You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2014/12/23 21:37:45 UTC
[12/14] incubator-nifi git commit: NIFI-65: - Code clean up.
NIFI-65:
- Code clean up.
Project: http://git-wip-us.apache.org/repos/asf/incubator-nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-nifi/commit/2436b533
Tree: http://git-wip-us.apache.org/repos/asf/incubator-nifi/tree/2436b533
Diff: http://git-wip-us.apache.org/repos/asf/incubator-nifi/diff/2436b533
Branch: refs/heads/develop
Commit: 2436b5338ecf1752c0f5b51646f59c9a985ceb9c
Parents: 469502f
Author: Matt Gilman <ma...@gmail.com>
Authored: Tue Dec 23 13:46:48 2014 -0500
Committer: Matt Gilman <ma...@gmail.com>
Committed: Tue Dec 23 13:46:48 2014 -0500
----------------------------------------------------------------------
.../authorization/NiFiAuthorizationService.java | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/2436b533/nar-bundles/framework-bundle/framework/web/web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
----------------------------------------------------------------------
diff --git a/nar-bundles/framework-bundle/framework/web/web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java b/nar-bundles/framework-bundle/framework/web/web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
index 33c4eb6..dec7c4b 100644
--- a/nar-bundles/framework-bundle/framework/web/web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
+++ b/nar-bundles/framework-bundle/framework/web/web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
@@ -51,10 +51,12 @@ public class NiFiAuthorizationService implements UserDetailsService {
private NiFiProperties properties;
/**
- * Loads the user details for the specified dn. Method must be synchronized
- * since multiple requests from the same user may be sent simultaneously.
- * Since we don't want to run the account verification process multiple for
- * the same user, we treat each request atomically.
+ * Loads the user details for the specified dn.
+ *
+ * Synchronizing because we want each request to be authorized atomically since
+ * each may contain any number of DNs. We wanted an access decision made
+ * for each individual request as a whole (without other request potentially
+ * impacting it).
*
* @param rawProxyChain
* @return
@@ -111,6 +113,12 @@ public class NiFiAuthorizationService implements UserDetailsService {
throw new UsernameNotFoundException(String.format("An account request was generated for the proxy '%s'.", dn));
} catch (AdministrationException ae) {
throw new AuthenticationServiceException(String.format("Unable to create an account request for '%s': %s", dn, ae.getMessage()), ae);
+ } catch (IllegalArgumentException iae) {
+ // check then modified... account didn't exist when getting the user details but did when
+ // attempting to auto create the user account request
+ final String message = String.format("Account request was already submitted for '%s'", dn);
+ logger.warn(message);
+ throw new AccountStatusException(message) {};
}
} else {
logger.warn(String.format("Untrusted proxy '%s' must be authorized with '%s' authority: %s", dn, Authority.ROLE_PROXY.toString(), unfe.getMessage()));
@@ -147,8 +155,7 @@ public class NiFiAuthorizationService implements UserDetailsService {
} catch (AdministrationException ase) {
throw new AuthenticationServiceException(String.format("An error occurred while accessing the user credentials for '%s': %s", dn, ase.getMessage()), ase);
} catch (AccountDisabledException | AccountPendingException e) {
- throw new AccountStatusException(e.getMessage(), e) {
- };
+ throw new AccountStatusException(e.getMessage(), e) {};
} catch (AccountNotFoundException anfe) {
throw new UsernameNotFoundException(anfe.getMessage());
}