[GitHub] nifi-registry pull request #29: NIFIREG-33 Add LDAP and JWT auth support
Github user asfgit closed the pull request at: https://github.com/apache/nifi-registry/pull/29 ---
[GitHub] nifi-registry pull request #29: NIFIREG-33 Add LDAP and JWT auth support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/29#discussion_r149377495 --- Diff: nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java --- @@ -49,6 +49,8 @@ public static final String SECURITY_NEED_CLIENT_AUTH = "nifi.registry.security.needClientAuth"; public static final String SECURITY_AUTHORIZERS_CONFIGURATION_FILE = "nifi.registry.security.authorizers.configuration.file"; public static final String SECURITY_AUTHORIZER = "nifi.registry.security.authorizer"; +public static final String SECURITY_IDENTITY_PROVIDER_CONFIGURATION_FILE = "nifi.registry.security.identity.provider.configuration.file"; --- End diff -- Yep, good catch. Will update this. ---
[GitHub] nifi-registry pull request #29: NIFIREG-33 Add LDAP and JWT auth support
Github user bbende commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/29#discussion_r149151449 --- Diff: nifi-registry-properties/src/main/java/org/apache/nifi/registry/properties/NiFiRegistryProperties.java --- @@ -49,6 +49,8 @@ public static final String SECURITY_NEED_CLIENT_AUTH = "nifi.registry.security.needClientAuth"; public static final String SECURITY_AUTHORIZERS_CONFIGURATION_FILE = "nifi.registry.security.authorizers.configuration.file"; public static final String SECURITY_AUTHORIZER = "nifi.registry.security.authorizer"; +public static final String SECURITY_IDENTITY_PROVIDER_CONFIGURATION_FILE = "nifi.registry.security.identity.provider.configuration.file"; --- End diff -- We should add these to the default nifi-registry.properties file in nifi-registry-resources, and we need to add the identity-providers.xml in there so that the assembly has them ---
[GitHub] nifi-registry pull request #29: NIFIREG-33 Add LDAP and JWT auth support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/29#discussion_r147711295 --- Diff: nifi-registry-framework/src/main/resources/db/migration/V1__Initial.sql --- @@ -43,4 +43,11 @@ CREATE TABLE FLOW_SNAPSHOT ( COMMENTS VARCHAR(4096), PRIMARY KEY (FLOW_ID, VERSION), FOREIGN KEY (FLOW_ID) REFERENCES FLOW(ID) +); + +CREATE TABLE SIGNING_KEY ( +ID VARCHAR2(50) NOT NULL, +TENANT_IDENTITY VARCHAR2(50) NOT NULL UNIQUE, +KEY_VALUE VARCHAR2(50) NOT NULL, +PRIMARY KEY (ID) --- End diff -- Let me know if the preference is to make this V2__*.sql. I added it here assuming that we didn't have to worry about any production deployments of nifi-registiry-0.0.1-SNAPSHOT ð ---
[GitHub] nifi-registry pull request #29: NIFIREG-33 Add LDAP and JWT auth support
Github user kevdoran commented on a diff in the pull request: https://github.com/apache/nifi-registry/pull/29#discussion_r147697839 --- Diff: nifi-registry-framework/src/main/resources/META-INF/services/org.apache.nifi.registry.security.authorization.AccessPolicyProvider --- @@ -0,0 +1,31 @@ +# --- End diff -- License got pasted twice, will fix ---
[GitHub] nifi-registry pull request #29: NIFIREG-33 Add LDAP and JWT auth support
GitHub user kevdoran opened a pull request: https://github.com/apache/nifi-registry/pull/29 NIFIREG-33 Add LDAP and JWT auth support - Adds LdapIdentityProvider for authentication - Adds /access/token endpoint for generating JWT for users that can authenticate with a configured IdenitiyProvider - Adds JwtAuthenticationProvider for authentication - Adds KeyService for key generation and tracking for signing JWTs - Adds LdapUserGroupProvider for authorization - Adds LDAP integration tests - Refactors nifi-registry-security-api-impl into nifi-registry-framework - Refactors all security related packages, such as o.a.n.r.authorization and o.a.n.r.authentication, under org.apache.nifi.registry.security You can merge this pull request into a Git repository by running: $ git pull https://github.com/kevdoran/nifi-registry NIFIREG-33-squashed Alternatively you can review and apply these changes as the patch at: https://github.com/apache/nifi-registry/pull/29.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #29 commit f01213a80b6e2cbf452d2359d2b6fd9183e6e346 Author: Kevin Doran Date: 2017-10-12T17:54:34Z NIFIREG-33 Add LDAP and JWT auth support - Adds LdapIdentityProvider for authentication - Adds /access/token endpoint for generating JWT for users that can authenticate with a configured IdenitiyProvider - Adds JwtAuthenticationProvider for authentication - Adds KeyService for key generation and tracking for signing JWTs - Adds LdapUserGroupProvider for authorization - Adds LDAP integration tests - Refactors nifi-registry-security-api-impl into nifi-registry-framework - Refactors all security related packages, such as o.a.n.r.authorization and o.a.n.r.authentication, under org.apache.nifi.registry.security ---
