use of org.apache.nifi.remote.PortAuthorizationResult in project nifi by apache.
the class AbstractFlowFileServerProtocol method checkPortStatus.
protected void checkPortStatus(final Peer peer, String portId) throws HandshakeException {
Port receivedPort = rootGroup.getInputPort(portId);
if (receivedPort == null) {
receivedPort = rootGroup.getOutputPort(portId);
}
if (receivedPort == null) {
logger.debug("Responding with ResponseCode UNKNOWN_PORT for identifier {}", portId);
throw new HandshakeException(ResponseCode.UNKNOWN_PORT, "Received unknown port identifier: " + portId);
}
if (!(receivedPort instanceof RootGroupPort)) {
logger.debug("Responding with ResponseCode UNKNOWN_PORT for identifier {}", portId);
throw new HandshakeException(ResponseCode.UNKNOWN_PORT, "Received port identifier " + portId + ", but this Port is not a RootGroupPort");
}
this.port = (RootGroupPort) receivedPort;
final PortAuthorizationResult portAuthResult = this.port.checkUserAuthorization(peer.getCommunicationsSession().getUserDn());
if (!portAuthResult.isAuthorized()) {
logger.debug("Responding with ResponseCode UNAUTHORIZED: ", portAuthResult.getExplanation());
throw new HandshakeException(ResponseCode.UNAUTHORIZED, portAuthResult.getExplanation());
}
if (!receivedPort.isValid()) {
logger.debug("Responding with ResponseCode PORT_NOT_IN_VALID_STATE for {}", receivedPort);
throw new HandshakeException(ResponseCode.PORT_NOT_IN_VALID_STATE, "Port is not valid");
}
if (!receivedPort.isRunning()) {
logger.debug("Responding with ResponseCode PORT_NOT_IN_VALID_STATE for {}", receivedPort);
throw new HandshakeException(ResponseCode.PORT_NOT_IN_VALID_STATE, "Port not running");
}
// we we will simply not service the request but the sender will timeout
if (getVersionNegotiator().getVersion() > 1) {
for (final Connection connection : port.getConnections()) {
if (connection.getFlowFileQueue().isFull()) {
logger.debug("Responding with ResponseCode PORTS_DESTINATION_FULL for {}", port);
throw new HandshakeException(ResponseCode.PORTS_DESTINATION_FULL, "Received port identifier " + portId + ", but its destination is full");
}
}
}
}
use of org.apache.nifi.remote.PortAuthorizationResult in project nifi by apache.
the class TestHttpFlowFileServerProtocol method testPortNotInValidState.
@Test
public void testPortNotInValidState() throws Exception {
final HttpFlowFileServerProtocol serverProtocol = getDefaultHttpFlowFileServerProtocol();
final Peer peer = getDefaultPeer();
((HttpServerCommunicationsSession) peer.getCommunicationsSession()).putHandshakeParam(HandshakeProperty.PORT_IDENTIFIER, "port-identifier");
final ProcessGroup processGroup = mock(ProcessGroup.class);
final RootGroupPort port = mock(RootGroupPort.class);
final PortAuthorizationResult authResult = mock(PortAuthorizationResult.class);
doReturn(true).when(processGroup).isRootGroup();
doReturn(port).when(processGroup).getOutputPort("port-identifier");
doReturn(authResult).when(port).checkUserAuthorization(any(String.class));
doReturn(true).when(authResult).isAuthorized();
serverProtocol.setRootProcessGroup(processGroup);
try {
serverProtocol.handshake(peer);
fail();
} catch (final HandshakeException e) {
assertEquals(ResponseCode.PORT_NOT_IN_VALID_STATE, e.getResponseCode());
}
assertFalse(serverProtocol.isHandshakeSuccessful());
}
use of org.apache.nifi.remote.PortAuthorizationResult in project nifi by apache.
the class TestHttpFlowFileServerProtocol method testUnauthorized.
@Test
public void testUnauthorized() throws Exception {
final HttpFlowFileServerProtocol serverProtocol = getDefaultHttpFlowFileServerProtocol();
final Peer peer = getDefaultPeer();
((HttpServerCommunicationsSession) peer.getCommunicationsSession()).putHandshakeParam(HandshakeProperty.PORT_IDENTIFIER, "port-identifier");
final ProcessGroup processGroup = mock(ProcessGroup.class);
final RootGroupPort port = mock(RootGroupPort.class);
final PortAuthorizationResult authResult = mock(PortAuthorizationResult.class);
doReturn(true).when(processGroup).isRootGroup();
doReturn(port).when(processGroup).getOutputPort("port-identifier");
doReturn(authResult).when(port).checkUserAuthorization(any(String.class));
serverProtocol.setRootProcessGroup(processGroup);
try {
serverProtocol.handshake(peer);
fail();
} catch (final HandshakeException e) {
assertEquals(ResponseCode.UNAUTHORIZED, e.getResponseCode());
}
assertFalse(serverProtocol.isHandshakeSuccessful());
}
use of org.apache.nifi.remote.PortAuthorizationResult in project nifi by apache.
the class StandardAuthorizableLookup method getRootGroupInputPort.
@Override
public RootGroupPortAuthorizable getRootGroupInputPort(String id) {
final Port inputPort = inputPortDAO.getPort(id);
if (!(inputPort instanceof RootGroupPort)) {
throw new IllegalArgumentException(String.format("The specified id '%s' does not represent an input port in the root group.", id));
}
final DataTransferAuthorizable baseAuthorizable = new DataTransferAuthorizable(inputPort);
return new RootGroupPortAuthorizable() {
@Override
public Authorizable getAuthorizable() {
return baseAuthorizable;
}
@Override
public AuthorizationResult checkAuthorization(NiFiUser user) {
// perform the authorization of the user by using the underlying component, ensures consistent authorization with raw s2s
final PortAuthorizationResult authorizationResult = ((RootGroupPort) inputPort).checkUserAuthorization(user);
if (authorizationResult.isAuthorized()) {
return AuthorizationResult.approved();
} else {
return AuthorizationResult.denied(authorizationResult.getExplanation());
}
}
};
}
use of org.apache.nifi.remote.PortAuthorizationResult in project nifi by apache.
the class TestHttpFlowFileServerProtocol method testPortDestinationFull.
@Test
public void testPortDestinationFull() throws Exception {
final HttpFlowFileServerProtocol serverProtocol = getDefaultHttpFlowFileServerProtocol();
final Peer peer = getDefaultPeer();
((HttpServerCommunicationsSession) peer.getCommunicationsSession()).putHandshakeParam(HandshakeProperty.PORT_IDENTIFIER, "port-identifier");
final ProcessGroup processGroup = mock(ProcessGroup.class);
final RootGroupPort port = mock(RootGroupPort.class);
final PortAuthorizationResult authResult = mock(PortAuthorizationResult.class);
doReturn(true).when(processGroup).isRootGroup();
doReturn(port).when(processGroup).getOutputPort("port-identifier");
doReturn(authResult).when(port).checkUserAuthorization(any(String.class));
doReturn(true).when(authResult).isAuthorized();
doReturn(true).when(port).isValid();
doReturn(true).when(port).isRunning();
final Set<Connection> connections = new HashSet<>();
final Connection connection = mock(Connection.class);
connections.add(connection);
doReturn(connections).when(port).getConnections();
final FlowFileQueue flowFileQueue = mock(FlowFileQueue.class);
doReturn(flowFileQueue).when(connection).getFlowFileQueue();
doReturn(true).when(flowFileQueue).isFull();
serverProtocol.setRootProcessGroup(processGroup);
try {
serverProtocol.handshake(peer);
fail();
} catch (final HandshakeException e) {
assertEquals(ResponseCode.PORTS_DESTINATION_FULL, e.getResponseCode());
}
assertFalse(serverProtocol.isHandshakeSuccessful());
}
Aggregations