mirror of
https://github.com/apache/nifi.git
synced 2025-02-13 13:35:20 +00:00
a652280fbb
- Replaced per-user symmetric-key HS256 with shared and rotated RSA asymmetric-key RS512 implementation - Added nifi.security.user.jws.key.rotation.period property for RSA Key Pair rotation - Added JSON Web Tokens section to Administration Guide - Implemented persistent storage of RSA Public Keys for verification using Local State Manager - Implemented JWT revocation on logout with persistence using Local State Manager - Refactored JWT implementation using Spring Security OAuth2 and Nimbus JWT - Refactored Spring Security Provider configuration using Java instead of XML - Removed H2 storage of per-user keys - Upgraded nimbus-jose-jwt from 7.9 to 9.11.2 NIFI-8766 Corrected AuthenticationException handling in AccessResource.getAccessStatus - Added nifi.user.security.jws.key.rotation.period to default nifi.properties - Updated logging statements and clarified configuration and method documentation NIFI-8766 Changed Algorithm to PS512 and updated documentation Signed-off-by: Nathan Gough <thenatog@gmail.com> This closes #5262.
274 lines
11 KiB
XML
274 lines
11 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!--
|
|
Licensed to the Apache Software Foundation (ASF) under one or more
|
|
contributor license agreements. See the NOTICE file distributed with
|
|
this work for additional information regarding copyright ownership.
|
|
The ASF licenses this file to You under the Apache License, Version 2.0
|
|
(the "License"); you may not use this file except in compliance with
|
|
the License. You may obtain a copy of the License at
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
-->
|
|
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
|
|
<modelVersion>4.0.0</modelVersion>
|
|
<parent>
|
|
<groupId>org.apache.nifi</groupId>
|
|
<artifactId>nifi-web</artifactId>
|
|
<version>1.15.0-SNAPSHOT</version>
|
|
</parent>
|
|
<artifactId>nifi-web-security</artifactId>
|
|
<build>
|
|
<resources>
|
|
<resource>
|
|
<directory>src/main/resources</directory>
|
|
</resource>
|
|
<resource>
|
|
<directory>src/main/xsd</directory>
|
|
</resource>
|
|
</resources>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-jar-plugin</artifactId>
|
|
<version>3.1.1</version>
|
|
<executions>
|
|
<execution>
|
|
<goals>
|
|
<goal>test-jar</goal>
|
|
</goals>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.codehaus.mojo</groupId>
|
|
<artifactId>jaxb2-maven-plugin</artifactId>
|
|
<executions>
|
|
<execution>
|
|
<id>current</id>
|
|
<goals>
|
|
<goal>xjc</goal>
|
|
</goals>
|
|
<configuration>
|
|
<packageName>org.apache.nifi.authentication.generated</packageName>
|
|
</configuration>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.maven.plugins</groupId>
|
|
<artifactId>maven-checkstyle-plugin</artifactId>
|
|
<configuration>
|
|
<excludes>**/authentication/generated/*.java,</excludes>
|
|
</configuration>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.apache.rat</groupId>
|
|
<artifactId>apache-rat-plugin</artifactId>
|
|
<configuration>
|
|
<excludes combine.children="append">
|
|
<exclude>src/test/resources/saml/sso-circle-meta.xml</exclude>
|
|
</excludes>
|
|
</configuration>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
<profiles>
|
|
<profile>
|
|
<!-- This profile, activating when compiling on Java versions above 1.8, provides configuration changes to
|
|
allow NiFi to be compiled on those JDKs. -->
|
|
<id>jigsaw</id>
|
|
<activation>
|
|
<jdk>(1.8,)</jdk>
|
|
</activation>
|
|
<build>
|
|
<plugins>
|
|
<plugin>
|
|
<groupId>org.codehaus.mojo</groupId>
|
|
<artifactId>jaxb2-maven-plugin</artifactId>
|
|
<executions>
|
|
<execution>
|
|
<id>current</id>
|
|
<configuration>
|
|
<skipXjc>true</skipXjc>
|
|
</configuration>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
<plugin>
|
|
<groupId>org.jvnet.jaxb2.maven2</groupId>
|
|
<artifactId>maven-jaxb2-plugin</artifactId>
|
|
<executions>
|
|
<execution>
|
|
<id>current</id>
|
|
<goals>
|
|
<goal>generate</goal>
|
|
</goals>
|
|
<configuration>
|
|
<generatePackage>org.apache.nifi.authentication.generated</generatePackage>
|
|
<schemaDirectory>src/main/xsd</schemaDirectory>
|
|
</configuration>
|
|
</execution>
|
|
</executions>
|
|
</plugin>
|
|
</plugins>
|
|
</build>
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>javax.xml.bind</groupId>
|
|
<artifactId>jaxb-api</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.sun.xml.bind</groupId>
|
|
<artifactId>jaxb-core</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.sun.xml.bind</groupId>
|
|
<artifactId>jaxb-impl</artifactId>
|
|
</dependency>
|
|
</dependencies>
|
|
</profile>
|
|
</profiles>
|
|
<dependencies>
|
|
<dependency>
|
|
<groupId>org.apache.nifi</groupId>
|
|
<artifactId>nifi-administration</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.nifi</groupId>
|
|
<artifactId>nifi-nar-utils</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.nifi</groupId>
|
|
<artifactId>nifi-api</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.nifi</groupId>
|
|
<artifactId>nifi-framework-api</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.nifi</groupId>
|
|
<artifactId>nifi-web-utils</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.nifi</groupId>
|
|
<artifactId>nifi-security-utils</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.nifi</groupId>
|
|
<artifactId>nifi-framework-core</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.apache.nifi</groupId>
|
|
<artifactId>nifi-framework-authorization</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.bouncycastle</groupId>
|
|
<artifactId>bcprov-jdk15on</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.bouncycastle</groupId>
|
|
<artifactId>bcpkix-jdk15on</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.google.guava</groupId>
|
|
<artifactId>guava</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework</groupId>
|
|
<artifactId>spring-jdbc</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework</groupId>
|
|
<artifactId>spring-web</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security</groupId>
|
|
<artifactId>spring-security-core</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security</groupId>
|
|
<artifactId>spring-security-config</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security</groupId>
|
|
<artifactId>spring-security-web</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>javax.servlet</groupId>
|
|
<artifactId>javax.servlet-api</artifactId>
|
|
<scope>provided</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security.extensions</groupId>
|
|
<artifactId>spring-security-saml2-core</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security.kerberos</groupId>
|
|
<artifactId>spring-security-kerberos-core</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security</groupId>
|
|
<artifactId>spring-security-oauth2-resource-server</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security</groupId>
|
|
<artifactId>spring-security-oauth2-core</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework.security</groupId>
|
|
<artifactId>spring-security-oauth2-jose</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.slf4j</groupId>
|
|
<artifactId>jcl-over-slf4j</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.nimbusds</groupId>
|
|
<artifactId>oauth2-oidc-sdk</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>javax.ws.rs</groupId>
|
|
<artifactId>javax.ws.rs-api</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.glassfish.jersey.core</groupId>
|
|
<artifactId>jersey-client</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.glassfish.jersey.media</groupId>
|
|
<artifactId>jersey-media-json-jackson</artifactId>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>com.fasterxml.jackson.datatype</groupId>
|
|
<artifactId>jackson-datatype-jsr310</artifactId>
|
|
<version>${jackson.version}</version>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.codehaus.jettison</groupId>
|
|
<artifactId>jettison</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.springframework</groupId>
|
|
<artifactId>spring-test</artifactId>
|
|
<version>${spring.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.eclipse.jetty</groupId>
|
|
<artifactId>jetty-servlet</artifactId>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
<dependency>
|
|
<groupId>org.codehaus.groovy</groupId>
|
|
<artifactId>groovy-json</artifactId>
|
|
<version>${nifi.groovy.version}</version>
|
|
<scope>test</scope>
|
|
</dependency>
|
|
</dependencies>
|
|
</project>
|