Example 96 with Authorizable
use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.
the class FlowFileQueueResource method createDropRequest.
/**
* Creates a request to delete the flowfiles in the queue of the specified connection.
*
* @param httpServletRequest request
* @param id The id of the connection
* @return A dropRequestEntity
*/
@POST
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{id}/drop-requests")
@ApiOperation(value = "Creates a request to drop the contents of the queue in this connection.", response = DropRequestEntity.class, authorizations = { @Authorization(value = "Write Source Data - /data/{component-type}/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 202, message = "The request has been accepted. A HTTP response header will contain the URI where the response can be polled."), @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response createDropRequest(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The connection id.", required = true) @PathParam("id") final String id) {
if (isReplicateRequest()) {
return replicate(HttpMethod.POST);
}
final ConnectionEntity requestConnectionEntity = new ConnectionEntity();
requestConnectionEntity.setId(id);
return withWriteLock(serviceFacade, requestConnectionEntity, lookup -> {
final ConnectionAuthorizable connAuth = lookup.getConnection(id);
final Authorizable dataAuthorizable = connAuth.getSourceData();
dataAuthorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, null, (connectionEntity) -> {
// ensure the id is the same across the cluster
final String dropRequestId = generateUuid();
// submit the drop request
final DropRequestDTO dropRequest = serviceFacade.createFlowFileDropRequest(connectionEntity.getId(), dropRequestId);
dropRequest.setUri(generateResourceUri("flowfile-queues", connectionEntity.getId(), "drop-requests", dropRequest.getId()));
// create the response entity
final DropRequestEntity entity = new DropRequestEntity();
entity.setDropRequest(dropRequest);
// generate the URI where the response will be
final URI location = URI.create(dropRequest.getUri());
return Response.status(Status.ACCEPTED).location(location).entity(entity).build();
});
}
Also used :
DropRequestDTO(org.apache.nifi.web.api.dto.DropRequestDTO)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
ConnectionAuthorizable(org.apache.nifi.authorization.ConnectionAuthorizable)
ConnectionAuthorizable(org.apache.nifi.authorization.ConnectionAuthorizable)
ConnectionEntity(org.apache.nifi.web.api.entity.ConnectionEntity)
URI(java.net.URI)
DropRequestEntity(org.apache.nifi.web.api.entity.DropRequestEntity)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 97 with Authorizable
use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.
the class TenantsResource method getUserGroups.
/**
* Retrieves all the of user groups in this NiFi.
*
* @return A UserGroupsEntity.
*/
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("user-groups")
@ApiOperation(value = "Gets all user groups", notes = NON_GUARANTEED_ENDPOINT, response = UserGroupsEntity.class, authorizations = { @Authorization(value = "Read - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getUserGroups() {
// ensure we're running with a configurable authorizer
if (!AuthorizerCapabilityDetection.isManagedAuthorizer(authorizer)) {
throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
}
if (isReplicateRequest()) {
return replicate(HttpMethod.GET);
}
// authorize access
serviceFacade.authorizeAccess(lookup -> {
final Authorizable tenants = lookup.getTenant();
tenants.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
});
// get all the user groups
final Set<UserGroupEntity> users = serviceFacade.getUserGroups();
// create the response entity
final UserGroupsEntity entity = new UserGroupsEntity();
entity.setUserGroups(populateRemainingUserGroupEntitiesContent(users));
// generate the response
return generateOkResponse(entity).build();
}
Also used :
UserGroupsEntity(org.apache.nifi.web.api.entity.UserGroupsEntity)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
UserGroupEntity(org.apache.nifi.web.api.entity.UserGroupEntity)
Path(javax.ws.rs.Path)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 98 with Authorizable
use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.
the class TenantsResource method updateUser.
/**
* Updates a user.
*
* @param httpServletRequest request
* @param id The id of the user to update.
* @param requestUserEntity An userEntity.
* @return An userEntity.
*/
@PUT
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("users/{id}")
@ApiOperation(value = "Updates a user", notes = NON_GUARANTEED_ENDPOINT, response = UserEntity.class, authorizations = { @Authorization(value = "Write - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response updateUser(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The user id.", required = true) @PathParam("id") final String id, @ApiParam(value = "The user configuration details.", required = true) final UserEntity requestUserEntity) {
// ensure we're running with a configurable authorizer
if (!AuthorizerCapabilityDetection.isConfigurableUserGroupProvider(authorizer)) {
throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
}
if (requestUserEntity == null || requestUserEntity.getComponent() == null) {
throw new IllegalArgumentException("User details must be specified.");
}
if (requestUserEntity.getRevision() == null) {
throw new IllegalArgumentException("Revision must be specified.");
}
// ensure the ids are the same
final UserDTO requestUserDTO = requestUserEntity.getComponent();
if (!id.equals(requestUserDTO.getId())) {
throw new IllegalArgumentException(String.format("The user id (%s) in the request body does not equal the " + "user id of the requested resource (%s).", requestUserDTO.getId(), id));
}
if (isReplicateRequest()) {
return replicate(HttpMethod.PUT, requestUserEntity);
}
// Extract the revision
final Revision requestRevision = getRevision(requestUserEntity, id);
return withWriteLock(serviceFacade, requestUserEntity, requestRevision, lookup -> {
final Authorizable tenants = lookup.getTenant();
tenants.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, null, (revision, userEntity) -> {
// update the user
final UserEntity entity = serviceFacade.updateUser(revision, userEntity.getComponent());
populateRemainingUserEntityContent(entity);
return generateOkResponse(entity).build();
});
}
Also used :
Revision(org.apache.nifi.web.Revision)
UserDTO(org.apache.nifi.web.api.dto.UserDTO)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
UserEntity(org.apache.nifi.web.api.entity.UserEntity)
Path(javax.ws.rs.Path)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
PUT(javax.ws.rs.PUT)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 99 with Authorizable
use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.
the class TenantsResource method searchTenants.
// ------------
// search users
// ------------
/**
* Searches for a tenant with a given identity.
*
* @param value Search value that will be matched against a user/group identity
* @return Tenants match the specified criteria
*/
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("search-results")
@ApiOperation(value = "Searches for a tenant with the specified identity", notes = NON_GUARANTEED_ENDPOINT, response = TenantsEntity.class, authorizations = { @Authorization(value = "Read - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response searchTenants(@ApiParam(value = "Identity to search for.", required = true) @QueryParam("q") @DefaultValue(StringUtils.EMPTY) String value) {
// ensure we're running with a configurable authorizer
if (!AuthorizerCapabilityDetection.isManagedAuthorizer(authorizer)) {
throw new IllegalStateException(AccessPolicyDAO.MSG_NON_MANAGED_AUTHORIZER);
}
if (isReplicateRequest()) {
return replicate(HttpMethod.GET);
}
// authorize access
serviceFacade.authorizeAccess(lookup -> {
final Authorizable tenants = lookup.getTenant();
tenants.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
});
final List<TenantEntity> userMatches = new ArrayList<>();
final List<TenantEntity> userGroupMatches = new ArrayList<>();
// get the users
for (final UserEntity userEntity : serviceFacade.getUsers()) {
final UserDTO user = userEntity.getComponent();
if (StringUtils.isBlank(value) || StringUtils.containsIgnoreCase(user.getIdentity(), value)) {
final TenantDTO tenant = new TenantDTO();
tenant.setId(user.getId());
tenant.setIdentity(user.getIdentity());
tenant.setConfigurable(user.getConfigurable());
final TenantEntity entity = new TenantEntity();
entity.setPermissions(userEntity.getPermissions());
entity.setRevision(userEntity.getRevision());
entity.setId(userEntity.getId());
entity.setComponent(tenant);
userMatches.add(entity);
}
}
// get the user groups
for (final UserGroupEntity userGroupEntity : serviceFacade.getUserGroups()) {
final UserGroupDTO userGroup = userGroupEntity.getComponent();
if (StringUtils.isBlank(value) || StringUtils.containsIgnoreCase(userGroup.getIdentity(), value)) {
final TenantDTO tenant = new TenantDTO();
tenant.setId(userGroup.getId());
tenant.setIdentity(userGroup.getIdentity());
tenant.setConfigurable(userGroup.getConfigurable());
final TenantEntity entity = new TenantEntity();
entity.setPermissions(userGroupEntity.getPermissions());
entity.setRevision(userGroupEntity.getRevision());
entity.setId(userGroupEntity.getId());
entity.setComponent(tenant);
userGroupMatches.add(entity);
}
}
// build the response
final TenantsEntity results = new TenantsEntity();
results.setUsers(userMatches);
results.setUserGroups(userGroupMatches);
// generate an 200 - OK response
return noCache(Response.ok(results)).build();
}
Also used :
TenantsEntity(org.apache.nifi.web.api.entity.TenantsEntity)
TenantEntity(org.apache.nifi.web.api.entity.TenantEntity)
UserDTO(org.apache.nifi.web.api.dto.UserDTO)
TenantDTO(org.apache.nifi.web.api.dto.TenantDTO)
ArrayList(java.util.ArrayList)
UserGroupDTO(org.apache.nifi.web.api.dto.UserGroupDTO)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
UserGroupEntity(org.apache.nifi.web.api.entity.UserGroupEntity)
UserEntity(org.apache.nifi.web.api.entity.UserEntity)
Path(javax.ws.rs.Path)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Example 100 with Authorizable
use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.
the class TenantsResource method createUserGroup.
/**
* Creates a new user group.
*
* @param httpServletRequest request
* @param requestUserGroupEntity An userGroupEntity.
* @return An userGroupEntity.
*/
@POST
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
@Path("user-groups")
@ApiOperation(value = "Creates a user group", notes = NON_GUARANTEED_ENDPOINT, response = UserGroupEntity.class, authorizations = { @Authorization(value = "Write - /tenants") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response createUserGroup(@Context final HttpServletRequest httpServletRequest, @ApiParam(value = "The user group configuration details.", required = true) final UserGroupEntity requestUserGroupEntity) {
// ensure we're running with a configurable authorizer
if (!AuthorizerCapabilityDetection.isConfigurableUserGroupProvider(authorizer)) {
throw new IllegalStateException(AccessPolicyDAO.MSG_NON_CONFIGURABLE_USERS);
}
if (requestUserGroupEntity == null || requestUserGroupEntity.getComponent() == null) {
throw new IllegalArgumentException("User group details must be specified.");
}
if (requestUserGroupEntity.getRevision() == null || (requestUserGroupEntity.getRevision().getVersion() == null || requestUserGroupEntity.getRevision().getVersion() != 0)) {
throw new IllegalArgumentException("A revision of 0 must be specified when creating a new User Group.");
}
if (requestUserGroupEntity.getComponent().getId() != null) {
throw new IllegalArgumentException("User group ID cannot be specified.");
}
if (StringUtils.isBlank(requestUserGroupEntity.getComponent().getIdentity())) {
throw new IllegalArgumentException("User group identity must be specified.");
}
if (isReplicateRequest()) {
return replicate(HttpMethod.POST, requestUserGroupEntity);
}
return withWriteLock(serviceFacade, requestUserGroupEntity, lookup -> {
final Authorizable tenants = lookup.getTenant();
tenants.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
}, null, userGroupEntity -> {
// set the user group id as appropriate
userGroupEntity.getComponent().setId(generateUuid());
// get revision from the config
final RevisionDTO revisionDTO = userGroupEntity.getRevision();
Revision revision = new Revision(revisionDTO.getVersion(), revisionDTO.getClientId(), userGroupEntity.getComponent().getId());
// create the user group and generate the json
final UserGroupEntity entity = serviceFacade.createUserGroup(revision, userGroupEntity.getComponent());
populateRemainingUserGroupEntityContent(entity);
// build the response
return generateCreatedResponse(URI.create(entity.getUri()), entity).build();
});
}
Also used :
Revision(org.apache.nifi.web.Revision)
Authorizable(org.apache.nifi.authorization.resource.Authorizable)
UserGroupEntity(org.apache.nifi.web.api.entity.UserGroupEntity)
RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO)
Path(javax.ws.rs.Path)
POST(javax.ws.rs.POST)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Aggregations
Authorizable (org.apache.nifi.authorization.resource.Authorizable)140
ApiOperation (io.swagger.annotations.ApiOperation)96
ApiResponses (io.swagger.annotations.ApiResponses)96
Consumes (javax.ws.rs.Consumes)96
Produces (javax.ws.rs.Produces)96
Path (javax.ws.rs.Path)95
ComponentAuthorizable (org.apache.nifi.authorization.ComponentAuthorizable)53
GET (javax.ws.rs.GET)46
Revision (org.apache.nifi.web.Revision)44
ProcessGroupAuthorizable (org.apache.nifi.authorization.ProcessGroupAuthorizable)33
SnippetAuthorizable (org.apache.nifi.authorization.SnippetAuthorizable)28
TemplateContentsAuthorizable (org.apache.nifi.authorization.TemplateContentsAuthorizable)28
POST (javax.ws.rs.POST)24
NiFiUser (org.apache.nifi.authorization.user.NiFiUser)21
ResourceNotFoundException (org.apache.nifi.web.ResourceNotFoundException)21
DELETE (javax.ws.rs.DELETE)20
PUT (javax.ws.rs.PUT)20
RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)19
PositionDTO (org.apache.nifi.web.api.dto.PositionDTO)18
PortEntity (org.apache.nifi.web.api.entity.PortEntity)15
