Example 1 with Tenants
use of org.apache.nifi.registry.security.authorization.file.tenants.generated.Tenants in project nifi-registry by apache.
the class FileUserGroupProvider method onConfigured.
@Override
public void onConfigured(AuthorizerConfigurationContext configurationContext) throws SecurityProviderCreationException {
try {
final PropertyValue tenantsPath = configurationContext.getProperty(PROP_TENANTS_FILE);
if (StringUtils.isBlank(tenantsPath.getValue())) {
throw new SecurityProviderCreationException("The users file must be specified.");
}
// get the tenants file and ensure it exists
tenantsFile = new File(tenantsPath.getValue());
if (!tenantsFile.exists()) {
logger.info("Creating new users file at {}", new Object[] { tenantsFile.getAbsolutePath() });
saveTenants(new Tenants());
}
final File tenantsFileDirectory = tenantsFile.getAbsoluteFile().getParentFile();
// extract the identity mappings from nifi-registry.properties if any are provided
identityMappings = Collections.unmodifiableList(IdentityMappingUtil.getIdentityMappings(properties));
// extract any nifi identities
initialUserIdentities = new HashSet<>();
for (Map.Entry<String, String> entry : configurationContext.getProperties().entrySet()) {
Matcher matcher = INITIAL_USER_IDENTITY_PATTERN.matcher(entry.getKey());
if (matcher.matches() && !StringUtils.isBlank(entry.getValue())) {
initialUserIdentities.add(IdentityMappingUtil.mapIdentity(entry.getValue(), identityMappings));
}
}
load();
// if we've copied the authorizations file to a restore directory synchronize it
if (restoreTenantsFile != null) {
FileUtils.copyFile(tenantsFile, restoreTenantsFile, false, false, logger);
}
logger.info(String.format("Users/Groups file loaded at %s", new Date().toString()));
} catch (IOException | SecurityProviderCreationException | JAXBException | IllegalStateException | SAXException e) {
throw new SecurityProviderCreationException(e);
}
}
Also used :
SecurityProviderCreationException(org.apache.nifi.registry.security.exception.SecurityProviderCreationException)
Matcher(java.util.regex.Matcher)
JAXBException(javax.xml.bind.JAXBException)
PropertyValue(org.apache.nifi.registry.util.PropertyValue)
Tenants(org.apache.nifi.registry.security.authorization.file.tenants.generated.Tenants)
IOException(java.io.IOException)
Date(java.util.Date)
SAXException(org.xml.sax.SAXException)
File(java.io.File)
Map(java.util.Map)
Example 2 with Tenants
use of org.apache.nifi.registry.security.authorization.file.tenants.generated.Tenants in project nifi-registry by apache.
the class FileUserGroupProvider method load.
/**
* Loads the authorizations file and populates the AuthorizationsHolder, only called during start-up.
*
* @throws JAXBException Unable to reload the authorized users file
* @throws IllegalStateException Unable to sync file with restore
* @throws SAXException Unable to unmarshall tenants
*/
private synchronized void load() throws JAXBException, IllegalStateException, SAXException {
final Tenants tenants = unmarshallTenants();
if (tenants.getUsers() == null) {
tenants.setUsers(new Users());
}
if (tenants.getGroups() == null) {
tenants.setGroups(new Groups());
}
final UserGroupHolder userGroupHolder = new UserGroupHolder(tenants);
final boolean emptyTenants = userGroupHolder.getAllUsers().isEmpty() && userGroupHolder.getAllGroups().isEmpty();
if (emptyTenants) {
populateInitialUsers(tenants);
// save any changes that were made and repopulate the holder
saveAndRefreshHolder(tenants);
} else {
this.userGroupHolder.set(userGroupHolder);
}
}
Also used :
Groups(org.apache.nifi.registry.security.authorization.file.tenants.generated.Groups)
UserAndGroups(org.apache.nifi.registry.security.authorization.UserAndGroups)
Tenants(org.apache.nifi.registry.security.authorization.file.tenants.generated.Tenants)
Users(org.apache.nifi.registry.security.authorization.file.tenants.generated.Users)
Example 3 with Tenants
use of org.apache.nifi.registry.security.authorization.file.tenants.generated.Tenants in project nifi-registry by apache.
the class FileUserGroupProvider method deleteGroup.
@Override
public synchronized Group deleteGroup(String groupIdentifier) throws AuthorizationAccessException {
if (groupIdentifier == null) {
throw new IllegalArgumentException("Group identifier cannot be null");
}
final UserGroupHolder holder = userGroupHolder.get();
final Group deletedGroup = holder.getGroupsById().get(groupIdentifier);
if (deletedGroup == null) {
return null;
}
// now remove the actual group from the top-level list of groups
final Tenants tenants = holder.getTenants();
Iterator<org.apache.nifi.registry.security.authorization.file.tenants.generated.Group> iter = tenants.getGroups().getGroup().iterator();
while (iter.hasNext()) {
org.apache.nifi.registry.security.authorization.file.tenants.generated.Group jaxbGroup = iter.next();
if (groupIdentifier.equals(jaxbGroup.getIdentifier())) {
iter.remove();
break;
}
}
saveAndRefreshHolder(tenants);
return deletedGroup;
}Example 4 with Tenants
use of org.apache.nifi.registry.security.authorization.file.tenants.generated.Tenants in project nifi-registry by apache.
the class FileUserGroupProvider method unmarshallTenants.
private Tenants unmarshallTenants() throws JAXBException {
final Unmarshaller unmarshaller = JAXB_TENANTS_CONTEXT.createUnmarshaller();
unmarshaller.setSchema(tenantsSchema);
final JAXBElement<Tenants> element = unmarshaller.unmarshal(new StreamSource(tenantsFile), Tenants.class);
return element.getValue();
}
Also used :
StreamSource(javax.xml.transform.stream.StreamSource)
Tenants(org.apache.nifi.registry.security.authorization.file.tenants.generated.Tenants)
Unmarshaller(javax.xml.bind.Unmarshaller)
Example 5 with Tenants
use of org.apache.nifi.registry.security.authorization.file.tenants.generated.Tenants in project nifi-registry by apache.
the class FileUserGroupProvider method updateGroup.
@Override
public synchronized Group updateGroup(Group group) throws AuthorizationAccessException {
if (group == null) {
throw new IllegalArgumentException("Group cannot be null");
}
final UserGroupHolder holder = userGroupHolder.get();
final Tenants tenants = holder.getTenants();
// find the group that needs to be update
org.apache.nifi.registry.security.authorization.file.tenants.generated.Group updateGroup = null;
for (org.apache.nifi.registry.security.authorization.file.tenants.generated.Group jaxbGroup : tenants.getGroups().getGroup()) {
if (jaxbGroup.getIdentifier().equals(group.getIdentifier())) {
updateGroup = jaxbGroup;
break;
}
}
// if the group wasn't found return null, otherwise update the group and save changes
if (updateGroup == null) {
return null;
}
// reset the list of users and add each user to the group
updateGroup.getUser().clear();
for (String groupUser : group.getUsers()) {
org.apache.nifi.registry.security.authorization.file.tenants.generated.Group.User jaxbGroupUser = new org.apache.nifi.registry.security.authorization.file.tenants.generated.Group.User();
jaxbGroupUser.setIdentifier(groupUser);
updateGroup.getUser().add(jaxbGroupUser);
}
updateGroup.setName(group.getName());
saveAndRefreshHolder(tenants);
return userGroupHolder.get().getGroupsById().get(group.getIdentifier());
}Aggregations
Tenants (org.apache.nifi.registry.security.authorization.file.tenants.generated.Tenants)9
Group (org.apache.nifi.registry.security.authorization.Group)4
User (org.apache.nifi.registry.security.authorization.User)4
File (java.io.File)1
IOException (java.io.IOException)1
Date (java.util.Date)1
Map (java.util.Map)1
Matcher (java.util.regex.Matcher)1
JAXBException (javax.xml.bind.JAXBException)1
Unmarshaller (javax.xml.bind.Unmarshaller)1
StreamSource (javax.xml.transform.stream.StreamSource)1
UserAndGroups (org.apache.nifi.registry.security.authorization.UserAndGroups)1
Groups (org.apache.nifi.registry.security.authorization.file.tenants.generated.Groups)1
Users (org.apache.nifi.registry.security.authorization.file.tenants.generated.Users)1
SecurityProviderCreationException (org.apache.nifi.registry.security.exception.SecurityProviderCreationException)1
PropertyValue (org.apache.nifi.registry.util.PropertyValue)1
SAXException (org.xml.sax.SAXException)1
