[ https://issues.apache.org/jira/browse/NIFIREG-75?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Doran updated NIFIREG-75: ------------------------------- Summary: Composite and CompositeConfigurable UserGroupProviders don't consider all providers when looking up users and groups (was: Composite and Composite UserGroupProviders don't consider all providers when looking up users and groups) > Composite and CompositeConfigurable UserGroupProviders don't consider all > providers when looking up users and groups > -------------------------------------------------------------------------------------------------------------------- > > Key: NIFIREG-75 > URL: https://issues.apache.org/jira/browse/NIFIREG-75 > Project: NiFi Registry > Issue Type: Bug > Reporter: Kevin Doran > Assignee: Kevin Doran > Fix For: 0.0.1 > > > In FileUserGroupProvider, when a new group is created, all the users in the > group are checked to ensure they are known to the FileUserGroupProvider prior > to creating the group. > However, when a group is updated, a similar check does not exist, allowing > one to add invalid users to a group. This gets the server in a bad state with > unexpected behavior surrounding authorization actions. > Note that this logic was ported from NiFi, so NiFi should probably be updated > with the same fix after verifying this is the intended behavior (having the > check on update). -- This message was sent by Atlassian JIRA (v6.4.14#64029)