Repository: nifi Updated Branches: refs/heads/NIFI-655 e7a5e1822 -> 5e341214a
NIFI-655: - Moving NiFi registration to the login page. - Running the authentication filters in a different order to ensure we can disambiguate each case. - Starting to layout each case... Forbidden, Login, Create User, Create NiFi Account. Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/ade5dc9b Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/ade5dc9b Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/ade5dc9b Branch: refs/heads/NIFI-655 Commit: ade5dc9baccb55f9675d6ff64097c26a318f7da2 Parents: e7a5e18 Author: Matt Gilman <matt.c.gil...@gmail.com> Authored: Mon Nov 2 14:21:25 2015 -0500 Committer: Matt Gilman <matt.c.gil...@gmail.com> Committed: Mon Nov 2 14:21:25 2015 -0500 ---------------------------------------------------------------------- .../FileAuthorizationProvider.java | 48 ++++--- .../web/NiFiWebApiSecurityConfiguration.java | 56 +++++--- .../security/NiFiAuthenticationEntryPoint.java | 42 +++--- .../web/security/NiFiAuthenticationFilter.java | 72 +++++++++- .../security/NiFiAuthenticationProvider.java | 19 +-- .../anonymous/NiFiAnonymousUserFilter.java | 13 +- .../form/LoginAuthenticationFilter.java | 13 +- .../security/jwt/JwtAuthenticationProvider.java | 47 ------ .../x509/X509AuthenticationProvider.java | 47 ------ .../resources/nifi-web-security-context.xml | 6 + .../nifi-framework/nifi-web/nifi-web-ui/pom.xml | 2 - .../main/resources/filters/canvas.properties | 1 - .../src/main/webapp/WEB-INF/pages/canvas.jsp | 2 - .../src/main/webapp/WEB-INF/pages/login.jsp | 5 +- .../WEB-INF/partials/canvas/registration.jsp | 44 ------ .../WEB-INF/partials/login/login-form.jsp | 5 +- .../WEB-INF/partials/login/login-submission.jsp | 20 +++ .../partials/login/nifi-registration-form.jsp | 31 ++++ .../partials/login/registration-form.jsp | 19 --- .../partials/login/user-registration-form.jsp | 19 +++ .../nifi-web-ui/src/main/webapp/css/canvas.css | 1 - .../nifi-web-ui/src/main/webapp/css/login.css | 19 ++- .../src/main/webapp/css/registration.css | 45 ------ .../src/main/webapp/js/nf/canvas/nf-canvas.js | 75 +++++++--- .../main/webapp/js/nf/canvas/nf-registration.js | 71 ---------- .../src/main/webapp/js/nf/login/nf-login.js | 142 +++++++++++++++++-- .../src/main/webapp/js/nf/nf-common.js | 16 +-- 27 files changed, 475 insertions(+), 405 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/java/org/apache/nifi/authorization/FileAuthorizationProvider.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/java/org/apache/nifi/authorization/FileAuthorizationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/java/org/apache/nifi/authorization/FileAuthorizationProvider.java index 02a5e75..d06b85f 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/java/org/apache/nifi/authorization/FileAuthorizationProvider.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/java/org/apache/nifi/authorization/FileAuthorizationProvider.java @@ -113,21 +113,7 @@ public class FileAuthorizationProvider implements AuthorityProvider { return true; } - return authorizedUsers.hasUser(new HasUser() { - @Override - public boolean hasUser(List<NiFiUser> users) { - // attempt to get the user and ensure it was located - NiFiUser desiredUser = null; - for (final NiFiUser user : users) { - if (dn.equalsIgnoreCase(authorizedUsers.getUserIdentity(user))) { - desiredUser = user; - break; - } - } - - return desiredUser != null; - } - }); + return authorizedUsers.hasUser(new HasUserByIdentity(dn)); } @Override @@ -199,10 +185,8 @@ public class FileAuthorizationProvider implements AuthorityProvider { authorizedUsers.createUser(new CreateUser() { @Override public NiFiUser createUser() { - final NiFiUser user = authorizedUsers.getUser(new FindUserByIdentity(dn)); - // ensure the user doesn't already exist - if (user != null) { + if (authorizedUsers.hasUser(new HasUserByIdentity(dn))) { throw new IdentityAlreadyExistsException(String.format("User identity already exists: %s", dn)); } @@ -322,6 +306,34 @@ public class FileAuthorizationProvider implements AuthorityProvider { this.properties = properties; } + public class HasUserByIdentity implements HasUser { + + private final String identity; + + public HasUserByIdentity(String identity) { + // ensure the identity was specified + if (identity == null) { + throw new UnknownIdentityException("User identity not specified."); + } + + this.identity = identity; + } + + @Override + public boolean hasUser(List<NiFiUser> users) { + // attempt to get the user and ensure it was located + NiFiUser desiredUser = null; + for (final NiFiUser user : users) { + if (identity.equalsIgnoreCase(authorizedUsers.getUserIdentity(user))) { + desiredUser = user; + break; + } + } + + return desiredUser != null; + } + } + public class FindUserByIdentity implements FindUser { private final String identity; http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java index dcf2e71..7bafce0 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java @@ -25,12 +25,9 @@ import org.apache.nifi.web.security.anonymous.NiFiAnonymousUserFilter; import org.apache.nifi.web.security.NiFiAuthenticationEntryPoint; import org.apache.nifi.web.security.form.LoginAuthenticationFilter; import org.apache.nifi.web.security.jwt.JwtAuthenticationFilter; -import org.apache.nifi.web.security.jwt.JwtAuthenticationProvider; import org.apache.nifi.web.security.jwt.JwtService; import org.apache.nifi.web.security.node.NodeAuthorizedUserFilter; -import org.apache.nifi.web.security.x509.SubjectDnX509PrincipalExtractor; import org.apache.nifi.web.security.x509.X509AuthenticationFilter; -import org.apache.nifi.web.security.x509.X509AuthenticationProvider; import org.apache.nifi.web.security.x509.X509CertificateExtractor; import org.apache.nifi.web.security.x509.ocsp.OcspCertificateValidator; import org.springframework.beans.factory.annotation.Autowired; @@ -38,16 +35,17 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.authentication.AuthenticationManager; -import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.config.http.SessionCreationPolicy; import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; import org.springframework.security.web.authentication.AnonymousAuthenticationFilter; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor; /** * NiFi Web Api Spring security @@ -61,6 +59,8 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte private UserService userService; private AuthenticationUserDetailsService userDetailsService; private JwtService jwtService; + private X509CertificateExtractor certificateExtractor; + private X509PrincipalExtractor principalExtractor; private LoginIdentityProvider loginIdentityProvider; public NiFiWebApiSecurityConfiguration() { @@ -68,14 +68,18 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte } @Override + public void configure(WebSecurity webSecurity) throws Exception { + webSecurity.ignoring().antMatchers("/controller/login/config"); + } + + @Override protected void configure(HttpSecurity http) throws Exception { http .rememberMe().disable() .exceptionHandling() - .authenticationEntryPoint(new NiFiAuthenticationEntryPoint()) + .authenticationEntryPoint(new NiFiAuthenticationEntryPoint(properties)) .and() .authorizeRequests() - .antMatchers(HttpMethod.GET, "/controller/login/config").permitAll() .anyRequest().fullyAuthenticated() .and() .sessionManagement() @@ -86,7 +90,7 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte // login authentication for /token - exchanges for JWT for subsequent API usage http.addFilterBefore(buildLoginFilter("/token"), UsernamePasswordAuthenticationFilter.class); - // login registration + // verify the configured login authenticator supports registration if (loginIdentityProvider.supportsRegistration()) { http.addFilterBefore(buildRegistrationFilter("/registration"), UsernamePasswordAuthenticationFilter.class); } @@ -95,14 +99,14 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte // cluster authorized user http.addFilterBefore(buildNodeAuthorizedUserFilter(), AnonymousAuthenticationFilter.class); + // anonymous + http.anonymous().authenticationFilter(buildAnonymousFilter()); + // x509 - http.addFilterBefore(buildX509Filter(), AnonymousAuthenticationFilter.class); + http.addFilterAfter(buildX509Filter(), AnonymousAuthenticationFilter.class); // jwt - http.addFilterBefore(buildJwtFilter(), AnonymousAuthenticationFilter.class); - - // anonymous - http.anonymous().authenticationFilter(buildAnonymousFilter()); + http.addFilterAfter(buildJwtFilter(), AnonymousAuthenticationFilter.class); } @Bean @@ -114,20 +118,16 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { - final AuthenticationProvider x509AuthenticationProvider = new NiFiAuthenticationProvider(new X509AuthenticationProvider(), userDetailsService); - final AuthenticationProvider jwtAuthenticationProvider = new NiFiAuthenticationProvider(new JwtAuthenticationProvider(), userDetailsService); - - auth - .authenticationProvider(x509AuthenticationProvider) - .authenticationProvider(jwtAuthenticationProvider); + auth.authenticationProvider(new NiFiAuthenticationProvider(userDetailsService)); } private LoginAuthenticationFilter buildLoginFilter(final String url) { final LoginAuthenticationFilter loginFilter = new LoginAuthenticationFilter(url); loginFilter.setJwtService(jwtService); + loginFilter.setLoginIdentityProvider(loginIdentityProvider); loginFilter.setUserDetailsService(userDetailsService); - loginFilter.setPrincipalExtractor(new SubjectDnX509PrincipalExtractor()); - loginFilter.setCertificateExtractor(new X509CertificateExtractor()); + loginFilter.setPrincipalExtractor(principalExtractor); + loginFilter.setCertificateExtractor(certificateExtractor); return loginFilter; } @@ -141,6 +141,7 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte private JwtAuthenticationFilter buildJwtFilter() throws Exception { final JwtAuthenticationFilter jwtFilter = new JwtAuthenticationFilter(); + jwtFilter.setProperties(properties); jwtFilter.setJwtService(jwtService); jwtFilter.setAuthenticationManager(authenticationManager()); return jwtFilter; @@ -148,8 +149,9 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte private X509AuthenticationFilter buildX509Filter() throws Exception { final X509AuthenticationFilter x509Filter = new X509AuthenticationFilter(); - x509Filter.setPrincipalExtractor(new SubjectDnX509PrincipalExtractor()); - x509Filter.setCertificateExtractor(new X509CertificateExtractor()); + x509Filter.setProperties(properties); + x509Filter.setPrincipalExtractor(principalExtractor); + x509Filter.setCertificateExtractor(certificateExtractor); x509Filter.setCertificateValidator(new OcspCertificateValidator(properties)); x509Filter.setAuthenticationManager(authenticationManager()); return x509Filter; @@ -185,4 +187,14 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte public void setLoginIdentityProvider(LoginIdentityProvider loginIdentityProvider) { this.loginIdentityProvider = loginIdentityProvider; } + + @Autowired + public void setCertificateExtractor(X509CertificateExtractor certificateExtractor) { + this.certificateExtractor = certificateExtractor; + } + + @Autowired + public void setPrincipalExtractor(X509PrincipalExtractor principalExtractor) { + this.principalExtractor = principalExtractor; + } } http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationEntryPoint.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationEntryPoint.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationEntryPoint.java index 6cae1f0..ab8951b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationEntryPoint.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationEntryPoint.java @@ -21,21 +21,26 @@ import java.io.PrintWriter; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.apache.nifi.util.NiFiProperties; +import org.apache.nifi.util.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.AuthenticationException; import org.springframework.security.web.AuthenticationEntryPoint; -import org.springframework.security.web.WebAttributes; /** - * This is our own implementation of - * org.springframework.security.web.AuthenticationEntryPoint that allows us to - * send the response to the client exactly how we want to and log the results. + * This is our own implementation of org.springframework.security.web.AuthenticationEntryPoint that allows us to send the response to the client exactly how we want to and log the results. */ public class NiFiAuthenticationEntryPoint implements AuthenticationEntryPoint { private static final Logger logger = LoggerFactory.getLogger(NiFiAuthenticationEntryPoint.class); + private final NiFiProperties properties; + + public NiFiAuthenticationEntryPoint(NiFiProperties properties) { + this.properties = properties; + } + /** * Always returns a 403 error code to the client. * @@ -47,23 +52,20 @@ public class NiFiAuthenticationEntryPoint implements AuthenticationEntryPoint { */ @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException ae) throws IOException, ServletException { - // get the last exception - the exception that is being passed in is a generic no credentials found - // exception because the authentication could not be found in the security context. the actual cause - // of the problem is stored in the session as the authentication_exception - Object authenticationException = request.getSession().getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION); + // if the content type is not set, mark as access denied + if (StringUtils.isBlank(response.getContentType())) { + // write the response message + PrintWriter out = response.getWriter(); + response.setContentType("text/plain"); - // log request result - if (authenticationException instanceof AuthenticationException) { - ae = (AuthenticationException) authenticationException; - logger.info(String.format("Rejecting access to web api: %s", ae.getMessage())); + // return authorized if the request is secure and this nifi supports new account requests + if (request.isSecure() && properties.getSupportNewAccountRequests()) { + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + out.println("Not authorized."); + } else { + response.setStatus(HttpServletResponse.SC_FORBIDDEN); + out.println("Access is denied."); + } } - - // set the response status - response.setStatus(HttpServletResponse.SC_FORBIDDEN); - response.setContentType("text/plain"); - - // write the response message - PrintWriter out = response.getWriter(); - out.println("Access is denied."); } } http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java index b83b283..21b18d0 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java @@ -17,6 +17,7 @@ package org.apache.nifi.web.security; import java.io.IOException; +import java.io.PrintWriter; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; @@ -26,13 +27,18 @@ import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; +import org.apache.nifi.user.NiFiUser; +import org.apache.nifi.util.NiFiProperties; import org.apache.nifi.web.security.user.NiFiUserUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.security.authentication.AccountStatusException; import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UsernameNotFoundException; /** * @@ -42,6 +48,7 @@ public abstract class NiFiAuthenticationFilter implements Filter { private static final Logger logger = LoggerFactory.getLogger(NiFiAuthenticationFilter.class); private AuthenticationManager authenticationManager; + private NiFiProperties properties; @Override public void init(final FilterConfig filterConfig) throws ServletException { @@ -62,10 +69,21 @@ public abstract class NiFiAuthenticationFilter implements Filter { } private boolean requiresAuthentication(final HttpServletRequest request) { + // continue attempting authorization if the user is anonymous + if (isAnonymousUser()) { + return true; + } + + // or there is no user yet return NiFiUserUtils.getNiFiUser() == null && NiFiUserUtils.getNewAccountRequest() == null; } - private void authenticate(final HttpServletRequest request, final HttpServletResponse response) { + private boolean isAnonymousUser() { + final NiFiUser user = NiFiUserUtils.getNiFiUser(); + return user != null && NiFiUser.ANONYMOUS_USER_DN.equals(user.getDn()); + } + + private void authenticate(final HttpServletRequest request, final HttpServletResponse response) throws IOException { try { final Authentication authenticated = attemptAuthentication(request, response); if (authenticated != null) { @@ -73,7 +91,9 @@ public abstract class NiFiAuthenticationFilter implements Filter { successfulAuthorization(request, response, authorized); } } catch (final AuthenticationException ae) { - unsuccessfulAuthorization(request, response, ae); + if (!isAnonymousUser()) { + unsuccessfulAuthorization(request, response, ae); + } } } @@ -88,8 +108,48 @@ public abstract class NiFiAuthenticationFilter implements Filter { ProxiedEntitiesUtils.successfulAuthorization(request, response, authResult); } - protected void unsuccessfulAuthorization(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) { - ProxiedEntitiesUtils.unsuccessfulAuthorization(request, response, failed); + protected void unsuccessfulAuthorization(HttpServletRequest request, HttpServletResponse response, AuthenticationException ae) throws IOException { + // populate the response + ProxiedEntitiesUtils.unsuccessfulAuthorization(request, response, ae); + + // set the response status + response.setContentType("text/plain"); + + // write the response message + PrintWriter out = response.getWriter(); + + // use the type of authentication exception to determine the response code + if (ae instanceof UsernameNotFoundException) { + if (properties.getSupportNewAccountRequests()) { + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + out.println("Not authorized."); + } else { + response.setStatus(HttpServletResponse.SC_FORBIDDEN); + out.println("Access is denied."); + } + } else if (ae instanceof AccountStatusException) { + response.setStatus(HttpServletResponse.SC_FORBIDDEN); + out.println(ae.getMessage()); + } else if (ae instanceof UntrustedProxyException) { + response.setStatus(HttpServletResponse.SC_FORBIDDEN); + out.println(ae.getMessage()); + } else if (ae instanceof AuthenticationServiceException) { + logger.error(String.format("Unable to authorize: %s", ae.getMessage()), ae); + response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR); + out.println(String.format("Unable to authorize: %s", ae.getMessage())); + } else { + logger.error(String.format("Unable to authorize: %s", ae.getMessage()), ae); + response.setStatus(HttpServletResponse.SC_FORBIDDEN); + out.println("Access is denied."); + } + + // log the failure + logger.info(String.format("Rejecting access to web api: %s", ae.getMessage())); + + // optionally log the stack trace + if (logger.isDebugEnabled()) { + logger.debug(StringUtils.EMPTY, ae); + } } /** @@ -133,4 +193,8 @@ public abstract class NiFiAuthenticationFilter implements Filter { this.authenticationManager = authenticationManager; } + public void setProperties(NiFiProperties properties) { + this.properties = properties; + } + } http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java index e63a97e..79e8eb2 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java @@ -16,6 +16,7 @@ */ package org.apache.nifi.web.security; +import org.apache.nifi.web.security.token.NewAccountAuthenticationRequestToken; import org.apache.nifi.web.security.token.NewAccountAuthenticationToken; import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; import org.apache.nifi.web.security.token.NiFiAuthorizationToken; @@ -31,11 +32,9 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException; */ public class NiFiAuthenticationProvider implements AuthenticationProvider { - private final AuthenticationProvider provider; private final AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> userDetailsService; - public NiFiAuthenticationProvider(final AuthenticationProvider provider, final AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> userDetailsService) { - this.provider = provider; + public NiFiAuthenticationProvider(final AuthenticationUserDetailsService<NiFiAuthenticationRequestToken> userDetailsService) { this.userDetailsService = userDetailsService; } @@ -43,12 +42,6 @@ public class NiFiAuthenticationProvider implements AuthenticationProvider { public Authentication authenticate(Authentication authentication) throws AuthenticationException { final NiFiAuthenticationRequestToken request = (NiFiAuthenticationRequestToken) authentication; - // ensure the base provider could authenticate - final Authentication result = provider.authenticate(request); - if (result == null) { - return null; - } - try { // defer to the nifi user details service to authorize the user final UserDetails userDetails = userDetailsService.loadUserDetails(request); @@ -58,8 +51,8 @@ public class NiFiAuthenticationProvider implements AuthenticationProvider { } catch (final UsernameNotFoundException unfe) { // if the result was an authenticated new account request and it could not be authorized because the user was not found, // return the token so the new account could be created. this must go here to ensure that any proxies have been authorized - if (isNewAccountAuthenticationToken(result)) { - return result; + if (isNewAccountAuthenticationToken(request)) { + return new NewAccountAuthenticationToken(((NewAccountAuthenticationRequestToken) authentication).getNewAccountRequest()); } else { throw unfe; } @@ -67,12 +60,12 @@ public class NiFiAuthenticationProvider implements AuthenticationProvider { } private boolean isNewAccountAuthenticationToken(final Authentication authentication) { - return NewAccountAuthenticationToken.class.isAssignableFrom(authentication.getClass()); + return NewAccountAuthenticationRequestToken.class.isAssignableFrom(authentication.getClass()); } @Override public boolean supports(Class<?> authentication) { - return provider.supports(authentication) && NiFiAuthenticationRequestToken.class.isAssignableFrom(authentication); + return NiFiAuthenticationRequestToken.class.isAssignableFrom(authentication); } } http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java index ed6e6a8..0c62825 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java @@ -50,10 +50,14 @@ public class NiFiAnonymousUserFilter extends AnonymousAuthenticationFilter { try { // load the anonymous user from the database NiFiUser user = userService.getUserByDn(NiFiUser.ANONYMOUS_USER_DN); - NiFiUserDetails userDetails = new NiFiUserDetails(user); + + // only create an authentication token if the anonymous user has some authorities + if (!user.getAuthorities().isEmpty()) { + NiFiUserDetails userDetails = new NiFiUserDetails(user); - // get the granted authorities - authentication = new NiFiAuthorizationToken(userDetails); + // get the granted authorities + authentication = new NiFiAuthorizationToken(userDetails); + } } catch (AdministrationException ase) { // record the issue anonymousUserFilterLogger.warn("Unable to load anonymous user from accounts database: " + ase.getMessage()); @@ -64,7 +68,10 @@ public class NiFiAnonymousUserFilter extends AnonymousAuthenticationFilter { return authentication; } + + /* setters */ + public void setUserService(UserService userService) { this.userService = userService; } http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java index 5b9e6e0..c759f7a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java @@ -109,6 +109,12 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF } } + /** + * Ensures the proxyChain is authorized before allowing the user to be authenticated. + * + * @param proxyChain the proxy chain + * @throws AuthenticationException if the proxy chain is not authorized + */ private void authorizeProxyIfNecessary(final List<String> proxyChain) throws AuthenticationException { if (proxyChain.size() > 1) { try { @@ -143,6 +149,11 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF // generate JWT for response jwtService.addToken(response, authentication); + + // mark as successful + response.setStatus(HttpServletResponse.SC_OK); + response.setContentType("text/plain"); + response.setContentLength(0); } @Override @@ -152,7 +163,7 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF response.setContentType("text/plain"); final PrintWriter out = response.getWriter(); - out.println("Invalid username/password"); + out.println("Unable to authenticate."); } /** http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java deleted file mode 100644 index ae459b0..0000000 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.web.security.jwt; - -import org.apache.nifi.web.security.token.NewAccountAuthenticationRequestToken; -import org.apache.nifi.web.security.token.NewAccountAuthenticationToken; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; -import org.springframework.security.authentication.AuthenticationProvider; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; - -/** - * - */ -public class JwtAuthenticationProvider implements AuthenticationProvider { - - @Override - public Authentication authenticate(Authentication authentication) throws AuthenticationException { - if (NewAccountAuthenticationRequestToken.class.isAssignableFrom(authentication.getClass())) { - return new NewAccountAuthenticationToken(((NewAccountAuthenticationRequestToken) authentication).getNewAccountRequest()); - } else if (NiFiAuthenticationRequestToken.class.isAssignableFrom(authentication.getClass())) { - return authentication; - } else { - return null; - } - } - - @Override - public boolean supports(Class<?> authentication) { - return NiFiAuthenticationRequestToken.class.isAssignableFrom(authentication); - } - -} http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java deleted file mode 100644 index df23856..0000000 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.web.security.x509; - -import org.apache.nifi.web.security.token.NewAccountAuthenticationRequestToken; -import org.apache.nifi.web.security.token.NewAccountAuthenticationToken; -import org.apache.nifi.web.security.token.NiFiAuthenticationRequestToken; -import org.springframework.security.authentication.AuthenticationProvider; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; - -/** - * - */ -public class X509AuthenticationProvider implements AuthenticationProvider { - - @Override - public Authentication authenticate(Authentication authentication) throws AuthenticationException { - if (NewAccountAuthenticationRequestToken.class.isAssignableFrom(authentication.getClass())) { - return new NewAccountAuthenticationToken(((NewAccountAuthenticationRequestToken) authentication).getNewAccountRequest()); - } else if (NiFiAuthenticationRequestToken.class.isAssignableFrom(authentication.getClass())) { - return authentication; - } else { - return null; - } - } - - @Override - public boolean supports(Class<?> authentication) { - return NiFiAuthenticationRequestToken.class.isAssignableFrom(authentication); - } - -} http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml index 5f4e1b2..52395c7 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml @@ -54,6 +54,12 @@ </property> </bean>--> + <!-- certificate extractor --> + <bean id="certificateExtractor" class="org.apache.nifi.web.security.x509.X509CertificateExtractor"/> + + <!-- principal extractor --> + <bean id="principalExtractor" class="org.apache.nifi.web.security.x509.SubjectDnX509PrincipalExtractor"/> + <!-- user details service --> <bean id="userDetailsService" class="org.apache.nifi.web.security.authorization.NiFiAuthorizationService"> <property name="userService" ref="userService"/> http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml index c346a28..93a36f6 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml @@ -279,7 +279,6 @@ <include>${staging.dir}/js/nf/canvas/nf-snippet.js</include> <include>${staging.dir}/js/nf/canvas/nf-canvas-toolbox.js</include> <include>${staging.dir}/js/nf/canvas/nf-custom-ui.js</include> - <include>${staging.dir}/js/nf/canvas/nf-registration.js</include> <include>${staging.dir}/js/nf/canvas/nf-controller-service.js</include> <include>${staging.dir}/js/nf/canvas/nf-reporting-task.js</include> <include>${staging.dir}/js/nf/canvas/nf-processor-configuration.js</include> @@ -440,7 +439,6 @@ <include>${staging.dir}/css/connection-configuration.css</include> <include>${staging.dir}/css/connection-details.css</include> <include>${staging.dir}/css/shell.css</include> - <include>${staging.dir}/css/registration.css</include> <include>${staging.dir}/css/dialog.css</include> <include>${staging.dir}/css/new-processor-dialog.css</include> <include>${staging.dir}/css/new-controller-service-dialog.css</include> http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/canvas.properties ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/canvas.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/canvas.properties index fd2bc17..fd5b7f2 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/canvas.properties +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/canvas.properties @@ -23,7 +23,6 @@ nf.canvas.script.tags=<script type="text/javascript" src="js/nf/nf-namespace.js? <script type="text/javascript" src="js/nf/canvas/nf-snippet.js?${project.version}"></script>\n\ <script type="text/javascript" src="js/nf/canvas/nf-canvas-toolbox.js?${project.version}"></script>\n\ <script type="text/javascript" src="js/nf/canvas/nf-custom-ui.js?${project.version}"></script>\n\ -<script type="text/javascript" src="js/nf/canvas/nf-registration.js?${project.version}"></script>\n\ <script type="text/javascript" src="js/nf/canvas/nf-controller-service.js?${project.version}"></script>\n\ <script type="text/javascript" src="js/nf/canvas/nf-reporting-task.js?${project.version}"></script>\n\ <script type="text/javascript" src="js/nf/canvas/nf-processor-configuration.js?${project.version}"></script>\n\ http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/canvas.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/canvas.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/canvas.jsp index c81bb9d..dcfb47b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/canvas.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/canvas.jsp @@ -41,7 +41,6 @@ <script type="text/javascript" src="js/jquery/jquery-2.1.1.min.js"></script> <script type="text/javascript" src="js/jquery/ui-smoothness/jquery-ui-1.10.4.min.js"></script> <script type="text/javascript" src="js/jquery/jquery.center.js"></script> - <script type="text/javascript" src="js/jquery/jquery.count.js"></script> <script type="text/javascript" src="js/jquery/jquery.ellipsis.js"></script> <script type="text/javascript" src="js/jquery/jquery.each.js"></script> <script type="text/javascript" src="js/jquery/jquery.tab.js"></script> @@ -73,7 +72,6 @@ <img id="splash-img" src="images/loadAnimation.gif" alt="Loading..."/> </div> <jsp:include page="/WEB-INF/partials/message-pane.jsp"/> - <jsp:include page="/WEB-INF/partials/canvas/registration.jsp"/> <jsp:include page="/WEB-INF/partials/banners-main.jsp"/> <jsp:include page="/WEB-INF/partials/canvas/canvas-header.jsp"/> <jsp:include page="/WEB-INF/partials/canvas/about-dialog.jsp"/> http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/login.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/login.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/login.jsp index 69c91e6..5cdce5b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/login.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/login.jsp @@ -27,6 +27,7 @@ <link rel="stylesheet" href="js/jquery/qtip2/jquery.qtip.min.css?" type="text/css" /> <link rel="stylesheet" href="js/jquery/ui-smoothness/jquery-ui-1.10.4.min.css" type="text/css" /> <script type="text/javascript" src="js/jquery/jquery-2.1.1.min.js"></script> + <script type="text/javascript" src="js/jquery/jquery.count.js"></script> <script type="text/javascript" src="js/jquery/modal/jquery.modal.js?${project.version}"></script> <script type="text/javascript" src="js/jquery/qtip2/jquery.qtip.min.js"></script> <script type="text/javascript" src="js/jquery/ui-smoothness/jquery-ui-1.10.4.min.js"></script> @@ -35,6 +36,8 @@ </head> <body> <jsp:include page="/WEB-INF/partials/login/login-form.jsp"/> - <jsp:include page="/WEB-INF/partials/login/registration-form.jsp"/> + <jsp:include page="/WEB-INF/partials/login/user-registration-form.jsp"/> + <jsp:include page="/WEB-INF/partials/login/nifi-registration-form.jsp"/> + <jsp:include page="/WEB-INF/partials/login/login-submission.jsp"/> </body> </html> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/registration.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/registration.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/registration.jsp deleted file mode 100644 index 56b3236..0000000 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/registration.jsp +++ /dev/null @@ -1,44 +0,0 @@ -<%-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---%> -<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %> -<div id="registration-pane" class="message-pane hidden"> - <div class="message-pane-message-box"> - <p id="register-title" class="message-pane-title">You are not authorized to access this data flow</p> - <p id="register-content" class="message-pane-content"> - <div> - <div id="expand-registration-button" class="collapsed pointer"></div> - <span id="expand-registration-text" class="link">Request Access</span> - </div> - <div id="registration-form" class="settings hidden"> - <div class="setting"> - <div class="setting-name">Justification</div> - <div class="setting-field"> - <textarea cols="30" rows="4" id="registration-justification" maxlength="500" name="registration-justification" class="setting-input"></textarea> - </div> - <div style="text-align: right; color: #666; margin-top: 2px;"> - <span id="remaining-characters"></span> characters remaining - </div> - <div class="clear"></div> - </div> - <div> - <div id="registration-form-submit" class="button">Submit</div> - <div class="clear"></div> - </div> - </div> - </p> - </div> -</div> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp index 889863e..2ee0a17 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-form.jsp @@ -15,14 +15,11 @@ limitations under the License. --%> <%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %> -<div id="login-form"> +<div id="login-container" class="hidden"> <legend>Please Login</legend> <label for="username">Username</label> <input type="text" id="username" name="username" value="${username}"/> <br> <label for="password">Password</label> <input type="password" id="password" name="password"/> - <div class="form-actions"> - <button id="login-button" type="submit" class="btn">Log in</button> - </div> </div> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-submission.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-submission.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-submission.jsp new file mode 100644 index 0000000..787bb56 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/login-submission.jsp @@ -0,0 +1,20 @@ +<%-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--%> +<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %> +<div id="login-submission-container"> + <button id="login-submission-button" type="submit" class="btn">Log in</button> +</div> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/nifi-registration-form.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/nifi-registration-form.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/nifi-registration-form.jsp new file mode 100644 index 0000000..3d5f864 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/nifi-registration-form.jsp @@ -0,0 +1,31 @@ +<%-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--%> +<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %> +<div id="nifi-registration-container" class="hidden"> + <div id="nifi-registration-form" class="settings"> + <div class="setting"> + <div class="setting-name">Justification</div> + <div class="setting-field"> + <textarea cols="30" rows="4" id="nifi-registration-justification" maxlength="500" class="setting-input"></textarea> + </div> + <div style="text-align: right; color: #666; margin-top: 2px;"> + <span id="remaining-characters"></span> characters remaining + </div> + <div class="clear"></div> + </div> + </div> +</div> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/registration-form.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/registration-form.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/registration-form.jsp deleted file mode 100644 index 56808e2..0000000 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/registration-form.jsp +++ /dev/null @@ -1,19 +0,0 @@ -<%-- - Licensed to the Apache Software Foundation (ASF) under one or more - contributor license agreements. See the NOTICE file distributed with - this work for additional information regarding copyright ownership. - The ASF licenses this file to You under the Apache License, Version 2.0 - (the "License"); you may not use this file except in compliance with - the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. ---%> -<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %> -<div id="registration-form"> -</div> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/user-registration-form.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/user-registration-form.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/user-registration-form.jsp new file mode 100644 index 0000000..92382b3 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/user-registration-form.jsp @@ -0,0 +1,19 @@ +<%-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--%> +<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %> +<div id="user-registration-container" class="hidden"> +</div> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/canvas.css ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/canvas.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/canvas.css index 1c66609..e4cf89a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/canvas.css +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/canvas.css @@ -28,7 +28,6 @@ @import url(connection-configuration.css); @import url(connection-details.css); @import url(shell.css); -@import url(registration.css); @import url(dialog.css); @import url(new-processor-dialog.css); @import url(new-controller-service-dialog.css); http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/login.css ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/login.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/login.css index 203f5b9..72f15f4 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/login.css +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/login.css @@ -17,4 +17,21 @@ /* Login Styles -*/ \ No newline at end of file +*/ + +/* + NiFi Registration +*/ + +#nifi-registration-container { +} + +#nifi-registration-form { + margin-top: 10px; + width: 610px; +} + +#nifi-registration-justification { + width: 600px; + height: 200px; +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/registration.css ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/registration.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/registration.css deleted file mode 100644 index d4fdc7e..0000000 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/registration.css +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* - Registration form styles. -*/ - -#registration-pane { - z-index: 1299; -} - -#registration-form { - margin-top: 10px; - width: 610px; -} - -#expand-registration-button { - width: 10px; - height: 10px; - float: left; - margin-right: 5px; -} - -#expand-registration-text { - -webkit-user-select: none; - -moz-user-select: none; -} - -#registration-justification { - width: 600px; - height: 200px; -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js index 190c7a7..d2d9e82 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js @@ -57,12 +57,14 @@ nf.Canvas = (function () { var config = { urls: { + identity: '../nifi-api/controller/identity', authorities: '../nifi-api/controller/authorities', revision: '../nifi-api/controller/revision', status: '../nifi-api/controller/status', bulletinBoard: '../nifi-api/controller/bulletin-board', banners: '../nifi-api/controller/banners', controller: '../nifi-api/controller', + token: '../nifi-api/token', controllerConfig: '../nifi-api/controller/config', loginConfig: '../nifi-api/controller/login/config', cluster: '../nifi-api/cluster', @@ -1027,10 +1029,58 @@ nf.Canvas = (function () { * Initialize NiFi. */ init: function () { - // init the registration form before performing the first query since - // the response could lead to a registration attempt - nf.Registration.init(); - + // get the current user's identity + var identityXhr = $.ajax({ + type: 'GET', + url: config.urls.identity, + dataType: 'json' + }); + + // get the current user's authorities + var authoritiesXhr = $.ajax({ + type: 'GET', + url: config.urls.authorities, + dataType: 'json' + }); + + + // load the identity and authorities for the current user + var userXhr = $.Deferred(function(deferred) { + $.when(authoritiesXhr, identityXhr).done(function (authoritiesResult, identityResult) { + var authoritiesResponse = authoritiesResult[0]; + var identityResponse = identityResult[0]; + + // set the user's authorities + nf.Common.setAuthorities(authoritiesResponse.authorities); + + // at this point the user may be themselves or anonymous + + // if the user is logged, we want to determine if they were logged in using a certificate + if (identityResponse.identity !== 'anonymous') { + // attempt to get a token for the current user without passing login credentials + $.ajax({ + type: 'GET', + url: config.urls.token + }).fail(function () { + // if this request succeeds, it means the user is logged in using their certificate. + // if this request fails, it means the user is logged in with login credentials so we want to render a logout button. + // TODO - render logout button + }).always(function () { + deferred.resolve(); + }); + } else { + deferred.resolve(); + } + }).fail(function (xhr, status, error) { + // there is no anonymous access and we don't know this user - open the login page which handles login/registration/etc + if (xhr.status === 401) { + window.location = '/nifi/login'; + } + + deferred.reject(xhr, status, error); + }); + }).promise(); + // get the controller config to register the status poller var configXhr = $.ajax({ type: 'GET', @@ -1044,7 +1094,7 @@ nf.Canvas = (function () { url: config.urls.loginConfig, dataType: 'json' }); - + // create the deferred cluster request var isClusteredRequest = $.Deferred(function (deferred) { $.ajax({ @@ -1063,22 +1113,11 @@ nf.Canvas = (function () { }); }).promise(); - // load the authorities - var authoritiesXhr = $.ajax({ - type: 'GET', - url: config.urls.authorities, - dataType: 'json' - }); - - // ensure the authorities and config request is processed first - $.when(authoritiesXhr, configXhr, loginXhr).done(function (authoritiesResult, configResult, loginResult) { - var authoritiesResponse = authoritiesResult[0]; + // ensure the config requests are loaded + $.when(configXhr, loginXhr, userXhr).done(function (configResult, loginResult) { var configResponse = configResult[0]; var loginResponse = loginResult[0]; - // set the user's authorities - nf.Common.setAuthorities(authoritiesResponse.authorities); - // calculate the canvas offset var canvasContainer = $('#canvas-container'); nf.Canvas.CANVAS_OFFSET = canvasContainer.offset().top; http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-registration.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-registration.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-registration.js deleted file mode 100644 index b678e27..0000000 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-registration.js +++ /dev/null @@ -1,71 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -/* global nf */ - -nf.Registration = (function () { - - var config = { - urls: { - users: '../nifi-api/controller/users' - } - }; - - return { - /** - * Initializes the user account registration form. - */ - init: function () { - $('#registration-justification').count({ - charCountField: '#remaining-characters' - }); - - // register a click listener to expand/collapse the registration form - $('#expand-registration-button, #expand-registration-text').click(function () { - var registrationForm = $('#registration-form'); - if (registrationForm.is(':visible')) { - $('#expand-registration-button').removeClass('registration-expanded').addClass('collapsed'); - } else { - $('#expand-registration-button').removeClass('registration-collapsed').addClass('expanded'); - } - registrationForm.toggle(); - }); - - // register a click listener for submitting user account requests - $('#registration-form-submit').one('click', function () { - var justification = $('#registration-justification').val(); - - // attempt to create the user account registration - $.ajax({ - type: 'POST', - url: config.urls.users, - data: { - 'justification': justification - } - }).done(function (response) { - // hide the registration pane - $('#registration-pane').hide(); - - // show the message pane - $('#message-pane').show(); - $('#message-title').text('Thanks'); - $('#message-content').text('Your request will be processed shortly.'); - }).fail(nf.Common.handleAjaxError); - }); - } - }; -}()); \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js index 345d794..1630683 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js @@ -22,28 +22,54 @@ $(document).ready(function () { }); nf.Login = (function () { - var loadControllerConfiguration = function () { + + var config = { + urls: { + identity: '../nifi-api/controller/identity', + users: '../nifi-api/controller/users', + token: '../nifi-api/token', + loginConfig: '../nifi-api/controller/login/config' + } + }; + + var initializeLogin = function () { return $.ajax({ type: 'GET', - url: '../nifi-api/controller/login/config', + url: config.urls.loginConfig, dataType: 'json' - }); - }; - - var initializePage = function () { - return loadControllerConfiguration().done(function (response) { + }).done(function (response) { var config = response.config; + // if this nifi supports login, render the login form if (config.supportsLogin === true) { + // handle login click + $('#login-button').on('click', function () { + login().done(function (response) { + console.log(response); + }); + }); + + // show the login form + $('#login-container').show(); } - if (config.supportsRegistration === true) { + // if this nifi supports registration, render the registration form + if (config.supportsRegistration === false) { + initializeUserRegistration(); + // automatically include support for nifi registration + initializeNiFiRegistration(); } }); }; + var initializeUserRegistration = function () { + + // show the user registration form + $('#user-registration-container').show(); + }; + var login = function () { var username = $('#username').val(); var password = $('#password').val(); @@ -58,19 +84,109 @@ nf.Login = (function () { dataType: 'json' }); }; + + var initializeNiFiRegistration = function () { + $('#nifi-registration-justification').count({ + charCountField: '#remaining-characters' + }); + + // show the nifi registration container + $('#nifi-registration-container').show(); + }; + + var initializeSubmission = function () { + $('#login-submission-button').one('click', function () { + if ($('#login-container').is(':visible')) { + // login submit + } else if ($('#user-registration-container').is(':visible')) { + // new user account submit + } else if ($('#nifi-registration-container').is(':visible')) { + // new nifi account submit + var justification = $('#registration-justification').val(); + + // attempt to create the user account registration + $.ajax({ + type: 'POST', + url: config.urls.users, + data: { + 'justification': justification + } + }).done(function (response) { + // TODO + // // hide the registration pane + // $('#registration-pane').hide(); + // + // // show the message pane + // $('#message-pane').show(); + // $('#message-title').text('Thanks'); + // $('#message-content').text('Your request will be processed shortly.'); + }).fail(nf.Common.handleAjaxError); + } + }); + }; return { /** * Initializes the login page. */ init: function () { - initializePage(); + var needsLogin = false; + var needsNiFiRegistration = false; + + var token = $.ajax({ + type: 'GET', + url: config.urls.token + }); - // handle login click - $('#login-button').on('click', function () { - login().done(function (response) { - console.log(response); + var pageStateInit = $.Deferred(function(deferred) { + // get the current user's identity + $.ajax({ + type: 'GET', + url: config.urls.identity, + dataType: 'json' + }).done(function (response) { + var identity = response.identity; + + // if the user is anonymous they need to login + if (identity === 'anonymous') { + token.done(function () { + // anonymous user and 200 from token means they have a certificate but have not yet requested an account + needsNiFiRegistration = true; + }).fail(function (xhr, status, error) { + // no token granted, user needs to login with their credentials + needsLogin = true; + }); + } + }).fail(function (xhr, status, error) { + if (xhr.status === 401) { + // attempt to get a token for the current user without passing login credentials + token.done(function () { + // 401 from identity request and 200 from token means they have a certificate but have not yet requested an account + needsNiFiRegistration = true; + }).fail(function (xhr, status, error) { + // no token granted, user needs to login with their credentials + needsLogin = true; + }); + } else if (xhr.status === 403) { + // the user is logged in with certificate or credentials but their account is still pending. error message should indicate + // TODO - show error + } + }).always(function () { + deferred.resolve(); }); + }).promise(); + + // render the page accordingly + $.when(pageStateInit).done(function () { + if (needsLogin === true) { + initializeLogin(); + } else if (needsNiFiRegistration === true) { + initializeNiFiRegistration(); + } + + if (needsLogin === true || needsNiFiRegistration === true) { + initializeSubmission(); + } }); } }; http://git-wip-us.apache.org/repos/asf/nifi/blob/ade5dc9b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js index 06c34f9..642bc31 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js @@ -185,14 +185,14 @@ nf.Common = { */ handleAjaxError: function (xhr, status, error) { // show the account registration page if necessary - if (xhr.status === 401 && $('#registration-pane').length) { - // show the registration pane - $('#registration-pane').show(); - - // close the canvas - nf.Common.closeCanvas(); - return; - } +// if (xhr.status === 401 && $('#registration-pane').length) { +// // show the registration pane +// $('#registration-pane').show(); +// +// // close the canvas +// nf.Common.closeCanvas(); +// return; +// } // if an error occurs while the splash screen is visible close the canvas show the error message if ($('#splash').is(':visible')) {