[jira] [Commented] (NIFI-2718) HTTP Site-to-Site doesn't report port auth failure well, compared to RAW

Thu, 08 Sep 2016 08:21:36 -0700 

    [ 
https://issues.apache.org/jira/browse/NIFI-2718?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15474142#comment-15474142
 ] 

ASF GitHub Bot commented on NIFI-2718:
--------------------------------------

Github user ijokarumawak commented on a diff in the pull request:

    https://github.com/apache/nifi/pull/996#discussion_r78028247
  
    --- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/DataTransferResource.java
 ---
    @@ -133,15 +133,18 @@ protected void authorizeDataTransfer(final 
AuthorizableLookup lookup, final Reso
             }
     
             // get the authorizable
    -        final DataTransferAuthorizable authorizable;
    +        final Authorizable authorizable;
             if (ResourceType.InputPort.equals(resourceType)) {
    -            authorizable = new 
DataTransferAuthorizable(lookup.getInputPort(identifier));
    +            authorizable = lookup.getInputPort(identifier);
             } else {
    -            authorizable = new 
DataTransferAuthorizable(lookup.getOutputPort(identifier));
    +            authorizable = lookup.getOutputPort(identifier);
             }
     
             // perform the authorization
    -        authorizable.authorize(authorizer, RequestAction.WRITE, user);
    +        final PortAuthorizationResult authorizationResult = 
((RootGroupPort) authorizable).checkUserAuthorization(user);
    --- End diff --
    
    @mcgilman Thanks for the update! Now the purpose of 
RootGroupPortAuthorizable is much clear :)
    +1 for the proposal.


> HTTP Site-to-Site doesn't report port auth failure well, compared to RAW
> ------------------------------------------------------------------------
>
>                 Key: NIFI-2718
>                 URL: https://issues.apache.org/jira/browse/NIFI-2718
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core Framework
>    Affects Versions: 1.0.0
>            Reporter: Koji Kawamura
>            Assignee: Koji Kawamura
>
> If 'send data via site-to-site' policy is removed for a client after the 
> client has already connected to that port, the client won't be able to 
> send/receive more data from the remote NiFi.
> This is true for both RAW and HTTP transfer protocol, however the way that 
> error is reported on NiFi UI is different. HTTP Site-to-Site doesn't report 
> port auth failure well, compared to RAW.
> Detail is reported here:
> https://github.com/apache/nifi/pull/971#issuecomment-243823632



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to