You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2020/02/12 14:43:40 UTC

[GitHub] [nifi-registry] bbende opened a new pull request #258: NIFIREG-358 Refactoring proxy authorization to be part of Authorizables

bbende opened a new pull request #258: NIFIREG-358 Refactoring proxy authorization to be part of Authorizables
URL: https://github.com/apache/nifi-registry/pull/258
 
 
   - Remove framework authorizer
   - Introduce ProxyChainAuthorizable to wrap all Authorizables
   - Introduce PublicResourceAuthorizable to wrap bucket Authorizable

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [nifi-registry] bbende commented on a change in pull request #258: NIFIREG-358 Refactoring proxy authorization to be part of Authorizables

Posted by GitBox <gi...@apache.org>.

bbende commented on a change in pull request #258: NIFIREG-358 Refactoring proxy authorization to be part of Authorizables
URL: https://github.com/apache/nifi-registry/pull/258#discussion_r378295031
 
 

 ##########
 File path: nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/resource/Authorizable.java
 ##########
 @@ -211,18 +205,10 @@ default void authorize(Authorizer authorizer, RequestAction action, NiFiUser use
             userContext = null;
         }
 
-        final List<String> proxyChain = new ArrayList<>();
-        NiFiUser proxyUser = user.getChain();
-        while (proxyUser  != null) {
-            proxyChain.add(proxyUser.getIdentity());
-            proxyUser = proxyUser.getChain();
-        }
 
 Review comment:
   Do we consider this a breaking change?
   
   In 0.5.0 we added the proxyIdentities field and build methods to AuthorizationRequest. I left those there, but stopped populating them since we don't want to use them anymore. So it won't break compilation if some was using those, but they won't have values anymore. I can put this back if we want to leave it.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [nifi-registry] kevdoran commented on a change in pull request #258: NIFIREG-358 Refactoring proxy authorization to be part of Authorizables

Posted by GitBox <gi...@apache.org>.

kevdoran commented on a change in pull request #258: NIFIREG-358 Refactoring proxy authorization to be part of Authorizables
URL: https://github.com/apache/nifi-registry/pull/258#discussion_r382206875
 
 

 ##########
 File path: nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/resource/Authorizable.java
 ##########
 @@ -211,18 +205,10 @@ default void authorize(Authorizer authorizer, RequestAction action, NiFiUser use
             userContext = null;
         }
 
-        final List<String> proxyChain = new ArrayList<>();
-        NiFiUser proxyUser = user.getChain();
-        while (proxyUser  != null) {
-            proxyChain.add(proxyUser.getIdentity());
-            proxyUser = proxyUser.getChain();
-        }
 
 Review comment:
   Good question. I would not consider this a breaking change given that the provider processing the authorization request will have to make an authorization decision based on the information that is passed in, and the responsibility for authorizing proxies has been moved so that it is no longer a concern for the provider impls.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [nifi-registry] kevdoran commented on issue #258: NIFIREG-358 Refactoring proxy authorization to be part of Authorizables

Posted by GitBox <gi...@apache.org>.

kevdoran commented on issue #258: NIFIREG-358 Refactoring proxy authorization to be part of Authorizables
URL: https://github.com/apache/nifi-registry/pull/258#issuecomment-585768489
 
 
   Reviewing...

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

[GitHub] [nifi-registry] kevdoran closed pull request #258: NIFIREG-358 Refactoring proxy authorization to be part of Authorizables

Posted by GitBox <gi...@apache.org>.

kevdoran closed pull request #258: NIFIREG-358 Refactoring proxy authorization to be part of Authorizables
URL: https://github.com/apache/nifi-registry/pull/258
 
 
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services