NIFI-7924: review feedback addressed

Author: sjyang18

nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java

@@ -1020,7 +1020,7 @@ public String getOidcClaimIdentifyingUser() {
     public List<String> getOidcFallbackClaimsIdentifyingUser() {
         String rawProperty = getProperty(SECURITY_USER_OIDC_FALLBACK_CLAIMS_IDENTIFYING_USER, "").trim();
         if (rawProperty.isEmpty()) {
-            return new ArrayList<>();
+            return Collections.emptyList();
         } else {
             List<String> fallbackClaims = Arrays.asList(rawProperty.split(","));
             return fallbackClaims.stream().map(String::trim).collect(Collectors.toList());

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/oidc/StandardOidcIdentityProvider.java

@@ -440,13 +440,10 @@ private LoginAuthenticationToken convertOIDCTokenToLoginAuthenticationToken(OIDC
                 logger.info("The 'email' claim was present. Using that claim to avoid extra remote call");
             } else {
                 final List<String> fallbackClaims = properties.getOidcFallbackClaimsIdentifyingUser();
-                if (fallbackClaims.size() > 0) {
-                    logger.info("fallbackClaims.size() : " + fallbackClaims.size());
-                    for (String fallbackClaim : fallbackClaims) {
-                        if (availableClaims.contains(fallbackClaim)) {
-                            identity = claimsSet.getStringClaim(fallbackClaim);
-                            break;
-                        }
+                for (String fallbackClaim : fallbackClaims) {
+                    if (availableClaims.contains(fallbackClaim)) {
+                        identity = claimsSet.getStringClaim(fallbackClaim);
+                        break;
                     }
                 }
                 if (StringUtils.isBlank(identity)) {

nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/groovy/org/apache/nifi/web/security/oidc/StandardOidcIdentityProviderGroovyTest.groovy

@@ -415,8 +415,9 @@ class StandardOidcIdentityProviderGroovyTest extends GroovyTestCase {
     void testconvertOIDCTokenToLoginAuthenticationTokenShouldHandleNoEmailClaimHasFallbackClaims() {
         // Arrange
         StandardOidcIdentityProvider soip = buildIdentityProviderWithMockTokenValidator(["getOidcClaimIdentifyingUser": "email", "getOidcFallbackClaimsIdentifyingUser": ["upn"] ])
+        String expectedUpn = "xxx@aaddomain";
 
-        OIDCTokenResponse mockResponse = mockOIDCTokenResponse(["email": null, "upn": "xxx@aaddomain"])
+        OIDCTokenResponse mockResponse = mockOIDCTokenResponse(["email": null, "upn": expectedUpn])
         logger.info("OIDC Token Response with no email and upn: ${mockResponse.dump()}")
 
         String loginToken = soip.convertOIDCTokenToLoginAuthenticationToken(mockResponse)
@@ -425,7 +426,7 @@ class StandardOidcIdentityProviderGroovyTest extends GroovyTestCase {
         // Split JWT into components and decode Base64 to JSON
         def (String contents, String expiration) = loginToken.tokenize("\\[\\]")
         logger.info("Token contents: ${contents} | Expiration: ${expiration}")
-        assert contents =~ "LoginAuthenticationToken for xxx@aaddomain issued by https://accounts\\.issuer\\.com expiring at"
+        assert contents =~ "LoginAuthenticationToken for ${expectedUpn} issued by https://accounts\\.issuer\\.com expiring at"
 
 
     }