Commit Graph

306 Commits

Author SHA1 Message Date
Matt Gilman e22b51f3a7 NIFI-655:
- Renaming spring tokens to avoid confusion over authentication and authorization.
2015-12-01 10:08:36 -05:00
Matt Gilman 85eb8defdd NIFI-655:
- Changing default expiration time to 12 hours.
2015-12-01 09:36:33 -05:00
Matt Gilman c100052dac NIFI-655:
- Adding additional logging when proceeding as an anonymous user.
2015-12-01 08:51:45 -05:00
Matt Gilman 2b0819a5f2 NIFI-655:
- Removing unused imports.
2015-11-30 16:33:11 -05:00
Matt Gilman 014b2ac4e8 NIFI-655:
- Removing proxied user chain as user details are already serialized.
2015-11-30 16:30:12 -05:00
Matt Gilman 774d626f88 NIFI-655:
- Adding documentation around the behavior of the authentication filters.
- Only passing along necessary parameters.
2015-11-30 15:07:40 -05:00
Matt Gilman c722b56335 NIFI-655:
- Ensuring the access token is not replicated when the user is already authenticated/authorized.
2015-11-30 14:57:38 -05:00
Matt Gilman a84e505bcd NIFI-655:
- Ensuring the access token is not replicated when the user is already authenticated/authorized.
2015-11-30 14:47:30 -05:00
Matt Gilman 99016a835e NIFI-655:
- Ensuring the protocol is specified.
2015-11-30 12:38:17 -05:00
Matt Gilman 64beeef593 NIFI-655:
- Ensuring anonymous user label and login links are rendered when appropriate.
- Ensuring responses are accurate when making requests with a token when user log in is not supported.
2015-11-27 14:13:40 -05:00
Matt Gilman c1cc165edb NIFI-655:
- Fixing issue with filter bean initialization when clustered.
2015-11-27 10:05:58 -05:00
Matt Gilman 6bce858e4a NIFI-655:
- Updated user guide with screenshots of login process.
- Tweaked wording in admin guide.
- Triggering login on enter press in login form.
2015-11-25 16:42:22 -05:00
Matt Gilman c073253366 NIFI-655:
- Update admin guide with documentation for username/password authentication.
- Setting default anonymous roles to none.
- Making account status messages to users more clear.
- Deleting user keys when an admin revokes/deletes an account.
- Updating authentication filter to error back whenever authentication fails.
2015-11-25 14:17:23 -05:00
Matt Gilman 1312bde498 NIFI-655:
- Updating available links during login, registration, and account status review.
2015-11-24 00:37:47 -05:00
Matt Gilman f2d82ee140 NIFI-655:
- Updating the version of ldap provider nar.
2015-11-23 16:53:26 -05:00
Matt Gilman a5754986e2 NIFI-655:
- Fixing the configuration property name for Authentication Expiration in the provided example configuration.
2015-11-23 15:55:24 -05:00
Matt Gilman aaf14c45c9 NIFI-655:
- Refactoring web security to use Spring Security Java Configuration.
- Introducing security in Web UI in order to get JWT.

NIFI-655:
- Setting up the resources (js/css) for the login page.

NIFI-655:
- Adding support for configuring anonymous roles.
- Addressing checkstyle violations.

NIFI-655:
- Moving to token api to web-api.
- Creating an LoginProvider API for user/pass based authentication.
- Creating a module for funneling access to the authorized useres.

NIFI-655:
- Moving away from usage of DN to identity throughout the application (from the user db to the authorization provider).
- Updating the authorized users schema to support login users.
- Creating an extension point for authentication of users based on username/password.

NIFI-655:
- Creating an endpoint for returning the identity of the current user.
- Updating the LoginAuthenticationFilter.

NIFI-655:
- Moving NiFi registration to the login page.
- Running the authentication filters in a different order to ensure we can disambiguate each case.
- Starting to layout each case... Forbidden, Login, Create User, Create NiFi Account.

NIFI-655:
- Addressing checkstyle issues.

NIFI-655:
- Making nf-storage available in the login page.
- Requiring use of local storage.
- Ignoring security for GET requests when obtaining the login configuration.

NIFI-655:
- Adding a new endpoint to obtain the status of a user registration.
- Updated the login page loading to ensure all possible states work.

NIFI-655:
- Ensuring we know the necessary state before we attempt to render the login page.
- Building the proxy chain in the JWT authentication filter.
- Only rendering the login when appropriate.

NIFI-655:
- Starting to style the login page.
- Added simple 'login' support by identifying username/password. Issuing JWT token coming...
- Added logout support
- Rendering the username when appropriate.

NIFI-655:
- Extracting certificate validation into a utility class.
- Fixing checkstyle issues.
- Cleaning up the web security context.
- Removing proxy chain checking where possible.

NIFI-655:
- Starting to add support for registration.
- Creating registration form.

NIFI-655:
- Starting to implement the JWT service.
- Parsing JWT on client side in order to render who the user currently is when logged in.

NIFI-655:
- Allowing the user to link back to the log in page from the new account page.
- Renaming DN to identity where possible.

NIFI-655:
- Fixing checkstyle issues.

NIFI-655:
- Adding more/better support for logging out.

NIFI-655:
- Fixing checkstyle issues.

NIFI-655:
- Adding a few new exceptions for the login identity provider.

NIFI-655:
- Disabling log in by default initially.
- Restoring authorization service unit test.

NIFI-655:
- Fixing checkstyle issues.

NIFI-655:
- Updating packages for log in filters.
- Handling new registration exceptions.
- Code clean up.

NIFI-655:
- Removing registration support.
- Removing file based implementation.

NIFI-655:
- Removing file based implementation.

NIFI-655:
- Removing unused spring configuration files.

NIFI-655:
- Making the auto wiring more explicit.

NIFI-655:
- Removing unused dependencies.

NIFI-655:
- Removing unused filter.

NIFI-655:
- Updating the login API authenticate method to use a richer set of exceptions.
- UI code clean.

NIFI-655:
- Ensuring the login identity provider is able to switch context classloaders via the standard NAR mechanisms.

NIFI-655:
- Initial commit of the LDAP based identity providers.
- Fixed issue when attempting to log into a NiFi that does not support new account requests.

NIFI-655:
- Allowing the ldap provider to specify if client authentication is required/desired.

NIFI-655:
- Persisting keys to sign user tokens.
- Allowing the identity provider to specify the token expiration.
- Code clean up.

NIFI-655:
- Ensuring identities are unique in the key table.

NIFI-655:
- Adding support for specifying the user search base and user search filter in the active directory provider.

NIFI-655:
- Fixing checkstyle issues.

NIFI-655:
- Adding automatic client side token renewal.

NIFI-655:
- Ensuring the logout link is rendered when appropriate.

NIFI-655:
- Adding configuration options for referrals and connect/read timeouts

NIFI-655:
- Added an endpoint for access details including configuration, creating tokens, and checking status.
- Updated DTOs and client side to utilize new endpoints.

NIFI-655:
- Refactoring certificate extraction and validation.
- Refactoring how expiration is specified in the login identity providers.
- Adding unit tests for the access endpoints.
- Code clean up.

NIFI-655:
- Keeping token expiration between 1 minute and 12 hours.

NIFI-655:
- Using the user identity provided by the login identity provider.

NIFI-655: - Fixed typo in error message for unrecognized authentication strategy.

Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>

NIFI-655. - Added logback-test.xml configuration resource for nifi-web-security.

Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>

NIFI-655. - Added issuer field to LoginAuthenticationToken. - Updated AccessResource to pass identity provider class name when creating LoginAuthenticationTokens. - Began refactoring JWT logic from request parsing logic in JwtService. - Added unit tests for JWT logic.

Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>

NIFI-655. - Changed issuer field to use FQ class name because some classes return an empty string for getSimpleName(). - Finished refactoring JWT logic from request parsing logic in JwtService. - Updated AccessResource and JwtAuthenticationFilter to call new JwtService methods decoupled from request header parsing. - Added extensive unit tests for JWT logic.

Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>

NIFI-655:
- Refactoring key service to expose the key id.
- Handling client side expiration better.
- Removing specialized active directory provider and abstract ldap provider.

NIFI-655. - Updated JwtService and JwtServiceTest to use Key POJO instead of raw String key from KeyService.

Signed-off-by: Matt Gilman <matt.c.gilman@gmail.com>

NIFI-655:
- Fixing typo when loading the ldap connect timeout.
- Providing a better experience for session expiration.
- Using ellipsis for lengthly user name.
- Adding an issuer to the authentication response so the LIP can specify the appropriate value.

NIFI-655:
- Showing a logging in notification during the log in process.

NIFI-655:
- Removing unnecessary class.

NIFI-655:
- Fixing checkstyle issues.
- Showing the progress spinner while submitting account justification.

NIFI-655:
- Removing deprecated authentication strategy.
- Renaming TLS to START_TLS.
- Allowing the protocol to be configured.

NIFI-655:
- Fixing issue detecting the presence of DN column

NIFI-655:
- Pre-populating the login-identity-providers.xml file with necessary properties and documentation.
- Renaming the Authentication Duration property name.

NIFI-655:
- Updating documentation for the failure response codes.

NIFI-655:
- Ensuring the user identity is not too long.

NIFI-655:
- Updating default authentication expiration to 12 hours.

NIFI-655:
- Remaining on the login form when there is any unsuccessful login attempt.
- Fixing checkstyle issues.
2015-11-23 14:50:13 -05:00
Mark Payne 4e2c94d659 Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/nifi 2015-11-23 14:18:50 -05:00
Mark Payne 2516b1dad2 NIFI-1171: Ensure that we pick up changes when files roll over and ensure that we don't pick up the rolled over file multiple times 2015-11-23 14:11:14 -05:00
Joseph Percivall cdd2c4f22c NIFI-1086: Changed behavior on retrieval with no input file to RETRIEVE events, removed @TriggerWhenEmpty
Reviewed by Tony Kurc (tkurc@apache.org)
2015-11-21 19:20:33 -05:00
Bryan Bende f1f67f6395 Fixing one-character typo in syslog attribute name 2015-11-20 10:45:21 -05:00
Aldrin Piri 08d59e4374 NIFI-1196 Providing handling of FETCH provenance events for their "unique" property, transit URI, within the framework and UI.
Reviewed by Tony Kurc (tkurc@apache.org)
2015-11-19 17:42:15 -05:00
Bryan Bende 40dd8a0a84 NIFI-1174 Refactoring the HBase client API and adding a PutHBaseJSON which can write a whole row from a single json document - Adding Complex Field Strategy to PutHBaseJSON to allow more control of complex fields - Improving error messages to indicate what the problem was with an invalid row
Signed-off-by: Bryan Bende <bbende@apache.org>
2015-11-19 13:49:02 -05:00
Joseph Percivall 8c2323dc8d NIFI-1086 Provide refactoring of InvokeHTTP
NIFI-980 Add support for HTTP Digest authentication to InvokeHttp
NIFI-1080 Provide additional InvokeHttp unit tests
NIFI-1133 InvokeHTTP Processor does not save Location header for 3xx responses
NIFI-1009 InvokeHTTP should be able to be scheduled without any incoming connection for GET operations
NIFI-61 Multiple improvements for InvokeHTTP inclusive of providing unique tx.id across clusters, dynamic HTTP header properties

Signed-off-by: Aldrin Piri <aldrin@apache.org>
2015-11-19 01:40:21 -05:00
Joe Percivall fb335ea282 NIFI-1165: Fix for tests TestRouteText and PutHDFS which did not succeed on Windows
Reviewed by Tony Kurc (tkurc@apache.org)
2015-11-19 01:01:34 -05:00
Mark Payne e862f7ff03 NIFI-1165: Use FileChannel instead of RandomAccessFile in order to avoid locking files in Windows
Reviewed by Tony Kurc (tkurc@apache.org)
2015-11-19 01:01:28 -05:00
Joseph Percivall 1e5cc070a3 NIFI-1081 Adding option to ExecuteStreamCommand to put output value to an attribute
Reviewed and amended (comments,whitespace,and some code readability (discussed in ticket)) by Tony Kurc (tkurc@apache.org)
2015-11-18 23:23:10 -05:00
Tony Kurc 9e2f6df205 NIFI-1123: Fixing a botched commit. 2015-11-18 21:59:42 -05:00
Joe Skora 52b24b93d9 NIFI-1123 Adds expression language support to DeleteAttributesExpression on UpdateAttributes Processor.
Reviewed by Tony Kurc (trkurc@gmail.com) after Aldrin Piri <aldrin@apache.org> did the initial review and actionable comments
2015-11-18 19:10:21 -05:00
Tony Kurc ab7940368a NIFI-1187: Fixing issue of possible assigment reordering causing uninitalized values to be possibly returned
Signed-off-by: Aldrin Piri <aldrin@apache.org>
2015-11-18 17:37:47 -05:00
Aldrin Piri c541c82c35 NIFI-1191 Adding missing tags for ConvertAvroToJSON 2015-11-18 16:38:15 -05:00
Mark Payne 69bce2c2db NIFI-1168: Ensure that processors with only looping
connections are scheduled to run, even if the connections have no FlowFiles;
 expose these details to processor developers; update documentation

Signed-off-by: Aldrin Piri <aldrin@apache.org>
2015-11-18 14:53:30 -05:00
Aldrin Piri 773576e041 NIFI-1108 Providing additional annotations on processors to ensure utilization of the InputRequirement annotation. 2015-11-18 13:56:21 -05:00
Mark Payne 911e1c5412 NIFI-1108: Updated processors to include the @InputRequirement annotation
Signed-off-by: Aldrin Piri <aldrin@apache.org>
2015-11-18 13:47:59 -05:00
Mark Payne d88b6cb6bc NIFI-1173: Even if FlowFile Queue is empty, it needs to hold onto the Empty Queue request so that subsequent cancel/clear requests can reference it
Signed-off-by: Aldrin Piri <aldrin@apache.org>
2015-11-18 10:56:38 -05:00
Mark Payne 180ea1ba22 NIFI-1176: Use a smaller internal blocking queue size of only 5000 messages; do not create a new queue every time the processor is scheduled to run
Signed-off-by: Aldrin Piri <aldrin@apache.org>
2015-11-18 10:51:22 -05:00
Mark Payne 93be753301 NIFI-1181: Ensure that a FlowFile's uuid cannot be modified by processors
Signed-off-by: Aldrin Piri <aldrin@apache.org>
2015-11-18 10:35:37 -05:00
Bryan Bende 2b9b5e008f NIFI-1175 Exposing minimum properties required to create an HBase connection on the HBaseClientService as an optional alternative to the conf files 2015-11-17 12:01:46 -05:00
Mark Payne 453b140d6b Merge branch 'NIFI-748' of https://github.com/olegz/nifi into NIFI-748 2015-11-17 09:23:10 -05:00
Naveen Madhire 03a54bf2d5 Changes after review 2015-11-16 13:32:17 -06:00
Naveen Madhire b954ca620e NIFI-1146 Allow GetKafka to be configured with auto.offset.reset to largest or smallest 2015-11-16 11:59:52 -06:00
Oleg Zhurakousky 15880f9fcc NIFI-748 addressed PR comments
- made DocReader package private
- polished logic in read(..) method to avoid escaping the loop
- added call to sorting logic in LuceneUtil.groupDocsByStorageFileName(..) to ensure that previous behavior and assumptions in read(..) methodd are preserved
- other minor polishing
2015-11-16 08:39:23 -05:00
Matt Gilman 64369f67f9 NIFI-1160:
- Addressing possible NPE when removing a drop request.
- Only updating a connection status once it's been retrieved for the first time.
2015-11-16 08:34:04 -05:00
Mark Payne da9f40b3f0 NIFI-973: Updated main Help page to provide a link to the Getting Started Guide.
Reviewed by Aldrin Piri (aldrin@apache.org)
2015-11-15 08:38:51 -05:00
Tony Kurc 528dab78d6 NIFI-1073: Fixing coverity discovered errors. Resource leaks, and statics
Reviewed by Bryan Bende (bbende@apache.org)
2015-11-14 18:56:43 -05:00
Aldrin Piri 01539ed323 NIFI-1163: Providing handling of SSLContext creation in GetHTTP in case of only performing a one-way SSL request and accompanying test to verify the configuration/usage.
Reviewed by Tony Kurc (tkurc@apache.org)
2015-11-14 18:47:50 -05:00
Oleg Zhurakousky a4d93c62c8 NIFI-748 Fixed logic around handling partial query results from provenance repository
- Ensured that failures derived form correlating Document to its actual provenance event do fail the entire query and produce partial results with warning messages
- Refactored DocsReader.read() operation.
- Added test to validate two conditions where the such failures could occur
2015-11-13 14:23:31 -05:00
Mark Payne 90f6830003 Merge branch 'master' of https://git-wip-us.apache.org/repos/asf/nifi 2015-11-13 10:47:05 -05:00
Mark Payne 22de23baa6 NIFI-1097: Rewrite PutKafka to use the new producer api 2015-11-13 10:46:46 -05:00
joewitt 36d00a60f5 NIFI-1155 fixed contrib-check violation 2015-11-13 00:06:12 -05:00