Examples with Group - org.apache.nifi.registry.security.authorization.Group

Example 11 with Group

use of org.apache.nifi.registry.security.authorization.Group in project nifi-registry by apache.

the class UserGroupHolder method createGroupsByUserIdentityMap.

/**
 * Creates a Map from user identity to the set of Groups for that identity.
 *
 * @param groups all groups
 * @param users all users
 * @return a Map from User identity to the set of Groups for that identity
 */
private Map<String, Set<Group>> createGroupsByUserIdentityMap(final Set<Group> groups, final Set<User> users) {
    Map<String, Set<Group>> groupsByUserIdentity = new HashMap<>();
    for (User user : users) {
        Set<Group> userGroups = new HashSet<>();
        for (Group group : groups) {
            for (String groupUser : group.getUsers()) {
                if (groupUser.equals(user.getIdentifier())) {
                    userGroups.add(group);
                }
            }
        }
        groupsByUserIdentity.put(user.getIdentity(), userGroups);
    }
    return groupsByUserIdentity;
}

Also used : Group(org.apache.nifi.registry.security.authorization.Group) HashSet(java.util.HashSet) Set(java.util.Set) User(org.apache.nifi.registry.security.authorization.User) HashMap(java.util.HashMap) HashSet(java.util.HashSet)

Example 12 with Group

use of org.apache.nifi.registry.security.authorization.Group in project nifi-registry by apache.

the class TenantHolder method createGroupsByUserIdentityMap.

/**
 * Creates a Map from user identity to the set of Groups for that identity.
 *
 * @param groups all groups
 * @param users all users
 * @return a Map from User identity to the set of Groups for that identity
 */
private Map<String, Set<Group>> createGroupsByUserIdentityMap(final Set<Group> groups, final Set<User> users) {
    Map<String, Set<Group>> groupsByUserIdentity = new HashMap<>();
    for (User user : users) {
        Set<Group> userGroups = new HashSet<>();
        for (Group group : groups) {
            for (String groupUser : group.getUsers()) {
                if (groupUser.equals(user.getIdentifier())) {
                    userGroups.add(group);
                }
            }
        }
        groupsByUserIdentity.put(user.getIdentity(), userGroups);
    }
    return groupsByUserIdentity;
}

Example 13 with Group

use of org.apache.nifi.registry.security.authorization.Group in project nifi-registry by apache.

the class FileUserGroupProvider method parseGroup.

private Group parseGroup(final Element element) {
    final Group.Builder builder = new Group.Builder().identifier(element.getAttribute(IDENTIFIER_ATTR)).name(element.getAttribute(NAME_ATTR));
    NodeList groupUsers = element.getElementsByTagName(GROUP_USER_ELEMENT);
    for (int i = 0; i < groupUsers.getLength(); i++) {
        Element groupUserNode = (Element) groupUsers.item(i);
        builder.addUser(groupUserNode.getAttribute(IDENTIFIER_ATTR));
    }
    return builder.build();
}

Also used : Group(org.apache.nifi.registry.security.authorization.Group) DocumentBuilder(javax.xml.parsers.DocumentBuilder) NodeList(org.w3c.dom.NodeList) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element)

Example 14 with Group

use of org.apache.nifi.registry.security.authorization.Group in project nifi-registry by apache.

the class FileUserGroupProvider method parseUsersAndGroups.

private UsersAndGroups parseUsersAndGroups(final String fingerprint) {
    final List<User> users = new ArrayList<>();
    final List<Group> groups = new ArrayList<>();
    final byte[] fingerprintBytes = fingerprint.getBytes(StandardCharsets.UTF_8);
    try (final ByteArrayInputStream in = new ByteArrayInputStream(fingerprintBytes)) {
        final DocumentBuilder docBuilder = DOCUMENT_BUILDER_FACTORY.newDocumentBuilder();
        final Document document = docBuilder.parse(in);
        final Element rootElement = document.getDocumentElement();
        // parse all the users and add them to the current user group provider
        NodeList userNodes = rootElement.getElementsByTagName(USER_ELEMENT);
        for (int i = 0; i < userNodes.getLength(); i++) {
            Node userNode = userNodes.item(i);
            users.add(parseUser((Element) userNode));
        }
        // parse all the groups and add them to the current user group provider
        NodeList groupNodes = rootElement.getElementsByTagName(GROUP_ELEMENT);
        for (int i = 0; i < groupNodes.getLength(); i++) {
            Node groupNode = groupNodes.item(i);
            groups.add(parseGroup((Element) groupNode));
        }
    } catch (SAXException | ParserConfigurationException | IOException e) {
        throw new AuthorizationAccessException("Unable to parse fingerprint", e);
    }
    return new UsersAndGroups(users, groups);
}

Also used : Group(org.apache.nifi.registry.security.authorization.Group) User(org.apache.nifi.registry.security.authorization.User) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) ArrayList(java.util.ArrayList) IOException(java.io.IOException) Document(org.w3c.dom.Document) SAXException(org.xml.sax.SAXException) AuthorizationAccessException(org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException) ByteArrayInputStream(java.io.ByteArrayInputStream) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)

Example 15 with Group

use of org.apache.nifi.registry.security.authorization.Group in project nifi-registry by apache.

the class FileUserGroupProvider method getUserAndGroups.

@Override
public UserAndGroups getUserAndGroups(final String identity) throws AuthorizationAccessException {
    final UserGroupHolder holder = userGroupHolder.get();
    final User user = holder.getUser(identity);
    final Set<Group> groups = holder.getGroups(identity);
    return new UserAndGroups() {

        @Override
        public User getUser() {
            return user;
        }

        @Override
        public Set<Group> getGroups() {
            return groups;
        }
    };
}

Also used : UserAndGroups(org.apache.nifi.registry.security.authorization.UserAndGroups) Group(org.apache.nifi.registry.security.authorization.Group) User(org.apache.nifi.registry.security.authorization.User)

Aggregations

Group (org.apache.nifi.registry.security.authorization.Group)26 AuthorizerConfigurationContext (org.apache.nifi.registry.security.authorization.AuthorizerConfigurationContext)14 Test (org.junit.Test)13 StandardPropertyValue (org.apache.nifi.registry.util.StandardPropertyValue)12 Set (java.util.Set)11 UserAndGroups (org.apache.nifi.registry.security.authorization.UserAndGroups)11 NiFiRegistryProperties (org.apache.nifi.registry.properties.NiFiRegistryProperties)9 User (org.apache.nifi.registry.security.authorization.User)9 UserGroupProviderInitializationContext (org.apache.nifi.registry.security.authorization.UserGroupProviderInitializationContext)9 SecurityProviderCreationException (org.apache.nifi.registry.security.exception.SecurityProviderCreationException)9 LdapAuthenticationStrategy (org.apache.nifi.registry.security.ldap.LdapAuthenticationStrategy)9 ReferralStrategy (org.apache.nifi.registry.security.ldap.ReferralStrategy)9 Properties (java.util.Properties)8 CreateLdapServer (org.apache.directory.server.annotations.CreateLdapServer)8 CreateTransport (org.apache.directory.server.annotations.CreateTransport)8 ApplyLdifFiles (org.apache.directory.server.core.annotations.ApplyLdifFiles)8 CreateDS (org.apache.directory.server.core.annotations.CreateDS)8 CreatePartition (org.apache.directory.server.core.annotations.CreatePartition)8 AbstractLdapTestUnit (org.apache.directory.server.core.integ.AbstractLdapTestUnit)8 FrameworkRunner (org.apache.directory.server.core.integ.FrameworkRunner)8