Examples with AuthorizationAccessException org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException used on opensource projects

Example 1 with AuthorizationAccessException

use of org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException in project nifi-registry by apache.

the class AbstractPolicyBasedAuthorizer method getFingerprint.

/**
 * Returns a fingerprint representing the authorizations managed by this authorizer. The fingerprint will be
 * used for comparison to determine if two policy-based authorizers represent a compatible set of users,
 * groups, and policies.
 *
 * @return the fingerprint for this Authorizer
 */
@Override
public final String getFingerprint() throws AuthorizationAccessException {
    final List<User> users = getSortedUsers();
    final List<Group> groups = getSortedGroups();
    final List<AccessPolicy> policies = getSortedAccessPolicies();
    XMLStreamWriter writer = null;
    final StringWriter out = new StringWriter();
    try {
        writer = XML_OUTPUT_FACTORY.createXMLStreamWriter(out);
        writer.writeStartDocument();
        writer.writeStartElement("authorizations");
        for (User user : users) {
            writeUser(writer, user);
        }
        for (Group group : groups) {
            writeGroup(writer, group);
        }
        for (AccessPolicy policy : policies) {
            writePolicy(writer, policy);
        }
        writer.writeEndElement();
        writer.writeEndDocument();
        writer.flush();
    } catch (XMLStreamException e) {
        throw new AuthorizationAccessException("Unable to generate fingerprint", e);
    } finally {
        if (writer != null) {
            try {
                writer.close();
            } catch (XMLStreamException e) {
            // nothing to do here
            }
        }
    }
    return out.toString();
}

Example 2 with AuthorizationAccessException

use of org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException in project nifi-registry by apache.

the class AbstractPolicyBasedAuthorizer method parsePoliciesUsersAndGroups.

private PoliciesUsersAndGroups parsePoliciesUsersAndGroups(final String fingerprint) {
    final List<AccessPolicy> accessPolicies = new ArrayList<>();
    final List<User> users = new ArrayList<>();
    final List<Group> groups = new ArrayList<>();
    final byte[] fingerprintBytes = fingerprint.getBytes(StandardCharsets.UTF_8);
    try (final ByteArrayInputStream in = new ByteArrayInputStream(fingerprintBytes)) {
        final DocumentBuilder docBuilder = DOCUMENT_BUILDER_FACTORY.newDocumentBuilder();
        final Document document = docBuilder.parse(in);
        final Element rootElement = document.getDocumentElement();
        // parse all the users and add them to the current authorizer
        NodeList userNodes = rootElement.getElementsByTagName(USER_ELEMENT);
        for (int i = 0; i < userNodes.getLength(); i++) {
            Node userNode = userNodes.item(i);
            users.add(parseUser((Element) userNode));
        }
        // parse all the groups and add them to the current authorizer
        NodeList groupNodes = rootElement.getElementsByTagName(GROUP_ELEMENT);
        for (int i = 0; i < groupNodes.getLength(); i++) {
            Node groupNode = groupNodes.item(i);
            groups.add(parseGroup((Element) groupNode));
        }
        // parse all the policies and add them to the current authorizer
        NodeList policyNodes = rootElement.getElementsByTagName(POLICY_ELEMENT);
        for (int i = 0; i < policyNodes.getLength(); i++) {
            Node policyNode = policyNodes.item(i);
            accessPolicies.add(parsePolicy((Element) policyNode));
        }
    } catch (SAXException | ParserConfigurationException | IOException e) {
        throw new AuthorizationAccessException("Unable to parse fingerprint", e);
    }
    return new PoliciesUsersAndGroups(accessPolicies, users, groups);
}

Example 3 with AuthorizationAccessException

use of org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException in project nifi-registry by apache.

the class AbstractPolicyBasedAuthorizer method checkInheritability.

/**
 * Returns whether the proposed fingerprint is inheritable.
 *
 * @param proposedFingerprint the proposed fingerprint
 * @throws AuthorizationAccessException if there was an unexpected error performing the operation
 * @throws UninheritableAuthorizationsException if the proposed fingerprint was uninheritable
 */
@Override
public final void checkInheritability(String proposedFingerprint) throws AuthorizationAccessException, UninheritableAuthorizationsException {
    try {
        // ensure we understand the proposed fingerprint
        parsePoliciesUsersAndGroups(proposedFingerprint);
    } catch (final AuthorizationAccessException e) {
        throw new UninheritableAuthorizationsException("Unable to parse proposed fingerprint: " + e);
    }
    final List<User> users = getSortedUsers();
    final List<Group> groups = getSortedGroups();
    final List<AccessPolicy> accessPolicies = getSortedAccessPolicies();
    // ensure we're in a state to inherit
    if (!users.isEmpty() || !groups.isEmpty() || !accessPolicies.isEmpty()) {
        throw new UninheritableAuthorizationsException("Proposed fingerprint is not inheritable because the current Authorizations is not empty..");
    }
}

Example 4 with AuthorizationAccessException

use of org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException in project nifi-registry by apache.

the class FileAccessPolicyProvider method getFingerprint.

@Override
public String getFingerprint() throws AuthorizationAccessException {
    final List<AccessPolicy> policies = new ArrayList<>(getAccessPolicies());
    Collections.sort(policies, Comparator.comparing(AccessPolicy::getIdentifier));
    XMLStreamWriter writer = null;
    final StringWriter out = new StringWriter();
    try {
        writer = XML_OUTPUT_FACTORY.createXMLStreamWriter(out);
        writer.writeStartDocument();
        writer.writeStartElement("accessPolicies");
        for (AccessPolicy policy : policies) {
            writePolicy(writer, policy);
        }
        writer.writeEndElement();
        writer.writeEndDocument();
        writer.flush();
    } catch (XMLStreamException e) {
        throw new AuthorizationAccessException("Unable to generate fingerprint", e);
    } finally {
        if (writer != null) {
            try {
                writer.close();
            } catch (XMLStreamException e) {
            // nothing to do here
            }
        }
    }
    return out.toString();
}

Example 5 with AuthorizationAccessException

use of org.apache.nifi.registry.security.authorization.exception.AuthorizationAccessException in project nifi-registry by apache.

the class FileAccessPolicyProvider method saveAndRefreshHolder.

/**
 * Saves the Authorizations instance by marshalling to a file, then re-populates the
 * in-memory data structures and sets the new holder.
 *
 * Synchronized to ensure only one thread writes the file at a time.
 *
 * @param authorizations the authorizations to save and populate from
 * @throws AuthorizationAccessException if an error occurs saving the authorizations
 */
private synchronized void saveAndRefreshHolder(final Authorizations authorizations) throws AuthorizationAccessException {
    try {
        saveAuthorizations(authorizations);
        this.authorizationsHolder.set(new AuthorizationsHolder(authorizations));
    } catch (JAXBException e) {
        throw new AuthorizationAccessException("Unable to save Authorizations", e);
    }
}