You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2015/12/01 17:43:52 UTC
[14/51] [abbrv] nifi git commit: NIFI-655: - Fixing typo when loading
the ldap connect timeout. - Providing a better experience for session
expiration. - Using ellipsis for lengthly user name. - Adding an issuer to
the authentication response so the LIP
NIFI-655:
- Fixing typo when loading the ldap connect timeout.
- Providing a better experience for session expiration.
- Using ellipsis for lengthly user name.
- Adding an issuer to the authentication response so the LIP can specify the appropriate value.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/3da19813
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/3da19813
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/3da19813
Branch: refs/heads/master
Commit: 3da198135e432341eba36b072dfd0f7f6395b4c6
Parents: 0fa68a5
Author: Matt Gilman <ma...@gmail.com>
Authored: Wed Nov 18 15:44:47 2015 -0500
Committer: Matt Gilman <ma...@gmail.com>
Committed: Wed Nov 18 15:44:47 2015 -0500
----------------------------------------------------------------------
.../authentication/AuthenticationResponse.java | 9 +++++++-
.../org/apache/nifi/web/api/AccessResource.java | 6 ++---
.../util/NiFiTestLoginIdentityProvider.java | 2 +-
.../web/security/x509/X509IdentityProvider.java | 6 +++--
.../nifi-web-ui/src/main/webapp/css/header.css | 3 +++
.../src/main/webapp/js/nf/nf-common.js | 23 ++++++++++----------
.../java/org/apache/nifi/ldap/LdapProvider.java | 6 +++--
7 files changed, 33 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/3da19813/nifi-api/src/main/java/org/apache/nifi/authentication/AuthenticationResponse.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authentication/AuthenticationResponse.java b/nifi-api/src/main/java/org/apache/nifi/authentication/AuthenticationResponse.java
index a64947b..e9999fc 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authentication/AuthenticationResponse.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authentication/AuthenticationResponse.java
@@ -24,6 +24,7 @@ public class AuthenticationResponse {
private final String identity;
private final String username;
private final long expiration;
+ private final String issuer;
/**
* Creates an authentication response. The username and how long the authentication is valid in milliseconds
@@ -31,11 +32,13 @@ public class AuthenticationResponse {
* @param identity The user identity
* @param username The username
* @param expiration The expiration in milliseconds
+ * @param issuer The issuer of the token
*/
- public AuthenticationResponse(final String identity, final String username, final long expiration) {
+ public AuthenticationResponse(final String identity, final String username, final long expiration, final String issuer) {
this.identity = identity;
this.username = username;
this.expiration = expiration;
+ this.issuer = issuer;
}
public String getIdentity() {
@@ -46,6 +49,10 @@ public class AuthenticationResponse {
return username;
}
+ public String getIssuer() {
+ return issuer;
+ }
+
/**
* Returns the expiration of a given authentication in milliseconds.
*
http://git-wip-us.apache.org/repos/asf/nifi/blob/3da19813/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
index 5e52186..b486d74 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
@@ -336,8 +336,7 @@ public class AccessResource extends ApplicationResource {
}
// create the authentication token
- // TODO: Some Spring beans return "" for getClass().getSimpleName(). Using getName() temporarily, the way that NAR loader works, this value will always be an anonymous inner class
- loginAuthenticationToken = new LoginAuthenticationToken(authenticationResponse.getIdentity(), expiration, loginIdentityProvider.getClass().getName());
+ loginAuthenticationToken = new LoginAuthenticationToken(authenticationResponse.getIdentity(), expiration, authenticationResponse.getIssuer());
} catch (final InvalidLoginCredentialsException ilce) {
throw new IllegalArgumentException("The supplied username and password are not valid.", ilce);
} catch (final IdentityAccessException iae) {
@@ -358,8 +357,7 @@ public class AccessResource extends ApplicationResource {
authorizeProxyIfNecessary(proxyChain);
// create the authentication token
- // TODO: Some Spring beans return "" for getClass().getSimpleName(). Using getName() temporarilyy, the way that NAR loader works, this value will always be an anonymous inner class
- loginAuthenticationToken = new LoginAuthenticationToken(proxyChain.get(0), authenticationResponse.getExpiration(), certificateIdentityProvider.getClass().getName());
+ loginAuthenticationToken = new LoginAuthenticationToken(proxyChain.get(0), authenticationResponse.getExpiration(), authenticationResponse.getIssuer());
}
// generate JWT for response
http://git-wip-us.apache.org/repos/asf/nifi/blob/3da19813/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java
index 8ee51d9..c023ce1 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java
@@ -57,7 +57,7 @@ public class NiFiTestLoginIdentityProvider implements LoginIdentityProvider {
@Override
public AuthenticationResponse authenticate(LoginCredentials credentials) throws InvalidLoginCredentialsException, IdentityAccessException {
checkUser(credentials.getUsername(), credentials.getPassword());
- return new AuthenticationResponse(credentials.getUsername(), credentials.getUsername(), TimeUnit.MILLISECONDS.convert(1, TimeUnit.DAYS));
+ return new AuthenticationResponse(credentials.getUsername(), credentials.getUsername(), TimeUnit.MILLISECONDS.convert(1, TimeUnit.DAYS), getClass().getSimpleName());
}
@Override
http://git-wip-us.apache.org/repos/asf/nifi/blob/3da19813/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509IdentityProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509IdentityProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509IdentityProvider.java
index 75a94d3..cae1134 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509IdentityProvider.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509IdentityProvider.java
@@ -31,7 +31,9 @@ import org.springframework.security.web.authentication.preauth.x509.X509Principa
public class X509IdentityProvider {
private static final Logger logger = LoggerFactory.getLogger(X509IdentityProvider.class);
-
+
+ private final String issuer = getClass().getSimpleName();
+
private X509CertificateValidator certificateValidator;
private X509PrincipalExtractor principalExtractor;
@@ -77,7 +79,7 @@ public class X509IdentityProvider {
}
// build the authentication response
- return new AuthenticationResponse(principal, principal, TimeUnit.MILLISECONDS.convert(1, TimeUnit.DAYS));
+ return new AuthenticationResponse(principal, principal, TimeUnit.MILLISECONDS.convert(1, TimeUnit.DAYS), issuer);
}
/* setters */
http://git-wip-us.apache.org/repos/asf/nifi/blob/3da19813/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css
index 8f2450c..49dd3a0 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css
@@ -519,6 +519,9 @@ div.search-glass-pane {
float: left;
margin-right: 8px;
font-weight: bold;
+ max-width: 250px;
+ text-overflow: ellipsis;
+ overflow: hidden;
}
#utilities-container {
http://git-wip-us.apache.org/repos/asf/nifi/blob/3da19813/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js
index 9202819..d71c8ef 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js
@@ -155,7 +155,7 @@ nf.Common = (function () {
}
// set the interval to one hour
- var interval = 10 * nf.Common.MILLIS_PER_MINUTE;
+ var interval = nf.Common.MILLIS_PER_MINUTE;
var checkExpiration = function () {
var expiration = nf.Storage.getItemExpiration('jwt');
@@ -166,7 +166,7 @@ nf.Common = (function () {
var now = new Date();
// get the time remainging plus a little bonus time to reload the token
- var timeRemaining = expirationDate.valueOf() - now.valueOf() - nf.Common.MILLIS_PER_MINUTE;
+ var timeRemaining = expirationDate.valueOf() - now.valueOf() - (30 * nf.Common.MILLIS_PER_SECOND);
if (timeRemaining < interval) {
if ($('#current-user').text() !== nf.Common.ANONYMOUS_USER_TEXT && !$('#anonymous-user-alert').is(':visible')) {
// if the token will expire before the next interval minus some bonus time, notify the user to re-login
@@ -320,9 +320,6 @@ nf.Common = (function () {
// show the error pane
$('#message-pane').show();
-
- // close the canvas
- nf.Common.closeCanvas();
} else {
nf.Dialog.showOkDialog({
dialogContent: 'Your session has expired. Please press Ok to log in again.',
@@ -332,6 +329,9 @@ nf.Common = (function () {
}
});
}
+
+ // close the canvas
+ nf.Common.closeCanvas();
return;
}
@@ -424,19 +424,18 @@ nf.Common = (function () {
* Closes the canvas by removing the splash screen and stats poller.
*/
closeCanvas: function () {
+ if (nf.Storage.getItem('jwt') === null) {
+ $('#user-logout-container').hide();
+ } else {
+ $('#user-logout-container').show();
+ }
+
// ensure this javascript has been loaded in the nf canvas page
if (nf.Common.isDefinedAndNotNull(nf.Canvas)) {
// hide the splash screen if required
if ($('#splash').is(':visible')) {
nf.Canvas.hideSplash();
}
-
- // update the log out link accordingly
- if (nf.Storage.getItem('jwt') === null) {
- $('#user-logout-container').hide();
- } else {
- $('#user-logout-container').show();
- }
// hide the context menu
nf.ContextMenu.hide();
http://git-wip-us.apache.org/repos/asf/nifi/blob/3da19813/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
index cbd5ea4..f3abdb0 100644
--- a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
+++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
@@ -66,10 +66,12 @@ public class LdapProvider implements LoginIdentityProvider {
private static final String TLS = "TLS";
private AbstractLdapAuthenticationProvider provider;
+ private String issuer;
private long expiration;
@Override
public final void initialize(final LoginIdentityProviderInitializationContext initializationContext) throws ProviderCreationException {
+ this.issuer = getClass().getSimpleName();
}
@Override
@@ -251,9 +253,9 @@ public class LdapProvider implements LoginIdentityProvider {
// attempt to get the ldap user details to get the DN
if (authentication.getPrincipal() instanceof LdapUserDetails) {
final LdapUserDetails userDetails = (LdapUserDetails) authentication.getPrincipal();
- return new AuthenticationResponse(userDetails.getDn(), credentials.getUsername(), expiration);
+ return new AuthenticationResponse(userDetails.getDn(), credentials.getUsername(), expiration, issuer);
} else {
- return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration);
+ return new AuthenticationResponse(authentication.getName(), credentials.getUsername(), expiration, issuer);
}
} catch (final CommunicationException | AuthenticationServiceException e) {
logger.error(e.getMessage());