(nifi) branch main updated: NIFI-15693 Fixed Flow Synchronization with empty File User Groups

Tue, 10 Mar 2026 10:38:09 -0700 

This is an automated email from the ASF dual-hosted git repository.

pvillard pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new 066863c9403 NIFI-15693 Fixed Flow Synchronization with empty File User 
Groups
066863c9403 is described below

commit 066863c940392e5e75096426c944a4db2a161a0f
Author: exceptionfactory <[email protected]>
AuthorDate: Tue Mar 10 10:49:56 2026 -0500

    NIFI-15693 Fixed Flow Synchronization with empty File User Groups
    
    - Fixed forcible inheritance of users and groups from fingerprints in 
FileUserGroupProvider by creating new mutable Lists when adding users and groups
    
    This closes #10992.
    
    Signed-off-by: Pierre Villard <[email protected]>
---
 .../nifi/authorization/FileUserGroupProvider.java  | 31 +++++++++++++---------
 .../authorization/FileUserGroupProviderTest.java   | 13 +++++++++
 2 files changed, 31 insertions(+), 13 deletions(-)

diff --git 
a/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileUserGroupProvider.java
 
b/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileUserGroupProvider.java
index a3f12ca7d99..7e9ec0cfc15 100644
--- 
a/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileUserGroupProvider.java
+++ 
b/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileUserGroupProvider.java
@@ -275,14 +275,6 @@ public class FileUserGroupProvider implements 
ConfigurableUserGroupProvider {
         return userGroupHolder.get().getAllGroups();
     }
 
-    private synchronized void addUsersAndGroups(final AuthorizedUserGroups 
authorizedUserGroups) {
-        final UserGroupHolder holder = userGroupHolder.get();
-        final AuthorizedUserGroups currentUserGroups = 
holder.getAuthorizedUserGroups();
-        currentUserGroups.users().addAll(authorizedUserGroups.users());
-        currentUserGroups.groups().addAll(authorizedUserGroups.groups());
-        saveAndRefreshHolder(currentUserGroups);
-    }
-
     @Override
     public synchronized Group addGroup(final Group group) throws 
AuthorizationAccessException {
         if (group == null) {
@@ -444,11 +436,6 @@ public class FileUserGroupProvider implements 
ConfigurableUserGroupProvider {
         }
     }
 
-    public synchronized void purgeUsersAndGroups() {
-        final AuthorizedUserGroups authorizedUserGroups = new 
AuthorizedUserGroups(List.of(), List.of());
-        saveAndRefreshHolder(authorizedUserGroups);
-    }
-
     @Override
     public void checkInheritability(String proposedFingerprint) throws 
AuthorizationAccessException {
         // ensure we are in a proper state to inherit the fingerprint
@@ -513,6 +500,24 @@ public class FileUserGroupProvider implements 
ConfigurableUserGroupProvider {
         }
     }
 
+    private void addUsersAndGroups(final AuthorizedUserGroups 
authorizedUserGroups) {
+        final UserGroupHolder holder = userGroupHolder.get();
+        final AuthorizedUserGroups currentUserGroups = 
holder.getAuthorizedUserGroups();
+
+        // Build new Lists for Users and Groups to avoid potential immutable 
Lists
+        final List<User> users = new ArrayList<>(currentUserGroups.users());
+        users.addAll(authorizedUserGroups.users());
+        final List<Group> groups = new ArrayList<>(currentUserGroups.groups());
+        groups.addAll(authorizedUserGroups.groups());
+
+        saveAndRefreshHolder(new AuthorizedUserGroups(users, groups));
+    }
+
+    private void purgeUsersAndGroups() {
+        final AuthorizedUserGroups authorizedUserGroups = new 
AuthorizedUserGroups(List.of(), List.of());
+        saveAndRefreshHolder(authorizedUserGroups);
+    }
+
     private void saveAuthorizedUserGroups(final AuthorizedUserGroups 
authorizedUserGroups, final File destinationFile) {
         try (OutputStream outputStream = new 
FileOutputStream(destinationFile)) {
             
fileAuthorizedUserGroupsMapper.writeUserGroups(authorizedUserGroups, 
outputStream);
diff --git 
a/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileUserGroupProviderTest.java
 
b/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileUserGroupProviderTest.java
index 2a8605980ce..dd305e2622c 100644
--- 
a/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileUserGroupProviderTest.java
+++ 
b/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileUserGroupProviderTest.java
@@ -687,6 +687,19 @@ public class FileUserGroupProviderTest {
         assertEquals(2, userGroupProvider.getGroups().size());
     }
 
+    @Test
+    public void testForciblyInheritFingerprintWithEmptyUsersAndGroups() {
+        userGroupProvider.onConfigured(configurationContext);
+
+        // Inherit null Fingerprint to set empty Users and Groups
+        userGroupProvider.forciblyInheritFingerprint(null);
+
+        userGroupProvider.forciblyInheritFingerprint(FINGERPRINT);
+
+        assertEquals(2, userGroupProvider.getUsers().size());
+        assertEquals(2, userGroupProvider.getGroups().size());
+    }
+
     private static void writeFile(final File file, final String content) 
throws IOException {
         byte[] bytes = content.getBytes(StandardCharsets.UTF_8);
         try (final FileOutputStream fos = new FileOutputStream(file)) {

Reply via email to