You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by bbende <gi...@git.apache.org> on 2016/07/11 20:08:34 UTC

[GitHub] nifi pull request #628: NIFI-2003 Creating abstract authentication provider ...

GitHub user bbende opened a pull request:

    https://github.com/apache/nifi/pull/628

    NIFI-2003 Creating abstract authentication provider and incorporating\u2026

    \u2026 into existing providers
    
    NIFI-2201 Add support for seeding cluster nodes in authorizations.xml
    -Passing client address along in user context on authorization requests

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/bbende/nifi NIFI-2003

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/nifi/pull/628.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #628
    
----
commit 3cd7c616474a5ae464fd00325f8361321f5c83f8
Author: Bryan Bende <bb...@apache.org>
Date:   2016-06-16T15:51:00Z

    NIFI-2003 Creating abstract authentication provider and incorporating into existing providers
    NIFI-2201 Add support for seeding cluster nodes in authorizations.xml
    -Passing client address along in user context on authorization requests

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request #628: NIFI-2003 Creating abstract authentication provider ...

Posted by mcgilman <gi...@git.apache.org>.

Github user mcgilman commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/628#discussion_r70423287
  
    --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/StandardNiFiUser.java ---
    @@ -23,18 +23,20 @@
      */
     public class StandardNiFiUser implements NiFiUser {
     
    -    public static final StandardNiFiUser ANONYMOUS = new StandardNiFiUser("anonymous");
    +    public static final StandardNiFiUser ANONYMOUS = new StandardNiFiUser("anonymous", null);
     
         private final String identity;
         private final NiFiUser chain;
    +    private final String clientAddress;
     
    -    public StandardNiFiUser(String identity) {
    -        this(identity, null);
    +    public StandardNiFiUser(String identity, String clientAddress) {
    --- End diff --
    
    Should we offer another constructor for when we don't have a client address?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request #628: NIFI-2003 Creating abstract authentication provider ...

Posted by mcgilman <gi...@git.apache.org>.

Github user mcgilman commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/628#discussion_r70422981
  
    --- Diff: nifi-api/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java ---
    @@ -67,7 +69,8 @@ default boolean isAuthorized(Authorizer authorizer, RequestAction action, NiFiUs
          * @return is authorized
          */
         default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) {
    -        // TODO - include user details context
    +        final Map<String,String> userContext = new HashMap<>();
    +        userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
    --- End diff --
    
    I think we have some instances where the client address is not set on the user. We should probably not include the userContext in those cases.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi issue #628: NIFI-2003 Creating abstract authentication provider and inc...

Posted by mcgilman <gi...@git.apache.org>.

Github user mcgilman commented on the issue:

    https://github.com/apache/nifi/pull/628
  
    Thanks @bbende! This has been merge to master.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request #628: NIFI-2003 Creating abstract authentication provider ...

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/nifi/pull/628


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---