* NIFI-9382: Created a new ClassloaderIsolationKey mechanism by which Hadoop related processors (and potentially others) can indicate that they need full classloaders to be cloned but can share with other instances in certain circumstances
- Added system tests
* NIFI-9382: Renamed interface based on review feedback
* NIFI-9382: Removed ReentrantKerberosUser.
- Added nifi.web.request.log.format property
- Added Filters to set and retrieve authenticated username for logging
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#5527.
Added <scope>test</scope> tag to the nifi-web-api pom.xml and corrected imports.
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#5447
- Removed parent AccessResource from OIDCAccessResource and SAMLAccessResource to avoid unexpected inherited methods
- Moved Token Expiration validation from AccessResource to StandardBearerTokenProvider
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#5489.
NIFI-9309: Include a uiOnly flag when requesting flow for a given process group. In that case, do not include the property descriptors, property values, etc. for Processors. When fetching Variable Registry, improved logic to cache the VariableImpact for each property value instead of parsing/recreating it every time. When fetching bulletins for a component, avoid filtering through all components' bulletins and instead only look at bulletins that might pertain to the appropriate component
- Allowing the user to submit a verification request for Processors, Controller Services, and Reporting Tasks.
- Tracking progress of verification requests.
- Showing the verification results.
NIFI-9288:
- Fixing class name which prevented styles from being applied.
NIFI-9288:
- Ensuring that previously entered referenced attribute values take precedence.
NIFI-9288:
- Positioning the property listing and verification results based on percentages instead of fixed values.
- Removing the additional dialog height.
NIFI-9288:
- Allowing attribute value entry to be skipped when appropriate.
NIFI-9288:
- Working around an issue caused by css minification.
NIFI-9288:
- Adding some padding to the verifying progress dialog.
This closes#5461
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>
- Similar to NIFI-9215, converting integer identifiers to strings to ensure the items are successfully retrieved when attempting to apply a tooltip.
This closes#5454
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>
- During mouse over events the items in the Controller Service Types table could not be looked up because the identifier of the item was an integer value and the identifier was a string value. Addressing the issue by always using a string.
This closes#5439
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>
- Populating the empty state when a parameter is not referenced by any component.
- Tweaking margins so the references are slightly more compact.
This closes#5442
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>
- Migrating away from forceFitColumns which is deprecated. Updating to use the same strategy in the new configuration which will prevent the warning logs to the console.
This closes#5428
Signed-off-by: Scott Aslan <scottyaslan@gmail.com>
- Removed nifi.minifi.sensitive.props.provider Property from MiNiFi
- Removed property from example NiFi properties files
- Removed provider from MiNiFi SensitivePropsSchema
- Removed BC provider value from MiNiFi test cases
Signed-off-by: Joe Gresock <jgresock@gmail.com>
This closes#5422.
- Replaced use of Authorization header with custom Request-Token header for CSRF mitigation
- Added Request-Token cookie for CSRF mitigation
- Replaced session storage of JWT with expiration in seconds
- Removed and disabled CORS configuration
- Disabled HTTP OPTIONS method
- Refactored HTTP Proxy URI construction using RequestUriBuilder
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#5417.
* NIFI-8491:
- Adding support for configuring parameter context inheritance.
* NIFI-8491:
- Allowing changes to the parameter context inheritance to drive Apply disabled state.
* NIFI-8491: Updating StandardParameterContext#isAuthorized check
* NIFI-8491:
- Showing selected inherited parameter contexts in ready only form when appropriate.
- Allowing available parameter contexts to be inherited by double clicking.
- Removing support for rendering unauthorized inherited parameter contexts as they can no longer be opened.
* NIFI-8491: Adding inherited param context verification earlier
* NIFI-8491:
- Addressing CI failures by rolling back to some order JS language spec to allow yui-compress to minify and compress.
* NIFI-8491:
- Ensuring selected context sort order is honored.
- Ensuring the Apply button is correctly enabled.
- Showing Pending Apply message when selected Parameter Context changes.
- Ensuring the Parameter's tab is selected now that there is a third tab.
* Updates to inherited param context verification
* Improving validation between parameters/inherited parameters
* NIFI-8491:
- Ensuring the available parameter contexts are loaded whether the edit dialog is opened from the listing or outside of the listing.
* NIFI-8491:
- Fixing conditions we check if the parameter context listing is currently open.
* NIFI-8491:
- Waiting for the parameter contexts to load prior to rendering the parameter context inheritance tab and showing the dialog.
* NIFI-8491:
- Fixing pending apply message clipping.
- Hiding pending apply message after clicking Apply.
Co-authored-by: Joe Gresock <jgresock@gmail.com>
This closes#5371
- Implemented ApplicationCookieService for adding and retrieving HTTP Cookies
- Added getCookieResourceUri() leveraging allowed proxy headers to support optional Cookie Paths
- Refactored Access Resources to use ApplicationCookieService for processing
- Changed __Host- prefix to __Secure- prefix for Bearer Token cookie to support Cookie Path processing
- Removed unnecessary jetty-http dependency from nifi-web-api
- Corrected NiFi path references in JavaScript to support prefixed paths
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#5329.
- Added TemporaryKeyStoreBuilder with File.deleteOnExit() for KeyStore and TrustStore files
- Removed JKS files from nifi-security-utils tests
- Refactored usage of KeyStoreUtils.createKeyStoreAndGetX509Certificate() to TemporaryKeyStoreBuilder
- Removed unnecesary hadoop-minikdc test dependency in security-utils
- Replaced Mini KDC Hex utility with Bouncy Castle Hex utility in unit tests
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#5406
- Refactored multiple tests using KeyStoreUtils
- Removed static KeyStore and TrustStore files
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#5401
NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.
This closes#5351
Signed-off-by: Mike Thomsen <mthomsen@apache.org>
- Replaced old com.sun.xml.bind:jaxb-impl and jaxb-core with current org.glassfish.jaxb:jaxb-runtime
- Replaced old javax.xml.bind:jaxb-api with current jakarta.xml.bind-api
- Removed unnecessary dependency references to javax.activation-api
This closes#5320
Signed-off-by: Mike Thomsen <mthomsen@apache.org>
- Added JavaScript Authorization Storage component for storing and retrieving JSON Web Tokens
- Added access status request to remove Session Cookie when Token not found
NIFI-9049 Updated Jolt JavaScript application to use AuthorizationStorage
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#5344.
- Replaced per-user symmetric-key HS256 with shared and rotated RSA asymmetric-key RS512 implementation
- Added nifi.security.user.jws.key.rotation.period property for RSA Key Pair rotation
- Added JSON Web Tokens section to Administration Guide
- Implemented persistent storage of RSA Public Keys for verification using Local State Manager
- Implemented JWT revocation on logout with persistence using Local State Manager
- Refactored JWT implementation using Spring Security OAuth2 and Nimbus JWT
- Refactored Spring Security Provider configuration using Java instead of XML
- Removed H2 storage of per-user keys
- Upgraded nimbus-jose-jwt from 7.9 to 9.11.2
NIFI-8766 Corrected AuthenticationException handling in AccessResource.getAccessStatus
- Added nifi.user.security.jws.key.rotation.period to default nifi.properties
- Updated logging statements and clarified configuration and method documentation
NIFI-8766 Changed Algorithm to PS512 and updated documentation
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#5262.
NIFI-8671 Moved versioned components class into nifi-api
- Removed @XmlRootElement from VersionedProcessGroup.
- Fixed nifi-api dependency version in nifi-registry-data-model. Changed logic of handling instances of un-annotated classes during xml serialization in JAXBSerializer.
* NIFI-8939: Ensure that when async/long-running flow updates are made, referencing controller services that are disabling are waited on but not attempted to be disabled
* NIFI-8939: Ensure that when waiting for Controller Services to reach desired state, we use correct URI for fetch service state. There was a typo that resulted in not getting all controller services' states.
This closes#5240
- Remove reference to ongoing work for Java 11
- Remove references to Bower which is no longer used as of NIFI-2781
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#5232
- Added Jetty DoSFilter configured for /access/token
- Added nifi.web.max.access.token.requests.per.second property with default value of 25
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#5215.
- include new process group property support in NiFi Registry
- updated documentation to describe and show new feature
- added elements to XSD schema definition
NIFI-8195: update to DAO to fix PG move and copy/paste
update condition to not null vice null
Signed-off-by: Matthew Burgess <mattyb149@apache.org>
This closes#5192
- Upgraded Angular Material from 1.1.10 to 1.1.26
- Upgraded Moment from 2.24.0 to 2.29.1
- Upgraded JSON Lint from 1.6.2 to 1.6.3
- Upgraded Slickgrid from 2.4.27 to 2.4.38
- Upgraded frontend-maven-plugin from 1.4 to 1.12.0
- Upgraded frontend-maven-plugin NodeJS from 12.7.0 to 12.22.2
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#5197.
