Examples with AuthorizationRequest org.apache.nifi.authorization.AuthorizationRequest used on opensource projects

Search in sources :

Example 11 with AuthorizationRequest

use of org.apache.nifi.authorization.AuthorizationRequest in project nifi by apache.

the class TestRangerNiFiAuthorizer method testApprovedWithNonDirectAccess.

@Test
public void testApprovedWithNonDirectAccess() {
    final String systemResource = "/system";
    final RequestAction action = RequestAction.WRITE;
    final String user = "admin";
    // the incoming NiFi request to test
    final AuthorizationRequest request = new AuthorizationRequest.Builder().resource(new MockResource(systemResource, systemResource)).action(action).identity(user).resourceContext(new HashMap<>()).accessAttempt(false).anonymous(false).build();
    // the expected Ranger resource and request that are created
    final RangerAccessResourceImpl resource = new RangerAccessResourceImpl();
    resource.setValue(RangerNiFiAuthorizer.RANGER_NIFI_RESOURCE_NAME, systemResource);
    final RangerAccessRequestImpl expectedRangerRequest = new RangerAccessRequestImpl();
    expectedRangerRequest.setResource(resource);
    expectedRangerRequest.setAction(request.getAction().name());
    expectedRangerRequest.setAccessType(request.getAction().name());
    expectedRangerRequest.setUser(request.getIdentity());
    // no result processor should be provided used non-direct access
    when(rangerBasePlugin.isAccessAllowed(argThat(new RangerAccessRequestMatcher(expectedRangerRequest)))).thenReturn(allowedResult);
    final AuthorizationResult result = authorizer.authorize(request);
    assertEquals(AuthorizationResult.approved().getResult(), result.getResult());
}
Also used : RangerAccessRequestImpl(org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl) AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) RangerAccessResourceImpl(org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl) RequestAction(org.apache.nifi.authorization.RequestAction) HashMap(java.util.HashMap) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult) Test(org.junit.Test)

Example 12 with AuthorizationRequest

use of org.apache.nifi.authorization.AuthorizationRequest in project nifi by apache.

the class StandardNiFiServiceFacadeTest method testGetActionApprovedThroughController.

@Test
public void testGetActionApprovedThroughController() throws Exception {
    // set the user
    final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(USER_2).build()));
    SecurityContextHolder.getContext().setAuthentication(authentication);
    // get the action
    final ActionEntity entity = serviceFacade.getAction(ACTION_ID_2);
    // verify
    assertEquals(ACTION_ID_2, entity.getId());
    assertTrue(entity.getCanRead());
    // component does not exists, so only checks against the controller
    verify(authorizer, times(0)).authorize(argThat(new ArgumentMatcher<AuthorizationRequest>() {

        @Override
        public boolean matches(Object o) {
            return ((AuthorizationRequest) o).getResource().getIdentifier().endsWith(PROCESSOR_ID_2);
        }
    }));
    verify(authorizer, times(1)).authorize(argThat(new ArgumentMatcher<AuthorizationRequest>() {

        @Override
        public boolean matches(Object o) {
            return ((AuthorizationRequest) o).getResource().equals(ResourceFactory.getControllerResource());
        }
    }));
}
Also used : AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) Authentication(org.springframework.security.core.Authentication) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) ArgumentMatcher(org.mockito.ArgumentMatcher) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) ActionEntity(org.apache.nifi.web.api.entity.ActionEntity) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Test(org.junit.Test)

Example 13 with AuthorizationRequest

use of org.apache.nifi.authorization.AuthorizationRequest in project nifi by apache.

the class StandardNiFiServiceFacadeTest method setUp.

@Before
public void setUp() throws Exception {
    // audit service
    final AuditService auditService = mock(AuditService.class);
    when(auditService.getAction(anyInt())).then(invocation -> {
        final Integer actionId = invocation.getArgumentAt(0, Integer.class);
        FlowChangeAction action = null;
        if (ACTION_ID_1.equals(actionId)) {
            action = getAction(actionId, PROCESSOR_ID_1);
        } else if (ACTION_ID_2.equals(actionId)) {
            action = getAction(actionId, PROCESSOR_ID_2);
        }
        return action;
    });
    when(auditService.getActions(any(HistoryQuery.class))).then(invocation -> {
        final History history = new History();
        history.setActions(Arrays.asList(getAction(ACTION_ID_1, PROCESSOR_ID_1), getAction(ACTION_ID_2, PROCESSOR_ID_2)));
        return history;
    });
    // authorizable lookup
    final AuthorizableLookup authorizableLookup = mock(AuthorizableLookup.class);
    when(authorizableLookup.getProcessor(Mockito.anyString())).then(getProcessorInvocation -> {
        final String processorId = getProcessorInvocation.getArgumentAt(0, String.class);
        // processor-2 is no longer part of the flow
        if (processorId.equals(PROCESSOR_ID_2)) {
            throw new ResourceNotFoundException("");
        }
        // component authorizable
        final ComponentAuthorizable componentAuthorizable = mock(ComponentAuthorizable.class);
        when(componentAuthorizable.getAuthorizable()).then(getAuthorizableInvocation -> {
            // authorizable
            final Authorizable authorizable = new Authorizable() {

                @Override
                public Authorizable getParentAuthorizable() {
                    return null;
                }

                @Override
                public Resource getResource() {
                    return ResourceFactory.getComponentResource(ResourceType.Processor, processorId, processorId);
                }
            };
            return authorizable;
        });
        return componentAuthorizable;
    });
    // authorizer
    authorizer = mock(Authorizer.class);
    when(authorizer.authorize(any(AuthorizationRequest.class))).then(invocation -> {
        final AuthorizationRequest request = invocation.getArgumentAt(0, AuthorizationRequest.class);
        AuthorizationResult result = AuthorizationResult.denied();
        if (request.getResource().getIdentifier().endsWith(PROCESSOR_ID_1)) {
            if (USER_1.equals(request.getIdentity())) {
                result = AuthorizationResult.approved();
            }
        } else if (request.getResource().equals(ResourceFactory.getControllerResource())) {
            if (USER_2.equals(request.getIdentity())) {
                result = AuthorizationResult.approved();
            }
        }
        return result;
    });
    // flow controller
    final FlowController controller = mock(FlowController.class);
    when(controller.getResource()).thenCallRealMethod();
    when(controller.getParentAuthorizable()).thenCallRealMethod();
    // controller facade
    final ControllerFacade controllerFacade = new ControllerFacade();
    controllerFacade.setFlowController(controller);
    serviceFacade = new StandardNiFiServiceFacade();
    serviceFacade.setAuditService(auditService);
    serviceFacade.setAuthorizableLookup(authorizableLookup);
    serviceFacade.setAuthorizer(authorizer);
    serviceFacade.setEntityFactory(new EntityFactory());
    serviceFacade.setDtoFactory(new DtoFactory());
    serviceFacade.setControllerFacade(controllerFacade);
}
Also used : ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable) DtoFactory(org.apache.nifi.web.api.dto.DtoFactory) AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) HistoryQuery(org.apache.nifi.history.HistoryQuery) ControllerFacade(org.apache.nifi.web.controller.ControllerFacade) History(org.apache.nifi.history.History) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult) AuthorizableLookup(org.apache.nifi.authorization.AuthorizableLookup) Authorizer(org.apache.nifi.authorization.Authorizer) ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable) Authorizable(org.apache.nifi.authorization.resource.Authorizable) FlowController(org.apache.nifi.controller.FlowController) AuditService(org.apache.nifi.admin.service.AuditService) EntityFactory(org.apache.nifi.web.api.dto.EntityFactory) FlowChangeAction(org.apache.nifi.action.FlowChangeAction) Before(org.junit.Before)

Example 14 with AuthorizationRequest

use of org.apache.nifi.authorization.AuthorizationRequest in project nifi by apache.

the class StandardNiFiServiceFacadeTest method testGetActionDeniedDespiteControllerAccess.

@Test(expected = AccessDeniedException.class)
public void testGetActionDeniedDespiteControllerAccess() throws Exception {
    // set the user
    final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(USER_2).build()));
    SecurityContextHolder.getContext().setAuthentication(authentication);
    try {
        // get the action
        serviceFacade.getAction(ACTION_ID_1);
        fail();
    } finally {
        // resource exists, but should trigger access denied and will not check the controller
        verify(authorizer, times(1)).authorize(argThat(new ArgumentMatcher<AuthorizationRequest>() {

            @Override
            public boolean matches(Object o) {
                return ((AuthorizationRequest) o).getResource().getIdentifier().endsWith(PROCESSOR_ID_1);
            }
        }));
        verify(authorizer, times(0)).authorize(argThat(new ArgumentMatcher<AuthorizationRequest>() {

            @Override
            public boolean matches(Object o) {
                return ((AuthorizationRequest) o).getResource().equals(ResourceFactory.getControllerResource());
            }
        }));
    }
}
Also used : AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) Authentication(org.springframework.security.core.Authentication) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) ArgumentMatcher(org.mockito.ArgumentMatcher) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Test(org.junit.Test)

Example 15 with AuthorizationRequest

use of org.apache.nifi.authorization.AuthorizationRequest in project nifi by apache.

the class StandardNiFiServiceFacadeTest method testGetActionApprovedThroughAction.

@Test
public void testGetActionApprovedThroughAction() throws Exception {
    // set the user
    final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(new Builder().identity(USER_1).build()));
    SecurityContextHolder.getContext().setAuthentication(authentication);
    // get the action
    final ActionEntity entity = serviceFacade.getAction(ACTION_ID_1);
    // verify
    assertEquals(ACTION_ID_1, entity.getId());
    assertTrue(entity.getCanRead());
    // resource exists and is approved, no need to check the controller
    verify(authorizer, times(1)).authorize(argThat(new ArgumentMatcher<AuthorizationRequest>() {

        @Override
        public boolean matches(Object o) {
            return ((AuthorizationRequest) o).getResource().getIdentifier().endsWith(PROCESSOR_ID_1);
        }
    }));
    verify(authorizer, times(0)).authorize(argThat(new ArgumentMatcher<AuthorizationRequest>() {

        @Override
        public boolean matches(Object o) {
            return ((AuthorizationRequest) o).getResource().equals(ResourceFactory.getControllerResource());
        }
    }));
}
Also used : AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest) Authentication(org.springframework.security.core.Authentication) Builder(org.apache.nifi.authorization.user.StandardNiFiUser.Builder) ArgumentMatcher(org.mockito.ArgumentMatcher) NiFiUserDetails(org.apache.nifi.authorization.user.NiFiUserDetails) ActionEntity(org.apache.nifi.web.api.entity.ActionEntity) NiFiAuthenticationToken(org.apache.nifi.web.security.token.NiFiAuthenticationToken) Test(org.junit.Test)

Aggregations

AuthorizationRequest (org.apache.nifi.authorization.AuthorizationRequest)17 AuthorizationResult (org.apache.nifi.authorization.AuthorizationResult)10 Test (org.junit.Test)8 HashMap (java.util.HashMap)6 Authorizer (org.apache.nifi.authorization.Authorizer)6 RequestAction (org.apache.nifi.authorization.RequestAction)5 RangerAccessRequestImpl (org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl)5 RangerAccessResourceImpl (org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)5 Resource (org.apache.nifi.authorization.Resource)3 NiFiUserDetails (org.apache.nifi.authorization.user.NiFiUserDetails)3 Builder (org.apache.nifi.authorization.user.StandardNiFiUser.Builder)3 NiFiAuthenticationToken (org.apache.nifi.web.security.token.NiFiAuthenticationToken)3 Before (org.junit.Before)3 ArgumentMatcher (org.mockito.ArgumentMatcher)3 Authentication (org.springframework.security.core.Authentication)3 AuditService (org.apache.nifi.admin.service.AuditService)2 AuthorizerConfigurationContext (org.apache.nifi.authorization.AuthorizerConfigurationContext)2 AuthorizerInitializationContext (org.apache.nifi.authorization.AuthorizerInitializationContext)2 FlowController (org.apache.nifi.controller.FlowController)2 BulletinRepository (org.apache.nifi.reporting.BulletinRepository)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial