Search in sources :

Example 1 with AuthorizationAccessException

use of org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException in project nifi-registry by apache.

the class AbstractPolicyBasedAuthorizer method getFingerprint.

/**
 * Returns a fingerprint representing the authorizations managed by this authorizer. The fingerprint will be
 * used for comparison to determine if two policy-based authorizers represent a compatible set of users,
 * groups, and policies.
 *
 * @return the fingerprint for this Authorizer
 */
@Override
public final String getFingerprint() throws AuthorizationAccessException {
    final List<User> users = getSortedUsers();
    final List<Group> groups = getSortedGroups();
    final List<AccessPolicy> policies = getSortedAccessPolicies();
    XMLStreamWriter writer = null;
    final StringWriter out = new StringWriter();
    try {
        writer = XML_OUTPUT_FACTORY.createXMLStreamWriter(out);
        writer.writeStartDocument();
        writer.writeStartElement("authorizations");
        for (User user : users) {
            writeUser(writer, user);
        }
        for (Group group : groups) {
            writeGroup(writer, group);
        }
        for (AccessPolicy policy : policies) {
            writePolicy(writer, policy);
        }
        writer.writeEndElement();
        writer.writeEndDocument();
        writer.flush();
    } catch (XMLStreamException e) {
        throw new AuthorizationAccessException("Unable to generate fingerprint", e);
    } finally {
        if (writer != null) {
            try {
                writer.close();
            } catch (XMLStreamException e) {
            // nothing to do here
            }
        }
    }
    return out.toString();
}
Also used : AuthorizationAccessException(org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException) StringWriter(java.io.StringWriter) XMLStreamException(javax.xml.stream.XMLStreamException) XMLStreamWriter(javax.xml.stream.XMLStreamWriter)

Example 2 with AuthorizationAccessException

use of org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException in project nifi-registry by apache.

the class AbstractPolicyBasedAuthorizer method parsePoliciesUsersAndGroups.

private PoliciesUsersAndGroups parsePoliciesUsersAndGroups(final String fingerprint) {
    final List<AccessPolicy> accessPolicies = new ArrayList<>();
    final List<User> users = new ArrayList<>();
    final List<Group> groups = new ArrayList<>();
    final byte[] fingerprintBytes = fingerprint.getBytes(StandardCharsets.UTF_8);
    try (final ByteArrayInputStream in = new ByteArrayInputStream(fingerprintBytes)) {
        final DocumentBuilder docBuilder = DOCUMENT_BUILDER_FACTORY.newDocumentBuilder();
        final Document document = docBuilder.parse(in);
        final Element rootElement = document.getDocumentElement();
        // parse all the users and add them to the current authorizer
        NodeList userNodes = rootElement.getElementsByTagName(USER_ELEMENT);
        for (int i = 0; i < userNodes.getLength(); i++) {
            Node userNode = userNodes.item(i);
            users.add(parseUser((Element) userNode));
        }
        // parse all the groups and add them to the current authorizer
        NodeList groupNodes = rootElement.getElementsByTagName(GROUP_ELEMENT);
        for (int i = 0; i < groupNodes.getLength(); i++) {
            Node groupNode = groupNodes.item(i);
            groups.add(parseGroup((Element) groupNode));
        }
        // parse all the policies and add them to the current authorizer
        NodeList policyNodes = rootElement.getElementsByTagName(POLICY_ELEMENT);
        for (int i = 0; i < policyNodes.getLength(); i++) {
            Node policyNode = policyNodes.item(i);
            accessPolicies.add(parsePolicy((Element) policyNode));
        }
    } catch (SAXException | ParserConfigurationException | IOException e) {
        throw new AuthorizationAccessException("Unable to parse fingerprint", e);
    }
    return new PoliciesUsersAndGroups(accessPolicies, users, groups);
}
Also used : Element(org.w3c.dom.Element) NodeList(org.w3c.dom.NodeList) Node(org.w3c.dom.Node) ArrayList(java.util.ArrayList) IOException(java.io.IOException) Document(org.w3c.dom.Document) SAXException(org.xml.sax.SAXException) AuthorizationAccessException(org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException) ByteArrayInputStream(java.io.ByteArrayInputStream) DocumentBuilder(javax.xml.parsers.DocumentBuilder) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)

Example 3 with AuthorizationAccessException

use of org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException in project nifi-registry by apache.

the class AbstractPolicyBasedAuthorizer method checkInheritability.

/**
 * Returns whether the proposed fingerprint is inheritable.
 *
 * @param proposedFingerprint the proposed fingerprint
 * @throws AuthorizationAccessException if there was an unexpected error performing the operation
 * @throws UninheritableAuthorizationsException if the proposed fingerprint was uninheritable
 */
@Override
public final void checkInheritability(String proposedFingerprint) throws AuthorizationAccessException, UninheritableAuthorizationsException {
    try {
        // ensure we understand the proposed fingerprint
        parsePoliciesUsersAndGroups(proposedFingerprint);
    } catch (final AuthorizationAccessException e) {
        throw new UninheritableAuthorizationsException("Unable to parse proposed fingerprint: " + e);
    }
    final List<User> users = getSortedUsers();
    final List<Group> groups = getSortedGroups();
    final List<AccessPolicy> accessPolicies = getSortedAccessPolicies();
    // ensure we're in a state to inherit
    if (!users.isEmpty() || !groups.isEmpty() || !accessPolicies.isEmpty()) {
        throw new UninheritableAuthorizationsException("Proposed fingerprint is not inheritable because the current Authorizations is not empty..");
    }
}
Also used : UninheritableAuthorizationsException(org.apache.nifi.registry.security.authorization.exception.UninheritableAuthorizationsException) AuthorizationAccessException(org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException)

Example 4 with AuthorizationAccessException

use of org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException in project nifi-registry by apache.

the class FileAccessPolicyProvider method getFingerprint.

@Override
public String getFingerprint() throws AuthorizationAccessException {
    final List<AccessPolicy> policies = new ArrayList<>(getAccessPolicies());
    Collections.sort(policies, Comparator.comparing(AccessPolicy::getIdentifier));
    XMLStreamWriter writer = null;
    final StringWriter out = new StringWriter();
    try {
        writer = XML_OUTPUT_FACTORY.createXMLStreamWriter(out);
        writer.writeStartDocument();
        writer.writeStartElement("accessPolicies");
        for (AccessPolicy policy : policies) {
            writePolicy(writer, policy);
        }
        writer.writeEndElement();
        writer.writeEndDocument();
        writer.flush();
    } catch (XMLStreamException e) {
        throw new AuthorizationAccessException("Unable to generate fingerprint", e);
    } finally {
        if (writer != null) {
            try {
                writer.close();
            } catch (XMLStreamException e) {
            // nothing to do here
            }
        }
    }
    return out.toString();
}
Also used : AuthorizationAccessException(org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException) StringWriter(java.io.StringWriter) XMLStreamException(javax.xml.stream.XMLStreamException) XMLStreamWriter(javax.xml.stream.XMLStreamWriter) ArrayList(java.util.ArrayList) AccessPolicy(org.apache.nifi.registry.security.authorization.AccessPolicy)

Example 5 with AuthorizationAccessException

use of org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException in project nifi-registry by apache.

the class FileAccessPolicyProvider method saveAndRefreshHolder.

/**
 * Saves the Authorizations instance by marshalling to a file, then re-populates the
 * in-memory data structures and sets the new holder.
 *
 * Synchronized to ensure only one thread writes the file at a time.
 *
 * @param authorizations the authorizations to save and populate from
 * @throws AuthorizationAccessException if an error occurs saving the authorizations
 */
private synchronized void saveAndRefreshHolder(final Authorizations authorizations) throws AuthorizationAccessException {
    try {
        saveAuthorizations(authorizations);
        this.authorizationsHolder.set(new AuthorizationsHolder(authorizations));
    } catch (JAXBException e) {
        throw new AuthorizationAccessException("Unable to save Authorizations", e);
    }
}
Also used : AuthorizationAccessException(org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException) JAXBException(javax.xml.bind.JAXBException)

Aggregations

AuthorizationAccessException (org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException)13 IOException (java.io.IOException)6 ArrayList (java.util.ArrayList)6 ByteArrayInputStream (java.io.ByteArrayInputStream)4 StringWriter (java.io.StringWriter)4 XMLStreamException (javax.xml.stream.XMLStreamException)4 XMLStreamWriter (javax.xml.stream.XMLStreamWriter)4 DocumentBuilder (javax.xml.parsers.DocumentBuilder)3 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)3 Document (org.w3c.dom.Document)3 Element (org.w3c.dom.Element)3 Node (org.w3c.dom.Node)3 NodeList (org.w3c.dom.NodeList)3 SAXException (org.xml.sax.SAXException)3 KeyManagementException (java.security.KeyManagementException)2 KeyStoreException (java.security.KeyStoreException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 UnrecoverableKeyException (java.security.UnrecoverableKeyException)2 CertificateException (java.security.cert.CertificateException)2 HashMap (java.util.HashMap)2