Examples with Authorizable org.apache.nifi.authorization.resource.Authorizable used on opensource projects

Example 61 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class RemoteProcessGroupResource method getRemoteProcessGroup.

/**
 * Retrieves the specified remote process group.
 *
 * @param id The id of the remote process group to retrieve
 * @return A remoteProcessGroupEntity.
 */
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
@ApiOperation(value = "Gets a remote process group", response = RemoteProcessGroupEntity.class, authorizations = { @Authorization(value = "Read - /remote-process-groups/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getRemoteProcessGroup(@ApiParam(value = "The remote process group id.", required = true) @PathParam("id") final String id) {
    if (isReplicateRequest()) {
        return replicate(HttpMethod.GET);
    }
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable remoteProcessGroup = lookup.getRemoteProcessGroup(id);
        remoteProcessGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
    // get the remote process group
    final RemoteProcessGroupEntity entity = serviceFacade.getRemoteProcessGroup(id);
    populateRemainingRemoteProcessGroupEntityContent(entity);
    return generateOkResponse(entity).build();
}

Example 62 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ControllerFacade method getProvenanceEvent.

/**
 * Get the provenance event with the specified event id.
 *
 * @param eventId event id
 * @return the provenance event with the specified event id
 */
public ProvenanceEventDTO getProvenanceEvent(final Long eventId) {
    try {
        final ProvenanceEventRecord event = flowController.getProvenanceRepository().getEvent(eventId);
        if (event == null) {
            throw new ResourceNotFoundException("Unable to find the specified event.");
        }
        // get the flowfile attributes and authorize the event
        final Map<String, String> attributes = event.getAttributes();
        final Authorizable dataAuthorizable;
        if (event.isRemotePortType()) {
            dataAuthorizable = flowController.createRemoteDataAuthorizable(event.getComponentId());
        } else {
            dataAuthorizable = flowController.createLocalDataAuthorizable(event.getComponentId());
        }
        dataAuthorizable.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser(), attributes);
        // convert the event
        return createProvenanceEventDto(event, false);
    } catch (final IOException ioe) {
        throw new NiFiCoreException("An error occurred while getting the specified event.", ioe);
    }
}

Example 63 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class ControllerFacade method authorizeReplay.

/**
 * Authorizes access to replay a specified provenance event.
 *
 * @param event event
 */
private void authorizeReplay(final ProvenanceEventRecord event) {
    // if the connection id isn't specified, then the replay wouldn't be available anyways and we have nothing to authorize against so deny it`
    if (event.getSourceQueueIdentifier() == null) {
        throw new AccessDeniedException("The connection id in the provenance event is unknown.");
    }
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    final Authorizable dataAuthorizable;
    if (event.isRemotePortType()) {
        dataAuthorizable = flowController.createRemoteDataAuthorizable(event.getComponentId());
    } else {
        dataAuthorizable = flowController.createLocalDataAuthorizable(event.getComponentId());
    }
    // ensure we can read and write the data
    final Map<String, String> eventAttributes = event.getAttributes();
    dataAuthorizable.authorize(authorizer, RequestAction.READ, user, eventAttributes);
    dataAuthorizable.authorize(authorizer, RequestAction.WRITE, user, eventAttributes);
}

Example 64 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class StandardConnectionDAO method getContent.

@Override
public DownloadableContent getContent(String id, String flowFileUuid, String requestUri) {
    try {
        final NiFiUser user = NiFiUserUtils.getNiFiUser();
        final Connection connection = locateConnection(id);
        final FlowFileQueue queue = connection.getFlowFileQueue();
        final FlowFileRecord flowFile = queue.getFlowFile(flowFileUuid);
        if (flowFile == null) {
            throw new ResourceNotFoundException(String.format("The FlowFile with UUID %s is no longer in the active queue.", flowFileUuid));
        }
        // get the attributes and ensure appropriate access
        final Map<String, String> attributes = flowFile.getAttributes();
        final Authorizable dataAuthorizable = new DataAuthorizable(connection.getSourceAuthorizable());
        dataAuthorizable.authorize(authorizer, RequestAction.READ, user, attributes);
        // get the filename and fall back to the identifier (should never happen)
        String filename = attributes.get(CoreAttributes.FILENAME.key());
        if (filename == null) {
            filename = flowFileUuid;
        }
        // get the mime-type
        final String type = attributes.get(CoreAttributes.MIME_TYPE.key());
        // get the content
        final InputStream content = flowController.getContent(flowFile, user.getIdentity(), requestUri);
        return new DownloadableContent(filename, type, content);
    } catch (final ContentNotFoundException cnfe) {
        throw new ResourceNotFoundException("Unable to find the specified content.");
    } catch (final IOException ioe) {
        logger.error(String.format("Unable to get the content for flowfile (%s) at this time.", flowFileUuid), ioe);
        throw new IllegalStateException("Unable to get the content at this time.");
    }
}

Example 65 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class StandardPolicyBasedAuthorizerDAO method getAccessPolicy.

@Override
public AccessPolicy getAccessPolicy(final RequestAction requestAction, final Authorizable authorizable) {
    final String resource = authorizable.getResource().getIdentifier();
    final AccessPolicy accessPolicy = findAccessPolicy(requestAction, authorizable.getResource().getIdentifier());
    if (accessPolicy == null) {
        final Authorizable parentAuthorizable = authorizable.getParentAuthorizable();
        if (parentAuthorizable == null) {
            throw new ResourceNotFoundException(String.format("Unable to find access policy for %s on %s", requestAction.toString(), resource));
        } else {
            return getAccessPolicy(requestAction, parentAuthorizable);
        }
    }
    return accessPolicy;
}