Examples with Authorization io.swagger.annotations.Authorization used on opensource projects

Example 1 with Authorization

use of io.swagger.annotations.Authorization in project swagger-core by swagger-api.

the class ServletReaderExtension method parseAuthorizations.

private static List<SecurityRequirement> parseAuthorizations(Authorization[] authorizations) {
    final List<SecurityRequirement> result = new ArrayList<SecurityRequirement>();
    for (Authorization auth : authorizations) {
        if (StringUtils.isNotEmpty(auth.value())) {
            final SecurityRequirement security = new SecurityRequirement();
            security.setName(auth.value());
            for (AuthorizationScope scope : auth.scopes()) {
                if (StringUtils.isNotEmpty(scope.scope())) {
                    security.addScope(scope.scope());
                }
            }
            result.add(security);
        }
    }
    return result;
}

Example 2 with Authorization

use of io.swagger.annotations.Authorization in project swagger-core by swagger-api.

the class Reader method parseMethod.

private Operation parseMethod(Class<?> cls, Method method, AnnotatedMethod annotatedMethod, List<Parameter> globalParameters, List<ApiResponse> classApiResponses) {
    Operation operation = new Operation();
    if (annotatedMethod != null) {
        method = annotatedMethod.getAnnotated();
    }
    ApiOperation apiOperation = ReflectionUtils.getAnnotation(method, ApiOperation.class);
    ApiResponses responseAnnotation = ReflectionUtils.getAnnotation(method, ApiResponses.class);
    String operationId = null;
    // check if it's an inherited or implemented method.
    boolean methodInSuperType = false;
    if (!cls.isInterface()) {
        methodInSuperType = ReflectionUtils.findMethod(method, cls.getSuperclass()) != null;
    }
    if (!methodInSuperType) {
        for (Class<?> implementedInterface : cls.getInterfaces()) {
            methodInSuperType = ReflectionUtils.findMethod(method, implementedInterface) != null;
            if (methodInSuperType) {
                break;
            }
        }
    }
    if (!methodInSuperType) {
        operationId = method.getName();
    } else {
        operationId = this.getOperationId(method.getName());
    }
    String responseContainer = null;
    Type responseType = null;
    Map<String, Property> defaultResponseHeaders = new LinkedHashMap<String, Property>();
    if (apiOperation != null) {
        if (apiOperation.hidden()) {
            return null;
        }
        if (!apiOperation.nickname().isEmpty()) {
            operationId = apiOperation.nickname();
        }
        defaultResponseHeaders = parseResponseHeaders(apiOperation.responseHeaders());
        operation.summary(apiOperation.value()).description(apiOperation.notes());
        if (!isVoid(apiOperation.response())) {
            responseType = apiOperation.response();
        }
        if (!apiOperation.responseContainer().isEmpty()) {
            responseContainer = apiOperation.responseContainer();
        }
        List<SecurityRequirement> securities = new ArrayList<SecurityRequirement>();
        for (Authorization auth : apiOperation.authorizations()) {
            if (!auth.value().isEmpty()) {
                SecurityRequirement security = new SecurityRequirement();
                security.setName(auth.value());
                for (AuthorizationScope scope : auth.scopes()) {
                    if (!scope.scope().isEmpty()) {
                        security.addScope(scope.scope());
                    }
                }
                securities.add(security);
            }
        }
        for (SecurityRequirement sec : securities) {
            operation.security(sec);
        }
        if (!apiOperation.consumes().isEmpty()) {
            String[] consumesAr = ReaderUtils.splitContentValues(new String[] { apiOperation.consumes() });
            for (String consume : consumesAr) {
                operation.consumes(consume);
            }
        }
        if (!apiOperation.produces().isEmpty()) {
            String[] producesAr = ReaderUtils.splitContentValues(new String[] { apiOperation.produces() });
            for (String produce : producesAr) {
                operation.produces(produce);
            }
        }
    }
    if (apiOperation != null && StringUtils.isNotEmpty(apiOperation.responseReference())) {
        Response response = new Response().description(SUCCESSFUL_OPERATION);
        response.schema(new RefProperty(apiOperation.responseReference()));
        operation.addResponse(String.valueOf(apiOperation.code()), response);
    } else if (responseType == null) {
        // pick out response from method declaration
        LOGGER.debug("picking up response class from method {}", method);
        responseType = method.getGenericReturnType();
    }
    if (isValidResponse(responseType)) {
        final Property property = ModelConverters.getInstance().readAsProperty(responseType);
        if (property != null) {
            final Property responseProperty = ContainerWrapper.wrapContainer(responseContainer, property);
            final int responseCode = (apiOperation == null) ? 200 : apiOperation.code();
            operation.response(responseCode, new Response().description(SUCCESSFUL_OPERATION).schema(responseProperty).headers(defaultResponseHeaders));
            appendModels(responseType);
        }
    }
    operation.operationId(operationId);
    if (operation.getConsumes() == null || operation.getConsumes().isEmpty()) {
        final Consumes consumes = ReflectionUtils.getAnnotation(method, Consumes.class);
        if (consumes != null) {
            for (String mediaType : ReaderUtils.splitContentValues(consumes.value())) {
                operation.consumes(mediaType);
            }
        }
    }
    if (operation.getProduces() == null || operation.getProduces().isEmpty()) {
        final Produces produces = ReflectionUtils.getAnnotation(method, Produces.class);
        if (produces != null) {
            for (String mediaType : ReaderUtils.splitContentValues(produces.value())) {
                operation.produces(mediaType);
            }
        }
    }
    List<ApiResponse> apiResponses = new ArrayList<ApiResponse>();
    if (responseAnnotation != null) {
        apiResponses.addAll(Arrays.asList(responseAnnotation.value()));
    }
    Class<?>[] exceptionTypes = method.getExceptionTypes();
    for (Class<?> exceptionType : exceptionTypes) {
        ApiResponses exceptionResponses = ReflectionUtils.getAnnotation(exceptionType, ApiResponses.class);
        if (exceptionResponses != null) {
            apiResponses.addAll(Arrays.asList(exceptionResponses.value()));
        }
    }
    for (ApiResponse apiResponse : apiResponses) {
        addResponse(operation, apiResponse);
    }
    // merge class level @ApiResponse
    for (ApiResponse apiResponse : classApiResponses) {
        String key = (apiResponse.code() == 0) ? "default" : String.valueOf(apiResponse.code());
        if (operation.getResponses() != null && operation.getResponses().containsKey(key)) {
            continue;
        }
        addResponse(operation, apiResponse);
    }
    if (ReflectionUtils.getAnnotation(method, Deprecated.class) != null) {
        operation.setDeprecated(true);
    }
    // process parameters
    for (Parameter globalParameter : globalParameters) {
        operation.parameter(globalParameter);
    }
    Annotation[][] paramAnnotations = ReflectionUtils.getParameterAnnotations(method);
    if (annotatedMethod == null) {
        Type[] genericParameterTypes = method.getGenericParameterTypes();
        for (int i = 0; i < genericParameterTypes.length; i++) {
            final Type type = TypeFactory.defaultInstance().constructType(genericParameterTypes[i], cls);
            List<Parameter> parameters = getParameters(type, Arrays.asList(paramAnnotations[i]));
            for (Parameter parameter : parameters) {
                operation.parameter(parameter);
            }
        }
    } else {
        for (int i = 0; i < annotatedMethod.getParameterCount(); i++) {
            AnnotatedParameter param = annotatedMethod.getParameter(i);
            final Type type = TypeFactory.defaultInstance().constructType(param.getParameterType(), cls);
            List<Parameter> parameters = getParameters(type, Arrays.asList(paramAnnotations[i]));
            for (Parameter parameter : parameters) {
                operation.parameter(parameter);
            }
        }
    }
    if (operation.getResponses() == null) {
        Response response = new Response().description(SUCCESSFUL_OPERATION);
        operation.defaultResponse(response);
    }
    processOperationDecorator(operation, method);
    return operation;
}

Example 3 with Authorization

use of io.swagger.annotations.Authorization in project nifi by apache.

the class ControllerServiceResource method updateControllerServiceReferences.

/**
 * Updates the references of the specified controller service.
 *
 * @param httpServletRequest     request
 * @param requestUpdateReferenceRequest The update request
 * @return A controllerServiceReferencingComponentsEntity.
 */
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/references")
@ApiOperation(value = "Updates a controller services references", response = ControllerServiceReferencingComponentsEntity.class, authorizations = { @Authorization(value = "Write - /{component-type}/{uuid} - For each referencing component specified") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response updateControllerServiceReferences(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The controller service id.", required = true) @PathParam("id") final String id, @ApiParam(value = "The controller service request update request.", required = true) final UpdateControllerServiceReferenceRequestEntity requestUpdateReferenceRequest) {
    if (requestUpdateReferenceRequest.getId() == null) {
        throw new IllegalArgumentException("The controller service identifier must be specified.");
    }
    if (requestUpdateReferenceRequest.getReferencingComponentRevisions() == null) {
        throw new IllegalArgumentException("The controller service referencing components revisions must be specified.");
    }
    // parse the state to determine the desired action
    // need to consider controller service state first as it shares a state with
    // scheduled state (disabled) which is applicable for referencing services
    // but not referencing schedulable components
    ControllerServiceState requestControllerServiceState = null;
    try {
        requestControllerServiceState = ControllerServiceState.valueOf(requestUpdateReferenceRequest.getState());
    } catch (final IllegalArgumentException iae) {
    // ignore
    }
    ScheduledState requestScheduledState = null;
    try {
        requestScheduledState = ScheduledState.valueOf(requestUpdateReferenceRequest.getState());
    } catch (final IllegalArgumentException iae) {
    // ignore
    }
    // ensure an action has been specified
    if (requestScheduledState == null && requestControllerServiceState == null) {
        throw new IllegalArgumentException("Must specify the updated state. To update referencing Processors " + "and Reporting Tasks the state should be RUNNING or STOPPED. To update the referencing Controller Services the " + "state should be ENABLED or DISABLED.");
    }
    // ensure the controller service state is not ENABLING or DISABLING
    if (requestControllerServiceState != null && (ControllerServiceState.ENABLING.equals(requestControllerServiceState) || ControllerServiceState.DISABLING.equals(requestControllerServiceState))) {
        throw new IllegalArgumentException("Cannot set the referencing services to ENABLING or DISABLING");
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.PUT, requestUpdateReferenceRequest);
    }
    // convert the referencing revisions
    final Map<String, Revision> requestReferencingRevisions = requestUpdateReferenceRequest.getReferencingComponentRevisions().entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, e -> {
        final RevisionDTO rev = e.getValue();
        return new Revision(rev.getVersion(), rev.getClientId(), e.getKey());
    }));
    final Set<Revision> requestRevisions = new HashSet<>(requestReferencingRevisions.values());
    final ScheduledState verifyScheduledState = requestScheduledState;
    final ControllerServiceState verifyControllerServiceState = requestControllerServiceState;
    return withWriteLock(serviceFacade, requestUpdateReferenceRequest, requestRevisions, lookup -> {
        requestReferencingRevisions.entrySet().stream().forEach(e -> {
            final Authorizable controllerService = lookup.getControllerServiceReferencingComponent(id, e.getKey());
            controllerService.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
        });
    }, () -> serviceFacade.verifyUpdateControllerServiceReferencingComponents(requestUpdateReferenceRequest.getId(), verifyScheduledState, verifyControllerServiceState), (revisions, updateReferenceRequest) -> {
        ScheduledState scheduledState = null;
        try {
            scheduledState = ScheduledState.valueOf(updateReferenceRequest.getState());
        } catch (final IllegalArgumentException e) {
        // ignore
        }
        ControllerServiceState controllerServiceState = null;
        try {
            controllerServiceState = ControllerServiceState.valueOf(updateReferenceRequest.getState());
        } catch (final IllegalArgumentException iae) {
        // ignore
        }
        final Map<String, Revision> referencingRevisions = updateReferenceRequest.getReferencingComponentRevisions().entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, e -> {
            final RevisionDTO rev = e.getValue();
            return new Revision(rev.getVersion(), rev.getClientId(), e.getKey());
        }));
        // update the controller service references
        final ControllerServiceReferencingComponentsEntity entity = serviceFacade.updateControllerServiceReferencingComponents(referencingRevisions, updateReferenceRequest.getId(), scheduledState, controllerServiceState);
        return generateOkResponse(entity).build();
    });
}

Example 4 with Authorization

use of io.swagger.annotations.Authorization in project nifi by apache.

the class FlowResource method activateControllerServices.

@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("process-groups/{id}/controller-services")
@ApiOperation(value = "Enable or disable Controller Services in the specified Process Group.", response = ActivateControllerServicesEntity.class, authorizations = { @Authorization(value = "Read - /flow"), @Authorization(value = "Write - /{component-type}/{uuid} - For every service being enabled/disabled") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response activateControllerServices(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "The process group id.", required = true) @PathParam("id") String id, @ApiParam(value = "The request to schedule or unschedule. If the comopnents in the request are not specified, all authorized components will be considered.", required = true) final ActivateControllerServicesEntity requestEntity) {
    // ensure the same id is being used
    if (!id.equals(requestEntity.getId())) {
        throw new IllegalArgumentException(String.format("The process group id (%s) in the request body does " + "not equal the process group id of the requested resource (%s).", requestEntity.getId(), id));
    }
    final ControllerServiceState state;
    if (requestEntity.getState() == null) {
        throw new IllegalArgumentException("The controller service state must be specified.");
    } else {
        try {
            state = ControllerServiceState.valueOf(requestEntity.getState());
        } catch (final IllegalArgumentException iae) {
            throw new IllegalArgumentException(String.format("The controller service state must be one of [%s].", StringUtils.join(EnumSet.of(ControllerServiceState.ENABLED, ControllerServiceState.DISABLED), ", ")));
        }
    }
    // ensure its a supported scheduled state
    if (ControllerServiceState.DISABLING.equals(state) || ControllerServiceState.ENABLING.equals(state)) {
        throw new IllegalArgumentException(String.format("The scheduled must be one of [%s].", StringUtils.join(EnumSet.of(ControllerServiceState.ENABLED, ControllerServiceState.DISABLED), ", ")));
    }
    // if the components are not specified, gather all components and their current revision
    if (requestEntity.getComponents() == null) {
        // get the current revisions for the components being updated
        final Set<Revision> revisions = serviceFacade.getRevisionsFromGroup(id, group -> {
            final Set<String> componentIds = new HashSet<>();
            final Predicate<ControllerServiceNode> filter;
            if (ControllerServiceState.ENABLED.equals(state)) {
                filter = service -> !service.isActive() && service.isValid();
            } else {
                filter = service -> service.isActive();
            }
            group.findAllControllerServices().stream().filter(filter).filter(service -> service.isAuthorized(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser())).forEach(service -> componentIds.add(service.getIdentifier()));
            return componentIds;
        });
        // build the component mapping
        final Map<String, RevisionDTO> componentsToSchedule = new HashMap<>();
        revisions.forEach(revision -> {
            final RevisionDTO dto = new RevisionDTO();
            dto.setClientId(revision.getClientId());
            dto.setVersion(revision.getVersion());
            componentsToSchedule.put(revision.getComponentId(), dto);
        });
        // set the components and their current revision
        requestEntity.setComponents(componentsToSchedule);
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.PUT, requestEntity);
    }
    final Map<String, RevisionDTO> requestComponentsToSchedule = requestEntity.getComponents();
    final Map<String, Revision> requestComponentRevisions = requestComponentsToSchedule.entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, e -> getRevision(e.getValue(), e.getKey())));
    final Set<Revision> requestRevisions = new HashSet<>(requestComponentRevisions.values());
    return withWriteLock(serviceFacade, requestEntity, requestRevisions, lookup -> {
        // ensure access to the flow
        authorizeFlow();
        // ensure access to every component being scheduled
        requestComponentsToSchedule.keySet().forEach(componentId -> {
            final Authorizable authorizable = lookup.getControllerService(componentId).getAuthorizable();
            authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
        });
    }, () -> serviceFacade.verifyActivateControllerServices(id, state, requestComponentRevisions.keySet()), (revisions, scheduleComponentsEntity) -> {
        final ControllerServiceState serviceState = ControllerServiceState.valueOf(scheduleComponentsEntity.getState());
        final Map<String, RevisionDTO> componentsToSchedule = scheduleComponentsEntity.getComponents();
        final Map<String, Revision> componentRevisions = componentsToSchedule.entrySet().stream().collect(Collectors.toMap(Map.Entry::getKey, e -> getRevision(e.getValue(), e.getKey())));
        // update the controller services
        final ActivateControllerServicesEntity entity = serviceFacade.activateControllerServices(id, serviceState, componentRevisions);
        return generateOkResponse(entity).build();
    });
}

Example 5 with Authorization

use of io.swagger.annotations.Authorization in project nifi by apache.

the class ProcessGroupResource method instantiateTemplate.

/**
 * Instantiates the specified template within this ProcessGroup. The template instance that is instantiated cannot be referenced at a later time, therefore there is no
 * corresponding URI. Instead the request URI is returned.
 * <p>
 * Alternatively, we could have performed a PUT request. However, PUT requests are supposed to be idempotent and this endpoint is certainly not.
 *
 * @param httpServletRequest               request
 * @param groupId                          The group id
 * @param requestInstantiateTemplateRequestEntity The instantiate template request
 * @return A flowEntity.
 */
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/template-instance")
@ApiOperation(value = "Instantiates a template", response = FlowEntity.class, authorizations = { @Authorization(value = "Write - /process-groups/{uuid}"), @Authorization(value = "Read - /templates/{uuid}"), @Authorization(value = "Write - if the template contains any restricted components - /restricted-components") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response instantiateTemplate(@Context HttpServletRequest httpServletRequest, @ApiParam(value = "The process group id.", required = true) @PathParam("id") String groupId, @ApiParam(value = "The instantiate template request.", required = true) InstantiateTemplateRequestEntity requestInstantiateTemplateRequestEntity) {
    // ensure the position has been specified
    if (requestInstantiateTemplateRequestEntity == null || requestInstantiateTemplateRequestEntity.getOriginX() == null || requestInstantiateTemplateRequestEntity.getOriginY() == null) {
        throw new IllegalArgumentException("The origin position (x, y) must be specified.");
    }
    // ensure the template id was provided
    if (requestInstantiateTemplateRequestEntity.getTemplateId() == null) {
        throw new IllegalArgumentException("The template id must be specified.");
    }
    // ensure the template encoding version is valid
    if (requestInstantiateTemplateRequestEntity.getEncodingVersion() != null) {
        try {
            FlowEncodingVersion.parse(requestInstantiateTemplateRequestEntity.getEncodingVersion());
        } catch (final IllegalArgumentException e) {
            throw new IllegalArgumentException("The template encoding version is not valid. The expected format is <number>.<number>");
        }
    }
    // populate the encoding version if necessary
    if (requestInstantiateTemplateRequestEntity.getEncodingVersion() == null) {
        // if the encoding version is not specified, use the latest encoding version as these options were
        // not available pre 1.x, will be overridden if populating from the underlying template below
        requestInstantiateTemplateRequestEntity.setEncodingVersion(TemplateDTO.MAX_ENCODING_VERSION);
    }
    // populate the component bundles if necessary
    if (requestInstantiateTemplateRequestEntity.getSnippet() == null) {
        // get the desired template in order to determine the supported bundles
        final TemplateDTO requestedTemplate = serviceFacade.exportTemplate(requestInstantiateTemplateRequestEntity.getTemplateId());
        final FlowSnippetDTO requestTemplateContents = requestedTemplate.getSnippet();
        // determine the compatible bundles to use for each component in this template, this ensures the nodes in the cluster
        // instantiate the components from the same bundles
        discoverCompatibleBundles(requestTemplateContents);
        // update the requested template as necessary - use the encoding version from the underlying template
        requestInstantiateTemplateRequestEntity.setEncodingVersion(requestedTemplate.getEncodingVersion());
        requestInstantiateTemplateRequestEntity.setSnippet(requestTemplateContents);
    }
    if (isReplicateRequest()) {
        return replicate(HttpMethod.POST, requestInstantiateTemplateRequestEntity);
    }
    return withWriteLock(serviceFacade, requestInstantiateTemplateRequestEntity, lookup -> {
        final NiFiUser user = NiFiUserUtils.getNiFiUser();
        // ensure write on the group
        final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
        processGroup.authorize(authorizer, RequestAction.WRITE, user);
        final Authorizable template = lookup.getTemplate(requestInstantiateTemplateRequestEntity.getTemplateId());
        template.authorize(authorizer, RequestAction.READ, user);
        // ensure read on the template
        final TemplateContentsAuthorizable templateContents = lookup.getTemplateContents(requestInstantiateTemplateRequestEntity.getSnippet());
        final Consumer<ComponentAuthorizable> authorizeRestricted = authorizable -> {
            if (authorizable.isRestricted()) {
                authorizeRestrictions(authorizer, authorizable);
            }
        };
        // ensure restricted access if necessary
        templateContents.getEncapsulatedProcessors().forEach(authorizeRestricted);
        templateContents.getEncapsulatedControllerServices().forEach(authorizeRestricted);
    }, () -> serviceFacade.verifyComponentTypes(requestInstantiateTemplateRequestEntity.getSnippet()), instantiateTemplateRequestEntity -> {
        // create the template and generate the json
        final FlowEntity entity = serviceFacade.createTemplateInstance(groupId, instantiateTemplateRequestEntity.getOriginX(), instantiateTemplateRequestEntity.getOriginY(), instantiateTemplateRequestEntity.getEncodingVersion(), instantiateTemplateRequestEntity.getSnippet(), getIdGenerationSeed().orElse(null));
        final FlowDTO flowSnippet = entity.getFlow();
        // prune response as necessary
        for (ProcessGroupEntity childGroupEntity : flowSnippet.getProcessGroups()) {
            childGroupEntity.getComponent().setContents(null);
        }
        // create the response entity
        populateRemainingSnippetContent(flowSnippet);
        // generate the response
        return generateCreatedResponse(getAbsolutePath(), entity).build();
    });
}