Repository: nifi Updated Branches: refs/heads/NIFI-655 d41b83c19 -> 018c0864e
NIFI-655: - Adding more/better support for logging out. Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/d47c00f0 Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/d47c00f0 Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/d47c00f0 Branch: refs/heads/NIFI-655 Commit: d47c00f00e8ea28e023b393cec97cb81ea382a1d Parents: d41b83c Author: Matt Gilman <matt.c.gil...@gmail.com> Authored: Fri Nov 6 18:06:47 2015 -0500 Committer: Matt Gilman <matt.c.gil...@gmail.com> Committed: Fri Nov 6 18:06:47 2015 -0500 ---------------------------------------------------------------------- .../web/NiFiWebApiSecurityConfiguration.java | 13 +++--- .../form/LoginAuthenticationFilter.java | 10 +++++ .../web/security/form/RegistrationFilter.java | 5 --- .../src/main/webapp/WEB-INF/pages/login.jsp | 3 ++ .../main/webapp/WEB-INF/pages/message-page.jsp | 4 +- .../WEB-INF/partials/canvas/canvas-header.jsp | 2 +- .../partials/login/nifi-registration-form.jsp | 2 - .../webapp/WEB-INF/partials/message-pane.jsp | 7 ++- .../nifi-web-ui/src/main/webapp/css/login.css | 7 --- .../nifi-web-ui/src/main/webapp/css/main.css | 11 +++++ .../src/main/webapp/js/nf/login/nf-login.js | 45 +++++++++++++------- .../src/main/webapp/js/nf/nf-common.js | 19 ++++++++- 12 files changed, 86 insertions(+), 42 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/d47c00f0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java index 3d7544e..7d1b02b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java @@ -88,16 +88,15 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte .sessionManagement() .sessionCreationPolicy(SessionCreationPolicy.STATELESS); - // verify that login authentication is enabled if (loginIdentityProvider != null) { - // login authentication for /token - exchanges for JWT for subsequent API usage - http.addFilterBefore(buildLoginFilter("/token"), UsernamePasswordAuthenticationFilter.class); - // verify the configured login authenticator supports user login registration if (loginIdentityProvider.supportsRegistration()) { http.addFilterBefore(buildRegistrationFilter("/registration"), UsernamePasswordAuthenticationFilter.class); } } + + // login authentication for /token - exchanges for JWT for subsequent API usage + http.addFilterBefore(buildLoginFilter("/token"), UsernamePasswordAuthenticationFilter.class); // registration status - will check the status of a user's account registration (regardless if its based on login or not) http.addFilterBefore(buildRegistrationStatusFilter("/registration/status"), UsernamePasswordAuthenticationFilter.class); @@ -111,8 +110,10 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte // x509 http.addFilterAfter(buildX509Filter(), AnonymousAuthenticationFilter.class); - // jwt - http.addFilterAfter(buildJwtFilter(), AnonymousAuthenticationFilter.class); + // jwt - consider when configured for log in + if (loginIdentityProvider != null) { + http.addFilterAfter(buildJwtFilter(), AnonymousAuthenticationFilter.class); + } } @Bean http://git-wip-us.apache.org/repos/asf/nifi/blob/d47c00f0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java index 456a2b2..2c10863 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/LoginAuthenticationFilter.java @@ -86,6 +86,11 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF // if there is no certificate, look for an existing token if (certificate == null) { + // if not configured for login, don't consider existing tokens + if (loginIdentityProvider == null) { + throw new BadCredentialsException("Login not supported."); + } + final String principal = jwtService.getAuthentication(request); if (principal == null) { @@ -129,6 +134,11 @@ public class LoginAuthenticationFilter extends AbstractAuthenticationProcessingF return new LoginAuthenticationToken(preAuthenticatedCredentials); } } else { + // if not configuration for login, don't consider credentials + if (loginIdentityProvider == null) { + throw new BadCredentialsException("Login not supported."); + } + if (loginIdentityProvider.authenticate(credentials)) { return new LoginAuthenticationToken(credentials); } else { http://git-wip-us.apache.org/repos/asf/nifi/blob/d47c00f0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/RegistrationFilter.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/RegistrationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/RegistrationFilter.java index 39adb68..68d7383 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/RegistrationFilter.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/form/RegistrationFilter.java @@ -120,11 +120,6 @@ public class RegistrationFilter extends AbstractAuthenticationProcessingFilter { // generate JWT for response jwtService.addToken(response, authentication); - - // mark as successful - response.setStatus(HttpServletResponse.SC_CREATED); - response.setContentType("text/plain"); - response.setContentLength(0); } @Override http://git-wip-us.apache.org/repos/asf/nifi/blob/d47c00f0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/login.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/login.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/login.jsp index e2b7b9b..a4967b1 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/login.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/login.jsp @@ -37,6 +37,9 @@ ${nf.login.script.tags} </head> <body class="login-body"> + <div id="user-logout-container" class="hidden"> + <span id="user-logout" class="link">logout</span> + </div> <div id="login-contents-container"> <jsp:include page="/WEB-INF/partials/login/login-message.jsp"/> <jsp:include page="/WEB-INF/partials/login/login-form.jsp"/> http://git-wip-us.apache.org/repos/asf/nifi/blob/d47c00f0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/message-page.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/message-page.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/message-page.jsp index 796877f..b0ba026 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/message-page.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/message-page.jsp @@ -27,8 +27,8 @@ <body class="message-pane"> <div class="message-pane-message-box"> - <p class="message-pane-title"><%= request.getAttribute("title") == null ? "" : org.apache.nifi.util.EscapeUtils.escapeHtml(request.getAttribute("title").toString()) %></p> - <p class="message-pane-content"><%= request.getAttribute("messages") == null ? "" : org.apache.nifi.util.EscapeUtils.escapeHtml(request.getAttribute("messages").toString()) %></p> + <div class="message-pane-title"><%= request.getAttribute("title") == null ? "" : org.apache.nifi.util.EscapeUtils.escapeHtml(request.getAttribute("title").toString()) %></div> + <div class="message-pane-content"><%= request.getAttribute("messages") == null ? "" : org.apache.nifi.util.EscapeUtils.escapeHtml(request.getAttribute("messages").toString()) %></div> </div> </body> </html> http://git-wip-us.apache.org/repos/asf/nifi/blob/d47c00f0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp index 204b1b3..2ea7ca6 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp @@ -45,7 +45,7 @@ <div id="header-links-container"> <ul> <li id="current-user-container"> - <div id="anonymous-user-alert"></div> + <div id="anonymous-user-alert" class="hidden"></div> <div id="current-user"></div> <div class="clear"></div> </li> http://git-wip-us.apache.org/repos/asf/nifi/blob/d47c00f0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/nifi-registration-form.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/nifi-registration-form.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/nifi-registration-form.jsp index 90d3556..101119c 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/nifi-registration-form.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/login/nifi-registration-form.jsp @@ -22,8 +22,6 @@ <div class="setting-name">User</div> <div class="setting-field"> <div id="nifi-user-submit-justification"></div> - <span id="nifi-user-submit-justification-logout" class="link hidden">logout</span> - <div class="clear"></div> </div> </div> </div> http://git-wip-us.apache.org/repos/asf/nifi/blob/d47c00f0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/message-pane.jsp ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/message-pane.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/message-pane.jsp index 1bdec3d..db5dece 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/message-pane.jsp +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/message-pane.jsp @@ -16,8 +16,11 @@ --%> <%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %> <div id="message-pane" class="message-pane hidden"> + <div id="user-logout-container" class="hidden"> + <span id="user-logout" class="link">logout</span> + </div> <div class="message-pane-message-box"> - <p id="message-title" class="message-pane-title"></p> - <p id="message-content" class="message-pane-content"></p> + <div id="message-title" class="message-pane-title"></div> + <div id="message-content" class="message-pane-content"></div> </div> </div> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/d47c00f0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/login.css ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/login.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/login.css index 29ef12a..f055d1a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/login.css +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/login.css @@ -81,16 +81,9 @@ body.login-body input, body.login-body textarea { } #nifi-user-submit-justification { - float: left; font-weight: bold; } -#nifi-user-submit-justification-logout { - margin-left: 10px; - float: left; - text-decoration: underline; -} - #nifi-registration-justification { height: 200px; } http://git-wip-us.apache.org/repos/asf/nifi/blob/d47c00f0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/main.css ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/main.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/main.css index 2e43a8b..deadcd5 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/main.css +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/main.css @@ -77,6 +77,17 @@ div.context-menu-provenance { background-position: top left; } +#user-logout-container { + position: absolute; + left: 478px; + top: 100px; + z-index: 1300; +} + +#user-logout { + text-decoration: underline; +} + /* General Styles */ http://git-wip-us.apache.org/repos/asf/nifi/blob/d47c00f0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js index f5411af..88156ef 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/login/nf-login.js @@ -23,7 +23,7 @@ $(document).ready(function () { nf.Login = (function () { - var isAnonymous = false; + var supportsAnonymous = false; var config = { urls: { @@ -70,7 +70,7 @@ nf.Login = (function () { $('#nifi-registration-justification').count({ charCountField: '#remaining-characters' }); - + // toggle between signup and login $('#login-to-account-link').on('click', function () { showLogin(); @@ -165,9 +165,14 @@ nf.Login = (function () { 'password': password, 'justification': $('#nifi-registration-justification').val() } - }).done(function (response, status, xhr) { + }).done(function (jwt) { + // store the jwt + nf.Storage.setItem('jwt', jwt); + showLogoutLink(); + + // inform the user of their pending request var markup = 'An administrator will process your request shortly.'; - if (isAnonymous === true) { + if (supportsAnonymous === true) { markup += '<br/><br/>In the meantime you can continue accessing anonymously.'; } @@ -195,7 +200,7 @@ nf.Login = (function () { } }).done(function (response) { var markup = 'An administrator will process your request shortly.'; - if (isAnonymous === true) { + if (supportsAnonymous === true) { markup += '<br/><br/>In the meantime you can continue accessing anonymously.'; } @@ -239,6 +244,20 @@ nf.Login = (function () { return ''; }; + var logout = function () { + nf.Storage.removeItem('jwt'); + }; + + var showLogoutLink = function () { + $('#user-logout-container').show(); + + // handle logout + $('#user-logout').on('click', function () { + logout(); + window.location = '/nifi/login'; + }); + }; + return { /** * Initializes the login page. @@ -250,15 +269,9 @@ nf.Login = (function () { var needsLogin = false; var needsNiFiRegistration = false; - var logout = function () { - nf.Storage.removeItem('jwt'); - }; - - // handle logout - $('#nifi-user-submit-justification-logout').on('click', function () { - logout(); - window.location = '/nifi/login'; - }); + if (nf.Storage.getItem('jwt') !== null) { + showLogoutLink(); + } var token = $.ajax({ type: 'GET', @@ -276,7 +289,7 @@ nf.Login = (function () { identity.done(function (response) { // if the user is anonymous see if they need to login or if they are working with a certificate if (response.identity === 'anonymous') { - isAnonymous = true; + supportsAnonymous = true; // request a token without including credentials, if successful then the user is using a certificate token.done(function (jwt) { @@ -294,7 +307,7 @@ nf.Login = (function () { }).fail(function (xhr, status, error) { if (xhr.status === 401) { var user = getJwtSubject(jwt); - + // show the user $('#nifi-user-submit-justification').text(user); http://git-wip-us.apache.org/repos/asf/nifi/blob/d47c00f0/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js index 8c023e7..9b321c3 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-common.js @@ -63,6 +63,23 @@ $(document).ready(function () { // initialize the tooltips $('img.setting-icon').qtip(nf.Common.config.tooltipConfig); + + // shows the logout link in the message-pane when appropriate + if (nf.Storage.getItem('jwt')) { + $('#user-logout-container').show(); + } + + // handle logout + $('#user-logout').on('click', function () { + nf.Storage.removeItem('jwt'); + + // reload as appropriate + if (top !== window) { + parent.window.location = '/nifi'; + } else { + window.location = '/nifi'; + } + }); }); // Define a common utility class used across the entire application. @@ -219,7 +236,7 @@ nf.Common = { } else { $('#message-content').text(xhr.responseText); } - + // show the error pane $('#message-pane').show();