Examples with Authorizable org.apache.nifi.authorization.resource.Authorizable used on opensource projects

Search in sources :

Example 71 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi-minifi by apache.

the class MiNiFiPersistentProvenanceRepository method isAuthorized.

public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
    if (authorizer == null || user == null) {
        return true;
    }
    final Authorizable eventAuthorizable;
    try {
        if (event.isRemotePortType()) {
            eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId());
        } else {
            eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId());
        }
    } catch (final ResourceNotFoundException rnfe) {
        return false;
    }
    final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, event.getAttributes());
    return Result.Approved.equals(result.getResult());
}
Also used : Authorizable(org.apache.nifi.authorization.resource.Authorizable) ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult)

Example 72 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class StandardNiFiServiceFacade method createAffectedComponentEntity.

private AffectedComponentEntity createAffectedComponentEntity(final InstantiatedVersionedComponent instance, final String componentTypeName, final String componentState, final NiFiUser user) {
    final AffectedComponentEntity entity = new AffectedComponentEntity();
    entity.setRevision(dtoFactory.createRevisionDTO(revisionManager.getRevision(instance.getInstanceId())));
    entity.setId(instance.getInstanceId());
    final Authorizable authorizable = getAuthorizable(componentTypeName, instance);
    final PermissionsDTO permissionsDto = dtoFactory.createPermissionsDto(authorizable, user);
    entity.setPermissions(permissionsDto);
    final AffectedComponentDTO dto = new AffectedComponentDTO();
    dto.setId(instance.getInstanceId());
    dto.setReferenceType(componentTypeName);
    dto.setProcessGroupId(instance.getInstanceGroupId());
    dto.setState(componentState);
    entity.setComponent(dto);
    return entity;
}
Also used : PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) Authorizable(org.apache.nifi.authorization.resource.Authorizable) AffectedComponentDTO(org.apache.nifi.web.api.dto.AffectedComponentDTO) AffectedComponentEntity(org.apache.nifi.web.api.entity.AffectedComponentEntity)

Example 73 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class StandardNiFiServiceFacade method authorizeAction.

private AuthorizationResult authorizeAction(final Action action) {
    final String sourceId = action.getSourceId();
    final Component type = action.getSourceType();
    Authorizable authorizable;
    try {
        switch(type) {
            case Processor:
                authorizable = authorizableLookup.getProcessor(sourceId).getAuthorizable();
                break;
            case ReportingTask:
                authorizable = authorizableLookup.getReportingTask(sourceId).getAuthorizable();
                break;
            case ControllerService:
                authorizable = authorizableLookup.getControllerService(sourceId).getAuthorizable();
                break;
            case Controller:
                authorizable = controllerFacade;
                break;
            case InputPort:
                authorizable = authorizableLookup.getInputPort(sourceId);
                break;
            case OutputPort:
                authorizable = authorizableLookup.getOutputPort(sourceId);
                break;
            case ProcessGroup:
                authorizable = authorizableLookup.getProcessGroup(sourceId).getAuthorizable();
                break;
            case RemoteProcessGroup:
                authorizable = authorizableLookup.getRemoteProcessGroup(sourceId);
                break;
            case Funnel:
                authorizable = authorizableLookup.getFunnel(sourceId);
                break;
            case Connection:
                authorizable = authorizableLookup.getConnection(sourceId).getAuthorizable();
                break;
            case AccessPolicy:
                authorizable = authorizableLookup.getAccessPolicyById(sourceId);
                break;
            case User:
            case UserGroup:
                authorizable = authorizableLookup.getTenant();
                break;
            default:
                throw new WebApplicationException(Response.serverError().entity("An unexpected type of component is the source of this action.").build());
        }
    } catch (final ResourceNotFoundException e) {
        // if the underlying component is gone, use the controller to see if permissions should be allowed
        authorizable = controllerFacade;
    }
    // perform the authorization
    return authorizable.checkAuthorization(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
}
Also used : WebApplicationException(javax.ws.rs.WebApplicationException) Authorizable(org.apache.nifi.authorization.resource.Authorizable) ConfigurableComponent(org.apache.nifi.components.ConfigurableComponent) VersionedComponent(org.apache.nifi.registry.flow.VersionedComponent) InstantiatedVersionedComponent(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedComponent) ConfiguredComponent(org.apache.nifi.controller.ConfiguredComponent) Component(org.apache.nifi.action.Component)

Example 74 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class StandardNiFiServiceFacade method createControllerServiceReferencingComponentsEntity.

/**
 * Creates entities for components referencing a ControllerServcie using the specified revisions.
 *
 * @param reference ControllerServiceReference
 * @param revisions The revisions
 * @param visited   Which services we've already considered (in case of cycle)
 * @return The entity
 */
private ControllerServiceReferencingComponentsEntity createControllerServiceReferencingComponentsEntity(final ControllerServiceReference reference, final Map<String, Revision> revisions, final Set<ControllerServiceNode> visited) {
    final String modifier = NiFiUserUtils.getNiFiUserIdentity();
    final Set<ConfiguredComponent> referencingComponents = reference.getReferencingComponents();
    final Set<ControllerServiceReferencingComponentEntity> componentEntities = new HashSet<>();
    for (final ConfiguredComponent refComponent : referencingComponents) {
        PermissionsDTO permissions = null;
        if (refComponent instanceof Authorizable) {
            permissions = dtoFactory.createPermissionsDto(refComponent);
        }
        final Revision revision = revisions.get(refComponent.getIdentifier());
        final FlowModification flowMod = new FlowModification(revision, modifier);
        final RevisionDTO revisionDto = dtoFactory.createRevisionDTO(flowMod);
        final ControllerServiceReferencingComponentDTO dto = dtoFactory.createControllerServiceReferencingComponentDTO(refComponent);
        if (refComponent instanceof ControllerServiceNode) {
            final ControllerServiceNode node = (ControllerServiceNode) refComponent;
            // indicate if we've hit a cycle
            dto.setReferenceCycle(visited.contains(node));
            // mark node as visited before building the reference cycle
            visited.add(node);
            // if we haven't encountered this service before include it's referencing components
            if (!dto.getReferenceCycle()) {
                final ControllerServiceReference refReferences = node.getReferences();
                final Map<String, Revision> referencingRevisions = new HashMap<>(revisions);
                for (final ConfiguredComponent component : refReferences.getReferencingComponents()) {
                    referencingRevisions.putIfAbsent(component.getIdentifier(), revisionManager.getRevision(component.getIdentifier()));
                }
                final ControllerServiceReferencingComponentsEntity references = createControllerServiceReferencingComponentsEntity(refReferences, referencingRevisions, visited);
                dto.setReferencingComponents(references.getControllerServiceReferencingComponents());
            }
        }
        componentEntities.add(entityFactory.createControllerServiceReferencingComponentEntity(dto, revisionDto, permissions));
    }
    final ControllerServiceReferencingComponentsEntity entity = new ControllerServiceReferencingComponentsEntity();
    entity.setControllerServiceReferencingComponents(componentEntities);
    return entity;
}
Also used : ControllerServiceReferencingComponentsEntity(org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentsEntity) ControllerServiceReferencingComponentEntity(org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentEntity) LinkedHashMap(java.util.LinkedHashMap) HashMap(java.util.HashMap) ConfiguredComponent(org.apache.nifi.controller.ConfiguredComponent) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO) ControllerServiceReferencingComponentDTO(org.apache.nifi.web.api.dto.ControllerServiceReferencingComponentDTO) ControllerServiceNode(org.apache.nifi.controller.service.ControllerServiceNode) ControllerServiceReference(org.apache.nifi.controller.service.ControllerServiceReference) Authorizable(org.apache.nifi.authorization.resource.Authorizable) HashSet(java.util.HashSet) LinkedHashSet(java.util.LinkedHashSet)

Example 75 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class StandardNiFiServiceFacade method createAffectedComponentEntity.

private AffectedComponentEntity createAffectedComponentEntity(final ControllerServiceNode serviceNode, final NiFiUser user) {
    final AffectedComponentEntity entity = new AffectedComponentEntity();
    entity.setRevision(dtoFactory.createRevisionDTO(revisionManager.getRevision(serviceNode.getIdentifier())));
    entity.setId(serviceNode.getIdentifier());
    final Authorizable authorizable = authorizableLookup.getControllerService(serviceNode.getIdentifier()).getAuthorizable();
    final PermissionsDTO permissionsDto = dtoFactory.createPermissionsDto(authorizable, user);
    entity.setPermissions(permissionsDto);
    final AffectedComponentDTO dto = new AffectedComponentDTO();
    dto.setId(serviceNode.getIdentifier());
    dto.setReferenceType(AffectedComponentDTO.COMPONENT_TYPE_CONTROLLER_SERVICE);
    dto.setProcessGroupId(serviceNode.getProcessGroupIdentifier());
    dto.setState(serviceNode.getState().name());
    entity.setComponent(dto);
    return entity;
}
Also used : PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) Authorizable(org.apache.nifi.authorization.resource.Authorizable) AffectedComponentDTO(org.apache.nifi.web.api.dto.AffectedComponentDTO) AffectedComponentEntity(org.apache.nifi.web.api.entity.AffectedComponentEntity)

Aggregations

Authorizable (org.apache.nifi.authorization.resource.Authorizable)140 ApiOperation (io.swagger.annotations.ApiOperation)96 ApiResponses (io.swagger.annotations.ApiResponses)96 Consumes (javax.ws.rs.Consumes)96 Produces (javax.ws.rs.Produces)96 Path (javax.ws.rs.Path)95 ComponentAuthorizable (org.apache.nifi.authorization.ComponentAuthorizable)53 GET (javax.ws.rs.GET)46 Revision (org.apache.nifi.web.Revision)44 ProcessGroupAuthorizable (org.apache.nifi.authorization.ProcessGroupAuthorizable)33 SnippetAuthorizable (org.apache.nifi.authorization.SnippetAuthorizable)28 TemplateContentsAuthorizable (org.apache.nifi.authorization.TemplateContentsAuthorizable)28 POST (javax.ws.rs.POST)24 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)21 ResourceNotFoundException (org.apache.nifi.web.ResourceNotFoundException)21 DELETE (javax.ws.rs.DELETE)20 PUT (javax.ws.rs.PUT)20 RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)19 PositionDTO (org.apache.nifi.web.api.dto.PositionDTO)18 PortEntity (org.apache.nifi.web.api.entity.PortEntity)15
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial