Example 16 with AuthorizationRequest
use of org.apache.nifi.authorization.AuthorizationRequest in project nifi by apache.
the class X509AuthenticationProviderTest method setup.
@Before
public void setup() {
extractor = new SubjectDnX509PrincipalExtractor();
certificateIdentityProvider = mock(X509IdentityProvider.class);
when(certificateIdentityProvider.authenticate(any(X509Certificate[].class))).then(invocation -> {
final X509Certificate[] certChain = invocation.getArgumentAt(0, X509Certificate[].class);
final String identity = extractor.extractPrincipal(certChain[0]).toString();
if (INVALID_CERTIFICATE.equals(identity)) {
throw new IllegalArgumentException();
}
return new AuthenticationResponse(identity, identity, TimeUnit.MILLISECONDS.convert(12, TimeUnit.HOURS), "");
});
authorizer = mock(Authorizer.class);
when(authorizer.authorize(any(AuthorizationRequest.class))).then(invocation -> {
final AuthorizationRequest request = invocation.getArgumentAt(0, AuthorizationRequest.class);
if (UNTRUSTED_PROXY.equals(request.getIdentity())) {
return AuthorizationResult.denied();
}
return AuthorizationResult.approved();
});
x509AuthenticationProvider = new X509AuthenticationProvider(certificateIdentityProvider, authorizer, NiFiProperties.createBasicNiFiProperties(null, null));
}
Also used :
AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest)
Authorizer(org.apache.nifi.authorization.Authorizer)
AuthenticationResponse(org.apache.nifi.authentication.AuthenticationResponse)
X509Certificate(java.security.cert.X509Certificate)
Before(org.junit.Before)
Example 17 with AuthorizationRequest
use of org.apache.nifi.authorization.AuthorizationRequest in project nifi-minifi by apache.
the class MiNiFiServer method start.
public void start() {
try {
logger.info("Loading Flow...");
FlowFileEventRepository flowFileEventRepository = new RingBufferEventRepository(5);
AuditService auditService = new StandardAuditService();
Authorizer authorizer = new Authorizer() {
@Override
public AuthorizationResult authorize(AuthorizationRequest request) throws AuthorizationAccessException {
return AuthorizationResult.approved();
}
@Override
public void initialize(AuthorizerInitializationContext initializationContext) throws AuthorizerCreationException {
// do nothing
}
@Override
public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
// do nothing
}
@Override
public void preDestruction() throws AuthorizerDestructionException {
// do nothing
}
};
final String sensitivePropAlgorithmVal = props.getProperty(StringEncryptor.NF_SENSITIVE_PROPS_ALGORITHM);
final String sensitivePropProviderVal = props.getProperty(StringEncryptor.NF_SENSITIVE_PROPS_PROVIDER);
final String sensitivePropValueNifiPropVar = props.getProperty(StringEncryptor.NF_SENSITIVE_PROPS_KEY, DEFAULT_SENSITIVE_PROPS_KEY);
StringEncryptor encryptor = StringEncryptor.createEncryptor(sensitivePropAlgorithmVal, sensitivePropProviderVal, sensitivePropValueNifiPropVar);
VariableRegistry variableRegistry = new FileBasedVariableRegistry(props.getVariableRegistryPropertiesPaths());
BulletinRepository bulletinRepository = new VolatileBulletinRepository();
FlowController flowController = FlowController.createStandaloneInstance(flowFileEventRepository, props, authorizer, auditService, encryptor, bulletinRepository, variableRegistry, new StandardFlowRegistryClient());
flowService = StandardFlowService.createStandaloneInstance(flowController, props, encryptor, // revision manager
null, authorizer);
// start and load the flow
flowService.start();
flowService.load(null);
flowController.onFlowInitialized(true);
flowController.getGroup(flowController.getRootGroupId()).startProcessing();
this.flowController = flowController;
logger.info("Flow loaded successfully.");
} catch (Exception e) {
// ensure the flow service is terminated
if (flowService != null && flowService.isRunning()) {
flowService.stop(false);
}
startUpFailure(new Exception("Unable to load flow due to: " + e, e));
}
}
Also used :
VolatileBulletinRepository(org.apache.nifi.events.VolatileBulletinRepository)
VolatileBulletinRepository(org.apache.nifi.events.VolatileBulletinRepository)
BulletinRepository(org.apache.nifi.reporting.BulletinRepository)
AuthorizationRequest(org.apache.nifi.authorization.AuthorizationRequest)
FileBasedVariableRegistry(org.apache.nifi.util.FileBasedVariableRegistry)
VariableRegistry(org.apache.nifi.registry.VariableRegistry)
StatusRequestException(org.apache.nifi.minifi.status.StatusRequestException)
AuthorizerCreationException(org.apache.nifi.authorization.exception.AuthorizerCreationException)
AuthorizerDestructionException(org.apache.nifi.authorization.exception.AuthorizerDestructionException)
AuthorizationAccessException(org.apache.nifi.authorization.exception.AuthorizationAccessException)
RingBufferEventRepository(org.apache.nifi.controller.repository.metrics.RingBufferEventRepository)
FlowFileEventRepository(org.apache.nifi.controller.repository.FlowFileEventRepository)
Authorizer(org.apache.nifi.authorization.Authorizer)
StringEncryptor(org.apache.nifi.encrypt.StringEncryptor)
FlowController(org.apache.nifi.controller.FlowController)
AuthorizerInitializationContext(org.apache.nifi.authorization.AuthorizerInitializationContext)
StandardFlowRegistryClient(org.apache.nifi.registry.flow.StandardFlowRegistryClient)
StandardAuditService(org.apache.nifi.admin.service.impl.StandardAuditService)
AuditService(org.apache.nifi.admin.service.AuditService)
StandardAuditService(org.apache.nifi.admin.service.impl.StandardAuditService)
AuthorizerConfigurationContext(org.apache.nifi.authorization.AuthorizerConfigurationContext)
FileBasedVariableRegistry(org.apache.nifi.util.FileBasedVariableRegistry)
Aggregations
AuthorizationRequest (org.apache.nifi.authorization.AuthorizationRequest)17
AuthorizationResult (org.apache.nifi.authorization.AuthorizationResult)10
Test (org.junit.Test)8
HashMap (java.util.HashMap)6
Authorizer (org.apache.nifi.authorization.Authorizer)6
RequestAction (org.apache.nifi.authorization.RequestAction)5
RangerAccessRequestImpl (org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl)5
RangerAccessResourceImpl (org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)5
Resource (org.apache.nifi.authorization.Resource)3
NiFiUserDetails (org.apache.nifi.authorization.user.NiFiUserDetails)3
Builder (org.apache.nifi.authorization.user.StandardNiFiUser.Builder)3
NiFiAuthenticationToken (org.apache.nifi.web.security.token.NiFiAuthenticationToken)3
Before (org.junit.Before)3
ArgumentMatcher (org.mockito.ArgumentMatcher)3
Authentication (org.springframework.security.core.Authentication)3
AuditService (org.apache.nifi.admin.service.AuditService)2
AuthorizerConfigurationContext (org.apache.nifi.authorization.AuthorizerConfigurationContext)2
AuthorizerInitializationContext (org.apache.nifi.authorization.AuthorizerInitializationContext)2
FlowController (org.apache.nifi.controller.FlowController)2
BulletinRepository (org.apache.nifi.reporting.BulletinRepository)2
