Example 76 with Authorizable
use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.
the class StandardNiFiServiceFacade method createAffectedComponentEntity.
private AffectedComponentEntity createAffectedComponentEntity(final Connectable connectable, final NiFiUser user) {
final AffectedComponentEntity entity = new AffectedComponentEntity();
entity.setRevision(dtoFactory.createRevisionDTO(revisionManager.getRevision(connectable.getIdentifier())));
entity.setId(connectable.getIdentifier());
final Authorizable authorizable = getAuthorizable(connectable);
final PermissionsDTO permissionsDto = dtoFactory.createPermissionsDto(authorizable, user);
entity.setPermissions(permissionsDto);
final AffectedComponentDTO dto = new AffectedComponentDTO();
dto.setId(connectable.getIdentifier());
dto.setReferenceType(connectable.getConnectableType().name());
dto.setState(connectable.getScheduledState().name());
final String groupId = connectable instanceof RemoteGroupPort ? ((RemoteGroupPort) connectable).getRemoteProcessGroup().getIdentifier() : connectable.getProcessGroupIdentifier();
dto.setProcessGroupId(groupId);
entity.setComponent(dto);
return entity;
}
Also used :
InstantiatedVersionedRemoteGroupPort(org.apache.nifi.registry.flow.mapping.InstantiatedVersionedRemoteGroupPort)
RemoteGroupPort(org.apache.nifi.remote.RemoteGroupPort)
PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
AffectedComponentDTO(org.apache.nifi.web.api.dto.AffectedComponentDTO)
AffectedComponentEntity(org.apache.nifi.web.api.entity.AffectedComponentEntity)
Example 77 with Authorizable
use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.
the class StandardRootGroupPort method checkUserAuthorization.
@Override
public PortAuthorizationResult checkUserAuthorization(NiFiUser user) {
if (!secure) {
return new StandardPortAuthorizationResult(true, "Site-to-Site is not Secure");
}
if (user == null) {
final String message = String.format("%s authorization failed because the user is unknown", this, user);
logger.warn(message);
eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
return new StandardPortAuthorizationResult(false, "User is not known");
}
// perform the authorization
final Authorizable dataTransferAuthorizable = new DataTransferAuthorizable(this);
final AuthorizationResult result = dataTransferAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user);
if (!Result.Approved.equals(result.getResult())) {
final String message = String.format("%s authorization failed for user %s because %s", this, user.getIdentity(), result.getExplanation());
logger.warn(message);
eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
return new StandardPortAuthorizationResult(false, message);
}
return new StandardPortAuthorizationResult(true, "User is Authorized");
}
Also used :
DataTransferAuthorizable(org.apache.nifi.authorization.resource.DataTransferAuthorizable)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
DataTransferAuthorizable(org.apache.nifi.authorization.resource.DataTransferAuthorizable)
AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult)
Example 78 with Authorizable
use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.
the class AuthorizeControllerServiceReference method authorizeControllerServiceReferences.
/**
* Authorizes the proposed properties for the specified authorizable.
*
* @param proposedProperties proposed properties
* @param authorizable authorizable that may reference a controller service
* @param authorizer authorizer
* @param lookup lookup
*/
public static void authorizeControllerServiceReferences(final Map<String, String> proposedProperties, final ComponentAuthorizable authorizable, final Authorizer authorizer, final AuthorizableLookup lookup) {
// only attempt to authorize if properties are changing
if (proposedProperties != null) {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
for (final Map.Entry<String, String> entry : proposedProperties.entrySet()) {
final String propertyName = entry.getKey();
final PropertyDescriptor propertyDescriptor = authorizable.getPropertyDescriptor(propertyName);
// if this descriptor identifies a controller service
if (propertyDescriptor.getControllerServiceDefinition() != null) {
final String currentValue = authorizable.getValue(propertyDescriptor);
final String proposedValue = entry.getValue();
// if the value is changing
if (!Objects.equals(currentValue, proposedValue)) {
// ensure access to the old service
if (currentValue != null) {
try {
final Authorizable currentServiceAuthorizable = lookup.getControllerService(currentValue).getAuthorizable();
currentServiceAuthorizable.authorize(authorizer, RequestAction.READ, user);
} catch (ResourceNotFoundException e) {
// ignore if the resource is not found, if currentValue was previously deleted, it should not stop assignment of proposedValue
}
}
// ensure access to the new service
if (proposedValue != null) {
final Authorizable newServiceAuthorizable = lookup.getControllerService(proposedValue).getAuthorizable();
newServiceAuthorizable.authorize(authorizer, RequestAction.READ, user);
}
}
}
}
}
}
Also used :
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException)
Map(java.util.Map)
Example 79 with Authorizable
use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.
the class StandardAuthorizableLookup method getSnippet.
@Override
public SnippetAuthorizable getSnippet(final String id) {
final Snippet snippet = snippetDAO.getSnippet(id);
final ProcessGroup processGroup = processGroupDAO.getProcessGroup(snippet.getParentGroupId());
return new SnippetAuthorizable() {
@Override
public Authorizable getParentProcessGroup() {
return processGroup;
}
@Override
public Set<ComponentAuthorizable> getSelectedProcessors() {
return processGroup.getProcessors().stream().filter(processor -> snippet.getProcessors().containsKey(processor.getIdentifier())).map(processor -> getProcessor(processor.getIdentifier())).collect(Collectors.toSet());
}
@Override
public Set<ConnectionAuthorizable> getSelectedConnections() {
return processGroup.getConnections().stream().filter(connection -> snippet.getConnections().containsKey(connection.getIdentifier())).map(connection -> getConnection(connection.getIdentifier())).collect(Collectors.toSet());
}
@Override
public Set<Authorizable> getSelectedInputPorts() {
return processGroup.getInputPorts().stream().filter(inputPort -> snippet.getInputPorts().containsKey(inputPort.getIdentifier())).map(inputPort -> getInputPort(inputPort.getIdentifier())).collect(Collectors.toSet());
}
@Override
public Set<Authorizable> getSelectedOutputPorts() {
return processGroup.getOutputPorts().stream().filter(outputPort -> snippet.getOutputPorts().containsKey(outputPort.getIdentifier())).map(outputPort -> getOutputPort(outputPort.getIdentifier())).collect(Collectors.toSet());
}
@Override
public Set<Authorizable> getSelectedFunnels() {
return processGroup.getFunnels().stream().filter(funnel -> snippet.getFunnels().containsKey(funnel.getIdentifier())).map(funnel -> getFunnel(funnel.getIdentifier())).collect(Collectors.toSet());
}
@Override
public Set<Authorizable> getSelectedLabels() {
return processGroup.getLabels().stream().filter(label -> snippet.getLabels().containsKey(label.getIdentifier())).map(label -> getLabel(label.getIdentifier())).collect(Collectors.toSet());
}
@Override
public Set<ProcessGroupAuthorizable> getSelectedProcessGroups() {
return processGroup.getProcessGroups().stream().filter(processGroup -> snippet.getProcessGroups().containsKey(processGroup.getIdentifier())).map(processGroup -> getProcessGroup(processGroup.getIdentifier())).collect(Collectors.toSet());
}
@Override
public Set<Authorizable> getSelectedRemoteProcessGroups() {
return processGroup.getRemoteProcessGroups().stream().filter(remoteProcessGroup -> snippet.getRemoteProcessGroups().containsKey(remoteProcessGroup.getIdentifier())).map(remoteProcessGroup -> getRemoteProcessGroup(remoteProcessGroup.getIdentifier())).collect(Collectors.toSet());
}
};
}
Also used :
ProcessGroup(org.apache.nifi.groups.ProcessGroup)
BundleCoordinate(org.apache.nifi.bundle.BundleCoordinate)
SnippetDAO(org.apache.nifi.web.dao.SnippetDAO)
Port(org.apache.nifi.connectable.Port)
BundleDTO(org.apache.nifi.web.api.dto.BundleDTO)
StringUtils(org.apache.commons.lang3.StringUtils)
PropertyDescriptor(org.apache.nifi.components.PropertyDescriptor)
ResourceType(org.apache.nifi.authorization.resource.ResourceType)
DataAuthorizable(org.apache.nifi.authorization.resource.DataAuthorizable)
ControllerServiceDAO(org.apache.nifi.web.dao.ControllerServiceDAO)
FunnelDAO(org.apache.nifi.web.dao.FunnelDAO)
ControllerFacade(org.apache.nifi.web.controller.ControllerFacade)
ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException)
AccessPolicyAuthorizable(org.apache.nifi.authorization.resource.AccessPolicyAuthorizable)
RootGroupPort(org.apache.nifi.remote.RootGroupPort)
Connectable(org.apache.nifi.connectable.Connectable)
Connection(org.apache.nifi.connectable.Connection)
PortAuthorizationResult(org.apache.nifi.remote.PortAuthorizationResult)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
RequiredPermission(org.apache.nifi.components.RequiredPermission)
AccessPolicyDAO(org.apache.nifi.web.dao.AccessPolicyDAO)
Set(java.util.Set)
BundleUtils(org.apache.nifi.util.BundleUtils)
Snippet(org.apache.nifi.controller.Snippet)
Collectors(java.util.stream.Collectors)
ResourceFactory(org.apache.nifi.authorization.resource.ResourceFactory)
ProcessorDAO(org.apache.nifi.web.dao.ProcessorDAO)
List(java.util.List)
ExtensionManager(org.apache.nifi.nar.ExtensionManager)
ProcessGroupDAO(org.apache.nifi.web.dao.ProcessGroupDAO)
FlowSnippetDTO(org.apache.nifi.web.api.dto.FlowSnippetDTO)
ReportingTaskDAO(org.apache.nifi.web.dao.ReportingTaskDAO)
ProcessorNode(org.apache.nifi.controller.ProcessorNode)
ConnectionDAO(org.apache.nifi.web.dao.ConnectionDAO)
ControllerServiceNode(org.apache.nifi.controller.service.ControllerServiceNode)
ConfigurableComponent(org.apache.nifi.components.ConfigurableComponent)
TemplateDAO(org.apache.nifi.web.dao.TemplateDAO)
HashSet(java.util.HashSet)
NiFiUser(org.apache.nifi.authorization.user.NiFiUser)
ControllerServiceReference(org.apache.nifi.controller.service.ControllerServiceReference)
ReportingTaskNode(org.apache.nifi.controller.ReportingTaskNode)
Restricted(org.apache.nifi.annotation.behavior.Restricted)
PortDAO(org.apache.nifi.web.dao.PortDAO)
DataTransferAuthorizable(org.apache.nifi.authorization.resource.DataTransferAuthorizable)
ConfiguredComponent(org.apache.nifi.controller.ConfiguredComponent)
LabelDAO(org.apache.nifi.web.dao.LabelDAO)
RestrictedComponentsAuthorizableFactory(org.apache.nifi.authorization.resource.RestrictedComponentsAuthorizableFactory)
RemoteProcessGroupDAO(org.apache.nifi.web.dao.RemoteProcessGroupDAO)
TenantAuthorizable(org.apache.nifi.authorization.resource.TenantAuthorizable)
ProcessGroup(org.apache.nifi.groups.ProcessGroup)
DataAuthorizable(org.apache.nifi.authorization.resource.DataAuthorizable)
AccessPolicyAuthorizable(org.apache.nifi.authorization.resource.AccessPolicyAuthorizable)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
DataTransferAuthorizable(org.apache.nifi.authorization.resource.DataTransferAuthorizable)
TenantAuthorizable(org.apache.nifi.authorization.resource.TenantAuthorizable)
Snippet(org.apache.nifi.controller.Snippet)
Example 80 with Authorizable
use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.
the class StandardConnection method getSourceAuthorizable.
@Override
public Authorizable getSourceAuthorizable() {
final Connectable sourceConnectable = getSource();
final Authorizable sourceAuthorizable;
// if the source is a remote group port, authorize according to the RPG
if (sourceConnectable instanceof RemoteGroupPort) {
sourceAuthorizable = ((RemoteGroupPort) sourceConnectable).getRemoteProcessGroup();
} else {
sourceAuthorizable = sourceConnectable;
}
return sourceAuthorizable;
}
Also used :
RemoteGroupPort(org.apache.nifi.remote.RemoteGroupPort)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
Aggregations
Authorizable (org.apache.nifi.authorization.resource.Authorizable)140
ApiOperation (io.swagger.annotations.ApiOperation)96
ApiResponses (io.swagger.annotations.ApiResponses)96
Consumes (javax.ws.rs.Consumes)96
Produces (javax.ws.rs.Produces)96
Path (javax.ws.rs.Path)95
ComponentAuthorizable (org.apache.nifi.authorization.ComponentAuthorizable)53
GET (javax.ws.rs.GET)46
Revision (org.apache.nifi.web.Revision)44
ProcessGroupAuthorizable (org.apache.nifi.authorization.ProcessGroupAuthorizable)33
SnippetAuthorizable (org.apache.nifi.authorization.SnippetAuthorizable)28
TemplateContentsAuthorizable (org.apache.nifi.authorization.TemplateContentsAuthorizable)28
POST (javax.ws.rs.POST)24
NiFiUser (org.apache.nifi.authorization.user.NiFiUser)21
ResourceNotFoundException (org.apache.nifi.web.ResourceNotFoundException)21
DELETE (javax.ws.rs.DELETE)20
PUT (javax.ws.rs.PUT)20
RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)19
PositionDTO (org.apache.nifi.web.api.dto.PositionDTO)18
PortEntity (org.apache.nifi.web.api.entity.PortEntity)15
