NIFI-6280 - Broke out the matching for /access/knox/** and /access/oi… #3482
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…dc/** to allow the Jetty security filters to be applied in the /access/oidc/logout and /access/knox/logout cases. NIFI-6280 - Updated terminology in JwtAuthenticationFilter to authentication instead of authorization. Added stricter token parsing using an explicit regex pattern. Added tests. NIFI-6280 - Updated terminology from Authorization to Authentication. NIFI-6280 - Updated the access logout method to use getNiFiUserIdentity(). Updated javascript logout method to handle errors. NIFI-6280 - Fixing checkstyle issues
alopresto
requested changes
May 17, 2019
...fi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
Show resolved
Hide resolved
...fi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
Show resolved
Hide resolved
...i-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/ProxiedEntitiesUtils.java
Show resolved
Hide resolved
...b/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
Show resolved
Hide resolved
...ifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
Outdated
Show resolved
Hide resolved
...ifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
Outdated
Show resolved
Hide resolved
...ifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
Show resolved
Hide resolved
...security/src/test/groovy/org/apache/nifi/web/security/jwt/JwtAuthenticationFilterTest.groovy
Outdated
Show resolved
Hide resolved
...security/src/test/groovy/org/apache/nifi/web/security/jwt/JwtAuthenticationFilterTest.groovy
Outdated
Show resolved
Hide resolved
...security/src/test/groovy/org/apache/nifi/web/security/jwt/JwtAuthenticationFilterTest.groovy
Outdated
Show resolved
Hide resolved
…iables for clarity. Fixed handling of exception when JWT does not match expected format.
|
Thanks Nathan. I ran this locally and it behaved well; and all the tests pass. I think there are still some outstanding requests on |
… back to authorizationHeader.
…out action, and cleaned up Groovy syntax in test.
|
Resolved the merge conflict and merged. Thanks Nathan. |
gideonkorir
pushed a commit
to gideonkorir/nifi
that referenced
this pull request
May 23, 2019
Squashed commit of the following: commit 66d4658f943c9b5be7a4303450f6ae1e90c40724 Merge: 58f96af fe68d43 Author: gkkorir <gkkorir@Safaricom.co.ke> Date: Thu May 23 10:18:15 2019 +0300 Merge remote-tracking branch 'apache/master' into NIFI-6295 commit 58f96af Author: gkkorir <gkkorir@Safaricom.co.ke> Date: Thu May 23 09:58:36 2019 +0300 Fix NiFiRecordSerDe deserialization of record Squashed commit of the following: commit 3373085 Merge: d04fd4c c470608 Author: gkkorir <gkkorir@Safaricom.co.ke> Date: Wed May 22 16:30:24 2019 +0300 Merge remote-tracking branch 'apache/master' into NIFI-6295 commit d04fd4c Author: gkkorir <gkkorir@Safaricom.co.ke> Date: Wed May 22 16:30:00 2019 +0300 fixed nested structs, arrays and maps in NiFiRecordSerde, added unit tests and fixed broken tests commit c470608 Author: Koji Kawamura <ijokarumawak@apache.org> Date: Wed May 22 16:07:17 2019 +0900 NIFI-6035 Fix check-style issue commit 81ddd02 Author: Aaron Leon <aaronleon@u.northwestern.edu> Date: Thu Apr 4 23:23:33 2019 -0500 NIFI-6100 Use setBytes in JdbcCommon for binary types This closes apache#3410 Signed-off-by: Mike Thomsen <mikerthomsen@gmail.com> commit 8245bc3 Author: Mark Payne <markap14@hotmail.com> Date: Tue May 21 11:03:21 2019 -0400 NIFI-5922: Ensure that we import any default variable values on flow import commit 650c6aa Author: samhjelmfelt <samhjelmfelt@yahoo.com> Date: Mon May 20 16:07:22 2019 -0700 Small fix after rebase commit 60b8fca Author: Mark Payne <markap14@hotmail.com> Date: Tue May 14 11:37:50 2019 -0400 NIFI-5922: Bug fixes; initialize, setup, and enable controller services; code cleanup commit 146689b Author: samhjelmfelt <samhjelmfelt@yahoo.com> Date: Mon Apr 8 15:16:52 2019 -0700 NIFI-5922: Renaming from NiFi-Fn to NiFi-Stateless Fixed docker image and moved it into the nifi-docker project Fixed Docker container, YARN runtime, and OpenWhisk runtime commit cbafd8f Author: Mark Payne <markap14@hotmail.com> Date: Fri Jan 11 09:38:49 2019 -0500 NIFI-5922: Addressed checkstyle violations; added to README Updates to nifi-fn proposal: - Separated into nifi-fn-core, nifi-fn-bootstrap, nifi-fn-nar, nifi-fn-assembly; fully unpacks nars and runs flows - Rebased against master and updated to version 1.10.0-SNAPSHOT - Removed dependency on nifi-framework-core - Added LICENSE/NOTICE files commit 417b395 Author: Sam Hjelmfelt <shjelmfelt@hortonworks.com> Date: Wed Jan 2 16:42:36 2019 -0800 NIFI-5922: First Commit for NiFi-Stateless commit 4d18eaa Author: archon <qq349074225@live.com> Date: Mon May 20 21:59:03 2019 +0800 NIFI-6035: 1. Add formatWithTimeZone() and toDateWithTimeZone(); 2. Their test code and docs. This closes apache#3481 Signed-off-by: Mike Thomsen <mikerthomsen@gmail.com> commit 4b509aa Author: Otto Fowler <ottobackwards@gmail.com> Date: Wed Mar 27 16:46:24 2019 -0400 NIFI-3221 This closes apache#3396. Add a new property for setting the argument passing strategy, either the existing parameter, or by adding new dynamic parameters, along with implementation and tests This allows for passing arguments with quotes. Signed-off-by: Joe Witt <joewitt@apache.org> commit d1fd1f5 Author: Michael Karpel <plexaikm@gmail.com> Date: Sun May 12 11:31:02 2019 +0300 Support for flowfile attribute in TABLE_NAME This closes apache#3472 Signed-off-by: Mike Thomsen <mikerthomsen@gmail.com> commit f08c2ee Author: Mark Payne <markap14@hotmail.com> Date: Mon May 13 11:28:21 2019 -0400 NIFI-6285: Addressed issue that resulted in swapped data not being swapped back in if load balancing strategy changed while data was swapped out; added integration tests for swapping. In testing, also encountered an issue with data being swapped out while swap files were being recovered causing the queue size to be wrong and causing errors about not being able to swap data in, because it attempted to swap the data in twice. This closes apache#3473. Signed-off-by: Bryan Bende <bbende@apache.org> commit 595835f Author: Alan Jackoway <alanj@cloudera.com> Date: Thu May 9 09:57:47 2019 -0400 NIFI-6281 Rename ISO8061_INSTANT_VALIDATOR to ISO8601_INSTANT_VALIDATOR ISO8061_INSTANT_VALIDATOR was misnamed - the correct standard is ISO 8601. Also updated the error messages to have spaces in them, which is how the ISO site displays them. This closes apache#3465 Signed-off-by: Mike Thomsen <mikerthomsen@gmail.com> commit 7825e40 Author: Bryan Bende <bbende@apache.org> Date: Mon May 6 09:59:36 2019 -0400 NIFI-6262 - Upgrade to nifi-nar-maven-plugin 1.3.1 This closes apache#3463. commit 3a6e28e Author: Endre Zoltan Kovacs <ekovacs@hortonworks.com> Date: Fri May 10 16:02:48 2019 +0200 NIFI-6289: using charset for byte encoding in ExecuteSparkInteractive This closes apache#3468 Signed-off-by: Mike Thomsen <mikerthomsen@gmail.com> commit 12e2102 Author: Troy Melhase <troy@troy.io> Date: Thu May 9 18:04:05 2019 -0800 NIFI-4247 Support ranges in `tls-toolkit` SAN cli option. This closes apache#3466. Signed-off-by: Andy LoPresto <alopresto@apache.org> commit 95fd148 Author: Scott Aslan <scottyaslan@gmail.com> Date: Fri May 10 18:30:34 2019 -0400 [NIFI-6292] update variables slickgrid table row ids This closes apache#3469 commit fe68d43 Author: thenatog <thenatog@gmail.com> Date: Thu May 16 13:19:47 2019 -0400 NIFI-6280 - Broke out the matching for /access/knox/** and /access/oidc/** to allow the Jetty security filters to be applied in the /access/oidc/logout and /access/knox/logout cases. NIFI-6280 - Updated terminology in JwtAuthenticationFilter to authentication instead of authorization. Added stricter token parsing using an explicit regex pattern. Added tests. NIFI-6280 - Updated terminology from Authorization to Authentication. NIFI-6280 - Updated the access logout method to use getNiFiUserIdentity(). Updated javascript logout method to handle errors. NIFI-6280 - Fixing checkstyle issues. NIFI-6280 - Added some javadoc comments and logging. Renamed some variables for clarity. Fixed handling of exception when JWT does not match expected format. NIFI-6280 - Cleaned up checkstyle, increased log severity level for logout action, and cleaned up Groovy syntax in test. This closes apache#3482. Signed-off-by: Andy LoPresto <alopresto@apache.org> commit 8a50cb1 Author: Koji Kawamura <ijokarumawak@apache.org> Date: Wed Oct 31 11:56:27 2018 +0900 NIFI-2933 Remote input/output ports at any PG Specify remote access at port creation. Incorporated comments, and finished refactoring. Renamed RootGroupPort to PublicPort. Fix error message for creating a connection from a child PG having only PublicPorts. Enhanced ProcessGroup instances rendered in the parent ProcessGroup Loosen Port move check, allow moving public port between PG. Show 'Remote NiFi Instance' info on Connection dialogs Make labels narrative. 'Within Remote Group'. Fixed DTO (de)serialization. Return null only if all values are null. This closes apache#3351. Signed-off-by: Mark Payne <markap14@hotmail.com> commit a97766d Author: Matt Gilman <matt.c.gilman@gmail.com> Date: Thu May 16 10:02:01 2019 -0400 NIFI-6302: - Ensuring Process Group contents are pruned when appropriate. This closes apache#3477. Signed-off-by: Mark Payne <markap14@hotmail.com> commit c470608 Author: Koji Kawamura <ijokarumawak@apache.org> Date: Wed May 22 16:07:17 2019 +0900 NIFI-6035 Fix check-style issue commit 81ddd02 Author: Aaron Leon <aaronleon@u.northwestern.edu> Date: Thu Apr 4 23:23:33 2019 -0500 NIFI-6100 Use setBytes in JdbcCommon for binary types This closes apache#3410 Signed-off-by: Mike Thomsen <mikerthomsen@gmail.com> commit 8245bc3 Author: Mark Payne <markap14@hotmail.com> Date: Tue May 21 11:03:21 2019 -0400 NIFI-5922: Ensure that we import any default variable values on flow import commit 650c6aa Author: samhjelmfelt <samhjelmfelt@yahoo.com> Date: Mon May 20 16:07:22 2019 -0700 Small fix after rebase commit 60b8fca Author: Mark Payne <markap14@hotmail.com> Date: Tue May 14 11:37:50 2019 -0400 NIFI-5922: Bug fixes; initialize, setup, and enable controller services; code cleanup commit 146689b Author: samhjelmfelt <samhjelmfelt@yahoo.com> Date: Mon Apr 8 15:16:52 2019 -0700 NIFI-5922: Renaming from NiFi-Fn to NiFi-Stateless Fixed docker image and moved it into the nifi-docker project Fixed Docker container, YARN runtime, and OpenWhisk runtime commit cbafd8f Author: Mark Payne <markap14@hotmail.com> Date: Fri Jan 11 09:38:49 2019 -0500 NIFI-5922: Addressed checkstyle violations; added to README Updates to nifi-fn proposal: - Separated into nifi-fn-core, nifi-fn-bootstrap, nifi-fn-nar, nifi-fn-assembly; fully unpacks nars and runs flows - Rebased against master and updated to version 1.10.0-SNAPSHOT - Removed dependency on nifi-framework-core - Added LICENSE/NOTICE files commit 417b395 Author: Sam Hjelmfelt <shjelmfelt@hortonworks.com> Date: Wed Jan 2 16:42:36 2019 -0800 NIFI-5922: First Commit for NiFi-Stateless commit 4d18eaa Author: archon <qq349074225@live.com> Date: Mon May 20 21:59:03 2019 +0800 NIFI-6035: 1. Add formatWithTimeZone() and toDateWithTimeZone(); 2. Their test code and docs. This closes apache#3481 Signed-off-by: Mike Thomsen <mikerthomsen@gmail.com> commit 4b509aa Author: Otto Fowler <ottobackwards@gmail.com> Date: Wed Mar 27 16:46:24 2019 -0400 NIFI-3221 This closes apache#3396. Add a new property for setting the argument passing strategy, either the existing parameter, or by adding new dynamic parameters, along with implementation and tests This allows for passing arguments with quotes. Signed-off-by: Joe Witt <joewitt@apache.org> commit d1fd1f5 Author: Michael Karpel <plexaikm@gmail.com> Date: Sun May 12 11:31:02 2019 +0300 Support for flowfile attribute in TABLE_NAME This closes apache#3472 Signed-off-by: Mike Thomsen <mikerthomsen@gmail.com> commit f08c2ee Author: Mark Payne <markap14@hotmail.com> Date: Mon May 13 11:28:21 2019 -0400 NIFI-6285: Addressed issue that resulted in swapped data not being swapped back in if load balancing strategy changed while data was swapped out; added integration tests for swapping. In testing, also encountered an issue with data being swapped out while swap files were being recovered causing the queue size to be wrong and causing errors about not being able to swap data in, because it attempted to swap the data in twice. This closes apache#3473. Signed-off-by: Bryan Bende <bbende@apache.org> commit 595835f Author: Alan Jackoway <alanj@cloudera.com> Date: Thu May 9 09:57:47 2019 -0400 NIFI-6281 Rename ISO8061_INSTANT_VALIDATOR to ISO8601_INSTANT_VALIDATOR ISO8061_INSTANT_VALIDATOR was misnamed - the correct standard is ISO 8601. Also updated the error messages to have spaces in them, which is how the ISO site displays them. This closes apache#3465 Signed-off-by: Mike Thomsen <mikerthomsen@gmail.com> commit 7825e40 Author: Bryan Bende <bbende@apache.org> Date: Mon May 6 09:59:36 2019 -0400 NIFI-6262 - Upgrade to nifi-nar-maven-plugin 1.3.1 This closes apache#3463. commit 3a6e28e Author: Endre Zoltan Kovacs <ekovacs@hortonworks.com> Date: Fri May 10 16:02:48 2019 +0200 NIFI-6289: using charset for byte encoding in ExecuteSparkInteractive This closes apache#3468 Signed-off-by: Mike Thomsen <mikerthomsen@gmail.com> commit 12e2102 Author: Troy Melhase <troy@troy.io> Date: Thu May 9 18:04:05 2019 -0800 NIFI-4247 Support ranges in `tls-toolkit` SAN cli option. This closes apache#3466. Signed-off-by: Andy LoPresto <alopresto@apache.org> commit 95fd148 Author: Scott Aslan <scottyaslan@gmail.com> Date: Fri May 10 18:30:34 2019 -0400 [NIFI-6292] update variables slickgrid table row ids This closes apache#3469
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…dc/** to allow the Jetty security filters to be applied in the /access/oidc/logout and /access/knox/logout cases.
NIFI-6280 - Updated terminology in JwtAuthenticationFilter to authentication instead of authorization. Added stricter token parsing using an explicit regex pattern. Added tests.
NIFI-6280 - Updated terminology from Authorization to Authentication.
NIFI-6280 - Updated the access logout method to use getNiFiUserIdentity(). Updated javascript logout method to handle errors.
NIFI-6280 - Fixing checkstyle issues
Thank you for submitting a contribution to Apache NiFi.
In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:
For all changes:
Is there a JIRA ticket associated with this PR? Is it referenced
in the commit message?
Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
Has your PR been rebased against the latest commit within the target branch (typically master)?
Is your initial contribution a single, squashed commit?
For code changes:
For documentation related changes:
Note:
Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.