use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class StandardNiFiServiceFacade method createRegistryClient.
@Override
public RegistryClientEntity createRegistryClient(Revision revision, RegistryDTO registryDTO) {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
// request claim for component to be created... revision already verified (version == 0)
final RevisionClaim claim = new StandardRevisionClaim(revision);
// update revision through revision manager
final RevisionUpdate<FlowRegistry> revisionUpdate = revisionManager.updateRevision(claim, user, () -> {
// add the component
final FlowRegistry registry = registryDAO.createFlowRegistry(registryDTO);
// save the flow
controllerFacade.save();
final FlowModification lastMod = new FlowModification(revision.incrementRevision(revision.getClientId()), user.getIdentity());
return new StandardRevisionUpdate<>(registry, lastMod);
});
final FlowRegistry registry = revisionUpdate.getComponent();
return createRegistryClientEntity(registry);
}
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class StandardNiFiServiceFacade method createComponent.
/**
* Creates a component using the optimistic locking manager.
*
* @param componentDto the DTO that will be used to create the component
* @param daoCreation A Supplier that will create the NiFi Component to use
* @param dtoCreation a Function that will convert the NiFi Component into a corresponding DTO
* @param <D> the DTO Type
* @param <C> the NiFi Component Type
* @return a RevisionUpdate that represents the updated configuration
*/
private <D, C> RevisionUpdate<D> createComponent(final Revision revision, final ComponentDTO componentDto, final Supplier<C> daoCreation, final Function<C, D> dtoCreation) {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
// read lock on the containing group
// request claim for component to be created... revision already verified (version == 0)
final RevisionClaim claim = new StandardRevisionClaim(revision);
// update revision through revision manager
return revisionManager.updateRevision(claim, user, () -> {
// add the component
final C component = daoCreation.get();
// save the flow
controllerFacade.save();
final D dto = dtoCreation.apply(component);
final FlowModification lastMod = new FlowModification(revision.incrementRevision(revision.getClientId()), user.getIdentity());
return new StandardRevisionUpdate<>(dto, lastMod);
});
}
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class TestThreadPoolRequestReplicator method testRequestChain.
@Test
public void testRequestChain() {
final String proxyIdentity2 = "proxy-2";
final String proxyIdentity1 = "proxy-1";
final String userIdentity = "user";
withReplicator(replicator -> {
final Set<NodeIdentifier> nodeIds = new HashSet<>();
nodeIds.add(new NodeIdentifier("1", "localhost", 8000, "localhost", 8001, "localhost", 8002, 8003, false));
final URI uri = new URI("http://localhost:8080/processors/1");
final Entity entity = new ProcessorEntity();
// set the user
final NiFiUser proxy2 = new Builder().identity(proxyIdentity2).build();
final NiFiUser proxy1 = new Builder().identity(proxyIdentity1).chain(proxy2).build();
final NiFiUser user = new Builder().identity(userIdentity).chain(proxy1).build();
final Authentication authentication = new NiFiAuthenticationToken(new NiFiUserDetails(user));
SecurityContextHolder.getContext().setAuthentication(authentication);
replicator.replicate(nodeIds, HttpMethod.GET, uri, entity, new HashMap<>(), true, true);
}, Response.Status.OK, 0L, null, "<" + userIdentity + "><" + proxyIdentity1 + "><" + proxyIdentity2 + ">");
}
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class AccessPolicyAuditor method updateAccessPolicyAdvice.
/**
* Audits the configuration of a single policy.
*
* @param proceedingJoinPoint join point
* @param accessPolicyDTO dto
* @param accessPolicyDAO dao
* @return node
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.AccessPolicyDAO+) && " + "execution(org.apache.nifi.authorization.AccessPolicy updateAccessPolicy(org.apache.nifi.web.api.dto.AccessPolicyDTO)) && " + "args(accessPolicyDTO) && " + "target(accessPolicyDAO)")
public AccessPolicy updateAccessPolicyAdvice(ProceedingJoinPoint proceedingJoinPoint, AccessPolicyDTO accessPolicyDTO, AccessPolicyDAO accessPolicyDAO) throws Throwable {
// determine the initial values for each property/setting that's changing
AccessPolicy accessPolicy = accessPolicyDAO.getAccessPolicy(accessPolicyDTO.getId());
final Map<String, String> values = extractConfiguredPropertyValues(accessPolicy, accessPolicyDTO);
// update the policy state
final AccessPolicy updatedAccessPolicy = (AccessPolicy) proceedingJoinPoint.proceed();
// if no exceptions were thrown, add the policy action...
accessPolicy = accessPolicyDAO.getAccessPolicy(updatedAccessPolicy.getIdentifier());
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (user != null) {
// determine the updated values
Map<String, String> updatedValues = extractConfiguredPropertyValues(accessPolicy, accessPolicyDTO);
// create a policy action
Date actionTimestamp = new Date();
Collection<Action> actions = new ArrayList<>();
// go through each updated value
for (String property : updatedValues.keySet()) {
String newValue = updatedValues.get(property);
String oldValue = values.get(property);
Operation operation = null;
// determine the type of operation
if (oldValue == null || newValue == null || !newValue.equals(oldValue)) {
operation = Operation.Configure;
}
// create a configuration action accordingly
if (operation != null) {
final FlowChangeConfigureDetails actionDetails = new FlowChangeConfigureDetails();
actionDetails.setName(property);
actionDetails.setValue(newValue);
actionDetails.setPreviousValue(oldValue);
// create a configuration action
FlowChangeAction configurationAction = new FlowChangeAction();
configurationAction.setUserIdentity(user.getIdentity());
configurationAction.setOperation(operation);
configurationAction.setTimestamp(actionTimestamp);
configurationAction.setSourceId(accessPolicy.getIdentifier());
configurationAction.setSourceName(formatPolicyName(accessPolicy));
configurationAction.setSourceType(Component.AccessPolicy);
configurationAction.setActionDetails(actionDetails);
actions.add(configurationAction);
}
}
// ensure there are actions to record
if (!actions.isEmpty()) {
// save the actions
saveActions(actions, logger);
}
}
return updatedAccessPolicy;
}
use of org.apache.nifi.authorization.user.NiFiUser in project nifi by apache.
the class ComponentStateAuditor method clearReportingTaskStateAdvice.
/**
* Audits clearing of state from a Processor.
*
* @param proceedingJoinPoint join point
* @param reportingTask the reporting task
* @throws java.lang.Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.ComponentStateDAO+) && " + "execution(void clearState(org.apache.nifi.controller.ReportingTaskNode)) && " + "args(reportingTask)")
public StateMap clearReportingTaskStateAdvice(ProceedingJoinPoint proceedingJoinPoint, ReportingTaskNode reportingTask) throws Throwable {
// update the reporting task state
final StateMap stateMap = (StateMap) proceedingJoinPoint.proceed();
// if no exception were thrown, add the clear action...
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the user was found
if (user != null) {
Collection<Action> actions = new ArrayList<>();
// create the reporting task details
FlowChangeExtensionDetails reportingTaskDetails = new FlowChangeExtensionDetails();
reportingTaskDetails.setType(reportingTask.getReportingTask().getClass().getSimpleName());
// create the clear action
FlowChangeAction configAction = new FlowChangeAction();
configAction.setUserIdentity(user.getIdentity());
configAction.setOperation(Operation.ClearState);
configAction.setTimestamp(new Date());
configAction.setSourceId(reportingTask.getIdentifier());
configAction.setSourceName(reportingTask.getName());
configAction.setSourceType(Component.ReportingTask);
configAction.setComponentDetails(reportingTaskDetails);
actions.add(configAction);
// record the action
saveActions(actions, logger);
}
return stateMap;
}
Aggregations