subject:"\[GitHub\] nifi pull request\: Nifi 1274"

[GitHub] nifi pull request: Nifi 1274

2016-03-20 Thread JPercivall

Github user JPercivall commented on a diff in the pull request:

https://github.com/apache/nifi/pull/284#discussion_r56509790
  
--- Diff: 
nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/test/resources/nifi.properties
 ---
@@ -0,0 +1,185 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Core Properties #
+nifi.version=0.6.0-SNAPSHOT
+nifi.flow.configuration.file=./conf/flow.xml.gz
+nifi.flow.configuration.archive.dir=./conf/archive/
+nifi.flowcontroller.autoResumeState=true
+nifi.flowcontroller.graceful.shutdown.period=10 sec
+nifi.flowservice.writedelay.interval=500 ms
+nifi.administrative.yield.duration=30 sec
+# If a component has no work to do (is "bored"), how long should we wait 
before checking again for work?
+nifi.bored.yield.duration=10 millis
+
+nifi.authority.provider.configuration.file=./conf/authority-providers.xml

+nifi.login.identity.provider.configuration.file=./conf/login-identity-providers.xml
+nifi.templates.directory=./conf/templates
+nifi.ui.banner.text=
+nifi.ui.autorefresh.interval=30 sec
+nifi.nar.library.directory=./lib
+nifi.nar.working.directory=./work/nar/
+nifi.documentation.working.directory=./work/docs/components
+
+
+# State Management #
+
+nifi.state.management.configuration.file=./conf/state-management.xml
+# The ID of the local state provider
+nifi.state.management.provider.local=local-provider
+# The ID of the cluster-wide state provider. This will be ignored if NiFi 
is not clustered but must be populated if running in a cluster.
+nifi.state.management.provider.cluster=zk-provider
+# Specifies whether or not this instance of NiFi should run an embedded 
ZooKeeper server
+nifi.state.management.embedded.zookeeper.start=false
+# Properties file that provides the ZooKeeper properties to use if 
 is set to true

+nifi.state.management.embedded.zookeeper.properties=./conf/zookeeper.properties
+
+
+# H2 Settings
+nifi.database.directory=./database_repository
+nifi.h2.url.append=;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE
+
+# FlowFile Repository

+nifi.flowfile.repository.implementation=org.apache.nifi.controller.repository.WriteAheadFlowFileRepository
+nifi.flowfile.repository.directory=./flowfile_repository
+nifi.flowfile.repository.partitions=256
+nifi.flowfile.repository.checkpoint.interval=2 mins
+nifi.flowfile.repository.always.sync=false
+

+nifi.swap.manager.implementation=org.apache.nifi.controller.FileSystemSwapManager
+nifi.queue.swap.threshold=2
+nifi.swap.in.period=5 sec
+nifi.swap.in.threads=1
+nifi.swap.out.period=5 sec
+nifi.swap.out.threads=4
+
+# Content Repository

+nifi.content.repository.implementation=org.apache.nifi.controller.repository.FileSystemRepository
+nifi.content.claim.max.appendable.size=10 MB
+nifi.content.claim.max.flow.files=100
+nifi.content.repository.directory.default=./content_repository
+nifi.content.repository.archive.max.retention.period=12 hours
+nifi.content.repository.archive.max.usage.percentage=50%
+nifi.content.repository.archive.enabled=true
+nifi.content.repository.always.sync=false
+nifi.content.viewer.url=/nifi-content-viewer/
+
+# Provenance Repository Properties

+nifi.provenance.repository.implementation=org.apache.nifi.provenance.PersistentProvenanceRepository
+
+# Persistent Provenance Repository Properties
+nifi.provenance.repository.directory.default=./provenance_repository
+nifi.provenance.repository.max.storage.time=24 hours
+nifi.provenance.repository.max.storage.size=1 GB
+nifi.provenance.repository.rollover.time=30 secs
+nifi.provenance.repository.rollover.size=100 MB
+nifi.provenance.repository.query.threads=2
+nifi.provenance.repository.index.threads=1
+nifi.provenance.repository.compress.on.rollover=true
+nifi.provenance.repository.always.sync=false
+nifi.provenance.repository.journal.count=16
+#

[GitHub] nifi pull request: Nifi 1274

2016-03-19 Thread mcgilman

Github user mcgilman commented on the pull request:

https://github.com/apache/nifi/pull/284#issuecomment-197950387
  
+1 from me as well. Verified functionality for both standalone and 
clustered instances. Looking good.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: Nifi 1274

2016-03-19 Thread alopresto

Github user alopresto commented on the pull request:

https://github.com/apache/nifi/pull/284#issuecomment-197978496
  
All of @mcgilman 's changes are great. The test resources are files I added 
that make it easier to set up a Kerberized instance of NiFi for testing, but 
were not related to any code tests. We should remove them and I will try to 
follow up with integration tests for a future release. Thanks. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: Nifi 1274

2016-03-19 Thread JPercivall

Github user JPercivall commented on a diff in the pull request:

https://github.com/apache/nifi/pull/284#discussion_r56507643
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtService.java
 ---
@@ -70,8 +70,6 @@ public String getAuthenticationFromToken(final String 
base64EncodedToken) throws
 
 // TODO: Validate issuer against active registry?
--- End diff --

NVM, it's not something that was modified in this patch.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: Nifi 1274

2016-03-19 Thread mcgilman

Github user mcgilman commented on a diff in the pull request:

https://github.com/apache/nifi/pull/284#discussion_r56496561
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosAuthenticationFilter.java
 ---
@@ -0,0 +1,79 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.kerberos;
+
+import org.apache.nifi.web.security.InvalidAuthenticationException;
+import org.apache.nifi.web.security.NiFiAuthenticationFilter;
+import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import 
org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.Arrays;
+
+/**
+ */
+public class KerberosAuthenticationFilter extends NiFiAuthenticationFilter 
{
--- End diff --

I don't believe this filter is necessary anymore as the SPNEGO negotiation 
is performed in the AccessResource at /access/kerberos.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: Nifi 1274

2016-03-19 Thread JPercivall

Github user JPercivall commented on a diff in the pull request:

https://github.com/apache/nifi/pull/284#discussion_r56410434
  
--- Diff: 
nifi-nar-bundles/nifi-update-attribute-bundle/nifi-update-attribute-ui/src/main/java/org/apache/nifi/update/attributes/api/RuleResource.java
 ---
@@ -16,66 +16,63 @@
  */
 package org.apache.nifi.update.attributes.api;
 
-import java.text.Collator;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.List;
-import java.util.Locale;
-import java.util.Set;
-import java.util.UUID;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.CacheControl;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.ResponseBuilder;
-import javax.ws.rs.core.UriBuilder;
-import javax.ws.rs.core.UriInfo;
-
+import com.sun.jersey.api.NotFoundException;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.nifi.update.attributes.Action;
 import org.apache.nifi.update.attributes.Condition;
 import org.apache.nifi.update.attributes.Criteria;
+import org.apache.nifi.update.attributes.FlowFilePolicy;
 import org.apache.nifi.update.attributes.Rule;
 import org.apache.nifi.update.attributes.UpdateAttributeModelFactory;
 import org.apache.nifi.update.attributes.dto.DtoFactory;
 import org.apache.nifi.update.attributes.dto.RuleDTO;
 import org.apache.nifi.update.attributes.entity.ActionEntity;
 import org.apache.nifi.update.attributes.entity.ConditionEntity;
+import org.apache.nifi.update.attributes.entity.EvaluationContextEntity;
 import org.apache.nifi.update.attributes.entity.RuleEntity;
 import org.apache.nifi.update.attributes.entity.RulesEntity;
 import org.apache.nifi.update.attributes.serde.CriteriaSerDe;
-import org.apache.nifi.web.InvalidRevisionException;
-import org.apache.nifi.web.Revision;
-import org.apache.commons.lang3.StringUtils;
-
-import com.sun.jersey.api.NotFoundException;
-
-import org.apache.nifi.update.attributes.FlowFilePolicy;
-import org.apache.nifi.update.attributes.entity.EvaluationContextEntity;
 import org.apache.nifi.web.ComponentDetails;
 import org.apache.nifi.web.HttpServletConfigurationRequestContext;
 import org.apache.nifi.web.HttpServletRequestContext;
+import org.apache.nifi.web.InvalidRevisionException;
 import org.apache.nifi.web.NiFiWebConfigurationContext;
 import org.apache.nifi.web.NiFiWebConfigurationRequestContext;
 import org.apache.nifi.web.NiFiWebRequestContext;
+import org.apache.nifi.web.Revision;
 import org.apache.nifi.web.UiExtensionType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.CacheControl;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
+import javax.ws.rs.core.UriBuilder;
+import javax.ws.rs.core.UriInfo;
+import java.text.Collator;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.List;
+import java.util.Locale;
+import java.util.Set;
+import java.util.UUID;
--- End diff --

From what I can tell, the only changes to this file are to the formatting 
of the imports. In general extraneous modifications should be limited.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: Nifi 1274

2016-03-19 Thread mcgilman

Github user mcgilman commented on a diff in the pull request:

https://github.com/apache/nifi/pull/284#discussion_r56496662
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
 ---
@@ -64,7 +64,7 @@ public void doFilter(final ServletRequest request, final 
ServletResponse respons
 
 }
 
-private boolean requiresAuthentication(final HttpServletRequest 
request) {
--- End diff --

This can stay private since there is no need to override anymore.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: Nifi 1274

2016-03-19 Thread JPercivall

Github user JPercivall commented on a diff in the pull request:

https://github.com/apache/nifi/pull/284#discussion_r56425560
  
--- Diff: 
nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java
 ---
@@ -0,0 +1,118 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.kerberos;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.authentication.AuthenticationResponse;
+import org.apache.nifi.authentication.LoginCredentials;
+import org.apache.nifi.authentication.LoginIdentityProvider;
+import 
org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
+import 
org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
+import org.apache.nifi.authentication.exception.IdentityAccessException;
+import 
org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
+import org.apache.nifi.authorization.exception.ProviderCreationException;
+import 
org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.util.FormatUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import 
org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import 
org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider;
+import 
org.springframework.security.kerberos.authentication.sun.SunJaasKerberosClient;
+
+import java.util.concurrent.TimeUnit;
+
+/**
+ * Kerberos-based implementation of a login identity provider.
+ */
+public class KerberosProvider implements LoginIdentityProvider {
+
+private static final Logger logger = 
LoggerFactory.getLogger(KerberosProvider.class);
+
+private KerberosAuthenticationProvider provider;
+private String issuer;
+private long expiration;
+
+@Override
+public final void initialize(final 
LoginIdentityProviderInitializationContext initializationContext) throws 
ProviderCreationException {
+this.issuer = getClass().getSimpleName();
+}
+
+@Override
+public final void onConfigured(final 
LoginIdentityProviderConfigurationContext configurationContext) throws 
ProviderCreationException {
+final String rawExpiration = 
configurationContext.getProperty("Authentication Expiration");
+if (StringUtils.isBlank(rawExpiration)) {
+throw new ProviderCreationException("The Authentication 
Expiration must be specified.");
+}
+
+try {
+expiration = FormatUtils.getTimeDuration(rawExpiration, 
TimeUnit.MILLISECONDS);
+} catch (final IllegalArgumentException iae) {
+throw new ProviderCreationException(String.format("The 
Expiration Duration '%s' is not a valid time duration", rawExpiration));
+}
+
+provider = new KerberosAuthenticationProvider();
+SunJaasKerberosClient client = new SunJaasKerberosClient();
+client.setDebug(true);
+provider.setKerberosClient(client);
+provider.setUserDetailsService(new KerberosUserDetailsService());
+}
+
+@Override
+public final AuthenticationResponse authenticate(final 
LoginCredentials credentials) throws InvalidLoginCredentialsException, 
IdentityAccessException {
+if (provider == null) {
+throw new IdentityAccessException("The Kerberos authentication 
provider is not initialized.");
+}
+
+try {
+// TODO: Remove debug statements
+logger.info("[REMOVE] Attempting to authenticate Kerberos user 
{} with password {}", credentials.getUsername(), credentials.getPassword());
+
+// Perform the authentication
+final

[GitHub] nifi pull request: Nifi 1274

2016-03-19 Thread alopresto

GitHub user alopresto opened a pull request:

https://github.com/apache/nifi/pull/284

Nifi 1274

Adds support for Kerberos single sign-on via SPNEGO negotiation with 
fallback to Kerberos LoginIdentityProvider (similar to LDAP credential login). 

Initial PR for review. I am adding documentation and will rebase after 
feedback is provided. 

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/alopresto/nifi NIFI-1274

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/nifi/pull/284.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #284


commit 522787dd5f6a11a0e6b8e97266106dfc66d9c09e
Author: Adam Lamar 
Date:   2016-02-21T06:12:56Z

NIFI-1180: Modify PutS3Object to enable encryption

commit f3395b2757305dd516c34f2d6573ad125760ecab
Author: Andy LoPresto 
Date:   2016-02-26T00:21:34Z

Merge branch 'NIFI-1180' of https://github.com/adamonduty/nifi

commit 50fc5b6bc256aa160bbe663f059eca6f71e49bb9
Author: Andy LoPresto 
Date:   2016-03-01T18:26:47Z

Merge branch 'master' of https://github.com/apache/nifi

commit 68c86ad9c86363eba60afae19711a4400888bfc4
Author: Andy LoPresto 
Date:   2016-03-11T23:11:19Z

NIFI-1274 Added nifi-kerberos-iaa-providers-bundle module to nifi/pom.xml.
Added skeleton of Kerberos authenticator using Spring Security Kerberos 
plugin.

commit 2fb038d9c2d5d470e6e007d5131d6130f6ccae35
Author: Andy LoPresto 
Date:   2016-03-12T06:05:02Z

NIFI-1274 Added kerberos module dependencies to nifi/pom.xml and 
nifi-assembly/pom.xml.
Added default properties to login-identity-providers.xml.

commit 513a0f0bcd3e7c8808194106c45a6f3e7098c6d3
Author: Andy LoPresto 
Date:   2016-03-12T06:09:40Z

NIFI-1274 Added working configuration files to test/resources in kerberos 
module to document necessary config. This version requires the user to enter 
their Kerberos username (without realm) and password into the NiFi login screen 
and will authenticate them against the running KDC.
Also includes a sample keystore and root CA public key for configuring a 
secure instance.

commit b97f754d6c4bc65d430d255231e8609163bfab7c
Author: Andy LoPresto 
Date:   2016-03-15T05:28:48Z

NIFI-1274 Added KerberosAuthenticationFilter to conduct SPNEGO 
authentication with local (client) Kerberos ticket.
Added properties and accessors for service principal and keytab location 
for NiFi app server.
Added KAF to NiFiWebApiSecurityConfiguration.
Added AlternateKerberosUserDetailsService to provide user lookup without 
dependency on extension bundle (nifi-kerberos-iaa-provider).
Added dependencies on spring-security-kerberos-core and -web modules to 
pom.xml.

commit 0733574a0d1cd72b7663eadd0fd89c9297731003
Author: Andy LoPresto 
Date:   2016-03-15T18:40:48Z

NIFI-1274 Added temporary solution for Rules Resource access via Kerberos 
ticket.

commit 6670b8bf33bf8018366972217dde8a0956e88194
Author: Andy LoPresto 
Date:   2016-03-15T19:13:53Z

NIFI-1274 Removed temporary solution for Rules Resource access via Kerberos 
ticket.

commit 794b9be508d1fe2042c70ba27a775eee0f4aab32
Author: Andy LoPresto 
Date:   2016-03-15T19:19:25Z

NIFI-1274 Renamed Kerberos discovery method to be explicit about service 
vs. credential login.

commit 22ff40b58994b2cdc0bedcf03d85ec744a37dfd5
Author: Andy LoPresto 
Date:   2016-03-15T19:50:38Z

NIFI-1274 Added check to only instantiate beans when Kerberos enabled to 
allow access control integration tests to pass.

commit ff50eaf0ffc2355e0794135b1aa6610ee562bf3f
Author: Andy LoPresto 
Date:   2016-03-16T02:33:24Z

NIFI-1274 Kerberos SPNEGO works without additional filter (new entry 
endpoint accepts Kerberos ticket in Authorization header and returns JWT so the 
rest of the application functions the same as LDAP).

commit 49d8063bc69e0c73d4ac039e7d0047f865e17fc0
Author: Andy LoPresto 
Date:   2016-03-16T04:01:51Z

NIFI-1274 Fixed canvas call to only attempt Kerberos login if JWT not 
present in local storage.
Added logic to handle ticket validation failure in AccessResource.
Changed wiring of Kerberos service beans to XML in 
nifi-web-security-context.xml for consistency.

commit 2a33ded7c896f73d4c1a203f115e0e6d21f432f4
Author: Andy LoPresto 
Date:   2016-03-16T17:33:36Z

NIFI-1274 Added NiFi properties for Kerberos SSO.

commit 710318a43c7e0c05dc182ba9c7f406bb4eaa7722
Author: Andy LoPresto

[GitHub] nifi pull request: Nifi 1274

2016-03-19 Thread mcgilman

Github user mcgilman commented on a diff in the pull request:

https://github.com/apache/nifi/pull/284#discussion_r56511388
  
--- Diff: 
nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/test/resources/nifi.properties
 ---
@@ -0,0 +1,185 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Core Properties #
+nifi.version=0.6.0-SNAPSHOT
+nifi.flow.configuration.file=./conf/flow.xml.gz
+nifi.flow.configuration.archive.dir=./conf/archive/
+nifi.flowcontroller.autoResumeState=true
+nifi.flowcontroller.graceful.shutdown.period=10 sec
+nifi.flowservice.writedelay.interval=500 ms
+nifi.administrative.yield.duration=30 sec
+# If a component has no work to do (is "bored"), how long should we wait 
before checking again for work?
+nifi.bored.yield.duration=10 millis
+
+nifi.authority.provider.configuration.file=./conf/authority-providers.xml

+nifi.login.identity.provider.configuration.file=./conf/login-identity-providers.xml
+nifi.templates.directory=./conf/templates
+nifi.ui.banner.text=
+nifi.ui.autorefresh.interval=30 sec
+nifi.nar.library.directory=./lib
+nifi.nar.working.directory=./work/nar/
+nifi.documentation.working.directory=./work/docs/components
+
+
+# State Management #
+
+nifi.state.management.configuration.file=./conf/state-management.xml
+# The ID of the local state provider
+nifi.state.management.provider.local=local-provider
+# The ID of the cluster-wide state provider. This will be ignored if NiFi 
is not clustered but must be populated if running in a cluster.
+nifi.state.management.provider.cluster=zk-provider
+# Specifies whether or not this instance of NiFi should run an embedded 
ZooKeeper server
+nifi.state.management.embedded.zookeeper.start=false
+# Properties file that provides the ZooKeeper properties to use if 
 is set to true

+nifi.state.management.embedded.zookeeper.properties=./conf/zookeeper.properties
+
+
+# H2 Settings
+nifi.database.directory=./database_repository
+nifi.h2.url.append=;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE
+
+# FlowFile Repository

+nifi.flowfile.repository.implementation=org.apache.nifi.controller.repository.WriteAheadFlowFileRepository
+nifi.flowfile.repository.directory=./flowfile_repository
+nifi.flowfile.repository.partitions=256
+nifi.flowfile.repository.checkpoint.interval=2 mins
+nifi.flowfile.repository.always.sync=false
+

+nifi.swap.manager.implementation=org.apache.nifi.controller.FileSystemSwapManager
+nifi.queue.swap.threshold=2
+nifi.swap.in.period=5 sec
+nifi.swap.in.threads=1
+nifi.swap.out.period=5 sec
+nifi.swap.out.threads=4
+
+# Content Repository

+nifi.content.repository.implementation=org.apache.nifi.controller.repository.FileSystemRepository
+nifi.content.claim.max.appendable.size=10 MB
+nifi.content.claim.max.flow.files=100
+nifi.content.repository.directory.default=./content_repository
+nifi.content.repository.archive.max.retention.period=12 hours
+nifi.content.repository.archive.max.usage.percentage=50%
+nifi.content.repository.archive.enabled=true
+nifi.content.repository.always.sync=false
+nifi.content.viewer.url=/nifi-content-viewer/
+
+# Provenance Repository Properties

+nifi.provenance.repository.implementation=org.apache.nifi.provenance.PersistentProvenanceRepository
+
+# Persistent Provenance Repository Properties
+nifi.provenance.repository.directory.default=./provenance_repository
+nifi.provenance.repository.max.storage.time=24 hours
+nifi.provenance.repository.max.storage.size=1 GB
+nifi.provenance.repository.rollover.time=30 secs
+nifi.provenance.repository.rollover.size=100 MB
+nifi.provenance.repository.query.threads=2
+nifi.provenance.repository.index.threads=1
+nifi.provenance.repository.compress.on.rollover=true
+nifi.provenance.repository.always.sync=false
+nifi.provenance.repository.journal.count=16
+#

[GitHub] nifi pull request: Nifi 1274

2016-03-19 Thread alopresto

Github user alopresto commented on a diff in the pull request:

https://github.com/apache/nifi/pull/284#discussion_r56411928
  
--- Diff: 
nifi-nar-bundles/nifi-update-attribute-bundle/nifi-update-attribute-ui/src/main/java/org/apache/nifi/update/attributes/api/RuleResource.java
 ---
@@ -16,66 +16,63 @@
  */
 package org.apache.nifi.update.attributes.api;
 
-import java.text.Collator;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.List;
-import java.util.Locale;
-import java.util.Set;
-import java.util.UUID;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.GET;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.CacheControl;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.ResponseBuilder;
-import javax.ws.rs.core.UriBuilder;
-import javax.ws.rs.core.UriInfo;
-
+import com.sun.jersey.api.NotFoundException;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.nifi.update.attributes.Action;
 import org.apache.nifi.update.attributes.Condition;
 import org.apache.nifi.update.attributes.Criteria;
+import org.apache.nifi.update.attributes.FlowFilePolicy;
 import org.apache.nifi.update.attributes.Rule;
 import org.apache.nifi.update.attributes.UpdateAttributeModelFactory;
 import org.apache.nifi.update.attributes.dto.DtoFactory;
 import org.apache.nifi.update.attributes.dto.RuleDTO;
 import org.apache.nifi.update.attributes.entity.ActionEntity;
 import org.apache.nifi.update.attributes.entity.ConditionEntity;
+import org.apache.nifi.update.attributes.entity.EvaluationContextEntity;
 import org.apache.nifi.update.attributes.entity.RuleEntity;
 import org.apache.nifi.update.attributes.entity.RulesEntity;
 import org.apache.nifi.update.attributes.serde.CriteriaSerDe;
-import org.apache.nifi.web.InvalidRevisionException;
-import org.apache.nifi.web.Revision;
-import org.apache.commons.lang3.StringUtils;
-
-import com.sun.jersey.api.NotFoundException;
-
-import org.apache.nifi.update.attributes.FlowFilePolicy;
-import org.apache.nifi.update.attributes.entity.EvaluationContextEntity;
 import org.apache.nifi.web.ComponentDetails;
 import org.apache.nifi.web.HttpServletConfigurationRequestContext;
 import org.apache.nifi.web.HttpServletRequestContext;
+import org.apache.nifi.web.InvalidRevisionException;
 import org.apache.nifi.web.NiFiWebConfigurationContext;
 import org.apache.nifi.web.NiFiWebConfigurationRequestContext;
 import org.apache.nifi.web.NiFiWebRequestContext;
+import org.apache.nifi.web.Revision;
 import org.apache.nifi.web.UiExtensionType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.CacheControl;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
+import javax.ws.rs.core.UriBuilder;
+import javax.ws.rs.core.UriInfo;
+import java.text.Collator;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.List;
+import java.util.Locale;
+import java.util.Set;
+import java.util.UUID;
--- End diff --

Yes, there were other changes here that were reverted and this was my IDE. 
I'll just revert this file. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: Nifi 1274

2016-03-19 Thread mcgilman

Github user mcgilman commented on the pull request:

https://github.com/apache/nifi/pull/284#issuecomment-197860863
  
Looks really good overall. Found a couple things lingering that I believe 
can be removed prior to merging. Additionally, there are a number of 
src/test/resources in the nifi-kerberos-iaa-providers but there are no 
corresponding test cases. Are we comfortable removing these test resources?

Thanks!


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: Nifi 1274

2016-03-19 Thread alopresto

Github user alopresto commented on the pull request:

https://github.com/apache/nifi/pull/284#issuecomment-197610965
  
I removed all added TODO statements. I created NIFI-1637 to refactor the 
duplicated `KerberosUserDetailsService` and 
`AlternateKerberosUserDetailsService` to a shared utility module. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: Nifi 1274

2016-03-19 Thread JPercivall

Github user JPercivall commented on the pull request:

https://github.com/apache/nifi/pull/284#issuecomment-197944422
  
+1 (with Gilman's last modifications)

Used Gilman's branch to do a contrib check build, reviewed that comments 
were addressed and ran through setting up a kerberos secure nifi instance. 
Looks good.

Thanks for contributing this awesome new feature!


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: Nifi 1274

2016-03-19 Thread JPercivall

Github user JPercivall commented on a diff in the pull request:

https://github.com/apache/nifi/pull/284#discussion_r56507392
  
--- Diff: 
nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtService.java
 ---
@@ -70,8 +70,6 @@ public String getAuthenticationFromToken(final String 
base64EncodedToken) throws
 
 // TODO: Validate issuer against active registry?
--- End diff --

Reason for keeping this TODO?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: Nifi 1274

2016-03-18 Thread mcgilman

Github user mcgilman commented on a diff in the pull request:

https://github.com/apache/nifi/pull/284#discussion_r56510044
  
--- Diff: 
nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/test/resources/nifi.properties
 ---
@@ -0,0 +1,185 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Core Properties #
+nifi.version=0.6.0-SNAPSHOT
+nifi.flow.configuration.file=./conf/flow.xml.gz
+nifi.flow.configuration.archive.dir=./conf/archive/
+nifi.flowcontroller.autoResumeState=true
+nifi.flowcontroller.graceful.shutdown.period=10 sec
+nifi.flowservice.writedelay.interval=500 ms
+nifi.administrative.yield.duration=30 sec
+# If a component has no work to do (is "bored"), how long should we wait 
before checking again for work?
+nifi.bored.yield.duration=10 millis
+
+nifi.authority.provider.configuration.file=./conf/authority-providers.xml

+nifi.login.identity.provider.configuration.file=./conf/login-identity-providers.xml
+nifi.templates.directory=./conf/templates
+nifi.ui.banner.text=
+nifi.ui.autorefresh.interval=30 sec
+nifi.nar.library.directory=./lib
+nifi.nar.working.directory=./work/nar/
+nifi.documentation.working.directory=./work/docs/components
+
+
+# State Management #
+
+nifi.state.management.configuration.file=./conf/state-management.xml
+# The ID of the local state provider
+nifi.state.management.provider.local=local-provider
+# The ID of the cluster-wide state provider. This will be ignored if NiFi 
is not clustered but must be populated if running in a cluster.
+nifi.state.management.provider.cluster=zk-provider
+# Specifies whether or not this instance of NiFi should run an embedded 
ZooKeeper server
+nifi.state.management.embedded.zookeeper.start=false
+# Properties file that provides the ZooKeeper properties to use if 
 is set to true

+nifi.state.management.embedded.zookeeper.properties=./conf/zookeeper.properties
+
+
+# H2 Settings
+nifi.database.directory=./database_repository
+nifi.h2.url.append=;LOCK_TIMEOUT=25000;WRITE_DELAY=0;AUTO_SERVER=FALSE
+
+# FlowFile Repository

+nifi.flowfile.repository.implementation=org.apache.nifi.controller.repository.WriteAheadFlowFileRepository
+nifi.flowfile.repository.directory=./flowfile_repository
+nifi.flowfile.repository.partitions=256
+nifi.flowfile.repository.checkpoint.interval=2 mins
+nifi.flowfile.repository.always.sync=false
+

+nifi.swap.manager.implementation=org.apache.nifi.controller.FileSystemSwapManager
+nifi.queue.swap.threshold=2
+nifi.swap.in.period=5 sec
+nifi.swap.in.threads=1
+nifi.swap.out.period=5 sec
+nifi.swap.out.threads=4
+
+# Content Repository

+nifi.content.repository.implementation=org.apache.nifi.controller.repository.FileSystemRepository
+nifi.content.claim.max.appendable.size=10 MB
+nifi.content.claim.max.flow.files=100
+nifi.content.repository.directory.default=./content_repository
+nifi.content.repository.archive.max.retention.period=12 hours
+nifi.content.repository.archive.max.usage.percentage=50%
+nifi.content.repository.archive.enabled=true
+nifi.content.repository.always.sync=false
+nifi.content.viewer.url=/nifi-content-viewer/
+
+# Provenance Repository Properties

+nifi.provenance.repository.implementation=org.apache.nifi.provenance.PersistentProvenanceRepository
+
+# Persistent Provenance Repository Properties
+nifi.provenance.repository.directory.default=./provenance_repository
+nifi.provenance.repository.max.storage.time=24 hours
+nifi.provenance.repository.max.storage.size=1 GB
+nifi.provenance.repository.rollover.time=30 secs
+nifi.provenance.repository.rollover.size=100 MB
+nifi.provenance.repository.query.threads=2
+nifi.provenance.repository.index.threads=1
+nifi.provenance.repository.compress.on.rollover=true
+nifi.provenance.repository.always.sync=false
+nifi.provenance.repository.journal.count=16
+#

[GitHub] nifi pull request: Nifi 1274

2016-03-18 Thread JPercivall

Github user JPercivall commented on the pull request:

https://github.com/apache/nifi/pull/284#issuecomment-197582465
  
There are multiple "todo" comments. What is the plan for them? It appears 
that some are just comments on the code, some can be removed (already done), 
and a few could become follow-up tickets after committing.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: Nifi 1274

2016-03-18 Thread mcgilman

Github user mcgilman commented on the pull request:

https://github.com/apache/nifi/pull/284#issuecomment-197504323
  
Reviewing... :)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

[GitHub] nifi pull request: Nifi 1274

18 matches

Site Navigation

Mail list logo

Footer information