Examples with ResourceType - org.apache.nifi.registry.security.authorization.resource.ResourceType

Example 1 with ResourceType

use of org.apache.nifi.registry.security.authorization.resource.ResourceType in project nifi-registry by apache.

the class ResourceAuthorizationFilter method doFilter.

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
    HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
    boolean authorizationCheckIsRequired = false;
    String resourcePath = null;
    RequestAction action = null;
    // Only require authorization if the NiFi Registry is running securely.
    if (servletRequest.isSecure()) {
        // Only require authorization for resources for which this filter has been configured
        resourcePath = httpServletRequest.getServletPath();
        if (resourcePath != null) {
            final ResourceType resourceType = ResourceType.mapFullResourcePathToResourceType(resourcePath);
            final HttpMethodAuthorizationRules authorizationRules = resourceTypeAuthorizationRules.get(resourceType);
            if (authorizationRules != null) {
                final String httpMethodStr = httpServletRequest.getMethod().toUpperCase();
                HttpMethod httpMethod = HttpMethod.resolve(httpMethodStr);
                // Only require authorization for HTTP methods included in this resource type's rule set
                if (httpMethod != null && authorizationRules.requiresAuthorization(httpMethod)) {
                    authorizationCheckIsRequired = true;
                    action = authorizationRules.mapHttpMethodToAction(httpMethod);
                }
            }
        }
    }
    if (!authorizationCheckIsRequired) {
        forwardRequestWithoutAuthorizationCheck(httpServletRequest, httpServletResponse, filterChain);
        return;
    }
    // Perform authorization check
    try {
        authorizeAccess(resourcePath, action);
        successfulAuthorization(httpServletRequest, httpServletResponse, filterChain);
    } catch (Exception e) {
        logger.debug("Exception occurred while performing authorization check.", e);
        failedAuthorization(httpServletRequest, httpServletResponse, filterChain, e);
    }
}

Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) RequestAction(org.apache.nifi.registry.security.authorization.RequestAction) HttpServletResponse(javax.servlet.http.HttpServletResponse) ResourceType(org.apache.nifi.registry.security.authorization.resource.ResourceType) HttpMethod(org.springframework.http.HttpMethod) AccessDeniedException(org.apache.nifi.registry.security.authorization.exception.AccessDeniedException) ServletException(javax.servlet.ServletException) IOException(java.io.IOException)

Aggregations

IOException (java.io.IOException)1 ServletException (javax.servlet.ServletException)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 RequestAction (org.apache.nifi.registry.security.authorization.RequestAction)1 AccessDeniedException (org.apache.nifi.registry.security.authorization.exception.AccessDeniedException)1 ResourceType (org.apache.nifi.registry.security.authorization.resource.ResourceType)1 HttpMethod (org.springframework.http.HttpMethod)1