use of org.apache.nifi.authorization.AuthorizationResult in project nifi-minifi by apache.
the class MiNiFiPersistentProvenanceRepository method isAuthorized.
public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
if (authorizer == null || user == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
if (event.isRemotePortType()) {
eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId());
} else {
eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId());
}
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, event.getAttributes());
return Result.Approved.equals(result.getResult());
}
use of org.apache.nifi.authorization.AuthorizationResult in project nifi by apache.
the class StandardNiFiServiceFacade method getAction.
@Override
public ActionEntity getAction(final Integer actionId) {
// get the action
final Action action = auditService.getAction(actionId);
// ensure the action was found
if (action == null) {
throw new ResourceNotFoundException(String.format("Unable to find action with id '%s'.", actionId));
}
final AuthorizationResult result = authorizeAction(action);
final boolean authorized = Result.Approved.equals(result.getResult());
if (!authorized) {
throw new AccessDeniedException(result.getExplanation());
}
// return the action
return entityFactory.createActionEntity(dtoFactory.createActionDto(action), authorized);
}
use of org.apache.nifi.authorization.AuthorizationResult in project nifi by apache.
the class StandardRootGroupPort method checkUserAuthorization.
@Override
public PortAuthorizationResult checkUserAuthorization(NiFiUser user) {
if (!secure) {
return new StandardPortAuthorizationResult(true, "Site-to-Site is not Secure");
}
if (user == null) {
final String message = String.format("%s authorization failed because the user is unknown", this, user);
logger.warn(message);
eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
return new StandardPortAuthorizationResult(false, "User is not known");
}
// perform the authorization
final Authorizable dataTransferAuthorizable = new DataTransferAuthorizable(this);
final AuthorizationResult result = dataTransferAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user);
if (!Result.Approved.equals(result.getResult())) {
final String message = String.format("%s authorization failed for user %s because %s", this, user.getIdentity(), result.getExplanation());
logger.warn(message);
eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
return new StandardPortAuthorizationResult(false, message);
}
return new StandardPortAuthorizationResult(true, "User is Authorized");
}
use of org.apache.nifi.authorization.AuthorizationResult in project nifi by apache.
the class DataAuthorizableTest method testCheckAuthorizationNullUser.
@Test
public void testCheckAuthorizationNullUser() {
final AuthorizationResult result = testDataAuthorizable.checkAuthorization(testAuthorizer, RequestAction.READ, null, null);
assertEquals(Result.Denied, result.getResult());
}
use of org.apache.nifi.authorization.AuthorizationResult in project nifi by apache.
the class PersistentProvenanceRepository method isAuthorized.
public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
if (authorizer == null || user == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
if (event.isRemotePortType()) {
eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId());
} else {
eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId());
}
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, event.getAttributes());
return Result.Approved.equals(result.getResult());
}
Aggregations