[jira] [Updated] (NIFIREG-75) Composite and CompositeConfigurable UserGroupProviders don't consider all providers when looking up users and groups

2017-12-21 Thread Kevin Doran (JIRA) 

 [ 
https://issues.apache.org/jira/browse/NIFIREG-75?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kevin Doran updated NIFIREG-75:
---
Summary: Composite and CompositeConfigurable UserGroupProviders don't 
consider all providers when looking up users and groups  (was: Composite and 
Composite UserGroupProviders don't consider all providers when looking up users 
and groups)

> Composite and CompositeConfigurable UserGroupProviders don't consider all 
> providers when looking up users and groups
> 
>
> Key: NIFIREG-75
> URL: https://issues.apache.org/jira/browse/NIFIREG-75
> Project: NiFi Registry
>  Issue Type: Bug
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 0.0.1
>
>
> In FileUserGroupProvider, when a new group is created, all the users in the 
> group are checked to ensure they are known to the FileUserGroupProvider prior 
> to creating the group.
> However, when a group is updated, a similar check does not exist, allowing 
> one to add invalid users to a group. This gets the server in a bad state with 
> unexpected behavior surrounding authorization actions.
> Note that this logic was ported from NiFi, so NiFi should probably be updated 
> with the same fix after verifying this is the intended behavior (having the 
> check on update).



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Updated] (NIFIREG-75) Composite and CompositeConfigurable UserGroupProviders don't consider all providers when looking up users and groups

2017-12-21 Thread Kevin Doran (JIRA) 

 [ 
https://issues.apache.org/jira/browse/NIFIREG-75?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Kevin Doran updated NIFIREG-75:
---
Description: 
In FileUserGroupProvider, when a new group is created, all the users in the 
group are checked to ensure they are known to the FileUserGroupProvider prior 
to creating the group.

This check should be removed, and an integrity check should be placed in the 
entity managing all user group providers (eg, CompositeUserGroupProvider and 
CompositeConfigurableUserGroupProvider).

Also, when loading a user identity, all UserGroupProviders should be considered 
for finding groups the user to which the user belongs.

  was:
In FileUserGroupProvider, when a new group is created, all the users in the 
group are checked to ensure they are known to the FileUserGroupProvider prior 
to creating the group.

However, when a group is updated, a similar check does not exist, allowing one 
to add invalid users to a group. This gets the server in a bad state with 
unexpected behavior surrounding authorization actions.

Note that this logic was ported from NiFi, so NiFi should probably be updated 
with the same fix after verifying this is the intended behavior (having the 
check on update).


> Composite and CompositeConfigurable UserGroupProviders don't consider all 
> providers when looking up users and groups
> 
>
> Key: NIFIREG-75
> URL: https://issues.apache.org/jira/browse/NIFIREG-75
> Project: NiFi Registry
>  Issue Type: Bug
>Reporter: Kevin Doran
>Assignee: Kevin Doran
> Fix For: 0.0.1
>
>
> In FileUserGroupProvider, when a new group is created, all the users in the 
> group are checked to ensure they are known to the FileUserGroupProvider prior 
> to creating the group.
> This check should be removed, and an integrity check should be placed in the 
> entity managing all user group providers (eg, CompositeUserGroupProvider and 
> CompositeConfigurableUserGroupProvider).
> Also, when loading a user identity, all UserGroupProviders should be 
> considered for finding groups the user to which the user belongs.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)