Examples with Authorizable org.apache.nifi.authorization.resource.Authorizable used on opensource projects

Search in sources :

Example 16 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class VersionsResource method stopVersionControl.

@DELETE
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("process-groups/{id}")
@ApiOperation(value = "Stops version controlling the Process Group with the given ID", response = VersionControlInformationEntity.class, notes = "Stops version controlling the Process Group with the given ID. The Process Group will no longer track to any Versioned Flow. " + NON_GUARANTEED_ENDPOINT, authorizations = { @Authorization(value = "Read - /process-groups/{uuid}"), @Authorization(value = "Write - /process-groups/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response stopVersionControl(@ApiParam(value = "The version is used to verify the client is working with the latest version of the flow.", required = false) @QueryParam(VERSION) final LongParameter version, @ApiParam(value = "If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.", required = false) @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) final ClientIdParameter clientId, @ApiParam("The process group id.") @PathParam("id") final String groupId) {
    if (isReplicateRequest()) {
        return replicate(HttpMethod.DELETE);
    }
    final Revision requestRevision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), groupId);
    return withWriteLock(serviceFacade, null, requestRevision, lookup -> {
        final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
        processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
        processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
    }, () -> {
        final VersionControlInformationEntity currentVersionControlInfo = serviceFacade.getVersionControlInformation(groupId);
        if (currentVersionControlInfo == null) {
            throw new IllegalStateException("Process Group with ID " + groupId + " is not currently under Version Control");
        }
    }, (revision, groupEntity) -> {
        // disconnect from version control
        final VersionControlInformationEntity entity = serviceFacade.deleteVersionControl(revision, groupId);
        // generate the response
        return generateOkResponse(entity).build();
    });
}
Also used : VersionControlInformationEntity(org.apache.nifi.web.api.entity.VersionControlInformationEntity) Revision(org.apache.nifi.web.Revision) ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable) Authorizable(org.apache.nifi.authorization.resource.Authorizable) ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable) Path(javax.ws.rs.Path) DELETE(javax.ws.rs.DELETE) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 17 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class VersionsResource method getVersionInformation.

@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("process-groups/{id}")
@ApiOperation(value = "Gets the Version Control information for a process group", response = VersionControlInformationEntity.class, notes = NON_GUARANTEED_ENDPOINT, authorizations = { @Authorization(value = "Read - /process-groups/{uuid}") })
@ApiResponses(value = { @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), @ApiResponse(code = 401, message = "Client could not be authenticated."), @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 404, message = "The specified resource could not be found."), @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") })
public Response getVersionInformation(@ApiParam(value = "The process group id.", required = true) @PathParam("id") final String groupId) {
    if (isReplicateRequest()) {
        return replicate(HttpMethod.GET);
    }
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable processGroup = lookup.getProcessGroup(groupId).getAuthorizable();
        processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
    });
    // get the version control information for this process group
    VersionControlInformationEntity entity = serviceFacade.getVersionControlInformation(groupId);
    if (entity == null) {
        final ProcessGroupEntity processGroup = serviceFacade.getProcessGroup(groupId);
        entity = new VersionControlInformationEntity();
        entity.setProcessGroupRevision(processGroup.getRevision());
    }
    return generateOkResponse(entity).build();
}
Also used : ProcessGroupEntity(org.apache.nifi.web.api.entity.ProcessGroupEntity) VersionControlInformationEntity(org.apache.nifi.web.api.entity.VersionControlInformationEntity) ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable) Authorizable(org.apache.nifi.authorization.resource.Authorizable) ProcessGroupAuthorizable(org.apache.nifi.authorization.ProcessGroupAuthorizable) Path(javax.ws.rs.Path) Consumes(javax.ws.rs.Consumes) Produces(javax.ws.rs.Produces) GET(javax.ws.rs.GET) ApiOperation(io.swagger.annotations.ApiOperation) ApiResponses(io.swagger.annotations.ApiResponses)

Example 18 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class StandardNiFiServiceFacade method createAccessPolicy.

@Override
public AccessPolicyEntity createAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) {
    final Authorizable tenantAuthorizable = authorizableLookup.getTenant();
    final String creator = NiFiUserUtils.getNiFiUserIdentity();
    final AccessPolicy newAccessPolicy = accessPolicyDAO.createAccessPolicy(accessPolicyDTO);
    final ComponentReferenceEntity componentReference = createComponentReferenceEntity(newAccessPolicy.getResource());
    final AccessPolicyDTO newAccessPolicyDto = dtoFactory.createAccessPolicyDto(newAccessPolicy, newAccessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()), newAccessPolicy.getUsers().stream().map(userId -> {
        final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId));
        return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision, dtoFactory.createPermissionsDto(tenantAuthorizable));
    }).collect(Collectors.toSet()), componentReference);
    final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getAccessPolicyById(accessPolicyDTO.getId()));
    return entityFactory.createAccessPolicyEntity(newAccessPolicyDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), permissions);
}
Also used : ComponentReferenceEntity(org.apache.nifi.web.api.entity.ComponentReferenceEntity) PermissionsDTO(org.apache.nifi.web.api.dto.PermissionsDTO) Authorizable(org.apache.nifi.authorization.resource.Authorizable) AccessPolicyDTO(org.apache.nifi.web.api.dto.AccessPolicyDTO) AccessPolicy(org.apache.nifi.authorization.AccessPolicy) RevisionDTO(org.apache.nifi.web.api.dto.RevisionDTO)

Example 19 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class StandardNiFiServiceFacade method getControllerBulletins.

@Override
public ControllerBulletinsEntity getControllerBulletins() {
    final NiFiUser user = NiFiUserUtils.getNiFiUser();
    final ControllerBulletinsEntity controllerBulletinsEntity = new ControllerBulletinsEntity();
    final List<BulletinEntity> controllerBulletinEntities = new ArrayList<>();
    final Authorizable controllerAuthorizable = authorizableLookup.getController();
    final boolean authorized = controllerAuthorizable.isAuthorized(authorizer, RequestAction.READ, user);
    final List<BulletinDTO> bulletins = dtoFactory.createBulletinDtos(bulletinRepository.findBulletinsForController());
    controllerBulletinEntities.addAll(bulletins.stream().map(bulletin -> entityFactory.createBulletinEntity(bulletin, authorized)).collect(Collectors.toList()));
    // get the controller service bulletins
    final BulletinQuery controllerServiceQuery = new BulletinQuery.Builder().sourceType(ComponentType.CONTROLLER_SERVICE).build();
    final List<Bulletin> allControllerServiceBulletins = bulletinRepository.findBulletins(controllerServiceQuery);
    final List<BulletinEntity> controllerServiceBulletinEntities = new ArrayList<>();
    for (final Bulletin bulletin : allControllerServiceBulletins) {
        try {
            final Authorizable controllerServiceAuthorizable = authorizableLookup.getControllerService(bulletin.getSourceId()).getAuthorizable();
            final boolean controllerServiceAuthorized = controllerServiceAuthorizable.isAuthorized(authorizer, RequestAction.READ, user);
            final BulletinEntity controllerServiceBulletin = entityFactory.createBulletinEntity(dtoFactory.createBulletinDto(bulletin), controllerServiceAuthorized);
            controllerServiceBulletinEntities.add(controllerServiceBulletin);
            controllerBulletinEntities.add(controllerServiceBulletin);
        } catch (final ResourceNotFoundException e) {
        // controller service missing.. skip
        }
    }
    controllerBulletinsEntity.setControllerServiceBulletins(controllerServiceBulletinEntities);
    // get the reporting task bulletins
    final BulletinQuery reportingTaskQuery = new BulletinQuery.Builder().sourceType(ComponentType.REPORTING_TASK).build();
    final List<Bulletin> allReportingTaskBulletins = bulletinRepository.findBulletins(reportingTaskQuery);
    final List<BulletinEntity> reportingTaskBulletinEntities = new ArrayList<>();
    for (final Bulletin bulletin : allReportingTaskBulletins) {
        try {
            final Authorizable reportingTaskAuthorizable = authorizableLookup.getReportingTask(bulletin.getSourceId()).getAuthorizable();
            final boolean reportingTaskAuthorizableAuthorized = reportingTaskAuthorizable.isAuthorized(authorizer, RequestAction.READ, user);
            final BulletinEntity reportingTaskBulletin = entityFactory.createBulletinEntity(dtoFactory.createBulletinDto(bulletin), reportingTaskAuthorizableAuthorized);
            reportingTaskBulletinEntities.add(reportingTaskBulletin);
            controllerBulletinEntities.add(reportingTaskBulletin);
        } catch (final ResourceNotFoundException e) {
        // reporting task missing.. skip
        }
    }
    controllerBulletinsEntity.setReportingTaskBulletins(reportingTaskBulletinEntities);
    controllerBulletinsEntity.setBulletins(pruneAndSortBulletins(controllerBulletinEntities, BulletinRepository.MAX_BULLETINS_FOR_CONTROLLER));
    return controllerBulletinsEntity;
}
Also used : ControllerBulletinsEntity(org.apache.nifi.web.api.entity.ControllerBulletinsEntity) NiFiUser(org.apache.nifi.authorization.user.NiFiUser) BulletinQuery(org.apache.nifi.reporting.BulletinQuery) ArrayList(java.util.ArrayList) BulletinEntity(org.apache.nifi.web.api.entity.BulletinEntity) Bulletin(org.apache.nifi.reporting.Bulletin) Authorizable(org.apache.nifi.authorization.resource.Authorizable) BulletinDTO(org.apache.nifi.web.api.dto.BulletinDTO)

Example 20 with Authorizable

use of org.apache.nifi.authorization.resource.Authorizable in project nifi by apache.

the class StandardNiFiWebConfigurationContext method authorizeFlowAccess.

private void authorizeFlowAccess(final NiFiUser user) {
    // authorize access
    serviceFacade.authorizeAccess(lookup -> {
        final Authorizable flow = lookup.getFlow();
        flow.authorize(authorizer, RequestAction.READ, user);
    });
}
Also used : ComponentAuthorizable(org.apache.nifi.authorization.ComponentAuthorizable) Authorizable(org.apache.nifi.authorization.resource.Authorizable)

Aggregations

Authorizable (org.apache.nifi.authorization.resource.Authorizable)140 ApiOperation (io.swagger.annotations.ApiOperation)96 ApiResponses (io.swagger.annotations.ApiResponses)96 Consumes (javax.ws.rs.Consumes)96 Produces (javax.ws.rs.Produces)96 Path (javax.ws.rs.Path)95 ComponentAuthorizable (org.apache.nifi.authorization.ComponentAuthorizable)53 GET (javax.ws.rs.GET)46 Revision (org.apache.nifi.web.Revision)44 ProcessGroupAuthorizable (org.apache.nifi.authorization.ProcessGroupAuthorizable)33 SnippetAuthorizable (org.apache.nifi.authorization.SnippetAuthorizable)28 TemplateContentsAuthorizable (org.apache.nifi.authorization.TemplateContentsAuthorizable)28 POST (javax.ws.rs.POST)24 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)21 ResourceNotFoundException (org.apache.nifi.web.ResourceNotFoundException)21 DELETE (javax.ws.rs.DELETE)20 PUT (javax.ws.rs.PUT)20 RevisionDTO (org.apache.nifi.web.api.dto.RevisionDTO)19 PositionDTO (org.apache.nifi.web.api.dto.PositionDTO)18 PortEntity (org.apache.nifi.web.api.entity.PortEntity)15
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial