Examples with Authorizations org.apache.nifi.registry.security.authorization.file.generated.Authorizations used on opensource projects

Example 1 with Authorizations

use of org.apache.nifi.registry.security.authorization.file.generated.Authorizations in project nifi-registry by apache.

the class FileAccessPolicyProvider method onConfigured.

@Override
public void onConfigured(AuthorizerConfigurationContext configurationContext) throws SecurityProviderCreationException {
    try {
        final PropertyValue userGroupProviderIdentifier = configurationContext.getProperty(PROP_USER_GROUP_PROVIDER);
        if (!userGroupProviderIdentifier.isSet()) {
            throw new SecurityProviderCreationException("The user group provider must be specified.");
        }
        userGroupProvider = userGroupProviderLookup.getUserGroupProvider(userGroupProviderIdentifier.getValue());
        if (userGroupProvider == null) {
            throw new SecurityProviderCreationException("Unable to locate user group provider with identifier " + userGroupProviderIdentifier.getValue());
        }
        final PropertyValue authorizationsPath = configurationContext.getProperty(PROP_AUTHORIZATIONS_FILE);
        if (StringUtils.isBlank(authorizationsPath.getValue())) {
            throw new SecurityProviderCreationException("The authorizations file must be specified.");
        }
        // get the authorizations file and ensure it exists
        authorizationsFile = new File(authorizationsPath.getValue());
        if (!authorizationsFile.exists()) {
            logger.info("Creating new authorizations file at {}", new Object[] { authorizationsFile.getAbsolutePath() });
            saveAuthorizations(new Authorizations());
        }
        // extract the identity mappings from nifi-registry.properties if any are provided
        identityMappings = Collections.unmodifiableList(IdentityMappingUtil.getIdentityMappings(properties));
        // get the value of the initial admin identity
        final PropertyValue initialAdminIdentityProp = configurationContext.getProperty(PROP_INITIAL_ADMIN_IDENTITY);
        initialAdminIdentity = initialAdminIdentityProp.isSet() ? IdentityMappingUtil.mapIdentity(initialAdminIdentityProp.getValue(), identityMappings) : null;
        // extract any nifi identities
        nifiIdentities = new HashSet<>();
        for (Map.Entry<String, String> entry : configurationContext.getProperties().entrySet()) {
            Matcher matcher = NIFI_IDENTITY_PATTERN.matcher(entry.getKey());
            if (matcher.matches() && !StringUtils.isBlank(entry.getValue())) {
                nifiIdentities.add(IdentityMappingUtil.mapIdentity(entry.getValue(), identityMappings));
            }
        }
        // load the authorizations
        load();
        logger.info(String.format("Authorizations file loaded at %s", new Date().toString()));
    } catch (SecurityProviderCreationException | JAXBException | IllegalStateException | SAXException e) {
        throw new SecurityProviderCreationException(e);
    }
}

Example 2 with Authorizations

use of org.apache.nifi.registry.security.authorization.file.generated.Authorizations in project nifi-registry by apache.

the class FileAccessPolicyProvider method addAccessPolicy.

@Override
public synchronized AccessPolicy addAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
    if (accessPolicy == null) {
        throw new IllegalArgumentException("AccessPolicy cannot be null");
    }
    // create the new JAXB Policy
    final Policy policy = createJAXBPolicy(accessPolicy);
    // add the new Policy to the top-level list of policies
    final AuthorizationsHolder holder = authorizationsHolder.get();
    final Authorizations authorizations = holder.getAuthorizations();
    authorizations.getPolicies().getPolicy().add(policy);
    saveAndRefreshHolder(authorizations);
    return authorizationsHolder.get().getPoliciesById().get(accessPolicy.getIdentifier());
}

Example 3 with Authorizations

use of org.apache.nifi.registry.security.authorization.file.generated.Authorizations in project nifi-registry by apache.

the class FileAccessPolicyProvider method unmarshallAuthorizations.

private Authorizations unmarshallAuthorizations() throws JAXBException {
    final Unmarshaller unmarshaller = JAXB_AUTHORIZATIONS_CONTEXT.createUnmarshaller();
    unmarshaller.setSchema(authorizationsSchema);
    final JAXBElement<Authorizations> element = unmarshaller.unmarshal(new StreamSource(authorizationsFile), Authorizations.class);
    return element.getValue();
}

Example 4 with Authorizations

use of org.apache.nifi.registry.security.authorization.file.generated.Authorizations in project nifi-registry by apache.

the class FileAccessPolicyProvider method deleteAccessPolicy.

@Override
public synchronized AccessPolicy deleteAccessPolicy(String accessPolicyIdentifer) throws AuthorizationAccessException {
    if (accessPolicyIdentifer == null) {
        throw new IllegalArgumentException("Access policy identifier cannot be null");
    }
    final AuthorizationsHolder holder = this.authorizationsHolder.get();
    AccessPolicy deletedPolicy = holder.getPoliciesById().get(accessPolicyIdentifer);
    if (deletedPolicy == null) {
        return null;
    }
    // find the matching Policy and remove it
    final Authorizations authorizations = holder.getAuthorizations();
    Iterator<Policy> policyIter = authorizations.getPolicies().getPolicy().iterator();
    while (policyIter.hasNext()) {
        final Policy policy = policyIter.next();
        if (policy.getIdentifier().equals(accessPolicyIdentifer)) {
            policyIter.remove();
            break;
        }
    }
    saveAndRefreshHolder(authorizations);
    return deletedPolicy;
}

Example 5 with Authorizations

use of org.apache.nifi.registry.security.authorization.file.generated.Authorizations in project nifi-registry by apache.

the class FileAccessPolicyProvider method load.

/**
 * Loads the authorizations file and populates the AuthorizationsHolder, only called during start-up.
 *
 * @throws JAXBException            Unable to reload the authorized users file
 */
private synchronized void load() throws JAXBException, SAXException {
    // attempt to unmarshal
    final Authorizations authorizations = unmarshallAuthorizations();
    if (authorizations.getPolicies() == null) {
        authorizations.setPolicies(new Policies());
    }
    final AuthorizationsHolder authorizationsHolder = new AuthorizationsHolder(authorizations);
    final boolean emptyAuthorizations = authorizationsHolder.getAllPolicies().isEmpty();
    final boolean hasInitialAdminIdentity = (initialAdminIdentity != null && !StringUtils.isBlank(initialAdminIdentity));
    final boolean hasNiFiIdentities = (nifiIdentities != null && !nifiIdentities.isEmpty());
    // if we are starting fresh then we might need to populate an initial admin
    if (emptyAuthorizations) {
        if (hasInitialAdminIdentity) {
            logger.info("Populating authorizations for Initial Admin: " + initialAdminIdentity);
            populateInitialAdmin(authorizations);
        }
        if (hasNiFiIdentities) {
            logger.info("Populating proxy authorizations for NiFi clients: [{}]", StringUtils.join(nifiIdentities, ";"));
            populateNiFiIdentities(authorizations);
        }
        saveAndRefreshHolder(authorizations);
    } else {
        this.authorizationsHolder.set(authorizationsHolder);
    }
}