Example 1 with Policy
use of org.apache.nifi.registry.security.authorization.file.generated.Policy in project nifi-registry by apache.
the class FileAccessPolicyProvider method addAccessPolicy.
@Override
public synchronized AccessPolicy addAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
if (accessPolicy == null) {
throw new IllegalArgumentException("AccessPolicy cannot be null");
}
// create the new JAXB Policy
final Policy policy = createJAXBPolicy(accessPolicy);
// add the new Policy to the top-level list of policies
final AuthorizationsHolder holder = authorizationsHolder.get();
final Authorizations authorizations = holder.getAuthorizations();
authorizations.getPolicies().getPolicy().add(policy);
saveAndRefreshHolder(authorizations);
return authorizationsHolder.get().getPoliciesById().get(accessPolicy.getIdentifier());
}
Also used :
AccessPolicy(org.apache.nifi.registry.security.authorization.AccessPolicy)
Policy(org.apache.nifi.registry.security.authorization.file.generated.Policy)
Authorizations(org.apache.nifi.registry.security.authorization.file.generated.Authorizations)
Example 2 with Policy
use of org.apache.nifi.registry.security.authorization.file.generated.Policy in project nifi-registry by apache.
the class FileAccessPolicyProvider method getOrCreatePolicy.
/**
* Finds the Policy matching the resource and action, or creates a new one and adds it to the list of policies.
*
* @param policies the policies to search through
* @param seedIdentity the seedIdentity to use when creating identifiers for new policies
* @param resource the resource for the policy
* @param action the action string for the police (R or RW)
* @return the matching policy or a new policy
*/
private Policy getOrCreatePolicy(final List<Policy> policies, final String seedIdentity, final String resource, final String action) {
Policy foundPolicy = null;
// try to find a policy with the same resource and actions
for (Policy policy : policies) {
if (policy.getResource().equals(resource) && policy.getAction().equals(action)) {
foundPolicy = policy;
break;
}
}
// if a matching policy wasn't found then create one
if (foundPolicy == null) {
final String uuidSeed = resource + action + seedIdentity;
final String policyIdentifier = IdentifierUtil.getIdentifier(uuidSeed);
foundPolicy = new Policy();
foundPolicy.setIdentifier(policyIdentifier);
foundPolicy.setResource(resource);
foundPolicy.setAction(action);
policies.add(foundPolicy);
}
return foundPolicy;
}
Also used :
AccessPolicy(org.apache.nifi.registry.security.authorization.AccessPolicy)
Policy(org.apache.nifi.registry.security.authorization.file.generated.Policy)
Example 3 with Policy
use of org.apache.nifi.registry.security.authorization.file.generated.Policy in project nifi-registry by apache.
the class FileAccessPolicyProvider method addUserToAccessPolicy.
/**
* Creates and adds an access policy for the given resource, identity, and actions to the specified authorizations.
*
* @param authorizations the Authorizations instance to add the policy to
* @param resource the resource for the policy
* @param userIdentifier the identifier for the user to add to the policy
* @param action the action for the policy
*/
private void addUserToAccessPolicy(final Authorizations authorizations, final String resource, final String userIdentifier, final String action) {
// first try to find an existing policy for the given resource and action
Policy foundPolicy = null;
for (Policy policy : authorizations.getPolicies().getPolicy()) {
if (policy.getResource().equals(resource) && policy.getAction().equals(action)) {
foundPolicy = policy;
break;
}
}
if (foundPolicy == null) {
// if we didn't find an existing policy create a new one
final String uuidSeed = resource + action;
final AccessPolicy.Builder builder = new AccessPolicy.Builder().identifierGenerateFromSeed(uuidSeed).resource(resource).addUser(userIdentifier);
if (action.equals(READ_CODE)) {
builder.action(RequestAction.READ);
} else if (action.equals(WRITE_CODE)) {
builder.action(RequestAction.WRITE);
} else if (action.equals(DELETE_CODE)) {
builder.action(RequestAction.DELETE);
} else {
throw new IllegalStateException("Unknown Policy Action: " + action);
}
final AccessPolicy accessPolicy = builder.build();
final Policy jaxbPolicy = createJAXBPolicy(accessPolicy);
authorizations.getPolicies().getPolicy().add(jaxbPolicy);
} else {
// otherwise add the user to the existing policy
Policy.User policyUser = new Policy.User();
policyUser.setIdentifier(userIdentifier);
foundPolicy.getUser().add(policyUser);
}
}
Also used :
AccessPolicy(org.apache.nifi.registry.security.authorization.AccessPolicy)
Policy(org.apache.nifi.registry.security.authorization.file.generated.Policy)
User(org.apache.nifi.registry.security.authorization.User)
AccessPolicy(org.apache.nifi.registry.security.authorization.AccessPolicy)
Example 4 with Policy
use of org.apache.nifi.registry.security.authorization.file.generated.Policy in project nifi-registry by apache.
the class FileAccessPolicyProvider method createJAXBPolicy.
private Policy createJAXBPolicy(final AccessPolicy accessPolicy) {
final Policy policy = new Policy();
policy.setIdentifier(accessPolicy.getIdentifier());
policy.setResource(accessPolicy.getResource());
switch(accessPolicy.getAction()) {
case READ:
policy.setAction(READ_CODE);
break;
case WRITE:
policy.setAction(WRITE_CODE);
break;
case DELETE:
policy.setAction(DELETE_CODE);
break;
default:
break;
}
transferUsersAndGroups(accessPolicy, policy);
return policy;
}
Also used :
AccessPolicy(org.apache.nifi.registry.security.authorization.AccessPolicy)
Policy(org.apache.nifi.registry.security.authorization.file.generated.Policy)
Example 5 with Policy
use of org.apache.nifi.registry.security.authorization.file.generated.Policy in project nifi-registry by apache.
the class FileAccessPolicyProvider method deleteAccessPolicy.
@Override
public synchronized AccessPolicy deleteAccessPolicy(String accessPolicyIdentifer) throws AuthorizationAccessException {
if (accessPolicyIdentifer == null) {
throw new IllegalArgumentException("Access policy identifier cannot be null");
}
final AuthorizationsHolder holder = this.authorizationsHolder.get();
AccessPolicy deletedPolicy = holder.getPoliciesById().get(accessPolicyIdentifer);
if (deletedPolicy == null) {
return null;
}
// find the matching Policy and remove it
final Authorizations authorizations = holder.getAuthorizations();
Iterator<Policy> policyIter = authorizations.getPolicies().getPolicy().iterator();
while (policyIter.hasNext()) {
final Policy policy = policyIter.next();
if (policy.getIdentifier().equals(accessPolicyIdentifer)) {
policyIter.remove();
break;
}
}
saveAndRefreshHolder(authorizations);
return deletedPolicy;
}
Also used :
AccessPolicy(org.apache.nifi.registry.security.authorization.AccessPolicy)
Policy(org.apache.nifi.registry.security.authorization.file.generated.Policy)
Authorizations(org.apache.nifi.registry.security.authorization.file.generated.Authorizations)
AccessPolicy(org.apache.nifi.registry.security.authorization.AccessPolicy)
Aggregations
AccessPolicy (org.apache.nifi.registry.security.authorization.AccessPolicy)6
Policy (org.apache.nifi.registry.security.authorization.file.generated.Policy)6
Authorizations (org.apache.nifi.registry.security.authorization.file.generated.Authorizations)3
User (org.apache.nifi.registry.security.authorization.User)1
