You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2015/11/27 20:13:50 UTC
nifi git commit: NIFI-655: - Ensuring anonymous user label and login
links are rendered when appropriate. - Ensuring responses are accurate when
making requests with a token when user log in is not supported.
Repository: nifi
Updated Branches:
refs/heads/NIFI-655 c1cc165ed -> 64beeef59
NIFI-655:
- Ensuring anonymous user label and login links are rendered when appropriate.
- Ensuring responses are accurate when making requests with a token when user log in is not supported.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/64beeef5
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/64beeef5
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/64beeef5
Branch: refs/heads/NIFI-655
Commit: 64beeef5937e972c502888abc84adf1328295d04
Parents: c1cc165
Author: Matt Gilman <ma...@gmail.com>
Authored: Fri Nov 27 14:13:40 2015 -0500
Committer: Matt Gilman <ma...@gmail.com>
Committed: Fri Nov 27 14:13:40 2015 -0500
----------------------------------------------------------------------
.../web/NiFiWebApiSecurityConfiguration.java | 15 +++++-----
.../org/apache/nifi/web/api/AccessResource.java | 5 ++++
.../security/jwt/JwtAuthenticationFilter.java | 4 +++
.../nifi-web-ui/src/main/webapp/css/header.css | 1 +
.../webapp/js/nf/canvas/nf-canvas-header.js | 31 ++++++++++----------
.../src/main/webapp/js/nf/login/nf-login.js | 2 +-
6 files changed, 34 insertions(+), 24 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/64beeef5/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
index 73e9640..0680b74 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
@@ -93,10 +93,8 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
// x509
http.addFilterAfter(x509FilterBean(), AnonymousAuthenticationFilter.class);
- // jwt - consider when configured for log in
- if (loginIdentityProvider != null) {
- http.addFilterAfter(jwtFilterBean(), AnonymousAuthenticationFilter.class);
- }
+ // jwt
+ http.addFilterAfter(jwtFilterBean(), AnonymousAuthenticationFilter.class);
}
@Bean
@@ -124,12 +122,15 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
@Bean
public JwtAuthenticationFilter jwtFilterBean() throws Exception {
- // only consider the jwt authentication filter when configured for login
- if (jwtAuthenticationFilter == null && loginIdentityProvider != null) {
+ if (jwtAuthenticationFilter == null) {
jwtAuthenticationFilter = new JwtAuthenticationFilter();
jwtAuthenticationFilter.setProperties(properties);
- jwtAuthenticationFilter.setJwtService(jwtService);
jwtAuthenticationFilter.setAuthenticationManager(authenticationManager());
+
+ // only consider the tokens when configured for login
+ if (loginIdentityProvider != null) {
+ jwtAuthenticationFilter.setJwtService(jwtService);
+ }
}
return jwtAuthenticationFilter;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/64beeef5/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
index 326aa00..f2b23c2 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
@@ -190,6 +190,11 @@ public class AccessResource extends ApplicationResource {
accessStatus.setStatus(AccessStatusDTO.Status.UNKNOWN.name());
accessStatus.setMessage("No credentials supplied, unknown user.");
} else {
+ // not currently configured for username/password login, don't accept existing tokens
+ if (loginIdentityProvider == null) {
+ throw new IllegalStateException("This NiFi is not configured to support username/password logins.");
+ }
+
try {
// Extract the Base64 encoded token from the Authorization header
final String token = StringUtils.substringAfterLast(authorization, " ");
http://git-wip-us.apache.org/repos/asf/nifi/blob/64beeef5/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
index 20675fb..246cbd7 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
@@ -56,6 +56,10 @@ public class JwtAuthenticationFilter extends NiFiAuthenticationFilter {
if (authorization == null) {
return null;
} else {
+ if (jwtService == null) {
+ throw new InvalidAuthenticationException("NiFi is not configured to support username/password logins.");
+ }
+
// Extract the Base64 encoded token from the Authorization header
final String token = StringUtils.substringAfterLast(authorization, " ");
http://git-wip-us.apache.org/repos/asf/nifi/blob/64beeef5/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css
index e0f8347..200f6bb 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css
@@ -521,6 +521,7 @@ div.search-glass-pane {
font-weight: bold;
max-width: 250px;
text-overflow: ellipsis;
+ line-height: normal;
overflow: hidden;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/64beeef5/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-header.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-header.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-header.js
index 7d63534..09cf3c5 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-header.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-header.js
@@ -141,28 +141,27 @@ nf.CanvasHeader = (function () {
nf.Shell.showPage(config.urls.helpDocument);
});
- // show the login link if supported and user is currently anonymous
- var isAnonymous = $('#current-user').text() === nf.Common.ANONYMOUS_USER_TEXT;
- if (supportsLogin === true && isAnonymous) {
- // login link
- $('#login-link').click(function () {
- nf.Shell.showPage('login', false);
- });
- } else {
- $('#login-link-container').css('display', 'none');
- }
-
- // if login is not supported, don't show the current user
- if (supportsLogin === false) {
- $('#current-user-container').css('display', 'none');
- }
-
+ // login link
+ $('#login-link').click(function () {
+ nf.Shell.showPage('login', false);
+ });
+
// logout link
$('#logout-link').click(function () {
nf.Storage.removeItem("jwt");
window.location = '/nifi';
});
+ // if the user is not anonymous or accessing via http
+ if ($('#current-user').text() !== nf.Common.ANONYMOUS_USER_TEXT || location.protocol === 'http:') {
+ $('#login-link-container').css('display', 'none');
+ }
+
+ // if accessing via http, don't show the current user
+ if (location.protocol === 'http:') {
+ $('#current-user-container').css('display', 'none');
+ }
+
// initialize the new template dialog
$('#new-template-dialog').modal({
headerText: 'Create Template',
http://git-wip-us.apache.org/repos/asf/nifi/blob/64beeef5/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js
index f2c9d2a..697794c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js
@@ -285,7 +285,7 @@ nf.Login = (function () {
// if login is required, verify its supported
if (accessConfig.supportsLogin === false && needsLogin === true) {
$('#login-message-title').text('Access Denied');
- $('#login-message').text('This NiFi is not configured to support login.');
+ $('#login-message').text('This NiFi is not configured to support username/password logins.');
showMessage = true;
needsLogin = false;
}