[jira] [Commented] (NIFI-13296) Deprecate Kerberos SPNEGO Authentication for Removal
[ https://issues.apache.org/jira/browse/NIFI-13296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849495#comment-17849495 ] David Handermann commented on NIFI-13296: - Thanks for reviewing and merging [~joewitt], I updated the Deprecated Features page. > Deprecate Kerberos SPNEGO Authentication for Removal > > > Key: NIFI-13296 > URL: https://issues.apache.org/jira/browse/NIFI-13296 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 1.27.0 > > Time Spent: 40m > Remaining Estimate: 0h > > NiFi 0.6.0 added Kerberos authentication with > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] as a framework feature based on > Spring Security Kerberos. Although Spring Security Kerberos continues to be > maintained, SPNEGO authentication is not common, requiring specialized > [client browser > configuration|https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html] > for access. As noted in the linked instructions, popular web browsers do not > support SPNEGO in the default configuration, and Google Chrome requires > either a custom policy or launch from the command line with arguments that > list permitted DNS names. > Based on these considerations, and in light of more common Single Sign-On > strategies using OpenID Connect and SAML 2, NiFi framework support for > Kerberos authentication with SPNEGO should be deprecated for subsequent > removal in NiFi 2. > This deprecation should not impact the Kerberos Login Identity Provider, > which continues to support username and password authentication based on the > form-based login process. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] NIFI-13154 Display parameter reference when used as Sensitive property value [nifi]
joewitt commented on code in PR #8853:
URL: https://github.com/apache/nifi/pull/8853#discussion_r1614859942
##
nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java:
##
@@ -4116,7 +4117,16 @@ private List createThreadDumpDtos(final
ProcessorNode procNode) {
return threadDumps;
}
- /**
+// Pattern to match a parameter reference i.e. "#{anything}"
+private static final Pattern PARAMETER_REFERENCE =
Pattern.compile("^#\\{.*}$");
Review Comment:
Yeah these are a couple good questions that came to mind for me as well. My
opinion, and i'm curious what others would say, is that
1. Yes it should match an existing parameter for us to reflect that
parameter name as the value in the case of a sensitive field whose value is a
parameter. I'm thinking we should be able to know they selected a parameter
by more than simply matching the string but i'm not positive about that.
2. If the user in question does not have read access to the associated
parameter then they should not get to know that parameter is in use for a
sensitive field.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[jira] [Updated] (NIFI-13294) Deprecate Apache Knox SSO Integration for Removal
[
https://issues.apache.org/jira/browse/NIFI-13294?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Witt updated NIFI-13294:
Fix Version/s: 1.27.0
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Deprecate Apache Knox SSO Integration for Removal
> -
>
> Key: NIFI-13294
> URL: https://issues.apache.org/jira/browse/NIFI-13294
> Project: Apache NiFi
> Issue Type: Improvement
>Reporter: David Handermann
>Assignee: David Handermann
>Priority: Major
> Fix For: 1.27.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> NiFi 1.4.0 introduced support for authentication with Apache Knox [Single
> Sign-On|https://knox.apache.org/books/knox-1-6-0/user-guide.html#SSO+Cookie+Provider]
> based on JSON Web Tokens provided through a cookie and verified using a
> configurable public key.
> Separate from Apache Knox SSO authentication, Apache Knox itself provides
> [gateway
> access|https://knox.apache.org/books/knox-1-6-0/user-guide.html#Nifi+UI] as a
> proxy using the {{X-ProxiedEntitiesChain}} HTTP Header. Proxy access should
> remain supported as it is part of the X.509 client certificate authentication
> strategy. Deployment patterns based on Apache Knox gateway access work
> without any features or configuration properties specific to Knox.
> With the implementation of standards-based Single Sign-On using OpenID
> Connect and SAML 2, custom cookie-based SSO with Apache Knox should be
> deprecated for removal.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-13294) Deprecate Apache Knox SSO Integration for Removal
[
https://issues.apache.org/jira/browse/NIFI-13294?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849489#comment-17849489
]
ASF subversion and git services commented on NIFI-13294:
Commit f70ed77adac43c9b173492166645f586378b2497 in nifi's branch
refs/heads/support/nifi-1.x from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=f70ed77ada ]
NIFI-13294 Deprecated Apache Knox SSO Authentication
This closes #8875.
Signed-off-by: Joseph Witt
> Deprecate Apache Knox SSO Integration for Removal
> -
>
> Key: NIFI-13294
> URL: https://issues.apache.org/jira/browse/NIFI-13294
> Project: Apache NiFi
> Issue Type: Improvement
>Reporter: David Handermann
>Assignee: David Handermann
>Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> NiFi 1.4.0 introduced support for authentication with Apache Knox [Single
> Sign-On|https://knox.apache.org/books/knox-1-6-0/user-guide.html#SSO+Cookie+Provider]
> based on JSON Web Tokens provided through a cookie and verified using a
> configurable public key.
> Separate from Apache Knox SSO authentication, Apache Knox itself provides
> [gateway
> access|https://knox.apache.org/books/knox-1-6-0/user-guide.html#Nifi+UI] as a
> proxy using the {{X-ProxiedEntitiesChain}} HTTP Header. Proxy access should
> remain supported as it is part of the X.509 client certificate authentication
> strategy. Deployment patterns based on Apache Knox gateway access work
> without any features or configuration properties specific to Knox.
> With the implementation of standards-based Single Sign-On using OpenID
> Connect and SAML 2, custom cookie-based SSO with Apache Knox should be
> deprecated for removal.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] NIFI-13294 Deprecate Apache Knox SSO Authentication [nifi]
joewitt closed pull request #8875: NIFI-13294 Deprecate Apache Knox SSO Authentication URL: https://github.com/apache/nifi/pull/8875 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-13294 Deprecate Apache Knox SSO Authentication [nifi]
joewitt commented on PR #8875: URL: https://github.com/apache/nifi/pull/8875#issuecomment-2131426772 +1 merged to support/nifi-1.x -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (NIFI-13295) Remove Apache Knox SSO Integration
[
https://issues.apache.org/jira/browse/NIFI-13295?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849488#comment-17849488
]
ASF subversion and git services commented on NIFI-13295:
Commit fa8dc4f1a0c56bcb3c006defef52775d9fb9db71 in nifi's branch
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=fa8dc4f1a0 ]
NIFI-13295 Removed Apache Knox SSO Authentication
This closes #8876
Signed-off-by: Joseph Witt
> Remove Apache Knox SSO Integration
> --
>
> Key: NIFI-13295
> URL: https://issues.apache.org/jira/browse/NIFI-13295
> Project: Apache NiFi
> Issue Type: Improvement
>Reporter: David Handermann
>Assignee: David Handermann
>Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> As described in NIFI-13294, custom Single Sign-On integration with Apache
> Knox based on JSON Web Tokens and custom public key verification should be
> removed from the main branch. [Proxy
> access|https://knox.apache.org/books/knox-1-6-0/user-guide.html#Nifi+UI]
> through Apache Knox should remain supported through the non-product-specific
> {{X-ProxiedEntitiesChain}} HTTP header strategy with X.509 client
> certificates.
> OpenID Connect and SAML 2 integration continue to provide standards-based
> Single Sign-On solutions, obviating the need for custom cookie-based token
> communication and verification.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (NIFI-13295) Remove Apache Knox SSO Integration
[
https://issues.apache.org/jira/browse/NIFI-13295?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Witt updated NIFI-13295:
Fix Version/s: 2.0.0-M4
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Remove Apache Knox SSO Integration
> --
>
> Key: NIFI-13295
> URL: https://issues.apache.org/jira/browse/NIFI-13295
> Project: Apache NiFi
> Issue Type: Improvement
>Reporter: David Handermann
>Assignee: David Handermann
>Priority: Major
> Fix For: 2.0.0-M4
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> As described in NIFI-13294, custom Single Sign-On integration with Apache
> Knox based on JSON Web Tokens and custom public key verification should be
> removed from the main branch. [Proxy
> access|https://knox.apache.org/books/knox-1-6-0/user-guide.html#Nifi+UI]
> through Apache Knox should remain supported through the non-product-specific
> {{X-ProxiedEntitiesChain}} HTTP header strategy with X.509 client
> certificates.
> OpenID Connect and SAML 2 integration continue to provide standards-based
> Single Sign-On solutions, obviating the need for custom cookie-based token
> communication and verification.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] NIFI-13295 Remove Apache Knox SSO Authentication [nifi]
asfgit closed pull request #8876: NIFI-13295 Remove Apache Knox SSO Authentication URL: https://github.com/apache/nifi/pull/8876 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Commented] (NIFI-13296) Deprecate Kerberos SPNEGO Authentication for Removal
[ https://issues.apache.org/jira/browse/NIFI-13296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849487#comment-17849487 ] Joe Witt commented on NIFI-13296: - Thanks [~exceptionfactory]. Merged this and the complementary JIRA/PR to support/main respectively. Do you plan to update https://cwiki.apache.org/confluence/display/NIFI/Deprecated+Components+and+Features for this? > Deprecate Kerberos SPNEGO Authentication for Removal > > > Key: NIFI-13296 > URL: https://issues.apache.org/jira/browse/NIFI-13296 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 1.27.0 > > Time Spent: 40m > Remaining Estimate: 0h > > NiFi 0.6.0 added Kerberos authentication with > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] as a framework feature based on > Spring Security Kerberos. Although Spring Security Kerberos continues to be > maintained, SPNEGO authentication is not common, requiring specialized > [client browser > configuration|https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html] > for access. As noted in the linked instructions, popular web browsers do not > support SPNEGO in the default configuration, and Google Chrome requires > either a custom policy or launch from the command line with arguments that > list permitted DNS names. > Based on these considerations, and in light of more common Single Sign-On > strategies using OpenID Connect and SAML 2, NiFi framework support for > Kerberos authentication with SPNEGO should be deprecated for subsequent > removal in NiFi 2. > This deprecation should not impact the Kerberos Login Identity Provider, > which continues to support username and password authentication based on the > form-based login process. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-13296) Deprecate Kerberos SPNEGO Authentication for Removal
[ https://issues.apache.org/jira/browse/NIFI-13296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849486#comment-17849486 ] ASF subversion and git services commented on NIFI-13296: Commit 6fd7fd96c7a3fa9e87746dc7ca48eb97e369bff2 in nifi's branch refs/heads/support/nifi-1.x from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=6fd7fd96c7 ] NIFI-13296 Deprecated Kerberos SPNEGO Authentication This closes #8878. Signed-off-by: Joseph Witt > Deprecate Kerberos SPNEGO Authentication for Removal > > > Key: NIFI-13296 > URL: https://issues.apache.org/jira/browse/NIFI-13296 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > NiFi 0.6.0 added Kerberos authentication with > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] as a framework feature based on > Spring Security Kerberos. Although Spring Security Kerberos continues to be > maintained, SPNEGO authentication is not common, requiring specialized > [client browser > configuration|https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html] > for access. As noted in the linked instructions, popular web browsers do not > support SPNEGO in the default configuration, and Google Chrome requires > either a custom policy or launch from the command line with arguments that > list permitted DNS names. > Based on these considerations, and in light of more common Single Sign-On > strategies using OpenID Connect and SAML 2, NiFi framework support for > Kerberos authentication with SPNEGO should be deprecated for subsequent > removal in NiFi 2. > This deprecation should not impact the Kerberos Login Identity Provider, > which continues to support username and password authentication based on the > form-based login process. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-13296) Deprecate Kerberos SPNEGO Authentication for Removal
[ https://issues.apache.org/jira/browse/NIFI-13296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joe Witt updated NIFI-13296: Fix Version/s: 1.27.0 > Deprecate Kerberos SPNEGO Authentication for Removal > > > Key: NIFI-13296 > URL: https://issues.apache.org/jira/browse/NIFI-13296 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 1.27.0 > > Time Spent: 40m > Remaining Estimate: 0h > > NiFi 0.6.0 added Kerberos authentication with > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] as a framework feature based on > Spring Security Kerberos. Although Spring Security Kerberos continues to be > maintained, SPNEGO authentication is not common, requiring specialized > [client browser > configuration|https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html] > for access. As noted in the linked instructions, popular web browsers do not > support SPNEGO in the default configuration, and Google Chrome requires > either a custom policy or launch from the command line with arguments that > list permitted DNS names. > Based on these considerations, and in light of more common Single Sign-On > strategies using OpenID Connect and SAML 2, NiFi framework support for > Kerberos authentication with SPNEGO should be deprecated for subsequent > removal in NiFi 2. > This deprecation should not impact the Kerberos Login Identity Provider, > which continues to support username and password authentication based on the > form-based login process. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] NIFI-13296 Deprecate Kerberos SPNEGO Authentication [nifi]
joewitt commented on PR #8878: URL: https://github.com/apache/nifi/pull/8878#issuecomment-2131418194 +1 merged to support/nifi-1.x -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-13296 Deprecate Kerberos SPNEGO Authentication [nifi]
joewitt closed pull request #8878: NIFI-13296 Deprecate Kerberos SPNEGO Authentication URL: https://github.com/apache/nifi/pull/8878 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (NIFI-13296) Deprecate Kerberos SPNEGO Authentication for Removal
[ https://issues.apache.org/jira/browse/NIFI-13296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joe Witt updated NIFI-13296: Resolution: Fixed Status: Resolved (was: Patch Available) > Deprecate Kerberos SPNEGO Authentication for Removal > > > Key: NIFI-13296 > URL: https://issues.apache.org/jira/browse/NIFI-13296 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 1.27.0 > > Time Spent: 40m > Remaining Estimate: 0h > > NiFi 0.6.0 added Kerberos authentication with > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] as a framework feature based on > Spring Security Kerberos. Although Spring Security Kerberos continues to be > maintained, SPNEGO authentication is not common, requiring specialized > [client browser > configuration|https://docs.spring.io/spring-security-kerberos/docs/current/reference/html/browserspnegoconfig.html] > for access. As noted in the linked instructions, popular web browsers do not > support SPNEGO in the default configuration, and Google Chrome requires > either a custom policy or launch from the command line with arguments that > list permitted DNS names. > Based on these considerations, and in light of more common Single Sign-On > strategies using OpenID Connect and SAML 2, NiFi framework support for > Kerberos authentication with SPNEGO should be deprecated for subsequent > removal in NiFi 2. > This deprecation should not impact the Kerberos Login Identity Provider, > which continues to support username and password authentication based on the > form-based login process. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-13297) Remove Kerberos SPNEGO Authentication
[ https://issues.apache.org/jira/browse/NIFI-13297?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joe Witt updated NIFI-13297: Fix Version/s: 2.0.0-M4 > Remove Kerberos SPNEGO Authentication > - > > Key: NIFI-13297 > URL: https://issues.apache.org/jira/browse/NIFI-13297 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 2.0.0-M4 > > Time Spent: 20m > Remaining Estimate: 0h > > As described in NIFI-13296, authentication with Kerberos using > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] should be removed from the main > branch for NiFi 2. > The Kerberos Login Identity Provider should be considered separately, and > could be maintained indepently without impacting NiFi framework capabilities. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (NIFI-13297) Remove Kerberos SPNEGO Authentication
[ https://issues.apache.org/jira/browse/NIFI-13297?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joe Witt updated NIFI-13297: Resolution: Fixed Status: Resolved (was: Patch Available) > Remove Kerberos SPNEGO Authentication > - > > Key: NIFI-13297 > URL: https://issues.apache.org/jira/browse/NIFI-13297 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > As described in NIFI-13296, authentication with Kerberos using > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] should be removed from the main > branch for NiFi 2. > The Kerberos Login Identity Provider should be considered separately, and > could be maintained indepently without impacting NiFi framework capabilities. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-13297) Remove Kerberos SPNEGO Authentication
[ https://issues.apache.org/jira/browse/NIFI-13297?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849485#comment-17849485 ] ASF subversion and git services commented on NIFI-13297: Commit 43cc2b4aaadd2f3689b5f4b48fa8b43ceddb4579 in nifi's branch refs/heads/main from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=43cc2b4aaa ] NIFI-13297 Removed Kerberos SPENGO Authentication This closes #8879 Signed-off-by: Joseph Witt > Remove Kerberos SPNEGO Authentication > - > > Key: NIFI-13297 > URL: https://issues.apache.org/jira/browse/NIFI-13297 > Project: Apache NiFi > Issue Type: Improvement >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > As described in NIFI-13296, authentication with Kerberos using > [SPNEGO|https://en.wikipedia.org/wiki/SPNEGO] should be removed from the main > branch for NiFi 2. > The Kerberos Login Identity Provider should be considered separately, and > could be maintained indepently without impacting NiFi framework capabilities. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] NIFI-13297 Remove Kerberos SPENGO Authentication [nifi]
asfgit closed pull request #8879: NIFI-13297 Remove Kerberos SPENGO Authentication URL: https://github.com/apache/nifi/pull/8879 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] NIFI-13296 Deprecate Kerberos SPNEGO Authentication [nifi]
joewitt commented on PR #8878: URL: https://github.com/apache/nifi/pull/8878#issuecomment-2131414667 Thanks for the very thorough changeset. It is great to see all the progress with SSO/OIDC/SAML that allows us to now move on from this approach. much appreciated -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (NIFI-13287) Add note to msal4j dependency in Azure bundle's pom
[
https://issues.apache.org/jira/browse/NIFI-13287?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Joe Witt updated NIFI-13287:
Fix Version/s: 2.0.0-M4
Resolution: Fixed
Status: Resolved (was: Patch Available)
> Add note to msal4j dependency in Azure bundle's pom
> ---
>
> Key: NIFI-13287
> URL: https://issues.apache.org/jira/browse/NIFI-13287
> Project: Apache NiFi
> Issue Type: Improvement
>Reporter: Peter Turcsanyi
>Assignee: Peter Turcsanyi
>Priority: Minor
> Fix For: 2.0.0-M4
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> {{com.azure:azure-identity}} in {{nifi-azure-nar}} has a dependency on
> {{com.microsoft.azure:msal4j}} and requires a given version of it. It could
> bring that version transitively but {{msal4j}} is also used directly by
> {{nifi-azure-graph-authorizer}} and the {{msal4j}} version needs to be
> configured in that pom. Unfortunately, {{azure-sdk-bom}} does not control the
> {{msal4j}} version (I think because it is a {{com.microsoft.azure}} artifact,
> not {{{}com.azure{}}}).
> Configuring the {{azure-identity}} (via the BOM) and {{msal4j}} versions
> separately caused dependency issues multiple times in the past (NIFI-9305,
> NIFI-13181). I will add a "heads-up" note in the pom to keep these versions
> consistent.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Commented] (NIFI-13287) Add note to msal4j dependency in Azure bundle's pom
[
https://issues.apache.org/jira/browse/NIFI-13287?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849484#comment-17849484
]
ASF subversion and git services commented on NIFI-13287:
Commit de11b6c43e6d5ec9fc77088ca091c0b848e5de21 in nifi's branch
refs/heads/main from Peter Turcsanyi
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=de11b6c43e ]
NIFI-13287: Added note to msal4j dependency in Azure bundle's pom
This closes #8869.
Signed-off-by: Joseph Witt
> Add note to msal4j dependency in Azure bundle's pom
> ---
>
> Key: NIFI-13287
> URL: https://issues.apache.org/jira/browse/NIFI-13287
> Project: Apache NiFi
> Issue Type: Improvement
>Reporter: Peter Turcsanyi
>Assignee: Peter Turcsanyi
>Priority: Minor
> Time Spent: 40m
> Remaining Estimate: 0h
>
> {{com.azure:azure-identity}} in {{nifi-azure-nar}} has a dependency on
> {{com.microsoft.azure:msal4j}} and requires a given version of it. It could
> bring that version transitively but {{msal4j}} is also used directly by
> {{nifi-azure-graph-authorizer}} and the {{msal4j}} version needs to be
> configured in that pom. Unfortunately, {{azure-sdk-bom}} does not control the
> {{msal4j}} version (I think because it is a {{com.microsoft.azure}} artifact,
> not {{{}com.azure{}}}).
> Configuring the {{azure-identity}} (via the BOM) and {{msal4j}} versions
> separately caused dependency issues multiple times in the past (NIFI-9305,
> NIFI-13181). I will add a "heads-up" note in the pom to keep these versions
> consistent.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
Re: [PR] NIFI-13287: Added note to msal4j dependency in Azure bundle's pom [nifi]
asfgit closed pull request #8869: NIFI-13287: Added note to msal4j dependency in Azure bundle's pom URL: https://github.com/apache/nifi/pull/8869 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (NIFI-13293) Upgrade Spring Security to 6.3.0
[ https://issues.apache.org/jira/browse/NIFI-13293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joe Witt updated NIFI-13293: Fix Version/s: 2.0.0-M4 Resolution: Fixed Status: Resolved (was: Patch Available) > Upgrade Spring Security to 6.3.0 > > > Key: NIFI-13293 > URL: https://issues.apache.org/jira/browse/NIFI-13293 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Fix For: 2.0.0-M4 > > Time Spent: 20m > Remaining Estimate: 0h > > Spring Security dependencies should be upgraded to > [6.3.0|https://github.com/spring-projects/spring-security/releases/tag/6.3.0] > to incorporate various bug fixes and feature improvements. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (NIFI-13293) Upgrade Spring Security to 6.3.0
[ https://issues.apache.org/jira/browse/NIFI-13293?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849483#comment-17849483 ] ASF subversion and git services commented on NIFI-13293: Commit 0463abfeaa6d20369d1cfa6c564148e70b4286ca in nifi's branch refs/heads/main from David Handermann [ https://gitbox.apache.org/repos/asf?p=nifi.git;h=0463abfeaa ] NIFI-13293 Upgraded Spring Security from 6.2.4 to 6.3.0 This closes #8873. Signed-off-by: Joseph Witt > Upgrade Spring Security to 6.3.0 > > > Key: NIFI-13293 > URL: https://issues.apache.org/jira/browse/NIFI-13293 > Project: Apache NiFi > Issue Type: Improvement > Components: Core Framework >Reporter: David Handermann >Assignee: David Handermann >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > Spring Security dependencies should be upgraded to > [6.3.0|https://github.com/spring-projects/spring-security/releases/tag/6.3.0] > to incorporate various bug fixes and feature improvements. -- This message was sent by Atlassian Jira (v8.20.10#820010)
Re: [PR] NIFI-13293 Upgrade Spring Security from 6.2.4 to 6.3.0 [nifi]
asfgit closed pull request #8873: NIFI-13293 Upgrade Spring Security from 6.2.4 to 6.3.0 URL: https://github.com/apache/nifi/pull/8873 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (NIFI-13300) Bump Apache parent and move to Maven 3.9.7 and latest maven wrapper 3.3.2
[ https://issues.apache.org/jira/browse/NIFI-13300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joe Witt updated NIFI-13300: Status: Patch Available (was: Open) > Bump Apache parent and move to Maven 3.9.7 and latest maven wrapper 3.3.2 > - > > Key: NIFI-13300 > URL: https://issues.apache.org/jira/browse/NIFI-13300 > Project: Apache NiFi > Issue Type: Task >Reporter: Joe Witt >Assignee: Joe Witt >Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > Maven fixed the file/locking issue and recommends we move to 3.9.7 as per > https://issues.apache.org/jira/browse/MNG-7868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849476#comment-17849476 > Also the apache parent pom has bumped to version 32. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[PR] NIFI-13300 bumped to apache parent 32. maven wrapper 3.3.2. maven 3.9.7 [nifi]
joewitt opened a new pull request, #8880: URL: https://github.com/apache/nifi/pull/8880 # Summary [NIFI-13300](https://issues.apache.org/jira/browse/NIFI-13300) # Tracking Please complete the following tracking steps prior to pull request creation. ### Issue Tracking - [ ] [Apache NiFi Jira](https://issues.apache.org/jira/browse/NIFI) issue created ### Pull Request Tracking - [ ] Pull Request title starts with Apache NiFi Jira issue number, such as `NIFI-0` - [ ] Pull Request commit message starts with Apache NiFi Jira issue number, as such `NIFI-0` ### Pull Request Formatting - [ ] Pull Request based on current revision of the `main` branch - [ ] Pull Request refers to a feature branch with one commit containing changes # Verification Please indicate the verification steps performed prior to pull request creation. ### Build - [ ] Build completed using `mvn clean install -P contrib-check` - [ ] JDK 21 ### UI Contributions - [ ] NiFi is modernizing its UI. Any contributions that update the [current UI](https://github.com/apache/nifi/tree/main/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui) also need to be implemented in the [new UI](https://github.com/apache/nifi/tree/main/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-frontend/src/main/nifi). ### Licensing - [ ] New dependencies are compatible with the [Apache License 2.0](https://apache.org/licenses/LICENSE-2.0) according to the [License Policy](https://www.apache.org/legal/resolved.html) - [ ] New dependencies are documented in applicable `LICENSE` and `NOTICE` files ### Documentation - [ ] Documentation formatting appears as expected in rendered files -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: issues-unsubscr...@nifi.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[jira] [Updated] (NIFI-13300) Bump Apache parent and move to Maven 3.9.7 and latest maven wrapper 3.3.2
[ https://issues.apache.org/jira/browse/NIFI-13300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Joe Witt updated NIFI-13300: Summary: Bump Apache parent and move to Maven 3.9.7 and latest maven wrapper 3.3.2 (was: Bump Apache parent and move to Maven 3.9.7) > Bump Apache parent and move to Maven 3.9.7 and latest maven wrapper 3.3.2 > - > > Key: NIFI-13300 > URL: https://issues.apache.org/jira/browse/NIFI-13300 > Project: Apache NiFi > Issue Type: Task >Reporter: Joe Witt >Assignee: Joe Witt >Priority: Major > > Maven fixed the file/locking issue and recommends we move to 3.9.7 as per > https://issues.apache.org/jira/browse/MNG-7868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849476#comment-17849476 > Also the apache parent pom has bumped to version 32. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (NIFI-13300) Bump Apache parent and move to Maven 3.9.7
Joe Witt created NIFI-13300: --- Summary: Bump Apache parent and move to Maven 3.9.7 Key: NIFI-13300 URL: https://issues.apache.org/jira/browse/NIFI-13300 Project: Apache NiFi Issue Type: Task Reporter: Joe Witt Assignee: Joe Witt Maven fixed the file/locking issue and recommends we move to 3.9.7 as per https://issues.apache.org/jira/browse/MNG-7868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17849476#comment-17849476 Also the apache parent pom has bumped to version 32. -- This message was sent by Atlassian Jira (v8.20.10#820010)
