Commit Graph

1475 Commits

Author SHA1 Message Date
Andy LoPresto 7d04dfeac0 NIFI-655. - Changed issuer field to use FQ class name because some classes return an empty string for getSimpleName(). - Finished refactoring JWT logic from request parsing logic in JwtService. - Updated AccessResource and JwtAuthenticationFilter to call new JwtService methods decoupled from request header parsing. - Added extensive unit tests for JWT logic.
Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>
2015-11-18 08:31:39 -05:00
Andy LoPresto 3bc11e13d7 NIFI-655. - Added issuer field to LoginAuthenticationToken. - Updated AccessResource to pass identity provider class name when creating LoginAuthenticationTokens. - Began refactoring JWT logic from request parsing logic in JwtService. - Added unit tests for JWT logic.
Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>
2015-11-18 08:31:23 -05:00
Andy LoPresto caeede5773 NIFI-655. - Added logback-test.xml configuration resource for nifi-web-security.
Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>
2015-11-18 08:31:08 -05:00
Andy LoPresto 45b24a4b60 NIFI-655: - Fixed typo in error message for unrecognized authentication strategy.
Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>
2015-11-18 08:30:44 -05:00
Matt Gilman 16608aa850 NIFI-655:
- Using the user identity provided by the login identity provider.
2015-11-17 19:01:07 -05:00
Matt Gilman 4bb8b137f0 NIFI-655:
- Keeping token expiration between 1 minute and 12 hours.
2015-11-17 18:58:22 -05:00
Matt Gilman a196207725 NIFI-655:
- Refactoring certificate extraction and validation.
- Refactoring how expiration is specified in the login identity providers.
- Adding unit tests for the access endpoints.
- Code clean up.
2015-11-17 17:02:41 -05:00
Matt Gilman 7529694f23 NIFI-655:
- Added an endpoint for access details including configuration, creating tokens, and checking status.
- Updated DTOs and client side to utilize new endpoints.
2015-11-16 21:18:04 -05:00
Matt Gilman 9ccf61aff1 NIFI-655:
- Adding configuration options for referrals and connect/read timeouts
2015-11-16 21:16:23 -05:00
Matt Gilman c659485ee4 NIFI-655:
- Ensuring the logout link is rendered when appropriate.
2015-11-13 16:35:29 -05:00
Matt Gilman 749f4e9be1 NIFI-655:
- Adding automatic client side token renewal.
2015-11-13 16:19:05 -05:00
Matt Gilman 06cb7cfc10 NIFI-655:
- Fixing checkstyle issues.
2015-11-12 21:48:58 -05:00
Matt Gilman 09cb608859 NIFI-655:
- Adding support for specifying the user search base and user search filter in the active directory provider.
2015-11-12 21:37:55 -05:00
Matt Gilman 6f82802f7a NIFI-655:
- Ensuring identities are unique in the key table.
2015-11-12 21:37:10 -05:00
Matt Gilman 5ce44b1fe2 NIFI-655:
- Persisting keys to sign user tokens.
- Allowing the identity provider to specify the token expiration.
- Code clean up.
2015-11-12 15:38:33 -05:00
Matt Gilman b3ae3e3149 NIFI-655:
- Allowing the ldap provider to specify if client authentication is required/desired.
2015-11-12 09:10:29 -05:00
Matt Gilman cfee612a78 NIFI-655:
- Initial commit of the LDAP based identity providers.
- Fixed issue when attempting to log into a NiFi that does not support new account requests.
2015-11-11 19:40:40 -05:00
Matt Gilman 0281e2773f NIFI-655:
- Ensuring the login identity provider is able to switch context classloaders via the standard NAR mechanisms.
2015-11-10 14:58:04 -05:00
Matt Gilman e61ccea7a0 NIFI-655:
- Updating the login API authenticate method to use a richer set of exceptions.
- UI code clean.
2015-11-10 14:55:02 -05:00
Matt Gilman 2e158d15be NIFI-655:
- Removing unused filter.
2015-11-10 12:14:03 -05:00
Matt Gilman e2f7eba7cf NIFI-655:
- Removing unused dependencies.
2015-11-09 21:08:47 -05:00
Matt Gilman a16d8c35c9 NIFI-655:
- Making the auto wiring more explicit.
2015-11-09 17:49:44 -05:00
Matt Gilman 1925392a98 NIFI-655:
- Removing unused spring configuration files.
2015-11-09 17:46:09 -05:00
Matt Gilman 7851a4f506 NIFI-655:
- Removing file based implementation.
2015-11-09 15:01:05 -05:00
Matt Gilman f250560474 NIFI-655:
- Removing registration support.
- Removing file based implementation.
2015-11-09 15:00:33 -05:00
Matt Gilman efa1939fc5 NIFI-655:
- Updating packages for log in filters.
- Handling new registration exceptions.
- Code clean up.
2015-11-09 10:52:18 -05:00
Matt Gilman 1350483d36 NIFI-655:
- Fixing checkstyle issues.
2015-11-09 10:19:18 -05:00
Matt Gilman bed35d81a5 NIFI-655:
- Disabling log in by default initially.
- Restoring authorization service unit test.
2015-11-09 10:04:19 -05:00
Matt Gilman 3cf3addd85 NIFI-655:
- Adding a few new exceptions for the login identity provider.
2015-11-09 09:20:49 -05:00
Matt Gilman 018c0864e3 NIFI-655:
- Fixing checkstyle issues.
2015-11-06 18:28:31 -05:00
Matt Gilman d47c00f00e NIFI-655:
- Adding more/better support for logging out.
2015-11-06 18:06:47 -05:00
Matt Gilman d41b83c19b NIFI-655:
- Fixing checkstyle issues.
2015-11-06 10:10:54 -05:00
Matt Gilman 06a4736a58 NIFI-655:
- Allowing the user to link back to the log in page from the new account page.
- Renaming DN to identity where possible.
2015-11-06 09:55:40 -05:00
Matt Gilman b6d09b86b6 NIFI-655:
- Starting to implement the JWT service.
- Parsing JWT on client side in order to render who the user currently is when logged in.
2015-11-05 18:26:00 -05:00
Matt Gilman 93aa09dace NIFI-655:
- Starting to add support for registration.
- Creating registration form.
2015-11-04 22:03:52 -05:00
Matt Gilman 2214592865 NIFI-655:
- Extracting certificate validation into a utility class.
- Fixing checkstyle issues.
- Cleaning up the web security context.
- Removing proxy chain checking where possible.
2015-11-04 09:07:27 -05:00
Matt Gilman 7799deeaa1 NIFI-655:
- Starting to style the login page.
- Added simple 'login' support by identifying username/password. Issuing JWT token coming...
- Added logout support
- Rendering the username when appropriate.
2015-11-03 17:08:37 -05:00
Matt Gilman ed27ed0449 NIFI-655:
- Ensuring we know the necessary state before we attempt to render the login page.
- Building the proxy chain in the JWT authentication filter.
- Only rendering the login when appropriate.
2015-11-03 12:45:37 -05:00
Matt Gilman 71d84117e4 NIFI-655:
- Adding a new endpoint to obtain the status of a user registration.
- Updated the login page loading to ensure all possible states work.
2015-11-03 11:10:32 -05:00
Matt Gilman 7f9807f461 NIFI-655:
- Making nf-storage available in the login page.
- Requiring use of local storage. 
- Ignoring security for GET requests when obtaining the login configuration.
2015-11-02 22:55:57 -05:00
Matt Gilman 5e341214a6 NIFI-655:
- Addressing checkstyle issues.
2015-11-02 14:54:51 -05:00
Matt Gilman ade5dc9bac NIFI-655:
- Moving NiFi registration to the login page.
- Running the authentication filters in a different order to ensure we can disambiguate each case.
- Starting to layout each case... Forbidden, Login, Create User, Create NiFi Account.
2015-11-02 14:21:25 -05:00
Matt Gilman e7a5e18221 NIFI-655:
- Creating an endpoint for returning the identity of the current user.
- Updating the LoginAuthenticationFilter.
2015-10-30 10:17:34 -04:00
Matt Gilman a40e5a07ba NIFI-655:
- Refactoring web security to use Spring Security Java Configuration.
- Introducing security in Web UI in order to get JWT.

NIFI-655:
- Setting up the resources (js/css) for the login page.

NIFI-655:
- Adding support for configuring anonymous roles.
- Addressing checkstyle violations.

NIFI-655:
- Moving to token api to web-api.
- Creating an LoginProvider API for user/pass based authentication.
- Creating a module for funneling access to the authorized useres.

NIFI-655:
- Moving away from usage of DN to identity throughout the application (from the user db to the authorization provider).
- Updating the authorized users schema to support login users.
- Creating an extension point for authentication of users based on username/password.
2015-10-30 10:17:28 -04:00
Bryan Bende 5cc2b04b91 NIFI-986 Refactoring of action classes from nifi-user-actions to have interfaces in nifi-api, and adding getFlowChanges to EventAccess
- Fixing empty java docs and adding sort by id asc to the history query
- Changing userDn to userIdentity in Action and FlowChangeAction
- Modifying NiFiAuditor to always save events locally, and implementing getFlowChanges for ClusteredEventAccess
2015-10-29 16:28:36 -04:00
Bryan Bende c4f0cb1c6c Removing nifi-pcap-bundle/.gitignore 2015-10-29 12:06:25 -04:00
Mark Payne dc4004de64 Merge branch 'NIFI-977' 2015-10-27 16:53:38 -04:00
Mark Payne 4c0cf7d72b NIFI-973: Created a Getting Started Guide
Signed-off-by: Mark Payne <markap14@hotmail.com>
2015-10-27 12:01:17 -04:00
Mark Payne af19053a7f Merge branch 'NIFI-447' 2015-10-27 10:42:46 -04:00
Joseph Percivall 07238c7913 NIFI-447 adding replacement strategy to ReplaceText processor
Signed-off-by: Mark Payne <markap14@hotmail.com>
2015-10-27 10:37:43 -04:00