You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ma...@apache.org on 2016/07/01 20:41:53 UTC
[5/5] nifi git commit: NIFI-1781: - Updating UI according to
permissions through out the application. - Shuffling provenance events,
template,
and cluster search REST APIs according to resources being authorized. - Moving
template upload controls. - Remo
NIFI-1781:
- Updating UI according to permissions through out the application.
- Shuffling provenance events, template, and cluster search REST APIs according to resources being authorized.
- Moving template upload controls.
- Removing username where appropriate.
- Addressing issues when authorizing flow configuration actions.
- Code clean up.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/ce533033
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/ce533033
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/ce533033
Branch: refs/heads/master
Commit: ce5330330ac1e377144fc1d29d5ef9fb2f60e29f
Parents: 8eb0a38
Author: Matt Gilman <ma...@gmail.com>
Authored: Fri Jul 1 15:10:27 2016 -0400
Committer: Matt Gilman <ma...@gmail.com>
Committed: Fri Jul 1 15:10:27 2016 -0400
----------------------------------------------------------------------
.../java/org/apache/nifi/action/Action.java | 2 -
.../authorization/AuthorizationRequest.java | 38 +-
.../apache/nifi/authorization/Authorizer.java | 2 +-
.../authorization/resource/Authorizable.java | 48 ++-
.../nifi/authorization/user/NiFiUser.java | 5 -
.../nifi/web/NiFiWebConfigurationContext.java | 11 +-
.../org/apache/nifi/util/NiFiProperties.java | 3 +-
.../java/org/apache/nifi/web/util/WebUtils.java | 94 +----
.../nifi/admin/AuditDataSourceFactoryBean.java | 31 +-
.../nifi/admin/dao/impl/StandardActionDAO.java | 64 ++-
.../nifi/admin/dao/impl/StandardKeyDAO.java | 7 +-
.../org/apache/nifi/history/HistoryQuery.java | 10 +-
.../org/apache/nifi/history/PreviousValue.java | 10 +-
.../nifi/web/api/dto/AccessStatusDTO.java | 15 -
.../nifi/web/api/dto/PreviousValueDTO.java | 15 +-
.../nifi/web/api/dto/action/ActionDTO.java | 22 +-
.../web/api/dto/action/HistoryQueryDTO.java | 19 +-
.../dto/search/UserGroupSearchResultDTO.java | 44 ---
.../web/api/dto/search/UserSearchResultDTO.java | 59 ---
.../nifi/web/api/entity/AuthorityEntity.java | 54 ---
.../nifi/web/api/entity/CurrentUserEntity.java | 102 +++++
.../nifi/web/api/entity/IdentityEntity.java | 63 ---
.../nifi/web/api/entity/TemplateEntity.java | 5 +-
.../nifi/web/api/entity/TemplatesEntity.java | 14 +-
.../web/api/entity/UserSearchResultsEntity.java | 56 ---
.../nifi/authorization/FileAuthorizer.java | 2 +-
.../nifi/authorization/user/NiFiUserUtils.java | 4 +-
.../authorization/user/StandardNiFiUser.java | 19 +-
.../org/apache/nifi/controller/Template.java | 53 ++-
.../nifi/groups/StandardProcessGroup.java | 4 +
.../apache/nifi/action/FlowChangeAction.java | 10 -
.../nifi/audit/ComponentStateAuditor.java | 3 -
.../apache/nifi/audit/ControllerAuditor.java | 2 -
.../nifi/audit/ControllerServiceAuditor.java | 22 +-
.../org/apache/nifi/audit/FunnelAuditor.java | 8 +-
.../java/org/apache/nifi/audit/PortAuditor.java | 3 -
.../apache/nifi/audit/ProcessGroupAuditor.java | 3 -
.../org/apache/nifi/audit/ProcessorAuditor.java | 29 +-
.../apache/nifi/audit/RelationshipAuditor.java | 25 +-
.../nifi/audit/RemoteProcessGroupAuditor.java | 3 -
.../apache/nifi/audit/ReportingTaskAuditor.java | 19 +-
.../org/apache/nifi/audit/SnippetAuditor.java | 1 -
.../org/apache/nifi/web/AuthorizableLookup.java | 14 +
.../org/apache/nifi/web/NiFiServiceFacade.java | 11 +-
.../web/NiFiWebApiSecurityConfiguration.java | 17 -
.../nifi/web/StandardAuthorizableLookup.java | 36 ++
.../nifi/web/StandardNiFiContentAccess.java | 46 +--
.../nifi/web/StandardNiFiServiceFacade.java | 75 +++-
.../StandardNiFiWebConfigurationContext.java | 30 +-
.../org/apache/nifi/web/api/AccessResource.java | 41 +-
.../nifi/web/api/ApplicationResource.java | 27 --
.../apache/nifi/web/api/ControllerResource.java | 80 ----
.../org/apache/nifi/web/api/FlowResource.java | 289 +++++++++-----
.../nifi/web/api/ProcessGroupResource.java | 130 ++----
.../nifi/web/api/ProvenanceEventResource.java | 391 +++++++++++++++++++
.../apache/nifi/web/api/ProvenanceResource.java | 366 ++---------------
.../apache/nifi/web/api/TemplateResource.java | 60 ++-
.../org/apache/nifi/web/api/dto/DtoFactory.java | 11 +-
.../nifi/web/controller/ControllerFacade.java | 212 +++++++---
.../web/dao/impl/StandardConnectionDAO.java | 2 +-
.../src/main/resources/nifi-web-api-context.xml | 6 +
.../nifi/web/revision/NaiveRevisionManager.java | 4 +-
.../security/node/NodeAuthorizedUserFilter.java | 128 ------
.../x509/X509AuthenticationProvider.java | 2 +-
.../src/main/webapp/WEB-INF/pages/canvas.jsp | 2 +
.../src/main/webapp/WEB-INF/pages/templates.jsp | 1 -
.../WEB-INF/partials/canvas/canvas-header.jsp | 21 +-
.../WEB-INF/partials/canvas/navigation.jsp | 8 +-
.../partials/canvas/upload-template-dialog.jsp | 35 ++
.../partials/templates/templates-content.jsp | 19 -
.../nifi-web-ui/src/main/webapp/css/header.css | 11 +-
.../nifi-web-ui/src/main/webapp/css/main.css | 75 ++++
.../src/main/webapp/css/templates.css | 90 -----
.../nf-ng-canvas-global-menu-controller.js | 50 +--
.../nf-ng-canvas-operate-controller.js | 138 +++++++
.../nf-ng-canvas-toolbox-controller.js | 27 +-
.../components/nf-ng-template-component.js | 16 +-
.../src/main/webapp/js/nf/canvas/nf-actions.js | 7 +
.../src/main/webapp/js/nf/canvas/nf-canvas.js | 92 +----
.../main/webapp/js/nf/canvas/nf-context-menu.js | 2 +-
.../js/nf/canvas/nf-processor-configuration.js | 5 -
.../nf/canvas/nf-remote-process-group-ports.js | 19 +-
.../src/main/webapp/js/nf/canvas/nf-settings.js | 32 +-
.../webapp/js/nf/cluster/nf-cluster-table.js | 6 +-
.../src/main/webapp/js/nf/cluster/nf-cluster.js | 35 +-
.../webapp/js/nf/counters/nf-counters-table.js | 2 +-
.../main/webapp/js/nf/counters/nf-counters.js | 36 +-
.../webapp/js/nf/history/nf-history-model.js | 2 +-
.../webapp/js/nf/history/nf-history-table.js | 19 +-
.../src/main/webapp/js/nf/history/nf-history.js | 36 +-
.../src/main/webapp/js/nf/login/nf-login.js | 2 -
.../src/main/webapp/js/nf/nf-common.js | 117 ++++--
.../js/nf/provenance/nf-provenance-lineage.js | 2 +-
.../js/nf/provenance/nf-provenance-table.js | 95 +++--
.../webapp/js/nf/provenance/nf-provenance.js | 35 +-
.../webapp/js/nf/summary/nf-cluster-search.js | 2 +-
.../js/nf/templates/nf-templates-table.js | 100 +++--
.../main/webapp/js/nf/templates/nf-templates.js | 124 +-----
.../PersistentProvenanceRepository.java | 94 ++---
.../TestPersistentProvenanceRepository.java | 59 ++-
.../VolatileProvenanceRepository.java | 46 +--
.../TestVolatileProvenanceRepository.java | 24 +-
.../script/ExecuteScriptGroovyTest.groovy | 4 +-
103 files changed, 2105 insertions(+), 2366 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-api/src/main/java/org/apache/nifi/action/Action.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/action/Action.java b/nifi-api/src/main/java/org/apache/nifi/action/Action.java
index 4ab167e..ed6505f 100644
--- a/nifi-api/src/main/java/org/apache/nifi/action/Action.java
+++ b/nifi-api/src/main/java/org/apache/nifi/action/Action.java
@@ -33,8 +33,6 @@ public interface Action extends Serializable {
String getUserIdentity();
- String getUserName();
-
String getSourceId();
String getSourceName();
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
index 7e6999c..da0a276 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
@@ -22,7 +22,7 @@ import java.util.Map;
import java.util.Objects;
/**
- * Represents an authorization request for a given user/entity performing an action against a resource within some context.
+ * Represents an authorization request for a given user/entity performing an action against a resource within some userContext.
*/
public class AuthorizationRequest {
@@ -31,8 +31,8 @@ public class AuthorizationRequest {
private final RequestAction action;
private final boolean isAccessAttempt;
private final boolean isAnonymous;
- private final Map<String, String> context;
- private final Map<String, String> eventAttributes;
+ private final Map<String, String> userContext;
+ private final Map<String, String> resourceContext;
private AuthorizationRequest(final Builder builder) {
Objects.requireNonNull(builder.resource, "The resource is required when creating an authorization request");
@@ -45,8 +45,8 @@ public class AuthorizationRequest {
this.action = builder.action;
this.isAccessAttempt = builder.isAccessAttempt;
this.isAnonymous = builder.isAnonymous;
- this.context = builder.context == null ? null : Collections.unmodifiableMap(builder.context);
- this.eventAttributes = builder.context == null ? null : Collections.unmodifiableMap(builder.eventAttributes);
+ this.userContext = builder.userContext == null ? null : Collections.unmodifiableMap(builder.userContext);
+ this.resourceContext = builder.resourceContext == null ? null : Collections.unmodifiableMap(builder.resourceContext);
}
/**
@@ -95,12 +95,12 @@ public class AuthorizationRequest {
}
/**
- * The context of the user request to make additional access decisions. May be null.
+ * The userContext of the user request to make additional access decisions. May be null.
*
- * @return The context of the user request
+ * @return The userContext of the user request
*/
- public Map<String, String> getContext() {
- return context;
+ public Map<String, String> getUserContext() {
+ return userContext;
}
/**
@@ -108,8 +108,8 @@ public class AuthorizationRequest {
*
* @return The event attributes
*/
- public Map<String, String> getEventAttributes() {
- return eventAttributes;
+ public Map<String, String> getResourceContext() {
+ return resourceContext;
}
/**
@@ -122,8 +122,8 @@ public class AuthorizationRequest {
private Boolean isAnonymous;
private Boolean isAccessAttempt;
private RequestAction action;
- private Map<String, String> context;
- private Map<String, String> eventAttributes;
+ private Map<String, String> userContext;
+ private Map<String, String> resourceContext;
public Builder resource(final Resource resource) {
this.resource = resource;
@@ -150,13 +150,17 @@ public class AuthorizationRequest {
return this;
}
- public Builder context(final Map<String, String> context) {
- this.context = new HashMap<>(context);
+ public Builder userContext(final Map<String, String> userContext) {
+ if (userContext != null) {
+ this.userContext = new HashMap<>(userContext);
+ }
return this;
}
- public Builder eventAttributes(final Map<String, String> eventAttributes) {
- this.eventAttributes = new HashMap<>(eventAttributes);
+ public Builder resourceContext(final Map<String, String> resourceContext) {
+ if (resourceContext != null) {
+ this.resourceContext = new HashMap<>(resourceContext);
+ }
return this;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java b/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
index 5aec6f0..cb8c7f1 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
@@ -30,7 +30,7 @@ public interface Authorizer {
*
* @param request The authorization request
* @return the authorization result
- * @throws AuthorizationAccessException if unable to access the authorities
+ * @throws AuthorizationAccessException if unable to access the policies
*/
AuthorizationResult authorize(AuthorizationRequest request) throws AuthorizationAccessException;
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-api/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java b/nifi-api/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java
index 09fab19..90374dd 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java
@@ -25,6 +25,8 @@ import org.apache.nifi.authorization.RequestAction;
import org.apache.nifi.authorization.Resource;
import org.apache.nifi.authorization.user.NiFiUser;
+import java.util.Map;
+
public interface Authorizable {
/**
@@ -64,7 +66,7 @@ public interface Authorizable {
* @param user user
* @return is authorized
*/
- default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user) {
+ default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) {
// TODO - include user details context
// build the request
@@ -74,6 +76,7 @@ public interface Authorizable {
.accessAttempt(false)
.action(action)
.resource(getResource())
+ .resourceContext(resourceContext)
.build();
// perform the authorization
@@ -93,22 +96,39 @@ public interface Authorizable {
}
/**
+ * Returns the result of an authorization request for the specified user for the specified action on the specified
+ * resource. This method does not imply the user is directly attempting to access the specified resource. If the user is
+ * attempting a direct access use Authorizable.authorize().
+ *
+ * @param authorizer authorizer
+ * @param action action
+ * @param user user
+ * @return is authorized
+ */
+ default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user) {
+ return checkAuthorization(authorizer, action, user, null);
+ }
+
+ /**
* Authorizes the current user for the specified action on the specified resource. This method does imply the user is
* directly accessing the specified resource.
*
* @param authorizer authorizer
* @param action action
+ * @param user user
+ * @param resourceContext resource context
*/
- default void authorize(Authorizer authorizer, RequestAction action, NiFiUser user) throws AccessDeniedException {
+ default void authorize(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) throws AccessDeniedException {
// TODO - include user details context
final AuthorizationRequest request = new AuthorizationRequest.Builder()
- .identity(user.getIdentity())
- .anonymous(user.isAnonymous())
- .accessAttempt(true)
- .action(action)
- .resource(getResource())
- .build();
+ .identity(user.getIdentity())
+ .anonymous(user.isAnonymous())
+ .accessAttempt(true)
+ .action(action)
+ .resource(getResource())
+ .resourceContext(resourceContext)
+ .build();
final AuthorizationResult result = authorizer.authorize(request);
if (Result.ResourceNotFound.equals(result.getResult())) {
@@ -122,4 +142,16 @@ public interface Authorizable {
throw new AccessDeniedException(result.getExplanation());
}
}
+
+ /**
+ * Authorizes the current user for the specified action on the specified resource. This method does imply the user is
+ * directly accessing the specified resource.
+ *
+ * @param authorizer authorizer
+ * @param action action
+ * @param user user
+ */
+ default void authorize(Authorizer authorizer, RequestAction action, NiFiUser user) throws AccessDeniedException {
+ authorize(authorizer, action, user, null);
+ }
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-api/src/main/java/org/apache/nifi/authorization/user/NiFiUser.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/user/NiFiUser.java b/nifi-api/src/main/java/org/apache/nifi/authorization/user/NiFiUser.java
index d5dee54..9ec04e2 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/user/NiFiUser.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authorization/user/NiFiUser.java
@@ -28,11 +28,6 @@ public interface NiFiUser {
String getIdentity();
/**
- * @return the user name for this user
- */
- String getUserName();
-
- /**
* @return the next user in the proxied entities chain, or <code>null</code> if no more users exist in the chain.
*/
NiFiUser getChain();
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebConfigurationContext.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebConfigurationContext.java b/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebConfigurationContext.java
index a0a605c..5082af2 100644
--- a/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebConfigurationContext.java
+++ b/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebConfigurationContext.java
@@ -16,11 +16,11 @@
*/
package org.apache.nifi.web;
+import org.apache.nifi.controller.ControllerService;
+
import java.util.Collection;
import java.util.Map;
-import org.apache.nifi.controller.ControllerService;
-
/**
* NiFi web context providing limited access to dataflow configuration for
* component custom UIs.
@@ -58,12 +58,7 @@ public interface NiFiWebConfigurationContext {
/**
* @return the current user identity. The value may be a DN, an email, a username, or any string that identities the user. Returns null if no user is found
*/
- String getCurrentUserDn();
-
- /**
- * @return the current user name. Returns null if no user is found
- */
- String getCurrentUserName();
+ String getCurrentUserIdentity();
/**
* Sets the annotation data for the underlying component.
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
----------------------------------------------------------------------
diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
index 73a54c5..2e84c5b 100644
--- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
+++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@@ -518,7 +518,7 @@ public class NiFiProperties extends Properties {
}
/**
- * @return the user authorities file
+ * @return the user login identity provider file
*/
public File getLoginIdentityProviderConfigurationFile() {
final String value = getProperty(LOGIN_IDENTITY_PROVIDER_CONFIGURATION_FILE);
@@ -774,7 +774,6 @@ public class NiFiProperties extends Properties {
* Returns true if client certificates are required for REST API. Determined if the following conditions are all true:
*
* - login identity provider is not populated
- * - anonymous authorities is empty
* - Kerberos service support is not enabled
*
* @return true if client certificates are required for access to the REST API
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/util/WebUtils.java
----------------------------------------------------------------------
diff --git a/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/util/WebUtils.java b/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/util/WebUtils.java
index e27f91c..18083ca 100644
--- a/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/util/WebUtils.java
+++ b/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/util/WebUtils.java
@@ -16,12 +16,20 @@
*/
package org.apache.nifi.web.util;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.ObjectInputStream;
-import java.io.ObjectOutputStream;
-import java.io.Serializable;
+import com.sun.jersey.api.client.Client;
+import com.sun.jersey.api.client.config.ClientConfig;
+import com.sun.jersey.api.client.config.DefaultClientConfig;
+import com.sun.jersey.api.json.JSONConfiguration;
+import com.sun.jersey.client.urlconnection.HTTPSProperties;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.security.util.CertificateUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
@@ -29,25 +37,6 @@ import java.util.List;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLPeerUnverifiedException;
-import javax.net.ssl.SSLSession;
-
-import org.apache.nifi.security.util.CertificateUtils;
-
-import org.apache.commons.codec.DecoderException;
-import org.apache.commons.codec.binary.Hex;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import com.sun.jersey.api.client.Client;
-import com.sun.jersey.api.client.config.ClientConfig;
-import com.sun.jersey.api.client.config.DefaultClientConfig;
-import com.sun.jersey.api.json.JSONConfiguration;
-import com.sun.jersey.client.urlconnection.HTTPSProperties;
-
/**
* Common utilities related to web development.
*
@@ -139,59 +128,4 @@ public final class WebUtils {
}
- /**
- * Serializes the given object to hexadecimal. Serialization uses Java's
- * native serialization mechanism, the ObjectOutputStream.
- *
- * @param obj an object
- * @return the serialized object as hex
- */
- public static String serializeObjectToHex(final Serializable obj) {
-
- final ByteArrayOutputStream serializedObj = new ByteArrayOutputStream();
-
- // IOException can never be thrown because we are serializing to an in memory byte array
- try {
- final ObjectOutputStream oos = new ObjectOutputStream(serializedObj);
- oos.writeObject(obj);
- oos.close();
- } catch (final IOException ioe) {
- throw new RuntimeException(ioe);
- }
-
- logger.debug(String.format("Serialized object '%s' size: %d", obj, serializedObj.size()));
-
- // hex encode the binary
- return new String(Hex.encodeHex(serializedObj.toByteArray(), /* tolowercase */ true));
- }
-
- /**
- * Deserializes a Java serialized, hex-encoded string into a Java object.
- * This method is the inverse of the serializeObjectToHex method in this
- * class.
- *
- * @param hexEncodedObject a string
- * @return the object
- * @throws ClassNotFoundException if the class could not be found
- */
- public static Serializable deserializeHexToObject(final String hexEncodedObject) throws ClassNotFoundException {
-
- // decode the hex encoded object
- byte[] serializedObj;
- try {
- serializedObj = Hex.decodeHex(hexEncodedObject.toCharArray());
- } catch (final DecoderException de) {
- throw new IllegalArgumentException(de);
- }
-
- // IOException can never be thrown because we are deserializing from an in memory byte array
- try {
- // deserialize bytes into object
- ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(serializedObj));
- return (Serializable) ois.readObject();
- } catch (final IOException ioe) {
- throw new RuntimeException(ioe);
- }
-
- }
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/AuditDataSourceFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/AuditDataSourceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/AuditDataSourceFactoryBean.java
index 87cd420..18df4bc 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/AuditDataSourceFactoryBean.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/AuditDataSourceFactoryBean.java
@@ -16,18 +16,19 @@
*/
package org.apache.nifi.admin;
-import java.io.File;
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
import org.apache.commons.lang3.StringUtils;
-import org.h2.jdbcx.JdbcConnectionPool;
import org.apache.nifi.util.NiFiProperties;
+import org.h2.jdbcx.JdbcConnectionPool;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.FactoryBean;
+import java.io.File;
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
/**
*
*/
@@ -38,7 +39,7 @@ public class AuditDataSourceFactoryBean implements FactoryBean {
private static final int MAX_CONNECTIONS = 5;
// database file name
- private static final String AUDIT_DATABASE_FILE_NAME = "nifi-audit";
+ private static final String AUDIT_DATABASE_FILE_NAME = "nifi-flow-audit";
// ------------
// action table
@@ -46,7 +47,6 @@ public class AuditDataSourceFactoryBean implements FactoryBean {
private static final String CREATE_ACTION_TABLE = "CREATE TABLE ACTION ("
+ "ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, "
+ "IDENTITY VARCHAR2(4096) NOT NULL, "
- + "USER_NAME VARCHAR2(4096) NOT NULL, "
+ "SOURCE_ID VARCHAR2(100) NOT NULL, "
+ "SOURCE_NAME VARCHAR2(1000) NOT NULL, "
+ "SOURCE_TYPE VARCHAR2(1000) NOT NULL, "
@@ -107,10 +107,6 @@ public class AuditDataSourceFactoryBean implements FactoryBean {
+ "FOREIGN KEY (ACTION_ID) REFERENCES ACTION(ID)"
+ ")";
- private static final String RENAME_DN_COLUMN = "ALTER TABLE ACTION ALTER COLUMN USER_DN RENAME TO IDENTITY";
- private static final String RESIZE_IDENTITY_COLUMN = "ALTER TABLE ACTION MODIFY IDENTITY VARCHAR(4096)";
- private static final String RESIZE_USER_NAME_COLUMN = "ALTER TABLE ACTION MODIFY USER_NAME VARCHAR(4096)";
-
private JdbcConnectionPool connectionPool;
private NiFiProperties properties;
@@ -173,17 +169,6 @@ public class AuditDataSourceFactoryBean implements FactoryBean {
statement.execute(CREATE_CONFIGURE_DETAILS_TABLE);
statement.execute(CREATE_CONNECT_DETAILS_TABLE);
statement.execute(CREATE_PURGE_DETAILS_TABLE);
- } else {
- logger.info("Existing database found and connected to at: " + databaseUrl);
- RepositoryUtils.closeQuietly(rs);
-
- // check if the DN column exists to see if we need to transform the table
- rs = connection.getMetaData().getColumns(null, null, "ACTION", "USER_DN");
- if (rs.next()) {
- statement.execute(RENAME_DN_COLUMN);
- statement.execute(RESIZE_IDENTITY_COLUMN);
- statement.execute(RESIZE_USER_NAME_COLUMN);
- }
}
// commit any changes
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardActionDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardActionDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardActionDAO.java
index 8fdfd34..df1774c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardActionDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardActionDAO.java
@@ -16,18 +16,7 @@
*/
package org.apache.nifi.admin.dao.impl;
-import java.sql.Connection;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
+import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.action.Action;
import org.apache.nifi.action.Component;
import org.apache.nifi.action.FlowChangeAction;
@@ -52,7 +41,19 @@ import org.apache.nifi.admin.dao.DataAccessException;
import org.apache.nifi.history.History;
import org.apache.nifi.history.HistoryQuery;
import org.apache.nifi.history.PreviousValue;
-import org.apache.commons.lang3.StringUtils;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
/**
*
@@ -63,15 +64,14 @@ public class StandardActionDAO implements ActionDAO {
// action table
// ------------
private static final String INSERT_ACTION = "INSERT INTO ACTION ("
- + "IDENTITY, USER_NAME, SOURCE_ID, SOURCE_NAME, SOURCE_TYPE, OPERATION, ACTION_TIMESTAMP"
+ + "IDENTITY, SOURCE_ID, SOURCE_NAME, SOURCE_TYPE, OPERATION, ACTION_TIMESTAMP"
+ ") VALUES ("
+ "?, "
+ "?, "
+ "?, "
+ "?, "
+ "?, "
- + "?, "
- + "?, "
+ + "? "
+ ")";
// -----------------
@@ -178,7 +178,7 @@ public class StandardActionDAO implements ActionDAO {
private static final String SELECT_PREVIOUS_VALUES = "SELECT CD.VALUE, "
+ "A.ACTION_TIMESTAMP, "
- + "A.USER_NAME "
+ + "A.IDENTITY "
+ "FROM CONFIGURE_DETAILS CD "
+ "INNER JOIN ACTION A "
+ "ON CD.ACTION_ID = A.ID "
@@ -198,7 +198,7 @@ public class StandardActionDAO implements ActionDAO {
this.columnMap.put("sourceName", "SOURCE_NAME");
this.columnMap.put("sourceType", "SOURCE_TYPE");
this.columnMap.put("operation", "OPERATION");
- this.columnMap.put("userName", "USER_NAME");
+ this.columnMap.put("userIdentity", "IDENTITY");
}
@Override
@@ -217,19 +217,17 @@ public class StandardActionDAO implements ActionDAO {
// obtain a statement to insert to the action table
statement = connection.prepareStatement(INSERT_ACTION, Statement.RETURN_GENERATED_KEYS);
statement.setString(1, StringUtils.left(action.getUserIdentity(), 4096));
- statement.setString(2, StringUtils.left(action.getUserName(), 4096));
- statement.setString(3, action.getSourceId());
- statement.setString(4, StringUtils.left(action.getSourceName(), 1000));
- statement.setString(5, action.getSourceType().toString());
- statement.setString(6, action.getOperation().toString());
- statement.setTimestamp(7, new java.sql.Timestamp(action.getTimestamp().getTime()));
+ statement.setString(2, action.getSourceId());
+ statement.setString(3, StringUtils.left(action.getSourceName(), 1000));
+ statement.setString(4, action.getSourceType().toString());
+ statement.setString(5, action.getOperation().toString());
+ statement.setTimestamp(6, new java.sql.Timestamp(action.getTimestamp().getTime()));
// insert the action
int updateCount = statement.executeUpdate();
final FlowChangeAction createdAction = new FlowChangeAction();
createdAction.setUserIdentity(action.getUserIdentity());
- createdAction.setUserName(action.getUserName());
createdAction.setSourceId(action.getSourceId());
createdAction.setSourceName(action.getSourceName());
createdAction.setSourceType(action.getSourceType());
@@ -458,8 +456,8 @@ public class StandardActionDAO implements ActionDAO {
}
// append the user id as necessary
- if (historyQuery.getUserName() != null) {
- where.add("UPPER(USER_NAME) LIKE ?");
+ if (historyQuery.getUserIdentity() != null) {
+ where.add("UPPER(IDENTITY) LIKE ?");
}
// append the source id as necessary
@@ -487,8 +485,8 @@ public class StandardActionDAO implements ActionDAO {
}
// set the user id as necessary
- if (historyQuery.getUserName() != null) {
- statement.setString(paramIndex++, "%" + historyQuery.getUserName().toUpperCase() + "%");
+ if (historyQuery.getUserIdentity() != null) {
+ statement.setString(paramIndex++, "%" + historyQuery.getUserIdentity().toUpperCase() + "%");
}
// set the source id as necessary
@@ -535,8 +533,8 @@ public class StandardActionDAO implements ActionDAO {
}
// set the user id as necessary
- if (historyQuery.getUserName() != null) {
- statement.setString(paramIndex++, "%" + historyQuery.getUserName().toUpperCase() + "%");
+ if (historyQuery.getUserIdentity() != null) {
+ statement.setString(paramIndex++, "%" + historyQuery.getUserIdentity().toUpperCase() + "%");
}
// set the source id as necessary
@@ -562,7 +560,6 @@ public class StandardActionDAO implements ActionDAO {
FlowChangeAction action = new FlowChangeAction();
action.setId(actionId);
action.setUserIdentity(rs.getString("IDENTITY"));
- action.setUserName(rs.getString("USER_NAME"));
action.setOperation(Operation.valueOf(rs.getString("OPERATION")));
action.setTimestamp(new Date(rs.getTimestamp("ACTION_TIMESTAMP").getTime()));
action.setSourceId(rs.getString("SOURCE_ID"));
@@ -636,7 +633,6 @@ public class StandardActionDAO implements ActionDAO {
action = new FlowChangeAction();
action.setId(rs.getInt("ID"));
action.setUserIdentity(rs.getString("IDENTITY"));
- action.setUserName(rs.getString("USER_NAME"));
action.setOperation(operation);
action.setTimestamp(new Date(rs.getTimestamp("ACTION_TIMESTAMP").getTime()));
action.setSourceId(rs.getString("SOURCE_ID"));
@@ -907,7 +903,7 @@ public class StandardActionDAO implements ActionDAO {
final PreviousValue previousValue = new PreviousValue();
previousValue.setPreviousValue(rs.getString("VALUE"));
previousValue.setTimestamp(new Date(rs.getTimestamp("ACTION_TIMESTAMP").getTime()));
- previousValue.setUserName(rs.getString("USER_NAME"));
+ previousValue.setUserIdentity(rs.getString("IDENTITY"));
previousValues.add(previousValue);
}
} catch (SQLException sqle) {
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java
index cc337fd..9d19361 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java
@@ -157,16 +157,11 @@ public class StandardKeyDAO implements KeyDAO {
@Override
public void deleteKeys(String identity) {
- // ensure there are some authorities to create
PreparedStatement statement = null;
try {
// add each authority for the specified user
statement = connection.prepareStatement(DELETE_KEYS);
- statement.setString(1, identity);
-
- // insert the authorities
- int count = statement.executeUpdate();
- System.out.println();
+ statement.executeUpdate();
} catch (SQLException sqle) {
throw new DataAccessException(sqle);
} catch (DataAccessException dae) {
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/HistoryQuery.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/HistoryQuery.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/HistoryQuery.java
index 53cc13c..e9970c5 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/HistoryQuery.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/HistoryQuery.java
@@ -23,7 +23,7 @@ import java.util.Date;
*/
public class HistoryQuery {
- private String userName;
+ private String userIdentity;
private String sourceId;
private Date startDate;
private Date endDate;
@@ -56,12 +56,12 @@ public class HistoryQuery {
this.startDate = startDate;
}
- public String getUserName() {
- return userName;
+ public String getUserIdentity() {
+ return userIdentity;
}
- public void setUserName(String userName) {
- this.userName = userName;
+ public void setUserIdentity(String userIdentity) {
+ this.userIdentity = userIdentity;
}
public Integer getOffset() {
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/PreviousValue.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/PreviousValue.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/PreviousValue.java
index 6ece5cf..e4cce3e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/PreviousValue.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/PreviousValue.java
@@ -25,7 +25,7 @@ public class PreviousValue {
private String previousValue;
private Date timestamp;
- private String userName;
+ private String userIdentity;
public String getPreviousValue() {
return previousValue;
@@ -43,12 +43,12 @@ public class PreviousValue {
this.timestamp = timestamp;
}
- public String getUserName() {
- return userName;
+ public String getUserIdentity() {
+ return userIdentity;
}
- public void setUserName(String userName) {
- this.userName = userName;
+ public void setUserIdentity(String userIdentity) {
+ this.userIdentity = userIdentity;
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java
index 5962cc2..fa334c4 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java
@@ -52,21 +52,6 @@ public class AccessStatusDTO {
}
/**
- * @return the username
- */
- @ApiModelProperty(
- value = "The username.",
- readOnly = true
- )
- public String getUsername() {
- return username;
- }
-
- public void setUsername(String username) {
- this.username = username;
- }
-
- /**
* @return the user access status
*/
@ApiModelProperty(
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/PreviousValueDTO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/PreviousValueDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/PreviousValueDTO.java
index 132456c..558f471 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/PreviousValueDTO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/PreviousValueDTO.java
@@ -17,10 +17,11 @@
package org.apache.nifi.web.api.dto;
import com.wordnik.swagger.annotations.ApiModelProperty;
-import java.util.Date;
+import org.apache.nifi.web.api.dto.util.DateTimeAdapter;
+
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
-import org.apache.nifi.web.api.dto.util.DateTimeAdapter;
+import java.util.Date;
/**
* The previous value for a processor property.
@@ -30,7 +31,7 @@ public class PreviousValueDTO {
private String previousValue;
private Date timestamp;
- private String userName;
+ private String userIdentity;
/**
* @return previous value
@@ -67,11 +68,11 @@ public class PreviousValueDTO {
@ApiModelProperty(
value = "The user who changed the previous value."
)
- public String getUserName() {
- return userName;
+ public String getUserIdentity() {
+ return userIdentity;
}
- public void setUserName(String userName) {
- this.userName = userName;
+ public void setUserIdentity(String userIdentity) {
+ this.userIdentity = userIdentity;
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/ActionDTO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/ActionDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/ActionDTO.java
index d4dea38..1332f5c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/ActionDTO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/ActionDTO.java
@@ -17,13 +17,14 @@
package org.apache.nifi.web.api.dto.action;
import com.wordnik.swagger.annotations.ApiModelProperty;
-import java.util.Date;
-import javax.xml.bind.annotation.XmlType;
-import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
import org.apache.nifi.web.api.dto.action.component.details.ComponentDetailsDTO;
import org.apache.nifi.web.api.dto.action.details.ActionDetailsDTO;
import org.apache.nifi.web.api.dto.util.DateTimeAdapter;
+import javax.xml.bind.annotation.XmlType;
+import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
+import java.util.Date;
+
/**
* An action performed in this NiFi.
*/
@@ -32,7 +33,6 @@ public class ActionDTO {
private Integer id;
private String userDn;
- private String userName;
private Date timestamp;
private String sourceId;
@@ -72,20 +72,6 @@ public class ActionDTO {
}
/**
- * @return user name who perform this action
- */
- @ApiModelProperty(
- value = "The name of the user that performed the action."
- )
- public String getUserName() {
- return userName;
- }
-
- public void setUserName(String userName) {
- this.userName = userName;
- }
-
- /**
* @return action's timestamp
*/
@XmlJavaTypeAdapter(DateTimeAdapter.class)
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/HistoryQueryDTO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/HistoryQueryDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/HistoryQueryDTO.java
index 7d4d21d..8dde361 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/HistoryQueryDTO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/HistoryQueryDTO.java
@@ -17,10 +17,11 @@
package org.apache.nifi.web.api.dto.action;
import com.wordnik.swagger.annotations.ApiModelProperty;
-import java.util.Date;
+import org.apache.nifi.web.api.dto.util.DateTimeAdapter;
+
import javax.xml.bind.annotation.XmlType;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
-import org.apache.nifi.web.api.dto.util.DateTimeAdapter;
+import java.util.Date;
/**
* A history query to find desired actions.
@@ -28,7 +29,7 @@ import org.apache.nifi.web.api.dto.util.DateTimeAdapter;
@XmlType(name = "historyQuery")
public class HistoryQueryDTO {
- private String userName;
+ private String userIdentity;
private String sourceId;
private Date startDate;
private Date endDate;
@@ -38,17 +39,17 @@ public class HistoryQueryDTO {
private String sortOrder;
/**
- * @return user name
+ * @return user identity
*/
@ApiModelProperty(
- value = "The name of the source component."
+ value = "The user identity."
)
- public String getUserName() {
- return userName;
+ public String getUserIdentity() {
+ return userIdentity;
}
- public void setUserName(String userName) {
- this.userName = userName;
+ public void setUserIdentity(String userIdentity) {
+ this.userIdentity = userIdentity;
}
/**
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserGroupSearchResultDTO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserGroupSearchResultDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserGroupSearchResultDTO.java
deleted file mode 100644
index ef81b88..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserGroupSearchResultDTO.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api.dto.search;
-
-import com.wordnik.swagger.annotations.ApiModelProperty;
-import javax.xml.bind.annotation.XmlType;
-
-/**
- * A search result for a matching user group.
- */
-@XmlType(name = "userGroupSearchResult")
-public class UserGroupSearchResultDTO {
-
- private String group;
-
- /**
- * @return name of the group that matched
- */
- @ApiModelProperty(
- value = "The name of the group that matched the search."
- )
- public String getGroup() {
- return group;
- }
-
- public void setGroup(String group) {
- this.group = group;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserSearchResultDTO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserSearchResultDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserSearchResultDTO.java
deleted file mode 100644
index 8bed771..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserSearchResultDTO.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api.dto.search;
-
-import com.wordnik.swagger.annotations.ApiModelProperty;
-import javax.xml.bind.annotation.XmlType;
-
-/**
- * A search result for a matching user.
- */
-@XmlType(name = "userSearchResult")
-public class UserSearchResultDTO {
-
- private String userName;
- private String userDn;
-
- /**
- * @return dn of the user that matched
- */
- @ApiModelProperty(
- value = "The dn of the user that matched the search."
- )
- public String getUserDn() {
- return userDn;
- }
-
- public void setUserDn(String userDn) {
- this.userDn = userDn;
- }
-
- /**
- * @return username of user that matched
- */
- @ApiModelProperty(
- value = "The name of the user that matched the search."
- )
- public String getUserName() {
- return userName;
- }
-
- public void setUserName(String userName) {
- this.userName = userName;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AuthorityEntity.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AuthorityEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AuthorityEntity.java
deleted file mode 100644
index 9b023ba..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AuthorityEntity.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api.entity;
-
-import java.util.Set;
-
-import javax.xml.bind.annotation.XmlRootElement;
-
-/**
- * A serialized representation of this class can be placed in the entity body of a response to the API. This particular entity holds a set of user authorities.
- */
-@XmlRootElement(name = "authoritiesEntity")
-public class AuthorityEntity extends Entity {
-
- private String userId;
- private Set<String> authorities;
-
- /**
- * @return current user id
- */
- public String getUserId() {
- return userId;
- }
-
- public void setUserId(String userId) {
- this.userId = userId;
- }
-
- /**
- * @return set of authorities that are being serialized
- */
- public Set<String> getAuthorities() {
- return authorities;
- }
-
- public void setAuthorities(Set<String> authorities) {
- this.authorities = authorities;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/CurrentUserEntity.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/CurrentUserEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/CurrentUserEntity.java
new file mode 100644
index 0000000..1a7ff1c
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/CurrentUserEntity.java
@@ -0,0 +1,102 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.api.entity;
+
+import org.apache.nifi.web.api.dto.AccessPolicyDTO;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+/**
+ * A serialized representation of this class can be placed in the entity body of a response to the API. This particular entity holds the users identity.
+ */
+@XmlRootElement(name = "currentEntity")
+public class CurrentUserEntity extends Entity {
+
+ private String identity;
+ private boolean anonymous;
+
+ private AccessPolicyDTO provenancePermissions;
+ private AccessPolicyDTO countersPermissions;
+ private AccessPolicyDTO tenantsPermissions;
+ private AccessPolicyDTO controllerPermissions;
+
+ /**
+ * @return the user identity being serialized
+ */
+ public String getIdentity() {
+ return identity;
+ }
+
+ public void setIdentity(String identity) {
+ this.identity = identity;
+ }
+
+ /**
+ * @return if the user is anonymous
+ */
+ public boolean isAnonymous() {
+ return anonymous;
+ }
+
+ public void setAnonymous(boolean anonymous) {
+ this.anonymous = anonymous;
+ }
+
+ /**
+ * @return if the use can query provenance
+ */
+ public AccessPolicyDTO getProvenancePermissions() {
+ return provenancePermissions;
+ }
+
+ public void setProvenancePermissions(AccessPolicyDTO provenancePermissions) {
+ this.provenancePermissions = provenancePermissions;
+ }
+
+ /**
+ * @return permissions for accessing counters
+ */
+ public AccessPolicyDTO getCountersPermissions() {
+ return countersPermissions;
+ }
+
+ public void setCountersPermissions(AccessPolicyDTO countersPermissions) {
+ this.countersPermissions = countersPermissions;
+ }
+
+ /**
+ * @return permissions for accessing users
+ */
+ public AccessPolicyDTO getTenantsPermissions() {
+ return tenantsPermissions;
+ }
+
+ public void setTenantsPermissions(AccessPolicyDTO tenantsPermissions) {
+ this.tenantsPermissions = tenantsPermissions;
+ }
+
+ /**
+ * @return permissions for accessing the controller
+ */
+ public AccessPolicyDTO getControllerPermissions() {
+ return controllerPermissions;
+ }
+
+ public void setControllerPermissions(AccessPolicyDTO controllerPermissions) {
+ this.controllerPermissions = controllerPermissions;
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/IdentityEntity.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/IdentityEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/IdentityEntity.java
deleted file mode 100644
index ee38efe..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/IdentityEntity.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api.entity;
-
-import javax.xml.bind.annotation.XmlRootElement;
-
-/**
- * A serialized representation of this class can be placed in the entity body of a response to the API. This particular entity holds the users identity.
- */
-@XmlRootElement(name = "identityEntity")
-public class IdentityEntity extends Entity {
-
- private String userId;
- private String identity;
- private boolean anonymous;
-
- /**
- * @return current user id
- */
- public String getUserId() {
- return userId;
- }
-
- public void setUserId(String userId) {
- this.userId = userId;
- }
-
- /**
- * @return the user identity being serialized
- */
- public String getIdentity() {
- return identity;
- }
-
- public void setIdentity(String identity) {
- this.identity = identity;
- }
-
- /**
- * @return if the user is anonymous
- */
- public boolean isAnonymous() {
- return anonymous;
- }
-
- public void setAnonymous(boolean anonymous) {
- this.anonymous = anonymous;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplateEntity.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplateEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplateEntity.java
index 553d686..483de4f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplateEntity.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplateEntity.java
@@ -16,14 +16,15 @@
*/
package org.apache.nifi.web.api.entity;
-import javax.xml.bind.annotation.XmlRootElement;
import org.apache.nifi.web.api.dto.TemplateDTO;
+import javax.xml.bind.annotation.XmlRootElement;
+
/**
* A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a TemplateDTO.
*/
@XmlRootElement(name = "templateEntity")
-public class TemplateEntity extends Entity {
+public class TemplateEntity extends ComponentEntity {
private TemplateDTO template;
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplatesEntity.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplatesEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplatesEntity.java
index 3a9f46d..42ea3cd 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplatesEntity.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplatesEntity.java
@@ -16,12 +16,12 @@
*/
package org.apache.nifi.web.api.entity;
-import java.util.Date;
-import java.util.Set;
+import org.apache.nifi.web.api.dto.util.TimeAdapter;
+
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
-import org.apache.nifi.web.api.dto.TemplateDTO;
-import org.apache.nifi.web.api.dto.util.TimeAdapter;
+import java.util.Date;
+import java.util.Set;
/**
* A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a set of TemplateDTOs.
@@ -29,7 +29,7 @@ import org.apache.nifi.web.api.dto.util.TimeAdapter;
@XmlRootElement(name = "templatesEntity")
public class TemplatesEntity extends Entity {
- private Set<TemplateDTO> templates;
+ private Set<TemplateEntity> templates;
private Date generated;
/**
@@ -37,11 +37,11 @@ public class TemplatesEntity extends Entity {
*
* @return The TemplateDTO object
*/
- public Set<TemplateDTO> getTemplates() {
+ public Set<TemplateEntity> getTemplates() {
return templates;
}
- public void setTemplates(Set<TemplateDTO> templates) {
+ public void setTemplates(Set<TemplateEntity> templates) {
this.templates = templates;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserSearchResultsEntity.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserSearchResultsEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserSearchResultsEntity.java
deleted file mode 100644
index fcdeee3..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserSearchResultsEntity.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api.entity;
-
-import java.util.List;
-import javax.xml.bind.annotation.XmlRootElement;
-import org.apache.nifi.web.api.dto.search.UserGroupSearchResultDTO;
-import org.apache.nifi.web.api.dto.search.UserSearchResultDTO;
-
-/**
- * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to UserSearchResultDTOs and
- * UserGroupSearchResultDTOs.
- */
-@XmlRootElement(name = "userSearchResultsEntity")
-public class UserSearchResultsEntity {
-
- private List<UserSearchResultDTO> userResults;
- private List<UserGroupSearchResultDTO> userGroupResults;
-
- /**
- * @return user search results
- */
- public List<UserSearchResultDTO> getUserResults() {
- return userResults;
- }
-
- public void setUserResults(List<UserSearchResultDTO> userResults) {
- this.userResults = userResults;
- }
-
- /**
- * @return user group search results
- */
- public List<UserGroupSearchResultDTO> getUserGroupResults() {
- return userGroupResults;
- }
-
- public void setUserGroupResults(List<UserGroupSearchResultDTO> userGroupResults) {
- this.userGroupResults = userGroupResults;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
index 7c04298..e49e24e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
@@ -69,7 +69,7 @@ import java.util.concurrent.atomic.AtomicReference;
import java.util.zip.GZIPInputStream;
/**
- * Provides identity checks and grants authorities.
+ * Provides authorizes requests to resources using policies persisted in a file.
*/
public class FileAuthorizer extends AbstractPolicyBasedAuthorizer {
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/NiFiUserUtils.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/NiFiUserUtils.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/NiFiUserUtils.java
index 840df69..4a75274 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/NiFiUserUtils.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/NiFiUserUtils.java
@@ -47,13 +47,13 @@ public final class NiFiUserUtils {
return user;
}
- public static String getNiFiUserName() {
+ public static String getNiFiUserIdentity() {
// get the nifi user to extract the username
NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user == null) {
return "unknown";
} else {
- return user.getUserName();
+ return user.getIdentity();
}
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/StandardNiFiUser.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/StandardNiFiUser.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/StandardNiFiUser.java
index 8c41a1f..8d50151 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/StandardNiFiUser.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/StandardNiFiUser.java
@@ -16,32 +16,24 @@
*/
package org.apache.nifi.authorization.user;
-import java.io.Serializable;
import java.util.Objects;
/**
* An implementation of NiFiUser.
*/
-public class StandardNiFiUser implements NiFiUser, Serializable {
- private static final long serialVersionUID = -5503790026187817496L;
+public class StandardNiFiUser implements NiFiUser {
public static final StandardNiFiUser ANONYMOUS = new StandardNiFiUser("anonymous");
private final String identity;
- private final String userName;
private final NiFiUser chain;
public StandardNiFiUser(String identity) {
- this(identity, identity, null);
+ this(identity, null);
}
public StandardNiFiUser(String identity, NiFiUser chain) {
- this(identity, identity, chain);
- }
-
- public StandardNiFiUser(String identity, String userName, NiFiUser chain) {
this.identity = identity;
- this.userName = userName;
this.chain = chain;
}
@@ -52,11 +44,6 @@ public class StandardNiFiUser implements NiFiUser, Serializable {
}
@Override
- public String getUserName() {
- return userName;
- }
-
- @Override
public NiFiUser getChain() {
return chain;
}
@@ -89,6 +76,6 @@ public class StandardNiFiUser implements NiFiUser, Serializable {
@Override
public String toString() {
- return String.format("identity[%s], userName[%s]", getIdentity(), getUserName(), ", ");
+ return String.format("identity[%s]", getIdentity());
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/Template.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/Template.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/Template.java
index b330581..5231095 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/Template.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/Template.java
@@ -16,9 +16,6 @@
*/
package org.apache.nifi.controller;
-import java.util.HashSet;
-import java.util.Set;
-
import org.apache.nifi.authorization.AccessDeniedException;
import org.apache.nifi.authorization.AuthorizationRequest;
import org.apache.nifi.authorization.AuthorizationResult;
@@ -32,6 +29,7 @@ import org.apache.nifi.authorization.resource.ResourceType;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.connectable.Connection;
import org.apache.nifi.controller.label.Label;
+import org.apache.nifi.controller.service.ControllerServiceNode;
import org.apache.nifi.groups.ProcessGroup;
import org.apache.nifi.groups.RemoteProcessGroup;
import org.apache.nifi.web.api.dto.ConnectionDTO;
@@ -43,6 +41,9 @@ import org.apache.nifi.web.api.dto.ProcessorDTO;
import org.apache.nifi.web.api.dto.RemoteProcessGroupDTO;
import org.apache.nifi.web.api.dto.TemplateDTO;
+import java.util.HashSet;
+import java.util.Set;
+
public class Template implements Authorizable {
private final TemplateDTO dto;
@@ -84,53 +85,68 @@ public class Template implements Authorizable {
return ResourceFactory.getComponentResource(ResourceType.Template, dto.getId(), dto.getName());
}
+ private ProcessGroup getRootGroup(final ProcessGroup currentGroup) {
+ if (currentGroup.getParent() == null) {
+ return currentGroup;
+ } else {
+ return getRootGroup(currentGroup.getParent());
+ }
+ }
+
private Set<Authorizable> getAuthorizableComponents() {
- return getAuthorizableComponents(processGroup);
+ return getAuthorizableComponents(processGroup.getIdentifier(), dto.getSnippet());
}
- private Set<Authorizable> getAuthorizableComponents(final ProcessGroup processGroup) {
+ private Set<Authorizable> getAuthorizableComponents(final String currentGroupId, final FlowSnippetDTO snippet) {
final Set<Authorizable> authComponents = new HashSet<>();
- final FlowSnippetDTO snippet = dto.getSnippet();
- authComponents.add(processGroup);
+ // If there is any component in the DTO that still exists in the flow, check its authorizations...
+ // need to go to the root group in case a sensitive processor was moved out of this processGroup
+ final ProcessGroup root = getRootGroup(processGroup);
+
+ // include the current group
+ final ProcessGroup currentGroup = root.findProcessGroup(currentGroupId);
+ authComponents.add(currentGroup);
- // If there is any component in the DTO that still exists in the flow, check its authorizations
for (final ConnectionDTO connectionDto : snippet.getConnections()) {
- final Connection connection = processGroup.getConnection(connectionDto.getId());
+ final Connection connection = root.findConnection(connectionDto.getId());
if (connection != null) {
authComponents.add(connection);
}
}
- // TODO: Authorize Controller Services
for (final ControllerServiceDTO service : snippet.getControllerServices()) {
+ final ControllerServiceNode controllerService = root.findControllerService(service.getId());
+ if (controllerService != null) {
+ authComponents.add(controllerService);
+ }
}
for (final LabelDTO labelDto : snippet.getLabels()) {
- final Label label = processGroup.getLabel(labelDto.getId());
+ final Label label = root.findLabel(labelDto.getId());
if (label != null) {
authComponents.add(label);
}
}
for (final ProcessorDTO processorDto : snippet.getProcessors()) {
- final ProcessorNode procNode = processGroup.getProcessor(processorDto.getId());
+ final ProcessorNode procNode = root.findProcessor(processorDto.getId());
if (procNode != null) {
authComponents.add(procNode);
}
}
for (final RemoteProcessGroupDTO groupDto : snippet.getRemoteProcessGroups()) {
- final RemoteProcessGroup rpg = processGroup.getRemoteProcessGroup(groupDto.getId());
+ final RemoteProcessGroup rpg = root.findRemoteProcessGroup(groupDto.getId());
if (rpg != null) {
authComponents.add(rpg);
}
}
for (final ProcessGroupDTO groupDto : snippet.getProcessGroups()) {
- final ProcessGroup group = processGroup.getProcessGroup(groupDto.getId());
+ final ProcessGroup group = root.findProcessGroup(groupDto.getId());
if (group != null) {
- authComponents.addAll(getAuthorizableComponents(group));
+ authComponents.addAll(getAuthorizableComponents(groupDto.getId(), groupDto.getContents()));
}
}
@@ -170,12 +186,15 @@ public class Template implements Authorizable {
if (Result.ResourceNotFound.equals(result.getResult())) {
for (final Authorizable child : getAuthorizableComponents()) {
final AuthorizationResult childResult = child.checkAuthorization(authorizer, action, user);
- if (Result.Denied.equals(childResult)) {
+
+ // if the authoriable in this template explicitly says no, respect it
+ if (Result.Denied.equals(childResult.getResult())) {
return childResult;
}
}
- return AuthorizationResult.denied();
+ // if all authorizables are approved or no longer have a policy, approve it
+ return AuthorizationResult.approved();
} else {
return result;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java
index 6b643e6..a931841 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java
@@ -2249,6 +2249,10 @@ public final class StandardProcessGroup implements ProcessGroup {
childGroup.verifyCanDelete(true);
}
+ if (!templates.isEmpty()) {
+ throw new IllegalStateException(String.format("Cannot delete Process Group because it contains %s Templates. The Templates must be deleted first.", templates.size()));
+ }
+
if (!ignoreConnections) {
for (final Port port : inputPorts.values()) {
for (final Connection connection : port.getIncomingConnections()) {
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-user-actions/src/main/java/org/apache/nifi/action/FlowChangeAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-user-actions/src/main/java/org/apache/nifi/action/FlowChangeAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-user-actions/src/main/java/org/apache/nifi/action/FlowChangeAction.java
index ad22059..4d8d1d0 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-user-actions/src/main/java/org/apache/nifi/action/FlowChangeAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-user-actions/src/main/java/org/apache/nifi/action/FlowChangeAction.java
@@ -27,7 +27,6 @@ public class FlowChangeAction implements Action {
private Integer id;
private String userIdentity;
- private String userName;
private Date timestamp;
private String sourceId;
@@ -66,15 +65,6 @@ public class FlowChangeAction implements Action {
}
@Override
- public String getUserName() {
- return userName;
- }
-
- public void setUserName(String userName) {
- this.userName = userName;
- }
-
- @Override
public String getSourceId() {
return sourceId;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ComponentStateAuditor.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ComponentStateAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ComponentStateAuditor.java
index e231456..2f70796 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ComponentStateAuditor.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ComponentStateAuditor.java
@@ -73,7 +73,6 @@ public class ComponentStateAuditor extends NiFiAuditor {
// create the clear action
FlowChangeAction configAction = new FlowChangeAction();
configAction.setUserIdentity(user.getIdentity());
- configAction.setUserName(user.getUserName());
configAction.setOperation(Operation.ClearState);
configAction.setTimestamp(new Date());
configAction.setSourceId(processor.getIdentifier());
@@ -120,7 +119,6 @@ public class ComponentStateAuditor extends NiFiAuditor {
// create the clear action
FlowChangeAction configAction = new FlowChangeAction();
configAction.setUserIdentity(user.getIdentity());
- configAction.setUserName(user.getUserName());
configAction.setOperation(Operation.ClearState);
configAction.setTimestamp(new Date());
configAction.setSourceId(controllerService.getIdentifier());
@@ -167,7 +165,6 @@ public class ComponentStateAuditor extends NiFiAuditor {
// create the clear action
FlowChangeAction configAction = new FlowChangeAction();
configAction.setUserIdentity(user.getIdentity());
- configAction.setUserName(user.getUserName());
configAction.setOperation(Operation.ClearState);
configAction.setTimestamp(new Date());
configAction.setSourceId(reportingTask.getIdentifier());