Example 1 with RequestAction
use of org.apache.nifi.registry.security.authorization.RequestAction in project nifi-registry by apache.
the class ResourceAuthorizationFilter method doFilter.
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
boolean authorizationCheckIsRequired = false;
String resourcePath = null;
RequestAction action = null;
// Only require authorization if the NiFi Registry is running securely.
if (servletRequest.isSecure()) {
// Only require authorization for resources for which this filter has been configured
resourcePath = httpServletRequest.getServletPath();
if (resourcePath != null) {
final ResourceType resourceType = ResourceType.mapFullResourcePathToResourceType(resourcePath);
final HttpMethodAuthorizationRules authorizationRules = resourceTypeAuthorizationRules.get(resourceType);
if (authorizationRules != null) {
final String httpMethodStr = httpServletRequest.getMethod().toUpperCase();
HttpMethod httpMethod = HttpMethod.resolve(httpMethodStr);
// Only require authorization for HTTP methods included in this resource type's rule set
if (httpMethod != null && authorizationRules.requiresAuthorization(httpMethod)) {
authorizationCheckIsRequired = true;
action = authorizationRules.mapHttpMethodToAction(httpMethod);
}
}
}
}
if (!authorizationCheckIsRequired) {
forwardRequestWithoutAuthorizationCheck(httpServletRequest, httpServletResponse, filterChain);
return;
}
// Perform authorization check
try {
authorizeAccess(resourcePath, action);
successfulAuthorization(httpServletRequest, httpServletResponse, filterChain);
} catch (Exception e) {
logger.debug("Exception occurred while performing authorization check.", e);
failedAuthorization(httpServletRequest, httpServletResponse, filterChain, e);
}
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
RequestAction(org.apache.nifi.registry.security.authorization.RequestAction)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
ResourceType(org.apache.nifi.registry.security.authorization.resource.ResourceType)
HttpMethod(org.springframework.http.HttpMethod)
AccessDeniedException(org.apache.nifi.registry.security.authorization.exception.AccessDeniedException)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
Example 2 with RequestAction
use of org.apache.nifi.registry.security.authorization.RequestAction in project nifi-registry by apache.
the class AccessPolicyResource method getAccessPolicyForResource.
/**
* Retrieve a specified access policy for a given (action, resource) pair.
*
* @param action the action, i.e. "read", "write"
* @param rawResource the name of the resource as a raw string
* @return An access policy.
*/
@GET
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_JSON)
@Path("{action}/{resource: .+}")
@ApiOperation(value = "Gets an access policy for the specified action and resource", response = AccessPolicy.class, extensions = { @Extension(name = "access-policy", properties = { @ExtensionProperty(name = "action", value = "read"), @ExtensionProperty(name = "resource", value = "/policies") }) })
@ApiResponses({ @ApiResponse(code = 400, message = HttpStatusMessages.MESSAGE_400), @ApiResponse(code = 401, message = HttpStatusMessages.MESSAGE_401), @ApiResponse(code = 403, message = HttpStatusMessages.MESSAGE_403), @ApiResponse(code = 404, message = HttpStatusMessages.MESSAGE_404), @ApiResponse(code = 409, message = HttpStatusMessages.MESSAGE_409) })
public Response getAccessPolicyForResource(@ApiParam(value = "The request action.", allowableValues = "read, write, delete", required = true) @PathParam("action") final String action, @ApiParam(value = "The resource of the policy.", required = true) @PathParam("resource") final String rawResource) {
verifyAuthorizerIsManaged();
authorizeAccess(RequestAction.READ);
// parse the action and resource type
final RequestAction requestAction = RequestAction.valueOfValue(action);
final String resource = "/" + rawResource;
AccessPolicy accessPolicy = authorizationService.getAccessPolicy(resource, requestAction);
if (accessPolicy == null) {
throw new ResourceNotFoundException("No policy found for action='" + action + "', resource='" + resource + "'");
}
return generateOkResponse(accessPolicy).build();
}
Also used :
RequestAction(org.apache.nifi.registry.security.authorization.RequestAction)
ResourceNotFoundException(org.apache.nifi.registry.exception.ResourceNotFoundException)
AccessPolicy(org.apache.nifi.registry.authorization.AccessPolicy)
Path(javax.ws.rs.Path)
Consumes(javax.ws.rs.Consumes)
Produces(javax.ws.rs.Produces)
GET(javax.ws.rs.GET)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiResponses(io.swagger.annotations.ApiResponses)
Aggregations
RequestAction (org.apache.nifi.registry.security.authorization.RequestAction)2
ApiOperation (io.swagger.annotations.ApiOperation)1
ApiResponses (io.swagger.annotations.ApiResponses)1
IOException (java.io.IOException)1
ServletException (javax.servlet.ServletException)1
HttpServletRequest (javax.servlet.http.HttpServletRequest)1
HttpServletResponse (javax.servlet.http.HttpServletResponse)1
Consumes (javax.ws.rs.Consumes)1
GET (javax.ws.rs.GET)1
Path (javax.ws.rs.Path)1
Produces (javax.ws.rs.Produces)1
AccessPolicy (org.apache.nifi.registry.authorization.AccessPolicy)1
ResourceNotFoundException (org.apache.nifi.registry.exception.ResourceNotFoundException)1
AccessDeniedException (org.apache.nifi.registry.security.authorization.exception.AccessDeniedException)1
ResourceType (org.apache.nifi.registry.security.authorization.resource.ResourceType)1
HttpMethod (org.springframework.http.HttpMethod)1
