Example 11 with AuthorizerCreationException
use of org.apache.nifi.authorization.exception.AuthorizerCreationException in project nifi by apache.
the class FileAccessPolicyProvider method initialize.
@Override
public void initialize(AccessPolicyProviderInitializationContext initializationContext) throws AuthorizerCreationException {
userGroupProviderLookup = initializationContext.getUserGroupProviderLookup();
try {
final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
authorizationsSchema = schemaFactory.newSchema(FileAuthorizer.class.getResource(AUTHORIZATIONS_XSD));
usersSchema = schemaFactory.newSchema(FileAuthorizer.class.getResource(USERS_XSD));
} catch (Exception e) {
throw new AuthorizerCreationException(e);
}
}
Also used :
SchemaFactory(javax.xml.validation.SchemaFactory)
AuthorizerCreationException(org.apache.nifi.authorization.exception.AuthorizerCreationException)
XMLStreamException(javax.xml.stream.XMLStreamException)
AuthorizerCreationException(org.apache.nifi.authorization.exception.AuthorizerCreationException)
AuthorizerDestructionException(org.apache.nifi.authorization.exception.AuthorizerDestructionException)
JAXBException(javax.xml.bind.JAXBException)
UninheritableAuthorizationsException(org.apache.nifi.authorization.exception.UninheritableAuthorizationsException)
SAXException(org.xml.sax.SAXException)
IOException(java.io.IOException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
AuthorizationAccessException(org.apache.nifi.authorization.exception.AuthorizationAccessException)
Example 12 with AuthorizerCreationException
use of org.apache.nifi.authorization.exception.AuthorizerCreationException in project nifi by apache.
the class FileAccessPolicyProvider method onConfigured.
@Override
public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
try {
final PropertyValue userGroupProviderIdentifier = configurationContext.getProperty(PROP_USER_GROUP_PROVIDER);
if (!userGroupProviderIdentifier.isSet()) {
throw new AuthorizerCreationException("The user group provider must be specified.");
}
userGroupProvider = userGroupProviderLookup.getUserGroupProvider(userGroupProviderIdentifier.getValue());
if (userGroupProvider == null) {
throw new AuthorizerCreationException("Unable to locate user group provider with identifier " + userGroupProviderIdentifier.getValue());
}
final PropertyValue authorizationsPath = configurationContext.getProperty(PROP_AUTHORIZATIONS_FILE);
if (StringUtils.isBlank(authorizationsPath.getValue())) {
throw new AuthorizerCreationException("The authorizations file must be specified.");
}
// get the authorizations file and ensure it exists
authorizationsFile = new File(authorizationsPath.getValue());
if (!authorizationsFile.exists()) {
logger.info("Creating new authorizations file at {}", new Object[] { authorizationsFile.getAbsolutePath() });
saveAuthorizations(new Authorizations());
}
final File authorizationsFileDirectory = authorizationsFile.getAbsoluteFile().getParentFile();
// the restore directory is optional and may be null
final File restoreDirectory = properties.getRestoreDirectory();
if (restoreDirectory != null) {
// sanity check that restore directory is a directory, creating it if necessary
FileUtils.ensureDirectoryExistAndCanAccess(restoreDirectory);
// check that restore directory is not the same as the authorizations directory
if (authorizationsFileDirectory.getAbsolutePath().equals(restoreDirectory.getAbsolutePath())) {
throw new AuthorizerCreationException(String.format("Authorizations file directory '%s' is the same as restore directory '%s' ", authorizationsFileDirectory.getAbsolutePath(), restoreDirectory.getAbsolutePath()));
}
// the restore copy will have same file name, but reside in a different directory
restoreAuthorizationsFile = new File(restoreDirectory, authorizationsFile.getName());
try {
// sync the primary copy with the restore copy
FileUtils.syncWithRestore(authorizationsFile, restoreAuthorizationsFile, logger);
} catch (final IOException | IllegalStateException ioe) {
throw new AuthorizerCreationException(ioe);
}
}
// extract the identity mappings from nifi.properties if any are provided
identityMappings = Collections.unmodifiableList(IdentityMappingUtil.getIdentityMappings(properties));
// get the value of the initial admin identity
final PropertyValue initialAdminIdentityProp = configurationContext.getProperty(PROP_INITIAL_ADMIN_IDENTITY);
initialAdminIdentity = initialAdminIdentityProp.isSet() ? IdentityMappingUtil.mapIdentity(initialAdminIdentityProp.getValue(), identityMappings) : null;
// get the value of the legacy authorized users file
final PropertyValue legacyAuthorizedUsersProp = configurationContext.getProperty(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE);
legacyAuthorizedUsersFile = legacyAuthorizedUsersProp.isSet() ? legacyAuthorizedUsersProp.getValue() : null;
// extract any node identities
nodeIdentities = new HashSet<>();
for (Map.Entry<String, String> entry : configurationContext.getProperties().entrySet()) {
Matcher matcher = NODE_IDENTITY_PATTERN.matcher(entry.getKey());
if (matcher.matches() && !StringUtils.isBlank(entry.getValue())) {
nodeIdentities.add(IdentityMappingUtil.mapIdentity(entry.getValue(), identityMappings));
}
}
// load the authorizations
load();
// if we've copied the authorizations file to a restore directory synchronize it
if (restoreAuthorizationsFile != null) {
FileUtils.copyFile(authorizationsFile, restoreAuthorizationsFile, false, false, logger);
}
logger.info(String.format("Authorizations file loaded at %s", new Date().toString()));
} catch (IOException | AuthorizerCreationException | JAXBException | IllegalStateException | SAXException e) {
throw new AuthorizerCreationException(e);
}
}
Also used :
Authorizations(org.apache.nifi.authorization.file.generated.Authorizations)
Matcher(java.util.regex.Matcher)
AuthorizerCreationException(org.apache.nifi.authorization.exception.AuthorizerCreationException)
JAXBException(javax.xml.bind.JAXBException)
PropertyValue(org.apache.nifi.components.PropertyValue)
IOException(java.io.IOException)
Date(java.util.Date)
SAXException(org.xml.sax.SAXException)
File(java.io.File)
Map(java.util.Map)
Example 13 with AuthorizerCreationException
use of org.apache.nifi.authorization.exception.AuthorizerCreationException in project nifi by apache.
the class FileAccessPolicyProvider method load.
/**
* Loads the authorizations file and populates the AuthorizationsHolder, only called during start-up.
*
* @throws JAXBException Unable to reload the authorized users file
* @throws IOException Unable to sync file with restore
* @throws IllegalStateException Unable to sync file with restore
*/
private synchronized void load() throws JAXBException, IOException, IllegalStateException, SAXException {
// attempt to unmarshal
final Authorizations authorizations = unmarshallAuthorizations();
if (authorizations.getPolicies() == null) {
authorizations.setPolicies(new Policies());
}
final AuthorizationsHolder authorizationsHolder = new AuthorizationsHolder(authorizations);
final boolean emptyAuthorizations = authorizationsHolder.getAllPolicies().isEmpty();
final boolean hasInitialAdminIdentity = (initialAdminIdentity != null && !StringUtils.isBlank(initialAdminIdentity));
final boolean hasLegacyAuthorizedUsers = (legacyAuthorizedUsersFile != null && !StringUtils.isBlank(legacyAuthorizedUsersFile));
// if we are starting fresh then we might need to populate an initial admin or convert legacy users
if (emptyAuthorizations) {
parseFlow();
if (hasInitialAdminIdentity && hasLegacyAuthorizedUsers) {
throw new AuthorizerCreationException("Cannot provide an Initial Admin Identity and a Legacy Authorized Users File");
} else if (hasInitialAdminIdentity) {
logger.info("Populating authorizations for Initial Admin: " + initialAdminIdentity);
populateInitialAdmin(authorizations);
} else if (hasLegacyAuthorizedUsers) {
logger.info("Converting " + legacyAuthorizedUsersFile + " to new authorizations model");
convertLegacyAuthorizedUsers(authorizations);
}
populateNodes(authorizations);
// save any changes that were made and repopulate the holder
saveAndRefreshHolder(authorizations);
} else {
this.authorizationsHolder.set(authorizationsHolder);
}
}
Also used :
Authorizations(org.apache.nifi.authorization.file.generated.Authorizations)
Policies(org.apache.nifi.authorization.file.generated.Policies)
AuthorizerCreationException(org.apache.nifi.authorization.exception.AuthorizerCreationException)
Example 14 with AuthorizerCreationException
use of org.apache.nifi.authorization.exception.AuthorizerCreationException in project nifi by apache.
the class FileUserGroupProvider method initialize.
@Override
public void initialize(UserGroupProviderInitializationContext initializationContext) throws AuthorizerCreationException {
try {
final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
tenantsSchema = schemaFactory.newSchema(FileAuthorizer.class.getResource(TENANTS_XSD));
usersSchema = schemaFactory.newSchema(FileAuthorizer.class.getResource(USERS_XSD));
} catch (Exception e) {
throw new AuthorizerCreationException(e);
}
}
Also used :
SchemaFactory(javax.xml.validation.SchemaFactory)
AuthorizerCreationException(org.apache.nifi.authorization.exception.AuthorizerCreationException)
XMLStreamException(javax.xml.stream.XMLStreamException)
AuthorizerCreationException(org.apache.nifi.authorization.exception.AuthorizerCreationException)
AuthorizerDestructionException(org.apache.nifi.authorization.exception.AuthorizerDestructionException)
JAXBException(javax.xml.bind.JAXBException)
UninheritableAuthorizationsException(org.apache.nifi.authorization.exception.UninheritableAuthorizationsException)
SAXException(org.xml.sax.SAXException)
IOException(java.io.IOException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
AuthorizationAccessException(org.apache.nifi.authorization.exception.AuthorizationAccessException)
Example 15 with AuthorizerCreationException
use of org.apache.nifi.authorization.exception.AuthorizerCreationException in project nifi by apache.
the class CompositeUserGroupProvider method onConfigured.
@Override
public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
for (Map.Entry<String, String> entry : configurationContext.getProperties().entrySet()) {
Matcher matcher = USER_GROUP_PROVIDER_PATTERN.matcher(entry.getKey());
if (matcher.matches() && !StringUtils.isBlank(entry.getValue())) {
final String userGroupProviderKey = entry.getValue();
final UserGroupProvider userGroupProvider = userGroupProviderLookup.getUserGroupProvider(userGroupProviderKey);
if (userGroupProvider == null) {
throw new AuthorizerCreationException(String.format("Unable to locate the configured User Group Provider: %s", userGroupProviderKey));
}
if (userGroupProviders.contains(userGroupProvider)) {
throw new AuthorizerCreationException(String.format("Duplicate provider in Composite User Group Provider configuration: %s", userGroupProviderKey));
}
userGroupProviders.add(userGroupProvider);
}
}
if (!allowEmptyProviderList && userGroupProviders.isEmpty()) {
throw new AuthorizerCreationException("At least one User Group Provider must be configured.");
}
}
Also used :
Matcher(java.util.regex.Matcher)
AuthorizerCreationException(org.apache.nifi.authorization.exception.AuthorizerCreationException)
Map(java.util.Map)
Aggregations
AuthorizerCreationException (org.apache.nifi.authorization.exception.AuthorizerCreationException)20
PropertyValue (org.apache.nifi.components.PropertyValue)7
IOException (java.io.IOException)6
JAXBException (javax.xml.bind.JAXBException)5
AuthorizationAccessException (org.apache.nifi.authorization.exception.AuthorizationAccessException)5
File (java.io.File)4
Map (java.util.Map)4
Matcher (java.util.regex.Matcher)4
XMLStreamException (javax.xml.stream.XMLStreamException)4
AuthorizerDestructionException (org.apache.nifi.authorization.exception.AuthorizerDestructionException)4
MockPropertyValue (org.apache.nifi.util.MockPropertyValue)4
NiFiProperties (org.apache.nifi.util.NiFiProperties)4
Test (org.junit.Test)4
UninheritableAuthorizationsException (org.apache.nifi.authorization.exception.UninheritableAuthorizationsException)3
SAXException (org.xml.sax.SAXException)3
KeyManagementException (java.security.KeyManagementException)2
KeyStoreException (java.security.KeyStoreException)2
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2
UnrecoverableKeyException (java.security.UnrecoverableKeyException)2
CertificateException (java.security.cert.CertificateException)2
