Repository: nifi-registry Updated Branches: refs/heads/master 6c48025c5 -> 2f230d6e3
NIFIREG-74 Change login to use HTTP Basic Auth Changes the REST API /access/token/login endpoint to use HTTP Basic Auth for reading username and password. Other minor changes to API documentation included. This closes #63. Signed-off-by: Bryan Bende <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/nifi-registry/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi-registry/commit/2f230d6e Tree: http://git-wip-us.apache.org/repos/asf/nifi-registry/tree/2f230d6e Diff: http://git-wip-us.apache.org/repos/asf/nifi-registry/diff/2f230d6e Branch: refs/heads/master Commit: 2f230d6e34d3abf9cdaabeb2bdeed5ee8e6cf01f Parents: 6c48025 Author: Kevin Doran <[email protected]> Authored: Wed Dec 20 16:56:50 2017 -0500 Committer: Bryan Bende <[email protected]> Committed: Thu Dec 21 11:45:07 2017 -0500 ---------------------------------------------------------------------- nifi-registry-assembly/pom.xml | 2 +- .../client/impl/BucketItemDeserializer.java | 2 +- .../nifi/registry/bucket/BucketItemType.java | 5 ++- .../nifi/registry/flow/VersionedFlow.java | 2 +- .../registry/NiFiRegistryApiApplication.java | 5 ++- .../web/NiFiRegistryResourceConfig.java | 14 +------ .../nifi/registry/web/api/AccessResource.java | 41 +++++++++++--------- .../nifi/registry/web/api/BucketResource.java | 5 +-- .../nifi/registry/web/api/ItemResource.java | 25 +++++++++++- .../apache/nifi/registry/web/TestRestAPI.java | 2 +- .../apache/nifi/registry/web/api/FlowsIT.java | 6 +-- .../nifi/registry/web/api/SecureLdapIT.java | 25 ++++++------ .../src/main/webapp/services/nf-registry.api.js | 9 ++--- 13 files changed, 79 insertions(+), 64 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/2f230d6e/nifi-registry-assembly/pom.xml ---------------------------------------------------------------------- diff --git a/nifi-registry-assembly/pom.xml b/nifi-registry-assembly/pom.xml index 45df1c4..6dea4b6 100644 --- a/nifi-registry-assembly/pom.xml +++ b/nifi-registry-assembly/pom.xml @@ -137,7 +137,7 @@ <!-- nifi-registry.properties: web properties --> <nifi.registry.web.war.directory>./lib</nifi.registry.web.war.directory> <nifi.registry.web.http.host /> - <nifi.registry.web.http.port>8080</nifi.registry.web.http.port> + <nifi.registry.web.http.port>18080</nifi.registry.web.http.port> <nifi.registry.web.https.host /> <nifi.registry.web.https.port /> <nifi.registry.jetty.work.dir>./work/jetty</nifi.registry.jetty.work.dir> http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/2f230d6e/nifi-registry-client/src/main/java/org/apache/nifi/registry/client/impl/BucketItemDeserializer.java ---------------------------------------------------------------------- diff --git a/nifi-registry-client/src/main/java/org/apache/nifi/registry/client/impl/BucketItemDeserializer.java b/nifi-registry-client/src/main/java/org/apache/nifi/registry/client/impl/BucketItemDeserializer.java index 4ea5005..5640d43 100644 --- a/nifi-registry-client/src/main/java/org/apache/nifi/registry/client/impl/BucketItemDeserializer.java +++ b/nifi-registry-client/src/main/java/org/apache/nifi/registry/client/impl/BucketItemDeserializer.java @@ -61,7 +61,7 @@ public class BucketItemDeserializer extends StdDeserializer<BucketItem[]> { switch (bucketItemType) { - case FLOW: + case Flow: final VersionedFlow versionedFlow = jsonParser.getCodec().treeToValue(node, VersionedFlow.class); bucketItems.add(versionedFlow); break; http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/2f230d6e/nifi-registry-data-model/src/main/java/org/apache/nifi/registry/bucket/BucketItemType.java ---------------------------------------------------------------------- diff --git a/nifi-registry-data-model/src/main/java/org/apache/nifi/registry/bucket/BucketItemType.java b/nifi-registry-data-model/src/main/java/org/apache/nifi/registry/bucket/BucketItemType.java index d1966ae..e119c02 100644 --- a/nifi-registry-data-model/src/main/java/org/apache/nifi/registry/bucket/BucketItemType.java +++ b/nifi-registry-data-model/src/main/java/org/apache/nifi/registry/bucket/BucketItemType.java @@ -21,6 +21,7 @@ package org.apache.nifi.registry.bucket; */ public enum BucketItemType { - FLOW; - + // The case of these enum names matches what we want to return in + // the BucketItem.type field when serialized in an API response. + Flow; } http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/2f230d6e/nifi-registry-data-model/src/main/java/org/apache/nifi/registry/flow/VersionedFlow.java ---------------------------------------------------------------------- diff --git a/nifi-registry-data-model/src/main/java/org/apache/nifi/registry/flow/VersionedFlow.java b/nifi-registry-data-model/src/main/java/org/apache/nifi/registry/flow/VersionedFlow.java index 065fb04..6ece46a 100644 --- a/nifi-registry-data-model/src/main/java/org/apache/nifi/registry/flow/VersionedFlow.java +++ b/nifi-registry-data-model/src/main/java/org/apache/nifi/registry/flow/VersionedFlow.java @@ -41,7 +41,7 @@ public class VersionedFlow extends BucketItem { private long versionCount; public VersionedFlow() { - super(BucketItemType.FLOW); + super(BucketItemType.Flow); } @ApiModelProperty(value = "The number of versions of this flow.", readOnly = true) http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/2f230d6e/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/NiFiRegistryApiApplication.java ---------------------------------------------------------------------- diff --git a/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/NiFiRegistryApiApplication.java b/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/NiFiRegistryApiApplication.java index 4a0bcbc..fa96e18 100644 --- a/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/NiFiRegistryApiApplication.java +++ b/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/NiFiRegistryApiApplication.java @@ -18,6 +18,7 @@ package org.apache.nifi.registry; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; +import org.springframework.boot.autoconfigure.web.servlet.WebMvcAutoConfiguration; import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; /** @@ -27,8 +28,10 @@ import org.springframework.boot.web.servlet.support.SpringBootServletInitializer * package across other modules. This is done because spring-boot will use the package of this * class to automatically scan for beans/config/entities/etc. and would otherwise require * configuring custom packages to scan in several different places. + * + * WebMvcAutoConfiguration is excluded because our web app is using Jersey in place of SpringMVC */ -@SpringBootApplication +@SpringBootApplication(exclude = WebMvcAutoConfiguration.class) public class NiFiRegistryApiApplication extends SpringBootServletInitializer { public static final String NIFI_REGISTRY_PROPERTIES_ATTRIBUTE = "nifi-registry.properties"; http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/2f230d6e/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/NiFiRegistryResourceConfig.java ---------------------------------------------------------------------- diff --git a/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/NiFiRegistryResourceConfig.java b/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/NiFiRegistryResourceConfig.java index 118fc9f..878ec90 100644 --- a/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/NiFiRegistryResourceConfig.java +++ b/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/NiFiRegistryResourceConfig.java @@ -16,25 +16,20 @@ */ package org.apache.nifi.registry.web; +import org.apache.nifi.registry.web.api.AccessPolicyResource; import org.apache.nifi.registry.web.api.AccessResource; import org.apache.nifi.registry.web.api.BucketFlowResource; import org.apache.nifi.registry.web.api.BucketResource; import org.apache.nifi.registry.web.api.FlowResource; import org.apache.nifi.registry.web.api.ItemResource; -import org.apache.nifi.registry.web.api.AccessPolicyResource; import org.apache.nifi.registry.web.api.TenantResource; import org.glassfish.jersey.server.ResourceConfig; import org.glassfish.jersey.server.ServerProperties; import org.glassfish.jersey.server.filter.HttpMethodOverrideFilter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.web.servlet.FilterRegistrationBean; -import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.web.filter.HiddenHttpMethodFilter; -import javax.servlet.Filter; import javax.servlet.ServletContext; import javax.ws.rs.core.Context; @@ -74,11 +69,4 @@ public class NiFiRegistryResourceConfig extends ResourceConfig { property(ServerProperties.RESPONSE_SET_STATUS_OVER_SEND_ERROR, true); } - // Disable default SpringMVC filter beans that are not compatible with Jersey - @Bean - public FilterRegistrationBean registration(@Autowired HiddenHttpMethodFilter filter) { - FilterRegistrationBean registration = new FilterRegistrationBean((Filter) filter); - registration.setEnabled(false); - return registration; - } } http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/2f230d6e/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/AccessResource.java ---------------------------------------------------------------------- diff --git a/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/AccessResource.java b/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/AccessResource.java index d232c4a..1bff31f 100644 --- a/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/AccessResource.java +++ b/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/AccessResource.java @@ -22,14 +22,14 @@ import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiResponse; import io.swagger.annotations.ApiResponses; import org.apache.commons.lang3.StringUtils; -import org.apache.nifi.registry.exception.AdministrationException; import org.apache.nifi.registry.authorization.CurrentUser; +import org.apache.nifi.registry.exception.AdministrationException; import org.apache.nifi.registry.properties.NiFiRegistryProperties; import org.apache.nifi.registry.security.authentication.AuthenticationRequest; import org.apache.nifi.registry.security.authentication.AuthenticationResponse; +import org.apache.nifi.registry.security.authentication.BasicAuthIdentityProvider; import org.apache.nifi.registry.security.authentication.IdentityProvider; import org.apache.nifi.registry.security.authentication.IdentityProviderUsage; -import org.apache.nifi.registry.security.authentication.UsernamePasswordAuthenticationRequest; import org.apache.nifi.registry.security.authentication.exception.IdentityAccessException; import org.apache.nifi.registry.security.authentication.exception.InvalidCredentialsException; import org.apache.nifi.registry.security.authorization.user.NiFiUser; @@ -47,7 +47,6 @@ import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.Consumes; -import javax.ws.rs.FormParam; import javax.ws.rs.GET; import javax.ws.rs.POST; import javax.ws.rs.Path; @@ -196,12 +195,14 @@ public class AccessResource extends ApplicationResource { * @return A JWT (string) */ @POST - @Consumes(MediaType.APPLICATION_FORM_URLENCODED) + @Consumes(MediaType.WILDCARD) @Produces(MediaType.TEXT_PLAIN) @Path("/token/login") @ApiOperation( value = "Creates a token for accessing the REST API via username/password", - notes = "The token returned is formatted as a JSON Web Token (JWT). The token is base64 encoded and comprised of three parts. The header, " + + notes = "The user credentials must be passed in standard HTTP Basic Auth format. " + + "That is: 'Authorization: Basic <credentials>', where <credentials> is the base64 encoded value of '<username>:<password>'. " + + "The token returned is formatted as a JSON Web Token (JWT). The token is base64 encoded and comprised of three parts. The header, " + "the body, and the signature. The expiration of the token is a contained within the body. The token can be used in the Authorization header " + "in the format 'Authorization: Bearer <token>'.", response = String.class @@ -211,34 +212,38 @@ public class AccessResource extends ApplicationResource { @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401), @ApiResponse(code = 409, message = HttpStatusMessages.MESSAGE_409 + " The NiFi Registry may not be configured to support login with username/password."), @ApiResponse(code = 500, message = HttpStatusMessages.MESSAGE_500) }) - public Response createAccessTokenUsingFormLogin( - @Context HttpServletRequest httpServletRequest, - @FormParam("username") String username, - @FormParam("password") String password) { + public Response createAccessTokenUsingFormLogin(@Context HttpServletRequest httpServletRequest) { // only support access tokens when communicating over HTTPS if (!httpServletRequest.isSecure()) { throw new IllegalStateException("Access tokens are only issued over HTTPS"); } - // if not configured with custom identity provider, or if provider doesn't support username/password authentication, don't consider credentials - if (identityProvider == null || !identityProvider.supports(UsernamePasswordAuthenticationRequest.class)) { - throw new IllegalStateException("Username/Password login not supported by this NiFi"); + // if not configured with custom identity provider, or if provider doesn't support HTTP Basic Auth, don't consider credentials + if (identityProvider == null) { + logger.debug("An Identity Provider must be configured to use this endpoint. Please consult the administration guide."); + throw new IllegalStateException("Username/Password login not supported by this NiFi. Contact System Administrator."); } - - // ensure we have login credentials - if (StringUtils.isBlank(username) || StringUtils.isBlank(password)) { - throw new IllegalArgumentException("The username and password must be specified"); + if (!(identityProvider instanceof BasicAuthIdentityProvider)) { + logger.debug("An Identity Provider is configured, but it does not support HTTP Basic Auth authentication. " + + "The configured Identity Provider must extend {}", BasicAuthIdentityProvider.class); + throw new IllegalStateException("Username/Password login not supported by this NiFi. Contact System Administrator."); } // generate JWT for response - AuthenticationRequest authenticationRequest = new UsernamePasswordAuthenticationRequest(username, password); + AuthenticationRequest authenticationRequest = identityProvider.extractCredentials(httpServletRequest); + + if (authenticationRequest == null) { + throw new UnauthorizedException("The client credentials are missing from the request.") + .withAuthenticateChallenge(IdentityProviderUsage.AuthType.OTHER); + } + final String token; try { token = createAccessToken(identityProvider, authenticationRequest); } catch (final InvalidCredentialsException ice){ throw new UnauthorizedException("The supplied client credentials are not valid.", ice) - .withAuthenticateChallenge("form-login"); + .withAuthenticateChallenge(IdentityProviderUsage.AuthType.OTHER); } // form the response http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/2f230d6e/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/BucketResource.java ---------------------------------------------------------------------- diff --git a/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/BucketResource.java b/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/BucketResource.java index 479afa3..036cb38 100644 --- a/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/BucketResource.java +++ b/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/BucketResource.java @@ -118,10 +118,7 @@ public class BucketResource extends AuthorizableApplicationResource { response = Bucket.class, responseContainer = "List" ) - @ApiResponses({ - @ApiResponse(code = 400, message = HttpStatusMessages.MESSAGE_400), - @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401), - @ApiResponse(code = 403, message = HttpStatusMessages.MESSAGE_403) }) + @ApiResponses({ @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401) }) public Response getBuckets() { // Note: We don't explicitly check for access to (READ, /buckets) because http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/2f230d6e/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/ItemResource.java ---------------------------------------------------------------------- diff --git a/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/ItemResource.java b/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/ItemResource.java index 8d3c4d7..315b442 100644 --- a/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/ItemResource.java +++ b/nifi-registry-web-api/src/main/java/org/apache/nifi/registry/web/api/ItemResource.java @@ -19,6 +19,8 @@ package org.apache.nifi.registry.web.api; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiParam; +import io.swagger.annotations.ApiResponse; +import io.swagger.annotations.ApiResponses; import org.apache.nifi.registry.bucket.BucketItem; import org.apache.nifi.registry.field.Fields; import org.apache.nifi.registry.security.authorization.Authorizer; @@ -42,6 +44,7 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; import javax.ws.rs.core.UriInfo; import java.util.ArrayList; +import java.util.Collections; import java.util.List; import java.util.Set; @@ -81,19 +84,32 @@ public class ItemResource extends AuthorizableApplicationResource { @Produces(MediaType.APPLICATION_JSON) @ApiOperation( value = "Get items across all buckets", - notes = "The returned items will include only items from buckets for which the is authorized.", + notes = "The returned items will include only items from buckets for which the user is authorized. " + + "If the user is not authorized to any buckets, an empty list will be returned.", response = BucketItem.class, responseContainer = "List" ) + @ApiResponses({ @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401) }) public Response getItems() { + // Note: We don't explicitly check for access to (READ, /buckets) or + // (READ, /items ) because a user might have access to individual buckets + // without top-level access. For example, a user that has + // (READ, /buckets/bucket-id-1) but not access to /buckets should not + // get a 403 error returned from this endpoint. This has the side effect + // that a user with no access to any buckets gets an empty array returned + // from this endpoint instead of 403 as one might expect. + final Set<String> authorizedBucketIds = getAuthorizedBucketIds(RequestAction.READ); if (authorizedBucketIds == null || authorizedBucketIds.isEmpty()) { // not authorized for any bucket, return empty list of items return Response.status(Response.Status.OK).entity(new ArrayList<BucketItem>()).build(); } - final List<BucketItem> items = registryService.getBucketItems(authorizedBucketIds); + List<BucketItem> items = registryService.getBucketItems(authorizedBucketIds); + if (items == null) { + items = Collections.emptyList(); + } permissionsService.populateItemPermissions(items); linkService.populateItemLinks(items); @@ -110,6 +126,11 @@ public class ItemResource extends AuthorizableApplicationResource { responseContainer = "List", nickname = "getItemsInBucket" ) + @ApiResponses({ + @ApiResponse(code = 400, message = HttpStatusMessages.MESSAGE_400), + @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401), + @ApiResponse(code = 403, message = HttpStatusMessages.MESSAGE_403), + @ApiResponse(code = 404, message = HttpStatusMessages.MESSAGE_404) }) public Response getItems( @PathParam("bucketId") @ApiParam("The bucket identifier") http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/2f230d6e/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/TestRestAPI.java ---------------------------------------------------------------------- diff --git a/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/TestRestAPI.java b/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/TestRestAPI.java index e5851aa..3cbc892 100644 --- a/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/TestRestAPI.java +++ b/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/TestRestAPI.java @@ -37,7 +37,7 @@ public class TestRestAPI { public static final Logger LOGGER = LoggerFactory.getLogger(TestRestAPI.class); - public static final String REGISTRY_API_URL = "http://localhost:8080/nifi-registry-api";; + public static final String REGISTRY_API_URL = "http://localhost:18080/nifi-registry-api";; public static final String REGISTRY_API_BUCKETS_URL = REGISTRY_API_URL + "/buckets"; public static final String REGISTRY_API_FLOWS_URL = REGISTRY_API_URL + "/flows"; http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/2f230d6e/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/FlowsIT.java ---------------------------------------------------------------------- diff --git a/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/FlowsIT.java b/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/FlowsIT.java index d0d02ce..1b4fa82 100644 --- a/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/FlowsIT.java +++ b/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/FlowsIT.java @@ -75,7 +75,7 @@ public class FlowsIT extends UnsecuredITBase { "\"bucketIdentifier\":\"1\"," + "\"createdTimestamp\":1505091360000," + "\"modifiedTimestamp\":1505091360000," + - "\"type\":\"FLOW\"," + + "\"type\":\"Flow\"," + "\"permissions\":{\"canRead\":true,\"canWrite\":true,\"canDelete\":true}," + "\"link\":{\"params\":{\"rel\":\"self\"},\"href\":\"buckets/1/flows/1\"}}," + "{\"identifier\":\"2\",\"name\":\"Flow 2\"," + @@ -83,7 +83,7 @@ public class FlowsIT extends UnsecuredITBase { "\"bucketIdentifier\":\"1\"," + "\"createdTimestamp\":1505091360000," + "\"modifiedTimestamp\":1505091360000," + - "\"type\":\"FLOW\"," + + "\"type\":\"Flow\"," + "\"permissions\":{\"canRead\":true,\"canWrite\":true,\"canDelete\":true}," + "\"versionCount\":0," + "\"link\":{\"params\":{\"rel\":\"self\"},\"href\":\"buckets/1/flows/2\"}}" + @@ -129,7 +129,7 @@ public class FlowsIT extends UnsecuredITBase { assertNotNull(createdFlow.getIdentifier()); assertNotNull(createdFlow.getBucketName()); assertEquals(0, createdFlow.getVersionCount()); - assertEquals(createdFlow.getType(), BucketItemType.FLOW); + assertEquals(createdFlow.getType(), BucketItemType.Flow); assertTrue(createdFlow.getCreatedTimestamp() - testStartTime > 0L); // both server and client in same JVM, so there shouldn't be skew assertEquals(createdFlow.getCreatedTimestamp(), createdFlow.getModifiedTimestamp()); assertNotNull(createdFlow.getLink()); http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/2f230d6e/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/SecureLdapIT.java ---------------------------------------------------------------------- diff --git a/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/SecureLdapIT.java b/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/SecureLdapIT.java index 3ee4d83..556e10b 100644 --- a/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/SecureLdapIT.java +++ b/nifi-registry-web-api/src/test/java/org/apache/nifi/registry/web/api/SecureLdapIT.java @@ -18,13 +18,13 @@ package org.apache.nifi.registry.web.api; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.registry.SecureLdapTestApiApplication; -import org.apache.nifi.registry.bucket.Bucket; -import org.apache.nifi.registry.extension.ExtensionManager; import org.apache.nifi.registry.authorization.AccessPolicy; import org.apache.nifi.registry.authorization.AccessPolicySummary; import org.apache.nifi.registry.authorization.CurrentUser; import org.apache.nifi.registry.authorization.Permissions; import org.apache.nifi.registry.authorization.Tenant; +import org.apache.nifi.registry.bucket.Bucket; +import org.apache.nifi.registry.extension.ExtensionManager; import org.apache.nifi.registry.properties.NiFiRegistryProperties; import org.apache.nifi.registry.security.authorization.Authorizer; import org.apache.nifi.registry.security.authorization.AuthorizerFactory; @@ -104,11 +104,12 @@ public class SecureLdapIT extends IntegrationTestBase { @Before public void setup() { - final Form form = encodeCredentialsForURLFormParams("nifiadmin", "password"); + final String basicAuthCredentials = encodeCredentialsForBasicAuth("nifiadmin", "password"); final String token = client - .target(createURL(tokenLoginPath)) + .target(createURL(tokenIdentityProviderPath)) .request() - .post(Entity.form(form), String.class); + .header("Authorization", "Basic " + basicAuthCredentials) + .post(null, String.class); adminAuthToken = token; beforeTestAccessPoliciesSnapshot = createAccessPoliciesSnapshot(); @@ -137,11 +138,12 @@ public class SecureLdapIT extends IntegrationTestBase { "}"; // When: the /access/token/login endpoint is queried - final Form form = encodeCredentialsForURLFormParams("nobel", "password"); + final String basicAuthCredentials = encodeCredentialsForBasicAuth("nobel", "password"); final Response tokenResponse = client - .target(createURL(tokenLoginPath)) + .target(createURL(tokenIdentityProviderPath)) .request() - .post(Entity.form(form), Response.class); + .header("Authorization", "Basic " + basicAuthCredentials) + .post(null, Response.class); // Then: the server returns 200 OK with an access token assertEquals(201, tokenResponse.getStatus()); @@ -371,11 +373,12 @@ public class SecureLdapIT extends IntegrationTestBase { String nobelId = getTenantIdentifierByIdentity("nobel"); String chemistsId = getTenantIdentifierByIdentity("chemists"); // a group containing user "nobel" - final Form form = encodeCredentialsForURLFormParams("nobel", "password"); + final String basicAuthCredentials = encodeCredentialsForBasicAuth("nobel", "password"); final String nobelAuthToken = client - .target(createURL(tokenLoginPath)) + .target(createURL(tokenIdentityProviderPath)) .request() - .post(Entity.form(form), String.class); + .header("Authorization", "Basic " + basicAuthCredentials) + .post(null, String.class); // When: user nobel re-checks top-level permissions final CurrentUser currentUser = client http://git-wip-us.apache.org/repos/asf/nifi-registry/blob/2f230d6e/nifi-registry-web-ui/src/main/webapp/services/nf-registry.api.js ---------------------------------------------------------------------- diff --git a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.api.js b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.api.js index 3e9d307..9714a44 100644 --- a/nifi-registry-web-ui/src/main/webapp/services/nf-registry.api.js +++ b/nifi-registry-web-ui/src/main/webapp/services/nf-registry.api.js @@ -673,17 +673,14 @@ NfRegistryApi.prototype = { */ postToLogin: function (username, password) { var self = this; + + var encodedCredentials = btoa(username + ":" + password); var headers = new ngCommonHttp.HttpHeaders({ - 'Content-Type': 'application/x-www-form-urlencoded' + 'Authorization': 'Basic ' + encodedCredentials }); - var params = new ngCommonHttp.HttpParams() - .set('username', username) - .set('password', password) - .set('grant_type', 'password'); var options = { headers: headers, - params: params, withCredentials: true, responseType: 'text' };
