Commit Graph

197 Commits

Author SHA1 Message Date
Matt Gilman aaf14c45c9 NIFI-655:
- Refactoring web security to use Spring Security Java Configuration.
- Introducing security in Web UI in order to get JWT.

NIFI-655:
- Setting up the resources (js/css) for the login page.

NIFI-655:
- Adding support for configuring anonymous roles.
- Addressing checkstyle violations.

NIFI-655:
- Moving to token api to web-api.
- Creating an LoginProvider API for user/pass based authentication.
- Creating a module for funneling access to the authorized useres.

NIFI-655:
- Moving away from usage of DN to identity throughout the application (from the user db to the authorization provider).
- Updating the authorized users schema to support login users.
- Creating an extension point for authentication of users based on username/password.

NIFI-655:
- Creating an endpoint for returning the identity of the current user.
- Updating the LoginAuthenticationFilter.

NIFI-655:
- Moving NiFi registration to the login page.
- Running the authentication filters in a different order to ensure we can disambiguate each case.
- Starting to layout each case... Forbidden, Login, Create User, Create NiFi Account.

NIFI-655:
- Addressing checkstyle issues.

NIFI-655:
- Making nf-storage available in the login page.
- Requiring use of local storage.
- Ignoring security for GET requests when obtaining the login configuration.

NIFI-655:
- Adding a new endpoint to obtain the status of a user registration.
- Updated the login page loading to ensure all possible states work.

NIFI-655:
- Ensuring we know the necessary state before we attempt to render the login page.
- Building the proxy chain in the JWT authentication filter.
- Only rendering the login when appropriate.

NIFI-655:
- Starting to style the login page.
- Added simple 'login' support by identifying username/password. Issuing JWT token coming...
- Added logout support
- Rendering the username when appropriate.

NIFI-655:
- Extracting certificate validation into a utility class.
- Fixing checkstyle issues.
- Cleaning up the web security context.
- Removing proxy chain checking where possible.

NIFI-655:
- Starting to add support for registration.
- Creating registration form.

NIFI-655:
- Starting to implement the JWT service.
- Parsing JWT on client side in order to render who the user currently is when logged in.

NIFI-655:
- Allowing the user to link back to the log in page from the new account page.
- Renaming DN to identity where possible.

NIFI-655:
- Fixing checkstyle issues.

NIFI-655:
- Adding more/better support for logging out.

NIFI-655:
- Fixing checkstyle issues.

NIFI-655:
- Adding a few new exceptions for the login identity provider.

NIFI-655:
- Disabling log in by default initially.
- Restoring authorization service unit test.

NIFI-655:
- Fixing checkstyle issues.

NIFI-655:
- Updating packages for log in filters.
- Handling new registration exceptions.
- Code clean up.

NIFI-655:
- Removing registration support.
- Removing file based implementation.

NIFI-655:
- Removing file based implementation.

NIFI-655:
- Removing unused spring configuration files.

NIFI-655:
- Making the auto wiring more explicit.

NIFI-655:
- Removing unused dependencies.

NIFI-655:
- Removing unused filter.

NIFI-655:
- Updating the login API authenticate method to use a richer set of exceptions.
- UI code clean.

NIFI-655:
- Ensuring the login identity provider is able to switch context classloaders via the standard NAR mechanisms.

NIFI-655:
- Initial commit of the LDAP based identity providers.
- Fixed issue when attempting to log into a NiFi that does not support new account requests.

NIFI-655:
- Allowing the ldap provider to specify if client authentication is required/desired.

NIFI-655:
- Persisting keys to sign user tokens.
- Allowing the identity provider to specify the token expiration.
- Code clean up.

NIFI-655:
- Ensuring identities are unique in the key table.

NIFI-655:
- Adding support for specifying the user search base and user search filter in the active directory provider.

NIFI-655:
- Fixing checkstyle issues.

NIFI-655:
- Adding automatic client side token renewal.

NIFI-655:
- Ensuring the logout link is rendered when appropriate.

NIFI-655:
- Adding configuration options for referrals and connect/read timeouts

NIFI-655:
- Added an endpoint for access details including configuration, creating tokens, and checking status.
- Updated DTOs and client side to utilize new endpoints.

NIFI-655:
- Refactoring certificate extraction and validation.
- Refactoring how expiration is specified in the login identity providers.
- Adding unit tests for the access endpoints.
- Code clean up.

NIFI-655:
- Keeping token expiration between 1 minute and 12 hours.

NIFI-655:
- Using the user identity provided by the login identity provider.

NIFI-655: - Fixed typo in error message for unrecognized authentication strategy.

Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>

NIFI-655. - Added logback-test.xml configuration resource for nifi-web-security.

Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>

NIFI-655. - Added issuer field to LoginAuthenticationToken. - Updated AccessResource to pass identity provider class name when creating LoginAuthenticationTokens. - Began refactoring JWT logic from request parsing logic in JwtService. - Added unit tests for JWT logic.

Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>

NIFI-655. - Changed issuer field to use FQ class name because some classes return an empty string for getSimpleName(). - Finished refactoring JWT logic from request parsing logic in JwtService. - Updated AccessResource and JwtAuthenticationFilter to call new JwtService methods decoupled from request header parsing. - Added extensive unit tests for JWT logic.

Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>

NIFI-655:
- Refactoring key service to expose the key id.
- Handling client side expiration better.
- Removing specialized active directory provider and abstract ldap provider.

NIFI-655. - Updated JwtService and JwtServiceTest to use Key POJO instead of raw String key from KeyService.

Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>

NIFI-655:
- Fixing typo when loading the ldap connect timeout.
- Providing a better experience for session expiration.
- Using ellipsis for lengthly user name.
- Adding an issuer to the authentication response so the LIP can specify the appropriate value.

NIFI-655:
- Showing a logging in notification during the log in process.

NIFI-655:
- Removing unnecessary class.

NIFI-655:
- Fixing checkstyle issues.
- Showing the progress spinner while submitting account justification.

NIFI-655:
- Removing deprecated authentication strategy.
- Renaming TLS to START_TLS.
- Allowing the protocol to be configured.

NIFI-655:
- Fixing issue detecting the presence of DN column

NIFI-655:
- Pre-populating the login-identity-providers.xml file with necessary properties and documentation.
- Renaming the Authentication Duration property name.

NIFI-655:
- Updating documentation for the failure response codes.

NIFI-655:
- Ensuring the user identity is not too long.

NIFI-655:
- Updating default authentication expiration to 12 hours.

NIFI-655:
- Remaining on the login form when there is any unsuccessful login attempt.
- Fixing checkstyle issues.
2015-11-23 14:50:13 -05:00
Mark Payne 69bce2c2db NIFI-1168: Ensure that processors with only looping
connections are scheduled to run, even if the connections have no FlowFiles;
 expose these details to processor developers; update documentation

Signed-off-by: Aldrin Piri <aldrin@apache.org>
2015-11-18 14:53:30 -05:00
Tony Kurc db7b94b804 NIFI-696 Deprecated org.apache.nifi.flowfile.FlowFile.getId() 2015-11-12 21:26:48 -05:00
Oleg Zhurakousky 5baafa156a NIFI-1143 Fixed race condition which caused intermittent failures
Fixed the order of service state check in PropertyDescriptor
Encapsulated the check into private method for readability
Modified and documented test to validate correct behavior.
For more details please see comment in https://issues.apache.org/jira/browse/NIFI-1143
2015-11-11 14:06:08 -05:00
Mark Payne cf7bfe9e1c NIFI-1147: Fixed checkstyle violations 2015-11-10 15:04:37 -05:00
Mark Payne 73c1671975 NIFI-1132: Limited number of Lineage Identifiers held to 100 and marked the getLineageIdentifiers() method as deprecated 2015-11-09 12:09:56 -05:00
joewitt 99629646fe NIFI-1122 moved to 0.4.0-SNAPSHOT 2015-11-06 23:41:15 -05:00
Mark Payne 2b1d093120 NIFI-1105: Only trigger a processor that requires input to run if data is available for it process 2015-11-04 08:41:10 -05:00
Mark Payne e4cebba3c7 Merge branch 'master' into NIFI-730 2015-11-02 14:02:16 -05:00
Bryan Bende 5cc2b04b91 NIFI-986 Refactoring of action classes from nifi-user-actions to have interfaces in nifi-api, and adding getFlowChanges to EventAccess
- Fixing empty java docs and adding sort by id asc to the history query
- Changing userDn to userIdentity in Action and FlowChangeAction
- Modifying NiFiAuditor to always save events locally, and implementing getFlowChanges for ClusteredEventAccess
2015-10-29 16:28:36 -04:00
Joseph Percivall b885f955f4 NIFI-516 adding option to StandardProcessSession.read to close stream
Signed-off-by: Mark Payne <markap14@hotmail.com>
2015-10-26 20:23:13 -04:00
Mark Payne 17006335e5 NIFI-10: Fixed checkstyle violation 2015-10-26 17:09:51 -04:00
Mark Payne fc2aa2764c NIFI-10: Added FETCH and DOWNLOAD Provenance Events; updated FlowController to use DOWNLOAD event instead of SEND whenever a user downloads/views content via Provenance Event 2015-10-26 14:58:50 -04:00
Mark Payne 51f564024a NIFI-10: Added FETCH Provenance Event and updated processors to use this new event type 2015-10-26 14:58:50 -04:00
Matt Gilman 570202eb30 NIFI-730:
- Fixing capitalization to remain consistent.
2015-10-16 10:47:02 -04:00
Matt Gilman 39a050d2fd NIFI-730:
- Adding emptying a queue when clustered.
2015-10-14 17:47:06 -04:00
Mark Payne 09a3f6dadd NIFI-730: reordered states for drop flowfile request 2015-10-14 16:32:39 -04:00
Mark Payne 0af1acaafa NIFI-730: Return DropFlowFileStatus object when calling cancel 2015-10-14 09:46:21 -04:00
Mark Payne 77f7d7524c NIFI-730: bug fixes and code cleanup for swap manager and flowfile queue 2015-10-14 09:14:15 -04:00
Mark Payne afb76afcd0 NIFI-730: Added error messages if we fail to drop FlowFiles from queue 2015-10-13 15:57:18 -04:00
Matt Gilman 4b41aaab02 NIFI-730:
- Fixing checkstyle violations.
- Wiring endpoints and framework model.
- Lowering the max delay while polling from 8 seconds to 4 seconds.
2015-10-13 13:43:10 -04:00
Mark Payne af78354d84 NIFI-730: Added additional parameters to dropFlowFiles 2015-10-13 12:20:18 -04:00
Mark Payne ad6af95d07 NIFI-730: Fixed checkstyle violations 2015-10-13 10:09:21 -04:00
Mark Payne 49a781df2d NIFI-730: Implemented swapping in and out on-demand by the FlowFileQueue rather than in a background thread 2015-10-13 10:03:03 -04:00
Mark Payne b8c51dc35d NIFI-730: Added methods for dropping queued flowfiles; refactored swap manager but have not yet started swapping flowfiles in or out from within the flowfile queue 2015-10-11 10:27:07 -04:00
Mark Payne ccfb57fe9f NIFI-810: Addressed several checkstyle violations 2015-10-07 17:48:51 -04:00
Mark Payne 4afd8f88f8 NIFI-810: Created RequiresInput annotation and ensure that processors are invalid if connections do not agree 2015-10-07 17:26:14 -04:00
Bryan Bende 600f91a262 NIFI-932 Adding hasIncomingConnection() and hasConnection(Relationship) to ProcessContext and updating ExecuteSQL 2015-09-18 17:05:31 -04:00
Matt Gilman ded74ec94c NIFI-876 prepare for next development iteration 2015-09-14 21:48:11 -04:00
Matt Gilman 2ec735e350 NIFI-876 prepare release nifi-0.3.0-RC1 2015-09-14 21:48:00 -04:00
Joseph Percivall a83ed34f91 Commit for NIFI-836 to fix broken javadoc @link elements
Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>
2015-09-10 12:05:47 -04:00
Mark Payne 15a8699dc4 NIFI-744: Addressed feedback from review, mostly adding documentation to a few points in the code 2015-08-21 11:08:34 -04:00
Mark Payne 68d94cc01b NIFI-744: Refactored ContentClaim into ContentClaim and ResourceClaim and allowed resource claim to be reused across sessions 2015-08-21 11:08:34 -04:00
joewitt aa99884782 NIFI-850 removed nifi parent, updated nifi pom, moved all nifi subdirs up one level, fixed readme. 2015-08-15 13:12:22 -04:00
Mark Payne 0f310325a3 NIFI-6: Rebased from develop and moved new artifacts as appropriate 2015-01-16 12:12:27 -05:00
Mark Payne 1c0eb6c66e NIFI-6: Added annotations with new package names to be more explicit; deprecated all old annotations; updated framework to use new annotations and old 2015-01-16 12:05:23 -05:00
joewitt 300952a984 Reworked overall directory structure to make releasing nifi vs maven plugis easier 2015-01-15 21:11:07 -05:00
Mark Payne d3aec88514 NIFI-264: Make getIdentifier method of AbstractSessionFactoryProcessor final so that subclasses cannot override it 2015-01-14 12:26:43 -05:00
Matt Gilman 469502f30c NIFI-65:
- Code clean up.
- Updating authorizeDownload(...) to accept the dnChain in the appropriate order.
2014-12-23 13:00:38 -05:00
Matt Gilman 418d6b03b2 NIFI-65:
- Adding methods to the AuthorityProvider to authorize the downloading of content.
2014-12-23 09:31:46 -05:00
joewitt 3a4c6ed887 Merge branch 'develop' into NIFI-169 2014-12-16 08:16:52 -05:00
Mark Payne 1cc3ce5755 NIFI-35: Provide an EventReporter to the FlowFileSwapManager and provide events for any errors 2014-12-15 14:28:11 -05:00
Mark Payne 9e60aa0f25 NIFI-49: Included patch from Philip Young to include name of default value when not allowed as a property descriptor value 2014-12-15 13:53:12 -05:00
Mark Payne 1316042977 NIFI-49: Included patch from Philip Young to include name of default vlaue when not allowed as a property descriptor value 2014-12-15 13:28:09 -05:00
joewitt 19d4a150a8 NIFI-169 well it finally all builds. There is a classpath issue still to sort out which impacts startup 2014-12-15 05:14:32 -05:00
Mark Payne 55d4b1c099 NIFI-164: Add shutdown() method to ContentRepository and implement in FileSystemRepository and VolatileContentRepository to cleanup executors; call shutdown() from FlowController shutdown method 2014-12-12 10:00:40 -05:00
joewitt 4d998c12c9 Initial code contribution 2014-12-08 15:22:14 -05:00