You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2014/12/23 21:37:45 UTC

[12/14] incubator-nifi git commit: NIFI-65: - Code clean up.

NIFI-65:
- Code clean up.

Project: http://git-wip-us.apache.org/repos/asf/incubator-nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-nifi/commit/2436b533
Tree: http://git-wip-us.apache.org/repos/asf/incubator-nifi/tree/2436b533
Diff: http://git-wip-us.apache.org/repos/asf/incubator-nifi/diff/2436b533

Branch: refs/heads/develop
Commit: 2436b5338ecf1752c0f5b51646f59c9a985ceb9c
Parents: 469502f
Author: Matt Gilman <ma...@gmail.com>
Authored: Tue Dec 23 13:46:48 2014 -0500
Committer: Matt Gilman <ma...@gmail.com>
Committed: Tue Dec 23 13:46:48 2014 -0500

----------------------------------------------------------------------
 .../authorization/NiFiAuthorizationService.java  | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/2436b533/nar-bundles/framework-bundle/framework/web/web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
----------------------------------------------------------------------
diff --git a/nar-bundles/framework-bundle/framework/web/web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java b/nar-bundles/framework-bundle/framework/web/web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
index 33c4eb6..dec7c4b 100644
--- a/nar-bundles/framework-bundle/framework/web/web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
+++ b/nar-bundles/framework-bundle/framework/web/web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
@@ -51,10 +51,12 @@ public class NiFiAuthorizationService implements UserDetailsService {
     private NiFiProperties properties;
 
     /**
-     * Loads the user details for the specified dn. Method must be synchronized
-     * since multiple requests from the same user may be sent simultaneously.
-     * Since we don't want to run the account verification process multiple for
-     * the same user, we treat each request atomically.
+     * Loads the user details for the specified dn. 
+     * 
+     * Synchronizing because we want each request to be authorized atomically since
+     * each may contain any number of DNs. We wanted an access decision made
+     * for each individual request as a whole (without other request potentially
+     * impacting it).
      *
      * @param rawProxyChain
      * @return
@@ -111,6 +113,12 @@ public class NiFiAuthorizationService implements UserDetailsService {
                             throw new UsernameNotFoundException(String.format("An account request was generated for the proxy '%s'.", dn));
                         } catch (AdministrationException ae) {
                             throw new AuthenticationServiceException(String.format("Unable to create an account request for '%s': %s", dn, ae.getMessage()), ae);
+                        } catch (IllegalArgumentException iae) {
+                            // check then modified... account didn't exist when getting the user details but did when
+                            // attempting to auto create the user account request
+                            final String message = String.format("Account request was already submitted for '%s'", dn);
+                            logger.warn(message);
+                            throw new AccountStatusException(message) {};
                         }
                     } else {
                         logger.warn(String.format("Untrusted proxy '%s' must be authorized with '%s' authority: %s", dn, Authority.ROLE_PROXY.toString(), unfe.getMessage()));
@@ -147,8 +155,7 @@ public class NiFiAuthorizationService implements UserDetailsService {
         } catch (AdministrationException ase) {
             throw new AuthenticationServiceException(String.format("An error occurred while accessing the user credentials for '%s': %s", dn, ase.getMessage()), ase);
         } catch (AccountDisabledException | AccountPendingException e) {
-            throw new AccountStatusException(e.getMessage(), e) {
-            };
+            throw new AccountStatusException(e.getMessage(), e) {};
         } catch (AccountNotFoundException anfe) {
             throw new UsernameNotFoundException(anfe.getMessage());
         }