Examples with AccessPolicy org.apache.nifi.registry.security.authorization.AccessPolicy used on opensource projects

Search in sources :

Example 1 with AccessPolicy

use of org.apache.nifi.registry.security.authorization.AccessPolicy in project nifi-registry by apache.

the class AuthorizationsHolder method createResourcePolicyMap.

/**
 * Creates a map from resource identifier to the set of policies for the given resource.
 *
 * @param allPolicies the set of all policies
 * @return a map from resource identifier to policies
 */
private Map<String, Set<AccessPolicy>> createResourcePolicyMap(final Set<AccessPolicy> allPolicies) {
    Map<String, Set<AccessPolicy>> resourcePolicies = new HashMap<>();
    for (AccessPolicy policy : allPolicies) {
        Set<AccessPolicy> policies = resourcePolicies.get(policy.getResource());
        if (policies == null) {
            policies = new HashSet<>();
            resourcePolicies.put(policy.getResource(), policies);
        }
        policies.add(policy);
    }
    return resourcePolicies;
}
Also used : HashSet(java.util.HashSet) Set(java.util.Set) HashMap(java.util.HashMap) AccessPolicy(org.apache.nifi.registry.security.authorization.AccessPolicy)

Example 2 with AccessPolicy

use of org.apache.nifi.registry.security.authorization.AccessPolicy in project nifi-registry by apache.

the class FileAccessPolicyProvider method getFingerprint.

@Override
public String getFingerprint() throws AuthorizationAccessException {
    final List<AccessPolicy> policies = new ArrayList<>(getAccessPolicies());
    Collections.sort(policies, Comparator.comparing(AccessPolicy::getIdentifier));
    XMLStreamWriter writer = null;
    final StringWriter out = new StringWriter();
    try {
        writer = XML_OUTPUT_FACTORY.createXMLStreamWriter(out);
        writer.writeStartDocument();
        writer.writeStartElement("accessPolicies");
        for (AccessPolicy policy : policies) {
            writePolicy(writer, policy);
        }
        writer.writeEndElement();
        writer.writeEndDocument();
        writer.flush();
    } catch (XMLStreamException e) {
        throw new AuthorizationAccessException("Unable to generate fingerprint", e);
    } finally {
        if (writer != null) {
            try {
                writer.close();
            } catch (XMLStreamException e) {
            // nothing to do here
            }
        }
    }
    return out.toString();
}
Also used : AuthorizationAccessException(org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException) StringWriter(java.io.StringWriter) XMLStreamException(javax.xml.stream.XMLStreamException) XMLStreamWriter(javax.xml.stream.XMLStreamWriter) ArrayList(java.util.ArrayList) AccessPolicy(org.apache.nifi.registry.security.authorization.AccessPolicy)

Example 3 with AccessPolicy

use of org.apache.nifi.registry.security.authorization.AccessPolicy in project nifi-registry by apache.

the class FileAccessPolicyProvider method addAccessPolicy.

@Override
public synchronized AccessPolicy addAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
    if (accessPolicy == null) {
        throw new IllegalArgumentException("AccessPolicy cannot be null");
    }
    // create the new JAXB Policy
    final Policy policy = createJAXBPolicy(accessPolicy);
    // add the new Policy to the top-level list of policies
    final AuthorizationsHolder holder = authorizationsHolder.get();
    final Authorizations authorizations = holder.getAuthorizations();
    authorizations.getPolicies().getPolicy().add(policy);
    saveAndRefreshHolder(authorizations);
    return authorizationsHolder.get().getPoliciesById().get(accessPolicy.getIdentifier());
}
Also used : AccessPolicy(org.apache.nifi.registry.security.authorization.AccessPolicy) Policy(org.apache.nifi.registry.security.authorization.file.generated.Policy) Authorizations(org.apache.nifi.registry.security.authorization.file.generated.Authorizations)

Example 4 with AccessPolicy

use of org.apache.nifi.registry.security.authorization.AccessPolicy in project nifi-registry by apache.

the class FileAccessPolicyProvider method parsePolicies.

private List<AccessPolicy> parsePolicies(final String fingerprint) {
    final List<AccessPolicy> policies = new ArrayList<>();
    final byte[] fingerprintBytes = fingerprint.getBytes(StandardCharsets.UTF_8);
    try (final ByteArrayInputStream in = new ByteArrayInputStream(fingerprintBytes)) {
        final DocumentBuilder docBuilder = DOCUMENT_BUILDER_FACTORY.newDocumentBuilder();
        final Document document = docBuilder.parse(in);
        final Element rootElement = document.getDocumentElement();
        // parse all the policies and add them to the current access policy provider
        NodeList policyNodes = rootElement.getElementsByTagName(POLICY_ELEMENT);
        for (int i = 0; i < policyNodes.getLength(); i++) {
            Node policyNode = policyNodes.item(i);
            policies.add(parsePolicy((Element) policyNode));
        }
    } catch (SAXException | ParserConfigurationException | IOException e) {
        throw new AuthorizationAccessException("Unable to parse fingerprint", e);
    }
    return policies;
}
Also used : JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) ArrayList(java.util.ArrayList) IOException(java.io.IOException) Document(org.w3c.dom.Document) AccessPolicy(org.apache.nifi.registry.security.authorization.AccessPolicy) SAXException(org.xml.sax.SAXException) AuthorizationAccessException(org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException) ByteArrayInputStream(java.io.ByteArrayInputStream) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)

Example 5 with AccessPolicy

use of org.apache.nifi.registry.security.authorization.AccessPolicy in project nifi-registry by apache.

the class FileAccessPolicyProvider method addUserToAccessPolicy.

/**
 * Creates and adds an access policy for the given resource, identity, and actions to the specified authorizations.
 *
 * @param authorizations the Authorizations instance to add the policy to
 * @param resource the resource for the policy
 * @param userIdentifier the identifier for the user to add to the policy
 * @param action the action for the policy
 */
private void addUserToAccessPolicy(final Authorizations authorizations, final String resource, final String userIdentifier, final String action) {
    // first try to find an existing policy for the given resource and action
    Policy foundPolicy = null;
    for (Policy policy : authorizations.getPolicies().getPolicy()) {
        if (policy.getResource().equals(resource) && policy.getAction().equals(action)) {
            foundPolicy = policy;
            break;
        }
    }
    if (foundPolicy == null) {
        // if we didn't find an existing policy create a new one
        final String uuidSeed = resource + action;
        final AccessPolicy.Builder builder = new AccessPolicy.Builder().identifierGenerateFromSeed(uuidSeed).resource(resource).addUser(userIdentifier);
        if (action.equals(READ_CODE)) {
            builder.action(RequestAction.READ);
        } else if (action.equals(WRITE_CODE)) {
            builder.action(RequestAction.WRITE);
        } else if (action.equals(DELETE_CODE)) {
            builder.action(RequestAction.DELETE);
        } else {
            throw new IllegalStateException("Unknown Policy Action: " + action);
        }
        final AccessPolicy accessPolicy = builder.build();
        final Policy jaxbPolicy = createJAXBPolicy(accessPolicy);
        authorizations.getPolicies().getPolicy().add(jaxbPolicy);
    } else {
        // otherwise add the user to the existing policy
        Policy.User policyUser = new Policy.User();
        policyUser.setIdentifier(userIdentifier);
        foundPolicy.getUser().add(policyUser);
    }
}
Also used : AccessPolicy(org.apache.nifi.registry.security.authorization.AccessPolicy) Policy(org.apache.nifi.registry.security.authorization.file.generated.Policy) User(org.apache.nifi.registry.security.authorization.User) AccessPolicy(org.apache.nifi.registry.security.authorization.AccessPolicy)

Aggregations

AccessPolicy (org.apache.nifi.registry.security.authorization.AccessPolicy)9 Policy (org.apache.nifi.registry.security.authorization.file.generated.Policy)5 Authorizations (org.apache.nifi.registry.security.authorization.file.generated.Authorizations)3 ArrayList (java.util.ArrayList)2 JAXBElement (javax.xml.bind.JAXBElement)2 DocumentBuilder (javax.xml.parsers.DocumentBuilder)2 AuthorizationAccessException (org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException)2 Element (org.w3c.dom.Element)2 NodeList (org.w3c.dom.NodeList)2 ByteArrayInputStream (java.io.ByteArrayInputStream)1 IOException (java.io.IOException)1 StringWriter (java.io.StringWriter)1 HashMap (java.util.HashMap)1 HashSet (java.util.HashSet)1 Set (java.util.Set)1 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)1 XMLStreamException (javax.xml.stream.XMLStreamException)1 XMLStreamWriter (javax.xml.stream.XMLStreamWriter)1 User (org.apache.nifi.registry.security.authorization.User)1 Document (org.w3c.dom.Document)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial