Examples with DataTransferAuthorizable org.apache.nifi.authorization.resource.DataTransferAuthorizable used on opensource projects

Search in sources :

Example 1 with DataTransferAuthorizable

use of org.apache.nifi.authorization.resource.DataTransferAuthorizable in project nifi by apache.

the class StandardAuthorizableLookup method getAuthorizableFromResource.

@Override
public Authorizable getAuthorizableFromResource(String resource) {
    // parse the resource type
    ResourceType resourceType = null;
    for (ResourceType type : ResourceType.values()) {
        if (resource.equals(type.getValue()) || resource.startsWith(type.getValue() + "/")) {
            resourceType = type;
        }
    }
    if (resourceType == null) {
        throw new ResourceNotFoundException("Unrecognized resource: " + resource);
    }
    // if this is a policy or a provenance event resource, there should be another resource type
    if (ResourceType.Policy.equals(resourceType) || ResourceType.Data.equals(resourceType) || ResourceType.DataTransfer.equals(resourceType)) {
        final ResourceType primaryResourceType = resourceType;
        // get the resource type
        resource = StringUtils.substringAfter(resource, resourceType.getValue());
        for (ResourceType type : ResourceType.values()) {
            if (resource.equals(type.getValue()) || resource.startsWith(type.getValue() + "/")) {
                resourceType = type;
            }
        }
        if (resourceType == null) {
            throw new ResourceNotFoundException("Unrecognized resource: " + resource);
        }
        // must either be a policy, event, or data transfer
        if (ResourceType.Policy.equals(primaryResourceType)) {
            return new AccessPolicyAuthorizable(getAccessPolicy(resourceType, resource));
        } else if (ResourceType.Data.equals(primaryResourceType)) {
            return new DataAuthorizable(getAccessPolicy(resourceType, resource));
        } else {
            return new DataTransferAuthorizable(getAccessPolicy(resourceType, resource));
        }
    } else if (ResourceType.RestrictedComponents.equals(resourceType)) {
        final String slashRequiredPermission = StringUtils.substringAfter(resource, resourceType.getValue());
        if (slashRequiredPermission.startsWith("/")) {
            final RequiredPermission requiredPermission = RequiredPermission.valueOfPermissionIdentifier(slashRequiredPermission.substring(1));
            if (requiredPermission == null) {
                throw new ResourceNotFoundException("Unrecognized resource: " + resource);
            }
            return getRestrictedComponents(requiredPermission);
        } else {
            return getRestrictedComponents();
        }
    } else {
        return getAccessPolicy(resourceType, resource);
    }
}
Also used : RequiredPermission(org.apache.nifi.components.RequiredPermission) AccessPolicyAuthorizable(org.apache.nifi.authorization.resource.AccessPolicyAuthorizable) DataAuthorizable(org.apache.nifi.authorization.resource.DataAuthorizable) DataTransferAuthorizable(org.apache.nifi.authorization.resource.DataTransferAuthorizable) ResourceType(org.apache.nifi.authorization.resource.ResourceType) ResourceNotFoundException(org.apache.nifi.web.ResourceNotFoundException)

Example 2 with DataTransferAuthorizable

use of org.apache.nifi.authorization.resource.DataTransferAuthorizable in project nifi by apache.

the class StandardAuthorizableLookup method getRootGroupInputPort.

@Override
public RootGroupPortAuthorizable getRootGroupInputPort(String id) {
    final Port inputPort = inputPortDAO.getPort(id);
    if (!(inputPort instanceof RootGroupPort)) {
        throw new IllegalArgumentException(String.format("The specified id '%s' does not represent an input port in the root group.", id));
    }
    final DataTransferAuthorizable baseAuthorizable = new DataTransferAuthorizable(inputPort);
    return new RootGroupPortAuthorizable() {

        @Override
        public Authorizable getAuthorizable() {
            return baseAuthorizable;
        }

        @Override
        public AuthorizationResult checkAuthorization(NiFiUser user) {
            // perform the authorization of the user by using the underlying component, ensures consistent authorization with raw s2s
            final PortAuthorizationResult authorizationResult = ((RootGroupPort) inputPort).checkUserAuthorization(user);
            if (authorizationResult.isAuthorized()) {
                return AuthorizationResult.approved();
            } else {
                return AuthorizationResult.denied(authorizationResult.getExplanation());
            }
        }
    };
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) RootGroupPort(org.apache.nifi.remote.RootGroupPort) Port(org.apache.nifi.connectable.Port) RootGroupPort(org.apache.nifi.remote.RootGroupPort) DataTransferAuthorizable(org.apache.nifi.authorization.resource.DataTransferAuthorizable) PortAuthorizationResult(org.apache.nifi.remote.PortAuthorizationResult)

Example 3 with DataTransferAuthorizable

use of org.apache.nifi.authorization.resource.DataTransferAuthorizable in project nifi by apache.

the class StandardRootGroupPort method checkUserAuthorization.

@Override
public PortAuthorizationResult checkUserAuthorization(NiFiUser user) {
    if (!secure) {
        return new StandardPortAuthorizationResult(true, "Site-to-Site is not Secure");
    }
    if (user == null) {
        final String message = String.format("%s authorization failed because the user is unknown", this, user);
        logger.warn(message);
        eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
        return new StandardPortAuthorizationResult(false, "User is not known");
    }
    // perform the authorization
    final Authorizable dataTransferAuthorizable = new DataTransferAuthorizable(this);
    final AuthorizationResult result = dataTransferAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user);
    if (!Result.Approved.equals(result.getResult())) {
        final String message = String.format("%s authorization failed for user %s because %s", this, user.getIdentity(), result.getExplanation());
        logger.warn(message);
        eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
        return new StandardPortAuthorizationResult(false, message);
    }
    return new StandardPortAuthorizationResult(true, "User is Authorized");
}
Also used : DataTransferAuthorizable(org.apache.nifi.authorization.resource.DataTransferAuthorizable) Authorizable(org.apache.nifi.authorization.resource.Authorizable) DataTransferAuthorizable(org.apache.nifi.authorization.resource.DataTransferAuthorizable) AuthorizationResult(org.apache.nifi.authorization.AuthorizationResult)

Example 4 with DataTransferAuthorizable

use of org.apache.nifi.authorization.resource.DataTransferAuthorizable in project nifi by apache.

the class StandardAuthorizableLookup method getRootGroupOutputPort.

@Override
public RootGroupPortAuthorizable getRootGroupOutputPort(String id) {
    final Port outputPort = outputPortDAO.getPort(id);
    if (!(outputPort instanceof RootGroupPort)) {
        throw new IllegalArgumentException(String.format("The specified id '%s' does not represent an output port in the root group.", id));
    }
    final DataTransferAuthorizable baseAuthorizable = new DataTransferAuthorizable(outputPort);
    return new RootGroupPortAuthorizable() {

        @Override
        public Authorizable getAuthorizable() {
            return baseAuthorizable;
        }

        @Override
        public AuthorizationResult checkAuthorization(NiFiUser user) {
            // perform the authorization of the user by using the underlying component, ensures consistent authorization with raw s2s
            final PortAuthorizationResult authorizationResult = ((RootGroupPort) outputPort).checkUserAuthorization(user);
            if (authorizationResult.isAuthorized()) {
                return AuthorizationResult.approved();
            } else {
                return AuthorizationResult.denied(authorizationResult.getExplanation());
            }
        }
    };
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) RootGroupPort(org.apache.nifi.remote.RootGroupPort) Port(org.apache.nifi.connectable.Port) RootGroupPort(org.apache.nifi.remote.RootGroupPort) DataTransferAuthorizable(org.apache.nifi.authorization.resource.DataTransferAuthorizable) PortAuthorizationResult(org.apache.nifi.remote.PortAuthorizationResult)

Aggregations

DataTransferAuthorizable (org.apache.nifi.authorization.resource.DataTransferAuthorizable)4 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)2 Port (org.apache.nifi.connectable.Port)2 PortAuthorizationResult (org.apache.nifi.remote.PortAuthorizationResult)2 RootGroupPort (org.apache.nifi.remote.RootGroupPort)2 AuthorizationResult (org.apache.nifi.authorization.AuthorizationResult)1 AccessPolicyAuthorizable (org.apache.nifi.authorization.resource.AccessPolicyAuthorizable)1 Authorizable (org.apache.nifi.authorization.resource.Authorizable)1 DataAuthorizable (org.apache.nifi.authorization.resource.DataAuthorizable)1 ResourceType (org.apache.nifi.authorization.resource.ResourceType)1 RequiredPermission (org.apache.nifi.components.RequiredPermission)1 ResourceNotFoundException (org.apache.nifi.web.ResourceNotFoundException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial