You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2016/04/07 22:19:21 UTC
[9/9] nifi git commit: NIFI-1551: - Starting to remove the
AuthorityProvider. - This closes #330
NIFI-1551:
- Starting to remove the AuthorityProvider.
- This closes #330
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/c4d06f20
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/c4d06f20
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/c4d06f20
Branch: refs/heads/master
Commit: c4d06f203d204d4a3128e1b997144edcd82e48a5
Parents: 2bcc313
Author: Matt Gilman <ma...@gmail.com>
Authored: Thu Apr 7 15:24:31 2016 -0400
Committer: Matt Gilman <ma...@gmail.com>
Committed: Thu Apr 7 16:18:36 2016 -0400
----------------------------------------------------------------------
.../authentication/LoginIdentityProvider.java | 4 +-
.../exception/ProviderCreationException.java | 39 ++
.../exception/ProviderDestructionException.java | 39 ++
.../apache/nifi/authorization/Authority.java | 93 ---
.../nifi/authorization/AuthorityProvider.java | 182 ------
.../AuthorityProviderConfigurationContext.java | 48 --
.../AuthorityProviderInitializationContext.java | 27 -
.../authorization/AuthorityProviderLookup.java | 25 -
.../authorization/AuthorizationRequest.java | 3 +-
.../apache/nifi/authorization/Authorizer.java | 3 +-
.../authorization/DownloadAuthorization.java | 83 ---
.../annotation/AuthorityProviderContext.java | 35 -
.../exception/AuthorityAccessException.java | 33 -
.../IdentityAlreadyExistsException.java | 32 -
.../exception/ProviderCreationException.java | 39 --
.../exception/ProviderDestructionException.java | 39 --
.../exception/UnknownIdentityException.java | 32 -
nifi-assembly/pom.xml | 5 +-
.../org/apache/nifi/util/NiFiProperties.java | 10 +-
.../cassandra/AbstractCassandraProcessor.java | 2 +-
.../AbstractCassandraProcessorTest.java | 2 +-
.../nifi/admin/KeyDataSourceFactoryBean.java | 147 +++++
.../nifi/admin/UserDataSourceFactoryBean.java | 244 -------
.../org/apache/nifi/admin/dao/AuthorityDAO.java | 59 --
.../org/apache/nifi/admin/dao/DAOFactory.java | 4 -
.../java/org/apache/nifi/admin/dao/UserDAO.java | 128 ----
.../nifi/admin/dao/impl/DAOFactoryImpl.java | 12 -
.../admin/dao/impl/StandardAuthorityDAO.java | 172 -----
.../nifi/admin/dao/impl/StandardUserDAO.java | 641 -------------------
.../admin/service/AccountDisabledException.java | 40 --
.../admin/service/AccountPendingException.java | 41 --
.../apache/nifi/admin/service/UserService.java | 133 +---
.../service/action/AbstractUserAction.java | 97 ---
.../admin/service/action/AddActionsAction.java | 3 +-
.../service/action/AdministrationAction.java | 4 +-
.../service/action/AuthorizeDownloadAction.java | 54 --
.../service/action/AuthorizeUserAction.java | 173 -----
.../admin/service/action/CreateUserAction.java | 53 --
.../admin/service/action/DeleteKeysAction.java | 3 +-
.../admin/service/action/DeleteUserAction.java | 73 ---
.../admin/service/action/DisableUserAction.java | 81 ---
.../service/action/DisableUserGroupAction.java | 78 ---
.../service/action/FindUserByDnAction.java | 49 --
.../service/action/FindUserByIdAction.java | 46 --
.../admin/service/action/GetActionAction.java | 3 +-
.../admin/service/action/GetActionsAction.java | 6 +-
.../admin/service/action/GetKeyByIdAction.java | 4 +-
.../service/action/GetKeyByIdentityAction.java | 4 +-
.../service/action/GetOrCreateKeyAction.java | 4 +-
.../admin/service/action/GetPreviousValues.java | 8 +-
.../service/action/GetUserGroupAction.java | 50 --
.../admin/service/action/GetUsersAction.java | 39 --
.../service/action/HasPendingUserAccounts.java | 34 -
.../action/InvalidateUserAccountAction.java | 58 --
.../InvalidateUserGroupAccountsAction.java | 45 --
.../service/action/PurgeActionsAction.java | 3 +-
.../action/RequestUserAccountAction.java | 67 --
.../service/action/SeedUserAccountsAction.java | 164 -----
.../admin/service/action/UngroupUserAction.java | 69 --
.../service/action/UngroupUserGroupAction.java | 57 --
.../admin/service/action/UpdateUserAction.java | 124 ----
.../UpdateUserAuthoritiesCacheAction.java | 73 ---
.../service/action/UpdateUserCacheAction.java | 47 --
.../service/action/UpdateUserGroupAction.java | 171 -----
.../admin/service/impl/StandardUserService.java | 582 +----------------
.../transaction/impl/StandardTransaction.java | 16 +-
.../impl/StandardTransactionBuilder.java | 8 +-
.../AuthorityProviderFactoryBean.java | 491 --------------
.../authorization/AuthorizerFactoryBean.java | 11 +-
...rdAuthorityProviderConfigurationContext.java | 51 --
...dAuthorityProviderInitializationContext.java | 42 --
.../org/apache/nifi/user/AccountStatus.java | 47 --
.../java/org/apache/nifi/user/NiFiUser.java | 101 +--
.../resources/nifi-administration-context.xml | 33 +-
.../src/main/xsd/authority-providers.xsd | 49 --
.../service/action/AuthorizeUserActionTest.java | 433 -------------
.../service/action/CreateUserActionTest.java | 144 -----
.../service/action/DisableUserActionTest.java | 176 -----
.../action/InvalidateUserAccountActionTest.java | 126 ----
.../action/RequestUserAccountActionTest.java | 127 ----
.../action/SeedUserAccountsActionTest.java | 262 --------
.../action/SetUserAuthoritiesActionTest.java | 223 -------
.../web/api/dto/status/ControllerStatusDTO.java | 15 -
.../.gitignore | 1 -
.../nifi-cluster-authorization-provider/pom.xml | 46 --
.../ClusterManagerAuthorizationProvider.java | 225 -------
.../NodeAuthorizationProvider.java | 389 -----------
.../protocol/message/DoesDnExistMessage.java | 55 --
.../protocol/message/GetAuthoritiesMessage.java | 57 --
.../message/GetGroupForUserMessage.java | 54 --
.../protocol/message/ProtocolMessage.java | 56 --
.../message/jaxb/JaxbProtocolUtils.java | 41 --
.../protocol/message/jaxb/ObjectFactory.java | 44 --
....apache.nifi.authorization.AuthorityProvider | 16 -
.../nifi-file-authorization-provider/pom.xml | 85 ---
.../FileAuthorizationProvider.java | 496 --------------
....apache.nifi.authorization.AuthorityProvider | 15 -
.../src/main/xsd/users.xsd | 64 --
.../FileAuthorizationProviderTest.java | 128 ----
.../org/apache/nifi/nar/ExtensionManager.java | 19 +-
.../nifi/nar/NarThreadContextClassLoader.java | 20 +-
.../main/resources/conf/authority-providers.xml | 43 --
.../main/resources/conf/authorized-users.xml | 2 +-
.../src/main/resources/conf/authorizers.xml | 28 +
.../src/main/resources/conf/nifi.properties | 4 +-
.../nifi/remote/StandardRootGroupPort.java | 105 +--
.../org/apache/nifi/web/NiFiServiceFacade.java | 81 ---
.../web/NiFiWebApiSecurityConfiguration.java | 60 +-
.../nifi/web/StandardNiFiContentAccess.java | 18 +-
.../nifi/web/StandardNiFiServiceFacade.java | 234 +------
.../StandardNiFiWebConfigurationContext.java | 4 +-
.../apache/nifi/web/StandardNiFiWebContext.java | 4 +-
.../org/apache/nifi/web/api/AccessResource.java | 68 +-
.../apache/nifi/web/api/ControllerResource.java | 35 +-
.../apache/nifi/web/api/UserGroupResource.java | 465 --------------
.../org/apache/nifi/web/api/UserResource.java | 617 ------------------
.../config/AccountNotFoundExceptionMapper.java | 47 --
.../org/apache/nifi/web/api/dto/DtoFactory.java | 99 +--
.../nifi/web/controller/ControllerFacade.java | 12 +-
.../web/dao/impl/StandardConnectionDAO.java | 12 +-
.../src/main/resources/nifi-web-api-context.xml | 12 -
.../accesscontrol/AccessTokenEndpointTest.java | 2 +
.../accesscontrol/AdminAccessControlTest.java | 2 +
.../accesscontrol/DfmAccessControlTest.java | 1 +
.../ReadOnlyAccessControlTest.java | 2 +
.../util/NiFiTestAuthorizationProvider.java | 180 ------
.../integration/util/NiFiTestAuthorizer.java | 56 ++
.../util/NiFiTestLoginIdentityProvider.java | 9 +-
....apache.nifi.authorization.AuthorityProvider | 15 -
.../org.apache.nifi.authorization.Authorizer | 15 +
.../access-control/authority-providers.xml | 2 +-
.../web/security/NiFiAuthenticationFilter.java | 105 +--
.../security/NiFiAuthenticationProvider.java | 73 ---
.../anonymous/NiFiAnonymousUserFilter.java | 39 +-
.../authorization/NiFiAuthorizationService.java | 171 -----
.../security/jwt/JwtAuthenticationFilter.java | 34 +-
.../security/jwt/JwtAuthenticationProvider.java | 56 ++
.../jwt/JwtAuthenticationRequestToken.java | 58 ++
.../kerberos/KerberosServiceFactoryBean.java | 74 ---
.../security/node/NodeAuthorizedUserFilter.java | 4 +-
.../security/otp/OtpAuthenticationFilter.java | 41 +-
.../security/otp/OtpAuthenticationProvider.java | 60 ++
.../otp/OtpAuthenticationRequestToken.java | 64 ++
.../spring/KerberosServiceFactoryBean.java | 76 +++
.../LoginIdentityProviderFactoryBean.java | 35 +-
.../NewAccountAuthorizationRequestToken.java | 40 --
.../token/NewAccountAuthorizationToken.java | 46 --
.../security/token/NiFiAuthenticationToken.java | 50 ++
.../token/NiFiAuthorizationRequestToken.java | 54 --
.../security/token/NiFiAuthorizationToken.java | 50 --
.../web/security/user/NewAccountRequest.java | 47 --
.../nifi/web/security/user/NiFiUserDetails.java | 17 +-
.../nifi/web/security/user/NiFiUserUtils.java | 21 -
.../security/x509/X509AuthenticationFilter.java | 36 +-
.../x509/X509AuthenticationProvider.java | 78 +++
.../x509/X509AuthenticationRequestToken.java | 75 +++
.../resources/nifi-web-security-context.xml | 19 +-
.../NiFiAuthorizationServiceTest.java | 249 -------
.../otp/OtpAuthenticationFilterTest.java | 91 +--
.../otp/OtpAuthenticationProviderTest.java | 102 +++
.../nifi-framework/pom.xml | 2 -
.../apache/nifi/kerberos/KerberosProvider.java | 4 +-
.../java/org/apache/nifi/ldap/LdapProvider.java | 4 +-
163 files changed, 1272 insertions(+), 11725 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java b/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
index 54becb3..145bdb4 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
@@ -18,8 +18,8 @@ package org.apache.nifi.authentication;
import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderDestructionException;
/**
* Identity provider that is able to authentication a user with username/password credentials.
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderCreationException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderCreationException.java b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderCreationException.java
new file mode 100644
index 0000000..b352787
--- /dev/null
+++ b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderCreationException.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.exception;
+
+/**
+ * Represents the exceptional case when an AuthorityProvider fails instantiated.
+ *
+ */
+public class ProviderCreationException extends RuntimeException {
+
+ public ProviderCreationException() {
+ }
+
+ public ProviderCreationException(String msg) {
+ super(msg);
+ }
+
+ public ProviderCreationException(Throwable cause) {
+ super(cause);
+ }
+
+ public ProviderCreationException(String msg, Throwable cause) {
+ super(msg, cause);
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderDestructionException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderDestructionException.java b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderDestructionException.java
new file mode 100644
index 0000000..1e12146
--- /dev/null
+++ b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderDestructionException.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.exception;
+
+/**
+ * Represents the exceptional case when an AuthorityProvider fails destruction.
+ *
+ */
+public class ProviderDestructionException extends RuntimeException {
+
+ public ProviderDestructionException() {
+ }
+
+ public ProviderDestructionException(String msg) {
+ super(msg);
+ }
+
+ public ProviderDestructionException(Throwable cause) {
+ super(cause);
+ }
+
+ public ProviderDestructionException(String msg, Throwable cause) {
+ super(msg, cause);
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/Authority.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/Authority.java b/nifi-api/src/main/java/org/apache/nifi/authorization/Authority.java
deleted file mode 100644
index 4502c11..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/Authority.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.util.EnumSet;
-import java.util.HashSet;
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-/**
- * Authorities that can be assigned to NiFi users.
- */
-public enum Authority {
-
- ROLE_MONITOR,
- ROLE_DFM,
- ROLE_ADMIN,
- ROLE_PROVENANCE,
- ROLE_PROXY,
- ROLE_NIFI;
-
- /**
- * @param rawAuthority string form of authority
- * @return the matching role or null if the specified role does not match
- * any roles
- */
- public static Authority valueOfAuthority(String rawAuthority) {
- Authority desiredAuthority = null;
-
- for (Authority authority : values()) {
- if (authority.toString().equals(rawAuthority)) {
- desiredAuthority = authority;
- break;
- }
- }
-
- return desiredAuthority;
- }
-
- /**
- * @return the string value of each authority
- */
- public static Set<String> getRawAuthorities() {
- Set<String> authorities = new LinkedHashSet<>();
- for (Authority authority : values()) {
- authorities.add(authority.toString());
- }
- return authorities;
- }
-
- public static Set<String> convertAuthorities(Set<Authority> authorities) {
- if (authorities == null) {
- throw new IllegalArgumentException("No authorities have been specified.");
- }
-
- // convert the set
- Set<String> rawAuthorities = new HashSet<>(authorities.size());
- for (Authority authority : authorities) {
- rawAuthorities.add(authority.toString());
- }
- return rawAuthorities;
- }
-
- public static EnumSet<Authority> convertRawAuthorities(Set<String> rawAuthorities) {
- if (rawAuthorities == null) {
- throw new IllegalArgumentException("No authorities have been specified.");
- }
-
- // convert the set
- EnumSet<Authority> authorities = EnumSet.noneOf(Authority.class);
- for (String rawAuthority : rawAuthorities) {
- Authority authority = Authority.valueOfAuthority(rawAuthority);
- if (authority != null) {
- authorities.add(authority);
- }
- }
- return authorities;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java
deleted file mode 100644
index 716216d..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java
+++ /dev/null
@@ -1,182 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-
-/**
- * This class allows clients to retrieve the authorities for a given DN.
- */
-public interface AuthorityProvider {
-
- /**
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @return whether the user with the specified identity is known to this authority
- * provider. It is not necessary for the user to have any authorities
- */
- boolean doesDnExist(String identity) throws AuthorityAccessException;
-
- /**
- * Get the authorities for the specified user. If the specified user exists
- * but does not have any authorities, an empty set should be returned.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @return the authorities for the specified user. If the specified user
- * exists but does not have any authorities, an empty set should be returned
- * @throws UnknownIdentityException if identity is not known
- * @throws AuthorityAccessException if unable to access authorities
- */
- Set<Authority> getAuthorities(String identity) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Sets the specified authorities for the specified user.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @param authorities the new authorities for the user
- * @throws UnknownIdentityException if identity is not known
- * @throws AuthorityAccessException if unable to access authorities
- */
- void setAuthorities(String identity, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Gets the users for the specified authority.
- *
- * @param authority for which to determine membership of
- * @return all users with the specified authority
- * @throws AuthorityAccessException if unable to access authorities
- */
- Set<String> getUsers(Authority authority) throws AuthorityAccessException;
-
- /**
- * Revokes the specified user. Its up to the implementor to determine the
- * semantics of revocation.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void revokeUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Add the specified user.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @param group Optional
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void addUser(String identity, String group) throws IdentityAlreadyExistsException, AuthorityAccessException;
-
- /**
- * Gets the group for the specified user. Return null if the user does not
- * belong to a group.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @return the group of the given user
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- String getGroupForUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Revokes all users for a specified group. Its up to the implementor to
- * determine the semantics of revocation.
- *
- * @param group to revoke the users of
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void revokeGroup(String group) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Adds the specified users to the specified group.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @param group to add users to
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void setUsersGroup(Set<String> identity, String group) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Ungroups the specified user.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void ungroupUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Ungroups the specified group. Since the semantics of revocation is up to
- * the implementor, this method should do nothing if the specified group
- * does not exist. If an admin revoked this group before calling ungroup, it
- * may or may not exist.
- *
- * @param group to ungroup
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void ungroup(String group) throws AuthorityAccessException;
-
- /**
- * Determines whether the user in the specified dnChain should be able to
- * download the content for the flowfile with the specified attributes.
- *
- * The first identity in the chain is the end user that the request was issued on
- * behalf of. The subsequent identities in the chain represent entities proxying
- * the user's request with the last being the proxy that sent the current
- * request.
- *
- * @param proxyChain proxy chain of user identities that for the download request
- * @param attributes of the flowfile being requested
- * @return the authorization result
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- DownloadAuthorization authorizeDownload(List<String> proxyChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Called immediately after instance creation for implementers to perform
- * additional setup
- *
- * @param initializationContext in which to initialize
- */
- void initialize(AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException;
-
- /**
- * Called to configure the AuthorityProvider.
- *
- * @param configurationContext at the time of configuration
- * @throws ProviderCreationException for any issues configuring the provider
- */
- void onConfigured(AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException;
-
- /**
- * Called immediately before instance destruction for implementers to
- * release resources.
- *
- * @throws ProviderDestructionException If pre-destruction fails.
- */
- void preDestruction() throws ProviderDestructionException;
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderConfigurationContext.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderConfigurationContext.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderConfigurationContext.java
deleted file mode 100644
index c1ba5df..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderConfigurationContext.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.util.Map;
-
-/**
- *
- */
-public interface AuthorityProviderConfigurationContext {
-
- /**
- * @return identifier for the authority provider
- */
- String getIdentifier();
-
- /**
- * Retrieves all properties the component currently understands regardless
- * of whether a value has been set for them or not. If no value is present
- * then its value is null and thus any registered default for the property
- * descriptor applies.
- *
- * @return Map of all properties
- */
- Map<String, String> getProperties();
-
- /**
- * @param property to lookup the descriptor and value of
- * @return the value the component currently understands for the given
- * PropertyDescriptor. This method does not substitute default
- * PropertyDescriptor values, so the value returned will be null if not set
- */
- String getProperty(String property);
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderInitializationContext.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderInitializationContext.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderInitializationContext.java
deleted file mode 100644
index 7b2f89f..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderInitializationContext.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-/**
- *
- */
-public interface AuthorityProviderInitializationContext {
-
- public String getIdentifier();
-
- public AuthorityProviderLookup getAuthorityProviderLookup();
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderLookup.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderLookup.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderLookup.java
deleted file mode 100644
index dc30967..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderLookup.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-/**
- *
- */
-public interface AuthorityProviderLookup {
-
- AuthorityProvider getAuthorityProvider(String identifier);
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
index 38c9e26..1538be0 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
@@ -34,7 +34,6 @@ public class AuthorizationRequest {
private AuthorizationRequest(final Builder builder) {
Objects.requireNonNull(builder.resource, "The resource is required when creating an authorization request");
- Objects.requireNonNull(builder.identity, "The identity of the user is required when creating an authorization request");
Objects.requireNonNull(builder.action, "The action is required when creating an authorization request");
this.resource = builder.resource;
@@ -54,7 +53,7 @@ public class AuthorizationRequest {
}
/**
- * The identity accessing the Resource. Not null.
+ * The identity accessing the Resource. May be null if the user could not authenticate.
*
* @return The identity
*/
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java b/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
index 01a76e4..5aec6f0 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
@@ -16,7 +16,6 @@
*/
package org.apache.nifi.authorization;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.exception.AuthorizerDestructionException;
@@ -31,7 +30,7 @@ public interface Authorizer {
*
* @param request The authorization request
* @return the authorization result
- * @throws AuthorityAccessException if unable to access the authorities
+ * @throws AuthorizationAccessException if unable to access the authorities
*/
AuthorizationResult authorize(AuthorizationRequest request) throws AuthorizationAccessException;
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java b/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java
deleted file mode 100644
index 416f3cf..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-/**
- * Represents a decision whether authorization is granted to download content.
- */
-public class DownloadAuthorization {
-
- private static enum Result {
-
- Approved,
- Denied;
- }
-
- private static final DownloadAuthorization APPROVED = new DownloadAuthorization(Result.Approved, null);
-
- private final Result result;
- private final String explanation;
-
- /**
- * Creates a new DownloadAuthorization with the specified result and
- * explanation.
- *
- * @param result of the authorization
- * @param explanation for the authorization attempt
- */
- private DownloadAuthorization(Result result, String explanation) {
- if (Result.Denied.equals(result) && explanation == null) {
- throw new IllegalArgumentException("An explanation is required when the download request is denied.");
- }
-
- this.result = result;
- this.explanation = explanation;
- }
-
- /**
- * @return Whether or not the download request is approved
- */
- public boolean isApproved() {
- return Result.Approved.equals(result);
- }
-
- /**
- * @return If the download request is denied, the reason why. Null otherwise
- */
- public String getExplanation() {
- return explanation;
- }
-
- /**
- * @return a new approved DownloadAuthorization
- */
- public static DownloadAuthorization approved() {
- return APPROVED;
- }
-
- /**
- * Creates a new denied DownloadAuthorization with the specified
- * explanation.
- *
- * @param explanation for why it was denied
- * @return a new denied DownloadAuthorization with the specified explanation
- * @throws IllegalArgumentException if explanation is null
- */
- public static DownloadAuthorization denied(String explanation) {
- return new DownloadAuthorization(Result.Denied, explanation);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/annotation/AuthorityProviderContext.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/annotation/AuthorityProviderContext.java b/nifi-api/src/main/java/org/apache/nifi/authorization/annotation/AuthorityProviderContext.java
deleted file mode 100644
index 5ac2af7..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/annotation/AuthorityProviderContext.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.annotation;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Inherited;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- *
- *
- */
-@Documented
-@Target({ElementType.FIELD, ElementType.METHOD})
-@Retention(RetentionPolicy.RUNTIME)
-@Inherited
-public @interface AuthorityProviderContext {
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/exception/AuthorityAccessException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/AuthorityAccessException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/AuthorityAccessException.java
deleted file mode 100644
index be64767..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/AuthorityAccessException.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the case when the DN could not be confirmed because it was unable
- * to access the data store.
- */
-public class AuthorityAccessException extends RuntimeException {
-
- public AuthorityAccessException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public AuthorityAccessException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/exception/IdentityAlreadyExistsException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/IdentityAlreadyExistsException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/IdentityAlreadyExistsException.java
deleted file mode 100644
index ba80b6e..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/IdentityAlreadyExistsException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the case when the user identity already exists.
- */
-public class IdentityAlreadyExistsException extends RuntimeException {
-
- public IdentityAlreadyExistsException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public IdentityAlreadyExistsException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderCreationException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderCreationException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderCreationException.java
deleted file mode 100644
index 24ac793..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderCreationException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the exceptional case when an AuthorityProvider fails instantiated.
- *
- */
-public class ProviderCreationException extends RuntimeException {
-
- public ProviderCreationException() {
- }
-
- public ProviderCreationException(String msg) {
- super(msg);
- }
-
- public ProviderCreationException(Throwable cause) {
- super(cause);
- }
-
- public ProviderCreationException(String msg, Throwable cause) {
- super(msg, cause);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderDestructionException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderDestructionException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderDestructionException.java
deleted file mode 100644
index 985d3fb..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderDestructionException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the exceptional case when an AuthorityProvider fails destruction.
- *
- */
-public class ProviderDestructionException extends RuntimeException {
-
- public ProviderDestructionException() {
- }
-
- public ProviderDestructionException(String msg) {
- super(msg);
- }
-
- public ProviderDestructionException(Throwable cause) {
- super(cause);
- }
-
- public ProviderDestructionException(String msg, Throwable cause) {
- super(msg, cause);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/exception/UnknownIdentityException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/UnknownIdentityException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/UnknownIdentityException.java
deleted file mode 100644
index 2ada1c7..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/UnknownIdentityException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the case when an identity cannot be confirmed.
- */
-public class UnknownIdentityException extends RuntimeException {
-
- public UnknownIdentityException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public UnknownIdentityException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-assembly/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-assembly/pom.xml b/nifi-assembly/pom.xml
index 09a8d50..2d26494 100644
--- a/nifi-assembly/pom.xml
+++ b/nifi-assembly/pom.xml
@@ -325,7 +325,7 @@ language governing permissions and limitations under the License. -->
<nifi.flow.configuration.file>./conf/flow.xml.gz</nifi.flow.configuration.file>
<nifi.flow.configuration.archive.dir>./conf/archive/</nifi.flow.configuration.archive.dir>
<nifi.login.identity.provider.configuration.file>./conf/login-identity-providers.xml</nifi.login.identity.provider.configuration.file>
- <nifi.authority.provider.configuration.file>./conf/authority-providers.xml</nifi.authority.provider.configuration.file>
+ <nifi.authorizer.configuration.file>./conf/authorizers.xml</nifi.authorizer.configuration.file>
<nifi.templates.directory>./conf/templates</nifi.templates.directory>
<nifi.database.directory>./database_repository</nifi.database.directory>
@@ -413,9 +413,8 @@ language governing permissions and limitations under the License. -->
<nifi.security.truststoreType />
<nifi.security.truststorePasswd />
<nifi.security.needClientAuth />
- <nifi.security.authorizedUsers.file>./conf/authorized-users.xml</nifi.security.authorizedUsers.file>
<nifi.security.user.credential.cache.duration>24 hours</nifi.security.user.credential.cache.duration>
- <nifi.security.user.authority.provider>file-provider</nifi.security.user.authority.provider>
+ <nifi.security.user.authorizer>file-provider</nifi.security.user.authorizer>
<nifi.security.user.login.identity.provider />
<nifi.security.x509.principal.extractor />
<nifi.security.support.new.account.requests />
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
----------------------------------------------------------------------
diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
index 517b19a..224c3f6 100644
--- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
+++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@@ -48,7 +48,7 @@ public class NiFiProperties extends Properties {
public static final String PROPERTIES_FILE_PATH = "nifi.properties.file.path";
public static final String FLOW_CONFIGURATION_FILE = "nifi.flow.configuration.file";
public static final String FLOW_CONFIGURATION_ARCHIVE_FILE = "nifi.flow.configuration.archive.file";
- public static final String AUTHORITY_PROVIDER_CONFIGURATION_FILE = "nifi.authority.provider.configuration.file";
+ public static final String AUTHORIZER_CONFIGURATION_FILE = "nifi.authorizer.configuration.file";
public static final String LOGIN_IDENTITY_PROVIDER_CONFIGURATION_FILE = "nifi.login.identity.provider.configuration.file";
public static final String REPOSITORY_DATABASE_DIRECTORY = "nifi.database.directory";
public static final String RESTORE_DIRECTORY = "nifi.restore.directory";
@@ -131,7 +131,7 @@ public class NiFiProperties extends Properties {
public static final String SECURITY_TRUSTSTORE_TYPE = "nifi.security.truststoreType";
public static final String SECURITY_TRUSTSTORE_PASSWD = "nifi.security.truststorePasswd";
public static final String SECURITY_NEED_CLIENT_AUTH = "nifi.security.needClientAuth";
- public static final String SECURITY_USER_AUTHORITY_PROVIDER = "nifi.security.user.authority.provider";
+ public static final String SECURITY_USER_AUTHORIZER = "nifi.security.user.authorizer";
public static final String SECURITY_USER_LOGIN_IDENTITY_PROVIDER = "nifi.security.user.login.identity.provider";
public static final String SECURITY_CLUSTER_AUTHORITY_PROVIDER_PORT = "nifi.security.cluster.authority.provider.port";
public static final String SECURITY_CLUSTER_AUTHORITY_PROVIDER_THREADS = "nifi.security.cluster.authority.provider.threads";
@@ -504,10 +504,10 @@ public class NiFiProperties extends Properties {
}
/**
- * @return the user authorities file
+ * @return the user authorizers file
*/
- public File getAuthorityProviderConfiguraitonFile() {
- final String value = getProperty(AUTHORITY_PROVIDER_CONFIGURATION_FILE);
+ public File getAuthorizerConfiguraitonFile() {
+ final String value = getProperty(AUTHORIZER_CONFIGURATION_FILE);
if (StringUtils.isBlank(value)) {
return new File(DEFAULT_AUTHORITY_PROVIDER_CONFIGURATION_FILE);
} else {
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
index 672a3ee..478ffaf 100644
--- a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
+++ b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
@@ -26,7 +26,7 @@ import com.datastax.driver.core.Session;
import org.apache.avro.Schema;
import org.apache.avro.SchemaBuilder;
import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.ValidationContext;
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java
index 1f62997..19e2320 100644
--- a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java
+++ b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java
@@ -22,7 +22,7 @@ import com.datastax.driver.core.DataType;
import com.datastax.driver.core.Metadata;
import com.datastax.driver.core.Row;
import com.google.common.collect.Sets;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java
new file mode 100644
index 0000000..8347953
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java
@@ -0,0 +1,147 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.util.NiFiProperties;
+import org.h2.jdbcx.JdbcConnectionPool;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.FactoryBean;
+
+import java.io.File;
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+public class KeyDataSourceFactoryBean implements FactoryBean {
+
+ private static final Logger logger = LoggerFactory.getLogger(KeyDataSourceFactoryBean.class);
+ private static final String NF_USERNAME_PASSWORD = "nf";
+ private static final int MAX_CONNECTIONS = 5;
+
+ // database file name
+ private static final String USER_KEYS_DATABASE_FILE_NAME = "nifi-user-keys";
+
+ // ----------
+ // keys table
+ // ----------
+
+ private static final String CREATE_KEY_TABLE = "CREATE TABLE KEY ("
+ + "ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, "
+ + "IDENTITY VARCHAR2(4096) NOT NULL UNIQUE, "
+ + "KEY VARCHAR2(100) NOT NULL"
+ + ")";
+
+ private JdbcConnectionPool connectionPool;
+
+ private NiFiProperties properties;
+
+ @Override
+ public Object getObject() throws Exception {
+ if (connectionPool == null) {
+
+ // locate the repository directory
+ String repositoryDirectoryPath = properties.getProperty(NiFiProperties.REPOSITORY_DATABASE_DIRECTORY);
+
+ // ensure the repository directory is specified
+ if (repositoryDirectoryPath == null) {
+ throw new NullPointerException("Database directory must be specified.");
+ }
+
+ // create a handle to the repository directory
+ File repositoryDirectory = new File(repositoryDirectoryPath);
+
+ // create a handle to the database directory and file
+ File databaseFile = new File(repositoryDirectory, USER_KEYS_DATABASE_FILE_NAME);
+ String databaseUrl = getDatabaseUrl(databaseFile);
+
+ // create the pool
+ connectionPool = JdbcConnectionPool.create(databaseUrl, NF_USERNAME_PASSWORD, NF_USERNAME_PASSWORD);
+ connectionPool.setMaxConnections(MAX_CONNECTIONS);
+
+ Connection connection = null;
+ ResultSet rs = null;
+ Statement statement = null;
+ try {
+ // get a connection
+ connection = connectionPool.getConnection();
+ connection.setAutoCommit(false);
+
+ // create a statement for creating/updating the database
+ statement = connection.createStatement();
+
+ // determine if the key table need to be created
+ rs = connection.getMetaData().getTables(null, null, "KEY", null);
+ if (!rs.next()) {
+ statement.execute(CREATE_KEY_TABLE);
+ }
+
+ // commit any changes
+ connection.commit();
+ } catch (SQLException sqle) {
+ RepositoryUtils.rollback(connection, logger);
+ throw sqle;
+ } finally {
+ RepositoryUtils.closeQuietly(rs);
+ RepositoryUtils.closeQuietly(statement);
+ RepositoryUtils.closeQuietly(connection);
+ }
+ }
+
+ return connectionPool;
+ }
+
+ private String getDatabaseUrl(File databaseFile) {
+ String databaseUrl = "jdbc:h2:" + databaseFile + ";AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3";
+ String databaseUrlAppend = properties.getProperty(NiFiProperties.H2_URL_APPEND);
+ if (StringUtils.isNotBlank(databaseUrlAppend)) {
+ databaseUrl += databaseUrlAppend;
+ }
+ return databaseUrl;
+ }
+
+ @Override
+ public Class getObjectType() {
+ return JdbcConnectionPool.class;
+ }
+
+ @Override
+ public boolean isSingleton() {
+ return true;
+ }
+
+ public void setProperties(NiFiProperties properties) {
+ this.properties = properties;
+ }
+
+ public void shutdown() {
+ // shutdown the connection pool
+ if (connectionPool != null) {
+ try {
+ connectionPool.dispose();
+ } catch (Exception e) {
+ logger.warn("Unable to dispose of connection pool: " + e.getMessage());
+ if (logger.isDebugEnabled()) {
+ logger.warn(StringUtils.EMPTY, e);
+ }
+ }
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java
deleted file mode 100644
index d45719d..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin;
-
-import java.io.File;
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.UUID;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.Authority;
-import org.h2.jdbcx.JdbcConnectionPool;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.util.NiFiProperties;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.FactoryBean;
-
-public class UserDataSourceFactoryBean implements FactoryBean {
-
- private static final Logger logger = LoggerFactory.getLogger(UserDataSourceFactoryBean.class);
- private static final String NF_USERNAME_PASSWORD = "nf";
- private static final int MAX_CONNECTIONS = 5;
-
- // database file name
- private static final String AUDIT_DATABASE_FILE_NAME = "nifi-users";
-
- private static final String CREATE_USER_TABLE = "CREATE TABLE USER ("
- + "ID VARCHAR2(100) NOT NULL PRIMARY KEY, "
- + "IDENTITY VARCHAR2(4096) NOT NULL UNIQUE, "
- + "USER_NAME VARCHAR2(4096) NOT NULL, "
- + "USER_GROUP VARCHAR2(100), "
- + "CREATION TIMESTAMP NOT NULL, "
- + "LAST_ACCESSED TIMESTAMP, "
- + "LAST_VERIFIED TIMESTAMP, "
- + "JUSTIFICATION VARCHAR2(500) NOT NULL, "
- + "STATUS VARCHAR2(10) NOT NULL"
- + ")";
-
- private static final String CREATE_AUTHORITY_TABLE = "CREATE TABLE AUTHORITY ("
- + "ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, "
- + "USER_ID VARCHAR2(100) NOT NULL, "
- + "ROLE VARCHAR2(50) NOT NULL, "
- + "FOREIGN KEY (USER_ID) REFERENCES USER (ID), "
- + "CONSTRAINT USER_ROLE_UNIQUE_CONSTRAINT UNIQUE (USER_ID, ROLE)"
- + ")";
-
- private static final String INSERT_ANONYMOUS_USER = "INSERT INTO USER ("
- + "ID, IDENTITY, USER_NAME, CREATION, LAST_VERIFIED, JUSTIFICATION, STATUS"
- + ") VALUES ("
- + "'" + UUID.randomUUID().toString() + "', "
- + "'" + NiFiUser.ANONYMOUS_USER_IDENTITY + "', "
- + "'" + NiFiUser.ANONYMOUS_USER_IDENTITY + "', "
- + "NOW(), "
- + "NOW(), "
- + "'Anonymous user needs no justification', "
- + "'ACTIVE'"
- + ")";
-
- private static final String INSERT_ANONYMOUS_AUTHORITY = "INSERT INTO AUTHORITY ("
- + "USER_ID, ROLE"
- + ") VALUES ("
- + "(SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_IDENTITY + "'), "
- + "'%s'"
- + ")";
-
- private static final String DELETE_ANONYMOUS_AUTHORITIES = "DELETE FROM AUTHORITY "
- + "WHERE USER_ID = (SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_IDENTITY + "')";
-
- private static final String RENAME_DN_COLUMN = "ALTER TABLE USER ALTER COLUMN DN RENAME TO IDENTITY";
- private static final String RESIZE_IDENTITY_COLUMN = "ALTER TABLE USER MODIFY IDENTITY VARCHAR(4096)";
- private static final String RESIZE_USER_NAME_COLUMN = "ALTER TABLE USER MODIFY USER_NAME VARCHAR(4096)";
-
- // ----------
- // keys table
- // ----------
- private static final String CREATE_KEY_TABLE = "CREATE TABLE KEY ("
- + "ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, "
- + "IDENTITY VARCHAR2(4096) NOT NULL UNIQUE, "
- + "KEY VARCHAR2(100) NOT NULL"
- + ")";
-
- private JdbcConnectionPool connectionPool;
-
- private NiFiProperties properties;
-
- @Override
- public Object getObject() throws Exception {
- if (connectionPool == null) {
-
- // locate the repository directory
- String repositoryDirectoryPath = properties.getProperty(NiFiProperties.REPOSITORY_DATABASE_DIRECTORY);
-
- // ensure the repository directory is specified
- if (repositoryDirectoryPath == null) {
- throw new NullPointerException("Database directory must be specified.");
- }
-
- // get the roles being granted to anonymous users
- final Set<String> rawAnonymousAuthorities = new HashSet<>(properties.getAnonymousAuthorities());
- final Set<Authority> anonymousAuthorities = Authority.convertRawAuthorities(rawAnonymousAuthorities);
-
- // ensure every authorities was recognized
- if (rawAnonymousAuthorities.size() != anonymousAuthorities.size()) {
- final Set<String> validAuthorities = Authority.convertAuthorities(anonymousAuthorities);
- rawAnonymousAuthorities.removeAll(validAuthorities);
- throw new IllegalStateException(String.format("Invalid authorities specified for anonymous access: [%s]. Valid values are: [%s].",
- StringUtils.join(rawAnonymousAuthorities, ", "), StringUtils.join(Authority.values(), ", ")));
- }
-
- // create a handle to the repository directory
- File repositoryDirectory = new File(repositoryDirectoryPath);
-
- // create a handle to the database directory and file
- File databaseFile = new File(repositoryDirectory, AUDIT_DATABASE_FILE_NAME);
- String databaseUrl = getDatabaseUrl(databaseFile);
-
- // create the pool
- connectionPool = JdbcConnectionPool.create(databaseUrl, NF_USERNAME_PASSWORD, NF_USERNAME_PASSWORD);
- connectionPool.setMaxConnections(MAX_CONNECTIONS);
-
- Connection connection = null;
- ResultSet rs = null;
- Statement statement = null;
- try {
- // get a connection
- connection = connectionPool.getConnection();
- connection.setAutoCommit(false);
-
- // create a statement for creating/updating the database
- statement = connection.createStatement();
-
- // determine if the tables need to be created
- rs = connection.getMetaData().getTables(null, null, "USER", null);
- if (!rs.next()) {
- logger.info("Database not built for repository: " + databaseUrl + ". Building now...");
-
- // create the tables
- statement.execute(CREATE_USER_TABLE);
- statement.execute(CREATE_AUTHORITY_TABLE);
-
- // seed the anonymous user
- statement.execute(INSERT_ANONYMOUS_USER);
- } else {
- logger.info("Existing database found and connected to at: " + databaseUrl);
- RepositoryUtils.closeQuietly(rs);
-
- // if the DN column exists, transform the table
- rs = connection.getMetaData().getColumns(null, null, "USER", "DN");
- if (rs.next()) {
- statement.execute(RENAME_DN_COLUMN);
- statement.execute(RESIZE_IDENTITY_COLUMN);
- statement.execute(RESIZE_USER_NAME_COLUMN);
- }
-
- // remove all authorities for the anonymous user
- statement.execute(DELETE_ANONYMOUS_AUTHORITIES);
- }
-
- // add all authorities for the anonymous user
- for (final Authority authority : anonymousAuthorities) {
- statement.execute(String.format(INSERT_ANONYMOUS_AUTHORITY, authority.name()));
- }
-
- RepositoryUtils.closeQuietly(rs);
-
- // determine if the key table need to be created
- rs = connection.getMetaData().getTables(null, null, "KEY", null);
- if (!rs.next()) {
- statement.execute(CREATE_KEY_TABLE);
- }
-
- // commit any changes
- connection.commit();
- } catch (SQLException sqle) {
- RepositoryUtils.rollback(connection, logger);
- throw sqle;
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- RepositoryUtils.closeQuietly(connection);
- }
- }
-
- return connectionPool;
- }
-
- private String getDatabaseUrl(File databaseFile) {
- String databaseUrl = "jdbc:h2:" + databaseFile + ";AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3";
- String databaseUrlAppend = properties.getProperty(NiFiProperties.H2_URL_APPEND);
- if (StringUtils.isNotBlank(databaseUrlAppend)) {
- databaseUrl += databaseUrlAppend;
- }
- return databaseUrl;
- }
-
- @Override
- public Class getObjectType() {
- return JdbcConnectionPool.class;
- }
-
- @Override
- public boolean isSingleton() {
- return true;
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
- public void shutdown() {
-
- // shutdown the connection pool
- if (connectionPool != null) {
- try {
- connectionPool.dispose();
- } catch (Exception e) {
- logger.warn("Unable to dispose of connection pool: " + e.getMessage());
- if (logger.isDebugEnabled()) {
- logger.warn(StringUtils.EMPTY, e);
- }
- }
- }
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java
deleted file mode 100644
index b80b78e..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.dao;
-
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-
-/**
- * Authority data access.
- */
-public interface AuthorityDAO {
-
- /**
- * Finds all Authority for the specified user.
- *
- * @param userId identifier of user
- * @return authorities
- */
- Set<Authority> findAuthoritiesByUserId(String userId) throws DataAccessException;
-
- /**
- * Creates new Authorities for the specified user in addition to authorities
- * they already have.
- *
- * @param authorities to add to the given user
- * @param userId identifier of user
- */
- void createAuthorities(Set<Authority> authorities, String userId) throws DataAccessException;
-
- /**
- * Removes all Authorities for the specified user.
- *
- * @param userId user identifier
- * @throws DataAccessException if unable to access authorities
- */
- void deleteAuthorities(String userId) throws DataAccessException;
-
- /**
- * Removes the specified Authority.
- *
- * @param authorities to remove
- * @param userId user id
- */
- void deleteAuthorities(Set<Authority> authorities, String userId) throws DataAccessException;
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
index eb7e3ce..3fcc6d8 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
@@ -21,11 +21,7 @@ package org.apache.nifi.admin.dao;
*/
public interface DAOFactory {
- UserDAO getUserDAO();
-
ActionDAO getActionDAO();
- AuthorityDAO getAuthorityDAO();
-
KeyDAO getKeyDAO();
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java
deleted file mode 100644
index 7e91c07..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.dao;
-
-import java.util.Date;
-import java.util.Set;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- * Defines the user data access object.
- */
-public interface UserDAO {
-
- /**
- * Determines whether there are any PENDING user accounts.
- *
- * @return true if pending
- * @throws DataAccessException dae
- */
- Boolean hasPendingUserAccounts() throws DataAccessException;
-
- /**
- * Returns all users.
- *
- * @return all users
- * @throws DataAccessException dae
- */
- Set<NiFiUser> findUsers() throws DataAccessException;
-
- /**
- * Returns all user groups.
- *
- * @return all group names
- * @throws DataAccessException dae
- */
- Set<String> findUserGroups() throws DataAccessException;
-
- /**
- * Returns all users for the specified group.
- *
- * @param group group
- * @return users in group
- * @throws DataAccessException dae
- */
- Set<NiFiUser> findUsersForGroup(String group) throws DataAccessException;
-
- /**
- * Returns the user with the specified id.
- *
- * @param id user id
- * @return user for the given id
- * @throws DataAccessException dae
- */
- NiFiUser findUserById(String id) throws DataAccessException;
-
- /**
- * Returns the user with the specified DN.
- *
- * @param dn user dn
- * @return user
- */
- NiFiUser findUserByDn(String dn) throws DataAccessException;
-
- /**
- * Creates a new user based off the specified NiFiUser.
- *
- * @param user to create
- * @return the created user with it's id
- */
- NiFiUser createUser(NiFiUser user) throws DataAccessException;
-
- /**
- * Updates the specified NiFiUser.
- *
- * @param user to update
- */
- void updateUser(NiFiUser user) throws DataAccessException;
-
- /**
- * Deletes the specified user.
- *
- * @param id user identifier
- * @throws DataAccessException dae
- */
- void deleteUser(String id) throws DataAccessException;
-
- /**
- * Sets the status of the specified group.
- *
- * @param group group
- * @param status status
- * @throws DataAccessException dae
- */
- void updateGroupStatus(String group, AccountStatus status) throws DataAccessException;
-
- /**
- * Sets the last verified time for all users in the specified group.
- *
- * @param group group
- * @param lastVerified date last verified
- * @throws DataAccessException dae
- */
- void updateGroupVerification(String group, Date lastVerified) throws DataAccessException;
-
- /**
- * Ungroups the specified group.
- *
- * @param group to ungroup
- * @throws DataAccessException dae
- */
- void ungroup(String group) throws DataAccessException;
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
index 940e364..09ad103 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
@@ -18,10 +18,8 @@ package org.apache.nifi.admin.dao.impl;
import java.sql.Connection;
import org.apache.nifi.admin.dao.ActionDAO;
-import org.apache.nifi.admin.dao.AuthorityDAO;
import org.apache.nifi.admin.dao.DAOFactory;
import org.apache.nifi.admin.dao.KeyDAO;
-import org.apache.nifi.admin.dao.UserDAO;
/**
*
@@ -40,16 +38,6 @@ public class DAOFactoryImpl implements DAOFactory {
}
@Override
- public AuthorityDAO getAuthorityDAO() {
- return new StandardAuthorityDAO(connection);
- }
-
- @Override
- public UserDAO getUserDAO() {
- return new StandardUserDAO(connection);
- }
-
- @Override
public KeyDAO getKeyDAO() {
return new StandardKeyDAO(connection);
}