
         var controllerServiceEntity = {
+            'revision': nf.Client.getRevision({
+                'revision': {
+                    'version': 0
+                }
+            }),
             'component': {
                 'type': controllerServiceType
             }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-processor-configuration.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-processor-configuration.js
index 536f39b0fe..d7c4c358dd 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-processor-configuration.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-processor-configuration.js
@@ -576,7 +576,7 @@ nf.ProcessorConfiguration = (function () {
                 // get the processor history
                 requests.push($.ajax({
                     type: 'GET',
-                    url: '../nifi-api/history/processors/' + encodeURIComponent(processor.id),
+                    url: '../nifi-api/flow/history/components/' + encodeURIComponent(processor.id),
                     dataType: 'json'
                 }));
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-reporting-task.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-reporting-task.js
index 6e1a9d63ec..c0b4cc39cc 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-reporting-task.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-reporting-task.js
@@ -392,7 +392,7 @@ nf.ReportingTask = (function () {
             // get the reporting task history
             var loadHistory = $.ajax({
                 type: 'GET',
-                url: '../nifi-api/history/reporting-tasks/' + encodeURIComponent(reportingTaskEntity.id),
+                url: '../nifi-api/flow/history/components/' + encodeURIComponent(reportingTaskEntity.id),
                 dataType: 'json'
             });
 
@@ -595,7 +595,7 @@ nf.ReportingTask = (function () {
             // get the reporting task history
             var loadHistory = $.ajax({
                 type: 'GET',
-                url: '../nifi-api/history/reporting-tasks/' + encodeURIComponent(reportingTaskEntity.id),
+                url: '../nifi-api/flow/history/components/' + encodeURIComponent(reportingTaskEntity.id),
                 dataType: 'json'
             });
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js
index e3744c6890..707cecf278 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js
@@ -67,7 +67,7 @@ nf.Settings = (function () {
                     'version': version
                 }
             }),
-            'config': configuration
+            'controllerConfiguration': configuration
         };
 
         // save the new configuration details
@@ -358,6 +358,11 @@ nf.Settings = (function () {
     var addReportingTask = function (reportingTaskType) {
         // build the reporting task entity
         var reportingTaskEntity = {
+            'revision': nf.Client.getRevision({
+                'revision': {
+                    'version': 0
+                }
+            }),
             'component': {
                 'type': reportingTaskType
             }
@@ -836,12 +841,12 @@ nf.Settings = (function () {
                 dataType: 'json'
             }).done(function (response) {
                 // update the current time
-                $('#settings-last-refreshed').text(response.config.currentTime);
+                $('#settings-last-refreshed').text(response.currentTime);
 
                 if (response.accessPolicy.canWrite) {
                     // populate the settings
-                    $('#maximum-timer-driven-thread-count-field').removeClass('unset').val(response.config.maxTimerDrivenThreadCount);
-                    $('#maximum-event-driven-thread-count-field').removeClass('unset').val(response.config.maxEventDrivenThreadCount);
+                    $('#maximum-timer-driven-thread-count-field').removeClass('unset').val(response.controllerConfiguration.maxTimerDrivenThreadCount);
+                    $('#maximum-event-driven-thread-count-field').removeClass('unset').val(response.controllerConfiguration.maxEventDrivenThreadCount);
 
                     setEditable(true);
 
@@ -852,8 +857,8 @@ nf.Settings = (function () {
                 } else {
                     if (response.accessPolicy.canRead) {
                         // populate the settings
-                        $('#read-only-maximum-timer-driven-thread-count-field').removeClass('unset').text(response.config.maxTimerDrivenThreadCount);
-                        $('#read-only-maximum-event-driven-thread-count-field').removeClass('unset').text(response.config.maxEventDrivenThreadCount);
+                        $('#read-only-maximum-timer-driven-thread-count-field').removeClass('unset').text(response.controllerConfiguration.maxTimerDrivenThreadCount);
+                        $('#read-only-maximum-event-driven-thread-count-field').removeClass('unset').text(response.controllerConfiguration.maxEventDrivenThreadCount);
                     } else {
                         setUnauthorizedText();
                     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/cluster/nf-cluster-table.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/cluster/nf-cluster-table.js
index 29a2d4e149..47a83e0b00 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/cluster/nf-cluster-table.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/cluster/nf-cluster-table.js
@@ -29,7 +29,7 @@ nf.ClusterTable = (function () {
         },
         urls: {
             cluster: '../nifi-api/cluster',
-            nodes: '../nifi-api/cluster/nodes'
+            nodes: '../nifi-api/controller/cluster/nodes'
         }
     };
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/counters/nf-counters-table.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/counters/nf-counters-table.js
index 4114636303..e9c5228446 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/counters/nf-counters-table.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/counters/nf-counters-table.js
@@ -27,7 +27,7 @@ nf.CountersTable = (function () {
             filterList: 'counters-filter-list'
         },
         urls: {
-            counters: '../nifi-api/controller/counters'
+            counters: '../nifi-api/counters'
         }
     };
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-model.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-model.js
index 695912ce58..5a7ff92a1a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-model.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-model.js
@@ -123,7 +123,7 @@
                 // perform query...
                 var xhr = $.ajax({
                     type: 'GET',
-                    url: '../nifi-api/history',
+                    url: '../nifi-api/flow/history',
                     data: query,
                     dataType: 'json'
                 }).done(function (response) {
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-table.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-table.js
index c1c8e93cfe..83f21d8e07 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-table.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-table.js
@@ -31,7 +31,7 @@ nf.HistoryTable = (function () {
             hidden: 'hidden'
         },
         urls: {
-            history: '../nifi-api/history'
+            history: '../nifi-api/controller/history'
         }
     };
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-processor-details.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-processor-details.js
index 1efcb8377f..466cfd993b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-processor-details.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-processor-details.js
@@ -187,7 +187,7 @@ nf.ProcessorDetails = (function () {
             // get the processor history
             var getProcessorHistory = $.ajax({
                 type: 'GET',
-                url: '../nifi-api/history/processors/' + encodeURIComponent(processorId),
+                url: '../nifi-api/flow/history/components/' + encodeURIComponent(processorId),
                 dataType: 'json'
             }).done(function (response) {
                 var processorHistory = response.componentHistory;
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/provenance/nf-provenance-table.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/provenance/nf-provenance-table.js
index 3771b1ae28..d9f7a84dc3 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/provenance/nf-provenance-table.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/provenance/nf-provenance-table.js
@@ -35,7 +35,7 @@ nf.ProvenanceTable = (function () {
             searchOptions: '../nifi-api/provenance/search-options',
             replays: '../nifi-api/provenance/replays',
             provenance: '../nifi-api/provenance',
-            cluster: '../nifi-api/cluster',
+            cluster: '../nifi-api/controller/cluster',
             d3Script: 'js/d3/d3.min.js',
             lineageScript: 'js/nf/provenance/nf-provenance-lineage.js',
             uiExtensionToken: '../nifi-api/access/ui-extension-token',
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/provenance/nf-provenance.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/provenance/nf-provenance.js
index cbc0ea18ed..568d7e012d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/provenance/nf-provenance.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/provenance/nf-provenance.js
@@ -34,7 +34,7 @@ nf.Provenance = (function () {
      */
     var config = {
         urls: {
-            cluster: '../nifi-api/cluster',
+            cluster: '../nifi-api/controller/cluster',
             banners: '../nifi-api/flow/banners',
             about: '../nifi-api/flow/about',
             authorities: '../nifi-api/flow/authorities'
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-cluster-search.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-cluster-search.js
index 7761c74146..8162c2cd8a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-cluster-search.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-cluster-search.js
@@ -21,7 +21,7 @@ nf.ClusterSearch = (function () {
     var config = {
         search: 'Search nodes',
         urls: {
-            clusterSearch: '../nifi-api/cluster/search-results'
+            clusterSearch: '../nifi-api/controller/cluster/search-results'
         }
     };
 
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-summary-table.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-summary-table.js
index 621428b8b3..60427039f5 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-summary-table.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-summary-table.js
@@ -29,7 +29,7 @@ nf.SummaryTable = (function () {
             api: '../nifi-api',
             status: '../nifi-api/flow/process-groups/root/status',
             systemDiagnostics: '../nifi-api/system-diagnostics',
-            controllerConfig: '../nifi-api/controller/config'
+            flowConfig: '../nifi-api/flow/config'
         }
     };
 
@@ -2715,10 +2715,10 @@ nf.SummaryTable = (function () {
                 // get the controller config to get the server offset
                 var configRequest = $.ajax({
                     type: 'GET',
-                    url: config.urls.controllerConfig,
+                    url: config.urls.flowConfig,
                     dataType: 'json'
                 }).done(function (configResponse) {
-                    var configDetails = configResponse.config;
+                    var configDetails = configResponse.flowConfiguration;
 
                     // initialize the chart
                     nf.StatusHistory.init(configDetails.timeOffset);
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-summary.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-summary.js
index ff1e0952c3..92a7684a4f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-summary.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-summary.js
@@ -68,7 +68,7 @@ nf.Summary = (function () {
         urls: {
             banners: '../nifi-api/flow/banners',
             about: '../nifi-api/flow/about',
-            cluster: '../nifi-api/cluster'
+            cluster: '../nifi-api/controller/cluster'
         }
     };
 
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetJMSQueue.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetJMSQueue.java
index 2e891bc16e..94d8c9cddd 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetJMSQueue.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestGetJMSQueue.java
@@ -16,22 +16,6 @@
  */
 package org.apache.nifi.processors.standard;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-import java.io.ByteArrayOutputStream;
-import java.io.PrintStream;
-import java.lang.reflect.Field;
-import java.util.List;
-
-import javax.jms.BytesMessage;
-import javax.jms.MapMessage;
-import javax.jms.Message;
-import javax.jms.MessageProducer;
-import javax.jms.ObjectMessage;
-import javax.jms.Session;
-import javax.jms.StreamMessage;
-
 import org.apache.nifi.processor.Relationship;
 import org.apache.nifi.processors.standard.util.JmsFactory;
 import org.apache.nifi.processors.standard.util.JmsProperties;
@@ -44,6 +28,21 @@ import org.junit.Test;
 import org.slf4j.LoggerFactory;
 import org.slf4j.impl.SimpleLogger;
 
+import javax.jms.BytesMessage;
+import javax.jms.MapMessage;
+import javax.jms.Message;
+import javax.jms.MessageProducer;
+import javax.jms.ObjectMessage;
+import javax.jms.Session;
+import javax.jms.StreamMessage;
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+import java.lang.reflect.Field;
+import java.util.List;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
 public class TestGetJMSQueue {
 
     @Test
@@ -264,7 +263,7 @@ public class TestGetJMSQueue {
         final MessageProducer producer = wrappedProducer.getProducer();
 
         // Revision class is used because test just needs any Serializable class in core NiFi
-        final ObjectMessage message = jmsSession.createObjectMessage(new Revision(1L, "ID"));
+        final ObjectMessage message = jmsSession.createObjectMessage(new Revision(1L, "ID", "COMP_ID"));
 
         producer.send(message);
         jmsSession.commit();
diff --git a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-reporting-tasks/src/test/java/org/apache/nifi/controller/MonitorMemoryTest.java b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-reporting-tasks/src/test/java/org/apache/nifi/controller/MonitorMemoryTest.java
index 7109537953..1eb3334c30 100644
--- a/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-reporting-tasks/src/test/java/org/apache/nifi/controller/MonitorMemoryTest.java
+++ b/nifi-nar-bundles/nifi-standard-bundle/nifi-standard-reporting-tasks/src/test/java/org/apache/nifi/controller/MonitorMemoryTest.java
@@ -16,13 +16,6 @@
  */
 package org.apache.nifi.controller;
 
-import static org.junit.Assert.assertTrue;
-import static org.mockito.Mockito.mock;
-
-import java.io.File;
-import java.lang.reflect.Field;
-import java.lang.reflect.Modifier;
-
 import org.apache.commons.io.FileUtils;
 import org.apache.nifi.admin.service.AuditService;
 import org.apache.nifi.authorization.Authorizer;
@@ -36,6 +29,13 @@ import org.junit.Ignore;
 import org.junit.Test;
 import org.slf4j.Logger;
 
+import java.io.File;
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
+
+import static org.junit.Assert.assertTrue;
+import static org.mockito.Mockito.mock;
+
 public class MonitorMemoryTest {
 
     private FlowController fc;
diff --git a/nifi-nar-bundles/nifi-update-attribute-bundle/nifi-update-attribute-ui/src/main/java/org/apache/nifi/update/attributes/api/RuleResource.java b/nifi-nar-bundles/nifi-update-attribute-bundle/nifi-update-attribute-ui/src/main/java/org/apache/nifi/update/attributes/api/RuleResource.java
index 8eddfbcd24..4158218723 100644
--- a/nifi-nar-bundles/nifi-update-attribute-bundle/nifi-update-attribute-ui/src/main/java/org/apache/nifi/update/attributes/api/RuleResource.java
+++ b/nifi-nar-bundles/nifi-update-attribute-bundle/nifi-update-attribute-ui/src/main/java/org/apache/nifi/update/attributes/api/RuleResource.java
@@ -660,7 +660,7 @@ public class RuleResource {
 
             @Override
             public Revision getRevision() {
-                return new Revision(revision, clientId);
+                return new Revision(revision, clientId, processorId);
             }
         };
     }