Search in sources :

Example 16 with AuthorizationResult

use of org.apache.nifi.authorization.AuthorizationResult in project nifi-minifi by apache.

the class MiNiFiPersistentProvenanceRepository method isAuthorized.

public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
    if (authorizer == null || user == null) {
        return true;
    }
    final Authorizable eventAuthorizable;
    try {
        if (event.isRemotePortType()) {
            eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId());
        } else {
            eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId());
        }
    } catch (final ResourceNotFoundException rnfe) {
        return false;
    }
    final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, event.getAttributes());
    return Result.Approved.equals(result.getResult());
}
Also used : Authorizable(org.apache.nifi.authorization.resource.Authorizable) ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult)

Example 17 with AuthorizationResult

use of org.apache.nifi.authorization.AuthorizationResult in project nifi by apache.

the class StandardNiFiServiceFacade method getAction.

@Override
public ActionEntity getAction(final Integer actionId) {
    // get the action
    final Action action = auditService.getAction(actionId);
    // ensure the action was found
    if (action == null) {
        throw new ResourceNotFoundException(String.format("Unable to find action with id '%s'.", actionId));
    }
    final AuthorizationResult result = authorizeAction(action);
    final boolean authorized = Result.Approved.equals(result.getResult());
    if (!authorized) {
        throw new AccessDeniedException(result.getExplanation());
    }
    // return the action
    return entityFactory.createActionEntity(dtoFactory.createActionDto(action), authorized);
}
Also used : FlowChangeAction(org.apache.nifi.action.FlowChangeAction) RequestAction(org.apache.nifi.authorization.RequestAction) Action(org.apache.nifi.action.Action) AccessDeniedException(org.apache.nifi.authorization.AccessDeniedException) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult)

Example 18 with AuthorizationResult

use of org.apache.nifi.authorization.AuthorizationResult in project nifi by apache.

the class StandardRootGroupPort method checkUserAuthorization.

@Override
public PortAuthorizationResult checkUserAuthorization(NiFiUser user) {
    if (!secure) {
        return new StandardPortAuthorizationResult(true, "Site-to-Site is not Secure");
    }
    if (user == null) {
        final String message = String.format("%s authorization failed because the user is unknown", this, user);
        logger.warn(message);
        eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
        return new StandardPortAuthorizationResult(false, "User is not known");
    }
    // perform the authorization
    final Authorizable dataTransferAuthorizable = new DataTransferAuthorizable(this);
    final AuthorizationResult result = dataTransferAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user);
    if (!Result.Approved.equals(result.getResult())) {
        final String message = String.format("%s authorization failed for user %s because %s", this, user.getIdentity(), result.getExplanation());
        logger.warn(message);
        eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
        return new StandardPortAuthorizationResult(false, message);
    }
    return new StandardPortAuthorizationResult(true, "User is Authorized");
}
Also used : DataTransferAuthorizable(org.apache.nifi.authorization.resource.DataTransferAuthorizable) Authorizable(org.apache.nifi.authorization.resource.Authorizable) DataTransferAuthorizable(org.apache.nifi.authorization.resource.DataTransferAuthorizable) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult)

Example 19 with AuthorizationResult

use of org.apache.nifi.authorization.AuthorizationResult in project nifi by apache.

the class DataAuthorizableTest method testCheckAuthorizationNullUser.

@Test
public void testCheckAuthorizationNullUser() {
    final AuthorizationResult result = testDataAuthorizable.checkAuthorization(testAuthorizer, RequestAction.READ, null, null);
    assertEquals(Result.Denied, result.getResult());
}
Also used : AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult) Test(org.junit.Test)

Example 20 with AuthorizationResult

use of org.apache.nifi.authorization.AuthorizationResult in project nifi by apache.

the class PersistentProvenanceRepository method isAuthorized.

public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
    if (authorizer == null || user == null) {
        return true;
    }
    final Authorizable eventAuthorizable;
    try {
        if (event.isRemotePortType()) {
            eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId());
        } else {
            eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId());
        }
    } catch (final ResourceNotFoundException rnfe) {
        return false;
    }
    final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, event.getAttributes());
    return Result.Approved.equals(result.getResult());
}
Also used : Authorizable(org.apache.nifi.authorization.resource.Authorizable) ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult)

Aggregations

AuthorizationResult (org.apache.nifi.authorization.AuthorizationResult)26 AuthorizationRequest (org.apache.nifi.authorization.AuthorizationRequest)11 Test (org.junit.Test)9 Authorizable (org.apache.nifi.authorization.resource.Authorizable)8 HashMap (java.util.HashMap)7 RequestAction (org.apache.nifi.authorization.RequestAction)7 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)6 ResourceNotFoundException (org.apache.nifi.web.ResourceNotFoundException)5 RangerAccessRequestImpl (org.apache.ranger.plugin.policyengine.RangerAccessRequestImpl)5 RangerAccessResourceImpl (org.apache.ranger.plugin.policyengine.RangerAccessResourceImpl)5 FlowChangeAction (org.apache.nifi.action.FlowChangeAction)3 AccessDeniedException (org.apache.nifi.authorization.AccessDeniedException)3 Resource (org.apache.nifi.authorization.Resource)3 Builder (org.apache.nifi.authorization.user.StandardNiFiUser.Builder)3 ArrayList (java.util.ArrayList)2 Action (org.apache.nifi.action.Action)2 Authorizer (org.apache.nifi.authorization.Authorizer)2 History (org.apache.nifi.history.History)2 HistoryQuery (org.apache.nifi.history.HistoryQuery)2 MockPropertyValue (org.apache.nifi.util.MockPropertyValue)2