[ https://issues.apache.org/jira/browse/NIFIREG-75?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Doran updated NIFIREG-75: ------------------------------- Description: In FileUserGroupProvider, when a new group is created, all the users in the group are checked to ensure they are known to the FileUserGroupProvider prior to creating the group. This check should be removed, and an integrity check should be placed in the entity managing all user group providers (eg, CompositeUserGroupProvider and CompositeConfigurableUserGroupProvider). Also, when loading a user identity, all UserGroupProviders should be considered for finding groups the user to which the user belongs. was: In FileUserGroupProvider, when a new group is created, all the users in the group are checked to ensure they are known to the FileUserGroupProvider prior to creating the group. However, when a group is updated, a similar check does not exist, allowing one to add invalid users to a group. This gets the server in a bad state with unexpected behavior surrounding authorization actions. Note that this logic was ported from NiFi, so NiFi should probably be updated with the same fix after verifying this is the intended behavior (having the check on update). > Composite and CompositeConfigurable UserGroupProviders don't consider all > providers when looking up users and groups > -------------------------------------------------------------------------------------------------------------------- > > Key: NIFIREG-75 > URL: https://issues.apache.org/jira/browse/NIFIREG-75 > Project: NiFi Registry > Issue Type: Bug > Reporter: Kevin Doran > Assignee: Kevin Doran > Fix For: 0.0.1 > > > In FileUserGroupProvider, when a new group is created, all the users in the > group are checked to ensure they are known to the FileUserGroupProvider prior > to creating the group. > This check should be removed, and an integrity check should be placed in the > entity managing all user group providers (eg, CompositeUserGroupProvider and > CompositeConfigurableUserGroupProvider). > Also, when loading a user identity, all UserGroupProviders should be > considered for finding groups the user to which the user belongs. -- This message was sent by Atlassian JIRA (v6.4.14#64029)