mirror of https://github.com/apache/nifi.git
101 Commits
Author | SHA1 | Message | Date |
---|---|---|---|
Matt Gilman | aaf14c45c9 |
NIFI-655:
- Refactoring web security to use Spring Security Java Configuration. - Introducing security in Web UI in order to get JWT. NIFI-655: - Setting up the resources (js/css) for the login page. NIFI-655: - Adding support for configuring anonymous roles. - Addressing checkstyle violations. NIFI-655: - Moving to token api to web-api. - Creating an LoginProvider API for user/pass based authentication. - Creating a module for funneling access to the authorized useres. NIFI-655: - Moving away from usage of DN to identity throughout the application (from the user db to the authorization provider). - Updating the authorized users schema to support login users. - Creating an extension point for authentication of users based on username/password. NIFI-655: - Creating an endpoint for returning the identity of the current user. - Updating the LoginAuthenticationFilter. NIFI-655: - Moving NiFi registration to the login page. - Running the authentication filters in a different order to ensure we can disambiguate each case. - Starting to layout each case... Forbidden, Login, Create User, Create NiFi Account. NIFI-655: - Addressing checkstyle issues. NIFI-655: - Making nf-storage available in the login page. - Requiring use of local storage. - Ignoring security for GET requests when obtaining the login configuration. NIFI-655: - Adding a new endpoint to obtain the status of a user registration. - Updated the login page loading to ensure all possible states work. NIFI-655: - Ensuring we know the necessary state before we attempt to render the login page. - Building the proxy chain in the JWT authentication filter. - Only rendering the login when appropriate. NIFI-655: - Starting to style the login page. - Added simple 'login' support by identifying username/password. Issuing JWT token coming... - Added logout support - Rendering the username when appropriate. NIFI-655: - Extracting certificate validation into a utility class. - Fixing checkstyle issues. - Cleaning up the web security context. - Removing proxy chain checking where possible. NIFI-655: - Starting to add support for registration. - Creating registration form. NIFI-655: - Starting to implement the JWT service. - Parsing JWT on client side in order to render who the user currently is when logged in. NIFI-655: - Allowing the user to link back to the log in page from the new account page. - Renaming DN to identity where possible. NIFI-655: - Fixing checkstyle issues. NIFI-655: - Adding more/better support for logging out. NIFI-655: - Fixing checkstyle issues. NIFI-655: - Adding a few new exceptions for the login identity provider. NIFI-655: - Disabling log in by default initially. - Restoring authorization service unit test. NIFI-655: - Fixing checkstyle issues. NIFI-655: - Updating packages for log in filters. - Handling new registration exceptions. - Code clean up. NIFI-655: - Removing registration support. - Removing file based implementation. NIFI-655: - Removing file based implementation. NIFI-655: - Removing unused spring configuration files. NIFI-655: - Making the auto wiring more explicit. NIFI-655: - Removing unused dependencies. NIFI-655: - Removing unused filter. NIFI-655: - Updating the login API authenticate method to use a richer set of exceptions. - UI code clean. NIFI-655: - Ensuring the login identity provider is able to switch context classloaders via the standard NAR mechanisms. NIFI-655: - Initial commit of the LDAP based identity providers. - Fixed issue when attempting to log into a NiFi that does not support new account requests. NIFI-655: - Allowing the ldap provider to specify if client authentication is required/desired. NIFI-655: - Persisting keys to sign user tokens. - Allowing the identity provider to specify the token expiration. - Code clean up. NIFI-655: - Ensuring identities are unique in the key table. NIFI-655: - Adding support for specifying the user search base and user search filter in the active directory provider. NIFI-655: - Fixing checkstyle issues. NIFI-655: - Adding automatic client side token renewal. NIFI-655: - Ensuring the logout link is rendered when appropriate. NIFI-655: - Adding configuration options for referrals and connect/read timeouts NIFI-655: - Added an endpoint for access details including configuration, creating tokens, and checking status. - Updated DTOs and client side to utilize new endpoints. NIFI-655: - Refactoring certificate extraction and validation. - Refactoring how expiration is specified in the login identity providers. - Adding unit tests for the access endpoints. - Code clean up. NIFI-655: - Keeping token expiration between 1 minute and 12 hours. NIFI-655: - Using the user identity provided by the login identity provider. NIFI-655: - Fixed typo in error message for unrecognized authentication strategy. Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com> NIFI-655. - Added logback-test.xml configuration resource for nifi-web-security. Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com> NIFI-655. - Added issuer field to LoginAuthenticationToken. - Updated AccessResource to pass identity provider class name when creating LoginAuthenticationTokens. - Began refactoring JWT logic from request parsing logic in JwtService. - Added unit tests for JWT logic. Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com> NIFI-655. - Changed issuer field to use FQ class name because some classes return an empty string for getSimpleName(). - Finished refactoring JWT logic from request parsing logic in JwtService. - Updated AccessResource and JwtAuthenticationFilter to call new JwtService methods decoupled from request header parsing. - Added extensive unit tests for JWT logic. Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com> NIFI-655: - Refactoring key service to expose the key id. - Handling client side expiration better. - Removing specialized active directory provider and abstract ldap provider. NIFI-655. - Updated JwtService and JwtServiceTest to use Key POJO instead of raw String key from KeyService. Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com> NIFI-655: - Fixing typo when loading the ldap connect timeout. - Providing a better experience for session expiration. - Using ellipsis for lengthly user name. - Adding an issuer to the authentication response so the LIP can specify the appropriate value. NIFI-655: - Showing a logging in notification during the log in process. NIFI-655: - Removing unnecessary class. NIFI-655: - Fixing checkstyle issues. - Showing the progress spinner while submitting account justification. NIFI-655: - Removing deprecated authentication strategy. - Renaming TLS to START_TLS. - Allowing the protocol to be configured. NIFI-655: - Fixing issue detecting the presence of DN column NIFI-655: - Pre-populating the login-identity-providers.xml file with necessary properties and documentation. - Renaming the Authentication Duration property name. NIFI-655: - Updating documentation for the failure response codes. NIFI-655: - Ensuring the user identity is not too long. NIFI-655: - Updating default authentication expiration to 12 hours. NIFI-655: - Remaining on the login form when there is any unsuccessful login attempt. - Fixing checkstyle issues. |