Search in sources :

Example 1 with PortAuthorizationResult

use of org.apache.nifi.remote.PortAuthorizationResult in project nifi by apache.

the class AbstractFlowFileServerProtocol method checkPortStatus.

protected void checkPortStatus(final Peer peer, String portId) throws HandshakeException {
    Port receivedPort = rootGroup.getInputPort(portId);
    if (receivedPort == null) {
        receivedPort = rootGroup.getOutputPort(portId);
    }
    if (receivedPort == null) {
        logger.debug("Responding with ResponseCode UNKNOWN_PORT for identifier {}", portId);
        throw new HandshakeException(ResponseCode.UNKNOWN_PORT, "Received unknown port identifier: " + portId);
    }
    if (!(receivedPort instanceof RootGroupPort)) {
        logger.debug("Responding with ResponseCode UNKNOWN_PORT for identifier {}", portId);
        throw new HandshakeException(ResponseCode.UNKNOWN_PORT, "Received port identifier " + portId + ", but this Port is not a RootGroupPort");
    }
    this.port = (RootGroupPort) receivedPort;
    final PortAuthorizationResult portAuthResult = this.port.checkUserAuthorization(peer.getCommunicationsSession().getUserDn());
    if (!portAuthResult.isAuthorized()) {
        logger.debug("Responding with ResponseCode UNAUTHORIZED: ", portAuthResult.getExplanation());
        throw new HandshakeException(ResponseCode.UNAUTHORIZED, portAuthResult.getExplanation());
    }
    if (!receivedPort.isValid()) {
        logger.debug("Responding with ResponseCode PORT_NOT_IN_VALID_STATE for {}", receivedPort);
        throw new HandshakeException(ResponseCode.PORT_NOT_IN_VALID_STATE, "Port is not valid");
    }
    if (!receivedPort.isRunning()) {
        logger.debug("Responding with ResponseCode PORT_NOT_IN_VALID_STATE for {}", receivedPort);
        throw new HandshakeException(ResponseCode.PORT_NOT_IN_VALID_STATE, "Port not running");
    }
    // we we will simply not service the request but the sender will timeout
    if (getVersionNegotiator().getVersion() > 1) {
        for (final Connection connection : port.getConnections()) {
            if (connection.getFlowFileQueue().isFull()) {
                logger.debug("Responding with ResponseCode PORTS_DESTINATION_FULL for {}", port);
                throw new HandshakeException(ResponseCode.PORTS_DESTINATION_FULL, "Received port identifier " + portId + ", but its destination is full");
            }
        }
    }
}
Also used : RootGroupPort(org.apache.nifi.remote.RootGroupPort) Port(org.apache.nifi.connectable.Port) RootGroupPort(org.apache.nifi.remote.RootGroupPort) Connection(org.apache.nifi.connectable.Connection) HandshakeException(org.apache.nifi.remote.exception.HandshakeException) PortAuthorizationResult(org.apache.nifi.remote.PortAuthorizationResult)

Example 2 with PortAuthorizationResult

use of org.apache.nifi.remote.PortAuthorizationResult in project nifi by apache.

the class TestHttpFlowFileServerProtocol method testPortNotInValidState.

@Test
public void testPortNotInValidState() throws Exception {
    final HttpFlowFileServerProtocol serverProtocol = getDefaultHttpFlowFileServerProtocol();
    final Peer peer = getDefaultPeer();
    ((HttpServerCommunicationsSession) peer.getCommunicationsSession()).putHandshakeParam(HandshakeProperty.PORT_IDENTIFIER, "port-identifier");
    final ProcessGroup processGroup = mock(ProcessGroup.class);
    final RootGroupPort port = mock(RootGroupPort.class);
    final PortAuthorizationResult authResult = mock(PortAuthorizationResult.class);
    doReturn(true).when(processGroup).isRootGroup();
    doReturn(port).when(processGroup).getOutputPort("port-identifier");
    doReturn(authResult).when(port).checkUserAuthorization(any(String.class));
    doReturn(true).when(authResult).isAuthorized();
    serverProtocol.setRootProcessGroup(processGroup);
    try {
        serverProtocol.handshake(peer);
        fail();
    } catch (final HandshakeException e) {
        assertEquals(ResponseCode.PORT_NOT_IN_VALID_STATE, e.getResponseCode());
    }
    assertFalse(serverProtocol.isHandshakeSuccessful());
}
Also used : HttpServerCommunicationsSession(org.apache.nifi.remote.io.http.HttpServerCommunicationsSession) RootGroupPort(org.apache.nifi.remote.RootGroupPort) Peer(org.apache.nifi.remote.Peer) ProcessGroup(org.apache.nifi.groups.ProcessGroup) PortAuthorizationResult(org.apache.nifi.remote.PortAuthorizationResult) HandshakeException(org.apache.nifi.remote.exception.HandshakeException) Test(org.junit.Test)

Example 3 with PortAuthorizationResult

use of org.apache.nifi.remote.PortAuthorizationResult in project nifi by apache.

the class TestHttpFlowFileServerProtocol method testUnauthorized.

@Test
public void testUnauthorized() throws Exception {
    final HttpFlowFileServerProtocol serverProtocol = getDefaultHttpFlowFileServerProtocol();
    final Peer peer = getDefaultPeer();
    ((HttpServerCommunicationsSession) peer.getCommunicationsSession()).putHandshakeParam(HandshakeProperty.PORT_IDENTIFIER, "port-identifier");
    final ProcessGroup processGroup = mock(ProcessGroup.class);
    final RootGroupPort port = mock(RootGroupPort.class);
    final PortAuthorizationResult authResult = mock(PortAuthorizationResult.class);
    doReturn(true).when(processGroup).isRootGroup();
    doReturn(port).when(processGroup).getOutputPort("port-identifier");
    doReturn(authResult).when(port).checkUserAuthorization(any(String.class));
    serverProtocol.setRootProcessGroup(processGroup);
    try {
        serverProtocol.handshake(peer);
        fail();
    } catch (final HandshakeException e) {
        assertEquals(ResponseCode.UNAUTHORIZED, e.getResponseCode());
    }
    assertFalse(serverProtocol.isHandshakeSuccessful());
}
Also used : HttpServerCommunicationsSession(org.apache.nifi.remote.io.http.HttpServerCommunicationsSession) RootGroupPort(org.apache.nifi.remote.RootGroupPort) Peer(org.apache.nifi.remote.Peer) ProcessGroup(org.apache.nifi.groups.ProcessGroup) PortAuthorizationResult(org.apache.nifi.remote.PortAuthorizationResult) HandshakeException(org.apache.nifi.remote.exception.HandshakeException) Test(org.junit.Test)

Example 4 with PortAuthorizationResult

use of org.apache.nifi.remote.PortAuthorizationResult in project nifi by apache.

the class StandardAuthorizableLookup method getRootGroupInputPort.

@Override
public RootGroupPortAuthorizable getRootGroupInputPort(String id) {
    final Port inputPort = inputPortDAO.getPort(id);
    if (!(inputPort instanceof RootGroupPort)) {
        throw new IllegalArgumentException(String.format("The specified id '%s' does not represent an input port in the root group.", id));
    }
    final DataTransferAuthorizable baseAuthorizable = new DataTransferAuthorizable(inputPort);
    return new RootGroupPortAuthorizable() {

        @Override
        public Authorizable getAuthorizable() {
            return baseAuthorizable;
        }

        @Override
        public AuthorizationResult checkAuthorization(NiFiUser user) {
            // perform the authorization of the user by using the underlying component, ensures consistent authorization with raw s2s
            final PortAuthorizationResult authorizationResult = ((RootGroupPort) inputPort).checkUserAuthorization(user);
            if (authorizationResult.isAuthorized()) {
                return AuthorizationResult.approved();
            } else {
                return AuthorizationResult.denied(authorizationResult.getExplanation());
            }
        }
    };
}
Also used : NiFiUser(org.apache.nifi.authorization.user.NiFiUser) RootGroupPort(org.apache.nifi.remote.RootGroupPort) Port(org.apache.nifi.connectable.Port) RootGroupPort(org.apache.nifi.remote.RootGroupPort) DataTransferAuthorizable(org.apache.nifi.authorization.resource.DataTransferAuthorizable) PortAuthorizationResult(org.apache.nifi.remote.PortAuthorizationResult)

Example 5 with PortAuthorizationResult

use of org.apache.nifi.remote.PortAuthorizationResult in project nifi by apache.

the class TestHttpFlowFileServerProtocol method testPortDestinationFull.

@Test
public void testPortDestinationFull() throws Exception {
    final HttpFlowFileServerProtocol serverProtocol = getDefaultHttpFlowFileServerProtocol();
    final Peer peer = getDefaultPeer();
    ((HttpServerCommunicationsSession) peer.getCommunicationsSession()).putHandshakeParam(HandshakeProperty.PORT_IDENTIFIER, "port-identifier");
    final ProcessGroup processGroup = mock(ProcessGroup.class);
    final RootGroupPort port = mock(RootGroupPort.class);
    final PortAuthorizationResult authResult = mock(PortAuthorizationResult.class);
    doReturn(true).when(processGroup).isRootGroup();
    doReturn(port).when(processGroup).getOutputPort("port-identifier");
    doReturn(authResult).when(port).checkUserAuthorization(any(String.class));
    doReturn(true).when(authResult).isAuthorized();
    doReturn(true).when(port).isValid();
    doReturn(true).when(port).isRunning();
    final Set<Connection> connections = new HashSet<>();
    final Connection connection = mock(Connection.class);
    connections.add(connection);
    doReturn(connections).when(port).getConnections();
    final FlowFileQueue flowFileQueue = mock(FlowFileQueue.class);
    doReturn(flowFileQueue).when(connection).getFlowFileQueue();
    doReturn(true).when(flowFileQueue).isFull();
    serverProtocol.setRootProcessGroup(processGroup);
    try {
        serverProtocol.handshake(peer);
        fail();
    } catch (final HandshakeException e) {
        assertEquals(ResponseCode.PORTS_DESTINATION_FULL, e.getResponseCode());
    }
    assertFalse(serverProtocol.isHandshakeSuccessful());
}
Also used : HttpServerCommunicationsSession(org.apache.nifi.remote.io.http.HttpServerCommunicationsSession) RootGroupPort(org.apache.nifi.remote.RootGroupPort) Peer(org.apache.nifi.remote.Peer) ProcessGroup(org.apache.nifi.groups.ProcessGroup) Connection(org.apache.nifi.connectable.Connection) FlowFileQueue(org.apache.nifi.controller.queue.FlowFileQueue) PortAuthorizationResult(org.apache.nifi.remote.PortAuthorizationResult) HandshakeException(org.apache.nifi.remote.exception.HandshakeException) HashSet(java.util.HashSet) Test(org.junit.Test)

Aggregations

PortAuthorizationResult (org.apache.nifi.remote.PortAuthorizationResult)6 RootGroupPort (org.apache.nifi.remote.RootGroupPort)6 HandshakeException (org.apache.nifi.remote.exception.HandshakeException)4 Port (org.apache.nifi.connectable.Port)3 ProcessGroup (org.apache.nifi.groups.ProcessGroup)3 Peer (org.apache.nifi.remote.Peer)3 HttpServerCommunicationsSession (org.apache.nifi.remote.io.http.HttpServerCommunicationsSession)3 Test (org.junit.Test)3 DataTransferAuthorizable (org.apache.nifi.authorization.resource.DataTransferAuthorizable)2 NiFiUser (org.apache.nifi.authorization.user.NiFiUser)2 Connection (org.apache.nifi.connectable.Connection)2 HashSet (java.util.HashSet)1 FlowFileQueue (org.apache.nifi.controller.queue.FlowFileQueue)1