Example 6 with Group
use of org.apache.nifi.registry.security.authorization.Group in project nifi-registry by apache.
the class LdapUserGroupProviderTest method testReferencedUserWithoutDefiningReferencedAttribute.
@Test
public void testReferencedUserWithoutDefiningReferencedAttribute() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration("ou=users-2,o=nifi", "ou=groups-2,o=nifi");
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("uid"));
// using room due to reqs of groupOfNames
when(configurationContext.getProperty(PROP_GROUP_OBJECT_CLASS)).thenReturn(new StandardPropertyValue("room"));
// using description in lieu of member
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("description"));
when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn"));
ldapUserGroupProvider.onConfigured(configurationContext);
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(1, groups.size());
final Group team3 = groups.stream().filter(group -> "team3".equals(group.getName())).findFirst().orElse(null);
assertNotNull(team3);
assertTrue(team3.getUsers().isEmpty());
}
Also used :
Group(org.apache.nifi.registry.security.authorization.Group)
StandardPropertyValue(org.apache.nifi.registry.util.StandardPropertyValue)
AuthorizerConfigurationContext(org.apache.nifi.registry.security.authorization.AuthorizerConfigurationContext)
Test(org.junit.Test)
Example 7 with Group
use of org.apache.nifi.registry.security.authorization.Group in project nifi-registry by apache.
the class LdapUserGroupProviderTest method testSearchGroupsWithNameAndUserIdentityCnAttribute.
@Test
public void testSearchGroupsWithNameAndUserIdentityCnAttribute() throws Exception {
final AuthorizerConfigurationContext configurationContext = getBaseConfiguration(null, GROUP_SEARCH_BASE);
when(configurationContext.getProperty(PROP_GROUP_MEMBER_ATTRIBUTE)).thenReturn(new StandardPropertyValue("member"));
when(configurationContext.getProperty(PROP_GROUP_NAME_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn"));
when(configurationContext.getProperty(PROP_USER_IDENTITY_ATTRIBUTE)).thenReturn(new StandardPropertyValue("cn"));
ldapUserGroupProvider.onConfigured(configurationContext);
final Set<Group> groups = ldapUserGroupProvider.getGroups();
assertEquals(4, groups.size());
final Group admins = groups.stream().filter(group -> "admins".equals(group.getName())).findFirst().orElse(null);
assertNotNull(admins);
assertFalse(admins.getUsers().isEmpty());
assertEquals(1, admins.getUsers().stream().map(userIdentifier -> ldapUserGroupProvider.getUser(userIdentifier)).filter(user -> "User 1".equals(user.getIdentity())).count());
}
Also used :
CreateTransport(org.apache.directory.server.annotations.CreateTransport)
PROP_URL(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_URL)
PROP_USER_GROUP_ATTRIBUTE(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_USER_GROUP_ATTRIBUTE)
PROP_USER_IDENTITY_ATTRIBUTE(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_USER_IDENTITY_ATTRIBUTE)
PROP_CONNECT_TIMEOUT(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_CONNECT_TIMEOUT)
PROP_USER_SEARCH_FILTER(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_USER_SEARCH_FILTER)
CreateLdapServer(org.apache.directory.server.annotations.CreateLdapServer)
CreatePartition(org.apache.directory.server.core.annotations.CreatePartition)
Set(java.util.Set)
PROP_PAGE_SIZE(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_PAGE_SIZE)
LdapAuthenticationStrategy(org.apache.nifi.registry.security.ldap.LdapAuthenticationStrategy)
PROP_GROUP_SEARCH_SCOPE(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_GROUP_SEARCH_SCOPE)
PROP_GROUP_OBJECT_CLASS(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_GROUP_OBJECT_CLASS)
Assert.assertFalse(org.junit.Assert.assertFalse)
PROP_GROUP_MEMBER_REFERENCED_USER_ATTRIBUTE(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_GROUP_MEMBER_REFERENCED_USER_ATTRIBUTE)
PROP_SYNC_INTERVAL(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_SYNC_INTERVAL)
Mockito.mock(org.mockito.Mockito.mock)
ReferralStrategy(org.apache.nifi.registry.security.ldap.ReferralStrategy)
PROP_GROUP_SEARCH_FILTER(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_GROUP_SEARCH_FILTER)
PROP_USER_SEARCH_SCOPE(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_USER_SEARCH_SCOPE)
RunWith(org.junit.runner.RunWith)
CreateDS(org.apache.directory.server.core.annotations.CreateDS)
Matchers.anyString(org.mockito.Matchers.anyString)
PROP_GROUP_MEMBER_ATTRIBUTE(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_GROUP_MEMBER_ATTRIBUTE)
ApplyLdifFiles(org.apache.directory.server.core.annotations.ApplyLdifFiles)
Group(org.apache.nifi.registry.security.authorization.Group)
PROP_GROUP_NAME_ATTRIBUTE(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_GROUP_NAME_ATTRIBUTE)
PROP_USER_GROUP_REFERENCED_GROUP_ATTRIBUTE(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_USER_GROUP_REFERENCED_GROUP_ATTRIBUTE)
PROP_USER_SEARCH_BASE(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_USER_SEARCH_BASE)
UserGroupProviderInitializationContext(org.apache.nifi.registry.security.authorization.UserGroupProviderInitializationContext)
NiFiRegistryProperties(org.apache.nifi.registry.properties.NiFiRegistryProperties)
UserAndGroups(org.apache.nifi.registry.security.authorization.UserAndGroups)
FrameworkRunner(org.apache.directory.server.core.integ.FrameworkRunner)
Before(org.junit.Before)
PROP_AUTHENTICATION_STRATEGY(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_AUTHENTICATION_STRATEGY)
Properties(java.util.Properties)
PROP_USER_OBJECT_CLASS(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_USER_OBJECT_CLASS)
SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException)
Assert.assertNotNull(org.junit.Assert.assertNotNull)
PROP_MANAGER_DN(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_MANAGER_DN)
Assert.assertTrue(org.junit.Assert.assertTrue)
Test(org.junit.Test)
Mockito.when(org.mockito.Mockito.when)
StandardPropertyValue(org.apache.nifi.registry.util.StandardPropertyValue)
PROP_MANAGER_PASSWORD(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_MANAGER_PASSWORD)
Mockito(org.mockito.Mockito)
AuthorizerConfigurationContext(org.apache.nifi.registry.security.authorization.AuthorizerConfigurationContext)
PROP_REFERRAL_STRATEGY(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_REFERRAL_STRATEGY)
PROP_READ_TIMEOUT(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_READ_TIMEOUT)
AbstractLdapTestUnit(org.apache.directory.server.core.integ.AbstractLdapTestUnit)
PROP_GROUP_SEARCH_BASE(org.apache.nifi.registry.security.ldap.tenants.LdapUserGroupProvider.PROP_GROUP_SEARCH_BASE)
Assert.assertEquals(org.junit.Assert.assertEquals)
Group(org.apache.nifi.registry.security.authorization.Group)
StandardPropertyValue(org.apache.nifi.registry.util.StandardPropertyValue)
AuthorizerConfigurationContext(org.apache.nifi.registry.security.authorization.AuthorizerConfigurationContext)
Test(org.junit.Test)
Example 8 with Group
use of org.apache.nifi.registry.security.authorization.Group in project nifi-registry by apache.
the class LdapUserGroupProvider method load.
/**
* Reloads the tenants.
*/
private void load(final ContextSource contextSource) {
// create the ldapTemplate based on the context source. use a single source context to use the same connection
// to support paging when configured
final SingleContextSource singleContextSource = new SingleContextSource(contextSource.getReadOnlyContext());
final LdapTemplate ldapTemplate = new LdapTemplate(singleContextSource);
try {
final List<User> userList = new ArrayList<>();
final List<Group> groupList = new ArrayList<>();
// group dn -> user identifiers lookup
final Map<String, Set<String>> groupToUserIdentifierMappings = new HashMap<>();
// user dn -> user lookup
final Map<String, User> userLookup = new HashMap<>();
if (performUserSearch) {
// search controls
final SearchControls userControls = new SearchControls();
userControls.setSearchScope(userSearchScope.ordinal());
// consider paging support for users
final DirContextProcessor userProcessor;
if (pageSize == null) {
userProcessor = new NullDirContextProcessor();
} else {
userProcessor = new PagedResultsDirContextProcessor(pageSize);
}
// looking for objects matching the user object class
final AndFilter userFilter = new AndFilter();
userFilter.and(new EqualsFilter("objectClass", userObjectClass));
// if a filter has been provided by the user, we add it to the filter
if (StringUtils.isNotBlank(userSearchFilter)) {
userFilter.and(new HardcodedFilter(userSearchFilter));
}
do {
userList.addAll(ldapTemplate.search(userSearchBase, userFilter.encode(), userControls, new AbstractContextMapper<User>() {
@Override
protected User doMapFromContext(DirContextOperations ctx) {
// get the user identity
final String identity = getUserIdentity(ctx);
// build the user
final User user = new User.Builder().identifierGenerateFromSeed(identity).identity(identity).build();
// store the user for group member later
userLookup.put(getReferencedUserValue(ctx), user);
if (StringUtils.isNotBlank(userGroupNameAttribute)) {
final Attribute attributeGroups = ctx.getAttributes().get(userGroupNameAttribute);
if (attributeGroups == null) {
logger.warn("User group name attribute [" + userGroupNameAttribute + "] does not exist. Ignoring group membership.");
} else {
try {
final NamingEnumeration<String> groupValues = (NamingEnumeration<String>) attributeGroups.getAll();
while (groupValues.hasMoreElements()) {
// store the group -> user identifier mapping
groupToUserIdentifierMappings.computeIfAbsent(groupValues.next(), g -> new HashSet<>()).add(user.getIdentifier());
}
} catch (NamingException e) {
throw new AuthorizationAccessException("Error while retrieving user group name attribute [" + userIdentityAttribute + "].");
}
}
}
return user;
}
}, userProcessor));
} while (hasMorePages(userProcessor));
}
if (performGroupSearch) {
final SearchControls groupControls = new SearchControls();
groupControls.setSearchScope(groupSearchScope.ordinal());
// consider paging support for groups
final DirContextProcessor groupProcessor;
if (pageSize == null) {
groupProcessor = new NullDirContextProcessor();
} else {
groupProcessor = new PagedResultsDirContextProcessor(pageSize);
}
// looking for objects matching the group object class
AndFilter groupFilter = new AndFilter();
groupFilter.and(new EqualsFilter("objectClass", groupObjectClass));
// if a filter has been provided by the user, we add it to the filter
if (StringUtils.isNotBlank(groupSearchFilter)) {
groupFilter.and(new HardcodedFilter(groupSearchFilter));
}
do {
groupList.addAll(ldapTemplate.search(groupSearchBase, groupFilter.encode(), groupControls, new AbstractContextMapper<Group>() {
@Override
protected Group doMapFromContext(DirContextOperations ctx) {
final String dn = ctx.getDn().toString();
// get the group identity
final String name = getGroupName(ctx);
// get the value of this group that may associate it to users
final String referencedGroupValue = getReferencedGroupValue(ctx);
if (!StringUtils.isBlank(groupMemberAttribute)) {
Attribute attributeUsers = ctx.getAttributes().get(groupMemberAttribute);
if (attributeUsers == null) {
logger.warn("Group member attribute [" + groupMemberAttribute + "] does not exist. Ignoring group membership.");
} else {
try {
final NamingEnumeration<String> userValues = (NamingEnumeration<String>) attributeUsers.getAll();
while (userValues.hasMoreElements()) {
final String userValue = userValues.next();
if (performUserSearch) {
// find the user by it's referenced attribute and add the identifier to this group
final User user = userLookup.get(userValue);
// ensure the user is known
if (user != null) {
groupToUserIdentifierMappings.computeIfAbsent(referencedGroupValue, g -> new HashSet<>()).add(user.getIdentifier());
} else {
logger.warn(String.format("%s contains member %s but that user was not found while searching users. Ignoring group membership.", name, userValue));
}
} else {
// since performUserSearch is false, then the referenced group attribute must be blank... the user value must be the dn
final String userDn = userValue;
final String userIdentity;
if (useDnForUserIdentity) {
// use the user value to avoid the unnecessary look up
userIdentity = userDn;
} else {
// lookup the user to extract the user identity
userIdentity = getUserIdentity((DirContextAdapter) ldapTemplate.lookup(userDn));
}
// build the user
final User user = new User.Builder().identifierGenerateFromSeed(userIdentity).identity(userIdentity).build();
// add this user
userList.add(user);
groupToUserIdentifierMappings.computeIfAbsent(referencedGroupValue, g -> new HashSet<>()).add(user.getIdentifier());
}
}
} catch (NamingException e) {
throw new AuthorizationAccessException("Error while retrieving group name attribute [" + groupNameAttribute + "].");
}
}
}
// build this group
final Group.Builder groupBuilder = new Group.Builder().identifierGenerateFromSeed(name).name(name);
// add all users that were associated with this referenced group attribute
if (groupToUserIdentifierMappings.containsKey(referencedGroupValue)) {
groupToUserIdentifierMappings.remove(referencedGroupValue).forEach(userIdentifier -> groupBuilder.addUser(userIdentifier));
}
return groupBuilder.build();
}
}, groupProcessor));
} while (hasMorePages(groupProcessor));
// any remaining groupDn's were referenced by a user but not found while searching groups
groupToUserIdentifierMappings.forEach((referencedGroupValue, userIdentifiers) -> {
logger.warn(String.format("[%s] are members of %s but that group was not found while searching users. Ignoring group membership.", StringUtils.join(userIdentifiers, ", "), referencedGroupValue));
});
} else {
// since performGroupSearch is false, then the referenced user attribute must be blank... the group value must be the dn
// groups are not being searched so lookup any groups identified while searching users
groupToUserIdentifierMappings.forEach((groupDn, userIdentifiers) -> {
final String groupName;
if (useDnForGroupName) {
// use the dn to avoid the unnecessary look up
groupName = groupDn;
} else {
groupName = getGroupName((DirContextAdapter) ldapTemplate.lookup(groupDn));
}
// define the group
final Group.Builder groupBuilder = new Group.Builder().identifierGenerateFromSeed(groupName).name(groupName);
// add each user
userIdentifiers.forEach(userIdentifier -> groupBuilder.addUser(userIdentifier));
// build the group
groupList.add(groupBuilder.build());
});
}
// record the updated tenants
tenants.set(new TenantHolder(new HashSet<>(userList), new HashSet<>(groupList)));
} finally {
singleContextSource.destroy();
}
}
Also used :
SSLContext(javax.net.ssl.SSLContext)
AbstractContextMapper(org.springframework.ldap.core.support.AbstractContextMapper)
AndFilter(org.springframework.ldap.filter.AndFilter)
ClientAuth(org.apache.nifi.registry.security.util.SslContextFactory.ClientAuth)
LoggerFactory(org.slf4j.LoggerFactory)
LdapTemplate(org.springframework.ldap.core.LdapTemplate)
NamingException(javax.naming.NamingException)
KeyStoreException(java.security.KeyStoreException)
StringUtils(org.apache.commons.lang3.StringUtils)
Attribute(javax.naming.directory.Attribute)
Map(java.util.Map)
DirContextAdapter(org.springframework.ldap.core.DirContextAdapter)
ThreadFactory(java.util.concurrent.ThreadFactory)
LdapsSocketFactory(org.apache.nifi.registry.security.ldap.LdapsSocketFactory)
LdapContextSource(org.springframework.ldap.core.support.LdapContextSource)
AuthorizerContext(org.apache.nifi.registry.security.authorization.annotation.AuthorizerContext)
UserGroupProvider(org.apache.nifi.registry.security.authorization.UserGroupProvider)
Set(java.util.Set)
KeyManagementException(java.security.KeyManagementException)
HardcodedFilter(org.springframework.ldap.filter.HardcodedFilter)
LdapAuthenticationStrategy(org.apache.nifi.registry.security.ldap.LdapAuthenticationStrategy)
SslContextFactory(org.apache.nifi.registry.security.util.SslContextFactory)
Executors(java.util.concurrent.Executors)
List(java.util.List)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
NamingEnumeration(javax.naming.NamingEnumeration)
SingleContextSource(org.springframework.ldap.core.support.SingleContextSource)
IdentityMapping(org.apache.nifi.registry.properties.util.IdentityMapping)
DirContextOperations(org.springframework.ldap.core.DirContextOperations)
PagedResultsDirContextProcessor(org.springframework.ldap.control.PagedResultsDirContextProcessor)
ReferralStrategy(org.apache.nifi.registry.security.ldap.ReferralStrategy)
NullDirContextProcessor(org.springframework.ldap.core.LdapTemplate.NullDirContextProcessor)
DirContextProcessor(org.springframework.ldap.core.DirContextProcessor)
IdentityMappingUtil(org.apache.nifi.registry.properties.util.IdentityMappingUtil)
HashMap(java.util.HashMap)
AtomicReference(java.util.concurrent.atomic.AtomicReference)
SearchControls(javax.naming.directory.SearchControls)
ArrayList(java.util.ArrayList)
HashSet(java.util.HashSet)
Group(org.apache.nifi.registry.security.authorization.Group)
SimpleDirContextAuthenticationStrategy(org.springframework.ldap.core.support.SimpleDirContextAuthenticationStrategy)
UserGroupProviderInitializationContext(org.apache.nifi.registry.security.authorization.UserGroupProviderInitializationContext)
NiFiRegistryProperties(org.apache.nifi.registry.properties.NiFiRegistryProperties)
UserAndGroups(org.apache.nifi.registry.security.authorization.UserAndGroups)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
ScheduledExecutorService(java.util.concurrent.ScheduledExecutorService)
AbstractTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.AbstractTlsDirContextAuthenticationStrategy)
SecurityProviderDestructionException(org.apache.nifi.registry.security.exception.SecurityProviderDestructionException)
DefaultTlsDirContextAuthenticationStrategy(org.springframework.ldap.core.support.DefaultTlsDirContextAuthenticationStrategy)
Context(javax.naming.Context)
AuthorizationAccessException(org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException)
Logger(org.slf4j.Logger)
ContextSource(org.springframework.ldap.core.ContextSource)
SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException)
User(org.apache.nifi.registry.security.authorization.User)
IOException(java.io.IOException)
CertificateException(java.security.cert.CertificateException)
TimeUnit(java.util.concurrent.TimeUnit)
EqualsFilter(org.springframework.ldap.filter.EqualsFilter)
AuthorizerConfigurationContext(org.apache.nifi.registry.security.authorization.AuthorizerConfigurationContext)
PropertyValue(org.apache.nifi.registry.util.PropertyValue)
Collections(java.util.Collections)
FormatUtils(org.apache.nifi.registry.util.FormatUtils)
Group(org.apache.nifi.registry.security.authorization.Group)
User(org.apache.nifi.registry.security.authorization.User)
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
Attribute(javax.naming.directory.Attribute)
ArrayList(java.util.ArrayList)
NamingEnumeration(javax.naming.NamingEnumeration)
PagedResultsDirContextProcessor(org.springframework.ldap.control.PagedResultsDirContextProcessor)
NullDirContextProcessor(org.springframework.ldap.core.LdapTemplate.NullDirContextProcessor)
DirContextProcessor(org.springframework.ldap.core.DirContextProcessor)
PagedResultsDirContextProcessor(org.springframework.ldap.control.PagedResultsDirContextProcessor)
LdapTemplate(org.springframework.ldap.core.LdapTemplate)
AuthorizationAccessException(org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException)
DirContextAdapter(org.springframework.ldap.core.DirContextAdapter)
SearchControls(javax.naming.directory.SearchControls)
NamingException(javax.naming.NamingException)
EqualsFilter(org.springframework.ldap.filter.EqualsFilter)
HashSet(java.util.HashSet)
SingleContextSource(org.springframework.ldap.core.support.SingleContextSource)
NullDirContextProcessor(org.springframework.ldap.core.LdapTemplate.NullDirContextProcessor)
HardcodedFilter(org.springframework.ldap.filter.HardcodedFilter)
AndFilter(org.springframework.ldap.filter.AndFilter)
AbstractContextMapper(org.springframework.ldap.core.support.AbstractContextMapper)
DirContextOperations(org.springframework.ldap.core.DirContextOperations)
Example 9 with Group
use of org.apache.nifi.registry.security.authorization.Group in project nifi-registry by apache.
the class FileUserGroupProvider method deleteGroup.
@Override
public synchronized Group deleteGroup(String groupIdentifier) throws AuthorizationAccessException {
if (groupIdentifier == null) {
throw new IllegalArgumentException("Group identifier cannot be null");
}
final UserGroupHolder holder = userGroupHolder.get();
final Group deletedGroup = holder.getGroupsById().get(groupIdentifier);
if (deletedGroup == null) {
return null;
}
// now remove the actual group from the top-level list of groups
final Tenants tenants = holder.getTenants();
Iterator<org.apache.nifi.registry.security.authorization.file.tenants.generated.Group> iter = tenants.getGroups().getGroup().iterator();
while (iter.hasNext()) {
org.apache.nifi.registry.security.authorization.file.tenants.generated.Group jaxbGroup = iter.next();
if (groupIdentifier.equals(jaxbGroup.getIdentifier())) {
iter.remove();
break;
}
}
saveAndRefreshHolder(tenants);
return deletedGroup;
}Example 10 with Group
use of org.apache.nifi.registry.security.authorization.Group in project nifi-registry by apache.
the class FileUserGroupProvider method updateGroup.
@Override
public synchronized Group updateGroup(Group group) throws AuthorizationAccessException {
if (group == null) {
throw new IllegalArgumentException("Group cannot be null");
}
final UserGroupHolder holder = userGroupHolder.get();
final Tenants tenants = holder.getTenants();
// find the group that needs to be update
org.apache.nifi.registry.security.authorization.file.tenants.generated.Group updateGroup = null;
for (org.apache.nifi.registry.security.authorization.file.tenants.generated.Group jaxbGroup : tenants.getGroups().getGroup()) {
if (jaxbGroup.getIdentifier().equals(group.getIdentifier())) {
updateGroup = jaxbGroup;
break;
}
}
// if the group wasn't found return null, otherwise update the group and save changes
if (updateGroup == null) {
return null;
}
// reset the list of users and add each user to the group
updateGroup.getUser().clear();
for (String groupUser : group.getUsers()) {
org.apache.nifi.registry.security.authorization.file.tenants.generated.Group.User jaxbGroupUser = new org.apache.nifi.registry.security.authorization.file.tenants.generated.Group.User();
jaxbGroupUser.setIdentifier(groupUser);
updateGroup.getUser().add(jaxbGroupUser);
}
updateGroup.setName(group.getName());
saveAndRefreshHolder(tenants);
return userGroupHolder.get().getGroupsById().get(group.getIdentifier());
}Aggregations
Group (org.apache.nifi.registry.security.authorization.Group)26
AuthorizerConfigurationContext (org.apache.nifi.registry.security.authorization.AuthorizerConfigurationContext)14
Test (org.junit.Test)13
StandardPropertyValue (org.apache.nifi.registry.util.StandardPropertyValue)12
Set (java.util.Set)11
UserAndGroups (org.apache.nifi.registry.security.authorization.UserAndGroups)11
NiFiRegistryProperties (org.apache.nifi.registry.properties.NiFiRegistryProperties)9
User (org.apache.nifi.registry.security.authorization.User)9
UserGroupProviderInitializationContext (org.apache.nifi.registry.security.authorization.UserGroupProviderInitializationContext)9
SecurityProviderCreationException (org.apache.nifi.registry.security.exception.SecurityProviderCreationException)9
LdapAuthenticationStrategy (org.apache.nifi.registry.security.ldap.LdapAuthenticationStrategy)9
ReferralStrategy (org.apache.nifi.registry.security.ldap.ReferralStrategy)9
Properties (java.util.Properties)8
CreateLdapServer (org.apache.directory.server.annotations.CreateLdapServer)8
CreateTransport (org.apache.directory.server.annotations.CreateTransport)8
ApplyLdifFiles (org.apache.directory.server.core.annotations.ApplyLdifFiles)8
CreateDS (org.apache.directory.server.core.annotations.CreateDS)8
CreatePartition (org.apache.directory.server.core.annotations.CreatePartition)8
AbstractLdapTestUnit (org.apache.directory.server.core.integ.AbstractLdapTestUnit)8
FrameworkRunner (org.apache.directory.server.core.integ.FrameworkRunner)8
