Example 1 with ConfigurableAccessPolicyProvider
use of org.apache.nifi.authorization.ConfigurableAccessPolicyProvider in project nifi by apache.
the class StandardPolicyBasedAuthorizerDAO method updateAccessPolicy.
@Override
public AccessPolicy updateAccessPolicy(final AccessPolicyDTO accessPolicyDTO) {
if (supportsConfigurableAuthorizer()) {
final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) accessPolicyProvider;
final AccessPolicy currentAccessPolicy = getAccessPolicy(accessPolicyDTO.getId());
return configurableAccessPolicyProvider.updateAccessPolicy(buildAccessPolicy(currentAccessPolicy.getIdentifier(), currentAccessPolicy.getResource(), currentAccessPolicy.getAction(), accessPolicyDTO));
} else {
throw new IllegalStateException(MSG_NON_CONFIGURABLE_POLICIES);
}
}
Also used :
ConfigurableAccessPolicyProvider(org.apache.nifi.authorization.ConfigurableAccessPolicyProvider)
AccessPolicy(org.apache.nifi.authorization.AccessPolicy)
Example 2 with ConfigurableAccessPolicyProvider
use of org.apache.nifi.authorization.ConfigurableAccessPolicyProvider in project nifi by apache.
the class StandardPolicyBasedAuthorizerDAO method deleteUser.
@Override
public User deleteUser(final String userId) {
if (userGroupProvider instanceof ConfigurableUserGroupProvider) {
final ConfigurableUserGroupProvider configurableUserGroupProvider = (ConfigurableUserGroupProvider) userGroupProvider;
final User user = getUser(userId);
final User removedUser = configurableUserGroupProvider.deleteUser(user);
// ensure the user was removed
if (removedUser == null) {
throw new ResourceNotFoundException(String.format("Unable to find user with id '%s'.", userId));
}
// remove any references to the user being deleted from policies if possible
if (accessPolicyProvider instanceof ConfigurableAccessPolicyProvider) {
for (AccessPolicy policy : accessPolicyProvider.getAccessPolicies()) {
final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) accessPolicyProvider;
// ensure this policy contains a reference to the user and this policy is configurable (check proactively to prevent an exception)
if (policy.getUsers().contains(removedUser.getIdentifier()) && configurableAccessPolicyProvider.isConfigurable(policy)) {
final AccessPolicy.Builder builder = new AccessPolicy.Builder(policy).removeUser(removedUser.getIdentifier());
configurableAccessPolicyProvider.updateAccessPolicy(builder.build());
}
}
}
return removedUser;
} else {
throw new IllegalStateException(MSG_NON_CONFIGURABLE_USERS);
}
}
Also used :
User(org.apache.nifi.authorization.User)
ConfigurableUserGroupProvider(org.apache.nifi.authorization.ConfigurableUserGroupProvider)
ConfigurableAccessPolicyProvider(org.apache.nifi.authorization.ConfigurableAccessPolicyProvider)
ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException)
AccessPolicy(org.apache.nifi.authorization.AccessPolicy)
Example 3 with ConfigurableAccessPolicyProvider
use of org.apache.nifi.authorization.ConfigurableAccessPolicyProvider in project nifi by apache.
the class StandardPolicyBasedAuthorizerDAO method deleteUserGroup.
@Override
public Group deleteUserGroup(final String userGroupId) {
if (userGroupProvider instanceof ConfigurableUserGroupProvider) {
final ConfigurableUserGroupProvider configurableUserGroupProvider = (ConfigurableUserGroupProvider) userGroupProvider;
final Group group = getUserGroup(userGroupId);
final Group removedGroup = configurableUserGroupProvider.deleteGroup(group);
// ensure the user was removed
if (removedGroup == null) {
throw new ResourceNotFoundException(String.format("Unable to find user group with id '%s'.", removedGroup));
}
// remove any references to the user group being deleted from policies if possible
if (accessPolicyProvider instanceof ConfigurableAccessPolicyProvider) {
for (AccessPolicy policy : accessPolicyProvider.getAccessPolicies()) {
final ConfigurableAccessPolicyProvider configurableAccessPolicyProvider = (ConfigurableAccessPolicyProvider) accessPolicyProvider;
// ensure this policy contains a reference to the user group and this policy is configurable (check proactively to prevent an exception)
if (policy.getGroups().contains(removedGroup.getIdentifier()) && configurableAccessPolicyProvider.isConfigurable(policy)) {
final AccessPolicy.Builder builder = new AccessPolicy.Builder(policy).removeGroup(removedGroup.getIdentifier());
configurableAccessPolicyProvider.updateAccessPolicy(builder.build());
}
}
}
return removedGroup;
} else {
throw new IllegalStateException(MSG_NON_CONFIGURABLE_USERS);
}
}
Also used :
Group(org.apache.nifi.authorization.Group)
ConfigurableUserGroupProvider(org.apache.nifi.authorization.ConfigurableUserGroupProvider)
ConfigurableAccessPolicyProvider(org.apache.nifi.authorization.ConfigurableAccessPolicyProvider)
ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException)
AccessPolicy(org.apache.nifi.authorization.AccessPolicy)
Aggregations
AccessPolicy (org.apache.nifi.authorization.AccessPolicy)3
ConfigurableAccessPolicyProvider (org.apache.nifi.authorization.ConfigurableAccessPolicyProvider)3
ConfigurableUserGroupProvider (org.apache.nifi.authorization.ConfigurableUserGroupProvider)2
ResourceNotFoundException (org.apache.nifi.web.ResourceNotFoundException)2
Group (org.apache.nifi.authorization.Group)1
User (org.apache.nifi.authorization.User)1
