* NIFI-4890 Refactored OIDC with support for Refresh Tokens
- Implemented OIDC Authorization Code Grant Flow using Spring Security Filters
- Implemented OIDC RP-Initiated Logout 1.0
- Implemented OAuth2 Token Revocation RFC 7009 for Refresh Tokens
- Added OIDC Bearer Token Refresh Filter for updating application Bearer Tokens from Refresh Token exchanges
- Added configurable Token Refresh Window to application properties
- Removed original implementation and supporting classes
* NIFI-4890 Set Bearer Token expiration based on Access Token
* NIFI-4890 Corrected spelling and naming issues based on feedback
This closes#7013
Fixed issue in StandardContentClaimWriteCache in which inner OutputStream class did not have an idempotent close() method; as a result, the stream could be written to while already in use for another active FlowFile; fixed bug in ContentClaimInputStream in which skip() method ignored its own BufferedInputStream - this was discovered because it was causing failures in StandardProcessSessionIT; fixed bug in StandardProcessSessionIT in which the length of StandardContentClaim was being doubled because the OutputStream was setting the claim length but that is already handled at a lower level.
This closes#7087
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Deprecated 128 bit key variants of Sensitive Properties Algorithms
- Updated documentation to recommend either NIFI_ARGON2_AES_GCM_256 or NIFI_PBKDF2_AES_GCM_256
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#7040.
- Restores behavior so that XML parsing failure details will be included in FlowFile error attribute from ValidateXml
This closes#6970
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Upgraded Google Drive library to v3-rev20221219-2.0.0
- Corrected test encryption keys to match expected encoding
Signed-off-by: Joe Witt <joewitt@apache.org>
- Replaced Groovy asserts with JUnit 5 assertions and Groovy shouldFail method Junit 5 with assertThrow method
This closes#6880
Signed-off-by: David Handermann <exceptionfactory@apache.org>
- Changed from Bouncy Castle to Sun JSSE Provider for Key Stores to improve reading and writing Trust Stores formatted in PKCS12
- Updated TLS Toolkit Key Password handling to remove setting null for PKCS12
Signed-off-by: Chris Sampson <chris.sampson82@gmail.com>
This closes#6881
- Updated impacted classes to remove redundant import lines
- Removed WebUtilsGroovyTest.groovy class due to use of internal sun.security classes
Signed-off-by: Pierre Villard <pierre.villard.fr@gmail.com>
This closes#6804.
- Added Commons Net to managed dependencies in root Maven configuration
- Removed version references to 3.3 in MiNiFi and 3.6 in NiFi standard modules
Signed-off-by: Joe Witt <joewitt@apache.org>
- Added LongSupplier for TimedBuffer and ControlRate classes to support overriding System.currentTimeMillis()
This closes#6671
Signed-off-by: Paul Grey <greyp@apache.org>
- Added deprecation warnings for NiFi, Registry, and MiNiFi
- Added RuntimeVersionProvider for shared reference to deprecated and minimum versions
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#6648.
[NIFI-10612] Made suggested change to only test subject value where it is formatted like a Json array or object.
This closes#6574
Signed-off-by: Mike Thomsen <mthomsen@apache.org>
- Added nifi-security-ssl for generalized SSLContext creation
- Removed static keystore and truststore test files from nifi-registry-jetty
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#6514.
- Added org.apache.commons.text.version property in root Maven configuration
- Removed direct version references in favor of managed dependency version
Signed-off-by: Nathan Gough <thenatog@gmail.com>
This closes#6531.
