You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ma...@apache.org on 2016/04/15 22:03:53 UTC
[01/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Repository: nifi
Updated Branches:
refs/heads/master 7db78e87a -> 153f63ef4
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js
deleted file mode 100644
index 7ab4a76..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users-table.js
+++ /dev/null
@@ -1,1075 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* global nf, Slick */
-
-nf.UsersTable = (function () {
-
- /**
- * Configuration object used to hold a number of configuration items.
- */
- var config = {
- filterText: 'Filter',
- styles: {
- filterList: 'users-filter-list'
- },
- urls: {
- users: '../nifi-api/controller/users',
- userGroups: '../nifi-api/controller/user-groups'
- }
- };
-
- /**
- * Initializes the user details dialog.
- */
- var initUserDetailsDialog = function () {
- $('#user-details-dialog').modal({
- headerText: 'User Details',
- overlayBackground: false,
- buttons: [{
- buttonText: 'Ok',
- handler: {
- click: function () {
- $('#user-details-dialog').modal('hide');
- }
- }
- }],
- handler: {
- close: function () {
- // clear the details
- $('#user-name-details-dialog').text('');
- $('#user-dn-details-dialog').text('');
- $('#user-created-details-dialog').text('');
- $('#user-verified-details-dialog').text('');
- $('#user-justification-details-dialog').text('');
- }
- }
- });
- };
-
- /**
- * Initializes the user roles dialog.
- */
- var initUserRolesDialog = function () {
- $('#user-roles-dialog').modal({
- headerText: 'User Roles',
- overlayBackground: false,
- buttons: [{
- buttonText: 'Apply',
- handler: {
- click: function () {
- var userId = $('#user-id-roles-dialog').val();
- var userRoles = [];
-
- // function for determining if a checkbox is checked
- var isChecked = function (domId) {
- return $('#' + domId).hasClass('checkbox-checked');
- };
-
- // determine the user roles
- if (isChecked('role-admin-checkbox')) {
- userRoles.push('ROLE_ADMIN');
- }
- if (isChecked('role-dfm-checkbox')) {
- userRoles.push('ROLE_DFM');
- }
- if (isChecked('role-provenance-checkbox')) {
- userRoles.push('ROLE_PROVENANCE');
- }
- if (isChecked('role-monitor-checkbox')) {
- userRoles.push('ROLE_MONITOR');
- }
- if (isChecked('role-nifi-checkbox')) {
- userRoles.push('ROLE_NIFI');
- }
- if (isChecked('role-proxy-checkbox')) {
- userRoles.push('ROLE_PROXY');
- }
-
- var userDto = {};
- userDto['id'] = userId;
- userDto['authorities'] = userRoles;
-
- // ensure the account is active
- userDto['status'] = 'ACTIVE';
-
- var userEntity = {};
- userEntity['user'] = userDto;
-
- // update the user
- $.ajax({
- type: 'PUT',
- url: config.urls.users + '/' + encodeURIComponent(userId),
- data: JSON.stringify(userEntity),
- contentType: 'application/json',
- dataType: 'json'
- }).done(function (response) {
- if (nf.Common.isDefinedAndNotNull(response.user)) {
- var user = response.user;
-
- // get the table and update the row accordingly
- var usersGrid = $('#users-table').data('gridInstance');
- var usersData = usersGrid.getData();
- usersData.updateItem(user.id, user);
- }
- }).fail(nf.Common.handleAjaxError);
-
- // hide the dialog
- $('#user-roles-dialog').modal('hide');
- }
- }
- }, {
- buttonText: 'Cancel',
- handler: {
- click: function () {
- $('#user-roles-dialog').modal('hide');
- }
- }
- }],
- handler: {
- close: function () {
- // uncheck every box
- $('div.role-checkbox').removeClass('checkbox-checked').addClass('checkbox-unchecked');
- $('#user-id-roles-dialog').val('');
- }
- }
- });
- };
-
- /**
- * Initializes the group roles dialog.
- */
- var initGroupRolesDialog = function () {
- $('#group-roles-dialog').modal({
- headerText: 'Group Roles',
- overlayBackground: false,
- buttons: [{
- buttonText: 'Apply',
- handler: {
- click: function () {
- var group = $('#group-name-roles-dialog').text();
- var groupRoles = [];
-
- // function for determining if a checkbox is checked
- var isChecked = function (domId) {
- return $('#' + domId).hasClass('checkbox-checked');
- };
-
- // determine the user roles
- if (isChecked('group-role-admin-checkbox')) {
- groupRoles.push('ROLE_ADMIN');
- }
- if (isChecked('group-role-dfm-checkbox')) {
- groupRoles.push('ROLE_DFM');
- }
- if (isChecked('group-role-provenance-checkbox')) {
- groupRoles.push('ROLE_PROVENANCE');
- }
- if (isChecked('group-role-monitor-checkbox')) {
- groupRoles.push('ROLE_MONITOR');
- }
- if (isChecked('group-role-nifi-checkbox')) {
- groupRoles.push('ROLE_NIFI');
- }
- if (isChecked('group-role-proxy-checkbox')) {
- groupRoles.push('ROLE_PROXY');
- }
-
- var userGroupDto = {};
- userGroupDto['group'] = group;
- userGroupDto['authorities'] = groupRoles;
-
- // ensure the accounts are active
- userGroupDto['status'] = 'ACTIVE';
-
- var userGroupEntity = {};
- userGroupEntity['userGroup'] = userGroupDto;
-
- // update the user
- $.ajax({
- type: 'PUT',
- url: config.urls.userGroups + '/' + encodeURIComponent(group),
- data: JSON.stringify(userGroupEntity),
- contentType: 'application/json',
- dataType: 'json'
- }).done(function () {
- nf.UsersTable.loadUsersTable();
- }).fail(nf.Common.handleAjaxError);
-
- // hide the dialog
- $('#group-roles-dialog').modal('hide');
- }
- }
- }, {
- buttonText: 'Cancel',
- handler: {
- click: function () {
- $('#group-roles-dialog').modal('hide');
- }
- }
- }],
- handler: {
- close: function () {
- // uncheck every box
- $('div.role-checkbox').removeClass('checkbox-checked').addClass('checkbox-unchecked');
- $('#group-name-roles-dialog').text('');
- }
- }
- });
- };
-
- var initUserDeleteDialog = function () {
- $('#user-delete-dialog').modal({
- headerText: 'Delete User',
- overlayBackground: false,
- buttons: [{
- buttonText: 'Delete',
- handler: {
- click: function () {
- var userId = $('#user-id-delete-dialog').val();
-
- // update the user
- $.ajax({
- type: 'DELETE',
- url: config.urls.users + '/' + encodeURIComponent(userId),
- dataType: 'json'
- }).done(function () {
- nf.UsersTable.loadUsersTable();
- }).fail(nf.Common.handleAjaxError);
-
- // hide the dialog
- $('#user-delete-dialog').modal('hide');
- }
- }
- }, {
- buttonText: 'Cancel',
- handler: {
- click: function () {
- $('#user-delete-dialog').modal('hide');
- }
- }
- }],
- handler: {
- close: function () {
- // clear the current user
- $('#user-id-delete-dialog').val('');
- $('#user-name-delete-dialog').text('');
- }
- }
- });
- };
-
- /**
- * Initializes the user revoke dialog.
- */
- var initUserRevokeDialog = function () {
- $('#user-revoke-dialog').modal({
- headerText: 'Revoke Access',
- overlayBackground: false,
- buttons: [{
- buttonText: 'Revoke',
- handler: {
- click: function () {
- var userId = $('#user-id-revoke-dialog').val();
-
- // update the user
- $.ajax({
- type: 'PUT',
- url: config.urls.users + '/' + encodeURIComponent(userId),
- data: {
- 'status': 'DISABLED'
- },
- dataType: 'json'
- }).done(function (response) {
- if (nf.Common.isDefinedAndNotNull(response.user)) {
- var user = response.user;
-
- // get the table and update the row accordingly
- var usersGrid = $('#users-table').data('gridInstance');
- var usersData = usersGrid.getData();
- usersData.updateItem(user.id, user);
- }
- }).fail(nf.Common.handleAjaxError);
-
- // hide the dialog
- $('#user-revoke-dialog').modal('hide');
- }
- }
- }, {
- buttonText: 'Cancel',
- handler: {
- click: function () {
- $('#user-revoke-dialog').modal('hide');
- }
- }
- }],
- handler: {
- close: function () {
- // clear the current user
- $('#user-id-revoke-dialog').val('');
- $('#user-name-revoke-dialog').text('');
- }
- }
- });
- };
-
- /**
- * Initializes the group revoke dialog.
- */
- var initGroupRevokeDialog = function () {
- $('#group-revoke-dialog').modal({
- headerText: 'Revoke Access',
- overlayBackground: false,
- buttons: [{
- buttonText: 'Revoke',
- handler: {
- click: function () {
- var groupName = $('#group-name-revoke-dialog').text();
-
- // update the group
- $.ajax({
- type: 'PUT',
- url: config.urls.userGroups + '/' + encodeURIComponent(groupName),
- data: {
- 'status': 'DISABLED'
- },
- dataType: 'json'
- }).done(function () {
- nf.UsersTable.loadUsersTable();
- }).fail(nf.Common.handleAjaxError);
-
- // hide the dialog
- $('#group-revoke-dialog').modal('hide');
- }
- }
- }, {
- buttonText: 'Cancel',
- handler: {
- click: function () {
- $('#group-revoke-dialog').modal('hide');
- }
- }
- }],
- handler: {
- close: function () {
- // clear the current group
- $('#group-name-revoke-dialog').text('');
- }
- }
- });
- };
-
- /**
- * Initializes the user revoke dialog.
- */
- var initUserGroupDialog = function () {
- $('#user-group-dialog').modal({
- headerText: 'Set Users Group',
- overlayBackground: false,
- buttons: [{
- buttonText: 'Group',
- handler: {
- click: function () {
- var group = $.trim($('#group-name').val());
-
- // ensure a group name was specified
- if (group === '') {
- nf.Dialog.showOkDialog({
- headerText: 'Group Users',
- dialogContent: 'Group name cannot be blank.',
- overlayBackground: false
- });
- } else {
- var userIds = $('#group-name').data('selected-user-ids');
-
- var userGroupDto = {};
- userGroupDto['userIds'] = userIds;
- userGroupDto['group'] = group;
-
- var userGroupEntity = {};
- userGroupEntity['userGroup'] = userGroupDto;
-
- // update the user
- $.ajax({
- type: 'PUT',
- url: config.urls.userGroups + '/' + encodeURIComponent(group),
- data: JSON.stringify(userGroupEntity),
- contentType: 'application/json',
- dataType: 'json'
- }).done(function () {
- nf.UsersTable.loadUsersTable();
- }).fail(nf.Common.handleAjaxError);
- }
-
- // hide the dialog
- $('#user-group-dialog').modal('hide');
- }
- }
- }, {
- buttonText: 'Cancel',
- handler: {
- click: function () {
- $('#user-group-dialog').modal('hide');
- }
- }
- }],
- handler: {
- close: function () {
- // clear the current configuration
- $('#group-name').removeData('selected-user-ids');
- $('#group-name').val('');
-
- // uncheck every box
- $('div.group-role-checkbox').removeClass('checkbox-checked').addClass('checkbox-unchecked');
- }
- }
- });
- };
-
- /**
- * Initializes the processor list.
- */
- var initUsersTable = function () {
- // define the function for filtering the list
- $('#users-filter').keyup(function () {
- applyFilter();
- }).focus(function () {
- if ($(this).hasClass(config.styles.filterList)) {
- $(this).removeClass(config.styles.filterList).val('');
- }
- }).blur(function () {
- if ($(this).val() === '') {
- $(this).addClass(config.styles.filterList).val(config.filterText);
- }
- }).addClass(config.styles.filterList).val(config.filterText);
-
- // filter type
- $('#users-filter-type').combo({
- options: [{
- text: 'by user',
- value: 'userName'
- }, {
- text: 'by group',
- value: 'userGroup'
- }, {
- text: 'by role',
- value: 'authorities'
- }],
- select: function (option) {
- applyFilter();
- }
- });
-
- // add hover effect and click handler for opening the group dialog
- nf.Common.addHoverEffect('#group-button', 'button-normal', 'button-over').click(function () {
- groupUsers();
- });
-
- // listen for browser resize events to update the page size
- $(window).resize(function () {
- nf.UsersTable.resetTableSize();
- });
-
- // define a custom formatter for the more details column
- var moreDetailsFormatter = function (row, cell, value, columnDef, dataContext) {
- return '<img src="images/iconDetails.png" title="View Details" class="pointer show-user-details" style="margin-top: 4px;"/>';
- };
-
- // function for formatting the last accessed time
- var valueFormatter = function (row, cell, value, columnDef, dataContext) {
- return nf.Common.formatValue(value);
- };
-
- // function for formatting the property name
- var roleFormatter = function (row, cell, value, columnDef, dataContext) {
- var grouped = $('#group-collaspe-checkbox').hasClass('checkbox-checked');
-
- // function for converting roles into human readable role names
- var convertRoleNames = function () {
- var roleNames = [];
- $.each(value, function (i, role) {
- var roleName = role;
- if (role === 'ROLE_ADMIN') {
- roleName = 'Administrator';
- } else if (role === 'ROLE_DFM') {
- roleName = 'Data Flow Manager';
- } else if (role === 'ROLE_PROVENANCE') {
- roleName = 'Provenance';
- } else if (role === 'ROLE_MONITOR') {
- roleName = 'Read Only';
- } else if (role === 'ROLE_NIFI') {
- roleName = 'NiFi';
- } else if (role === 'ROLE_PROXY') {
- roleName = 'Proxy';
- }
- roleNames.push(roleName);
- });
- return roleNames.join(', ');
- };
-
- // generate the roles as appropriate
- if (grouped && nf.Common.isDefinedAndNotNull(dataContext.userGroup)) {
- if (dataContext.status === 'PENDING') {
- return '<span style="color: #0081D7; font-weight: bold;">Authorization Pending</span>';
- } else if (dataContext.status === 'DISABLED') {
- return '<span style="color: red; font-weight: bold;">Access Revoked</span>';
- } else if (nf.Common.isDefinedAndNotNull(value)) {
- if (!nf.Common.isEmpty(value)) {
- return convertRoleNames();
- } else {
- return '<span class="unset">No roles set</span>';
- }
- } else {
- return '<span class="unset">Multiple users with different roles</span>';
- }
- } else {
- if (dataContext.status === 'PENDING') {
- return '<span style="color: #0081D7; font-weight: bold;">Authorization Pending</span>';
- } else if (dataContext.status === 'DISABLED') {
- return '<span style="color: red; font-weight: bold;">Access Revoked</span>';
- } else if (!nf.Common.isEmpty(value)) {
- return convertRoleNames();
- } else {
- return '<span class="unset">No roles set</span>';
- }
- }
- };
-
- // function for formatting the status
- var statusFormatter = function (row, cell, value, columnDef, dataContext) {
- var grouped = $('#group-collaspe-checkbox').hasClass('checkbox-checked');
-
- // return the status as appropriate
- if (nf.Common.isDefinedAndNotNull(value)) {
- return value;
- } else if (grouped && nf.Common.isDefinedAndNotNull(dataContext.userGroup)) {
- return '<span class="unset">Multiple users with different status</span>';
- } else {
- return '<span class="unset">No status set</span>';
- }
- };
-
- // function for formatting the actions column
- var actionFormatter = function (row, cell, value, columnDef, dataContext) {
- var grouped = $('#group-collaspe-checkbox').hasClass('checkbox-checked');
-
- // if this represents a grouped row
- if (nf.Common.isDefinedAndNotNull(dataContext.userGroup) && grouped) {
- var actions = '<img src="images/iconEdit.png" title="Edit Access" class="pointer update-group-access" style="margin-top: 2px;"/> <img src="images/iconRevoke.png" title="Revoke Access" class="pointer revoke-group-access" style="margin-top: 2px;"/> <img src="images/ungroup.png" title="Ungroup" class="pointer ungroup"/>';
- } else {
- // return the appropriate markup for an individual user
- var actions = '<img src="images/iconEdit.png" title="Edit Access" class="pointer update-user-access" style="margin-top: 2px;"/>';
-
- if (dataContext.status === 'ACTIVE') {
- actions += ' <img src="images/iconRevoke.png" title="Revoke Access" class="pointer revoke-user-access"/>';
-
- // add an ungroup active if appropriate
- if (nf.Common.isDefinedAndNotNull(dataContext.userGroup)) {
- actions += ' <img src="images/ungroup.png" title="Ungroup" class="pointer ungroup-user" style="margin-top: 2px;"/>';
- }
- } else {
- actions += ' <img src="images/iconDelete.png" title="Delete Account" class="pointer delete-user-account"/>';
- }
- }
-
- return actions;
- };
-
- // initialize the templates table
- var usersColumns = [
- {id: 'moreDetails', name: ' ', sortable: false, resizable: false, formatter: moreDetailsFormatter, width: 50, maxWidth: 50},
- {id: 'userName', name: 'User', field: 'userName', sortable: true, resizable: true},
- {id: 'userGroup', name: 'Group', field: 'userGroup', sortable: true, resizable: true, formatter: valueFormatter},
- {id: 'authorities', name: 'Roles', field: 'authorities', sortable: true, resizable: true, formatter: roleFormatter},
- {id: 'lastAccessed', name: 'Last Accessed', field: 'lastAccessed', sortable: true, defaultSortAsc: false, resizable: true, formatter: valueFormatter},
- {id: 'status', name: 'Status', field: 'status', sortable: true, resizable: false, formatter: statusFormatter},
- {id: 'actions', name: ' ', sortable: false, resizable: false, formatter: actionFormatter, width: 100, maxWidth: 100}
- ];
- var usersOptions = {
- forceFitColumns: true,
- enableTextSelectionOnCells: true,
- enableCellNavigation: true,
- enableColumnReorder: false,
- autoEdit: false
- };
-
- // initialize the dataview
- var usersData = new Slick.Data.DataView({
- inlineFilters: false
- });
- usersData.setItems([]);
- usersData.setFilterArgs({
- searchString: getFilterText(),
- property: $('#users-filter-type').combo('getSelectedOption').value
- });
- usersData.setFilter(filter);
-
- // initialize the sort
- sort({
- columnId: 'userName',
- sortAsc: true
- }, usersData);
-
- // initialize the grid
- var usersGrid = new Slick.Grid('#users-table', usersData, usersColumns, usersOptions);
- usersGrid.setSelectionModel(new Slick.RowSelectionModel());
- usersGrid.registerPlugin(new Slick.AutoTooltips());
- usersGrid.setSortColumn('userName', true);
- usersGrid.onSort.subscribe(function (e, args) {
- sort({
- columnId: args.sortCol.field,
- sortAsc: args.sortAsc
- }, usersData);
- });
-
- // configure a click listener
- usersGrid.onClick.subscribe(function (e, args) {
- var target = $(e.target);
-
- // get the node at this row
- var item = usersData.getItem(args.row);
-
- // determine the desired action
- if (usersGrid.getColumns()[args.cell].id === 'actions') {
- if (target.hasClass('update-group-access')) {
- updateGroupAccess(item);
- } else if (target.hasClass('revoke-group-access')) {
- revokeGroupAccess(item);
- } else if (target.hasClass('ungroup')) {
- ungroup(item);
- } else if (target.hasClass('update-user-access')) {
- updateUserAccess(item);
- } else if (target.hasClass('revoke-user-access')) {
- revokeUserAccess(item);
- } else if (target.hasClass('ungroup-user')) {
- ungroupUser(item);
- } else if (target.hasClass('delete-user-account')) {
- deleteUserAccount(item);
- }
- } else if (usersGrid.getColumns()[args.cell].id === 'moreDetails') {
- if (target.hasClass('show-user-details')) {
- showUserDetails(item);
- }
- }
- });
-
- // wire up the dataview to the grid
- usersData.onRowCountChanged.subscribe(function (e, args) {
- usersGrid.updateRowCount();
- usersGrid.render();
-
- // update the total number of displayed processors
- $('#displayed-users').text(args.current);
- });
- usersData.onRowsChanged.subscribe(function (e, args) {
- usersGrid.invalidateRows(args.rows);
- usersGrid.render();
- });
-
- // hold onto an instance of the grid
- $('#users-table').data('gridInstance', usersGrid);
-
- // initialize the number of displayed items
- $('#displayed-users').text('0');
- };
-
- /**
- * Sorts the specified data using the specified sort details.
- *
- * @param {object} sortDetails
- * @param {object} data
- */
- var sort = function (sortDetails, data) {
- // defines a function for sorting
- var comparer = function (a, b) {
- if (sortDetails.columnId === 'lastAccessed') {
- var aDate = nf.Common.parseDateTime(a[sortDetails.columnId]);
- var bDate = nf.Common.parseDateTime(b[sortDetails.columnId]);
- return aDate.getTime() - bDate.getTime();
- } else {
- var aString = nf.Common.isDefinedAndNotNull(a[sortDetails.columnId]) ? a[sortDetails.columnId] : '';
- var bString = nf.Common.isDefinedAndNotNull(b[sortDetails.columnId]) ? b[sortDetails.columnId] : '';
- return aString === bString ? 0 : aString > bString ? 1 : -1;
- }
- };
-
- // perform the sort
- data.sort(comparer, sortDetails.sortAsc);
- };
-
- /**
- * Prompts to gather user group name.
- */
- var groupUsers = function () {
- // get the table and update the row accordingly
- var usersGrid = $('#users-table').data('gridInstance');
- var selectedIndices = usersGrid.getSelectedRows();
-
- if ($.isArray(selectedIndices) && selectedIndices.length > 0) {
- var usersData = usersGrid.getData();
-
- var userIds = [];
- $.each(selectedIndices, function (_, index) {
- var user = usersData.getItem(index);
-
- // groups have comma separated id's
- userIds = userIds.concat(user['id'].split(','));
- });
-
- var groupNameField = $('#group-name');
- groupNameField.data('selected-user-ids', userIds);
-
- // show the dialog
- $('#user-group-dialog').modal('show');
-
- // set the focus
- groupNameField.focus();
- } else {
- nf.Dialog.showOkDialog({
- headerText: 'Group Users',
- dialogContent: 'Select one or more users to group.',
- overlayBackground: false
- });
- }
- };
-
- /**
- * Get the text out of the filter field. If the filter field doesn't
- * have any text it will contain the text 'filter list' so this method
- * accounts for that.
- */
- var getFilterText = function () {
- var filterText = '';
- var filterField = $('#users-filter');
- if (!filterField.hasClass(config.styles.filterList)) {
- filterText = filterField.val();
- }
- return filterText;
- };
-
- /**
- * Applies the filter found in the filter expression text field.
- */
- var applyFilter = function () {
- // get the dataview
- var usersGrid = $('#users-table').data('gridInstance');
-
- // ensure the grid has been initialized
- if (nf.Common.isDefinedAndNotNull(usersGrid)) {
- var usersData = usersGrid.getData();
-
- // update the search criteria
- usersData.setFilterArgs({
- searchString: getFilterText(),
- property: $('#users-filter-type').combo('getSelectedOption').value
- });
- usersData.refresh();
- }
- };
-
- /**
- * Performs the filtering.
- *
- * @param {object} item The item subject to filtering
- * @param {object} args Filter arguments
- * @returns {Boolean} Whether or not to include the item
- */
- var filter = function (item, args) {
- if (args.searchString === '') {
- return true;
- }
-
- try {
- // perform the row filtering
- var filterExp = new RegExp(args.searchString, 'i');
- } catch (e) {
- // invalid regex
- return false;
- }
-
- // handle searching appropriately
- if (args.property === 'authorities') {
- var roles = item[args.property];
-
- var found = false;
- for (var i = 0; i < roles.length; i++) {
- var role = roles[i];
- var roleName = role;
-
- // convert the role name accordingly
- if (role === 'ROLE_ADMIN') {
- roleName = 'Administrator';
- } else if (role === 'ROLE_DFM') {
- roleName = 'Data Flow Manager';
- } else if (role === 'ROLE_PROVENANCE') {
- roleName = 'Provenance';
- } else if (role === 'ROLE_MONITOR') {
- roleName = 'Read Only';
- } else if (role === 'ROLE_NIFI') {
- roleName = 'NiFi';
- } else if (role === 'ROLE_PROXY') {
- roleName = 'Proxy';
- }
-
- // see if the string was found
- if (roleName.search(filterExp) >= 0) {
- found = true;
- break;
- }
- }
-
- return found;
- } else {
- return item[args.property].search(filterExp) >= 0;
- }
- };
-
- /**
- * Shows details for the specified user.
- *
- * @param {object} user
- */
- var showUserDetails = function (user) {
- var grouped = $('#group-collaspe-checkbox').hasClass('checkbox-checked');
-
- // update the dialog fields
- $('#user-name-details-dialog').text(user.userName);
- $('#user-dn-details-dialog').text(user.dn);
-
- // handle fields that could vary for groups
- if (nf.Common.isDefinedAndNotNull(user.creation)) {
- $('#user-created-details-dialog').text(user.creation);
- } else if (grouped && nf.Common.isDefinedAndNotNull(user.userGroup)) {
- $('#user-created-details-dialog').html('<span class="unset">Multiple users with different creation timestamps.</span>');
- } else {
- $('#user-created-details-dialog').html('<span class="unset">No creation timestamp set</span>');
- }
-
- if (nf.Common.isDefinedAndNotNull(user.lastVerified)) {
- $('#user-verified-details-dialog').text(user.lastVerified);
- } else if (grouped && nf.Common.isDefinedAndNotNull(user.userGroup)) {
- $('#user-verified-details-dialog').html('<span class="unset">Multiple users with different last verified timestamps.</span>');
- } else {
- $('#user-verified-details-dialog').html('<span class="unset">No last verified timestamp set.</span>');
- }
-
- if (nf.Common.isDefinedAndNotNull(user.justification)) {
- $('#user-justification-details-dialog').text(user.justification);
- } else if (grouped && nf.Common.isDefinedAndNotNull(user.userGroup)) {
- $('#user-justification-details-dialog').html('<span class="unset">Multiple users with different justifications.</span>');
- } else {
- $('#user-justification-details-dialog').html('<span class="unset">No justification set.</span>');
- }
-
- // show the dialog
- $('#user-details-dialog').modal('show');
- };
-
- /**
- * Updates the specified groups level of access.
- *
- * @argument {object} item The user item
- */
- var updateGroupAccess = function (item) {
- // record the current group
- $('#group-name-roles-dialog').text(item.userGroup);
-
- // show the dialog
- $('#group-roles-dialog').modal('show');
- };
-
- /**
- * Disables the specified group's account.
- *
- * @argument {object} item The user item
- */
- var revokeGroupAccess = function (item) {
- // record the current group
- $('#group-name-revoke-dialog').text(item.userGroup);
-
- // show the dialog
- $('#group-revoke-dialog').modal('show');
- };
-
- /**
- * Ungroups the specified group.
- *
- * @argument {object} item The user item
- */
- var ungroup = function (item) {
- // prompt for ungroup
- nf.Dialog.showYesNoDialog({
- dialogContent: 'Remove all users from group \'' + nf.Common.escapeHtml(item.userGroup) + '\'?',
- overlayBackground: false,
- yesHandler: function () {
- $.ajax({
- type: 'DELETE',
- url: config.urls.userGroups + '/' + encodeURIComponent(item.userGroup),
- dataType: 'json'
- }).done(function (response) {
- nf.UsersTable.loadUsersTable();
- }).fail(nf.Common.handleAjaxError);
- }
- });
- };
-
- /**
- * Updates the specified users's level of access.
- *
- * @argument {object} item The user item
- */
- var updateUserAccess = function (item) {
- // populate the user info
- $('#user-id-roles-dialog').val(item.id);
- $('#user-name-roles-dialog').attr('title', item.dn).text(item.userName);
- $('#user-justification-roles-dialog').html(nf.Common.formatValue(item.justification));
-
- // function for checking a checkbox
- var check = function (domId) {
- $('#' + domId).removeClass('checkbox-unchecked').addClass('checkbox-checked');
- };
-
- // go through each user role
- $.each(item.authorities, function (i, authority) {
- if (authority === 'ROLE_ADMIN') {
- check('role-admin-checkbox');
- } else if (authority === 'ROLE_DFM') {
- check('role-dfm-checkbox');
- } else if (authority === 'ROLE_PROVENANCE') {
- check('role-provenance-checkbox');
- } else if (authority === 'ROLE_MONITOR') {
- check('role-monitor-checkbox');
- } else if (authority === 'ROLE_NIFI') {
- check('role-nifi-checkbox');
- } else if (authority === 'ROLE_PROXY') {
- check('role-proxy-checkbox');
- }
- });
-
- // show the dialog
- $('#user-roles-dialog').modal('show');
- };
-
- /**
- * Disables the specified user's account.
- *
- * @argument {object} item The user item
- */
- var revokeUserAccess = function (item) {
- // populate the users info
- $('#user-id-revoke-dialog').val(item.id);
- $('#user-name-revoke-dialog').text(item.userName);
-
- // show the dialog
- $('#user-revoke-dialog').modal('show');
- };
-
- /**
- * Prompts to verify group removal.
- *
- * @argument {object} item The user item
- */
- var ungroupUser = function (item) {
- // prompt for ungroup
- nf.Dialog.showYesNoDialog({
- dialogContent: 'Remove user \'' + nf.Common.escapeHtml(item.userName) + '\' from group \'' + nf.Common.escapeHtml(item.userGroup) + '\'?',
- overlayBackground: false,
- yesHandler: function () {
- $.ajax({
- type: 'DELETE',
- url: config.urls.userGroups + '/' + encodeURIComponent(item.userGroup) + '/users/' + encodeURIComponent(item.id),
- dataType: 'json'
- }).done(function (response) {
- nf.UsersTable.loadUsersTable();
- }).fail(nf.Common.handleAjaxError);
- }
- });
- };
-
- /**
- * Delete's the specified user's account.
- *
- * @argument {object} item The user item
- */
- var deleteUserAccount = function (item) {
- // populate the users info
- $('#user-id-delete-dialog').val(item.id);
- $('#user-name-delete-dialog').text(item.userName);
-
- // show the dialog
- $('#user-delete-dialog').modal('show');
- };
-
- return {
- init: function () {
- initUserDetailsDialog();
- initUserRolesDialog();
- initGroupRolesDialog();
- initUserRevokeDialog();
- initUserDeleteDialog();
- initUserGroupDialog();
- initGroupRevokeDialog();
- initUsersTable();
- },
-
- /**
- * Update the size of the grid based on its container's current size.
- */
- resetTableSize: function () {
- var grid = $('#users-table').data('gridInstance');
- if (nf.Common.isDefinedAndNotNull(grid)) {
- grid.resizeCanvas();
- }
- },
-
- /**
- * Load the processor status table.
- */
- loadUsersTable: function () {
- return $.ajax({
- type: 'GET',
- url: config.urls.users,
- data: {
- 'grouped': $('#group-collaspe-checkbox').hasClass('checkbox-checked')
- },
- dataType: 'json'
- }).done(function (response) {
- // ensure there are users
- if (nf.Common.isDefinedAndNotNull(response.users)) {
- var usersGrid = $('#users-table').data('gridInstance');
- var usersData = usersGrid.getData();
-
- // set the items
- usersData.setItems(response.users);
- usersData.reSort();
- usersGrid.invalidate();
-
- // clear the current selection
- usersGrid.getSelectionModel().setSelectedRows([]);
-
- // update the refresh timestamp
- $('#users-last-refreshed').text(response.generated);
-
- // update the total number of processors
- $('#total-users').text(response.users.length);
- } else {
- $('#total-users').text('0');
- }
- }).fail(nf.Common.handleAjaxError);
- }
- };
-}());
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users.js
deleted file mode 100644
index 9364aec..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/users/nf-users.js
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-$(document).ready(function () {
- // initialize the counters page
- nf.Users.init();
-});
-
-nf.Users = (function () {
-
- /**
- * Configuration object used to hold a number of configuration items.
- */
- var config = {
- urls: {
- banners: '../nifi-api/controller/banners',
- controllerAbout: '../nifi-api/controller/about',
- authorities: '../nifi-api/controller/authorities'
- }
- };
-
- /**
- * Loads the current users authorities.
- */
- var loadAuthorities = function () {
- return $.Deferred(function (deferred) {
- $.ajax({
- type: 'GET',
- url: config.urls.authorities,
- dataType: 'json'
- }).done(function (response) {
- if (nf.Common.isDefinedAndNotNull(response.authorities)) {
- // record the users authorities
- nf.Common.setAuthorities(response.authorities);
- deferred.resolve(response);
- } else {
- deferred.reject();
- }
- }).fail(function (xhr, status, error) {
- nf.Common.handleAjaxError(xhr, status, error);
- deferred.reject();
- });
- }).promise();
- };
-
- var initializeUsersPage = function () {
- // define mouse over event for the refresh button
- nf.Common.addHoverEffect('#refresh-button', 'button-refresh', 'button-refresh-hover').click(function () {
- nf.UsersTable.loadUsersTable();
- });
-
- // get the banners if we're not in the shell
- return $.Deferred(function (deferred) {
- if (top === window) {
- $.ajax({
- type: 'GET',
- url: config.urls.banners,
- dataType: 'json'
- }).done(function (bannerResponse) {
- // ensure the banners response is specified
- if (nf.Common.isDefinedAndNotNull(bannerResponse.banners)) {
- if (nf.Common.isDefinedAndNotNull(bannerResponse.banners.headerText) && bannerResponse.banners.headerText !== '') {
- // update the header text
- var bannerHeader = $('#banner-header').text(bannerResponse.banners.headerText).show();
-
- // show the banner
- var updateTop = function (elementId) {
- var element = $('#' + elementId);
- element.css('top', (parseInt(bannerHeader.css('height'), 10) + parseInt(element.css('top'), 10)) + 'px');
- };
-
- // update the position of elements affected by top banners
- updateTop('users');
- }
-
- if (nf.Common.isDefinedAndNotNull(bannerResponse.banners.footerText) && bannerResponse.banners.footerText !== '') {
- // update the footer text and show it
- var bannerFooter = $('#banner-footer').text(bannerResponse.banners.footerText).show();
-
- var updateBottom = function (elementId) {
- var element = $('#' + elementId);
- element.css('bottom', parseInt(bannerFooter.css('height'), 10) + 'px');
- };
-
- // update the position of elements affected by bottom banners
- updateBottom('users');
- }
- }
-
- deferred.resolve();
- }).fail(function (xhr, status, error) {
- nf.Common.handleAjaxError(xhr, status, error);
- deferred.reject();
- });
- } else {
- deferred.resolve();
- }
- });
- };
-
- return {
- /**
- * Initializes the counters page.
- */
- init: function () {
- nf.Storage.init();
-
- // load the users authorities
- loadAuthorities().done(function () {
- // create the counters table
- nf.UsersTable.init();
-
- // load the users table
- nf.UsersTable.loadUsersTable().done(function () {
- // finish initializing users page
- initializeUsersPage().done(function () {
- // configure the initial grid height
- nf.UsersTable.resetTableSize();
-
- // get the about details
- $.ajax({
- type: 'GET',
- url: config.urls.controllerAbout,
- dataType: 'json'
- }).done(function (response) {
- var aboutDetails = response.about;
- var countersTitle = aboutDetails.title + ' Users';
-
- // set the document title and the about title
- document.title = countersTitle;
- $('#users-header-text').text(countersTitle);
- }).fail(nf.Common.handleAjaxError);
- });
- });
- });
- }
- };
-}());
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/pom.xml
index 771a258..6e79f7b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/pom.xml
@@ -33,8 +33,6 @@
<module>nifi-framework-cluster-protocol</module>
<module>nifi-framework-cluster-web</module>
<module>nifi-framework-cluster</module>
- <module>nifi-file-authorization-provider</module>
- <module>nifi-cluster-authorization-provider</module>
<module>nifi-user-actions</module>
<module>nifi-framework-authorization</module>
<module>nifi-file-authorizer</module>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/pom.xml
index b4f1c55..9edf1f6 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/pom.xml
@@ -40,16 +40,6 @@
</dependency>
<dependency>
<groupId>org.apache.nifi</groupId>
- <artifactId>nifi-file-authorization-provider</artifactId>
- <version>1.0.0-SNAPSHOT</version>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-cluster-authorization-provider</artifactId>
- <version>1.0.0-SNAPSHOT</version>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
<artifactId>nifi-framework-cluster</artifactId>
<version>1.0.0-SNAPSHOT</version>
</dependency>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java b/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java
index d0636c5..f985602 100644
--- a/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java
+++ b/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java
@@ -24,8 +24,8 @@ import org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
import org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderDestructionException;
import org.apache.nifi.util.FormatUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
index ce626d1..3557383 100644
--- a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
+++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
@@ -24,8 +24,8 @@ import org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
import org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderDestructionException;
import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
import org.apache.nifi.util.FormatUtils;
[18/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/xsd/authority-providers.xsd
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/xsd/authority-providers.xsd b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/xsd/authority-providers.xsd
deleted file mode 100644
index 1a5fe50..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/xsd/authority-providers.xsd
+++ /dev/null
@@ -1,49 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
- <!-- role -->
- <xs:complexType name="Provider">
- <xs:sequence>
- <xs:element name="identifier" type="AuthorityProviderNonEmptyStringType"/>
- <xs:element name="class" type="AuthorityProviderNonEmptyStringType"/>
- <xs:element name="property" type="AuthorityProviderProperty" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
- </xs:complexType>
-
- <!-- Name/Value properties-->
- <xs:complexType name="AuthorityProviderProperty">
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="name" type="AuthorityProviderNonEmptyStringType"></xs:attribute>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
-
- <xs:simpleType name="AuthorityProviderNonEmptyStringType">
- <xs:restriction base="xs:string">
- <xs:minLength value="1"/>
- </xs:restriction>
- </xs:simpleType>
-
- <!-- users -->
- <xs:element name="authorityProviders">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="provider" type="Provider" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-</xs:schema>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java
deleted file mode 100644
index 8d3c15a..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java
+++ /dev/null
@@ -1,433 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Date;
-import java.util.EnumSet;
-import java.util.Set;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountDisabledException;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AccountPendingException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.lang3.StringUtils;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.ArgumentCaptor;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-
-/**
- *
- */
-public class AuthorizeUserActionTest {
-
- private static final String USER_ID_6 = "6";
- private static final String USER_ID_7 = "7";
- private static final String USER_ID_8 = "8";
- private static final String USER_ID_9 = "9";
- private static final String USER_ID_10 = "10";
- private static final String USER_ID_11 = "11";
-
- private static final String USER_IDENTITY_1 = "authority access exception while searching for user";
- private static final String USER_IDENTITY_2 = "unknown user";
- private static final String USER_IDENTITY_3 = "user removed after checking existence";
- private static final String USER_IDENTITY_4 = "access exception getting authorities";
- private static final String USER_IDENTITY_5 = "error creating user account";
- private static final String USER_IDENTITY_6 = "create user general sequence";
- private static final String USER_IDENTITY_7 = "existing user requires verification";
- private static final String USER_IDENTITY_8 = "existing user does not require verification";
- private static final String USER_IDENTITY_9 = "existing pending user";
- private static final String USER_IDENTITY_10 = "existing disabled user";
- private static final String USER_IDENTITY_11 = "existing user is now unknown in the authority provider";
-
- private DAOFactory daoFactory;
- private UserDAO userDao;
- private AuthorityDAO authorityDao;
- private AuthorityProvider authorityProvider;
-
- @Before
- public void setup() throws Exception {
- // mock the user dao
- userDao = Mockito.mock(UserDAO.class);
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String id = (String) args[0];
-
- NiFiUser user = null;
- if (USER_ID_7.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_7);
- user.setIdentity(USER_IDENTITY_7);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- } else if (USER_ID_8.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_8);
- user.setIdentity(USER_IDENTITY_8);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setLastVerified(new Date());
- } else if (USER_ID_11.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_11);
- user.setIdentity(USER_IDENTITY_11);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setStatus(AccountStatus.ACTIVE);
- }
-
- return user;
- }
- }).when(userDao).findUserById(Mockito.anyString());
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
-
- NiFiUser user = null;
- switch (dn) {
- case USER_IDENTITY_7:
- user = new NiFiUser();
- user.setId(USER_ID_7);
- user.setIdentity(USER_IDENTITY_7);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- break;
- case USER_IDENTITY_8:
- user = new NiFiUser();
- user.setId(USER_ID_8);
- user.setIdentity(USER_IDENTITY_8);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setLastVerified(new Date());
- break;
- case USER_IDENTITY_9:
- user = new NiFiUser();
- user.setId(USER_ID_9);
- user.setIdentity(USER_IDENTITY_9);
- user.setStatus(AccountStatus.PENDING);
- break;
- case USER_IDENTITY_10:
- user = new NiFiUser();
- user.setId(USER_ID_10);
- user.setIdentity(USER_IDENTITY_10);
- user.setStatus(AccountStatus.DISABLED);
- break;
- case USER_IDENTITY_11:
- user = new NiFiUser();
- user.setId(USER_ID_11);
- user.setIdentity(USER_IDENTITY_11);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setStatus(AccountStatus.ACTIVE);
- break;
- }
-
- return user;
- }
- }).when(userDao).findUserByDn(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
- switch (user.getIdentity()) {
- case USER_IDENTITY_5:
- throw new DataAccessException();
- case USER_IDENTITY_6:
- user.setId(USER_ID_6);
- break;
- }
-
- // do nothing
- return null;
- }
- }).when(userDao).createUser(Mockito.any(NiFiUser.class));
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
-
- // do nothing
- return null;
- }
- }).when(userDao).updateUser(Mockito.any(NiFiUser.class));
-
- // mock the authority dao
- authorityDao = Mockito.mock(AuthorityDAO.class);
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- Set<Authority> authorities = (Set<Authority>) args[0];
- String id = (String) args[1];
-
- // do nothing
- return null;
- }
- }).when(authorityDao).createAuthorities(Mockito.anySetOf(Authority.class), Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- Set<Authority> authorities = (Set<Authority>) args[0];
- String id = (String) args[1];
-
- // do nothing
- return null;
- }
- }).when(authorityDao).deleteAuthorities(Mockito.anySetOf(Authority.class), Mockito.anyString());
-
- // mock the dao factory
- daoFactory = Mockito.mock(DAOFactory.class);
- Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao);
- Mockito.when(daoFactory.getAuthorityDAO()).thenReturn(authorityDao);
-
- // mock the authority provider
- authorityProvider = Mockito.mock(AuthorityProvider.class);
- Mockito.doAnswer(new Answer<Boolean>() {
- @Override
- public Boolean answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
- switch (dn) {
- case USER_IDENTITY_1:
- throw new AuthorityAccessException(StringUtils.EMPTY);
- case USER_IDENTITY_2:
- return false;
- }
-
- return true;
- }
- }).when(authorityProvider).doesDnExist(Mockito.anyString());
- Mockito.doAnswer(new Answer<Set<Authority>>() {
- @Override
- public Set<Authority> answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
- Set<Authority> authorities = EnumSet.noneOf(Authority.class);
- switch (dn) {
- case USER_IDENTITY_3:
- throw new UnknownIdentityException(StringUtils.EMPTY);
- case USER_IDENTITY_4:
- throw new AuthorityAccessException(StringUtils.EMPTY);
- case USER_IDENTITY_6:
- authorities.add(Authority.ROLE_MONITOR);
- break;
- case USER_IDENTITY_7:
- authorities.add(Authority.ROLE_DFM);
- break;
- case USER_IDENTITY_9:
- throw new UnknownIdentityException(StringUtils.EMPTY);
- case USER_IDENTITY_10:
- throw new UnknownIdentityException(StringUtils.EMPTY);
- case USER_IDENTITY_11:
- throw new UnknownIdentityException(StringUtils.EMPTY);
- }
-
- return authorities;
- }
- }).when(authorityProvider).getAuthorities(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
- Set<Authority> authorites = (Set<Authority>) args[1];
-
- // do nothing
- return null;
- }
- }).when(authorityProvider).setAuthorities(Mockito.anyString(), Mockito.anySet());
- }
-
- /**
- * Tests AuthorityAccessException in doesDnExist.
- *
- * @throws Exception ex
- */
- @Test(expected = AdministrationException.class)
- public void testAuthorityAccessExceptionInDoesDnExist() throws Exception {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_1, 0);
- authorizeUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Test unknown user in the authority provider.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountNotFoundException.class)
- public void testUnknownUser() throws Exception {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_2, 0);
- authorizeUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Test a user thats been removed after checking their existence.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountNotFoundException.class)
- public void testUserRemovedAfterCheckingExistence() throws Exception {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_3, 0);
- authorizeUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Testing AuthorityAccessException when getting authorities.
- *
- * @throws Exception ex
- */
- @Test(expected = AdministrationException.class)
- public void testAuthorityAccessException() throws Exception {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_4, 0);
- authorizeUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Testing DataAccessException while creating user accounts.
- *
- * @throws Exception ex
- */
- @Test(expected = DataAccessException.class)
- public void testErrorCreatingUserAccount() throws Exception {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_5, 0);
- authorizeUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Tests the general case when a user account is created.
- *
- * @throws Exception ex
- */
- @Test
- public void testAccountCreation() throws Exception {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_6, 0);
- NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider);
-
- // verify the user
- Assert.assertEquals(USER_IDENTITY_6, user.getIdentity());
- Assert.assertEquals(1, user.getAuthorities().size());
- Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_MONITOR));
-
- // verify interaction with dao and provider
- Mockito.verify(userDao, Mockito.times(1)).createUser(user);
- }
-
- /**
- * Tests the general case when there is an existing user account that
- * requires verification.
- *
- * @throws Exception ex
- */
- @Test
- public void testExistingUserRequiresVerification() throws Exception {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_7, 0);
- NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider);
-
- // verify the user
- Assert.assertEquals(USER_IDENTITY_7, user.getIdentity());
- Assert.assertEquals(1, user.getAuthorities().size());
- Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_DFM));
-
- // verify interaction with dao and provider
- Mockito.verify(userDao, Mockito.times(1)).updateUser(user);
- Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(EnumSet.of(Authority.ROLE_DFM), USER_ID_7);
- }
-
- /**
- * Tests the general case when there is an existing user account that does
- * not require verification.
- *
- * @throws Exception ex
- */
- @Test
- public void testExistingUserNoVerification() throws Exception {
- // disabling verification by passing in a large cache duration
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_8, Integer.MAX_VALUE);
- NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider);
-
- // verify the user
- Assert.assertEquals(USER_IDENTITY_8, user.getIdentity());
- Assert.assertEquals(1, user.getAuthorities().size());
- Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_MONITOR));
-
- // verify interaction with dao and provider
- Mockito.verify(userDao, Mockito.times(1)).updateUser(user);
- Mockito.verify(authorityDao, Mockito.never()).createAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_8));
- Mockito.verify(authorityDao, Mockito.never()).deleteAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_8));
- }
-
- /**
- * Tests existing users whose accounts are in a pending status.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountPendingException.class)
- public void testExistingPendingUser() throws Exception {
- // disabling verification by passing in a large cache duration
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_9, Integer.MAX_VALUE);
- authorizeUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Tests existing users whose accounts are in a disabled status.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountDisabledException.class)
- public void testExistingDisabledUser() throws Exception {
- // disabling verification by passing in a large cache duration
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_10, Integer.MAX_VALUE);
- authorizeUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Tests the general case where there is an active user that has been
- * removed from the authority provider.
- *
- * @throws Exception ex
- */
- @Test
- public void testExistingActiveUserNotFoundInProvider() throws Exception {
- try {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_11, 0);
- authorizeUser.execute(daoFactory, authorityProvider);
-
- Assert.fail();
- } catch (AccountDisabledException ade) {
- ArgumentCaptor<NiFiUser> user = ArgumentCaptor.forClass(NiFiUser.class);
-
- // verify interaction with dao
- Mockito.verify(userDao, Mockito.times(1)).updateUser(user.capture());
-
- // verify user
- Assert.assertEquals(AccountStatus.DISABLED, user.getValue().getStatus());
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java
deleted file mode 100644
index e372781..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.EnumSet;
-import java.util.Set;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.lang3.StringUtils;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-
-/**
- * Test cases for creating a user.
- */
-public class CreateUserActionTest {
-
- private final String USER_ID_2 = "2";
- private final String USER_ID_3 = "3";
-
- private final String USER_IDENTITY_1 = "data access exception when creating user";
- private final String USER_IDENTITY_3 = "general create user case";
-
- private DAOFactory daoFactory;
- private UserDAO userDao;
- private AuthorityDAO authorityDao;
-
- @Before
- public void setup() throws Exception {
- // mock the user dao
- userDao = Mockito.mock(UserDAO.class);
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
-
- if (USER_IDENTITY_1.equals(user.getIdentity())) {
- throw new DataAccessException();
- } else if (USER_IDENTITY_3.equals(user.getIdentity())) {
- user.setId(USER_ID_3);
- }
-
- // do nothing
- return null;
- }
- }).when(userDao).createUser(Mockito.any(NiFiUser.class));
-
- // mock the authority dao
- authorityDao = Mockito.mock(AuthorityDAO.class);
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- Set<Authority> authorities = (Set<Authority>) args[0];
- String id = (String) args[1];
-
- if (USER_ID_2.equals(id)) {
- throw new DataAccessException(StringUtils.EMPTY);
- }
-
- // do nothing
- return null;
- }
- }).when(authorityDao).createAuthorities(Mockito.anySetOf(Authority.class), Mockito.anyString());
-
- // mock the dao factory
- daoFactory = Mockito.mock(DAOFactory.class);
- Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao);
- Mockito.when(daoFactory.getAuthorityDAO()).thenReturn(authorityDao);
- }
-
- /**
- * Tests DataAccessExceptions that occur while creating user accounts.
- *
- * @throws Exception ex
- */
- @Test(expected = DataAccessException.class)
- public void testExceptionCreatingUser() throws Exception {
- NiFiUser user = new NiFiUser();
- user.setIdentity(USER_IDENTITY_1);
-
- CreateUserAction createUser = new CreateUserAction(user);
- createUser.execute(daoFactory, null);
- }
-
- /**
- * Tests DataAccessExceptions that occur while create user authorities.
- *
- * @throws Exception ex
- */
- @Test(expected = DataAccessException.class)
- public void testExceptionCreatingAuthoroties() throws Exception {
- NiFiUser user = new NiFiUser();
- user.setId(USER_ID_2);
-
- CreateUserAction createUser = new CreateUserAction(user);
- createUser.execute(daoFactory, null);
- }
-
- /**
- * General case for creating a user.
- *
- * @throws Exception ex
- */
- @Test
- public void testCreateUserAccount() throws Exception {
- NiFiUser user = new NiFiUser();
- user.setIdentity(USER_IDENTITY_3);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_DFM, Authority.ROLE_ADMIN));
-
- CreateUserAction createUser = new CreateUserAction(user);
- createUser.execute(daoFactory, null);
-
- // verify the user
- Assert.assertEquals(USER_ID_3, user.getId());
-
- // verify interaction with dao
- Mockito.verify(userDao, Mockito.times(1)).createUser(user);
- Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(user.getAuthorities(), USER_ID_3);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java
deleted file mode 100644
index b5f0a7f..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.admin.dao.KeyDAO;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Matchers;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-
-public class DisableUserActionTest {
-
- private static final String USER_ID_1 = "1";
- private static final String USER_ID_2 = "2";
- private static final String USER_ID_3 = "3";
- private static final String USER_ID_4 = "4";
-
- private static final String USER_IDENTITY_3 = "authority access exception";
- private static final String USER_IDENTITY_4 = "general disable user case";
-
- private DAOFactory daoFactory;
- private UserDAO userDao;
- private KeyDAO keyDao;
- private AuthorityProvider authorityProvider;
-
- @Before
- public void setup() throws Exception {
- // mock the user dao
- userDao = Mockito.mock(UserDAO.class);
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String id = (String) args[0];
-
- NiFiUser user = null;
- if (USER_ID_1.equals(id)) {
- // leave user uninitialized
- } else if (USER_ID_2.equals(id)) {
- user = new NiFiUser();
- user.setId(id);
- } else if (USER_ID_3.equals(id)) {
- user = new NiFiUser();
- user.setId(id);
- user.setIdentity(USER_IDENTITY_3);
- } else if (USER_ID_4.equals(id)) {
- user = new NiFiUser();
- user.setId(id);
- user.setIdentity(USER_IDENTITY_4);
- user.setStatus(AccountStatus.ACTIVE);
- }
- return user;
- }
- }).when(userDao).findUserById(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
-
- if (USER_ID_2.equals(user.getId())) {
- throw new DataAccessException(StringUtils.EMPTY);
- }
-
- // do nothing
- return null;
- }
- }).when(userDao).updateUser(Mockito.any(NiFiUser.class));
-
- // mock the dao factory
- keyDao = Mockito.mock(KeyDAO.class);
- Mockito.doNothing().when(keyDao).deleteKeys(Matchers.anyString());
-
- // mock the dao factory
- daoFactory = Mockito.mock(DAOFactory.class);
- Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao);
- Mockito.when(daoFactory.getKeyDAO()).thenReturn(keyDao);
-
- // mock the authority provider
- authorityProvider = Mockito.mock(AuthorityProvider.class);
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
-
- if (USER_IDENTITY_3.equals(dn)) {
- throw new AuthorityAccessException(StringUtils.EMPTY);
- }
-
- // do nothing
- return null;
- }
- }).when(authorityProvider).revokeUser(Mockito.anyString());
- }
-
- /**
- * Tests the case when the user account is unknown.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountNotFoundException.class)
- public void testUnknownUserAccount() throws Exception {
- DisableUserAction disableUser = new DisableUserAction(USER_ID_1);
- disableUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Tests the case when a DataAccessException is thrown by the userDao.
- *
- * @throws Exception ex
- */
- @Test(expected = DataAccessException.class)
- public void testDataAccessExceptionInUserDao() throws Exception {
- DisableUserAction disableUser = new DisableUserAction(USER_ID_2);
- disableUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Tests the case when a AuthorityAccessException is thrown by the provider.
- *
- * @throws Exception ex
- */
- @Test(expected = AdministrationException.class)
- public void testAuthorityAccessExceptionInProvider() throws Exception {
- DisableUserAction disableUser = new DisableUserAction(USER_ID_3);
- disableUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Tests the general case when the user is disabled.
- *
- * @throws Exception ex
- */
- @Test
- public void testDisableUser() throws Exception {
- DisableUserAction disableUser = new DisableUserAction(USER_ID_4);
- NiFiUser user = disableUser.execute(daoFactory, authorityProvider);
-
- // verify the user
- Assert.assertEquals(USER_ID_4, user.getId());
- Assert.assertEquals(USER_IDENTITY_4, user.getIdentity());
- Assert.assertEquals(AccountStatus.DISABLED, user.getStatus());
-
- // verify the interaction with the dao and provider
- Mockito.verify(userDao, Mockito.times(1)).updateUser(user);
- Mockito.verify(authorityProvider, Mockito.times(1)).revokeUser(USER_IDENTITY_4);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/InvalidateUserAccountActionTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/InvalidateUserAccountActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/InvalidateUserAccountActionTest.java
deleted file mode 100644
index cffd280..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/InvalidateUserAccountActionTest.java
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Date;
-import org.junit.Assert;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.lang3.StringUtils;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.ArgumentCaptor;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-
-/**
- * Test case for InvalidateUserAccountAction.
- */
-public class InvalidateUserAccountActionTest {
-
- private static final String USER_ID_1 = "1";
- private static final String USER_ID_2 = "2";
- private static final String USER_ID_3 = "3";
-
- private DAOFactory daoFactory;
- private UserDAO userDao;
-
- @Before
- public void setup() throws Exception {
- // mock the user dao
- userDao = Mockito.mock(UserDAO.class);
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String id = (String) args[0];
-
- NiFiUser user = null;
- if (USER_ID_1.equals(id)) {
- // leave uninitialized
- } else if (USER_ID_2.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_2);
- } else if (USER_ID_3.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_3);
- user.setLastVerified(new Date());
- }
- return user;
- }
- }).when(userDao).findUserById(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
-
- if (USER_ID_2.equals(user.getId())) {
- throw new DataAccessException(StringUtils.EMPTY);
- }
-
- // do nothing
- return null;
- }
- }).when(userDao).updateUser(Mockito.any(NiFiUser.class));
-
- // mock the dao factory
- daoFactory = Mockito.mock(DAOFactory.class);
- Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao);
- }
-
- @Test(expected = AccountNotFoundException.class)
- public void testAccountNotFoundException() throws Exception {
- InvalidateUserAccountAction invalidateUserAccount = new InvalidateUserAccountAction(USER_ID_1);
- invalidateUserAccount.execute(daoFactory, null);
- }
-
- /**
- * Tests when a data access exception occurs when updating the user record.
- *
- * @throws Exception ex
- */
- @Test(expected = DataAccessException.class)
- public void testDataAccessException() throws Exception {
- InvalidateUserAccountAction invalidateUserAccount = new InvalidateUserAccountAction(USER_ID_2);
- invalidateUserAccount.execute(daoFactory, null);
- }
-
- /**
- * Tests the general case of invalidating a user.
- *
- * @throws Exception ex
- */
- @Test
- public void testInvalidateUser() throws Exception {
- InvalidateUserAccountAction invalidateUserAccount = new InvalidateUserAccountAction(USER_ID_3);
- invalidateUserAccount.execute(daoFactory, null);
-
- // verify the interaction with the dao
- ArgumentCaptor<NiFiUser> userCaptor = ArgumentCaptor.forClass(NiFiUser.class);
- Mockito.verify(userDao, Mockito.times(1)).updateUser(userCaptor.capture());
-
- // verify the user
- NiFiUser user = userCaptor.getValue();
- Assert.assertEquals(USER_ID_3, user.getId());
- Assert.assertNull(user.getLastVerified());
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java
deleted file mode 100644
index 7bc863b..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.lang3.StringUtils;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-
-/**
- * Test case for RequestUserAccountAction.
- */
-public class RequestUserAccountActionTest {
-
- private static final String USER_ID_3 = "3";
-
- private static final String USER_IDENTITY_1 = "existing user account";
- private static final String USER_IDENTITY_2 = "data access exception";
- private static final String USER_IDENTITY_3 = "new account request";
-
- private DAOFactory daoFactory;
- private UserDAO userDao;
-
- @Before
- public void setup() throws Exception {
- // mock the user dao
- userDao = Mockito.mock(UserDAO.class);
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
-
- NiFiUser user = null;
- if (USER_IDENTITY_1.equals(dn)) {
- user = new NiFiUser();
- }
- return user;
- }
- }).when(userDao).findUserByDn(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
- switch (user.getIdentity()) {
- case USER_IDENTITY_2:
- throw new DataAccessException();
- case USER_IDENTITY_3:
- user.setId(USER_ID_3);
- break;
- }
-
- // do nothing
- return null;
- }
- }).when(userDao).createUser(Mockito.any(NiFiUser.class));
-
- // mock the dao factory
- daoFactory = Mockito.mock(DAOFactory.class);
- Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao);
- }
-
- /**
- * Tests when a user account already exists.
- *
- * @throws Exception ex
- */
- @Test(expected = IllegalArgumentException.class)
- public void testExistingAccount() throws Exception {
- RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_1, StringUtils.EMPTY);
- requestUserAccount.execute(daoFactory, null);
- }
-
- /**
- * Tests when a DataAccessException occurs while saving the new account
- * request.
- *
- * @throws Exception ex
- */
- @Test(expected = DataAccessException.class)
- public void testDataAccessException() throws Exception {
- RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_2, StringUtils.EMPTY);
- requestUserAccount.execute(daoFactory, null);
- }
-
- /**
- * Tests the general case for requesting a new user account.
- *
- * @throws Exception ex
- */
- @Test
- public void testRequestUserAccountAction() throws Exception {
- RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_3, StringUtils.EMPTY);
- NiFiUser user = requestUserAccount.execute(daoFactory, null);
-
- // verfiy the user
- Assert.assertEquals(USER_ID_3, user.getId());
- Assert.assertEquals(USER_IDENTITY_3, user.getIdentity());
- Assert.assertEquals(AccountStatus.PENDING, user.getStatus());
-
- // verify interaction with dao
- Mockito.verify(userDao, Mockito.times(1)).createUser(user);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java
deleted file mode 100644
index 58db56a..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java
+++ /dev/null
@@ -1,262 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.EnumSet;
-import java.util.HashSet;
-import java.util.Set;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.hamcrest.Matcher;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.ArgumentMatcher;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-
-/**
- *
- */
-public class SeedUserAccountsActionTest {
-
- private static final String USER_ID_1 = "1";
- private static final String USER_ID_2 = "2";
- private static final String USER_ID_3 = "3";
- private static final String USER_ID_4 = "4";
-
- private static final String USER_IDENTITY_1 = "user 1 - active user - remove monitor and operator, add dfm";
- private static final String USER_IDENTITY_2 = "user 2 - active user - no action";
- private static final String USER_IDENTITY_3 = "user 3 - pending user - add operator";
- private static final String USER_IDENTITY_4 = "user 4 - new user - add monitor";
-
- private DAOFactory daoFactory;
- private UserDAO userDao;
- private AuthorityDAO authorityDao;
- private AuthorityProvider authorityProvider;
-
- @Before
- public void setup() throws Exception {
- // mock the user dao
- userDao = Mockito.mock(UserDAO.class);
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String id = (String) args[0];
-
- NiFiUser user = null;
- if (USER_ID_1.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_1);
- user.setIdentity(USER_IDENTITY_1);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setStatus(AccountStatus.ACTIVE);
- } else if (USER_ID_2.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_2);
- user.setIdentity(USER_IDENTITY_2);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_ADMIN));
- user.setStatus(AccountStatus.ACTIVE);
- } else if (USER_ID_3.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_3);
- user.setIdentity(USER_IDENTITY_3);
- user.setStatus(AccountStatus.PENDING);
- }
- return user;
- }
- }).when(userDao).findUserById(Mockito.anyString());
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
-
- NiFiUser user = null;
- if (USER_IDENTITY_1.equals(dn)) {
- user = new NiFiUser();
- user.setId(USER_ID_1);
- user.setIdentity(USER_IDENTITY_1);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setStatus(AccountStatus.ACTIVE);
- } else if (USER_IDENTITY_2.equals(dn)) {
- user = new NiFiUser();
- user.setId(USER_ID_2);
- user.setIdentity(USER_IDENTITY_2);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_ADMIN));
- user.setStatus(AccountStatus.ACTIVE);
- } else if (USER_IDENTITY_3.equals(dn)) {
- user = new NiFiUser();
- user.setId(USER_ID_3);
- user.setIdentity(USER_IDENTITY_3);
- user.setStatus(AccountStatus.PENDING);
- }
- return user;
- }
- }).when(userDao).findUserByDn(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
-
- if (USER_IDENTITY_4.equals(user.getIdentity())) {
- user.setId(USER_ID_4);
- }
-
- return null;
- }
- }).when(userDao).createUser(Mockito.any(NiFiUser.class));
-
- // mock the authority dao
- authorityDao = Mockito.mock(AuthorityDAO.class);
-
- // mock the authority provider
- authorityProvider = Mockito.mock(AuthorityProvider.class);
- Mockito.doAnswer(new Answer<Set<String>>() {
- @Override
- public Set<String> answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- Authority role = (Authority) args[0];
-
- Set<String> users = new HashSet<>();
- if (Authority.ROLE_DFM.equals(role)) {
- users.add(USER_IDENTITY_1);
- } else if (Authority.ROLE_ADMIN.equals(role)) {
- users.add(USER_IDENTITY_2);
- } else if (Authority.ROLE_PROXY.equals(role)) {
- users.add(USER_IDENTITY_3);
- } else if (Authority.ROLE_MONITOR.equals(role)) {
- users.add(USER_IDENTITY_4);
- }
- return users;
- }
- }).when(authorityProvider).getUsers(Mockito.any(Authority.class));
- Mockito.doAnswer(new Answer<Set<Authority>>() {
- @Override
- public Set<Authority> answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
-
- Set<Authority> authorities = EnumSet.noneOf(Authority.class);
- switch (dn) {
- case USER_IDENTITY_1:
- authorities.add(Authority.ROLE_DFM);
- break;
- case USER_IDENTITY_2:
- authorities.add(Authority.ROLE_ADMIN);
- break;
- case USER_IDENTITY_3:
- authorities.add(Authority.ROLE_PROXY);
- break;
- case USER_IDENTITY_4:
- authorities.add(Authority.ROLE_MONITOR);
- break;
- }
- return authorities;
- }
- }).when(authorityProvider).getAuthorities(Mockito.anyString());
-
- // mock the dao factory
- daoFactory = Mockito.mock(DAOFactory.class);
- Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao);
- Mockito.when(daoFactory.getAuthorityDAO()).thenReturn(authorityDao);
- }
-
- /**
- * Tests seeding the user accounts.
- *
- * @throws Exception ex
- */
- @Test
- public void testSeedUsers() throws Exception {
- SeedUserAccountsAction seedUserAccounts = new SeedUserAccountsAction();
- seedUserAccounts.execute(daoFactory, authorityProvider);
-
- // matcher for user 1
- Matcher<NiFiUser> matchesUser1 = new ArgumentMatcher<NiFiUser>() {
- @Override
- public boolean matches(Object argument) {
- NiFiUser user = (NiFiUser) argument;
- return USER_ID_1.equals(user.getId());
- }
- };
-
- // verify user 1 - active existing user - remove monitor, operator, add dfm
- Mockito.verify(userDao, Mockito.times(1)).updateUser(Mockito.argThat(matchesUser1));
- Mockito.verify(userDao, Mockito.never()).createUser(Mockito.argThat(matchesUser1));
- Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(EnumSet.of(Authority.ROLE_DFM), USER_ID_1);
-
- // matcher for user 2
- Matcher<NiFiUser> matchesUser2 = new ArgumentMatcher<NiFiUser>() {
- @Override
- public boolean matches(Object argument) {
- NiFiUser user = (NiFiUser) argument;
- return USER_ID_2.equals(user.getId());
- }
- };
-
- // verify user 2 - active existing user - no actions
- Mockito.verify(userDao, Mockito.times(1)).updateUser(Mockito.argThat(matchesUser2));
- Mockito.verify(userDao, Mockito.never()).createUser(Mockito.argThat(matchesUser2));
- Mockito.verify(authorityDao, Mockito.never()).createAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_2));
- Mockito.verify(authorityDao, Mockito.never()).deleteAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_2));
-
- // matchers for user 3
- Matcher<NiFiUser> matchesPendingUser3 = new ArgumentMatcher<NiFiUser>() {
- @Override
- public boolean matches(Object argument) {
- NiFiUser user = (NiFiUser) argument;
- return USER_ID_3.equals(user.getId()) && AccountStatus.ACTIVE.equals(user.getStatus());
- }
- };
- Matcher<NiFiUser> matchesUser3 = new ArgumentMatcher<NiFiUser>() {
- @Override
- public boolean matches(Object argument) {
- NiFiUser user = (NiFiUser) argument;
- return USER_ID_3.equals(user.getId());
- }
- };
-
- // verify user 3 - pending user - add operator
- Mockito.verify(userDao, Mockito.times(1)).updateUser(Mockito.argThat(matchesPendingUser3));
- Mockito.verify(userDao, Mockito.never()).createUser(Mockito.argThat(matchesUser3));
- Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(EnumSet.of(Authority.ROLE_PROXY), USER_ID_3);
- Mockito.verify(authorityDao, Mockito.never()).deleteAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_3));
-
- // matcher for user 4
- Matcher<NiFiUser> matchesUser4 = new ArgumentMatcher<NiFiUser>() {
- @Override
- public boolean matches(Object argument) {
- NiFiUser user = (NiFiUser) argument;
- return USER_ID_4.equals(user.getId());
- }
- };
-
- // verify user 4 - new user - add monitor
- Mockito.verify(userDao, Mockito.never()).updateUser(Mockito.argThat(matchesUser4));
- Mockito.verify(userDao, Mockito.times(1)).createUser(Mockito.argThat(matchesUser4));
- Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(EnumSet.of(Authority.ROLE_MONITOR), USER_ID_4);
- Mockito.verify(authorityDao, Mockito.never()).deleteAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_4));
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java
deleted file mode 100644
index 5effdbb..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Collections;
-import java.util.EnumSet;
-import java.util.Set;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.lang3.StringUtils;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-
-/**
- * Test case for SetUserAuthoritiesAction.
- */
-public class SetUserAuthoritiesActionTest {
-
- private static final String USER_ID_1 = "1";
- private static final String USER_ID_2 = "2";
- private static final String USER_ID_3 = "3";
-
- private static final String USER_IDENTITY_2 = "user 2";
- private static final String USER_IDENTITY_3 = "user 3";
-
- private DAOFactory daoFactory;
- private UserDAO userDao;
- private AuthorityDAO authorityDao;
- private AuthorityProvider authorityProvider;
-
- @Before
- public void setup() throws Exception {
- // mock the user dao
- userDao = Mockito.mock(UserDAO.class);
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String id = (String) args[0];
-
- NiFiUser user = null;
- if (USER_ID_1.equals(id)) {
- // leave user uninitialized
- } else if (USER_ID_2.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_2);
- user.setIdentity(USER_IDENTITY_2);
- } else if (USER_ID_3.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_3);
- user.setIdentity(USER_IDENTITY_3);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setStatus(AccountStatus.ACTIVE);
- }
- return user;
- }
- }).when(userDao).findUserById(Mockito.anyString());
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
-
- NiFiUser user = null;
- if (USER_IDENTITY_3.equals(dn)) {
- user = new NiFiUser();
- user.setId(USER_ID_3);
- user.setIdentity(USER_IDENTITY_3);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setStatus(AccountStatus.ACTIVE);
- }
- return user;
- }
- }).when(userDao).findUserByDn(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
-
- // do nothing
- return null;
- }
- }).when(userDao).updateUser(Mockito.any(NiFiUser.class));
-
- // mock the authority dao
- authorityDao = Mockito.mock(AuthorityDAO.class);
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- Set<Authority> authorities = (Set<Authority>) args[0];
- String id = (String) args[1];
-
- // do nothing
- return null;
- }
- }).when(authorityDao).createAuthorities(Mockito.anySetOf(Authority.class), Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- Set<Authority> authorities = (Set<Authority>) args[0];
- String id = (String) args[1];
-
- // do nothing
- return null;
- }
- }).when(authorityDao).deleteAuthorities(Mockito.anySetOf(Authority.class), Mockito.anyString());
-
- // mock the dao factory
- daoFactory = Mockito.mock(DAOFactory.class);
- Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao);
- Mockito.when(daoFactory.getAuthorityDAO()).thenReturn(authorityDao);
-
- // mock the authority provider
- authorityProvider = Mockito.mock(AuthorityProvider.class);
- Mockito.doAnswer(new Answer<Set<Authority>>() {
- @Override
- public Set<Authority> answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
-
- Set<Authority> authorities = EnumSet.noneOf(Authority.class);
- if (USER_IDENTITY_3.equals(dn)) {
- authorities.add(Authority.ROLE_DFM);
- }
-
- return authorities;
- }
- }).when(authorityProvider).getAuthorities(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
- Set<Authority> authorites = (Set<Authority>) args[1];
-
- if (USER_IDENTITY_2.equals(dn)) {
- throw new AuthorityAccessException(StringUtils.EMPTY);
- }
-
- // do nothing
- return null;
- }
- }).when(authorityProvider).setAuthorities(Mockito.anyString(), Mockito.anySet());
- }
-
- /**
- * Test activating an unknown user account. User accounts are unknown then
- * there is no pending account for the user.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountNotFoundException.class)
- public void testUnknownUser() throws Exception {
- UpdateUserAction setUserAuthorities = new UpdateUserAction(USER_ID_1, Collections.EMPTY_SET);
- setUserAuthorities.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Testing case then an AuthorityAccessException occurs while setting a
- * users authorities.
- *
- * @throws Exception ex
- */
- @Test(expected = AdministrationException.class)
- public void testAuthorityAccessException() throws Exception {
- UpdateUserAction setUserAuthorities = new UpdateUserAction(USER_ID_2, Collections.EMPTY_SET);
- setUserAuthorities.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Tests general case of setting user authorities.
- *
- * @throws Exception ex
- */
- @Test
- public void testSetAuthorities() throws Exception {
- UpdateUserAction setUserAuthorities = new UpdateUserAction(USER_ID_3, EnumSet.of(Authority.ROLE_ADMIN));
- NiFiUser user = setUserAuthorities.execute(daoFactory, authorityProvider);
-
- // verify user
- Assert.assertEquals(USER_ID_3, user.getId());
- Assert.assertEquals(1, user.getAuthorities().size());
- Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_ADMIN));
-
- // verify interaction with dao
- Mockito.verify(userDao, Mockito.times(1)).updateUser(user);
- Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(EnumSet.of(Authority.ROLE_ADMIN), USER_ID_3);
-
- Set<Authority> authoritiesAddedToProvider = EnumSet.of(Authority.ROLE_ADMIN);
-
- // verify interaction with provider
- Mockito.verify(authorityProvider, Mockito.times(1)).setAuthorities(USER_IDENTITY_3, authoritiesAddedToProvider);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/RevisionDTO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/RevisionDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/RevisionDTO.java
index c8ef843..200c954 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/RevisionDTO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/RevisionDTO.java
@@ -18,6 +18,7 @@ package org.apache.nifi.web.api.dto;
import com.wordnik.swagger.annotations.ApiModelProperty;
import javax.xml.bind.annotation.XmlType;
+import java.util.UUID;
/**
* Current revision for this NiFi.
@@ -41,6 +42,9 @@ public class RevisionDTO {
+ "nature of requests/responses this was implemented to allow the client to make numerous requests without having to wait for the previous response to come back"
)
public String getClientId() {
+ if (clientId == null || clientId.trim().isEmpty()) {
+ clientId = UUID.randomUUID().toString();
+ }
return clientId;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/status/ControllerStatusDTO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/status/ControllerStatusDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/status/ControllerStatusDTO.java
index 03e2124..cec51e5 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/status/ControllerStatusDTO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/status/ControllerStatusDTO.java
@@ -38,8 +38,6 @@ public class ControllerStatusDTO implements Cloneable {
private Integer connectedNodeCount = 0;
private Integer totalNodeCount = 0;
- private Boolean hasPendingAccounts;
-
private Integer runningCount = 0;
private Integer stoppedCount = 0;
private Integer invalidCount = 0;
@@ -127,18 +125,6 @@ public class ControllerStatusDTO implements Cloneable {
}
/**
- * @return whether or not there are pending user requests
- */
- @ApiModelProperty("Whether there are any pending user account requests.")
- public Boolean getHasPendingAccounts() {
- return hasPendingAccounts;
- }
-
- public void setHasPendingAccounts(Boolean hasPendingAccounts) {
- this.hasPendingAccounts = hasPendingAccounts;
- }
-
- /**
* @return number of running components in this controller
*/
@ApiModelProperty("The number of running components in the NiFi.")
@@ -256,7 +242,6 @@ public class ControllerStatusDTO implements Cloneable {
other.setConnectedNodes(getConnectedNodes());
other.setConnectedNodeCount(getConnectedNodeCount());
other.setTotalNodeCount(getTotalNodeCount());
- other.setHasPendingAccounts(getHasPendingAccounts());
other.setRunningCount(getRunningCount());
other.setStoppedCount(getStoppedCount());
other.setInvalidCount(getInvalidCount());
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/Entity.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/Entity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/Entity.java
index ad3a7de..13c7a70 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/Entity.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/Entity.java
@@ -35,7 +35,11 @@ public class Entity {
value = "The revision for this request/response. The revision is required for any mutable flow requests and is included in all responses."
)
public RevisionDTO getRevision() {
- return revision;
+ if (revision == null) {
+ return new RevisionDTO();
+ } else {
+ return revision;
+ }
}
public void setRevision(RevisionDTO revision) {
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UpdateControllerServiceReferenceRequestEntity.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UpdateControllerServiceReferenceRequestEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UpdateControllerServiceReferenceRequestEntity.java
new file mode 100644
index 0000000..0b2230e
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UpdateControllerServiceReferenceRequestEntity.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.api.entity;
+
+import com.wordnik.swagger.annotations.ApiModelProperty;
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+/**
+ * A serialized representation of this class can be placed in the entity body of a request to the API.
+ */
+@XmlRootElement(name = "updateControllerServiceReferenceRequestEntity")
+public class UpdateControllerServiceReferenceRequestEntity extends Entity {
+
+ private String id;
+ private String state;
+
+ @ApiModelProperty(
+ value = "The identifier of the Controller Service."
+ )
+ public String getId() {
+ return id;
+ }
+
+ public void setId(String id) {
+ this.id = id;
+ }
+
+ @ApiModelProperty(
+ value = "The new state of the references for the controller service.",
+ allowableValues = "ENABLED, DISABLED, RUNNING, STOPPED"
+ )
+ public String getState() {
+ return state;
+ }
+
+ public void setState(String state) {
+ this.state = state;
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/.gitignore
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/.gitignore b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/.gitignore
deleted file mode 100755
index ea8c4bf..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/target
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/pom.xml
deleted file mode 100644
index 2f0147b..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/pom.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-framework</artifactId>
- <version>1.0.0-SNAPSHOT</version>
- </parent>
- <artifactId>nifi-cluster-authorization-provider</artifactId>
- <dependencies>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-file-authorization-provider</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-framework-cluster-protocol</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-framework-cluster</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-socket-utils</artifactId>
- </dependency>
- </dependencies>
-</project>
[22/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
NIFI-1551:
- Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer.
- Updating UI accordingly.
- Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
- This closes #359.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/153f63ef
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/153f63ef
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/153f63ef
Branch: refs/heads/master
Commit: 153f63ef43fd4511026653122fbde27e68221a57
Parents: 7db78e8
Author: Matt Gilman <ma...@gmail.com>
Authored: Fri Apr 15 15:53:47 2016 -0400
Committer: Mark Payne <ma...@hotmail.com>
Committed: Fri Apr 15 16:03:00 2016 -0400
----------------------------------------------------------------------
.../authentication/LoginIdentityProvider.java | 4 +-
.../exception/ProviderCreationException.java | 39 +
.../exception/ProviderDestructionException.java | 39 +
.../apache/nifi/authorization/Authority.java | 93 -
.../nifi/authorization/AuthorityProvider.java | 182 --
.../AuthorityProviderConfigurationContext.java | 48 -
.../AuthorityProviderInitializationContext.java | 27 -
.../authorization/AuthorityProviderLookup.java | 25 -
.../authorization/AuthorizationRequest.java | 39 +-
.../apache/nifi/authorization/Authorizer.java | 3 +-
.../authorization/DownloadAuthorization.java | 83 -
.../annotation/AuthorityProviderContext.java | 35 -
.../exception/AuthorityAccessException.java | 33 -
.../IdentityAlreadyExistsException.java | 32 -
.../exception/ProviderCreationException.java | 39 -
.../exception/ProviderDestructionException.java | 39 -
.../exception/UnknownIdentityException.java | 32 -
nifi-assembly/pom.xml | 8 +-
.../org/apache/nifi/util/NiFiProperties.java | 53 +-
.../NiFiProperties/conf/nifi.blank.properties | 6 +-
.../NiFiProperties/conf/nifi.missing.properties | 6 +-
.../NiFiProperties/conf/nifi.properties | 6 +-
.../src/main/asciidoc/administration-guide.adoc | 139 +-
.../cassandra/AbstractCassandraProcessor.java | 2 +-
.../AbstractCassandraProcessorTest.java | 2 +-
.../nifi-framework-nar/pom.xml | 8 -
.../nifi/admin/KeyDataSourceFactoryBean.java | 147 ++
.../nifi/admin/UserDataSourceFactoryBean.java | 244 --
.../org/apache/nifi/admin/dao/AuthorityDAO.java | 59 -
.../org/apache/nifi/admin/dao/DAOFactory.java | 4 -
.../java/org/apache/nifi/admin/dao/UserDAO.java | 128 -
.../nifi/admin/dao/impl/DAOFactoryImpl.java | 12 -
.../admin/dao/impl/StandardAuthorityDAO.java | 172 --
.../nifi/admin/dao/impl/StandardUserDAO.java | 641 -----
.../admin/service/AccountDisabledException.java | 40 -
.../admin/service/AccountNotFoundException.java | 40 -
.../admin/service/AccountPendingException.java | 41 -
.../apache/nifi/admin/service/KeyService.java | 49 +
.../apache/nifi/admin/service/UserService.java | 180 --
.../service/action/AbstractUserAction.java | 97 -
.../admin/service/action/AddActionsAction.java | 3 +-
.../service/action/AdministrationAction.java | 4 +-
.../service/action/AuthorizeDownloadAction.java | 54 -
.../service/action/AuthorizeUserAction.java | 173 --
.../admin/service/action/CreateUserAction.java | 53 -
.../admin/service/action/DeleteKeysAction.java | 3 +-
.../admin/service/action/DeleteUserAction.java | 73 -
.../admin/service/action/DisableUserAction.java | 81 -
.../service/action/DisableUserGroupAction.java | 78 -
.../service/action/FindUserByDnAction.java | 49 -
.../service/action/FindUserByIdAction.java | 46 -
.../admin/service/action/GetActionAction.java | 3 +-
.../admin/service/action/GetActionsAction.java | 6 +-
.../admin/service/action/GetKeyByIdAction.java | 4 +-
.../service/action/GetKeyByIdentityAction.java | 4 +-
.../service/action/GetOrCreateKeyAction.java | 4 +-
.../admin/service/action/GetPreviousValues.java | 8 +-
.../service/action/GetUserGroupAction.java | 50 -
.../admin/service/action/GetUsersAction.java | 39 -
.../service/action/HasPendingUserAccounts.java | 34 -
.../action/InvalidateUserAccountAction.java | 58 -
.../InvalidateUserGroupAccountsAction.java | 45 -
.../service/action/PurgeActionsAction.java | 3 +-
.../action/RequestUserAccountAction.java | 67 -
.../service/action/SeedUserAccountsAction.java | 164 --
.../admin/service/action/UngroupUserAction.java | 69 -
.../service/action/UngroupUserGroupAction.java | 57 -
.../admin/service/action/UpdateUserAction.java | 124 -
.../UpdateUserAuthoritiesCacheAction.java | 73 -
.../service/action/UpdateUserCacheAction.java | 47 -
.../service/action/UpdateUserGroupAction.java | 171 --
.../admin/service/impl/StandardKeyService.java | 161 ++
.../admin/service/impl/StandardUserService.java | 731 ------
.../transaction/impl/StandardTransaction.java | 16 +-
.../impl/StandardTransactionBuilder.java | 8 +-
.../AuthorityProviderFactoryBean.java | 491 ----
.../authorization/AuthorizerFactoryBean.java | 11 +-
...rdAuthorityProviderConfigurationContext.java | 51 -
...dAuthorityProviderInitializationContext.java | 42 -
.../org/apache/nifi/user/AccountStatus.java | 47 -
.../java/org/apache/nifi/user/NiFiUser.java | 101 +-
.../resources/nifi-administration-context.xml | 33 +-
.../src/main/xsd/authority-providers.xsd | 49 -
.../service/action/AuthorizeUserActionTest.java | 433 ----
.../service/action/CreateUserActionTest.java | 144 --
.../service/action/DisableUserActionTest.java | 176 --
.../action/InvalidateUserAccountActionTest.java | 126 -
.../action/RequestUserAccountActionTest.java | 127 -
.../action/SeedUserAccountsActionTest.java | 262 ---
.../action/SetUserAuthoritiesActionTest.java | 223 --
.../apache/nifi/web/api/dto/RevisionDTO.java | 4 +
.../web/api/dto/status/ControllerStatusDTO.java | 15 -
.../org/apache/nifi/web/api/entity/Entity.java | 6 +-
...ControllerServiceReferenceRequestEntity.java | 54 +
.../.gitignore | 1 -
.../nifi-cluster-authorization-provider/pom.xml | 46 -
.../ClusterManagerAuthorizationProvider.java | 225 --
.../NodeAuthorizationProvider.java | 389 ----
.../protocol/message/DoesDnExistMessage.java | 55 -
.../protocol/message/GetAuthoritiesMessage.java | 57 -
.../message/GetGroupForUserMessage.java | 54 -
.../protocol/message/ProtocolMessage.java | 56 -
.../message/jaxb/JaxbProtocolUtils.java | 41 -
.../protocol/message/jaxb/ObjectFactory.java | 44 -
....apache.nifi.authorization.AuthorityProvider | 16 -
.../src/test/resources/conf/nifi.properties | 6 +-
.../nifi-file-authorization-provider/pom.xml | 85 -
.../FileAuthorizationProvider.java | 496 ----
....apache.nifi.authorization.AuthorityProvider | 15 -
.../src/main/xsd/users.xsd | 64 -
.../FileAuthorizationProviderTest.java | 128 -
.../nifi/authorization/FileAuthorizer.java | 18 +-
.../nifi/authorization/FileAuthorizerTest.java | 20 +-
.../org/apache/nifi/groups/ProcessGroup.java | 24 +
.../apache/nifi/controller/FlowController.java | 20 +-
.../nifi/groups/StandardProcessGroup.java | 63 +
.../nifi/spring/FlowControllerFactoryBean.java | 12 +-
.../src/main/resources/nifi-context.xml | 2 +-
.../controller/StandardFlowServiceTest.java | 8 +-
.../scheduling/TestProcessorLifecycle.java | 4 +-
.../src/test/resources/conf/nifi.properties | 6 +-
.../test/resources/nifi-with-remote.properties | 6 +-
.../src/test/resources/nifi.properties | 6 +-
.../org/apache/nifi/nar/ExtensionManager.java | 19 +-
.../nifi/nar/NarThreadContextClassLoader.java | 20 +-
.../resources/NarUnpacker/conf/nifi.properties | 6 +-
.../main/resources/conf/authority-providers.xml | 43 -
.../main/resources/conf/authorized-users.xml | 57 -
.../src/main/resources/conf/authorizers.xml | 28 +
.../src/main/resources/conf/nifi.properties | 8 +-
.../nifi/remote/StandardRootGroupPort.java | 113 +-
.../src/test/resources/nifi.properties | 6 +-
.../org/apache/nifi/audit/FunnelAuditor.java | 9 +-
.../java/org/apache/nifi/audit/PortAuditor.java | 35 +-
.../org/apache/nifi/audit/ProcessorAuditor.java | 20 +-
.../apache/nifi/audit/RelationshipAuditor.java | 18 +-
.../nifi/audit/RemoteProcessGroupAuditor.java | 31 +-
.../org/apache/nifi/audit/SnippetAuditor.java | 45 +-
.../org/apache/nifi/web/NiFiServiceFacade.java | 279 +--
.../web/NiFiWebApiSecurityConfiguration.java | 76 +-
.../nifi/web/StandardNiFiContentAccess.java | 20 +-
.../nifi/web/StandardNiFiServiceFacade.java | 624 ++---
.../StandardNiFiWebConfigurationContext.java | 70 +-
.../apache/nifi/web/StandardNiFiWebContext.java | 60 +-
.../org/apache/nifi/web/api/AccessResource.java | 79 +-
.../nifi/web/api/BulletinBoardResource.java | 37 +-
.../apache/nifi/web/api/ClusterResource.java | 11 +-
.../apache/nifi/web/api/ConnectionResource.java | 659 +-----
.../apache/nifi/web/api/ControllerResource.java | 151 +-
.../nifi/web/api/ControllerServiceResource.java | 365 +--
.../org/apache/nifi/web/api/FunnelResource.java | 339 +--
.../apache/nifi/web/api/HistoryResource.java | 60 +-
.../apache/nifi/web/api/InputPortResource.java | 340 +--
.../org/apache/nifi/web/api/LabelResource.java | 383 +--
.../org/apache/nifi/web/api/NodeResource.java | 9 +-
.../apache/nifi/web/api/OutputPortResource.java | 383 +--
.../nifi/web/api/ProcessGroupResource.java | 2186 ++++++++++++------
.../apache/nifi/web/api/ProcessorResource.java | 485 +---
.../apache/nifi/web/api/ProvenanceResource.java | 94 +-
.../web/api/RemoteProcessGroupResource.java | 450 +---
.../nifi/web/api/ReportingTaskResource.java | 344 +--
.../apache/nifi/web/api/SnippetResource.java | 200 +-
.../nifi/web/api/SystemDiagnosticsResource.java | 3 +-
.../apache/nifi/web/api/TemplateResource.java | 49 +-
.../apache/nifi/web/api/UserGroupResource.java | 465 ----
.../org/apache/nifi/web/api/UserResource.java | 617 -----
.../config/AccountNotFoundExceptionMapper.java | 47 -
.../org/apache/nifi/web/api/dto/DtoFactory.java | 99 +-
.../nifi/web/controller/ControllerFacade.java | 91 +-
.../org/apache/nifi/web/dao/ConnectionDAO.java | 72 +-
.../java/org/apache/nifi/web/dao/FunnelDAO.java | 25 +-
.../java/org/apache/nifi/web/dao/LabelDAO.java | 15 +-
.../java/org/apache/nifi/web/dao/PortDAO.java | 22 +-
.../apache/nifi/web/dao/ProcessGroupDAO.java | 4 +-
.../org/apache/nifi/web/dao/ProcessorDAO.java | 33 +-
.../nifi/web/dao/RemoteProcessGroupDAO.java | 33 +-
.../web/dao/impl/StandardConnectionDAO.java | 146 +-
.../nifi/web/dao/impl/StandardFunnelDAO.java | 60 +-
.../nifi/web/dao/impl/StandardInputPortDAO.java | 73 +-
.../nifi/web/dao/impl/StandardLabelDAO.java | 55 +-
.../web/dao/impl/StandardOutputPortDAO.java | 73 +-
.../web/dao/impl/StandardProcessGroupDAO.java | 12 +-
.../nifi/web/dao/impl/StandardProcessorDAO.java | 93 +-
.../dao/impl/StandardRemoteProcessGroupDAO.java | 92 +-
.../src/main/resources/nifi-web-api-context.xml | 49 +-
.../accesscontrol/AccessTokenEndpointTest.java | 2 +
.../accesscontrol/AdminAccessControlTest.java | 2 +
.../accesscontrol/DfmAccessControlTest.java | 1 +
.../ReadOnlyAccessControlTest.java | 2 +
.../util/NiFiTestAuthorizationProvider.java | 180 --
.../integration/util/NiFiTestAuthorizer.java | 56 +
.../util/NiFiTestLoginIdentityProvider.java | 9 +-
.../nifi/integration/util/NiFiTestServer.java | 2 +-
....apache.nifi.authorization.AuthorityProvider | 15 -
.../org.apache.nifi.authorization.Authorizer | 15 +
.../access-control/authority-providers.xml | 2 +-
.../resources/access-control/nifi.properties | 6 +-
.../web/security/NiFiAuthenticationFilter.java | 105 +-
.../security/NiFiAuthenticationProvider.java | 73 -
.../anonymous/NiFiAnonymousUserFilter.java | 47 +-
.../authorization/NiFiAuthorizationService.java | 171 --
.../security/jwt/JwtAuthenticationFilter.java | 34 +-
.../security/jwt/JwtAuthenticationProvider.java | 56 +
.../jwt/JwtAuthenticationRequestToken.java | 58 +
.../nifi/web/security/jwt/JwtService.java | 12 +-
.../kerberos/KerberosServiceFactoryBean.java | 74 -
.../security/node/NodeAuthorizedUserFilter.java | 4 +-
.../security/otp/OtpAuthenticationFilter.java | 41 +-
.../security/otp/OtpAuthenticationProvider.java | 60 +
.../otp/OtpAuthenticationRequestToken.java | 64 +
.../spring/KerberosServiceFactoryBean.java | 76 +
.../LoginIdentityProviderFactoryBean.java | 35 +-
.../NewAccountAuthorizationRequestToken.java | 40 -
.../token/NewAccountAuthorizationToken.java | 46 -
.../security/token/NiFiAuthenticationToken.java | 50 +
.../token/NiFiAuthorizationRequestToken.java | 54 -
.../security/token/NiFiAuthorizationToken.java | 50 -
.../web/security/user/NewAccountRequest.java | 47 -
.../nifi/web/security/user/NiFiUserDetails.java | 17 +-
.../nifi/web/security/user/NiFiUserUtils.java | 21 -
.../security/x509/X509AuthenticationFilter.java | 36 +-
.../x509/X509AuthenticationProvider.java | 78 +
.../x509/X509AuthenticationRequestToken.java | 75 +
.../x509/ocsp/OcspCertificateValidator.java | 5 +-
.../resources/nifi-web-security-context.xml | 21 +-
.../NiFiAuthorizationServiceTest.java | 249 --
.../nifi/web/security/jwt/JwtServiceTest.java | 14 +-
.../otp/OtpAuthenticationFilterTest.java | 91 +-
.../otp/OtpAuthenticationProviderTest.java | 102 +
.../nifi-framework/nifi-web/nifi-web-ui/pom.xml | 42 -
.../main/resources/filters/canvas.properties | 2 -
.../main/resources/filters/users-min.properties | 18 -
.../src/main/resources/filters/users.properties | 29 -
.../src/main/webapp/WEB-INF/pages/canvas.jsp | 2 -
.../src/main/webapp/WEB-INF/pages/users.jsp | 72 -
.../WEB-INF/partials/canvas/canvas-header.jsp | 1 -
.../canvas/secure-port-configuration.jsp | 82 -
.../partials/canvas/secure-port-details.jsp | 67 -
.../partials/users/group-revoke-dialog.jsp | 22 -
.../partials/users/group-roles-dialog.jsp | 52 -
.../partials/users/user-delete-dialog.jsp | 23 -
.../partials/users/user-details-dialog.jsp | 56 -
.../partials/users/user-group-dialog.jsp | 27 -
.../partials/users/user-revoke-dialog.jsp | 23 -
.../partials/users/user-roles-dialog.jsp | 60 -
.../WEB-INF/partials/users/users-content.jsp | 46 -
.../nifi-web-ui/src/main/webapp/css/header.css | 13 -
.../src/main/webapp/css/port-configuration.css | 133 --
.../src/main/webapp/css/port-details.css | 27 -
.../nifi-web-ui/src/main/webapp/css/users.css | 254 --
.../src/main/webapp/images/iconAdminUser.png | Bin 1960 -> 0 bytes
.../propertytable/jquery.propertytable.js | 2 +-
.../js/nf/bulletin-board/nf-bulletin-board.js | 2 +-
.../src/main/webapp/js/nf/canvas/nf-actions.js | 140 +-
.../webapp/js/nf/canvas/nf-canvas-header.js | 31 +-
.../webapp/js/nf/canvas/nf-canvas-toolbox.js | 175 +-
.../src/main/webapp/js/nf/canvas/nf-canvas.js | 9 +-
.../webapp/js/nf/canvas/nf-component-state.js | 10 +-
.../js/nf/canvas/nf-connection-configuration.js | 108 +-
.../main/webapp/js/nf/canvas/nf-connection.js | 35 +-
.../js/nf/canvas/nf-controller-service.js | 62 +-
.../main/webapp/js/nf/canvas/nf-draggable.js | 26 +-
.../src/main/webapp/js/nf/canvas/nf-funnel.js | 9 +-
.../src/main/webapp/js/nf/canvas/nf-go-to.js | 24 +-
.../js/nf/canvas/nf-label-configuration.js | 33 +-
.../src/main/webapp/js/nf/canvas/nf-label.js | 7 +
.../js/nf/canvas/nf-port-configuration.js | 31 +-
.../src/main/webapp/js/nf/canvas/nf-port.js | 9 +-
.../nf/canvas/nf-process-group-configuration.js | 20 +-
.../webapp/js/nf/canvas/nf-process-group.js | 7 +
.../js/nf/canvas/nf-processor-configuration.js | 2 +-
.../main/webapp/js/nf/canvas/nf-processor.js | 7 +
.../webapp/js/nf/canvas/nf-queue-listing.js | 3 +-
.../nf-remote-process-group-configuration.js | 1 -
.../nf/canvas/nf-remote-process-group-ports.js | 2 -
.../js/nf/canvas/nf-remote-process-group.js | 7 +
.../webapp/js/nf/canvas/nf-reporting-task.js | 23 +-
.../nf/canvas/nf-secure-port-configuration.js | 384 ---
.../js/nf/canvas/nf-secure-port-details.js | 121 -
.../src/main/webapp/js/nf/canvas/nf-settings.js | 42 +-
.../src/main/webapp/js/nf/canvas/nf-snippet.js | 2 +-
.../webapp/js/nf/history/nf-history-model.js | 2 +-
.../webapp/js/nf/history/nf-history-table.js | 2 +-
.../main/webapp/js/nf/nf-connection-details.js | 16 +-
.../main/webapp/js/nf/nf-processor-details.js | 4 +-
.../src/main/webapp/js/nf/nf-status-history.js | 9 +-
.../webapp/js/nf/summary/nf-cluster-search.js | 2 +-
.../webapp/js/nf/summary/nf-summary-table.js | 15 +-
.../main/webapp/js/nf/users/nf-users-table.js | 1075 ---------
.../src/main/webapp/js/nf/users/nf-users.js | 151 --
.../nifi-framework/pom.xml | 2 -
nifi-nar-bundles/nifi-framework-bundle/pom.xml | 10 -
.../apache/nifi/kerberos/KerberosProvider.java | 4 +-
.../java/org/apache/nifi/ldap/LdapProvider.java | 4 +-
294 files changed, 5156 insertions(+), 20914 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java b/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
index 54becb3..145bdb4 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
@@ -18,8 +18,8 @@ package org.apache.nifi.authentication;
import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderDestructionException;
/**
* Identity provider that is able to authentication a user with username/password credentials.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderCreationException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderCreationException.java b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderCreationException.java
new file mode 100644
index 0000000..b352787
--- /dev/null
+++ b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderCreationException.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.exception;
+
+/**
+ * Represents the exceptional case when an AuthorityProvider fails instantiated.
+ *
+ */
+public class ProviderCreationException extends RuntimeException {
+
+ public ProviderCreationException() {
+ }
+
+ public ProviderCreationException(String msg) {
+ super(msg);
+ }
+
+ public ProviderCreationException(Throwable cause) {
+ super(cause);
+ }
+
+ public ProviderCreationException(String msg, Throwable cause) {
+ super(msg, cause);
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderDestructionException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderDestructionException.java b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderDestructionException.java
new file mode 100644
index 0000000..1e12146
--- /dev/null
+++ b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderDestructionException.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.exception;
+
+/**
+ * Represents the exceptional case when an AuthorityProvider fails destruction.
+ *
+ */
+public class ProviderDestructionException extends RuntimeException {
+
+ public ProviderDestructionException() {
+ }
+
+ public ProviderDestructionException(String msg) {
+ super(msg);
+ }
+
+ public ProviderDestructionException(Throwable cause) {
+ super(cause);
+ }
+
+ public ProviderDestructionException(String msg, Throwable cause) {
+ super(msg, cause);
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authorization/Authority.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/Authority.java b/nifi-api/src/main/java/org/apache/nifi/authorization/Authority.java
deleted file mode 100644
index 4502c11..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/Authority.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.util.EnumSet;
-import java.util.HashSet;
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-/**
- * Authorities that can be assigned to NiFi users.
- */
-public enum Authority {
-
- ROLE_MONITOR,
- ROLE_DFM,
- ROLE_ADMIN,
- ROLE_PROVENANCE,
- ROLE_PROXY,
- ROLE_NIFI;
-
- /**
- * @param rawAuthority string form of authority
- * @return the matching role or null if the specified role does not match
- * any roles
- */
- public static Authority valueOfAuthority(String rawAuthority) {
- Authority desiredAuthority = null;
-
- for (Authority authority : values()) {
- if (authority.toString().equals(rawAuthority)) {
- desiredAuthority = authority;
- break;
- }
- }
-
- return desiredAuthority;
- }
-
- /**
- * @return the string value of each authority
- */
- public static Set<String> getRawAuthorities() {
- Set<String> authorities = new LinkedHashSet<>();
- for (Authority authority : values()) {
- authorities.add(authority.toString());
- }
- return authorities;
- }
-
- public static Set<String> convertAuthorities(Set<Authority> authorities) {
- if (authorities == null) {
- throw new IllegalArgumentException("No authorities have been specified.");
- }
-
- // convert the set
- Set<String> rawAuthorities = new HashSet<>(authorities.size());
- for (Authority authority : authorities) {
- rawAuthorities.add(authority.toString());
- }
- return rawAuthorities;
- }
-
- public static EnumSet<Authority> convertRawAuthorities(Set<String> rawAuthorities) {
- if (rawAuthorities == null) {
- throw new IllegalArgumentException("No authorities have been specified.");
- }
-
- // convert the set
- EnumSet<Authority> authorities = EnumSet.noneOf(Authority.class);
- for (String rawAuthority : rawAuthorities) {
- Authority authority = Authority.valueOfAuthority(rawAuthority);
- if (authority != null) {
- authorities.add(authority);
- }
- }
- return authorities;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java
deleted file mode 100644
index 716216d..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java
+++ /dev/null
@@ -1,182 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-
-/**
- * This class allows clients to retrieve the authorities for a given DN.
- */
-public interface AuthorityProvider {
-
- /**
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @return whether the user with the specified identity is known to this authority
- * provider. It is not necessary for the user to have any authorities
- */
- boolean doesDnExist(String identity) throws AuthorityAccessException;
-
- /**
- * Get the authorities for the specified user. If the specified user exists
- * but does not have any authorities, an empty set should be returned.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @return the authorities for the specified user. If the specified user
- * exists but does not have any authorities, an empty set should be returned
- * @throws UnknownIdentityException if identity is not known
- * @throws AuthorityAccessException if unable to access authorities
- */
- Set<Authority> getAuthorities(String identity) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Sets the specified authorities for the specified user.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @param authorities the new authorities for the user
- * @throws UnknownIdentityException if identity is not known
- * @throws AuthorityAccessException if unable to access authorities
- */
- void setAuthorities(String identity, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Gets the users for the specified authority.
- *
- * @param authority for which to determine membership of
- * @return all users with the specified authority
- * @throws AuthorityAccessException if unable to access authorities
- */
- Set<String> getUsers(Authority authority) throws AuthorityAccessException;
-
- /**
- * Revokes the specified user. Its up to the implementor to determine the
- * semantics of revocation.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void revokeUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Add the specified user.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @param group Optional
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void addUser(String identity, String group) throws IdentityAlreadyExistsException, AuthorityAccessException;
-
- /**
- * Gets the group for the specified user. Return null if the user does not
- * belong to a group.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @return the group of the given user
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- String getGroupForUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Revokes all users for a specified group. Its up to the implementor to
- * determine the semantics of revocation.
- *
- * @param group to revoke the users of
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void revokeGroup(String group) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Adds the specified users to the specified group.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @param group to add users to
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void setUsersGroup(Set<String> identity, String group) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Ungroups the specified user.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void ungroupUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Ungroups the specified group. Since the semantics of revocation is up to
- * the implementor, this method should do nothing if the specified group
- * does not exist. If an admin revoked this group before calling ungroup, it
- * may or may not exist.
- *
- * @param group to ungroup
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void ungroup(String group) throws AuthorityAccessException;
-
- /**
- * Determines whether the user in the specified dnChain should be able to
- * download the content for the flowfile with the specified attributes.
- *
- * The first identity in the chain is the end user that the request was issued on
- * behalf of. The subsequent identities in the chain represent entities proxying
- * the user's request with the last being the proxy that sent the current
- * request.
- *
- * @param proxyChain proxy chain of user identities that for the download request
- * @param attributes of the flowfile being requested
- * @return the authorization result
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- DownloadAuthorization authorizeDownload(List<String> proxyChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Called immediately after instance creation for implementers to perform
- * additional setup
- *
- * @param initializationContext in which to initialize
- */
- void initialize(AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException;
-
- /**
- * Called to configure the AuthorityProvider.
- *
- * @param configurationContext at the time of configuration
- * @throws ProviderCreationException for any issues configuring the provider
- */
- void onConfigured(AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException;
-
- /**
- * Called immediately before instance destruction for implementers to
- * release resources.
- *
- * @throws ProviderDestructionException If pre-destruction fails.
- */
- void preDestruction() throws ProviderDestructionException;
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderConfigurationContext.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderConfigurationContext.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderConfigurationContext.java
deleted file mode 100644
index c1ba5df..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderConfigurationContext.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.util.Map;
-
-/**
- *
- */
-public interface AuthorityProviderConfigurationContext {
-
- /**
- * @return identifier for the authority provider
- */
- String getIdentifier();
-
- /**
- * Retrieves all properties the component currently understands regardless
- * of whether a value has been set for them or not. If no value is present
- * then its value is null and thus any registered default for the property
- * descriptor applies.
- *
- * @return Map of all properties
- */
- Map<String, String> getProperties();
-
- /**
- * @param property to lookup the descriptor and value of
- * @return the value the component currently understands for the given
- * PropertyDescriptor. This method does not substitute default
- * PropertyDescriptor values, so the value returned will be null if not set
- */
- String getProperty(String property);
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderInitializationContext.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderInitializationContext.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderInitializationContext.java
deleted file mode 100644
index 7b2f89f..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderInitializationContext.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-/**
- *
- */
-public interface AuthorityProviderInitializationContext {
-
- public String getIdentifier();
-
- public AuthorityProviderLookup getAuthorityProviderLookup();
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderLookup.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderLookup.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderLookup.java
deleted file mode 100644
index dc30967..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderLookup.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-/**
- *
- */
-public interface AuthorityProviderLookup {
-
- AuthorityProvider getAuthorityProvider(String identifier);
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
index 9e50e62..7e6999c 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
@@ -29,17 +29,22 @@ public class AuthorizationRequest {
private final Resource resource;
private final String identity;
private final RequestAction action;
+ private final boolean isAccessAttempt;
+ private final boolean isAnonymous;
private final Map<String, String> context;
private final Map<String, String> eventAttributes;
private AuthorizationRequest(final Builder builder) {
Objects.requireNonNull(builder.resource, "The resource is required when creating an authorization request");
- Objects.requireNonNull(builder.identity, "The identity of the user is required when creating an authorization request");
Objects.requireNonNull(builder.action, "The action is required when creating an authorization request");
+ Objects.requireNonNull(builder.isAccessAttempt, "Whether this request is an access attempt is request");
+ Objects.requireNonNull(builder.isAnonymous, "Whether this request is being performed by an anonymous user is required");
this.resource = builder.resource;
this.identity = builder.identity;
this.action = builder.action;
+ this.isAccessAttempt = builder.isAccessAttempt;
+ this.isAnonymous = builder.isAnonymous;
this.context = builder.context == null ? null : Collections.unmodifiableMap(builder.context);
this.eventAttributes = builder.context == null ? null : Collections.unmodifiableMap(builder.eventAttributes);
}
@@ -54,7 +59,7 @@ public class AuthorizationRequest {
}
/**
- * The identity accessing the Resource. Not null.
+ * The identity accessing the Resource. May be null if the user could not authenticate.
*
* @return The identity
*/
@@ -63,6 +68,24 @@ public class AuthorizationRequest {
}
/**
+ * Whether this is a direct access attempt of the Resource if if it's being checked as part of another response.
+ *
+ * @return if this is a direct access attempt
+ */
+ public boolean isAccessAttempt() {
+ return isAccessAttempt;
+ }
+
+ /**
+ * Whether the entity accessing is anonymous.
+ *
+ * @return whether the entity is anonymous
+ */
+ public boolean isAnonymous() {
+ return isAnonymous;
+ }
+
+ /**
* The action being taken against the Resource. Not null.
*
* @return The action
@@ -96,6 +119,8 @@ public class AuthorizationRequest {
private Resource resource;
private String identity;
+ private Boolean isAnonymous;
+ private Boolean isAccessAttempt;
private RequestAction action;
private Map<String, String> context;
private Map<String, String> eventAttributes;
@@ -110,6 +135,16 @@ public class AuthorizationRequest {
return this;
}
+ public Builder anonymous(final Boolean isAnonymous) {
+ this.isAnonymous = isAnonymous;
+ return this;
+ }
+
+ public Builder accessAttempt(final Boolean isAccessAttempt) {
+ this.isAccessAttempt = isAccessAttempt;
+ return this;
+ }
+
public Builder action(final RequestAction action) {
this.action = action;
return this;
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java b/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
index 01a76e4..5aec6f0 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
@@ -16,7 +16,6 @@
*/
package org.apache.nifi.authorization;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.exception.AuthorizerDestructionException;
@@ -31,7 +30,7 @@ public interface Authorizer {
*
* @param request The authorization request
* @return the authorization result
- * @throws AuthorityAccessException if unable to access the authorities
+ * @throws AuthorizationAccessException if unable to access the authorities
*/
AuthorizationResult authorize(AuthorizationRequest request) throws AuthorizationAccessException;
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java b/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java
deleted file mode 100644
index 416f3cf..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-/**
- * Represents a decision whether authorization is granted to download content.
- */
-public class DownloadAuthorization {
-
- private static enum Result {
-
- Approved,
- Denied;
- }
-
- private static final DownloadAuthorization APPROVED = new DownloadAuthorization(Result.Approved, null);
-
- private final Result result;
- private final String explanation;
-
- /**
- * Creates a new DownloadAuthorization with the specified result and
- * explanation.
- *
- * @param result of the authorization
- * @param explanation for the authorization attempt
- */
- private DownloadAuthorization(Result result, String explanation) {
- if (Result.Denied.equals(result) && explanation == null) {
- throw new IllegalArgumentException("An explanation is required when the download request is denied.");
- }
-
- this.result = result;
- this.explanation = explanation;
- }
-
- /**
- * @return Whether or not the download request is approved
- */
- public boolean isApproved() {
- return Result.Approved.equals(result);
- }
-
- /**
- * @return If the download request is denied, the reason why. Null otherwise
- */
- public String getExplanation() {
- return explanation;
- }
-
- /**
- * @return a new approved DownloadAuthorization
- */
- public static DownloadAuthorization approved() {
- return APPROVED;
- }
-
- /**
- * Creates a new denied DownloadAuthorization with the specified
- * explanation.
- *
- * @param explanation for why it was denied
- * @return a new denied DownloadAuthorization with the specified explanation
- * @throws IllegalArgumentException if explanation is null
- */
- public static DownloadAuthorization denied(String explanation) {
- return new DownloadAuthorization(Result.Denied, explanation);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authorization/annotation/AuthorityProviderContext.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/annotation/AuthorityProviderContext.java b/nifi-api/src/main/java/org/apache/nifi/authorization/annotation/AuthorityProviderContext.java
deleted file mode 100644
index 5ac2af7..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/annotation/AuthorityProviderContext.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.annotation;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Inherited;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- *
- *
- */
-@Documented
-@Target({ElementType.FIELD, ElementType.METHOD})
-@Retention(RetentionPolicy.RUNTIME)
-@Inherited
-public @interface AuthorityProviderContext {
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authorization/exception/AuthorityAccessException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/AuthorityAccessException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/AuthorityAccessException.java
deleted file mode 100644
index be64767..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/AuthorityAccessException.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the case when the DN could not be confirmed because it was unable
- * to access the data store.
- */
-public class AuthorityAccessException extends RuntimeException {
-
- public AuthorityAccessException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public AuthorityAccessException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authorization/exception/IdentityAlreadyExistsException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/IdentityAlreadyExistsException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/IdentityAlreadyExistsException.java
deleted file mode 100644
index ba80b6e..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/IdentityAlreadyExistsException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the case when the user identity already exists.
- */
-public class IdentityAlreadyExistsException extends RuntimeException {
-
- public IdentityAlreadyExistsException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public IdentityAlreadyExistsException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderCreationException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderCreationException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderCreationException.java
deleted file mode 100644
index 24ac793..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderCreationException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the exceptional case when an AuthorityProvider fails instantiated.
- *
- */
-public class ProviderCreationException extends RuntimeException {
-
- public ProviderCreationException() {
- }
-
- public ProviderCreationException(String msg) {
- super(msg);
- }
-
- public ProviderCreationException(Throwable cause) {
- super(cause);
- }
-
- public ProviderCreationException(String msg, Throwable cause) {
- super(msg, cause);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderDestructionException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderDestructionException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderDestructionException.java
deleted file mode 100644
index 985d3fb..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderDestructionException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the exceptional case when an AuthorityProvider fails destruction.
- *
- */
-public class ProviderDestructionException extends RuntimeException {
-
- public ProviderDestructionException() {
- }
-
- public ProviderDestructionException(String msg) {
- super(msg);
- }
-
- public ProviderDestructionException(Throwable cause) {
- super(cause);
- }
-
- public ProviderDestructionException(String msg, Throwable cause) {
- super(msg, cause);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-api/src/main/java/org/apache/nifi/authorization/exception/UnknownIdentityException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/UnknownIdentityException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/UnknownIdentityException.java
deleted file mode 100644
index 2ada1c7..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/UnknownIdentityException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the case when an identity cannot be confirmed.
- */
-public class UnknownIdentityException extends RuntimeException {
-
- public UnknownIdentityException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public UnknownIdentityException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-assembly/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-assembly/pom.xml b/nifi-assembly/pom.xml
index 09a8d50..e85c83f 100644
--- a/nifi-assembly/pom.xml
+++ b/nifi-assembly/pom.xml
@@ -325,7 +325,7 @@ language governing permissions and limitations under the License. -->
<nifi.flow.configuration.file>./conf/flow.xml.gz</nifi.flow.configuration.file>
<nifi.flow.configuration.archive.dir>./conf/archive/</nifi.flow.configuration.archive.dir>
<nifi.login.identity.provider.configuration.file>./conf/login-identity-providers.xml</nifi.login.identity.provider.configuration.file>
- <nifi.authority.provider.configuration.file>./conf/authority-providers.xml</nifi.authority.provider.configuration.file>
+ <nifi.authorizer.configuration.file>./conf/authorizers.xml</nifi.authorizer.configuration.file>
<nifi.templates.directory>./conf/templates</nifi.templates.directory>
<nifi.database.directory>./database_repository</nifi.database.directory>
@@ -413,13 +413,9 @@ language governing permissions and limitations under the License. -->
<nifi.security.truststoreType />
<nifi.security.truststorePasswd />
<nifi.security.needClientAuth />
- <nifi.security.authorizedUsers.file>./conf/authorized-users.xml</nifi.security.authorizedUsers.file>
- <nifi.security.user.credential.cache.duration>24 hours</nifi.security.user.credential.cache.duration>
- <nifi.security.user.authority.provider>file-provider</nifi.security.user.authority.provider>
+ <nifi.security.user.authorizer>file-provider</nifi.security.user.authorizer>
<nifi.security.user.login.identity.provider />
<nifi.security.x509.principal.extractor />
- <nifi.security.support.new.account.requests />
- <nifi.security.anonymous.authorities />
<nifi.security.ocsp.responder.url />
<nifi.security.ocsp.responder.certificate />
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
----------------------------------------------------------------------
diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
index 517b19a..63693bf 100644
--- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
+++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@@ -28,14 +28,10 @@ import java.nio.file.InvalidPathException;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collections;
import java.util.HashMap;
-import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
-import java.util.Set;
public class NiFiProperties extends Properties {
@@ -48,7 +44,7 @@ public class NiFiProperties extends Properties {
public static final String PROPERTIES_FILE_PATH = "nifi.properties.file.path";
public static final String FLOW_CONFIGURATION_FILE = "nifi.flow.configuration.file";
public static final String FLOW_CONFIGURATION_ARCHIVE_FILE = "nifi.flow.configuration.archive.file";
- public static final String AUTHORITY_PROVIDER_CONFIGURATION_FILE = "nifi.authority.provider.configuration.file";
+ public static final String AUTHORIZER_CONFIGURATION_FILE = "nifi.authorizer.configuration.file";
public static final String LOGIN_IDENTITY_PROVIDER_CONFIGURATION_FILE = "nifi.login.identity.provider.configuration.file";
public static final String REPOSITORY_DATABASE_DIRECTORY = "nifi.database.directory";
public static final String RESTORE_DIRECTORY = "nifi.restore.directory";
@@ -131,13 +127,10 @@ public class NiFiProperties extends Properties {
public static final String SECURITY_TRUSTSTORE_TYPE = "nifi.security.truststoreType";
public static final String SECURITY_TRUSTSTORE_PASSWD = "nifi.security.truststorePasswd";
public static final String SECURITY_NEED_CLIENT_AUTH = "nifi.security.needClientAuth";
- public static final String SECURITY_USER_AUTHORITY_PROVIDER = "nifi.security.user.authority.provider";
+ public static final String SECURITY_USER_AUTHORIZER = "nifi.security.user.authorizer";
public static final String SECURITY_USER_LOGIN_IDENTITY_PROVIDER = "nifi.security.user.login.identity.provider";
public static final String SECURITY_CLUSTER_AUTHORITY_PROVIDER_PORT = "nifi.security.cluster.authority.provider.port";
public static final String SECURITY_CLUSTER_AUTHORITY_PROVIDER_THREADS = "nifi.security.cluster.authority.provider.threads";
- public static final String SECURITY_USER_CREDENTIAL_CACHE_DURATION = "nifi.security.user.credential.cache.duration";
- public static final String SECURITY_SUPPORT_NEW_ACCOUNT_REQUESTS = "nifi.security.support.new.account.requests";
- public static final String SECURITY_ANONYMOUS_AUTHORITIES = "nifi.security.anonymous.authorities";
public static final String SECURITY_OCSP_RESPONDER_URL = "nifi.security.ocsp.responder.url";
public static final String SECURITY_OCSP_RESPONDER_CERTIFICATE = "nifi.security.ocsp.responder.certificate";
@@ -504,10 +497,10 @@ public class NiFiProperties extends Properties {
}
/**
- * @return the user authorities file
+ * @return the user authorizers file
*/
- public File getAuthorityProviderConfiguraitonFile() {
- final String value = getProperty(AUTHORITY_PROVIDER_CONFIGURATION_FILE);
+ public File getAuthorizerConfiguraitonFile() {
+ final String value = getProperty(AUTHORIZER_CONFIGURATION_FILE);
if (StringUtils.isBlank(value)) {
return new File(DEFAULT_AUTHORITY_PROVIDER_CONFIGURATION_FILE);
} else {
@@ -541,40 +534,6 @@ public class NiFiProperties extends Properties {
return needClientAuth;
}
- public String getUserCredentialCacheDuration() {
- return getProperty(SECURITY_USER_CREDENTIAL_CACHE_DURATION,
- DEFAULT_USER_CREDENTIAL_CACHE_DURATION);
- }
-
- public boolean getSupportNewAccountRequests() {
- boolean shouldSupport = true;
- String rawShouldSupport = getProperty(SECURITY_SUPPORT_NEW_ACCOUNT_REQUESTS);
- if ("false".equalsIgnoreCase(rawShouldSupport)) {
- shouldSupport = false;
- }
- return shouldSupport;
- }
-
- @SuppressWarnings("unchecked")
- public Set<String> getAnonymousAuthorities() {
- final Set<String> authorities;
-
- final String rawAnonymousAuthorities = getProperty(SECURITY_ANONYMOUS_AUTHORITIES);
- if (!StringUtils.isEmpty(rawAnonymousAuthorities)) {
- authorities = new HashSet<>();
-
- // parse the raw authorities and trim them
- final List<String> authoritiesList = Arrays.asList(rawAnonymousAuthorities.split(","));
- for (final String authority : authoritiesList) {
- authorities.add(authority.trim());
- }
- } else {
- authorities = Collections.EMPTY_SET;
- }
-
- return authorities;
- }
-
// getters for web properties //
public Integer getPort() {
Integer port = null;
@@ -922,7 +881,7 @@ public class NiFiProperties extends Properties {
* @return true if client certificates are required for access to the REST API
*/
public boolean isClientAuthRequiredForRestApi() {
- return StringUtils.isBlank(getProperty(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER)) && getAnonymousAuthorities().isEmpty() && !isKerberosServiceSupportEnabled();
+ return StringUtils.isBlank(getProperty(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER)) && !isKerberosServiceSupportEnabled();
}
public InetSocketAddress getNodeApiAddress() {
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.blank.properties
----------------------------------------------------------------------
diff --git a/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.blank.properties b/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.blank.properties
index 720c050..898cebf 100644
--- a/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.blank.properties
+++ b/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.blank.properties
@@ -83,11 +83,7 @@ nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
-nifi.security.authorizedUsers.file=./target/conf/authorized-users.xml
-nifi.security.user.credential.cache.duration=24 hours
-nifi.security.user.authority.provider=nifi.authorization.FileAuthorizationProvider
-nifi.security.support.new.account.requests=
-nifi.security.default.user.roles=
+nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #
nifi.cluster.protocol.heartbeat.interval=5 sec
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.missing.properties
----------------------------------------------------------------------
diff --git a/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.missing.properties b/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.missing.properties
index 85300ae..786b05f 100644
--- a/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.missing.properties
+++ b/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.missing.properties
@@ -81,11 +81,7 @@ nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
-nifi.security.authorizedUsers.file=./target/conf/authorized-users.xml
-nifi.security.user.credential.cache.duration=24 hours
-nifi.security.user.authority.provider=nifi.authorization.FileAuthorizationProvider
-nifi.security.support.new.account.requests=
-nifi.security.default.user.roles=
+nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #
nifi.cluster.protocol.heartbeat.interval=5 sec
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.properties
----------------------------------------------------------------------
diff --git a/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.properties b/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.properties
index 0ace99e..f9d9b78 100644
--- a/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.properties
+++ b/nifi-commons/nifi-properties/src/test/resources/NiFiProperties/conf/nifi.properties
@@ -83,11 +83,7 @@ nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
-nifi.security.authorizedUsers.file=./target/conf/authorized-users.xml
-nifi.security.user.credential.cache.duration=24 hours
-nifi.security.user.authority.provider=nifi.authorization.FileAuthorizationProvider
-nifi.security.support.new.account.requests=
-nifi.security.default.user.roles=
+nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #
nifi.cluster.protocol.heartbeat.interval=5 sec
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-docs/src/main/asciidoc/administration-guide.adoc
----------------------------------------------------------------------
diff --git a/nifi-docs/src/main/asciidoc/administration-guide.adoc b/nifi-docs/src/main/asciidoc/administration-guide.adoc
index 86c340a..8d784c6 100644
--- a/nifi-docs/src/main/asciidoc/administration-guide.adoc
+++ b/nifi-docs/src/main/asciidoc/administration-guide.adoc
@@ -154,9 +154,6 @@ NiFi provides several different configuration options for security purposes. The
by the NiFi cluster protocol. If the Truststore properties are not set, this must be `false`. Otherwise, a value
of `true` indicates that nodes in the cluster will be authenticated and must have certificates that are trusted
by the Truststores.
-|`nifi.security.anonymous.authorities` | Specifies the roles that should be granted to users that connect over HTTPS anonymously. All users can make
- use of anonymous access, however if they have been granted a particular level of access by an administrator
- it will take precedence if they access NiFi using a client certificate or once they have logged in.
|==================================================================================================================================================
Once the above properties have been configured, we can enable the User Interface to be accessed over HTTPS instead of HTTP. This is accomplished
@@ -167,10 +164,10 @@ be accessible from all network interfaces, a value of `0.0.0.0` should be used.
NOTE: It is important when enabling HTTPS that the `nifi.web.http.port` property be unset.
Similar to `nifi.security.needClientAuth`, the web server can be configured to require certificate based client authentication for users accessing
-the User Interface. In order to do this it must be configured to not support username/password authentication (see below) and not grant access to
-anonymous users (see `nifi.security.anonymous.authorities` above). Either of these options will configure the web server to WANT certificate based client
-authentication. This will allow it to support users with certificates and those without that may be logging in with their credentials or those accessing
-anonymously. If username/password authentication and anonymous access are not configured, the web server will REQUIRE certificate based client authentication.
+the User Interface. In order to do this it must be configured to not support username/password authentication (see below). Either of these options
+will configure the web server to WANT certificate based client authentication. This will allow it to support users with certificates and those without
+that may be logging in with their credentials or those accessing anonymously. If username/password authentication and anonymous access are not configured,
+the web server will REQUIRE certificate based client authentication.
Now that the User Interface has been secured, we can easily secure Site-to-Site connections and inner-cluster communications, as well. This is
accomplished by setting the `nifi.remote.input.secure` and `nifi.cluster.protocol.is.secure` properties, respectively, to `true`.
@@ -289,127 +286,6 @@ nifi.security.user.login.identity.provider=kerberos-provider
See also <<kerberos_service>> to allow single sign-on access via client Kerberos tickets.
-Controlling Levels of Access
-----------------------------
-
-Once NiFi is configured to run securely and an authentication mechanism is configured, it is necessary
-to configure who will have access to the system and what types of access those people will have.
-NiFi controls this through the user of an 'Authority Provider.' The Authority Provider is a pluggable
-mechanism for providing authorizations to different users. Which Authority Provider to use is configured
-using two properties in the _nifi.properties_ file.
-
-The `nifi.authority.provider.configuration.file` property specifies the configuration file for Authority Providers.
-The `nifi.security.user.authority.provider` property indicates which of the configured Authority Providers should be
-used.
-
-By default, the `file-provider` Authority Provider is selected and is configured to use the permissions granted in
-the _authorized-users.xml_ file. This is typically sufficient for instances of NiFi that are run in "standalone" mode.
-If the NiFi instance is configured to run in a cluster, the node will typically use the `cluster-node-provider`
-Provider and the Cluster Manager will typically use the `cluster-ncm-provider` Provider. Both of these Providers
-have a default configuration in the _authority-providers.xml_ file but are commented out.
-
-When using the `cluster-node-provider` Provider, all of the authorization is provided by the Cluster Manager. In this
-way, the configuration only has to be maintained in one place and will be consistent across the entire cluster.
-
-When configuring the Cluster Manager or a standalone node, it is necessary to manually designate an ADMIN user
-in the _authorized-users.xml_ file, which is located in the root installation's conf directory.
-After this ADMIN user has been added, s/he may grant access
-to other users, systems, and other instances of NiFi, through the User Interface (UI) without having to manually edit the _authorized-users.xml_
-file. If you are the administrator, you would add yourself as the ADMIN user in this file.
-
-Open the _authorized-users.xml_ file in a text editor. You will notice that it includes a template
-to guide you, with example entries that are commented out.
-
-It is only necessary to manually add one user, the ADMIN user, to this file.
-So, at a minimum, the following example entry should be included and contain the user Distinguished Name (DN)
-in place of "user dn - read only and admin":
-
-----
-<users>
- <user dn="[user dn - read only and admin]">
- <role name="ROLE_ADMIN"/>
- </user>
-</users>
-----
-
-Here is an LDAP example entry using the name John Smith:
-
-----
-<users>
- <user dn="cn=John Smith,ou=people,dc=example,dc=com">
- <role name="ROLE_ADMIN"/>
- </user>
-</users>
-----
-
-Here is a Kerberos example entry using the name John Smith and realm `NIFI.APACHE.ORG`:
-
-----
-<users>
- <user dn="johnsmith@NIFI.APACHE.ORG">
- <role name="ROLE_ADMIN"/>
- </user>
-</users>
-----
-
-After the _authorized-users.xml_ file has been edited and saved, restart NiFi.
-Once the application starts, the ADMIN user is
-able to access the UI at the HTTPS URL that is configured in the _nifi.properties_ file.
-
-From the UI, click on the Users icon ( image:iconUsers.png["Users", width=32] ) in the
-Management Toolbar (upper-right corner of the UI), and the User Management Page opens.
-
-The ADMIN user should be listed. Click on the pencil icon to see this user's role(s). You may edit the
-roles by selecting the appropriate checkboxes.
-
-The following roles are available in NiFi:
-
-[options="header,footer"]
-|========================================================================================================
-| Role Name | Description
-| Administrator | Administrator is able to configure thread pool sizes and user accounts as well as
- purge the dataflow change history.
-| Data Flow Manager | Data Flow Manager is given the ability to manipulate the dataflow. S/he is able to
- add, remove, and manipulate components on the graph; add, remove, and manipulate
- Controller Services and Reporting Tasks; create and manage templates;
- view statistics; and view the bulletin board.
-| Read Only | Users with Read Only access are able to view the dataflow but are unable to change anything.
-| Provenance | Users with Provenance access are able to query the Data Provenance repository and view
- the lineage of data. Additionally, this role provides the ability to view or download
- the content of a FlowFile from a Provenance event (assuming that the content is still
- available in the Content Repository and that the Authority Provider also grants access).
- This access is not provided to users with Read Only
- (unless the user has both Read Only and Provenance roles) because the information provided
- to users with this role can potentially be very sensitive in nature, as all FlowFile attributes
- and data are exposed. In order to Replay a Provenance event, a user is required to have both
- the Provenance role as well as the Data Flow Manager role.
-| NiFi | The NiFi Role is intended to be assigned to machines that will interact with an instance of NiFi
- via Site-to-Site. This role provides the ability to send data to or retrieve data from Root
- Group Ports (but only those that they are given permissions to interact with - see the User Guide
- for more information on providing access to specific Ports) as well as obtain information about
- which Ports exist. Note that this role allows the client to know only about the Ports that it
- has permissions to interact with.
-| Proxy | The Proxy Role is assigned to a system in order to grant that system permission to make requests
- on behalf of a user. For instance, if an HTTP proxy service is used to gain access to the system,
- the certificate being used by that service can be given the Proxy Role.
-|========================================================================================================
-
-
-When users want access to the NiFi UI, they navigate to the configured URL and are
-prompted to request access. When someone has requested access, the ADMIN user sees a star
-on the Users icon in the Management Toolbar, alerting the ADMIN to the fact that a request is
-pending. Upon opening the User Management Page, the pending request is visible, and the ADMIN
-can grant access and click on the pencil icon to set the user's roles appropriately.
-
-The ADMIN may also select multiple users and add them to a "Group". Hold down the Shift key and select
-multiple users, then click the `Group` button in the upper-right corner of the User Management Page.
-Then, provide a name for the group.
-
-The group feature is especially useful when a remote NiFi cluster is connecting to this NiFi using
-a Remote Process Group. In that scenario, all the nodes
-in the remote cluster can be included in the same group. When the ADMIN wants to grant port access to the remote
-cluster, s/he can grant it to the group and avoid having to grant it individually to each node in the cluster.
-
[[encryption]]
Encryption Configuration
------------------------
@@ -1454,15 +1330,8 @@ Security Configuration section of this Administrator's Guide.
|nifi.security.truststoreType|The truststore type. It is blank by default.
|nifi.security.truststorePasswd|The truststore password. It is blank by default.
|nifi.security.needClientAuth|This indicates whether client authentication in the cluster protocol. It is blank by default.
-|nifi.security.user.credential.cache.duration|The length of time to cache user credentials. The default value is 24 hours.
-|nifi.security.user.authority.provider|This indicates what type of authority provider to use. The default value is file-provider, which refers to the file
-configured in the core property `nifi.authority.provider.configuration.file`. Another authority provider may be used, such as when the NiFi instance is part of a cluster. But the default value of file-provider is fine for a standalone instance of NiFi.
|nifi.security.user.login.identity.provider|This indicates what type of login identity provider to use. The default value is blank, can be set to the identifier from a provider
in the file specified in `nifi.login.identity.provider.configuration.file`. Setting this property will trigger NiFi to support username/password authentication.
-|nifi.security.support.new.account.requests|This indicates whether a secure NiFi is configured to allow users to request access. It is blank by default.
-|nifi.security.anonymous.authorities|This indicates what roles to grant to anonymous users accessing NiFi over HTTPS. It is blank by default, but could be
-set to any combination of ROLE_MONITOR, ROLE_DFM, ROLE_ADMIN, ROLE_PROVENANCE, ROLE_NIFI. Leaving this property blank will require that users accessing NiFi
-over HTTPS be authenticated either using a client certificate or their credentials against the configured log identity provider.
|nifi.security.ocsp.responder.url|This is the URL for the Online Certificate Status Protocol (OCSP) responder if one is being used. It is blank by default.
|nifi.security.ocsp.responder.certificate|This is the location of the OCSP responder certificate if one is being used. It is blank by default.
|====
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
index 672a3ee..478ffaf 100644
--- a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
+++ b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
@@ -26,7 +26,7 @@ import com.datastax.driver.core.Session;
import org.apache.avro.Schema;
import org.apache.avro.SchemaBuilder;
import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.ValidationContext;
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java
index 1f62997..19e2320 100644
--- a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java
+++ b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java
@@ -22,7 +22,7 @@ import com.datastax.driver.core.DataType;
import com.datastax.driver.core.Metadata;
import com.datastax.driver.core.Row;
import com.google.common.collect.Sets;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
[02/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-label-configuration.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-label-configuration.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-label-configuration.js
index c308469..6e9ee36 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-label-configuration.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-label-configuration.js
@@ -19,7 +19,7 @@
nf.LabelConfiguration = (function () {
- var labelUri = '';
+ var labelId = '';
return {
/**
@@ -33,23 +33,32 @@ nf.LabelConfiguration = (function () {
buttonText: 'Apply',
handler: {
click: function () {
- var revision = nf.Client.getRevision();
+ // get the label data
+ var labelData = d3.select('#id-' + labelId).datum();
// get the new values
var labelValue = $('#label-value').val();
var fontSize = $('#label-font-size').combo('getSelectedOption');
+ // build the label entity
+ var labelEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'label': {
+ 'id': labelId,
+ 'label': labelValue,
+ 'style': {
+ 'font-size': fontSize.value
+ }
+ }
+ };
+
// save the new label value
$.ajax({
type: 'PUT',
- url: labelUri,
- data: {
- 'version': revision.version,
- 'clientId': revision.clientId,
- 'label': labelValue,
- 'style[font-size]': fontSize.value
- },
- dataType: 'json'
+ url: labelData.component.uri,
+ data: JSON.stringify(labelEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
// update the revision
nf.Client.setRevision(response.revision);
@@ -72,7 +81,7 @@ nf.LabelConfiguration = (function () {
}],
handler: {
close: function () {
- labelUri = '';
+ labelId = '';
}
}
}).draggable({
@@ -130,7 +139,7 @@ nf.LabelConfiguration = (function () {
}
// store the label uri
- labelUri = selectionData.component.uri;
+ labelId = selectionData.component.id;
// populate the dialog
$('#label-value').val(labelValue);
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-label.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-label.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-label.js
index 69a4758..5629bbb 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-label.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-label.js
@@ -526,6 +526,13 @@ nf.Label = (function () {
set(labels);
}
},
+
+ /**
+ * Returns the entity key when marshalling an entity of this type.
+ */
+ getEntityKey: function (d) {
+ return 'label';
+ },
/**
* Removes the specified label.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-port-configuration.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-port-configuration.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-port-configuration.js
index 0939b3a..41278b8 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-port-configuration.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-port-configuration.js
@@ -30,37 +30,44 @@ nf.PortConfiguration = (function () {
buttonText: 'Apply',
handler: {
click: function () {
- var revision = nf.Client.getRevision();
-
// get the port data to reference the uri
var portId = $('#port-id').text();
var portData = d3.select('#id-' + portId).datum();
- var data = {
- version: revision.version,
- clientId: revision.clientId,
- name: $('#port-name').val(),
- comments: $('#port-comments').val()
+ // build the updated port
+ var port = {
+ 'id': portId,
+ 'name': $('#port-name').val(),
+ 'comments': $('#port-comments').val()
};
// include the concurrent tasks if appropriate
if ($('#port-concurrent-task-container').is(':visible')) {
- data['concurrentlySchedulableTaskCount'] = $('#port-concurrent-tasks').val();
+ port['concurrentlySchedulableTaskCount'] = $('#port-concurrent-tasks').val();
}
// mark the processor disabled if appropriate
if ($('#port-enabled').hasClass('checkbox-unchecked')) {
- data['state'] = 'DISABLED';
+ port['state'] = 'DISABLED';
} else if ($('#port-enabled').hasClass('checkbox-checked')) {
- data['state'] = 'STOPPED';
+ port['state'] = 'STOPPED';
}
+
+ // build the port entity
+ var portEntity = {
+ 'revision': nf.Client.getRevision()
+ };
+ // use bracket notation to set the key based on the type
+ portEntity[nf[portData.type].getEntityKey(portData)] = port;
+
// update the selected component
$.ajax({
type: 'PUT',
- data: data,
+ data: JSON.stringify(portEntity),
url: portData.component.uri,
- dataType: 'json'
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
// update the revision
nf.Client.setRevision(response.revision);
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-port.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-port.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-port.js
index e0ff75d..7b69c8b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-port.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-port.js
@@ -606,7 +606,14 @@ nf.Port = (function () {
// update the visible ports
d3.selectAll('g.input-port.visible, g.output-port.visible').call(updatePortStatus);
},
-
+
+ /**
+ * Returns the entity key when marshalling an entity of this type.
+ */
+ getEntityKey: function (d) {
+ return d.component.type === 'INPUT_PORT' ? 'inputPort' : 'outputPort';
+ },
+
/**
* Removes the specified port.
*
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-process-group-configuration.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-process-group-configuration.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-process-group-configuration.js
index fb22411..b72deb2 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-process-group-configuration.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-process-group-configuration.js
@@ -34,17 +34,23 @@ nf.ProcessGroupConfiguration = (function () {
var processGroupId = $('#process-group-id').text();
var processGroupData = d3.select('#id-' + processGroupId).datum();
+ // build the entity
+ var entity = {
+ 'revision': nf.Client.getRevision(),
+ 'processGroup': {
+ 'id': processGroupId,
+ 'name': $('#process-group-name').val(),
+ 'comments': $('#process-group-comments').val()
+ }
+ };
+
// update the selected component
$.ajax({
type: 'PUT',
- data: {
- version: revision.version,
- clientId: revision.clientId,
- name: $('#process-group-name').val(),
- comments: $('#process-group-comments').val()
- },
+ data: JSON.stringify(entity),
url: processGroupData.component.uri,
- dataType: 'json'
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
if (nf.Common.isDefinedAndNotNull(response.processGroup)) {
// update the revision
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-process-group.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-process-group.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-process-group.js
index 32ba3af..bde0f41 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-process-group.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-process-group.js
@@ -1038,6 +1038,13 @@ nf.ProcessGroup = (function () {
// update the visible process groups
d3.selectAll('g.process-group.visible').call(updateProcessGroupStatus);
},
+
+ /**
+ * Returns the entity key when marshalling an entity of this type.
+ */
+ getEntityKey: function (d) {
+ return 'processGroup';
+ },
/**
* Removes the specified process group.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-processor-configuration.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-processor-configuration.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-processor-configuration.js
index 2bbb813..1271480 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-processor-configuration.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-processor-configuration.js
@@ -580,7 +580,7 @@ nf.ProcessorConfiguration = (function () {
// get the processor history
requests.push($.ajax({
type: 'GET',
- url: '../nifi-api/controller/history/processors/' + encodeURIComponent(processor.id),
+ url: '../nifi-api/history/processors/' + encodeURIComponent(processor.id),
dataType: 'json'
}));
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-processor.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-processor.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-processor.js
index 4b4a1ef..e46b462 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-processor.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-processor.js
@@ -823,6 +823,13 @@ nf.Processor = (function () {
// update the visible processor status
d3.selectAll('g.processor.visible').call(updateProcessorStatus);
},
+
+ /**
+ * Returns the entity key when marshalling an entity of this type.
+ */
+ getEntityKey: function (d) {
+ return 'processor';
+ },
/**
* Returns the default color that should be used when drawing a processor.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-queue-listing.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-queue-listing.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-queue-listing.js
index 76d368e..8912662 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-queue-listing.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-queue-listing.js
@@ -381,7 +381,8 @@ nf.QueueListing = (function () {
$.ajax({
type: 'POST',
url: connection.component.uri + '/listing-requests',
- dataType: 'json'
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function(response) {
// initialize the progress bar value
updateProgress(0);
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group-configuration.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group-configuration.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group-configuration.js
index d0d5e3c..738b5b0 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group-configuration.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group-configuration.js
@@ -46,7 +46,6 @@ nf.RemoteProcessGroupConfiguration = (function () {
data: JSON.stringify(remoteProcessGroupEntity),
url: remoteProcessGroupData.component.uri,
dataType: 'json',
- processData: false,
contentType: 'application/json'
}).done(function (response) {
// update the revision
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group-ports.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group-ports.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group-ports.js
index db41bf1..ef51f46 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group-ports.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group-ports.js
@@ -60,7 +60,6 @@ nf.RemoteProcessGroupPorts = (function () {
data: JSON.stringify(remoteProcessGroupPortEntity),
url: remoteProcessGroupData.component.uri + portContextPath + encodeURIComponent(remotePortId),
dataType: 'json',
- processData: false,
contentType: 'application/json'
}).done(function (response) {
// update the revision
@@ -279,7 +278,6 @@ nf.RemoteProcessGroupPorts = (function () {
data: JSON.stringify(remoteProcessGroupPortEntity),
url: remoteProcessGroupData.component.uri + portContextPath + encodeURIComponent(port.id),
dataType: 'json',
- processData: false,
contentType: 'application/json'
}).done(function (response) {
// update the revision
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group.js
index 3084843..dd7454b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-remote-process-group.js
@@ -1038,6 +1038,13 @@ nf.RemoteProcessGroup = (function () {
// only update the visible components
d3.selectAll('g.remote-process-group.visible').call(updateProcessGroupStatus);
},
+
+ /**
+ * Returns the entity key when marshalling an entity of this type.
+ */
+ getEntityKey: function (d) {
+ return 'remoteProcessGroup';
+ },
/**
* Removes the specified process group.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-reporting-task.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-reporting-task.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-reporting-task.js
index 1656185..3cd266e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-reporting-task.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-reporting-task.js
@@ -189,16 +189,20 @@ nf.ReportingTask = (function () {
* @param {boolean} running
*/
var setRunning = function (reportingTask, running) {
- var revision = nf.Client.getRevision();
+ var entity = {
+ 'revision': nf.Client.getRevision(),
+ 'reportingTask': {
+ 'id': reportingTask.id,
+ 'state': running === true ? 'RUNNING' : 'STOPPED'
+ }
+ };
+
return $.ajax({
type: 'PUT',
url: reportingTask.uri,
- data: {
- clientId: revision.clientId,
- version: revision.version,
- state: running === true ? 'RUNNING' : 'STOPPED'
- },
- dataType: 'json'
+ data: JSON.stringify(entity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
// update the revision
nf.Client.setRevision(response.revision);
@@ -258,7 +262,6 @@ nf.ReportingTask = (function () {
data: JSON.stringify(updatedReportingTask),
url: reportingTask.uri,
dataType: 'json',
- processData: false,
contentType: 'application/json'
}).done(function (response) {
if (nf.Common.isDefinedAndNotNull(response.reportingTask)) {
@@ -395,7 +398,7 @@ nf.ReportingTask = (function () {
// get the reporting task history
var loadHistory = $.ajax({
type: 'GET',
- url: '../nifi-api/controller/history/reporting-tasks/' + encodeURIComponent(reportingTask.id),
+ url: '../nifi-api/history/reporting-tasks/' + encodeURIComponent(reportingTask.id),
dataType: 'json'
});
@@ -589,7 +592,7 @@ nf.ReportingTask = (function () {
// get the reporting task history
var loadHistory = $.ajax({
type: 'GET',
- url: '../nifi-api/controller/history/reporting-tasks/' + encodeURIComponent(reportingTask.id),
+ url: '../nifi-api/history/reporting-tasks/' + encodeURIComponent(reportingTask.id),
dataType: 'json'
});
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-secure-port-configuration.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-secure-port-configuration.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-secure-port-configuration.js
deleted file mode 100644
index 7c119c8..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-secure-port-configuration.js
+++ /dev/null
@@ -1,384 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-nf.SecurePortConfiguration = (function () {
-
- var portUri = '';
-
- var config = {
- search: 'User DNs, groups, etc'
- };
-
- /**
- * Initializes the port dialog.
- */
- var initPortConfigurationDialog = function () {
- // initialize the properties tabs
- $('#secure-port-configuration-tabs').tabbs({
- tabStyle: 'tab',
- selectedTabStyle: 'selected-tab',
- tabs: [{
- name: 'Settings',
- tabContentId: 'secure-port-settings-tab-content'
- }, {
- name: 'Access Control',
- tabContentId: 'secure-port-access-control-tab-content'
- }]
- });
-
- // initialize the dialog
- $('#secure-port-configuration').modal({
- headerText: 'Configure Secure Port',
- overlayBackground: true,
- buttons: [{
- buttonText: 'Apply',
- handler: {
- click: function () {
- var portId = $('#secure-port-id').text();
- var portType = $('#secure-port-type').text();
-
- var portDto = {};
- portDto['id'] = portId;
- portDto['name'] = $('#secure-port-name').val();
- portDto['comments'] = $('#secure-port-comments').val();
- portDto['groupAccessControl'] = getAllowedGroups();
- portDto['userAccessControl'] = getAllowedUsers();
-
- // include the concurrent tasks if appropriate
- if ($('#secure-port-concurrent-task-container').is(':visible')) {
- portDto['concurrentlySchedulableTaskCount'] = $('#secure-port-concurrent-tasks').val();
- }
-
- // mark the processor disabled if appropriate
- if ($('#secure-port-enabled').hasClass('checkbox-unchecked')) {
- portDto['state'] = 'DISABLED';
- } else if ($('#secure-port-enabled').hasClass('checkbox-checked')) {
- portDto['state'] = 'STOPPED';
- }
-
- var portEntity = {};
- portEntity['revision'] = nf.Client.getRevision();
- portEntity[portType] = portDto;
-
- // update the selected component
- $.ajax({
- type: 'PUT',
- data: JSON.stringify(portEntity),
- contentType: 'application/json',
- url: portUri,
- dataType: 'json'
- }).done(function (response) {
- // update the revision
- nf.Client.setRevision(response.revision);
-
- var port;
- if (nf.Common.isDefinedAndNotNull(response.inputPort)) {
- port = response.inputPort;
- } else {
- port = response.outputPort;
- }
-
- // refresh the port component
- nf.Port.set(port);
-
- // close the details panel
- $('#secure-port-configuration').modal('hide');
- }).fail(function (xhr, status, error) {
- // close the details panel
- $('#secure-port-configuration').modal('hide');
-
- // handle the error
- nf.Common.handleAjaxError(xhr, status, error);
- });
- }
- }
- }, {
- buttonText: 'Cancel',
- handler: {
- click: function () {
- $('#secure-port-configuration').modal('hide');
- }
- }
- }],
- handler: {
- close: function () {
- portUri = '';
-
- // clear the port details
- $('#secure-port-id').text('');
- $('#secure-port-type').text('');
- $('#secure-port-name').val('');
- $('#secure-port-enabled').removeClass('checkbox-unchecked checkbox-checked');
- $('#secure-port-concurrent-tasks').val('');
- $('#secure-port-comments').val('');
- $('#allowed-users').empty();
- $('#allowed-groups').empty();
- }
- }
- }).draggable({
- containment: 'parent',
- handle: '.dialog-header'
- });
-
- // listen for removal requests
- $(document).on('click', 'div.remove-allowed-entity', function () {
- $(this).closest('li').remove();
- $(this).closest('ul').sortable('refresh');
- });
-
- // initialize the access control auto complete
- $.widget('nf.userSearchAutocomplete', $.ui.autocomplete, {
- _normalize: function(searchResults) {
- var items = [];
- items.push(searchResults);
- return items;
- },
- _resizeMenu: function () {
- var ul = this.menu.element;
- ul.width(700);
- },
- _renderMenu: function (ul, items) {
- var self = this;
-
- // results are normalized into an array
- var results = items[0];
-
- // show all groups not currently selected
- if (!nf.Common.isEmpty(results.userGroupResults)) {
- var allowedGroups = getAllowedGroups();
- var groupHeaderAdded = false;
-
- // go through each group result
- $.each(results.userGroupResults, function (i, groupMatch) {
-
- // see if this match is not already selected
- if ($.inArray(groupMatch.group, allowedGroups) === -1) {
-
- // only add the header for the first non selected matching group
- if (!groupHeaderAdded) {
- ul.append('<li class="search-users-header">Groups</li>');
- groupHeaderAdded = true;
- }
-
- // add the group match
- self._renderGroupItem(ul, groupMatch);
- }
- });
- }
-
- // show all users not currently selected
- if (!nf.Common.isEmpty(results.userResults)) {
- var allowedUsers = getAllowedUsers();
- var userHeaderAdded = false;
-
- // go through each user result
- $.each(results.userResults, function (i, userMatch) {
-
- // see if this match is not already selected
- if ($.inArray(userMatch.userDn, allowedUsers) === -1) {
-
- // only add the header for the first non selected matching user
- if (!userHeaderAdded) {
- ul.append('<li class="search-users-header">Users</li>');
- userHeaderAdded = true;
- }
-
- // add the user match
- self._renderUserItem(ul, userMatch);
- }
- });
- }
-
- // ensure there were some results
- if (ul.children().length === 0) {
- ul.append('<li class="unset search-users-no-matches">No users or groups match</li>');
- }
- },
- _renderGroupItem: function (ul, groupMatch) {
- var groupContent = $('<a></a>').append($('<div class="search-users-match-header"></div>').text(groupMatch.group));
- return $('<li></li>').data('ui-autocomplete-item', groupMatch).append(groupContent).appendTo(ul);
- },
- _renderUserItem: function (ul, userMatch) {
- var userContent = $('<a></a>').append($('<div class="search-users-match-header"></div>').text(userMatch.userDn));
- return $('<li></li>').data('ui-autocomplete-item', userMatch).append(userContent).appendTo(ul);
- }
- });
-
- // configure the autocomplete field
- $('#secure-port-access-control').userSearchAutocomplete({
- minLength: 0,
- appendTo: '#search-users-results',
- position: {
- my: 'left top',
- at: 'left bottom',
- offset: '0 1'
- },
- source: function (request, response) {
- // create the search request
- $.ajax({
- type: 'GET',
- data: {
- q: request.term
- },
- dataType: 'json',
- url: '../nifi-api/controller/users/search-results'
- }).done(function (searchResponse) {
- response(searchResponse);
- });
- },
- select: function (event, ui) {
- var item = ui.item;
-
- // add the item appropriately
- if (nf.Common.isDefinedAndNotNull(item.group)) {
- addAllowedGroup(item.group);
- } else {
- addAllowedUser(item.userDn);
- }
-
- // blur the search field
- $(this).blur();
-
- // stop event propagation
- return false;
- }
- }).focus(function () {
- // conditionally clear the text for the user to type
- if ($(this).val() === config.search) {
- $(this).val('').removeClass('search-users');
- }
- }).blur(function () {
- $(this).val(config.search).addClass('search-users');
- }).val(config.search).addClass('search-users');
- };
-
- /**
- * Adds the specified user to the list of allowed users.
- *
- * @argument {string} allowedUser The allowed user dn
- */
- var addAllowedUser = function (allowedUser) {
- var allowedUsers = $('#allowed-users');
-
- // append the user
- var user = $('<span></span>').addClass('allowed-entity ellipsis').text(allowedUser).ellipsis();
- var userAction = $('<div></div>').addClass('remove-allowed-entity');
- $('<li></li>').data('user', allowedUser).append(user).append(userAction).appendTo(allowedUsers);
- };
-
- /**
- * Adds the specified group to the list of allowed groups.
- *
- * @argument {string} allowedGroup The allowed group name
- */
- var addAllowedGroup = function (allowedGroup) {
- var allowedGroups = $('#allowed-groups');
-
- // append the group
- var group = $('<span></span>').addClass('allowed-entity ellipsis').text(allowedGroup).ellipsis();
- var groupAction = $('<div></div>').addClass('remove-allowed-entity');
- $('<li></li>').data('group', allowedGroup).append(group).append(groupAction).appendTo(allowedGroups);
- };
-
- /**
- * Gets the currently selected allowed users.
- */
- var getAllowedUsers = function () {
- var allowedUsers = [];
- $('#allowed-users').children('li').each(function (_, allowedUser) {
- var user = $(allowedUser).data('user');
- if (nf.Common.isDefinedAndNotNull(user)) {
- allowedUsers.push(user);
- }
- });
- return allowedUsers;
- };
-
- /**
- * Gets the currently selected allowed groups.
- */
- var getAllowedGroups = function () {
- var allowedGroups = [];
- $('#allowed-groups').children('li').each(function (_, allowedGroup) {
- var group = $(allowedGroup).data('group');
- if (nf.Common.isDefinedAndNotNull(group)) {
- allowedGroups.push(group);
- }
- });
- return allowedGroups;
- };
-
- return {
- init: function () {
- initPortConfigurationDialog();
- },
-
- /**
- * Shows the details for the port specified selection.
- *
- * @argument {selection} selection The selection
- */
- showConfiguration: function (selection) {
- // if the specified component is a port, load its properties
- if (nf.CanvasUtils.isInputPort(selection) || nf.CanvasUtils.isOutputPort(selection)) {
- var selectionData = selection.datum();
-
- // determine the port type
- if (selectionData.component.type === 'INPUT_PORT') {
- $('#secure-port-type').text('inputPort');
- } else {
- $('#secure-port-type').text('outputPort');
- }
-
- // store the uri
- portUri = selectionData.component.uri;
-
- // show concurrent tasks for root groups only
- if (nf.Canvas.getParentGroupId() === null) {
- $('#secure-port-concurrent-task-container').show();
- } else {
- $('#secure-port-concurrent-task-container').hide();
- }
-
- // determine if the enabled checkbox is checked or not
- var portEnableStyle = 'checkbox-checked';
- if (selectionData.component.state === 'DISABLED') {
- portEnableStyle = 'checkbox-unchecked';
- }
-
- // populate the port settings
- $('#secure-port-id').text(selectionData.component.id);
- $('#secure-port-name').val(selectionData.component.name);
- $('#secure-port-enabled').removeClass('checkbox-unchecked checkbox-checked').addClass(portEnableStyle);
- $('#secure-port-concurrent-tasks').val(selectionData.component.concurrentlySchedulableTaskCount);
- $('#secure-port-comments').val(selectionData.component.comments);
-
- // add allowed users
- $.each(selectionData.component.userAccessControl, function (_, allowedUser) {
- addAllowedUser(allowedUser);
- });
-
- // add allowed groups
- $.each(selectionData.component.groupAccessControl, function (_, allowedGroup) {
- addAllowedGroup(allowedGroup);
- });
-
- // show the details
- $('#secure-port-configuration').modal('show');
- }
- }
- };
-}());
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-secure-port-details.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-secure-port-details.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-secure-port-details.js
deleted file mode 100644
index 63afac0..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-secure-port-details.js
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-/* global nf */
-
-nf.SecurePortDetails = (function () {
-
- /**
- * Adds the specified user to the list of allowed users.
- *
- * @argument {string} allowedUser The allowed user dn
- */
- var addAllowedUser = function (allowedUser) {
- var allowedUsers = $('#read-only-allowed-users');
-
- // append the user
- var user = $('<span></span>').addClass('allowed-entity ellipsis').text(allowedUser).ellipsis();
- $('<li></li>').data('user', allowedUser).append(user).appendTo(allowedUsers);
- };
-
- /**
- * Adds the specified group to the list of allowed groups.
- *
- * @argument {string} allowedGroup The allowed group name
- */
- var addAllowedGroup = function (allowedGroup) {
- var allowedGroups = $('#read-only-allowed-groups');
-
- // append the group
- var group = $('<span></span>').addClass('allowed-entity ellipsis').text(allowedGroup).ellipsis();
- $('<li></li>').data('group', allowedGroup).append(group).appendTo(allowedGroups);
- };
-
- return {
- init: function () {
- // initialize the properties tabs
- $('#secure-port-details-tabs').tabbs({
- tabStyle: 'tab',
- selectedTabStyle: 'selected-tab',
- tabs: [{
- name: 'Settings',
- tabContentId: 'read-only-secure-port-settings-tab-content'
- }, {
- name: 'Access Control',
- tabContentId: 'read-only-secure-port-access-control-tab-content'
- }]
- });
-
- // configure the processor details dialog
- $('#secure-port-details').modal({
- headerText: 'Secure Port Details',
- overlayBackground: true,
- buttons: [{
- buttonText: 'Ok',
- handler: {
- click: function () {
- // hide the dialog
- $('#secure-port-details').modal('hide');
- }
- }
- }],
- handler: {
- close: function () {
- // clear the processor details
- nf.Common.clearField('read-only-secure-port-name');
- nf.Common.clearField('read-only-secure-port-id');
- nf.Common.clearField('read-only-secure-port-comments');
- nf.Common.clearField('read-only-secure-port-concurrent-tasks');
-
- // clear the access control
- $('#read-only-allowed-users').empty();
- $('#read-only-allowed-groups').empty();
- }
- }
- }).draggable({
- containment: 'parent',
- handle: '.dialog-header'
- });
- },
-
- showDetails: function (selection) {
- // if the specified component is a port, load its properties
- if (nf.CanvasUtils.isInputPort(selection) || nf.CanvasUtils.isOutputPort(selection)) {
- var selectionData = selection.datum();
-
- // populate the port settings
- nf.Common.populateField('read-only-secure-port-name', selectionData.component.name);
- nf.Common.populateField('read-only-secure-port-id', selectionData.component.id);
- nf.Common.populateField('read-only-secure-port-concurrent-tasks', selectionData.component.concurrentlySchedulableTaskCount);
- nf.Common.populateField('read-only-secure-port-comments', selectionData.component.comments);
-
- // add allowed users
- $.each(selectionData.component.userAccessControl, function (_, allowedUser) {
- addAllowedUser(allowedUser);
- });
-
- // add allowed groups
- $.each(selectionData.component.groupAccessControl, function (_, allowedGroup) {
- addAllowedGroup(allowedGroup);
- });
-
- // show the details
- $('#secure-port-details').modal('show');
- }
- }
- };
-}());
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js
index 92e830b..a4e627e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-settings.js
@@ -30,9 +30,9 @@ nf.Settings = (function () {
controllerConfig: '../nifi-api/controller/config',
controllerArchive: '../nifi-api/controller/archive',
controllerServiceTypes: '../nifi-api/controller/controller-service-types',
- controllerServices: '../nifi-api/controller/controller-services',
+ controllerServices: '../nifi-api/controller-services',
reportingTaskTypes: '../nifi-api/controller/reporting-task-types',
- reportingTasks: '../nifi-api/controller/reporting-tasks'
+ reportingTasks: '../nifi-api/reporting-tasks'
}
};
@@ -297,8 +297,6 @@ nf.Settings = (function () {
* @param {string} controllerServiceType
*/
var addControllerService = function (controllerServiceType) {
- var revision = nf.Client.getRevision();
-
// get the desired availability
var availability;
if (nf.Canvas.isClustered()) {
@@ -306,17 +304,22 @@ nf.Settings = (function () {
} else {
availability = config.node;
}
+
+ // build the controller service entity
+ var controllerServiceEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'controllerService': {
+ 'type': controllerServiceType
+ }
+ };
// add the new controller service
var addService = $.ajax({
type: 'POST',
url: config.urls.controllerServices + '/' + encodeURIComponent(availability),
- data: {
- version: revision.version,
- clientId: revision.clientId,
- type: controllerServiceType
- },
- dataType: 'json'
+ data: JSON.stringify(controllerServiceEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
// update the revision
nf.Client.setRevision(response.revision);
@@ -1030,8 +1033,6 @@ nf.Settings = (function () {
* @param {string} reportingTaskType
*/
var addReportingTask = function (reportingTaskType) {
- var revision = nf.Client.getRevision();
-
// get the desired availability
var availability;
if (nf.Canvas.isClustered()) {
@@ -1039,17 +1040,22 @@ nf.Settings = (function () {
} else {
availability = config.node;
}
+
+ // build the reporting task entity
+ var reportingTaskEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'reportingTask': {
+ 'type': reportingTaskType
+ }
+ };
// add the new reporting task
var addTask = $.ajax({
type: 'POST',
url: config.urls.reportingTasks + '/' + encodeURIComponent(availability),
- data: {
- version: revision.version,
- clientId: revision.clientId,
- type: reportingTaskType
- },
- dataType: 'json'
+ data: JSON.stringify(reportingTaskEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
// update the revision
nf.Client.setRevision(response.revision);
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-snippet.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-snippet.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-snippet.js
index e2e958c..750b36b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-snippet.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-snippet.js
@@ -22,7 +22,7 @@ nf.Snippet = (function () {
var config = {
urls: {
snippets: '../nifi-api/controller/snippets',
- processGroups: '../nifi-api/controller/process-groups'
+ processGroups: '../nifi-api/process-groups'
}
};
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-model.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-model.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-model.js
index 48194b5..695912c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-model.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-model.js
@@ -123,7 +123,7 @@
// perform query...
var xhr = $.ajax({
type: 'GET',
- url: '../nifi-api/controller/history',
+ url: '../nifi-api/history',
data: query,
dataType: 'json'
}).done(function (response) {
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-table.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-table.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-table.js
index 1938d85..3ffaae4 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-table.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/history/nf-history-table.js
@@ -31,7 +31,7 @@ nf.HistoryTable = (function () {
hidden: 'hidden'
},
urls: {
- history: '../nifi-api/controller/history'
+ history: '../nifi-api/history'
}
};
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-connection-details.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-connection-details.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-connection-details.js
index 409e811..f9702ef 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-connection-details.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-connection-details.js
@@ -48,7 +48,7 @@ nf.ConnectionDetails = (function () {
var initializeSourceProcessor = function (groupId, groupName, source) {
return $.ajax({
type: 'GET',
- url: '../nifi-api/controller/process-groups/' + encodeURIComponent(groupId) + '/processors/' + encodeURIComponent(source.id),
+ url: '../nifi-api/processors/' + encodeURIComponent(source.id),
dataType: 'json'
}).done(function (response) {
var processor = response.processor;
@@ -88,7 +88,7 @@ nf.ConnectionDetails = (function () {
var initializeRemoteSourcePort = function (groupId, groupName, source) {
return $.ajax({
type: 'GET',
- url: '../nifi-api/controller/process-groups/' + encodeURIComponent(groupId) + '/remote-process-groups/' + encodeURIComponent(source.groupId),
+ url: '../nifi-api/remote-process-groups/' + encodeURIComponent(source.groupId),
data: {
verbose: true
},
@@ -122,7 +122,7 @@ nf.ConnectionDetails = (function () {
} else {
$.ajax({
type: 'GET',
- url: '../nifi-api/controller/process-groups/' + encodeURIComponent(source.groupId),
+ url: '../nifi-api/process-groups/' + encodeURIComponent(source.groupId),
data: {
verbose: true
},
@@ -173,7 +173,7 @@ nf.ConnectionDetails = (function () {
return $.Deferred(function (deferred) {
$.ajax({
type: 'GET',
- url: '../nifi-api/controller/process-groups/' + encodeURIComponent(groupId) + '/processors/' + encodeURIComponent(destination.id),
+ url: '../nifi-api/processors/' + encodeURIComponent(destination.id),
dataType: 'json'
}).done(function (response) {
var processor = response.processor;
@@ -218,7 +218,7 @@ nf.ConnectionDetails = (function () {
var initializeDestinationRemotePort = function (groupId, groupName, destination) {
return $.ajax({
type: 'GET',
- url: '../nifi-api/controller/process-groups/' + encodeURIComponent(groupId) + '/remote-process-groups/' + encodeURIComponent(destination.groupId),
+ url: '../nifi-api/remote-process-groups/' + encodeURIComponent(destination.groupId),
data: {
verbose: true
},
@@ -252,7 +252,7 @@ nf.ConnectionDetails = (function () {
} else {
$.ajax({
type: 'GET',
- url: '../nifi-api/controller/process-groups/' + encodeURIComponent(destination.groupId),
+ url: '../nifi-api/process-groups/' + encodeURIComponent(destination.groupId),
data: {
verbose: true
},
@@ -367,14 +367,14 @@ nf.ConnectionDetails = (function () {
// get the group details
var groupXhr = $.ajax({
type: 'GET',
- url: '../nifi-api/controller/process-groups/' + encodeURIComponent(groupId),
+ url: '../nifi-api/process-groups/' + encodeURIComponent(groupId),
dataType: 'json'
});
// get the connection details
var connectionXhr = $.ajax({
type: 'GET',
- url: '../nifi-api/controller/process-groups/' + encodeURIComponent(groupId) + '/connections/' + encodeURIComponent(connectionId),
+ url: '../nifi-api/connections/' + encodeURIComponent(connectionId),
dataType: 'json'
});
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-processor-details.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-processor-details.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-processor-details.js
index 533e7be..29579dd 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-processor-details.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-processor-details.js
@@ -140,7 +140,7 @@ nf.ProcessorDetails = (function () {
// load the properties for the specified processor
var getProcessor = $.ajax({
type: 'GET',
- url: '../nifi-api/controller/process-groups/' + encodeURIComponent(groupId) + '/processors/' + encodeURIComponent(processorId),
+ url: '../nifi-api/processors/' + encodeURIComponent(processorId),
dataType: 'json'
}).done(function (response) {
if (nf.Common.isDefinedAndNotNull(response.processor)) {
@@ -199,7 +199,7 @@ nf.ProcessorDetails = (function () {
// get the processor history
var getProcessorHistory = $.ajax({
type: 'GET',
- url: '../nifi-api/controller/history/processors/' + encodeURIComponent(processorId),
+ url: '../nifi-api/history/processors/' + encodeURIComponent(processorId),
dataType: 'json'
}).done(function (response) {
var processorHistory = response.componentHistory;
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-status-history.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-status-history.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-status-history.js
index 57f91fb..8396ee0 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-status-history.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/nf-status-history.js
@@ -33,7 +33,8 @@ nf.StatusHistory = (function () {
label: 'Label'
},
urls: {
- processGroups: '../nifi-api/controller/process-groups/'
+ api: '../nifi-api',
+ processGroups: '../nifi-api/process-groups/'
}
};
@@ -1099,7 +1100,7 @@ nf.StatusHistory = (function () {
showConnectionChart: function (groupId, connectionId, selectedDescriptor) {
$.ajax({
type: 'GET',
- url: config.urls.processGroups + encodeURIComponent(groupId) + '/connections/' + encodeURIComponent(connectionId) + '/status/history',
+ url: config.urls.api + '/connections/' + encodeURIComponent(connectionId) + '/status/history',
dataType: 'json'
}).done(function (response) {
handleStatusHistoryResponse(groupId, connectionId, response.statusHistory, config.type.connection, selectedDescriptor);
@@ -1116,7 +1117,7 @@ nf.StatusHistory = (function () {
showProcessorChart: function (groupId, processorId, selectedDescriptor) {
$.ajax({
type: 'GET',
- url: config.urls.processGroups + encodeURIComponent(groupId) + '/processors/' + encodeURIComponent(processorId) + '/status/history',
+ url: config.urls.api + '/processors/' + encodeURIComponent(processorId) + '/status/history',
dataType: 'json'
}).done(function (response) {
handleStatusHistoryResponse(groupId, processorId, response.statusHistory, config.type.processor, selectedDescriptor);
@@ -1150,7 +1151,7 @@ nf.StatusHistory = (function () {
showRemoteProcessGroupChart: function (groupId, remoteProcessGroupId, selectedDescriptor) {
$.ajax({
type: 'GET',
- url: config.urls.processGroups + encodeURIComponent(groupId) + '/remote-process-groups/' + encodeURIComponent(remoteProcessGroupId) + '/status/history',
+ url: config.urls.api + '/remote-process-groups/' + encodeURIComponent(remoteProcessGroupId) + '/status/history',
dataType: 'json'
}).done(function (response) {
handleStatusHistoryResponse(groupId, remoteProcessGroupId, response.statusHistory, config.type.remoteProcessGroup, selectedDescriptor);
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-cluster-search.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-cluster-search.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-cluster-search.js
index 9bab660..0c9fe36 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-cluster-search.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-cluster-search.js
@@ -22,7 +22,7 @@ nf.ClusterSearch = (function () {
search: 'Search nodes',
urls: {
clusterSearch: '../nifi-api/cluster/search-results',
- status: '../nifi-api/controller/process-groups/root/status',
+ status: '../nifi-api/process-groups/root/status',
systemDiagnostics: '../nifi-api/system-diagnostics'
}
};
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-summary-table.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-summary-table.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-summary-table.js
index 49ad85b..fcd59aa 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-summary-table.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/summary/nf-summary-table.js
@@ -27,8 +27,9 @@ nf.SummaryTable = (function () {
filterList: 'summary-filter-list'
},
urls: {
- status: '../nifi-api/controller/process-groups/root/status',
- processGroups: '../nifi-api/controller/process-groups/',
+ api: '../nifi-api',
+ status: '../nifi-api/process-groups/root/status',
+ processGroups: '../nifi-api/process-groups/',
systemDiagnostics: '../nifi-api/system-diagnostics',
controllerConfig: '../nifi-api/controller/config',
d3Script: 'js/d3/d3.min.js',
@@ -2161,7 +2162,7 @@ nf.SummaryTable = (function () {
// get the summary
$.ajax({
type: 'GET',
- url: config.urls.processGroups + encodeURIComponent(groupId) + '/processors/' + encodeURIComponent(processorId) + '/status',
+ url: config.urls.api + '/processors/' + encodeURIComponent(processorId) + '/status',
data: {
nodewise: true
},
@@ -2218,7 +2219,7 @@ nf.SummaryTable = (function () {
// get the summary
$.ajax({
type: 'GET',
- url: config.urls.processGroups + encodeURIComponent(groupId) + '/connections/' + encodeURIComponent(connectionId) + '/status',
+ url: config.urls.api + '/connections/' + encodeURIComponent(connectionId) + '/status',
data: {
nodewise: true
},
@@ -2331,7 +2332,7 @@ nf.SummaryTable = (function () {
// get the summary
$.ajax({
type: 'GET',
- url: config.urls.processGroups + encodeURIComponent(groupId) + '/input-ports/' + encodeURIComponent(inputPortId) + '/status',
+ url: config.urls.api + '/input-ports/' + encodeURIComponent(inputPortId) + '/status',
data: {
nodewise: true
},
@@ -2383,7 +2384,7 @@ nf.SummaryTable = (function () {
// get the summary
$.ajax({
type: 'GET',
- url: config.urls.processGroups + encodeURIComponent(groupId) + '/output-ports/' + encodeURIComponent(outputPortId) + '/status',
+ url: config.urls.api + '/output-ports/' + encodeURIComponent(outputPortId) + '/status',
data: {
nodewise: true
},
@@ -2435,7 +2436,7 @@ nf.SummaryTable = (function () {
// get the summary
$.ajax({
type: 'GET',
- url: config.urls.processGroups + encodeURIComponent(groupId) + '/remote-process-groups/' + encodeURIComponent(remoteProcessGroupId) + '/status',
+ url: config.urls.api + '/remote-process-groups/' + encodeURIComponent(remoteProcessGroupId) + '/status',
data: {
nodewise: true
},
[07/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserResource.java
deleted file mode 100644
index 1426999..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserResource.java
+++ /dev/null
@@ -1,617 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api;
-
-import com.sun.jersey.api.Responses;
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiParam;
-import com.wordnik.swagger.annotations.ApiResponse;
-import com.wordnik.swagger.annotations.ApiResponses;
-import com.wordnik.swagger.annotations.Authorization;
-import java.net.URI;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.FormParam;
-import javax.ws.rs.GET;
-import javax.ws.rs.HttpMethod;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import org.apache.nifi.cluster.manager.NodeResponse;
-import org.apache.nifi.cluster.manager.impl.WebClusterManager;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.api.dto.UserDTO;
-import org.apache.nifi.web.api.dto.search.UserGroupSearchResultDTO;
-import org.apache.nifi.web.api.dto.search.UserSearchResultDTO;
-import org.apache.nifi.web.api.entity.UserEntity;
-import org.apache.nifi.web.api.entity.UserSearchResultsEntity;
-import org.apache.nifi.web.api.entity.UsersEntity;
-import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.web.NiFiServiceFacade;
-import static org.apache.nifi.web.api.ApplicationResource.CLIENT_ID;
-import org.apache.nifi.web.api.dto.RevisionDTO;
-import org.apache.nifi.web.security.user.NiFiUserUtils;
-import org.springframework.security.access.prepost.PreAuthorize;
-
-/**
- * RESTful endpoint for managing this Controller's users.
- */
-@Api(hidden = true)
-public class UserResource extends ApplicationResource {
-
- /*
- * Developer Note: Clustering assumes a centralized security provider. The
- * cluster manager will manage user accounts when in clustered mode and
- * interface with the authorization provider. However, when nodes perform
- * Site-to-Site, the authorization details of the remote NiFi will be cached
- * locally. These details need to be invalidated when certain actions are
- * performed (revoking/deleting accounts, changing user authorities, user
- * group, etc).
- */
- private WebClusterManager clusterManager;
- private NiFiProperties properties;
- private NiFiServiceFacade serviceFacade;
-
- /**
- * Creates a new user account request.
- *
- * @return A string
- */
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces(MediaType.TEXT_PLAIN)
- @Path("") // necessary due to a bug in swagger
- @ApiOperation(
- value = "Creates a user",
- response = String.class
- )
- public Response createUser() {
- if (!properties.getSupportNewAccountRequests()) {
- return Responses.notFound().entity("This NiFi does not support new account requests.").build();
- }
-
- final NiFiUser nifiUser = NiFiUserUtils.getNiFiUser();
- if (nifiUser != null) {
- throw new IllegalArgumentException("User account already created " + nifiUser.getIdentity());
- }
-
- // create an account request for the current user
- final UserDTO user = serviceFacade.createUser();
-
- final String uri = generateResourceUri("controller", "users", user.getId());
- return generateCreatedResponse(URI.create(uri), "Not authorized. User account created. Authorization pending.").build();
- }
-
- /**
- * Gets all users that are registered within this Controller.
- *
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param grouped Whether to return the users in their groups.
- * @return A usersEntity.
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to a bug in swagger
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @ApiOperation(
- value = "Gets all users",
- response = UsersEntity.class,
- authorizations = {
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response getUsers(
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @ApiParam(
- value = "Whether to return the users in their respective groups.",
- required = false
- )
- @QueryParam("grouped") @DefaultValue("false") Boolean grouped) {
-
- // get the users
- final Collection<UserDTO> users = serviceFacade.getUsers(grouped);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final UsersEntity usersEntity = new UsersEntity();
- usersEntity.setRevision(revision);
- usersEntity.setUsers(users);
- usersEntity.setGenerated(new Date());
-
- // build the response
- return generateOkResponse(usersEntity).build();
- }
-
- /**
- * Gets the details for the specified user.
- *
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param id The user id.
- * @return A userEntity.
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @Path("/{id}")
- @ApiOperation(
- value = "Gets a user",
- response = UserEntity.class,
- authorizations = {
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response getUser(
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @ApiParam(
- value = "The user id.",
- required = true
- )
- @PathParam("id") String id) {
-
- // get the specified user
- final UserDTO userDTO = serviceFacade.getUser(id);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final UserEntity userEntity = new UserEntity();
- userEntity.setRevision(revision);
- userEntity.setUser(userDTO);
-
- // build the response
- return generateOkResponse(userEntity).build();
- }
-
- /**
- * Searches for users with match the specified query.
- *
- * @param value Search value that will be matched against users
- * @return A userSearchResultsEntity
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/search-results")
- @PreAuthorize("hasAnyRole('ROLE_DFM', 'ROLE_ADMIN')")
- @ApiOperation(
- value = "Searches for users",
- response = UserSearchResultsEntity.class,
- authorizations = {
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response searchUsers(
- @ApiParam(
- value = "The search terms.",
- required = true
- )
- @QueryParam("q") @DefaultValue(StringUtils.EMPTY) String value) {
-
- final List<UserSearchResultDTO> userMatches = new ArrayList<>();
- final List<UserGroupSearchResultDTO> userGroupMatches = new ArrayList<>();
-
- // get the users
- final Collection<UserDTO> users = serviceFacade.getUsers(Boolean.FALSE);
- final Collection<String> matchedGroups = new HashSet<>();
-
- // check each to see if it matches the search term
- for (UserDTO user : users) {
- // count the user if there is no search or it matches the address
- if (StringUtils.isBlank(value)) {
- // record the group match if there is one and it hasn't already been encountered
- if (user.getUserGroup() != null && !matchedGroups.contains(user.getUserGroup())) {
- // add the matched group
- matchedGroups.add(user.getUserGroup());
-
- // record the group match
- final UserGroupSearchResultDTO userGroupMatch = new UserGroupSearchResultDTO();
- userGroupMatch.setGroup(user.getUserGroup());
- userGroupMatches.add(userGroupMatch);
- }
-
- // record the user match
- final UserSearchResultDTO userMatch = new UserSearchResultDTO();
- userMatch.setUserDn(user.getDn());
- userMatch.setUserName(user.getUserName());
- userMatches.add(userMatch);
- } else {
- // look for a user match
- if (StringUtils.containsIgnoreCase(user.getDn(), value) || StringUtils.containsIgnoreCase(user.getUserName(), value)) {
- // record the user match
- final UserSearchResultDTO userMatch = new UserSearchResultDTO();
- userMatch.setUserDn(user.getDn());
- userMatch.setUserName(user.getUserName());
- userMatches.add(userMatch);
- }
-
- // look for a dn match
- if (StringUtils.containsIgnoreCase(user.getUserGroup(), value)) {
- // record the group match if it hasn't already been encountered
- if (!matchedGroups.contains(user.getUserGroup())) {
- // add the matched group
- matchedGroups.add(user.getUserGroup());
-
- // record the group match
- final UserGroupSearchResultDTO userGroupMatch = new UserGroupSearchResultDTO();
- userGroupMatch.setGroup(user.getUserGroup());
- userGroupMatches.add(userGroupMatch);
- }
- }
- }
- }
-
- // sort the user matches
- Collections.sort(userMatches, new Comparator<UserSearchResultDTO>() {
- @Override
- public int compare(UserSearchResultDTO user1, UserSearchResultDTO user2) {
- return user1.getUserName().compareTo(user2.getUserName());
- }
- });
-
- // sort the user group matches
- Collections.sort(userGroupMatches, new Comparator<UserGroupSearchResultDTO>() {
- @Override
- public int compare(UserGroupSearchResultDTO userGroup1, UserGroupSearchResultDTO userGroup2) {
- return userGroup1.getGroup().compareTo(userGroup2.getGroup());
- }
- });
-
- // build the response
- final UserSearchResultsEntity results = new UserSearchResultsEntity();
- results.setUserResults(userMatches);
- results.setUserGroupResults(userGroupMatches);
-
- // generate an 200 - OK response
- return noCache(Response.ok(results)).build();
- }
-
- /**
- * Updates the specified user.
- *
- * @param httpServletRequest request
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param id The id of the user to update.
- * @param rawAuthorities Array of authorities to assign to the specified user.
- * @param status The status of the specified users account.
- * @param formParams form params
- * @return A userEntity
- */
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @Path("/{id}")
- public Response updateUser(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("id") String id,
- @FormParam("authorities[]") Set<String> rawAuthorities,
- @FormParam("status") String status,
- MultivaluedMap<String, String> formParams) {
-
- // create the user
- final UserDTO userDTO = new UserDTO();
- userDTO.setId(id);
- userDTO.setStatus(status);
-
- // get the collection of specified authorities
- final Set<String> authorities = new HashSet<>();
- for (String authority : rawAuthorities) {
- if (StringUtils.isNotBlank(authority)) {
- authorities.add(authority);
- }
- }
-
- // set the authorities
- if (!authorities.isEmpty() || formParams.containsKey("authorities")) {
- userDTO.setAuthorities(authorities);
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the user entity
- UserEntity userEntity = new UserEntity();
- userEntity.setRevision(revision);
- userEntity.setUser(userDTO);
-
- // update the user
- return updateUser(httpServletRequest, id, userEntity);
- }
-
- /**
- * Updates the specified user.
- *
- * @param httpServletRequest request
- * @param id The id of the user to update.
- * @param userEntity A userEntity
- * @return A userEntity
- */
- @PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @Path("/{id}")
- @ApiOperation(
- value = "Updates a user",
- response = UserEntity.class,
- authorizations = {
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response updateUser(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The user id.",
- required = true
- )
- @PathParam("id") String id,
- @ApiParam(
- value = "The user configuration details.",
- required = true
- ) UserEntity userEntity) {
-
- if (userEntity == null || userEntity.getUser() == null) {
- throw new IllegalArgumentException("User details must be specified.");
- }
-
- // ensure the same user id is being used
- final UserDTO userDTO = userEntity.getUser();
- if (!id.equals(userDTO.getId())) {
- throw new IllegalArgumentException(String.format("The user id (%s) in the request body does "
- + "not equal the user id of the requested resource (%s).", userDTO.getId(), id));
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- if (userEntity.getRevision() == null) {
- revision.setClientId(new ClientIdParameter().getClientId());
- } else {
- revision.setClientId(userEntity.getRevision().getClientId());
- }
-
- // this user is being modified, replicate to the nodes to invalidate this account
- // so that it will be re-authorized during the next attempted access - if this wasn't
- // done the account would remain stale for up to the configured cache duration. this
- // is acceptable sometimes but when updating a users authorities or groups via the UI
- // they shouldn't have to wait for the changes to take effect`
- if (properties.isClusterManager()) {
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // identify yourself as the NCM attempting to invalidate the user
- final Map<String, String> headers = getHeaders(headersToOverride);
- headers.put(WebClusterManager.CLUSTER_INVALIDATE_USER_HEADER, Boolean.TRUE.toString());
-
- final RevisionDTO invalidateUserRevision = new RevisionDTO();
- revision.setClientId(revision.getClientId());
-
- final UserDTO invalidateUser = new UserDTO();
- invalidateUser.setId(userDTO.getId());
-
- final UserEntity invalidateUserEntity = new UserEntity();
- invalidateUserEntity.setRevision(invalidateUserRevision);
- invalidateUserEntity.setUser(userDTO);
-
- // replicate the invalidate request to each node - if this request is not successful return that fact,
- // otherwise continue with the desired user modification
- final NodeResponse response = clusterManager.applyRequest(HttpMethod.PUT, getAbsolutePath(), invalidateUserEntity, headers);
- if (!response.is2xx()) {
- return response.getResponse();
- }
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // handle an invalidate request from the NCM
- final String invalidateRequest = httpServletRequest.getHeader(WebClusterManager.CLUSTER_INVALIDATE_USER_HEADER);
- if (invalidateRequest != null) {
- serviceFacade.invalidateUser(id);
- return generateOkResponse().build();
- }
-
- // update the user
- final UserDTO reponseUserDTO = serviceFacade.updateUser(userDTO);
-
- // create the response entity
- UserEntity responseUserEntity = new UserEntity();
- responseUserEntity.setRevision(revision);
- responseUserEntity.setUser(reponseUserDTO);
-
- // build the response
- return generateOkResponse(responseUserEntity).build();
- }
-
- /**
- * Deletes the specified user.
- *
- * @param httpServletRequest request
- * @param id The user id
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @return A userEntity.
- */
- @DELETE
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{id}")
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @ApiOperation(
- value = "Deletes a user",
- response = UserEntity.class,
- authorizations = {
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response deleteUser(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The user id.",
- required = true
- )
- @PathParam("id") String id,
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId) {
-
- // this user is being modified, replicate to the nodes to invalidate this account
- // so that it will be re-authorized during the next attempted access - if this wasn't
- // done the account would remain stale for up to the configured cache duration. this
- // is acceptable sometimes but when removing a user via the UI they shouldn't have to
- // wait for the changes to take effect
- if (properties.isClusterManager()) {
- // identify yourself as the NCM attempting to invalidate the user
- final Map<String, String> headers = getHeaders();
- headers.put(WebClusterManager.CLUSTER_INVALIDATE_USER_HEADER, Boolean.TRUE.toString());
-
- // replicate the invalidate request to each node - if this request is not successful return that fact,
- // otherwise continue with the desired user modification
- final NodeResponse response = clusterManager.applyRequest(HttpMethod.DELETE, getAbsolutePath(), getRequestParameters(true), headers);
- if (!response.is2xx()) {
- return response.getResponse();
- }
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // handle an invalidate request from the NCM
- final String invalidateRequest = httpServletRequest.getHeader(WebClusterManager.CLUSTER_INVALIDATE_USER_HEADER);
- if (invalidateRequest != null) {
- serviceFacade.invalidateUser(id);
- return generateOkResponse().build();
- }
-
- // ungroup the specified user
- serviceFacade.deleteUser(id);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final UserEntity entity = new UserEntity();
- entity.setRevision(revision);
-
- // generate ok response
- return generateOkResponse(entity).build();
- }
-
- /* setters */
- public void setServiceFacade(NiFiServiceFacade serviceFacade) {
- this.serviceFacade = serviceFacade;
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
- public void setClusterManager(WebClusterManager clusterManager) {
- this.clusterManager = clusterManager;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccountNotFoundExceptionMapper.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccountNotFoundExceptionMapper.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccountNotFoundExceptionMapper.java
deleted file mode 100644
index 8fed1a2..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccountNotFoundExceptionMapper.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api.config;
-
-import com.sun.jersey.api.Responses;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.ext.ExceptionMapper;
-import javax.ws.rs.ext.Provider;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Maps resource not found exceptions into client responses.
- */
-@Provider
-public class AccountNotFoundExceptionMapper implements ExceptionMapper<AccountNotFoundException> {
-
- private static final Logger logger = LoggerFactory.getLogger(AccountNotFoundExceptionMapper.class);
-
- @Override
- public Response toResponse(AccountNotFoundException exception) {
- logger.info(String.format("%s. Returning %s response.", exception, Response.Status.NOT_FOUND));
-
- if (logger.isDebugEnabled()) {
- logger.debug(StringUtils.EMPTY, exception);
- }
-
- return Responses.notFound().entity(exception.getMessage()).type("text/plain").build();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
index 5e7a902..0ae7649 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
@@ -16,29 +16,6 @@
*/
package org.apache.nifi.web.api.dto;
-import java.text.Collator;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-import java.util.TreeMap;
-import java.util.TreeSet;
-import java.util.concurrent.TimeUnit;
-
-import javax.ws.rs.WebApplicationException;
-
import org.apache.nifi.action.Action;
import org.apache.nifi.action.component.details.ComponentDetails;
import org.apache.nifi.action.component.details.ExtensionDetails;
@@ -57,7 +34,6 @@ import org.apache.nifi.action.details.PurgeDetails;
import org.apache.nifi.annotation.behavior.Stateful;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
-import org.apache.nifi.authorization.Authority;
import org.apache.nifi.cluster.HeartbeatPayload;
import org.apache.nifi.cluster.event.Event;
import org.apache.nifi.cluster.manager.StatusMerger;
@@ -122,8 +98,6 @@ import org.apache.nifi.reporting.Bulletin;
import org.apache.nifi.reporting.BulletinRepository;
import org.apache.nifi.reporting.ReportingTask;
import org.apache.nifi.scheduling.SchedulingStrategy;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.user.NiFiUserGroup;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.web.FlowModification;
import org.apache.nifi.web.Revision;
@@ -155,6 +129,28 @@ import org.apache.nifi.web.api.dto.status.ProcessorStatusSnapshotDTO;
import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO;
import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusSnapshotDTO;
+import javax.ws.rs.WebApplicationException;
+import java.text.Collator;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+import java.util.TreeMap;
+import java.util.TreeSet;
+import java.util.concurrent.TimeUnit;
+
public final class DtoFactory {
@SuppressWarnings("rawtypes")
@@ -2534,57 +2530,6 @@ public final class DtoFactory {
return revisionDTO;
}
- /**
- * Factory method for creating a new user transfer object.
- *
- * @param user user
- * @return dto
- */
- public UserDTO createUserDTO(NiFiUser user) {
- // convert the users authorities
- Set<String> authorities = Authority.convertAuthorities(user.getAuthorities());
-
- // create the user
- UserDTO userDTO = new UserDTO();
- userDTO.setId(String.valueOf(user.getId()));
- userDTO.setDn(user.getIdentity());
- userDTO.setUserName(user.getUserName());
- userDTO.setUserGroup(user.getUserGroup());
- userDTO.setJustification(user.getJustification());
- userDTO.setAuthorities(authorities);
-
- // ensure the date fields are not null
- if (user.getCreation() != null) {
- userDTO.setCreation(user.getCreation());
- }
- if (user.getLastAccessed() != null) {
- userDTO.setLastAccessed(user.getLastAccessed());
- }
- if (user.getLastVerified() != null) {
- userDTO.setLastVerified(user.getLastVerified());
- }
- if (user.getStatus() != null) {
- userDTO.setStatus(user.getStatus().toString());
- }
-
- return userDTO;
- }
-
- public UserGroupDTO createUserGroupDTO(NiFiUserGroup userGroup) {
- UserGroupDTO userGroupDto = new UserGroupDTO();
- userGroupDto.setGroup(userGroup.getGroup());
- userGroupDto.setUserIds(new HashSet<String>());
-
- // set the users if they have been specified
- if (userGroup.getUsers() != null) {
- for (NiFiUser user : userGroup.getUsers()) {
- userGroupDto.getUserIds().add(String.valueOf(user.getId()));
- }
- }
-
- return userGroupDto;
- }
-
public NodeDTO createNodeDTO(Node node, List<Event> events, boolean primary) {
final NodeDTO nodeDto = new NodeDTO();
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
index 68d0dbe..7377985 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
@@ -19,8 +19,7 @@ package org.apache.nifi.web.controller;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ClassUtils;
import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.authorization.DownloadAuthorization;
+import org.apache.nifi.admin.service.KeyService;
import org.apache.nifi.cluster.protocol.NodeIdentifier;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.connectable.Connectable;
@@ -104,7 +103,6 @@ import org.apache.nifi.web.security.ProxiedEntitiesUtils;
import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.access.AccessDeniedException;
import javax.ws.rs.WebApplicationException;
import java.io.IOException;
@@ -133,7 +131,7 @@ public class ControllerFacade {
// nifi components
private FlowController flowController;
private FlowService flowService;
- private UserService userService;
+ private KeyService keyService;
// properties
private NiFiProperties properties;
@@ -242,22 +240,20 @@ public class ControllerFacade {
/**
* Returns the status history for the specified processor.
*
- * @param groupId group id
* @param processorId processor id
* @return status history
*/
- public StatusHistoryDTO getProcessorStatusHistory(final String groupId, final String processorId) {
+ public StatusHistoryDTO getProcessorStatusHistory(final String processorId) {
return flowController.getProcessorStatusHistory(processorId);
}
/**
* Returns the status history for the specified connection.
*
- * @param groupId group id
* @param connectionId connection id
* @return status history
*/
- public StatusHistoryDTO getConnectionStatusHistory(final String groupId, final String connectionId) {
+ public StatusHistoryDTO getConnectionStatusHistory(final String connectionId) {
return flowController.getConnectionStatusHistory(connectionId);
}
@@ -274,11 +270,10 @@ public class ControllerFacade {
/**
* Returns the status history for the specified remote process group.
*
- * @param groupId group id
* @param remoteProcessGroupId remote process group id
* @return status history
*/
- public StatusHistoryDTO getRemoteProcessGroupStatusHistory(final String groupId, final String remoteProcessGroupId) {
+ public StatusHistoryDTO getRemoteProcessGroupStatusHistory(final String remoteProcessGroupId) {
return flowController.getRemoteProcessGroupStatusHistory(remoteProcessGroupId);
}
@@ -489,11 +484,20 @@ public class ControllerFacade {
/**
* Gets the status for the specified processor.
*
- * @param groupId group id
* @param processorId processor id
* @return the status for the specified processor
*/
- public ProcessorStatusDTO getProcessorStatus(final String groupId, final String processorId) {
+ public ProcessorStatusDTO getProcessorStatus(final String processorId) {
+ final ProcessGroup root = flowController.getGroup(flowController.getRootGroupId());
+ final ProcessorNode processor = root.findProcessor(processorId);
+
+ // ensure the processor was found
+ if (processor == null) {
+ throw new ResourceNotFoundException(String.format("Unable to locate processor with id '%s'.", processorId));
+ }
+
+ // calculate the process group status
+ final String groupId = processor.getProcessGroup().getIdentifier();
final ProcessGroupStatus processGroupStatus = flowController.getGroupStatus(groupId);
if (processGroupStatus == null) {
throw new ResourceNotFoundException(String.format("Unable to locate group with id '%s'.", groupId));
@@ -511,11 +515,20 @@ public class ControllerFacade {
/**
* Gets the status for the specified connection.
*
- * @param groupId group id
* @param connectionId connection id
* @return the status for the specified connection
*/
- public ConnectionStatusDTO getConnectionStatus(final String groupId, final String connectionId) {
+ public ConnectionStatusDTO getConnectionStatus(final String connectionId) {
+ final ProcessGroup root = flowController.getGroup(flowController.getRootGroupId());
+ final Connection connection = root.findConnection(connectionId);
+
+ // ensure the connection was found
+ if (connection == null) {
+ throw new ResourceNotFoundException(String.format("Unable to locate connection with id '%s'.", connectionId));
+ }
+
+ // calculate the process group status
+ final String groupId = connection.getProcessGroup().getIdentifier();
final ProcessGroupStatus processGroupStatus = flowController.getGroupStatus(groupId);
if (processGroupStatus == null) {
throw new ResourceNotFoundException(String.format("Unable to locate group with id '%s'.", groupId));
@@ -533,11 +546,19 @@ public class ControllerFacade {
/**
* Gets the status for the specified input port.
*
- * @param groupId group id
* @param portId input port id
* @return the status for the specified input port
*/
- public PortStatusDTO getInputPortStatus(final String groupId, final String portId) {
+ public PortStatusDTO getInputPortStatus(final String portId) {
+ final ProcessGroup root = flowController.getGroup(flowController.getRootGroupId());
+ final Port port = root.findInputPort(portId);
+
+ // ensure the input port was found
+ if (port == null) {
+ throw new ResourceNotFoundException(String.format("Unable to locate input port with id '%s'.", portId));
+ }
+
+ final String groupId = port.getProcessGroup().getIdentifier();
final ProcessGroupStatus processGroupStatus = flowController.getGroupStatus(groupId);
if (processGroupStatus == null) {
throw new ResourceNotFoundException(String.format("Unable to locate group with id '%s'.", groupId));
@@ -555,11 +576,19 @@ public class ControllerFacade {
/**
* Gets the status for the specified output port.
*
- * @param groupId group id
* @param portId output port id
* @return the status for the specified output port
*/
- public PortStatusDTO getOutputPortStatus(final String groupId, final String portId) {
+ public PortStatusDTO getOutputPortStatus(final String portId) {
+ final ProcessGroup root = flowController.getGroup(flowController.getRootGroupId());
+ final Port port = root.findOutputPort(portId);
+
+ // ensure the output port was found
+ if (port == null) {
+ throw new ResourceNotFoundException(String.format("Unable to locate output port with id '%s'.", portId));
+ }
+
+ final String groupId = port.getProcessGroup().getIdentifier();
final ProcessGroupStatus processGroupStatus = flowController.getGroupStatus(groupId);
if (processGroupStatus == null) {
throw new ResourceNotFoundException(String.format("Unable to locate group with id '%s'.", groupId));
@@ -577,11 +606,19 @@ public class ControllerFacade {
/**
* Gets the status for the specified remote process group.
*
- * @param groupId group id
* @param remoteProcessGroupId remote process group id
* @return the status for the specified remote process group
*/
- public RemoteProcessGroupStatusDTO getRemoteProcessGroupStatus(final String groupId, final String remoteProcessGroupId) {
+ public RemoteProcessGroupStatusDTO getRemoteProcessGroupStatus(final String remoteProcessGroupId) {
+ final ProcessGroup root = flowController.getGroup(flowController.getRootGroupId());
+ final RemoteProcessGroup remoteProcessGroup = root.findRemoteProcessGroup(remoteProcessGroupId);
+
+ // ensure the output port was found
+ if (remoteProcessGroup == null) {
+ throw new ResourceNotFoundException(String.format("Unable to locate remote process group with id '%s'.", remoteProcessGroupId));
+ }
+
+ final String groupId = remoteProcessGroup.getProcessGroup().getIdentifier();
final ProcessGroupStatus processGroupStatus = flowController.getGroupStatus(groupId);
if (processGroupStatus == null) {
throw new ResourceNotFoundException(String.format("Unable to locate group with id '%s'.", groupId));
@@ -949,11 +986,11 @@ public class ControllerFacade {
// calculate the dn chain
final List<String> dnChain = ProxiedEntitiesUtils.buildProxiedEntitiesChain(user);
- // ensure the users in this chain are allowed to download this content
- final DownloadAuthorization downloadAuthorization = userService.authorizeDownload(dnChain, attributes);
- if (!downloadAuthorization.isApproved()) {
- throw new AccessDeniedException(downloadAuthorization.getExplanation());
- }
+ // TODO - ensure the users in this chain are allowed to download this content
+// final DownloadAuthorization downloadAuthorization = keyService.authorizeDownload(dnChain, attributes);
+// if (!downloadAuthorization.isApproved()) {
+// throw new AccessDeniedException(downloadAuthorization.getExplanation());
+// }
// get the filename and fall back to the identifier (should never happen)
String filename = attributes.get(CoreAttributes.FILENAME.key());
@@ -1526,8 +1563,8 @@ public class ControllerFacade {
this.properties = properties;
}
- public void setUserService(UserService userService) {
- this.userService = userService;
+ public void setKeyService(KeyService keyService) {
+ this.keyService = keyService;
}
public void setFlowService(FlowService flowService) {
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ConnectionDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ConnectionDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ConnectionDAO.java
index 2e1e8fd..98caa34 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ConnectionDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ConnectionDAO.java
@@ -28,61 +28,47 @@ import java.util.Set;
public interface ConnectionDAO {
/**
+ * Determines if the specified connection exists.
+ *
+ * @param id id
+ * @return true if connection exists
+ */
+ boolean hasConnection(String id);
+
+ /**
* Gets the specified Connection.
*
- * @param groupId group id
* @param id The connection id
* @return The connection
*/
- Connection getConnection(String groupId, String id);
+ Connection getConnection(String id);
/**
* Gets the specified flow file drop request.
*
- * @param groupId group id
* @param id The id of the connection
* @param dropRequestId The drop request id
* @return The drop request status
*/
- DropFlowFileStatus getFlowFileDropRequest(String groupId, String id, String dropRequestId);
+ DropFlowFileStatus getFlowFileDropRequest(String id, String dropRequestId);
/**
* Gets the specified flowfile listing request.
*
- * @param groupId group id
* @param id connection id
* @param listingRequestId The listing request id
* @return The listing request status
*/
- ListFlowFileStatus getFlowFileListingRequest(String groupId, String id, String listingRequestId);
+ ListFlowFileStatus getFlowFileListingRequest(String id, String listingRequestId);
/**
* Gets the specified flowfile in the specified connection.
*
- * @param groupId group id
* @param id connection id
* @param flowFileUuid the flowfile uuid
* @return The flowfile
*/
- FlowFileRecord getFlowFile(String groupId, String id, String flowFileUuid);
-
- /**
- * Gets the connections for the specified source processor.
- *
- * @param groupId group id
- * @param processorId processor id
- * @return connections
- */
- Set<Connection> getConnectionsForSource(String groupId, String processorId);
-
- /**
- * Determines if the specified connection exists.
- *
- * @param groupId group id
- * @param id id
- * @return true if connection exists
- */
- boolean hasConnection(String groupId, String id);
+ FlowFileRecord getFlowFile(String id, String flowFileUuid);
/**
* Gets all of the connections.
@@ -95,7 +81,7 @@ public interface ConnectionDAO {
/**
* Creates a new Connection.
*
- * @param groupId group id
+ * @param groupId The group id
* @param connectionDTO The connection DTO
* @return The connection
*/
@@ -104,35 +90,32 @@ public interface ConnectionDAO {
/**
* Creates a new flow file drop request.
*
- * @param groupId group id
* @param id connection id
* @param dropRequestId drop request id
* @return The drop request status
*/
- DropFlowFileStatus createFlowFileDropRequest(String groupId, String id, String dropRequestId);
+ DropFlowFileStatus createFlowFileDropRequest(String id, String dropRequestId);
/**
* Creates a new flow file listing request.
*
- * @param groupId group id
* @param id connection id
* @param listingRequestId listing request id
* @return The listing request status
*/
- ListFlowFileStatus createFlowFileListingRequest(String groupId, String id, String listingRequestId);
+ ListFlowFileStatus createFlowFileListingRequest(String id, String listingRequestId);
/**
* Verifies the listing can be processed.
*
- * @param groupId group id
* @param id connection id
*/
- void verifyList(String groupId, String id);
+ void verifyList(String id);
/**
* Verifies the create request can be processed.
*
- * @param groupId group id
+ * @param groupId The group id
* @param connectionDTO connection
*/
void verifyCreate(String groupId, ConnectionDTO connectionDTO);
@@ -140,64 +123,57 @@ public interface ConnectionDAO {
/**
* Verifies the update request can be processed.
*
- * @param groupId group id
* @param connectionDTO connection
*/
- void verifyUpdate(String groupId, ConnectionDTO connectionDTO);
+ void verifyUpdate(ConnectionDTO connectionDTO);
/**
* Updates the specified Connection.
*
- * @param groupId group id
* @param connectionDTO The connection DTO
* @return The connection
*/
- Connection updateConnection(String groupId, ConnectionDTO connectionDTO);
+ Connection updateConnection(ConnectionDTO connectionDTO);
/**
* Verifies the delete request can be processed.
*
- * @param groupId group id
* @param id id
*/
- void verifyDelete(String groupId, String id);
+ void verifyDelete(String id);
/**
* Deletes the specified Connection.
*
- * @param groupId group id
* @param id The id of the connection
*/
- void deleteConnection(String groupId, String id);
+ void deleteConnection(String id);
/**
* Deletes the specified flow file drop request.
*
- * @param groupId group id
* @param id The id of the connection
* @param dropRequestId The drop request id
* @return The drop request
*/
- DropFlowFileStatus deleteFlowFileDropRequest(String groupId, String id, String dropRequestId);
+ DropFlowFileStatus deleteFlowFileDropRequest(String id, String dropRequestId);
/**
* Deletes the specified flow file listing request.
*
- * @param groupId group id
* @param id connection id
* @param listingRequestId The listing request id
* @return The listing request status
*/
- ListFlowFileStatus deleteFlowFileListingRequest(String groupId, String id, String listingRequestId);
+ ListFlowFileStatus deleteFlowFileListingRequest(String id, String listingRequestId);
/**
* Gets the content for the specified flowfile in the specified connection.
*
- * @param groupId group id
* @param id connection id
* @param flowfileUuid flowfile uuid
* @param requestUri request uri
* @return The downloadable content
*/
- DownloadableContent getContent(String groupId, String id, String flowfileUuid, String requestUri);
+ DownloadableContent getContent(String id, String flowfileUuid, String requestUri);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/FunnelDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/FunnelDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/FunnelDAO.java
index 278405a..858da8d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/FunnelDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/FunnelDAO.java
@@ -16,19 +16,18 @@
*/
package org.apache.nifi.web.dao;
-import java.util.Set;
-
import org.apache.nifi.connectable.Funnel;
import org.apache.nifi.web.api.dto.FunnelDTO;
+import java.util.Set;
+
public interface FunnelDAO {
/**
- * @param groupId group id
* @param funnelId funnel id
* @return Determines if the specified funnel exists in the specified group
*/
- boolean hasFunnel(String groupId, String funnelId);
+ boolean hasFunnel(String funnelId);
/**
* Creates a funnel in the specified group.
@@ -40,13 +39,12 @@ public interface FunnelDAO {
Funnel createFunnel(String groupId, FunnelDTO funnelDTO);
/**
- * Gets the specified funnel in the specified group.
+ * Gets the specified funnel.
*
- * @param groupId group id
* @param funnelId The funnel id
* @return The funnel
*/
- Funnel getFunnel(String groupId, String funnelId);
+ Funnel getFunnel(String funnelId);
/**
* Gets all of the funnels in the specified group.
@@ -57,27 +55,24 @@ public interface FunnelDAO {
Set<Funnel> getFunnels(String groupId);
/**
- * Updates the specified funnel in the specified group.
+ * Updates the specified funnel.
*
- * @param groupId group id
* @param funnelDTO The funnel DTO
* @return The funnel
*/
- Funnel updateFunnel(String groupId, FunnelDTO funnelDTO);
+ Funnel updateFunnel(FunnelDTO funnelDTO);
/**
* Determines whether this funnel can be removed.
*
- * @param groupId group id
* @param funnelId funnel id
*/
- void verifyDelete(String groupId, String funnelId);
+ void verifyDelete(String funnelId);
/**
- * Deletes the specified Funnel in the specified group.
+ * Deletes the specified Funnel.
*
- * @param groupId group id
* @param funnelId The funnel id
*/
- void deleteFunnel(String groupId, String funnelId);
+ void deleteFunnel(String funnelId);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/LabelDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/LabelDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/LabelDAO.java
index 2a908ac..515b0d4 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/LabelDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/LabelDAO.java
@@ -16,18 +16,18 @@
*/
package org.apache.nifi.web.dao;
-import java.util.Set;
import org.apache.nifi.controller.label.Label;
import org.apache.nifi.web.api.dto.LabelDTO;
+import java.util.Set;
+
public interface LabelDAO {
/**
- * @param groupId group id
* @param labelId label id
* @return Determines if the specified label exists in the specified group
*/
- boolean hasLabel(String groupId, String labelId);
+ boolean hasLabel(String labelId);
/**
* Creates a label in the specified group.
@@ -41,11 +41,10 @@ public interface LabelDAO {
/**
* Gets the specified label in the specified group.
*
- * @param groupId group id
* @param labelId The label id
* @return The label
*/
- Label getLabel(String groupId, String labelId);
+ Label getLabel(String labelId);
/**
* Gets all of the labels in the specified group.
@@ -58,17 +57,15 @@ public interface LabelDAO {
/**
* Updates the specified label in the specified group.
*
- * @param groupId group id
* @param labelDTO The label DTO
* @return The label
*/
- Label updateLabel(String groupId, LabelDTO labelDTO);
+ Label updateLabel(LabelDTO labelDTO);
/**
* Deletes the specified label in the specified group.
*
- * @param groupId group id
* @param labelId The label id
*/
- void deleteLabel(String groupId, String labelId);
+ void deleteLabel(String labelId);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/PortDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/PortDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/PortDAO.java
index 1df13e5..e6e11ab 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/PortDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/PortDAO.java
@@ -16,19 +16,18 @@
*/
package org.apache.nifi.web.dao;
-import java.util.Set;
-
import org.apache.nifi.connectable.Port;
import org.apache.nifi.web.api.dto.PortDTO;
+import java.util.Set;
+
public interface PortDAO {
/**
- * @param groupId group id
* @param portId port id
* @return Determines if the specified port exists in the specified group
*/
- boolean hasPort(String groupId, String portId);
+ boolean hasPort(String portId);
/**
* Creates a port in the specified group.
@@ -42,11 +41,10 @@ public interface PortDAO {
/**
* Gets the specified port in the specified group.
*
- * @param groupId group id
* @param portId The port id
* @return The port
*/
- Port getPort(String groupId, String portId);
+ Port getPort(String portId);
/**
* Gets all of the ports in the specified group.
@@ -59,33 +57,29 @@ public interface PortDAO {
/**
* Verifies the specified port can be updated per the specified request.
*
- * @param groupId group id
* @param portDTO port
*/
- void verifyUpdate(String groupId, PortDTO portDTO);
+ void verifyUpdate(PortDTO portDTO);
/**
* Updates the specified port in the specified group.
*
- * @param groupId group
* @param portDTO The port DTO
* @return The port
*/
- Port updatePort(String groupId, PortDTO portDTO);
+ Port updatePort(PortDTO portDTO);
/**
* Verifies the specified port can be removed.
*
- * @param groupId group id
* @param portId port id
*/
- void verifyDelete(String groupId, String portId);
+ void verifyDelete(String portId);
/**
* Deletes the specified label in the specified group.
*
- * @param groupId group id
* @param portId The port id
*/
- void deletePort(String groupId, String portId);
+ void deletePort(String portId);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ProcessGroupDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ProcessGroupDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ProcessGroupDAO.java
index 3655083..29ca220 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ProcessGroupDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ProcessGroupDAO.java
@@ -16,16 +16,16 @@
*/
package org.apache.nifi.web.dao;
-import java.util.Set;
import org.apache.nifi.groups.ProcessGroup;
import org.apache.nifi.web.api.dto.ProcessGroupDTO;
+import java.util.Set;
+
public interface ProcessGroupDAO {
/**
* Determines if the specified remote process group exists.
*
- * @param groupId id
* @return true if group exists
*/
boolean hasProcessGroup(String groupId);
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ProcessorDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ProcessorDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ProcessorDAO.java
index 9f45c90..b105c55 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ProcessorDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/ProcessorDAO.java
@@ -16,26 +16,25 @@
*/
package org.apache.nifi.web.dao;
-import java.util.Set;
-
import org.apache.nifi.components.state.Scope;
import org.apache.nifi.components.state.StateMap;
import org.apache.nifi.controller.ProcessorNode;
import org.apache.nifi.web.api.dto.ProcessorDTO;
+import java.util.Set;
+
public interface ProcessorDAO {
/**
- * @param groupId group id
* @param id id
* @return Determines if the specified processor is loaded
*/
- boolean hasProcessor(String groupId, String id);
+ boolean hasProcessor(String id);
/**
* Creates a new Processor.
*
- * @param groupId group id
+ * @param groupId The group id where this component will be created
* @param processorDTO The processor DTO
* @return The new Processor
*/
@@ -44,11 +43,10 @@ public interface ProcessorDAO {
/**
* Gets the Processor transfer object for the specified id.
*
- * @param groupId group id
* @param id Id of the processor to return
* @return The Processor
*/
- ProcessorNode getProcessor(String groupId, String id);
+ ProcessorNode getProcessor(String id);
/**
* Gets all the Processor transfer objects for this controller.
@@ -61,58 +59,51 @@ public interface ProcessorDAO {
/**
* Verifies the specified processor can be updated.
*
- * @param groupId group id
* @param processorDTO processor
*/
- void verifyUpdate(String groupId, ProcessorDTO processorDTO);
+ void verifyUpdate(ProcessorDTO processorDTO);
/**
* Updates the configuration for the processor using the specified processorDTO.
*
- * @param groupId group id
* @param processorDTO processor
* @return updated processor
*/
- ProcessorNode updateProcessor(String groupId, ProcessorDTO processorDTO);
+ ProcessorNode updateProcessor(ProcessorDTO processorDTO);
/**
* Verifies the specified processor can be removed.
*
- * @param groupId group id
* @param processorId processor id
*/
- void verifyDelete(String groupId, String processorId);
+ void verifyDelete(String processorId);
/**
* Deletes the specified processor.
*
- * @param groupId group id
* @param processorId The processor id to delete
*/
- void deleteProcessor(String groupId, String processorId);
+ void deleteProcessor(String processorId);
/**
* Gets the specified processor.
*
- * @param groupId group id
* @param processorId processor id
* @return state map
*/
- StateMap getState(String groupId, String processorId, Scope scope);
+ StateMap getState(String processorId, Scope scope);
/**
* Verifies the processor can clear state.
*
- * @param groupId group id
* @param processorId processor id
*/
- void verifyClearState(String groupId, String processorId);
+ void verifyClearState(String processorId);
/**
* Clears the state of the specified processor.
*
- * @param groupId group id
* @param processorId processor id
*/
- void clearState(String groupId, String processorId);
+ void clearState(String processorId);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/RemoteProcessGroupDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/RemoteProcessGroupDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/RemoteProcessGroupDAO.java
index d9eafb0..2542185 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/RemoteProcessGroupDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/RemoteProcessGroupDAO.java
@@ -16,22 +16,22 @@
*/
package org.apache.nifi.web.dao;
-import java.util.Set;
import org.apache.nifi.groups.RemoteProcessGroup;
import org.apache.nifi.remote.RemoteGroupPort;
import org.apache.nifi.web.api.dto.RemoteProcessGroupDTO;
import org.apache.nifi.web.api.dto.RemoteProcessGroupPortDTO;
+import java.util.Set;
+
public interface RemoteProcessGroupDAO {
/**
* Determines if the specified remote process group exists.
*
- * @param groupId group id
* @param remoteProcessGroupId group id
* @return true if the specified remote process group exists
*/
- boolean hasRemoteProcessGroup(String groupId, String remoteProcessGroupId);
+ boolean hasRemoteProcessGroup(String remoteProcessGroupId);
/**
* Creates a remote process group reference.
@@ -45,11 +45,10 @@ public interface RemoteProcessGroupDAO {
/**
* Gets the specified remote process group.
*
- * @param groupId group id
* @param remoteProcessGroupId The remote process group id
* @return The remote process group
*/
- RemoteProcessGroup getRemoteProcessGroup(String groupId, String remoteProcessGroupId);
+ RemoteProcessGroup getRemoteProcessGroup(String remoteProcessGroupId);
/**
* Gets all of the remote process groups.
@@ -62,71 +61,63 @@ public interface RemoteProcessGroupDAO {
/**
* Verifies the specified remote process group can be updated.
*
- * @param groupId group id
* @param remoteProcessGroup group
*/
- void verifyUpdate(String groupId, RemoteProcessGroupDTO remoteProcessGroup);
+ void verifyUpdate(RemoteProcessGroupDTO remoteProcessGroup);
/**
* Verifies the specified remote process group input port can be updated.
*
- * @param groupId group id
* @param remoteProcessGroupId process group id
* @param remoteProcessGroupPort port
*/
- void verifyUpdateInputPort(String groupId, String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPort);
+ void verifyUpdateInputPort(String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPort);
/**
* Verifies the specified remote process group input port can be updated.
*
- * @param groupId group id
* @param remoteProcessGroupId group id
* @param remoteProcessGroupPort group port
*/
- void verifyUpdateOutputPort(String groupId, String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPort);
+ void verifyUpdateOutputPort(String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPort);
/**
* Updates the specified remote process group.
*
- * @param groupId id
* @param remoteProcessGroup The remote process group
* @return The remote process group
*/
- RemoteProcessGroup updateRemoteProcessGroup(String groupId, RemoteProcessGroupDTO remoteProcessGroup);
+ RemoteProcessGroup updateRemoteProcessGroup(RemoteProcessGroupDTO remoteProcessGroup);
/**
* Updates the specified remote process group input port.
*
- * @param groupId id
* @param remoteProcessGroupId id
* @param remoteProcessGroupPort port
* @return updated group port
*/
- RemoteGroupPort updateRemoteProcessGroupInputPort(String groupId, String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPort);
+ RemoteGroupPort updateRemoteProcessGroupInputPort(String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPort);
/**
* Updates the specified remote process group output port.
*
- * @param groupId group id
* @param remoteProcessGroupId group id
* @param remoteProcessGroupPort port
* @return group port
*/
- RemoteGroupPort updateRemoteProcessGroupOutputPort(String groupId, String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPort);
+ RemoteGroupPort updateRemoteProcessGroupOutputPort(String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPort);
/**
* Verifies the specified remote process group can be removed.
*
- * @param groupId group id
* @param remoteProcessGroupId group id
*/
- void verifyDelete(String groupId, String remoteProcessGroupId);
+ void verifyDelete(String remoteProcessGroupId);
/**
* Deletes the specified remote process group.
*
- * @param groupId group id
* @param remoteProcessGroupId The remote process group id
*/
- void deleteRemoteProcessGroup(String groupId, String remoteProcessGroupId);
+ void deleteRemoteProcessGroup(String remoteProcessGroupId);
}
[16/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java
index 359d45b..bfb064a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/test/java/org/apache/nifi/authorization/FileAuthorizerTest.java
@@ -18,7 +18,7 @@ package org.apache.nifi.authorization;
import org.apache.nifi.attribute.expression.language.StandardPropertyValue;
import org.apache.nifi.authorization.AuthorizationResult.Result;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
+import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.resource.ResourceFactory;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.util.file.FileUtils;
@@ -111,20 +111,20 @@ public class FileAuthorizerTest {
assertEquals(primary.length(), restore.length());
}
- @Test(expected = ProviderCreationException.class)
+ @Test(expected = AuthorizerCreationException.class)
public void testPostConstructionWhenPrimaryDoesNotExist() throws Exception {
writeAuthorizationsFile(restore, EMPTY_AUTHORIZATIONS_CONCISE);
authorizer.onConfigured(configurationContext);
}
- @Test(expected = ProviderCreationException.class)
+ @Test(expected = AuthorizerCreationException.class)
public void testPostConstructionWhenPrimaryDifferentThanRestore() throws Exception {
writeAuthorizationsFile(primary, EMPTY_AUTHORIZATIONS);
writeAuthorizationsFile(restore, EMPTY_AUTHORIZATIONS_CONCISE);
authorizer.onConfigured(configurationContext);
}
- @Test(expected = ProviderCreationException.class)
+ @Test(expected = AuthorizerCreationException.class)
public void testBadSchema() throws Exception {
writeAuthorizationsFile(primary, BAD_SCHEMA_AUTHORIZATIONS);
authorizer.onConfigured(configurationContext);
@@ -135,7 +135,8 @@ public class FileAuthorizerTest {
writeAuthorizationsFile(primary, AUTHORIZATIONS);
authorizer.onConfigured(configurationContext);
- final AuthorizationRequest request = new AuthorizationRequest.Builder().resource(ResourceFactory.getFlowResource()).identity("user-1").action(RequestAction.READ).build();
+ final AuthorizationRequest request = new AuthorizationRequest.Builder().resource(ResourceFactory.getFlowResource()).identity("user-1").anonymous(false).accessAttempt(true).action(RequestAction
+ .READ).build();
final AuthorizationResult result = authorizer.authorize(request);
assertTrue(Result.Approved.equals(result.getResult()));
}
@@ -145,7 +146,8 @@ public class FileAuthorizerTest {
writeAuthorizationsFile(primary, AUTHORIZATIONS);
authorizer.onConfigured(configurationContext);
- final AuthorizationRequest request = new AuthorizationRequest.Builder().resource(ResourceFactory.getFlowResource()).identity("user-2").action(RequestAction.READ).build();
+ final AuthorizationRequest request =
+ new AuthorizationRequest.Builder().resource(ResourceFactory.getFlowResource()).identity("user-2").anonymous(false).accessAttempt(true).action(RequestAction.READ).build();
final AuthorizationResult result = authorizer.authorize(request);
assertFalse(Result.Approved.equals(result.getResult()));
}
@@ -155,7 +157,8 @@ public class FileAuthorizerTest {
writeAuthorizationsFile(primary, AUTHORIZATIONS);
authorizer.onConfigured(configurationContext);
- final AuthorizationRequest request = new AuthorizationRequest.Builder().resource(ResourceFactory.getFlowResource()).identity("user-1").action(RequestAction.WRITE).build();
+ final AuthorizationRequest request =
+ new AuthorizationRequest.Builder().resource(ResourceFactory.getFlowResource()).identity("user-1").anonymous(false).accessAttempt(true).action(RequestAction.WRITE).build();
final AuthorizationResult result = authorizer.authorize(request);
assertFalse(Result.Approved.equals(result.getResult()));
}
@@ -167,7 +170,8 @@ public class FileAuthorizerTest {
authorizer.onConfigured(configurationContext);
// ensure the user currently does not have write access
- final AuthorizationRequest request = new AuthorizationRequest.Builder().resource(ResourceFactory.getFlowResource()).identity("user-1").action(RequestAction.WRITE).build();
+ final AuthorizationRequest request =
+ new AuthorizationRequest.Builder().resource(ResourceFactory.getFlowResource()).identity("user-1").anonymous(false).accessAttempt(true).action(RequestAction.WRITE).build();
AuthorizationResult result = authorizer.authorize(request);
assertFalse(Result.Approved.equals(result.getResult()));
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/groups/ProcessGroup.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/groups/ProcessGroup.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/groups/ProcessGroup.java
index 81ee5a0..ee59942 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/groups/ProcessGroup.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/groups/ProcessGroup.java
@@ -411,12 +411,28 @@ public interface ProcessGroup {
Set<Connection> getConnections();
/**
+ * @param id of the Connection
+ * @return the Connection with the given ID, if it exists as a child or
+ * descendant of this ProcessGroup. This performs a recursive search of all
+ * descendant ProcessGroups
+ */
+ Connection findConnection(String id);
+
+ /**
* @return a List of all Connections contains within this ProcessGroup and
* any child ProcessGroups
*/
List<Connection> findAllConnections();
/**
+ * @param id of the Funnel
+ * @return the Funnel with the given ID, if it exists as a child or
+ * descendant of this ProcessGroup. This performs a recursive search of all
+ * descendant ProcessGroups
+ */
+ Funnel findFunnel(String id);
+
+ /**
* Adds the given RemoteProcessGroup to this ProcessGroup
*
* @param remoteGroup group to add
@@ -521,6 +537,14 @@ public interface ProcessGroup {
List<ProcessorNode> findAllProcessors();
/**
+ * @param id of the Label
+ * @return the Label with the given ID, if it exists as a child or
+ * descendant of this ProcessGroup. This performs a recursive search of all
+ * descendant ProcessGroups
+ */
+ Label findLabel(String id);
+
+ /**
* @return a List of all Labels that are children or descendants of this
* ProcessGroup. This performsn a recursive search of all descendant
* ProcessGroups
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java
index 9f14354..75395b7 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/controller/FlowController.java
@@ -53,7 +53,7 @@ import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.action.Action;
import org.apache.nifi.admin.service.AuditService;
-import org.apache.nifi.admin.service.UserService;
+import org.apache.nifi.admin.service.KeyService;
import org.apache.nifi.annotation.lifecycle.OnAdded;
import org.apache.nifi.annotation.lifecycle.OnConfigurationRestored;
import org.apache.nifi.annotation.lifecycle.OnRemoved;
@@ -257,7 +257,7 @@ public class FlowController implements EventAccess, ControllerServiceProvider, R
private final AtomicReference<CounterRepository> counterRepositoryRef;
private final AtomicBoolean initialized = new AtomicBoolean(false);
private final ControllerServiceProvider controllerServiceProvider;
- private final UserService userService;
+ private final KeyService keyService;
private final AuditService auditService;
private final EventDrivenWorkerQueue eventDrivenWorkerQueue;
private final ComponentStatusRepository componentStatusRepository;
@@ -354,13 +354,13 @@ public class FlowController implements EventAccess, ControllerServiceProvider, R
public static FlowController createStandaloneInstance(
final FlowFileEventRepository flowFileEventRepo,
final NiFiProperties properties,
- final UserService userService,
+ final KeyService keyService,
final AuditService auditService,
final StringEncryptor encryptor) {
return new FlowController(
flowFileEventRepo,
properties,
- userService,
+ keyService,
auditService,
encryptor,
/* configuredForClustering */ false,
@@ -370,14 +370,14 @@ public class FlowController implements EventAccess, ControllerServiceProvider, R
public static FlowController createClusteredInstance(
final FlowFileEventRepository flowFileEventRepo,
final NiFiProperties properties,
- final UserService userService,
+ final KeyService keyService,
final AuditService auditService,
final StringEncryptor encryptor,
final NodeProtocolSender protocolSender) {
final FlowController flowController = new FlowController(
flowFileEventRepo,
properties,
- userService,
+ keyService,
auditService,
encryptor,
/* configuredForClustering */ true,
@@ -391,7 +391,7 @@ public class FlowController implements EventAccess, ControllerServiceProvider, R
private FlowController(
final FlowFileEventRepository flowFileEventRepo,
final NiFiProperties properties,
- final UserService userService,
+ final KeyService keyService,
final AuditService auditService,
final StringEncryptor encryptor,
final boolean configuredForClustering,
@@ -447,7 +447,7 @@ public class FlowController implements EventAccess, ControllerServiceProvider, R
startConnectablesAfterInitialization = new ArrayList<>();
startRemoteGroupPortsAfterInitialization = new ArrayList<>();
- this.userService = userService;
+ this.keyService = keyService;
this.auditService = auditService;
final String gracefulShutdownSecondsVal = properties.getProperty(GRACEFUL_SHUTDOWN_PERIOD);
@@ -1032,7 +1032,7 @@ public class FlowController implements EventAccess, ControllerServiceProvider, R
name = requireNonNull(name).intern();
verifyPortIdDoesNotExist(id);
return new StandardRootGroupPort(id, name, null, TransferDirection.RECEIVE, ConnectableType.INPUT_PORT,
- userService, getBulletinRepository(), processScheduler, Boolean.TRUE.equals(isSiteToSiteSecure));
+ keyService, getBulletinRepository(), processScheduler, Boolean.TRUE.equals(isSiteToSiteSecure));
}
/**
@@ -1049,7 +1049,7 @@ public class FlowController implements EventAccess, ControllerServiceProvider, R
name = requireNonNull(name).intern();
verifyPortIdDoesNotExist(id);
return new StandardRootGroupPort(id, name, null, TransferDirection.SEND, ConnectableType.OUTPUT_PORT,
- userService, getBulletinRepository(), processScheduler, Boolean.TRUE.equals(isSiteToSiteSecure));
+ keyService, getBulletinRepository(), processScheduler, Boolean.TRUE.equals(isSiteToSiteSecure));
}
/**
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java
index 4646d55..71e51b6 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java
@@ -945,6 +945,27 @@ public final class StandardProcessGroup implements ProcessGroup {
}
@Override
+ public Connection findConnection(final String id) {
+ return findConnection(id, this);
+ }
+
+ private Connection findConnection(final String id, final ProcessGroup start) {
+ Connection connection = start.getConnection(id);
+ if (connection != null) {
+ return connection;
+ }
+
+ for (final ProcessGroup group : start.getProcessGroups()) {
+ connection = findConnection(id, group);
+ if (connection != null) {
+ return connection;
+ }
+ }
+
+ return null;
+ }
+
+ @Override
public List<Connection> findAllConnections() {
return findAllConnections(this);
}
@@ -1476,6 +1497,27 @@ public final class StandardProcessGroup implements ProcessGroup {
}
@Override
+ public Label findLabel(final String id) {
+ return findLabel(id, this);
+ }
+
+ private Label findLabel(final String id, final ProcessGroup start) {
+ Label label = start.getLabel(id);
+ if (label != null) {
+ return label;
+ }
+
+ for (final ProcessGroup group : start.getProcessGroups()) {
+ label = findLabel(id, group);
+ if (label != null) {
+ return label;
+ }
+ }
+
+ return null;
+ }
+
+ @Override
public List<Label> findAllLabels() {
return findAllLabels(this);
}
@@ -1603,6 +1645,27 @@ public final class StandardProcessGroup implements ProcessGroup {
}
@Override
+ public Funnel findFunnel(final String id) {
+ return findFunnel(id, this);
+ }
+
+ private Funnel findFunnel(final String id, final ProcessGroup start) {
+ Funnel funnel = start.getFunnel(id);
+ if (funnel != null) {
+ return funnel;
+ }
+
+ for (final ProcessGroup group : start.getProcessGroups()) {
+ funnel = findFunnel(id, group);
+ if (funnel != null) {
+ return funnel;
+ }
+ }
+
+ return null;
+ }
+
+ @Override
public void removeFunnel(final Funnel funnel) {
writeLock.lock();
try {
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/spring/FlowControllerFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/spring/FlowControllerFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/spring/FlowControllerFactoryBean.java
index c6c18c3..1c747d4 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/spring/FlowControllerFactoryBean.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/spring/FlowControllerFactoryBean.java
@@ -17,7 +17,7 @@
package org.apache.nifi.spring;
import org.apache.nifi.admin.service.AuditService;
-import org.apache.nifi.admin.service.UserService;
+import org.apache.nifi.admin.service.KeyService;
import org.apache.nifi.cluster.protocol.NodeProtocolSender;
import org.apache.nifi.controller.FlowController;
import org.apache.nifi.controller.repository.FlowFileEventRepository;
@@ -38,7 +38,7 @@ public class FlowControllerFactoryBean implements FactoryBean, ApplicationContex
private ApplicationContext applicationContext;
private FlowController flowController;
private NiFiProperties properties;
- private UserService userService;
+ private KeyService keyService;
private AuditService auditService;
private StringEncryptor encryptor;
@@ -58,7 +58,7 @@ public class FlowControllerFactoryBean implements FactoryBean, ApplicationContex
flowController = FlowController.createClusteredInstance(
flowFileEventRepository,
properties,
- userService,
+ keyService,
auditService,
encryptor,
nodeProtocolSender);
@@ -66,7 +66,7 @@ public class FlowControllerFactoryBean implements FactoryBean, ApplicationContex
flowController = FlowController.createStandaloneInstance(
flowFileEventRepository,
properties,
- userService,
+ keyService,
auditService,
encryptor);
}
@@ -95,8 +95,8 @@ public class FlowControllerFactoryBean implements FactoryBean, ApplicationContex
this.properties = properties;
}
- public void setUserService(final UserService userService) {
- this.userService = userService;
+ public void setKeyService(final KeyService keyService) {
+ this.keyService = keyService;
}
public void setEncryptor(final StringEncryptor encryptor) {
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/resources/nifi-context.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/resources/nifi-context.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/resources/nifi-context.xml
index e841b24..c864ccf 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/resources/nifi-context.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/resources/nifi-context.xml
@@ -36,7 +36,7 @@
<!-- flow controller -->
<bean id="flowController" class="org.apache.nifi.spring.FlowControllerFactoryBean">
<property name="properties" ref="nifiProperties"/>
- <property name="userService" ref="userService" />
+ <property name="keyService" ref="keyService" />
<property name="auditService" ref="auditService" />
<property name="encryptor" ref="stringEncryptor" />
</bean>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/StandardFlowServiceTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/StandardFlowServiceTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/StandardFlowServiceTest.java
index b01b26c..9fb62df 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/StandardFlowServiceTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/StandardFlowServiceTest.java
@@ -25,7 +25,7 @@ import java.util.ArrayList;
import java.util.List;
import org.apache.nifi.admin.service.AuditService;
-import org.apache.nifi.admin.service.UserService;
+import org.apache.nifi.admin.service.KeyService;
import org.apache.nifi.cluster.protocol.StandardDataFlow;
import org.apache.nifi.controller.repository.FlowFileEventRepository;
import org.apache.nifi.util.NiFiProperties;
@@ -55,7 +55,7 @@ public class StandardFlowServiceTest {
private FlowController flowController;
private NiFiProperties properties;
private FlowFileEventRepository mockFlowFileEventRepository;
- private UserService mockUserService;
+ private KeyService mockKeyService;
private AuditService mockAuditService;
private StringEncryptor mockEncryptor;
@@ -68,9 +68,9 @@ public class StandardFlowServiceTest {
public void setup() throws Exception {
properties = NiFiProperties.getInstance();
mockFlowFileEventRepository = mock(FlowFileEventRepository.class);
- mockUserService = mock(UserService.class);
+ mockKeyService = mock(KeyService.class);
mockAuditService = mock(AuditService.class);
- flowController = FlowController.createStandaloneInstance(mockFlowFileEventRepository, properties, mockUserService, mockAuditService, mockEncryptor);
+ flowController = FlowController.createStandaloneInstance(mockFlowFileEventRepository, properties, mockKeyService, mockAuditService, mockEncryptor);
flowService = StandardFlowService.createStandaloneInstance(flowController, properties, mockEncryptor);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/scheduling/TestProcessorLifecycle.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/scheduling/TestProcessorLifecycle.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/scheduling/TestProcessorLifecycle.java
index 560c4cb..f98ed45 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/scheduling/TestProcessorLifecycle.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/java/org/apache/nifi/controller/scheduling/TestProcessorLifecycle.java
@@ -37,7 +37,7 @@ import java.util.concurrent.locks.LockSupport;
import org.apache.commons.io.FileUtils;
import org.apache.nifi.admin.service.AuditService;
-import org.apache.nifi.admin.service.UserService;
+import org.apache.nifi.admin.service.KeyService;
import org.apache.nifi.annotation.lifecycle.OnScheduled;
import org.apache.nifi.annotation.lifecycle.OnStopped;
import org.apache.nifi.annotation.lifecycle.OnUnscheduled;
@@ -640,7 +640,7 @@ public class TestProcessorLifecycle {
properties.setProperty("nifi.remote.input.secure", "");
return FlowController.createStandaloneInstance(mock(FlowFileEventRepository.class), properties,
- mock(UserService.class), mock(AuditService.class), null);
+ mock(KeyService.class), mock(AuditService.class), null);
}
/**
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/conf/nifi.properties
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/conf/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/conf/nifi.properties
index 78a649b..445f459 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/conf/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/conf/nifi.properties
@@ -82,11 +82,7 @@ nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
-nifi.security.authorizedUsers.file=./target/conf/authorized-users.xml
-nifi.security.user.credential.cache.duration=24 hours
-nifi.security.user.authority.provider=nifi.authorization.FileAuthorizationProvider
-nifi.security.support.new.account.requests=
-nifi.security.default.user.roles=
+nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #
nifi.cluster.protocol.heartbeat.interval=5 sec
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/nifi-with-remote.properties
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/nifi-with-remote.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/nifi-with-remote.properties
index e5b9a34..445f459 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/nifi-with-remote.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/nifi-with-remote.properties
@@ -82,11 +82,7 @@ nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
-nifi.security.authorizedUsers.file=./target/conf/authorized-users.xml
-nifi.security.user.credential.cache.duration=24 hours
-nifi.security.user.authority.provider=org.apache.nifi.authorization.FileAuthorizationProvider
-nifi.security.support.new.account.requests=
-nifi.security.default.user.roles=
+nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #
nifi.cluster.protocol.heartbeat.interval=5 sec
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/nifi.properties
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/nifi.properties
index d752c6d..210e7c6 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/test/resources/nifi.properties
@@ -82,11 +82,7 @@ nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
-nifi.security.authorizedUsers.file=./target/conf/authorized-users.xml
-nifi.security.user.credential.cache.duration=24 hours
-nifi.security.user.authority.provider=org.apache.nifi.authorization.FileAuthorizationProvider
-nifi.security.support.new.account.requests=
-nifi.security.default.user.roles=
+nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #
nifi.cluster.protocol.heartbeat.interval=5 sec
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java
index db0b35e..f06012c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java
@@ -16,15 +16,8 @@
*/
package org.apache.nifi.nar;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.ServiceLoader;
-import java.util.Set;
import org.apache.nifi.authentication.LoginIdentityProvider;
-
-import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.repository.ContentRepository;
import org.apache.nifi.controller.repository.FlowFileRepository;
@@ -34,10 +27,16 @@ import org.apache.nifi.flowfile.FlowFilePrioritizer;
import org.apache.nifi.processor.Processor;
import org.apache.nifi.provenance.ProvenanceEventRepository;
import org.apache.nifi.reporting.ReportingTask;
-
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.ServiceLoader;
+import java.util.Set;
+
/**
* Scans through the classpath to load all FlowFileProcessors, FlowFileComparators, and ReportingTasks using the service provider API and running through all classloaders (root, NARs).
*
@@ -58,7 +57,7 @@ public class ExtensionManager {
definitionMap.put(FlowFilePrioritizer.class, new HashSet<Class>());
definitionMap.put(ReportingTask.class, new HashSet<Class>());
definitionMap.put(ControllerService.class, new HashSet<Class>());
- definitionMap.put(AuthorityProvider.class, new HashSet<Class>());
+ definitionMap.put(Authorizer.class, new HashSet<Class>());
definitionMap.put(LoginIdentityProvider.class, new HashSet<Class>());
definitionMap.put(ProvenanceEventRepository.class, new HashSet<Class>());
definitionMap.put(ComponentStatusRepository.class, new HashSet<Class>());
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java
index 9e9bd03..93f73eb 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java
@@ -16,16 +16,8 @@
*/
package org.apache.nifi.nar;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.net.URLClassLoader;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
import org.apache.nifi.authentication.LoginIdentityProvider;
-
-import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.components.Validator;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.repository.ContentRepository;
@@ -40,6 +32,14 @@ import org.apache.nifi.processor.io.StreamCallback;
import org.apache.nifi.provenance.ProvenanceEventRepository;
import org.apache.nifi.reporting.ReportingTask;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
+
/**
* THREAD SAFE
*/
@@ -58,7 +58,7 @@ public class NarThreadContextClassLoader extends URLClassLoader {
narSpecificClasses.add(OutputStreamCallback.class);
narSpecificClasses.add(StreamCallback.class);
narSpecificClasses.add(ControllerService.class);
- narSpecificClasses.add(AuthorityProvider.class);
+ narSpecificClasses.add(Authorizer.class);
narSpecificClasses.add(LoginIdentityProvider.class);
narSpecificClasses.add(ProvenanceEventRepository.class);
narSpecificClasses.add(ComponentStatusRepository.class);
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/test/resources/NarUnpacker/conf/nifi.properties
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/test/resources/NarUnpacker/conf/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/test/resources/NarUnpacker/conf/nifi.properties
index 103b7c1..69b5b09 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/test/resources/NarUnpacker/conf/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/test/resources/NarUnpacker/conf/nifi.properties
@@ -84,11 +84,7 @@ nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
-nifi.security.authorizedUsers.file=./target/conf/authorized-users.xml
-nifi.security.user.credential.cache.duration=24 hours
-nifi.security.user.authority.provider=nifi.authorization.FileAuthorizationProvider
-nifi.security.support.new.account.requests=
-nifi.security.default.user.roles=
+nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #
nifi.cluster.protocol.heartbeat.interval=5 sec
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authority-providers.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authority-providers.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authority-providers.xml
deleted file mode 100644
index cb68e15..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authority-providers.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!--
- This file lists the authority providers to use when running securely. In order
- to use a specific provider it must be configured here and it's identifier
- must be specified in the nifi.properties file.
--->
-<authorityProviders>
- <provider>
- <identifier>file-provider</identifier>
- <class>org.apache.nifi.authorization.FileAuthorizationProvider</class>
- <property name="Authorized Users File">./conf/authorized-users.xml</property>
- <property name="Default User Roles"></property>
- </provider>
-
- <!--<provider>
- <identifier>cluster-ncm-provider</identifier>
- <class>org.apache.nifi.cluster.authorization.ClusterManagerAuthorizationProvider</class>
- <property name="Authority Provider Port"></property>
- <property name="Authority Provider Threads">10</property>
- <property name="Authorized Users File">./conf/authorized-users.xml</property>
- <property name="Default User Roles"></property>
- </provider>-->
-
- <!--<provider>
- <identifier>cluster-node-provider</identifier>
- <class>org.apache.nifi.cluster.authorization.NodeAuthorizationProvider</class>
- <property name="Cluster Manager Authority Provider Port"></property>
- </provider>-->
-</authorityProviders>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorized-users.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorized-users.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorized-users.xml
deleted file mode 100644
index 6b07165..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorized-users.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!--
- This file lists all authorized users for this NiFi instance when using
- the FileAuthorizationProvider or ClusterManagerAuthorizationProvider. If one of
- these providers is not in use then this file is not used. Refer to the properties
- file and authority-providers.xml for configuration details.
-
- Available roles:
- ROLE_MONITOR - for users - read only access to flow
- ROLE_DFM - for users - can build and configure data flows
- ROLE_PROVENANCE - for users - can access data flow provenance
- ROLE_ADMIN - for users - read only access to flow; modify user access; can purge flow configuration history
- ROLE_PROXY - for systems - can proxy requests on behalf of users
- ROLE_NIFI - for systems - can perform site to site
--->
-<users>
- <!--
- <user dn="[user dn - read only]">
- <role name="ROLE_MONITOR"/>
- </user>
- <user dn="[user dn - data flow manager]">
- <role name="ROLE_DFM"/>
- </user>
- <user dn="[user dn - read only and admin]">
- <role name="ROLE_ADMIN"/>
- </user>
- <user dn="[user dn - data flow manager and admin]">
- <role name="ROLE_DFM"/>
- <role name="ROLE_ADMIN"/>
- </user>
- <user dn="[user dn - read only and provenance details]">
- <role name="ROLE_MONITOR"/>
- <role name="ROLE_PROVENANCE"/>
- </user>
- <user dn="[user dn - data flow manager and provenance details]">
- <role name="ROLE_DFM"/>
- <role name="ROLE_PROVENANCE"/>
- </user>
- <user dn="[system dn - remote NiFi performing site to site]">
- <role name="ROLE_NIFI"/>
- </user>
- -->
-</users>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml
new file mode 100644
index 0000000..01ccd9c
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!--
+ This file lists the authority providers to use when running securely. In order
+ to use a specific provider it must be configured here and it's identifier
+ must be specified in the nifi.properties file.
+-->
+<authorizers>
+ <provider>
+ <identifier>file-provider</identifier>
+ <class>org.apache.nifi.authorization.FileAuthorizer</class>
+ <property name="Authorizations File">./conf/authorizations.xml</property>
+ <property name="Reload Interval">30 secs</property>
+ </provider>
+</authorizers>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
index beb71c1..f7912a1 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
@@ -24,7 +24,7 @@ nifi.administrative.yield.duration=${nifi.administrative.yield.duration}
# If a component has no work to do (is "bored"), how long should we wait before checking again for work?
nifi.bored.yield.duration=${nifi.bored.yield.duration}
-nifi.authority.provider.configuration.file=${nifi.authority.provider.configuration.file}
+nifi.authorizer.configuration.file=${nifi.authorizer.configuration.file}
nifi.login.identity.provider.configuration.file=${nifi.login.identity.provider.configuration.file}
nifi.templates.directory=${nifi.templates.directory}
nifi.ui.banner.text=${nifi.ui.banner.text}
@@ -137,12 +137,8 @@ nifi.security.truststore=${nifi.security.truststore}
nifi.security.truststoreType=${nifi.security.truststoreType}
nifi.security.truststorePasswd=${nifi.security.truststorePasswd}
nifi.security.needClientAuth=${nifi.security.needClientAuth}
-nifi.security.user.credential.cache.duration=${nifi.security.user.credential.cache.duration}
-nifi.security.user.authority.provider=${nifi.security.user.authority.provider}
+nifi.security.user.authorizer=${nifi.security.user.authorizer}
nifi.security.user.login.identity.provider=${nifi.security.user.login.identity.provider}
-nifi.security.support.new.account.requests=${nifi.security.support.new.account.requests}
-# Valid Authorities include: ROLE_MONITOR,ROLE_DFM,ROLE_ADMIN,ROLE_PROVENANCE,ROLE_NIFI
-nifi.security.anonymous.authorities=${nifi.security.anonymous.authorities}
nifi.security.ocsp.responder.url=${nifi.security.ocsp.responder.url}
nifi.security.ocsp.responder.certificate=${nifi.security.ocsp.responder.certificate}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardRootGroupPort.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardRootGroupPort.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardRootGroupPort.java
index 66fd303..2e5f175 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardRootGroupPort.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardRootGroupPort.java
@@ -16,30 +16,7 @@
*/
package org.apache.nifi.remote;
-import static java.util.Objects.requireNonNull;
-
-import java.io.IOException;
-import java.net.SocketTimeoutException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ArrayBlockingQueue;
-import java.util.concurrent.BlockingQueue;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicBoolean;
-import java.util.concurrent.atomic.AtomicReference;
-import java.util.concurrent.locks.Lock;
-import java.util.concurrent.locks.ReentrantLock;
-
-import org.apache.nifi.admin.service.AccountDisabledException;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AccountPendingException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.authorization.Authority;
+import org.apache.nifi.admin.service.KeyService;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.connectable.ConnectableType;
import org.apache.nifi.controller.AbstractPort;
@@ -64,10 +41,27 @@ import org.apache.nifi.reporting.BulletinRepository;
import org.apache.nifi.reporting.ComponentType;
import org.apache.nifi.reporting.Severity;
import org.apache.nifi.scheduling.SchedulingStrategy;
-import org.apache.nifi.user.NiFiUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.IOException;
+import java.net.SocketTimeoutException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicReference;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+import static java.util.Objects.requireNonNull;
+
public class StandardRootGroupPort extends AbstractPort implements RootGroupPort {
private static final String CATEGORY = "Site to Site";
@@ -78,7 +72,7 @@ public class StandardRootGroupPort extends AbstractPort implements RootGroupPort
private final AtomicReference<Set<String>> userAccessControl = new AtomicReference<Set<String>>(new HashSet<String>());
private final ProcessScheduler processScheduler;
private final boolean secure;
- private final UserService userService;
+ private final KeyService keyService;
@SuppressWarnings("unused")
private final BulletinRepository bulletinRepository;
private final EventReporter eventReporter;
@@ -92,13 +86,13 @@ public class StandardRootGroupPort extends AbstractPort implements RootGroupPort
private boolean shutdown = false; // guarded by requestLock
public StandardRootGroupPort(final String id, final String name, final ProcessGroup processGroup,
- final TransferDirection direction, final ConnectableType type, final UserService userService,
+ final TransferDirection direction, final ConnectableType type, final KeyService keyService,
final BulletinRepository bulletinRepository, final ProcessScheduler scheduler, final boolean secure) {
super(id, name, processGroup, type, scheduler);
this.processScheduler = scheduler;
setScheduldingPeriod(MINIMUM_SCHEDULING_NANOS + " nanos");
- this.userService = userService;
+ this.keyService = keyService;
this.secure = secure;
this.bulletinRepository = bulletinRepository;
this.scheduler = scheduler;
@@ -355,67 +349,8 @@ public class StandardRootGroupPort extends AbstractPort implements RootGroupPort
return new StandardPortAuthorizationResult(false, "User DN is not known");
}
- try {
- final NiFiUser user = userService.checkAuthorization(dn);
-
- final Set<Authority> authorities = user.getAuthorities();
- if (!authorities.contains(Authority.ROLE_NIFI)) {
- final String message = String.format("%s authorization failed for user %s because the user does not have Role NiFi", this, dn);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "User does not contain required Role: NiFi");
- }
-
- final Set<String> allowedUsers = userAccessControl.get();
- if (allowedUsers.contains(dn)) {
- return new StandardPortAuthorizationResult(true, "User is Authorized");
- }
-
- final String userGroup = user.getUserGroup();
- if (userGroup == null) {
- final String message = String.format("%s authorization failed for user %s because the user does not have a group and is not in the set of Allowed Users for this Port", this, dn);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "User is not Authorized to communicate with " + this.toString());
- }
-
- final Set<String> allowedGroups = groupAccessControl.get();
- final boolean allowed = allowedGroups.contains(userGroup);
- if (!allowed) {
- final String message = String.format("%s authorization failed for user %s because the user "
- + "is not in the set of Allowed Users, and the user's group is not in the set of Allowed Groups for this Port", this, dn);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "User is not Authorized to communicate with " + this.toString());
- }
-
- return new StandardPortAuthorizationResult(true, "User is part of group '" + userGroup + "', which is Authorized to communicate with " + this.toString());
- } catch (final AccountNotFoundException anfe) {
- final String message = String.format("%s authorization failed for user %s because the DN is unknown", this, dn);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "User DN is not known");
- } catch (final AccountDisabledException ade) {
- final String message = String.format("%s authorization failed for user %s because the User Status is not 'ACTIVE' but instead is 'DISABLED'", this, dn);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "User Status is 'DISABLED' rather than 'ACTIVE'");
- } catch (final AccountPendingException ape) {
- final String message = String.format("%s authorization failed for user %s because the User Status is not 'ACTIVE' but instead is 'PENDING'", this, dn);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "User Status is 'PENDING' rather than 'ACTIVE'");
- } catch (final AdministrationException ae) {
- final String message = String.format("%s authorization failed for user %s because ", this, dn, ae);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "Authorization failed because " + ae);
- } catch (final Exception e) {
- final String message = String.format("%s authorization failed for user %s because ", this, dn, e);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "Authorization failed because " + e);
- }
+ // TODO - Replace with call to Authorizer to authorize site to site data transfer
+ return new StandardPortAuthorizationResult(true, "User is Authorized");
}
public static class StandardPortAuthorizationResult implements PortAuthorizationResult {
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/resources/nifi.properties
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/resources/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/resources/nifi.properties
index 4364bff..5b1134b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/resources/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/test/resources/nifi.properties
@@ -63,11 +63,7 @@ nifi.security.truststore=src/test/resources/dummy-certs/localhost-ts.jks
nifi.security.truststoreType=JKS
nifi.security.truststorePasswd=localtest
nifi.security.needClientAuth=true
-nifi.security.authorizedUsers.file=./conf/authorized-users.xml
-nifi.security.user.credential.cache.duration.seconds=
-nifi.security.user.authority.provider=nifi.cluster.authorization.ClusterAuthorizationProvider
-nifi.security.support.new.account.requests=
-nifi.security.default.user.roles=
+nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #
nifi.cluster.protocol.heartbeat.tick.seconds=10
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/FunnelAuditor.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/FunnelAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/FunnelAuditor.java
index 3949028..40f0f34 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/FunnelAuditor.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/FunnelAuditor.java
@@ -67,18 +67,17 @@ public class FunnelAuditor extends NiFiAuditor {
* Audits the removal of a funnel.
*
* @param proceedingJoinPoint join point
- * @param groupId group id
* @param funnelId funnel id
* @param funnelDAO funnel dao
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.FunnelDAO+) && "
- + "execution(void deleteFunnel(java.lang.String, java.lang.String)) && "
- + "args(groupId, funnelId) && "
+ + "execution(void deleteFunnel(java.lang.String)) && "
+ + "args(funnelId) && "
+ "target(funnelDAO)")
- public void removeFunnelAdvice(ProceedingJoinPoint proceedingJoinPoint, String groupId, String funnelId, FunnelDAO funnelDAO) throws Throwable {
+ public void removeFunnelAdvice(ProceedingJoinPoint proceedingJoinPoint, String funnelId, FunnelDAO funnelDAO) throws Throwable {
// get the funnel before removing it
- Funnel funnel = funnelDAO.getFunnel(groupId, funnelId);
+ Funnel funnel = funnelDAO.getFunnel(funnelId);
// remove the funnel
proceedingJoinPoint.proceed();
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/PortAuditor.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/PortAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/PortAuditor.java
index e99a1aa..dff311e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/PortAuditor.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/PortAuditor.java
@@ -16,12 +16,7 @@
*/
package org.apache.nifi.audit;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
-
+import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.action.Action;
import org.apache.nifi.action.Component;
import org.apache.nifi.action.FlowChangeAction;
@@ -32,18 +27,22 @@ import org.apache.nifi.connectable.ConnectableType;
import org.apache.nifi.connectable.Port;
import org.apache.nifi.controller.ScheduledState;
import org.apache.nifi.remote.RootGroupPort;
-import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.apache.nifi.user.NiFiUser;
import org.apache.nifi.web.api.dto.PortDTO;
import org.apache.nifi.web.dao.PortDAO;
-
-import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Set;
+
@Aspect
public class PortAuditor extends NiFiAuditor {
@@ -77,18 +76,17 @@ public class PortAuditor extends NiFiAuditor {
* Audits the update of a port.
*
* @param proceedingJoinPoint join point
- * @param groupId group id
* @param portDTO port dto
* @param portDAO port dao
* @return port
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.PortDAO+) && "
- + "execution(org.apache.nifi.connectable.Port updatePort(java.lang.String, org.apache.nifi.web.api.dto.PortDTO)) && "
- + "args(groupId, portDTO) && "
+ + "execution(org.apache.nifi.connectable.Port updatePort(org.apache.nifi.web.api.dto.PortDTO)) && "
+ + "args(portDTO) && "
+ "target(portDAO)")
- public Port updatePortAdvice(ProceedingJoinPoint proceedingJoinPoint, String groupId, PortDTO portDTO, PortDAO portDAO) throws Throwable {
- final Port port = portDAO.getPort(groupId, portDTO.getId());
+ public Port updatePortAdvice(ProceedingJoinPoint proceedingJoinPoint, PortDTO portDTO, PortDAO portDAO) throws Throwable {
+ final Port port = portDAO.getPort(portDTO.getId());
final ScheduledState scheduledState = port.getScheduledState();
final String name = port.getName();
final String comments = port.getComments();
@@ -262,18 +260,17 @@ public class PortAuditor extends NiFiAuditor {
* Audits the removal of a processor via deleteProcessor().
*
* @param proceedingJoinPoint join point
- * @param groupId group id
* @param portId port id
* @param portDAO port dao
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.PortDAO+) && "
- + "execution(void deletePort(java.lang.String, java.lang.String)) && "
- + "args(groupId, portId) && "
+ + "execution(void deletePort(java.lang.String)) && "
+ + "args(portId) && "
+ "target(portDAO)")
- public void removePortAdvice(ProceedingJoinPoint proceedingJoinPoint, String groupId, String portId, PortDAO portDAO) throws Throwable {
+ public void removePortAdvice(ProceedingJoinPoint proceedingJoinPoint, String portId, PortDAO portDAO) throws Throwable {
// get the port before removing it
- Port port = portDAO.getPort(groupId, portId);
+ Port port = portDAO.getPort(portId);
// remove the port
proceedingJoinPoint.proceed();
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessorAuditor.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessorAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessorAuditor.java
index 4f147fb..d6bf700 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessorAuditor.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ProcessorAuditor.java
@@ -100,19 +100,18 @@ public class ProcessorAuditor extends NiFiAuditor {
* Audits the configuration of a single processor.
*
* @param proceedingJoinPoint join point
- * @param groupId group id
* @param processorDTO dto
* @param processorDAO dao
* @return node
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.ProcessorDAO+) && "
- + "execution(org.apache.nifi.controller.ProcessorNode updateProcessor(java.lang.String, org.apache.nifi.web.api.dto.ProcessorDTO)) && "
- + "args(groupId, processorDTO) && "
+ + "execution(org.apache.nifi.controller.ProcessorNode updateProcessor(org.apache.nifi.web.api.dto.ProcessorDTO)) && "
+ + "args(processorDTO) && "
+ "target(processorDAO)")
- public ProcessorNode updateProcessorAdvice(ProceedingJoinPoint proceedingJoinPoint, String groupId, ProcessorDTO processorDTO, ProcessorDAO processorDAO) throws Throwable {
+ public ProcessorNode updateProcessorAdvice(ProceedingJoinPoint proceedingJoinPoint, ProcessorDTO processorDTO, ProcessorDAO processorDAO) throws Throwable {
// determine the initial values for each property/setting thats changing
- ProcessorNode processor = processorDAO.getProcessor(groupId, processorDTO.getId());
+ ProcessorNode processor = processorDAO.getProcessor(processorDTO.getId());
final Map<String, String> values = extractConfiguredPropertyValues(processor, processorDTO);
final ScheduledState scheduledState = processor.getScheduledState();
@@ -121,7 +120,7 @@ public class ProcessorAuditor extends NiFiAuditor {
// if no exceptions were thrown, add the processor action...
// get the updated verbose state
- processor = processorDAO.getProcessor(updatedProcessor.getProcessGroup().getIdentifier(), updatedProcessor.getIdentifier());
+ processor = processorDAO.getProcessor(updatedProcessor.getIdentifier());
// get the current user
NiFiUser user = NiFiUserUtils.getNiFiUser();
@@ -235,18 +234,17 @@ public class ProcessorAuditor extends NiFiAuditor {
* Audits the removal of a processor via deleteProcessor().
*
* @param proceedingJoinPoint join point
- * @param groupId group id
* @param processorId processor id
* @param processorDAO dao
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.ProcessorDAO+) && "
- + "execution(void deleteProcessor(java.lang.String, java.lang.String)) && "
- + "args(groupId, processorId) && "
+ + "execution(void deleteProcessor(java.lang.String)) && "
+ + "args(processorId) && "
+ "target(processorDAO)")
- public void removeProcessorAdvice(ProceedingJoinPoint proceedingJoinPoint, String groupId, String processorId, ProcessorDAO processorDAO) throws Throwable {
+ public void removeProcessorAdvice(ProceedingJoinPoint proceedingJoinPoint, String processorId, ProcessorDAO processorDAO) throws Throwable {
// get the processor before removing it
- ProcessorNode processor = processorDAO.getProcessor(groupId, processorId);
+ ProcessorNode processor = processorDAO.getProcessor(processorId);
// remove the processor
proceedingJoinPoint.proceed();
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RelationshipAuditor.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RelationshipAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RelationshipAuditor.java
index 95000d8..8a77636 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RelationshipAuditor.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RelationshipAuditor.java
@@ -100,19 +100,18 @@ public class RelationshipAuditor extends NiFiAuditor {
* Audits the creation and removal of relationships via updateConnection().
*
* @param proceedingJoinPoint join point
- * @param groupId group id
* @param connectionDTO dto
* @param connectionDAO dao
* @return connection
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.ConnectionDAO+) && "
- + "execution(org.apache.nifi.connectable.Connection updateConnection(java.lang.String, org.apache.nifi.web.api.dto.ConnectionDTO)) && "
- + "args(groupId, connectionDTO) && "
+ + "execution(org.apache.nifi.connectable.Connection updateConnection(org.apache.nifi.web.api.dto.ConnectionDTO)) && "
+ + "args(connectionDTO) && "
+ "target(connectionDAO)")
- public Connection updateConnectionAdvice(ProceedingJoinPoint proceedingJoinPoint, String groupId, ConnectionDTO connectionDTO, ConnectionDAO connectionDAO) throws Throwable {
+ public Connection updateConnectionAdvice(ProceedingJoinPoint proceedingJoinPoint, ConnectionDTO connectionDTO, ConnectionDAO connectionDAO) throws Throwable {
// get the previous configuration
- Connection connection = connectionDAO.getConnection(groupId, connectionDTO.getId());
+ Connection connection = connectionDAO.getConnection(connectionDTO.getId());
Connectable previousDestination = connection.getDestination();
Collection<Relationship> previousRelationships = connection.getRelationships();
Map<String, String> values = extractConfiguredPropertyValues(connection, connectionDTO);
@@ -214,18 +213,17 @@ public class RelationshipAuditor extends NiFiAuditor {
* Audits the removal of relationships via deleteConnection().
*
* @param proceedingJoinPoint join point
- * @param groupId group id
* @param id id
* @param connectionDAO dao
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.ConnectionDAO+) && "
- + "execution(void deleteConnection(java.lang.String, java.lang.String)) && "
- + "args(groupId, id) && "
+ + "execution(void deleteConnection(java.lang.String)) && "
+ + "args(id) && "
+ "target(connectionDAO)")
- public void removeConnectionAdvice(ProceedingJoinPoint proceedingJoinPoint, String groupId, String id, ConnectionDAO connectionDAO) throws Throwable {
+ public void removeConnectionAdvice(ProceedingJoinPoint proceedingJoinPoint, String id, ConnectionDAO connectionDAO) throws Throwable {
// get the connection before performing the update
- Connection connection = connectionDAO.getConnection(groupId, id);
+ Connection connection = connectionDAO.getConnection(id);
// perform the underlying operation
proceedingJoinPoint.proceed();
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RemoteProcessGroupAuditor.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RemoteProcessGroupAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RemoteProcessGroupAuditor.java
index 5815634..0495e99 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RemoteProcessGroupAuditor.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/RemoteProcessGroupAuditor.java
@@ -16,11 +16,6 @@
*/
package org.apache.nifi.audit;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
import org.apache.nifi.action.Action;
import org.apache.nifi.action.Component;
import org.apache.nifi.action.FlowChangeAction;
@@ -30,18 +25,24 @@ import org.apache.nifi.action.details.ActionDetails;
import org.apache.nifi.action.details.FlowChangeConfigureDetails;
import org.apache.nifi.groups.RemoteProcessGroup;
import org.apache.nifi.remote.RemoteGroupPort;
-import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.apache.nifi.user.NiFiUser;
import org.apache.nifi.web.api.dto.RemoteProcessGroupContentsDTO;
import org.apache.nifi.web.api.dto.RemoteProcessGroupDTO;
import org.apache.nifi.web.api.dto.RemoteProcessGroupPortDTO;
import org.apache.nifi.web.dao.RemoteProcessGroupDAO;
+import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
/**
* Audits remote process group creation/removal and configuration changes.
*/
@@ -82,19 +83,18 @@ public class RemoteProcessGroupAuditor extends NiFiAuditor {
* Audits the update of remote process group configuration.
*
* @param proceedingJoinPoint join point
- * @param groupId group id
* @param remoteProcessGroupDTO dto
* @param remoteProcessGroupDAO dao
* @return group
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.RemoteProcessGroupDAO+) && "
- + "execution(org.apache.nifi.groups.RemoteProcessGroup updateRemoteProcessGroup(java.lang.String, org.apache.nifi.web.api.dto.RemoteProcessGroupDTO)) && "
- + "args(groupId, remoteProcessGroupDTO) && "
+ + "execution(org.apache.nifi.groups.RemoteProcessGroup updateRemoteProcessGroup(org.apache.nifi.web.api.dto.RemoteProcessGroupDTO)) && "
+ + "args(remoteProcessGroupDTO) && "
+ "target(remoteProcessGroupDAO)")
public RemoteProcessGroup auditUpdateProcessGroupConfiguration(
- ProceedingJoinPoint proceedingJoinPoint, String groupId, RemoteProcessGroupDTO remoteProcessGroupDTO, RemoteProcessGroupDAO remoteProcessGroupDAO) throws Throwable {
- final RemoteProcessGroup remoteProcessGroup = remoteProcessGroupDAO.getRemoteProcessGroup(groupId, remoteProcessGroupDTO.getId());
+ ProceedingJoinPoint proceedingJoinPoint, RemoteProcessGroupDTO remoteProcessGroupDTO, RemoteProcessGroupDAO remoteProcessGroupDAO) throws Throwable {
+ final RemoteProcessGroup remoteProcessGroup = remoteProcessGroupDAO.getRemoteProcessGroup(remoteProcessGroupDTO.getId());
// record the current value of this remoteProcessGroups configuration for comparisons later
final boolean transmissionState = remoteProcessGroup.isTransmitting();
@@ -298,18 +298,17 @@ public class RemoteProcessGroupAuditor extends NiFiAuditor {
* Audits the removal of a process group via deleteProcessGroup().
*
* @param proceedingJoinPoint join point
- * @param groupId group id
* @param remoteProcessGroupId remote group id
* @param remoteProcessGroupDAO remote group dao
* @throws Throwable ex
*/
@Around("within(org.apache.nifi.web.dao.RemoteProcessGroupDAO+) && "
- + "execution(void deleteRemoteProcessGroup(java.lang.String, java.lang.String)) && "
- + "args(groupId, remoteProcessGroupId) && "
+ + "execution(void deleteRemoteProcessGroup(java.lang.String)) && "
+ + "args(remoteProcessGroupId) && "
+ "target(remoteProcessGroupDAO)")
- public void removeRemoteProcessGroupAdvice(ProceedingJoinPoint proceedingJoinPoint, String groupId, String remoteProcessGroupId, RemoteProcessGroupDAO remoteProcessGroupDAO) throws Throwable {
+ public void removeRemoteProcessGroupAdvice(ProceedingJoinPoint proceedingJoinPoint, String remoteProcessGroupId, RemoteProcessGroupDAO remoteProcessGroupDAO) throws Throwable {
// get the remote process group before removing it
- RemoteProcessGroup remoteProcessGroup = remoteProcessGroupDAO.getRemoteProcessGroup(groupId, remoteProcessGroupId);
+ RemoteProcessGroup remoteProcessGroup = remoteProcessGroupDAO.getRemoteProcessGroup(remoteProcessGroupId);
// remove the remote process group
proceedingJoinPoint.proceed();
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/SnippetAuditor.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/SnippetAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/SnippetAuditor.java
index 4b7c38a..3fcc419 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/SnippetAuditor.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/SnippetAuditor.java
@@ -16,12 +16,8 @@
*/
package org.apache.nifi.audit;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
-
+import org.apache.commons.collections4.CollectionUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.action.Action;
import org.apache.nifi.action.Component;
import org.apache.nifi.action.FlowChangeAction;
@@ -38,7 +34,6 @@ import org.apache.nifi.controller.ProcessorNode;
import org.apache.nifi.controller.Snippet;
import org.apache.nifi.groups.ProcessGroup;
import org.apache.nifi.groups.RemoteProcessGroup;
-import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.apache.nifi.user.NiFiUser;
import org.apache.nifi.web.api.dto.ConnectableDTO;
import org.apache.nifi.web.api.dto.ConnectionDTO;
@@ -56,15 +51,19 @@ import org.apache.nifi.web.dao.ProcessGroupDAO;
import org.apache.nifi.web.dao.ProcessorDAO;
import org.apache.nifi.web.dao.RemoteProcessGroupDAO;
import org.apache.nifi.web.dao.SnippetDAO;
-
-import org.apache.commons.collections4.CollectionUtils;
-import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Set;
+
/**
*
*/
@@ -273,7 +272,7 @@ public class SnippetAuditor extends NiFiAuditor {
final Collection<Action> actions = new ArrayList<>();
for (String id : snippet.getProcessors()) {
- final ProcessorNode processor = processorDAO.getProcessor(groupId, id);
+ final ProcessorNode processor = processorDAO.getProcessor(id);
final Action action = processorAuditor.generateAuditRecord(processor, Operation.Move, createMoveDetails(previousGroupId, groupId, logger));
if (action != null) {
actions.add(action);
@@ -281,7 +280,7 @@ public class SnippetAuditor extends NiFiAuditor {
}
for (String id : snippet.getFunnels()) {
- final Funnel funnel = funnelDAO.getFunnel(groupId, id);
+ final Funnel funnel = funnelDAO.getFunnel(id);
final Action action = funnelAuditor.generateAuditRecord(funnel, Operation.Move, createMoveDetails(previousGroupId, groupId, logger));
if (action != null) {
actions.add(action);
@@ -289,7 +288,7 @@ public class SnippetAuditor extends NiFiAuditor {
}
for (String id : snippet.getInputPorts()) {
- final Port port = inputPortDAO.getPort(groupId, id);
+ final Port port = inputPortDAO.getPort(id);
final Action action = portAuditor.generateAuditRecord(port, Operation.Move, createMoveDetails(previousGroupId, groupId, logger));
if (action != null) {
actions.add(action);
@@ -297,7 +296,7 @@ public class SnippetAuditor extends NiFiAuditor {
}
for (String id : snippet.getOutputPorts()) {
- final Port port = outputPortDAO.getPort(groupId, id);
+ final Port port = outputPortDAO.getPort(id);
final Action action = portAuditor.generateAuditRecord(port, Operation.Move, createMoveDetails(previousGroupId, groupId, logger));
if (action != null) {
actions.add(action);
@@ -305,7 +304,7 @@ public class SnippetAuditor extends NiFiAuditor {
}
for (String id : snippet.getRemoteProcessGroups()) {
- final RemoteProcessGroup remoteProcessGroup = remoteProcessGroupDAO.getRemoteProcessGroup(groupId, id);
+ final RemoteProcessGroup remoteProcessGroup = remoteProcessGroupDAO.getRemoteProcessGroup(id);
final Action action = remoteProcessGroupAuditor.generateAuditRecord(remoteProcessGroup, Operation.Move, createMoveDetails(previousGroupId, groupId, logger));
if (action != null) {
actions.add(action);
@@ -322,7 +321,7 @@ public class SnippetAuditor extends NiFiAuditor {
}
for (String id : snippet.getConnections()) {
- final Connection connection = connectionDAO.getConnection(groupId, id);
+ final Connection connection = connectionDAO.getConnection(id);
final Action action = relationshipAuditor.generateAuditRecordForConnection(connection, Operation.Move, createMoveDetails(previousGroupId, groupId, logger));
if (action != null) {
actions.add(action);
@@ -355,27 +354,25 @@ public class SnippetAuditor extends NiFiAuditor {
final Snippet snippet = snippetDAO.getSnippet(snippetId);
if (snippet.isLinked()) {
- final String groupId = snippet.getParentGroupId();
-
// locate all the components being removed
final Set<Funnel> funnels = new HashSet<>();
for (String id : snippet.getFunnels()) {
- funnels.add(funnelDAO.getFunnel(groupId, id));
+ funnels.add(funnelDAO.getFunnel(id));
}
final Set<Port> inputPorts = new HashSet<>();
for (String id : snippet.getInputPorts()) {
- inputPorts.add(inputPortDAO.getPort(groupId, id));
+ inputPorts.add(inputPortDAO.getPort(id));
}
final Set<Port> outputPorts = new HashSet<>();
for (String id : snippet.getOutputPorts()) {
- outputPorts.add(outputPortDAO.getPort(groupId, id));
+ outputPorts.add(outputPortDAO.getPort(id));
}
final Set<RemoteProcessGroup> remoteProcessGroups = new HashSet<>();
for (String id : snippet.getRemoteProcessGroups()) {
- remoteProcessGroups.add(remoteProcessGroupDAO.getRemoteProcessGroup(groupId, id));
+ remoteProcessGroups.add(remoteProcessGroupDAO.getRemoteProcessGroup(id));
}
final Set<ProcessGroup> processGroups = new HashSet<>();
@@ -386,12 +383,12 @@ public class SnippetAuditor extends NiFiAuditor {
final Set<ProcessorNode> processors = new HashSet<>();
for (String id : snippet.getProcessors()) {
- processors.add(processorDAO.getProcessor(groupId, id));
+ processors.add(processorDAO.getProcessor(id));
}
final Set<Connection> connections = new HashSet<>();
for (String id : snippet.getConnections()) {
- connections.add(connectionDAO.getConnection(groupId, id));
+ connections.add(connectionDAO.getConnection(id));
}
// remove the snippet and components
[20/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java
deleted file mode 100644
index ed4dfa1..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Calendar;
-import java.util.Date;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountDisabledException;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AccountPendingException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.security.util.CertificateUtils;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- */
-public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
-
- private final String identity;
- private final int cacheDurationSeconds;
-
- public AuthorizeUserAction(String identity, int cacheDurationSeconds) {
- this.identity = identity;
- this.cacheDurationSeconds = cacheDurationSeconds;
- }
-
- @Override
- public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
-
- // get the user
- NiFiUser user = userDao.findUserByDn(identity);
-
- // verify the user was found
- if (user == null) {
- // determine whether this users exists
- boolean doesDnExist = false;
- try {
- doesDnExist = authorityProvider.doesDnExist(identity);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
- }
-
- // if the authority provider has the details for this user, create the account
- if (doesDnExist) {
- // create the user
- user = new NiFiUser();
- user.setIdentity(identity);
- user.setUserName(CertificateUtils.extractUsername(identity));
- user.setJustification("User details specified by authority provider.");
-
- try {
- // verify the users account
- verifyAccount(authorityProvider, user);
-
- // get the date used for verification
- Date now = user.getLastVerified();
-
- // update the last accessed field
- user.setLastAccessed(now);
- user.setCreation(now);
-
- // create the new user account
- CreateUserAction createUser = new CreateUserAction(user);
- createUser.execute(daoFactory, authorityProvider);
- } catch (UnknownIdentityException uie) {
- // strange since the provider just reported this dn existed but handleing anyways...
- throw new AccountNotFoundException(String.format("Unable to verify access for %s.", identity));
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
- }
- } else {
- throw new AccountNotFoundException(String.format("Unable to verify access for %s.", identity));
- }
- } else {
- Throwable providerError = null;
-
- // verify the users account if necessary
- if (isAccountVerificationRequired(user)) {
- try {
- // verify the users account
- verifyAccount(authorityProvider, user);
-
- // update the last accessed field
- user.setLastAccessed(user.getLastVerified());
- } catch (UnknownIdentityException uie) {
- // check the account status before attempting to update the account - depending on the account
- // status we might not need to update the account
- checkAccountStatus(user);
-
- // the user is currently active and they were not found in the providers - disable the account...
- user.setStatus(AccountStatus.DISABLED);
-
- // record the exception
- providerError = uie;
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
- }
- } else {
- // verfiy the users account status before allowing access.
- checkAccountStatus(user);
-
- // update the users last accessed time
- user.setLastAccessed(new Date());
- }
-
- // persist the user's updates
- UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user);
- updateUser.execute(daoFactory, authorityProvider);
-
- // persist the user's authorities
- UpdateUserAuthoritiesCacheAction updateUserAuthorities = new UpdateUserAuthoritiesCacheAction(user);
- updateUserAuthorities.execute(daoFactory, authorityProvider);
-
- if (providerError != null) {
- throw new AccountDisabledException(String.format("User credentials for %s were not found. This account has been disabled.", user.getIdentity()), providerError);
- }
- }
-
- return user;
- }
-
- /**
- * @return Determines if account verification is required
- */
- private boolean isAccountVerificationRequired(NiFiUser user) {
- // accounts that have never been verified obviously needs to be re-verified
- if (user.getLastVerified() == null) {
- return true;
- }
-
- // create a calendar and substract the threshold - anything
- // before this time will need to be re-verified
- Calendar calendar = Calendar.getInstance();
- calendar.add(Calendar.SECOND, -cacheDurationSeconds);
-
- return user.getLastVerified().before(calendar.getTime());
- }
-
- /**
- * Checks the account status of the specified user.
- *
- * @param user to check
- */
- private void checkAccountStatus(NiFiUser user) {
- if (AccountStatus.DISABLED.equals(user.getStatus())) {
- throw new AccountDisabledException(String.format("The account for %s has been disabled.", user.getIdentity()));
- } else if (AccountStatus.PENDING.equals(user.getStatus())) {
- throw new AccountPendingException(String.format("The account for %s is currently pending approval.", user.getIdentity()));
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/CreateUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/CreateUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/CreateUserAction.java
deleted file mode 100644
index 3833abb..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/CreateUserAction.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Set;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- * Action for creating a NiFiUser account.
- */
-public class CreateUserAction extends AbstractUserAction<Void> {
-
- private final NiFiUser user;
-
- public CreateUserAction(NiFiUser user) {
- this.user = user;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
- AuthorityDAO authorityDao = daoFactory.getAuthorityDAO();
-
- // create the user entry
- userDao.createUser(user);
-
- // create the authorities
- Set<Authority> authorities = user.getAuthorities();
- authorityDao.createAuthorities(authorities, user.getId());
-
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java
index cd13fa5..6b8a2d5 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java
@@ -19,7 +19,6 @@ package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
import org.apache.nifi.admin.dao.DataAccessException;
import org.apache.nifi.admin.dao.KeyDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
/**
*
@@ -38,7 +37,7 @@ public class DeleteKeysAction implements AdministrationAction<Void> {
}
@Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
+ public Void execute(DAOFactory daoFactory) throws DataAccessException {
final KeyDAO keyDao = daoFactory.getKeyDAO();
keyDao.deleteKeys(identity);
return null;
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteUserAction.java
deleted file mode 100644
index c2695d0..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteUserAction.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.KeyDAO;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- */
-public class DeleteUserAction implements AdministrationAction<Void> {
-
- private final String userId;
-
- /**
- * Creates a new transactions for deleting the specified user.
- *
- * @param userId user identifier
- */
- public DeleteUserAction(String userId) {
- this.userId = userId;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- final AuthorityDAO authorityDAO = daoFactory.getAuthorityDAO();
- final UserDAO userDAO = daoFactory.getUserDAO();
-
- // find the user and ensure they are currently revoked
- final NiFiUser user = userDAO.findUserById(userId);
-
- // ensure the user was found
- if (user == null) {
- throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", userId));
- }
-
- // ensure the user is in the appropriate state
- if (AccountStatus.ACTIVE.equals(user.getStatus())) {
- throw new IllegalStateException(String.format("An active user cannot be removed. Revoke user access before attempting to remove."));
- }
-
- // remove the user's keys
- final KeyDAO keyDao = daoFactory.getKeyDAO();
- keyDao.deleteKeys(user.getIdentity());
-
- // remove the user and their authorities
- authorityDAO.deleteAuthorities(userId);
- userDAO.deleteUser(userId);
-
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java
deleted file mode 100644
index bf7eae3..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.KeyDAO;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- *
- */
-public class DisableUserAction implements AdministrationAction<NiFiUser> {
-
- private static final Logger logger = LoggerFactory.getLogger(DisableUserAction.class);
-
- private final String id;
-
- public DisableUserAction(String id) {
- this.id = id;
- }
-
- @Override
- public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
-
- // get the user
- NiFiUser user = userDao.findUserById(id);
-
- // ensure the user exists
- if (user == null) {
- throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", id));
- }
-
- // update the account
- user.setStatus(AccountStatus.DISABLED);
- user.setUserGroup(null);
-
- // update the user locally
- userDao.updateUser(user);
-
- // remove the user's keys
- KeyDAO keyDao = daoFactory.getKeyDAO();
- keyDao.deleteKeys(user.getIdentity());
-
- try {
- // revoke the user in the authority provider
- authorityProvider.revokeUser(user.getIdentity());
- } catch (UnknownIdentityException uie) {
- // user identity is not known
- logger.info(String.format("User %s has already been removed from the authority provider.", user.getIdentity()));
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to revoke user '%s': %s", user.getIdentity(), aae.getMessage()), aae);
- }
-
- return user;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserGroupAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserGroupAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserGroupAction.java
deleted file mode 100644
index c6480ed..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserGroupAction.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Set;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.KeyDAO;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.user.NiFiUserGroup;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- *
- */
-public class DisableUserGroupAction implements AdministrationAction<NiFiUserGroup> {
-
- private static final Logger logger = LoggerFactory.getLogger(DisableUserGroupAction.class);
-
- private final String group;
-
- public DisableUserGroupAction(final String group) {
- this.group = group;
- }
-
- @Override
- public NiFiUserGroup execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- final UserDAO userDao = daoFactory.getUserDAO();
- final Set<NiFiUser> users = userDao.findUsersForGroup(group);
-
- // delete the keys for each user
- final KeyDAO keyDao = daoFactory.getKeyDAO();
- for (final NiFiUser user : users) {
- keyDao.deleteKeys(user.getIdentity());
- }
-
- // update the user group locally
- userDao.updateGroupStatus(group, AccountStatus.DISABLED);
-
- // populate the group details
- final NiFiUserGroup userGroup = new NiFiUserGroup();
- userGroup.setGroup(group);
- userGroup.setUsers(userDao.findUsersForGroup(group));
-
- try {
- // revoke the user in the authority provider
- authorityProvider.revokeGroup(group);
- } catch (UnknownIdentityException uie) {
- // user identity is not known
- logger.info(String.format("User group %s has already been removed from the authority provider.", group));
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to revoke user group '%s': %s", group, aae.getMessage()), aae);
- }
-
- return userGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByDnAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByDnAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByDnAction.java
deleted file mode 100644
index 8e5b574..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByDnAction.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- */
-public class FindUserByDnAction implements AdministrationAction<NiFiUser> {
-
- private final String dn;
-
- /**
- * Creates a new transactions for getting a user with the specified DN.
- *
- * @param dn The DN of the user to obtain
- */
- public FindUserByDnAction(String dn) {
- this.dn = dn;
- }
-
- @Override
- public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- // get a UserDAO
- UserDAO userDAO = daoFactory.getUserDAO();
-
- // return the desired user
- return userDAO.findUserByDn(dn);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByIdAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByIdAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByIdAction.java
deleted file mode 100644
index 0a10841..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByIdAction.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUser;
-
-public class FindUserByIdAction implements AdministrationAction<NiFiUser> {
-
- private final String id;
-
- /**
- * Creates a new transactions for getting a user with the specified id.
- *
- * @param id of user
- */
- public FindUserByIdAction(String id) {
- this.id = id;
- }
-
- @Override
- public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- // get a UserDAO
- UserDAO userDAO = daoFactory.getUserDAO();
-
- // return the desired user
- return userDAO.findUserById(id);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java
index 1dc5588..28bfe22 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java
@@ -19,7 +19,6 @@ package org.apache.nifi.admin.service.action;
import org.apache.nifi.action.Action;
import org.apache.nifi.admin.dao.ActionDAO;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
/**
* Gets the action with the specified id.
@@ -33,7 +32,7 @@ public class GetActionAction implements AdministrationAction<Action> {
}
@Override
- public Action execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Action execute(DAOFactory daoFactory) {
ActionDAO actionDao = daoFactory.getActionDAO();
return actionDao.getAction(id);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java
index 3b82d79..f975393 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java
@@ -16,13 +16,13 @@
*/
package org.apache.nifi.admin.service.action;
-import java.util.Date;
import org.apache.nifi.admin.dao.ActionDAO;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
import org.apache.nifi.history.History;
import org.apache.nifi.history.HistoryQuery;
+import java.util.Date;
+
/**
* Get all actions that match the specified query.
*/
@@ -35,7 +35,7 @@ public class GetActionsAction implements AdministrationAction<History> {
}
@Override
- public History execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public History execute(DAOFactory daoFactory) {
ActionDAO actionDao = daoFactory.getActionDAO();
// find all matching history
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java
index 8763b9d..7ef2272 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java
@@ -17,8 +17,6 @@
package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
-
import org.apache.nifi.admin.dao.KeyDAO;
import org.apache.nifi.key.Key;
@@ -34,7 +32,7 @@ public class GetKeyByIdAction implements AdministrationAction<Key> {
}
@Override
- public Key execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Key execute(DAOFactory daoFactory) {
final KeyDAO keyDao = daoFactory.getKeyDAO();
return keyDao.findKeyById(id);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java
index 9bcb0b3..3dd3794 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java
@@ -17,8 +17,6 @@
package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
-
import org.apache.nifi.admin.dao.KeyDAO;
import org.apache.nifi.key.Key;
@@ -34,7 +32,7 @@ public class GetKeyByIdentityAction implements AdministrationAction<Key> {
}
@Override
- public Key execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Key execute(DAOFactory daoFactory) {
final KeyDAO keyDao = daoFactory.getKeyDAO();
return keyDao.findLatestKeyByIdentity(identity);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetOrCreateKeyAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetOrCreateKeyAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetOrCreateKeyAction.java
index bb85b6f..8c86226 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetOrCreateKeyAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetOrCreateKeyAction.java
@@ -17,8 +17,6 @@
package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
-
import org.apache.nifi.admin.dao.KeyDAO;
import org.apache.nifi.key.Key;
@@ -34,7 +32,7 @@ public class GetOrCreateKeyAction implements AdministrationAction<Key> {
}
@Override
- public Key execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Key execute(DAOFactory daoFactory) {
final KeyDAO keyDao = daoFactory.getKeyDAO();
Key key = keyDao.findLatestKeyByIdentity(identity);
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetPreviousValues.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetPreviousValues.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetPreviousValues.java
index 569439b..337643f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetPreviousValues.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetPreviousValues.java
@@ -16,13 +16,13 @@
*/
package org.apache.nifi.admin.service.action;
-import java.util.List;
-import java.util.Map;
import org.apache.nifi.admin.dao.ActionDAO;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
import org.apache.nifi.history.PreviousValue;
+import java.util.List;
+import java.util.Map;
+
/**
* Gets the action with the specified id.
*/
@@ -35,7 +35,7 @@ public class GetPreviousValues implements AdministrationAction<Map<String, List<
}
@Override
- public Map<String, List<PreviousValue>> execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Map<String, List<PreviousValue>> execute(DAOFactory daoFactory) {
ActionDAO actionDao = daoFactory.getActionDAO();
return actionDao.getPreviousValues(componentId);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUserGroupAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUserGroupAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUserGroupAction.java
deleted file mode 100644
index 5377c46..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUserGroupAction.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUserGroup;
-
-/**
- *
- */
-public class GetUserGroupAction implements AdministrationAction<NiFiUserGroup> {
-
- private final String group;
-
- public GetUserGroupAction(String group) {
- this.group = group;
- }
-
- @Override
- public NiFiUserGroup execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- final UserDAO userDAO = daoFactory.getUserDAO();
- final NiFiUserGroup userGroup = new NiFiUserGroup();
-
- // set the group
- userGroup.setGroup(group);
-
- // get the users in this group
- userGroup.setUsers(userDAO.findUsersForGroup(group));
-
- // return the group
- return userGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUsersAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUsersAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUsersAction.java
deleted file mode 100644
index 42d180e..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUsersAction.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Collection;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- */
-public class GetUsersAction implements AdministrationAction<Collection<NiFiUser>> {
-
- @Override
- public Collection<NiFiUser> execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- // get a UserDAO
- UserDAO userDAO = daoFactory.getUserDAO();
-
- // return the desired user
- return userDAO.findUsers();
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/HasPendingUserAccounts.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/HasPendingUserAccounts.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/HasPendingUserAccounts.java
deleted file mode 100644
index 3325642..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/HasPendingUserAccounts.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-
-/**
- * Action for creating a NiFiUser account.
- */
-public class HasPendingUserAccounts extends AbstractUserAction<Boolean> {
-
- @Override
- public Boolean execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
- return userDao.hasPendingUserAccounts();
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserAccountAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserAccountAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserAccountAction.java
deleted file mode 100644
index 14596b2..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserAccountAction.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- * Invalidates a user account.
- */
-public class InvalidateUserAccountAction implements AdministrationAction<Void> {
-
- private final String id;
-
- public InvalidateUserAccountAction(String id) {
- this.id = id;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
-
- // get the current user details
- NiFiUser user = userDao.findUserById(id);
-
- // ensure the user exists
- if (user == null) {
- throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", id));
- }
-
- // invalidate the user account
- user.setLastVerified(null);
-
- // create the user entry
- userDao.updateUser(user);
-
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserGroupAccountsAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserGroupAccountsAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserGroupAccountsAction.java
deleted file mode 100644
index 0cb7e14..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserGroupAccountsAction.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-
-/**
- * Invalidates a user account.
- */
-public class InvalidateUserGroupAccountsAction implements AdministrationAction<Void> {
-
- private final String group;
-
- public InvalidateUserGroupAccountsAction(String group) {
- this.group = group;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
-
- // create the user entry
- userDao.updateGroupVerification(group, null);
-
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/PurgeActionsAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/PurgeActionsAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/PurgeActionsAction.java
index 6928e0d..9d970dc 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/PurgeActionsAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/PurgeActionsAction.java
@@ -19,7 +19,6 @@ package org.apache.nifi.admin.service.action;
import org.apache.nifi.action.Action;
import org.apache.nifi.admin.dao.ActionDAO;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
import java.util.Date;
@@ -37,7 +36,7 @@ public class PurgeActionsAction implements AdministrationAction<Void> {
}
@Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Void execute(DAOFactory daoFactory) {
ActionDAO actionDao = daoFactory.getActionDAO();
// remove the corresponding actions
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java
deleted file mode 100644
index 198a32d..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Date;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.security.util.CertificateUtils;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- */
-public class RequestUserAccountAction implements AdministrationAction<NiFiUser> {
-
- private final String identity;
- private final String justification;
-
- public RequestUserAccountAction(String identity, String justification) {
- this.identity = identity;
- this.justification = justification;
- }
-
- @Override
- public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
-
- // determine if this user already exists
- NiFiUser user = userDao.findUserByDn(identity);
- if (user != null) {
- throw new IllegalArgumentException(String.format("User account for %s already exists.", identity));
- }
-
- // create the user
- user = new NiFiUser();
- user.setIdentity(identity);
- user.setUserName(CertificateUtils.extractUsername(identity));
- user.setJustification(justification);
- user.setStatus(AccountStatus.PENDING);
-
- // update user timestamps
- Date now = new Date();
- user.setCreation(now);
-
- // create the new user account
- userDao.createUser(user);
-
- return user;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java
deleted file mode 100644
index c16cc71..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.HashSet;
-import java.util.Set;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.security.util.CertificateUtils;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Seeds the user accounts. This action is performed at start up because it
- * takes the users specified in the authority provider and makes them available
- * to be seen in the UI. This happens because the UI loads the users from the
- * cache. Without pre loading the users, the table in the UI would only show a
- * given user once they have visited the application.
- */
-public class SeedUserAccountsAction extends AbstractUserAction<Void> {
-
- private static final Logger logger = LoggerFactory.getLogger(SeedUserAccountsAction.class);
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
- Set<String> authorizedIdentities = new HashSet<>();
-
- // get the current user cache
- final Set<NiFiUser> existingUsers;
- try {
- existingUsers = userDao.findUsers();
- } catch (Exception e) {
- // unable to access local cache... start up failure
- logger.error(String.format("Unable to get existing user base. Cannot proceed until these users can be "
- + "verified against the current authority provider: %s", e));
- throw new AdministrationException(e);
- }
-
- try {
- // all users for all roles
- for (final Authority authority : Authority.values()) {
- authorizedIdentities.addAll(authorityProvider.getUsers(authority));
- }
- } catch (AuthorityAccessException aae) {
- // unable to access the authority provider... honor the cache
- logger.warn("Unable to access authority provider due to " + aae);
- return null;
- }
-
- final Set<NiFiUser> accountsToRevoke = new HashSet<>(existingUsers);
-
- // persist the users
- for (String identity : authorizedIdentities) {
- NiFiUser user = null;
- try {
- // locate the user for this dn
- user = userDao.findUserByDn(identity);
- boolean newAccount = false;
-
- // if the user does not exist, create a new account
- if (user == null) {
- logger.info(String.format("Creating user account: %s", identity));
- newAccount = true;
-
- // create the user
- user = new NiFiUser();
- user.setIdentity(identity);
- user.setUserName(CertificateUtils.extractUsername(identity));
- user.setJustification("User details specified by authority provider.");
- } else {
- logger.info(String.format("User account already created: %s. Updating authorities...", identity));
- }
-
- // verify the account
- verifyAccount(authorityProvider, user);
-
- // persist the account accordingly
- if (newAccount) {
- CreateUserAction createUser = new CreateUserAction(user);
- createUser.execute(daoFactory, authorityProvider);
- } else {
- // this is not a new user and we have just verified their
- // account, do not revoke...
- accountsToRevoke.remove(user);
-
- // persist the user
- UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user);
- updateUser.execute(daoFactory, authorityProvider);
-
- // persist the user's authorities
- UpdateUserAuthoritiesCacheAction updateUserAuthorities = new UpdateUserAuthoritiesCacheAction(user);
- updateUserAuthorities.execute(daoFactory, authorityProvider);
- }
- } catch (DataAccessException dae) {
- if (user != null) {
- logger.warn(String.format("Unable to access account details in local cache for user %s: %s", user, dae.getMessage()));
- } else {
- logger.warn(String.format("Unable to access account details in local cache: %s", dae.getMessage()));
- }
- } catch (UnknownIdentityException uie) {
- if (user != null) {
- logger.warn(String.format("Unable to find account details in authority provider for user %s: %s", user, uie.getMessage()));
- } else {
- logger.warn(String.format("Unable to find account details in authority provider: %s", uie.getMessage()));
- }
- } catch (AuthorityAccessException aae) {
- logger.warn("Unable to access authority provider due to " + aae);
-
- // unable to access authority provider for this user, honor the cache for now
- accountsToRevoke.remove(user);
- }
- }
-
- // remove all users that are no longer in the provider
- for (final NiFiUser user : accountsToRevoke) {
- // allow pending requests to remain...
- if (AccountStatus.PENDING.equals(user.getStatus())) {
- continue;
- }
-
- try {
- logger.info(String.format("User not authorized with configured provider: %s. Disabling account...", user.getIdentity()));
-
- // disable the account and reset its last verified timestamp since it was not found
- // in the current configured authority provider
- user.setStatus(AccountStatus.DISABLED);
- user.setLastVerified(null);
-
- // update the user record
- UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user);
- updateUser.execute(daoFactory, authorityProvider);
- } catch (final Exception e) {
- // unable to revoke access for someone we know is not authorized... fail start up
- logger.error(String.format("Unable to revoke access for user %s that is no longer authorized: %s", user, e));
- throw new AdministrationException(e);
- }
- }
-
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java
deleted file mode 100644
index 2604a47..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- */
-public class UngroupUserAction extends AbstractUserAction<Void> {
-
- private final String userId;
-
- public UngroupUserAction(String userId) {
- this.userId = userId;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
- final UserDAO userDao = daoFactory.getUserDAO();
-
- // get the user in question
- final NiFiUser user = userDao.findUserById(userId);
-
- // ensure the user exists
- if (user == null) {
- throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", userId));
- }
-
- // set the user group
- user.setUserGroup(null);
-
- // update the user locally
- userDao.updateUser(user);
-
- try {
- // update the authority provider
- authorityProvider.ungroupUser(user.getIdentity());
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to ungroup user '%s': %s", user.getIdentity(), uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to ungroup user '%s': %s", user.getIdentity(), aae.getMessage()), aae);
- }
-
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserGroupAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserGroupAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserGroupAction.java
deleted file mode 100644
index fa24fbe..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserGroupAction.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-
-/**
- *
- */
-public class UngroupUserGroupAction extends AbstractUserAction<Void> {
-
- private final String group;
-
- public UngroupUserGroupAction(String group) {
- this.group = group;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
- final UserDAO userDao = daoFactory.getUserDAO();
-
- // update the user locally
- userDao.ungroup(group);
-
- try {
- // update the authority provider
- authorityProvider.ungroup(group);
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to ungroup '%s': %s", group, uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to ungroup '%s': %s", group, aae.getMessage()), aae);
- }
-
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java
deleted file mode 100644
index ecb91e6..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Date;
-import java.util.Set;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Sets user authorities.
- */
-public class UpdateUserAction extends AbstractUserAction<NiFiUser> {
-
- private static final Logger logger = LoggerFactory.getLogger(UpdateUserAction.class);
-
- private final String id;
- private final Set<Authority> authorities;
-
- public UpdateUserAction(String id, Set<Authority> authorities) {
- this.id = id;
- this.authorities = authorities;
- }
-
- @Override
- public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException, AdministrationException {
- UserDAO userDao = daoFactory.getUserDAO();
-
- // get the user
- NiFiUser user = userDao.findUserById(id);
-
- // ensure the user exists
- if (user == null) {
- throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", id));
- }
-
- // determine whether this users exists
- boolean doesIdentityExist = false;
- try {
- doesIdentityExist = authorityProvider.doesDnExist(user.getIdentity());
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
- }
-
- // if the user already doesn't exist, add them
- if (!doesIdentityExist) {
- try {
- // add the account account and group if necessary
- authorityProvider.addUser(user.getIdentity(), user.getUserGroup());
- } catch (final IdentityAlreadyExistsException iaee) {
- logger.warn(String.format("User '%s' already exists in the authority provider. Continuing with user update.", user.getIdentity()));
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authorities for '%s': %s", user.getIdentity(), aae.getMessage()), aae);
- }
- }
-
- try {
- // update the authority provider as approprivate
- authorityProvider.setAuthorities(user.getIdentity(), authorities);
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
- }
-
- try {
- // get the user group
- user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity()));
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
- }
-
- // since all the authorities were updated accordingly, set the authorities
- user.getAuthorities().clear();
- user.getAuthorities().addAll(authorities);
-
- // update the users status in case they were previously pending or disabled
- user.setStatus(AccountStatus.ACTIVE);
-
- // update the users last verified time - this timestamp shouldn't be recorded
- // until the both the user's authorities and group have been synced
- Date now = new Date();
- user.setLastVerified(now);
-
- // persist the user's updates
- UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user);
- updateUser.execute(daoFactory, authorityProvider);
-
- // persist the user's authorities
- UpdateUserAuthoritiesCacheAction updateUserAuthorities = new UpdateUserAuthoritiesCacheAction(user);
- updateUserAuthorities.execute(daoFactory, authorityProvider);
-
- // return the user
- return user;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAuthoritiesCacheAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAuthoritiesCacheAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAuthoritiesCacheAction.java
deleted file mode 100644
index 89661b2..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAuthoritiesCacheAction.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Set;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.collections4.CollectionUtils;
-
-/**
- * Updates a NiFiUser's authorities. Prior to invoking this action, the user's
- * authorities should be set according to the business logic of the service in
- * question. This should not be invoked directly when attempting to set user
- * authorities as the authorityProvider is not called from this action.
- */
-public class UpdateUserAuthoritiesCacheAction extends AbstractUserAction<Void> {
-
- private final NiFiUser user;
-
- public UpdateUserAuthoritiesCacheAction(NiFiUser user) {
- this.user = user;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
- AuthorityDAO authorityDao = daoFactory.getAuthorityDAO();
-
- // get the user
- NiFiUser currentUser = userDao.findUserById(user.getId());
-
- // ensure the user exists
- if (currentUser == null) {
- throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", user.getId()));
- }
-
- // determine what authorities need to be added/removed
- Set<Authority> authorities = user.getAuthorities();
- Set<Authority> authoritiesToAdd = determineAuthoritiesToAdd(currentUser, authorities);
- Set<Authority> authoritiesToRemove = determineAuthoritiesToRemove(currentUser, authorities);
-
- // update the user authorities locally
- if (CollectionUtils.isNotEmpty(authoritiesToAdd)) {
- authorityDao.createAuthorities(authoritiesToAdd, user.getId());
- }
- if (CollectionUtils.isNotEmpty(authoritiesToRemove)) {
- authorityDao.deleteAuthorities(authoritiesToRemove, user.getId());
- }
-
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserCacheAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserCacheAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserCacheAction.java
deleted file mode 100644
index 288e297..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserCacheAction.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- * Updates a NiFiUser. This will not update the user authorities, they must be
- * updated with the UpdateUserAuthoritiesAction.
- */
-public class UpdateUserCacheAction extends AbstractUserAction<Void> {
-
- private final NiFiUser user;
-
- public UpdateUserCacheAction(NiFiUser user) {
- this.user = user;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
-
- // update the user
- userDao.updateUser(user);
-
- return null;
- }
-
-}
[11/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/LabelResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/LabelResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/LabelResource.java
index 400c92a..4cd60f7 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/LabelResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/LabelResource.java
@@ -16,59 +16,48 @@
*/
package org.apache.nifi.web.api;
-import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import com.wordnik.swagger.annotations.Authorization;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.Set;
-import java.util.UUID;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.cluster.manager.impl.WebClusterManager;
+import org.apache.nifi.util.NiFiProperties;
+import org.apache.nifi.web.ConfigurationSnapshot;
+import org.apache.nifi.web.NiFiServiceFacade;
+import org.apache.nifi.web.Revision;
+import org.apache.nifi.web.api.dto.LabelDTO;
+import org.apache.nifi.web.api.dto.RevisionDTO;
+import org.apache.nifi.web.api.entity.LabelEntity;
+import org.apache.nifi.web.api.request.ClientIdParameter;
+import org.apache.nifi.web.api.request.LongParameter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
-import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HttpMethod;
-import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
-import org.apache.nifi.cluster.manager.impl.WebClusterManager;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.ConfigurationSnapshot;
-import org.apache.nifi.web.NiFiServiceFacade;
-import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.api.dto.LabelDTO;
-import org.apache.nifi.web.api.dto.PositionDTO;
-import org.apache.nifi.web.api.dto.RevisionDTO;
-import org.apache.nifi.web.api.entity.LabelEntity;
-import org.apache.nifi.web.api.entity.LabelsEntity;
-import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.nifi.web.api.request.DoubleParameter;
-import org.apache.nifi.web.api.request.LongParameter;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.access.prepost.PreAuthorize;
+import java.net.URI;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
/**
* RESTful endpoint for managing a Label.
*/
-@Api(hidden = true)
+@Path("labels")
public class LabelResource extends ApplicationResource {
private static final Logger logger = LoggerFactory.getLogger(LabelResource.class);
@@ -76,7 +65,6 @@ public class LabelResource extends ApplicationResource {
private NiFiServiceFacade serviceFacade;
private WebClusterManager clusterManager;
private NiFiProperties properties;
- private String groupId;
/**
* Populates the uri for the specified labels.
@@ -94,229 +82,13 @@ public class LabelResource extends ApplicationResource {
/**
* Populates the uri for the specified label.
*/
- private LabelDTO populateRemainingLabelContent(LabelDTO label) {
+ public LabelDTO populateRemainingLabelContent(LabelDTO label) {
// populate the label href
- label.setUri(generateResourceUri("controller", "process-groups", groupId, "labels", label.getId()));
+ label.setUri(generateResourceUri("labels", label.getId()));
return label;
}
/**
- * Retrieves all the of labels in this NiFi.
- *
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @return A labelsEntity.
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
- @ApiOperation(
- value = "Gets all labels",
- response = LabelsEntity.class,
- authorizations = {
- @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response getLabels(
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId) {
-
- // replicate if cluster manager
- if (properties.isClusterManager()) {
- return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
- }
-
- // get all the labels
- final Set<LabelDTO> labels = populateRemainingLabelsContent(serviceFacade.getLabels(groupId));
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final LabelsEntity entity = new LabelsEntity();
- entity.setRevision(revision);
- entity.setLabels(labels);
-
- // generate the response
- return clusterContext(generateOkResponse(entity)).build();
- }
-
- /**
- * Creates a new label.
- *
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param x The x coordinate for this funnels position.
- * @param y The y coordinate for this funnels position.
- * @param width The width of the label.
- * @param height The height of the label.
- * @param label The label's value.
- * @return A labelEntity.
- */
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response createLabel(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @FormParam("x") DoubleParameter x, @FormParam("y") DoubleParameter y,
- @FormParam("width") DoubleParameter width, @FormParam("height") DoubleParameter height,
- @FormParam("label") String label) {
-
- // ensure the position has been specified
- if (x == null || y == null) {
- throw new IllegalArgumentException("The position (x, y) must be specified");
- }
-
- // ensure the size has been specified
- if (width == null || height == null) {
- throw new IllegalArgumentException("The size (width, height) must be specified.");
- }
-
- // create the label DTO
- final LabelDTO labelDTO = new LabelDTO();
- labelDTO.setPosition(new PositionDTO(x.getDouble(), y.getDouble()));
- labelDTO.setWidth(width.getDouble());
- labelDTO.setHeight(height.getDouble());
- labelDTO.setLabel(label);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the label entity
- final LabelEntity labelEntity = new LabelEntity();
- labelEntity.setRevision(revision);
- labelEntity.setLabel(labelDTO);
-
- // create the label
- return createLabel(httpServletRequest, labelEntity);
- }
-
- /**
- * Creates a new Label.
- *
- * @param httpServletRequest request
- * @param labelEntity A labelEntity.
- * @return A labelEntity.
- */
- @POST
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- @ApiOperation(
- value = "Creates a label",
- response = LabelEntity.class,
- authorizations = {
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response createLabel(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The label configuration details.",
- required = true
- ) LabelEntity labelEntity) {
-
- if (labelEntity == null || labelEntity.getLabel() == null) {
- throw new IllegalArgumentException("Label details must be specified.");
- }
-
- if (labelEntity.getRevision() == null) {
- throw new IllegalArgumentException("Revision must be specified.");
- }
-
- if (labelEntity.getLabel().getId() != null) {
- throw new IllegalArgumentException("Label ID cannot be specified.");
- }
-
- // if cluster manager, convert POST to PUT (to maintain same ID across nodes) and replicate
- if (properties.isClusterManager()) {
-
- // create ID for resource
- final String id = UUID.randomUUID().toString();
-
- // set ID for resource
- labelEntity.getLabel().setId(id);
-
- // convert POST request to PUT request to force entity ID to be the same across nodes
- URI putUri = null;
- try {
- putUri = new URI(getAbsolutePath().toString() + "/" + id);
- } catch (final URISyntaxException e) {
- throw new WebApplicationException(e);
- }
-
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // replicate put request
- return (Response) clusterManager.applyRequest(HttpMethod.PUT, putUri, updateClientId(labelEntity), getHeaders(headersToOverride)).getResponse();
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // create the label and generate the json
- final RevisionDTO revision = labelEntity.getRevision();
- final ConfigurationSnapshot<LabelDTO> controllerResponse = serviceFacade.createLabel(
- new Revision(revision.getVersion(), revision.getClientId()), groupId, labelEntity.getLabel());
- final LabelDTO label = controllerResponse.getConfiguration();
- populateRemainingLabelContent(label);
-
- // get the updated revision
- final RevisionDTO updatedRevision = new RevisionDTO();
- updatedRevision.setClientId(revision.getClientId());
- updatedRevision.setVersion(controllerResponse.getVersion());
-
- // build the response entity
- final LabelEntity entity = new LabelEntity();
- entity.setRevision(updatedRevision);
- entity.setLabel(label);
-
- // build the response
- return clusterContext(generateCreatedResponse(URI.create(label.getUri()), entity)).build();
- }
-
- /**
* Retrieves the specified label.
*
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
@@ -325,9 +97,9 @@ public class LabelResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets a label",
response = LabelEntity.class,
@@ -364,7 +136,7 @@ public class LabelResource extends ApplicationResource {
}
// get the label
- final LabelDTO label = serviceFacade.getLabel(groupId, id);
+ final LabelDTO label = serviceFacade.getLabel(id);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -382,104 +154,15 @@ public class LabelResource extends ApplicationResource {
* Updates the specified label.
*
* @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param id The id of the label to update.
- * @param x The x coordinate for this funnels position.
- * @param y The y coordinate for this funnels position.
- * @param width The width of the label.
- * @param height The height of the label.
- * @param label The label's value.
- * @param formParams Additionally, the label styles are specified in the form parameters. They are specified in a map-like fashion:
- * <br>
- * <ul>
- * <li>style[background-color]=#aaaaaa</li>
- * </ul>
- *
- * @return A labelEntity.
- */
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response updateLabel(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("id") String id, @FormParam("label") String label,
- @FormParam("x") DoubleParameter x, @FormParam("y") DoubleParameter y,
- @FormParam("width") DoubleParameter width, @FormParam("height") DoubleParameter height,
- MultivaluedMap<String, String> formParams) {
-
- final Map<String, String> labelStyle = new LinkedHashMap<>();
-
- // go through each parameter and look for processor properties
- for (String parameterName : formParams.keySet()) {
- if (StringUtils.isNotBlank(parameterName)) {
- // see if the parameter name starts with an expected parameter type...
- if (parameterName.startsWith("style")) {
- final int startIndex = StringUtils.indexOf(parameterName, "[");
- final int endIndex = StringUtils.lastIndexOf(parameterName, "]");
- if (startIndex != -1 && endIndex != -1) {
- final String styleName = StringUtils.substring(parameterName, startIndex + 1, endIndex);
- labelStyle.put(styleName, formParams.getFirst(parameterName));
- }
- }
- }
- }
-
- // create the label DTO
- final LabelDTO labelDTO = new LabelDTO();
- labelDTO.setId(id);
- labelDTO.setLabel(label);
-
- // only set the styles when appropriate
- if (!labelStyle.isEmpty()) {
- labelDTO.setStyle(labelStyle);
- }
-
- // require both coordinates to be specified
- if (x != null && y != null) {
- labelDTO.setPosition(new PositionDTO(x.getDouble(), y.getDouble()));
- }
-
- // require both width and height to be specified
- if (width != null && height != null) {
- labelDTO.setWidth(width.getDouble());
- labelDTO.setHeight(height.getDouble());
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the label entity
- final LabelEntity labelEntity = new LabelEntity();
- labelEntity.setRevision(revision);
- labelEntity.setLabel(labelDTO);
-
- // update the label
- return updateLabel(httpServletRequest, id, labelEntity);
- }
-
- /**
- * Updates the specified label.
- *
- * @param httpServletRequest request
* @param id The id of the label to update.
* @param labelEntity A labelEntity.
* @return A labelEntity.
*/
@PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates a label",
response = LabelEntity.class,
@@ -542,7 +225,7 @@ public class LabelResource extends ApplicationResource {
// update the label
final RevisionDTO revision = labelEntity.getRevision();
final ConfigurationSnapshot<LabelDTO> controllerResponse = serviceFacade.updateLabel(
- new Revision(revision.getVersion(), revision.getClientId()), groupId, requestLabelDTO);
+ new Revision(revision.getVersion(), revision.getClientId()), requestLabelDTO);
// get the results
final LabelDTO responseLabelDTO = controllerResponse.getConfiguration();
@@ -576,9 +259,9 @@ public class LabelResource extends ApplicationResource {
*/
@DELETE
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Deletes a label",
response = LabelEntity.class,
@@ -631,7 +314,7 @@ public class LabelResource extends ApplicationResource {
}
// delete the specified label
- final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteLabel(new Revision(clientVersion, clientId.getClientId()), groupId, id);
+ final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteLabel(new Revision(clientVersion, clientId.getClientId()), id);
// get the updated revision
final RevisionDTO revision = new RevisionDTO();
@@ -650,10 +333,6 @@ public class LabelResource extends ApplicationResource {
this.serviceFacade = serviceFacade;
}
- public void setGroupId(String groupId) {
- this.groupId = groupId;
- }
-
public void setClusterManager(WebClusterManager clusterManager) {
this.clusterManager = clusterManager;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/NodeResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/NodeResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/NodeResource.java
index d3eb77a..6d19462 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/NodeResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/NodeResource.java
@@ -30,7 +30,6 @@ import org.apache.nifi.web.api.dto.NodeDTO;
import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.entity.NodeEntity;
import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.springframework.security.access.prepost.PreAuthorize;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@@ -65,7 +64,7 @@ public class NodeResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/{id}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets a node in the cluster",
response = NodeEntity.class,
@@ -132,7 +131,7 @@ public class NodeResource extends ApplicationResource {
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/{id}")
- @PreAuthorize("hasAnyRole('ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_ADMIN')")
public Response updateNode(@QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
@PathParam("id") String id,
@FormParam("status") String status,
@@ -168,7 +167,7 @@ public class NodeResource extends ApplicationResource {
@Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/{id}")
- @PreAuthorize("hasAnyRole('ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_ADMIN')")
@ApiOperation(
value = "Updates a node in the cluster",
response = NodeEntity.class,
@@ -244,7 +243,7 @@ public class NodeResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/{id}")
- @PreAuthorize("hasAnyRole('ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_ADMIN')")
@ApiOperation(
value = "Removes a node from the cluster",
response = NodeEntity.class,
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OutputPortResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OutputPortResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OutputPortResource.java
index e76fcf0..0d55525 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OutputPortResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OutputPortResource.java
@@ -16,38 +16,12 @@
*/
package org.apache.nifi.web.api;
-import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import com.wordnik.swagger.annotations.Authorization;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.UUID;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.FormParam;
-import javax.ws.rs.GET;
-import javax.ws.rs.HttpMethod;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-
+import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.cluster.manager.NodeResponse;
import org.apache.nifi.cluster.manager.exception.UnknownNodeException;
import org.apache.nifi.cluster.manager.impl.WebClusterManager;
@@ -58,25 +32,39 @@ import org.apache.nifi.web.ConfigurationSnapshot;
import org.apache.nifi.web.NiFiServiceFacade;
import org.apache.nifi.web.Revision;
import org.apache.nifi.web.api.dto.PortDTO;
-import org.apache.nifi.web.api.dto.PositionDTO;
import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.dto.status.PortStatusDTO;
import org.apache.nifi.web.api.entity.OutputPortEntity;
-import org.apache.nifi.web.api.entity.OutputPortsEntity;
import org.apache.nifi.web.api.entity.PortStatusEntity;
import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.nifi.web.api.request.DoubleParameter;
-import org.apache.nifi.web.api.request.IntegerParameter;
import org.apache.nifi.web.api.request.LongParameter;
-import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.access.prepost.PreAuthorize;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.GET;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.net.URI;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
/**
* RESTful endpoint for managing an Output Port.
*/
-@Api(hidden = true)
+@Path("output-ports")
public class OutputPortResource extends ApplicationResource {
private static final Logger logger = LoggerFactory.getLogger(OutputPortResource.class);
@@ -84,7 +72,6 @@ public class OutputPortResource extends ApplicationResource {
private NiFiServiceFacade serviceFacade;
private WebClusterManager clusterManager;
private NiFiProperties properties;
- private String groupId;
/**
* Populates the uri for the specified output ports.
@@ -102,220 +89,13 @@ public class OutputPortResource extends ApplicationResource {
/**
* Populates the uri for the specified output ports.
*/
- private PortDTO populateRemainingOutputPortContent(PortDTO outputPort) {
+ public PortDTO populateRemainingOutputPortContent(PortDTO outputPort) {
// populate the output port uri
- outputPort.setUri(generateResourceUri("controller", "process-groups", outputPort.getParentGroupId(), "output-ports", outputPort.getId()));
+ outputPort.setUri(generateResourceUri("output-ports", outputPort.getId()));
return outputPort;
}
/**
- * Retrieves all the of output ports in this NiFi.
- *
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @return A outputPortsEntity.
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
- @ApiOperation(
- value = "Gets all output ports",
- response = OutputPortsEntity.class,
- authorizations = {
- @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response getOutputPorts(
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId) {
-
- // replicate if cluster manager
- if (properties.isClusterManager()) {
- return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
- }
-
- // get all the output ports
- final Set<PortDTO> outputPorts = populateRemainingOutputPortsContent(serviceFacade.getOutputPorts(groupId));
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final OutputPortsEntity entity = new OutputPortsEntity();
- entity.setRevision(revision);
- entity.setOutputPorts(outputPorts);
-
- // generate the response
- return clusterContext(generateOkResponse(entity)).build();
- }
-
- /**
- * Creates a new output port.
- *
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param x The x coordinate for this funnels position.
- * @param y The y coordinate for this funnels position.
- * @param name The output ports name.
- * @return An outputPortEntity.
- */
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response createOutputPort(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @FormParam("x") DoubleParameter x, @FormParam("y") DoubleParameter y,
- @FormParam("name") String name) {
-
- // ensure the position has been specified
- if (x == null || y == null) {
- throw new IllegalArgumentException("The position (x, y) must be specified");
- }
-
- // create the output port DTO
- final PortDTO outputPortDTO = new PortDTO();
- outputPortDTO.setPosition(new PositionDTO(x.getDouble(), y.getDouble()));
- outputPortDTO.setName(name);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the output port entity entity
- final OutputPortEntity portEntity = new OutputPortEntity();
- portEntity.setRevision(revision);
- portEntity.setOutputPort(outputPortDTO);
-
- // create the output port
- return createOutputPort(httpServletRequest, portEntity);
- }
-
- /**
- * Creates a new output port.
- *
- * @param httpServletRequest request
- * @param portEntity A outputPortEntity.
- * @return A outputPortEntity.
- */
- @POST
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- @ApiOperation(
- value = "Creates an output port",
- response = OutputPortEntity.class,
- authorizations = {
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response createOutputPort(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The output port configuration.",
- required = true
- ) OutputPortEntity portEntity) {
-
- if (portEntity == null || portEntity.getOutputPort() == null) {
- throw new IllegalArgumentException("Port details must be specified.");
- }
-
- if (portEntity.getRevision() == null) {
- throw new IllegalArgumentException("Revision must be specified.");
- }
-
- if (portEntity.getOutputPort().getId() != null) {
- throw new IllegalArgumentException("Output port ID cannot be specified.");
- }
-
- // if cluster manager, convert POST to PUT (to maintain same ID across nodes) and replicate
- if (properties.isClusterManager()) {
-
- // create ID for resource
- final String id = UUID.randomUUID().toString();
-
- // set ID for resource
- portEntity.getOutputPort().setId(id);
-
- // convert POST request to PUT request to force entity ID to be the same across nodes
- URI putUri = null;
- try {
- putUri = new URI(getAbsolutePath().toString() + "/" + id);
- } catch (final URISyntaxException e) {
- throw new WebApplicationException(e);
- }
-
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // replicate put request
- return (Response) clusterManager.applyRequest(HttpMethod.PUT, putUri, updateClientId(portEntity), getHeaders(headersToOverride)).getResponse();
-
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // create the output port and generate the json
- final RevisionDTO revision = portEntity.getRevision();
- final ConfigurationSnapshot<PortDTO> controllerResponse = serviceFacade.createOutputPort(
- new Revision(revision.getVersion(), revision.getClientId()), groupId, portEntity.getOutputPort());
- final PortDTO port = controllerResponse.getConfiguration();
- populateRemainingOutputPortContent(port);
-
- // get the updated revision
- final RevisionDTO updatedRevision = new RevisionDTO();
- updatedRevision.setClientId(revision.getClientId());
- updatedRevision.setVersion(controllerResponse.getVersion());
-
- // build the response entity
- final OutputPortEntity entity = new OutputPortEntity();
- entity.setRevision(updatedRevision);
- entity.setOutputPort(port);
-
- // build the response
- return clusterContext(generateCreatedResponse(URI.create(port.getUri()), entity)).build();
- }
-
- /**
* Retrieves the specified output port.
*
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
@@ -324,9 +104,9 @@ public class OutputPortResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets an output port",
response = OutputPortEntity.class,
@@ -363,7 +143,7 @@ public class OutputPortResource extends ApplicationResource {
}
// get the port
- final PortDTO port = serviceFacade.getOutputPort(groupId, id);
+ final PortDTO port = serviceFacade.getOutputPort(id);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -386,9 +166,9 @@ public class OutputPortResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/status")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets status for an output port",
response = PortStatusEntity.class,
@@ -462,7 +242,7 @@ public class OutputPortResource extends ApplicationResource {
}
// get the specified output port status
- final PortStatusDTO portStatus = serviceFacade.getOutputPortStatus(groupId, id);
+ final PortStatusDTO portStatus = serviceFacade.getOutputPortStatus(id);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -481,96 +261,15 @@ public class OutputPortResource extends ApplicationResource {
* Updates the specified output port.
*
* @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param id The id of the output port to update.
- * @param x The x coordinate for this output ports position.
- * @param y The y coordinate for this output ports position.
- * @param comments Any comments about this output port.
- * @param name The output ports name.
- * @param groupAccessControl The allowed groups for this output port.
- * @param userAccessControl The allowed users for this output port.
- * @param state The state of this port.
- * @param concurrentlySchedulableTaskCount The number of concurrently schedulable tasks.
- * @param formParams params
- * @return A outputPortEntity.
- */
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response updateOutputPort(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("id") String id,
- @FormParam("x") DoubleParameter x,
- @FormParam("y") DoubleParameter y,
- @FormParam("comments") String comments,
- @FormParam("groupAccessControl[]") Set<String> groupAccessControl,
- @FormParam("userAccessControl[]") Set<String> userAccessControl,
- @FormParam("name") String name,
- @FormParam("state") String state,
- @FormParam("concurrentlySchedulableTaskCount") IntegerParameter concurrentlySchedulableTaskCount,
- MultivaluedMap<String, String> formParams) {
-
- // create the output port DTO
- final PortDTO portDTO = new PortDTO();
- portDTO.setId(id);
- portDTO.setComments(comments);
- portDTO.setName(name);
- portDTO.setState(state);
-
- if (concurrentlySchedulableTaskCount != null) {
- portDTO.setConcurrentlySchedulableTaskCount(concurrentlySchedulableTaskCount.getInteger());
- }
-
- // require both coordinates to be specified
- if (x != null && y != null) {
- portDTO.setPosition(new PositionDTO(x.getDouble(), y.getDouble()));
- }
-
- // only set the group access control when applicable
- if (!groupAccessControl.isEmpty() || formParams.containsKey("groupAccessControl[]")) {
- portDTO.setGroupAccessControl(groupAccessControl);
- }
-
- // only set the user access control when applicable
- if (!userAccessControl.isEmpty() || formParams.containsKey("userAccessControl[]")) {
- portDTO.setUserAccessControl(userAccessControl);
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the output port entity
- final OutputPortEntity portEntity = new OutputPortEntity();
- portEntity.setRevision(revision);
- portEntity.setOutputPort(portDTO);
-
- // update the port
- return updateOutputPort(httpServletRequest, id, portEntity);
- }
-
- /**
- * Updates the specified output port.
- *
- * @param httpServletRequest request
* @param id The id of the output port to update.
* @param portEntity A outputPortEntity.
* @return A outputPortEntity.
*/
@PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates an output port",
response = OutputPortEntity.class,
@@ -627,14 +326,14 @@ public class OutputPortResource extends ApplicationResource {
// handle expects request (usually from the cluster manager)
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
- serviceFacade.verifyUpdateOutputPort(groupId, requestPortDTO);
+ serviceFacade.verifyUpdateOutputPort(requestPortDTO);
return generateContinueResponse().build();
}
// update the output port
final RevisionDTO revision = portEntity.getRevision();
final ConfigurationSnapshot<PortDTO> controllerResponse = serviceFacade.updateOutputPort(
- new Revision(revision.getVersion(), revision.getClientId()), groupId, requestPortDTO);
+ new Revision(revision.getVersion(), revision.getClientId()), requestPortDTO);
// get the results
final PortDTO responsePortDTO = controllerResponse.getConfiguration();
@@ -668,9 +367,9 @@ public class OutputPortResource extends ApplicationResource {
*/
@DELETE
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Deletes an output port",
response = OutputPortEntity.class,
@@ -713,7 +412,7 @@ public class OutputPortResource extends ApplicationResource {
// handle expects request (usually from the cluster manager)
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
- serviceFacade.verifyDeleteOutputPort(groupId, id);
+ serviceFacade.verifyDeleteOutputPort(id);
return generateContinueResponse().build();
}
@@ -724,7 +423,7 @@ public class OutputPortResource extends ApplicationResource {
}
// delete the specified output port
- final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteOutputPort(new Revision(clientVersion, clientId.getClientId()), groupId, id);
+ final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteOutputPort(new Revision(clientVersion, clientId.getClientId()), id);
// get the updated revision
final RevisionDTO revision = new RevisionDTO();
@@ -743,10 +442,6 @@ public class OutputPortResource extends ApplicationResource {
this.serviceFacade = serviceFacade;
}
- public void setGroupId(String groupId) {
- this.groupId = groupId;
- }
-
public void setClusterManager(WebClusterManager clusterManager) {
this.clusterManager = clusterManager;
}
[06/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardConnectionDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardConnectionDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardConnectionDAO.java
index e1faa14..29bd9b3 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardConnectionDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardConnectionDAO.java
@@ -16,14 +16,12 @@
*/
package org.apache.nifi.web.dao.impl;
-import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.authorization.DownloadAuthorization;
+import org.apache.nifi.admin.service.KeyService;
import org.apache.nifi.connectable.Connectable;
import org.apache.nifi.connectable.ConnectableType;
import org.apache.nifi.connectable.Connection;
import org.apache.nifi.connectable.Position;
import org.apache.nifi.controller.FlowController;
-import org.apache.nifi.controller.ProcessorNode;
import org.apache.nifi.controller.exception.ValidationException;
import org.apache.nifi.controller.queue.DropFlowFileStatus;
import org.apache.nifi.controller.queue.FlowFileQueue;
@@ -48,7 +46,6 @@ import org.apache.nifi.web.security.ProxiedEntitiesUtils;
import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.access.AccessDeniedException;
import javax.ws.rs.WebApplicationException;
import java.io.IOException;
@@ -56,7 +53,6 @@ import java.io.InputStream;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
-import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -67,32 +63,39 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
private static final Logger logger = LoggerFactory.getLogger(StandardConnectionDAO.class);
private FlowController flowController;
- private UserService userService;
+ private KeyService keyService;
- private Connection locateConnection(final String groupId, final String id) {
- return locateConnection(locateProcessGroup(flowController, groupId), id);
- }
-
- private Connection locateConnection(final ProcessGroup group, final String id) {
- // get the connection
- final Connection connection = group.getConnection(id);
+ private Connection locateConnection(final String connectionId) {
+ final ProcessGroup rootGroup = flowController.getGroup(flowController.getRootGroupId());
+ final Connection connection = rootGroup.findConnection(connectionId);
- // ensure the connection exists
if (connection == null) {
- throw new ResourceNotFoundException(String.format("Unable to find connection with id '%s'.", id));
+ throw new ResourceNotFoundException(String.format("Unable to find connection with id '%s'.", connectionId));
+ } else {
+ return connection;
}
+ }
- return connection;
+ @Override
+ public boolean hasConnection(String id) {
+ final ProcessGroup rootGroup = flowController.getGroup(flowController.getRootGroupId());
+ return rootGroup.findConnection(id) != null;
}
@Override
- public Connection getConnection(final String groupId, final String id) {
- return locateConnection(groupId, id);
+ public Connection getConnection(final String id) {
+ return locateConnection(id);
}
@Override
- public DropFlowFileStatus getFlowFileDropRequest(String groupId, String connectionId, String dropRequestId) {
- final Connection connection = locateConnection(groupId, connectionId);
+ public Set<Connection> getConnections(final String groupId) {
+ final ProcessGroup group = locateProcessGroup(flowController, groupId);
+ return group.getConnections();
+ }
+
+ @Override
+ public DropFlowFileStatus getFlowFileDropRequest(String connectionId, String dropRequestId) {
+ final Connection connection = locateConnection(connectionId);
final FlowFileQueue queue = connection.getFlowFileQueue();
final DropFlowFileStatus dropRequest = queue.getDropFlowFileStatus(dropRequestId);
@@ -104,8 +107,8 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
}
@Override
- public ListFlowFileStatus getFlowFileListingRequest(String groupId, String connectionId, String listingRequestId) {
- final Connection connection = locateConnection(groupId, connectionId);
+ public ListFlowFileStatus getFlowFileListingRequest(String connectionId, String listingRequestId) {
+ final Connection connection = locateConnection(connectionId);
final FlowFileQueue queue = connection.getFlowFileQueue();
final ListFlowFileStatus listRequest = queue.getListFlowFileStatus(listingRequestId);
@@ -117,9 +120,9 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
}
@Override
- public FlowFileRecord getFlowFile(String groupId, String id, String flowFileUuid) {
+ public FlowFileRecord getFlowFile(String id, String flowFileUuid) {
try {
- final Connection connection = locateConnection(groupId, id);
+ final Connection connection = locateConnection(id);
final FlowFileQueue queue = connection.getFlowFileQueue();
final FlowFileRecord flowFile = queue.getFlowFile(flowFileUuid);
@@ -134,36 +137,6 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
}
}
- @Override
- public Set<Connection> getConnectionsForSource(final String groupId, final String processorId) {
- final Set<Connection> connections = new HashSet<>(getConnections(groupId));
- for (final Iterator<Connection> connectionIter = connections.iterator(); connectionIter.hasNext();) {
- final Connection connection = connectionIter.next();
- final Connectable source = connection.getSource();
- if (!(source instanceof ProcessorNode) || !source.getIdentifier().equals(processorId)) {
- connectionIter.remove();
- }
- }
- return connections;
- }
-
- @Override
- public boolean hasConnection(final String groupId, final String id) {
- final ProcessGroup group = flowController.getGroup(groupId);
-
- if (group == null) {
- return false;
- }
-
- return group.getConnection(id) != null;
- }
-
- @Override
- public Set<Connection> getConnections(final String groupId) {
- final ProcessGroup group = locateProcessGroup(flowController, groupId);
- return group.getConnections();
- }
-
/**
* Configures the specified connection using the specified dto.
*/
@@ -360,8 +333,8 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
}
@Override
- public DropFlowFileStatus createFlowFileDropRequest(String groupId, String id, String dropRequestId) {
- final Connection connection = locateConnection(groupId, id);
+ public DropFlowFileStatus createFlowFileDropRequest(String id, String dropRequestId) {
+ final Connection connection = locateConnection(id);
final FlowFileQueue queue = connection.getFlowFileQueue();
final NiFiUser user = NiFiUserUtils.getNiFiUser();
@@ -373,8 +346,8 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
}
@Override
- public ListFlowFileStatus createFlowFileListingRequest(String groupId, String id, String listingRequestId) {
- final Connection connection = locateConnection(groupId, id);
+ public ListFlowFileStatus createFlowFileListingRequest(String id, String listingRequestId) {
+ final Connection connection = locateConnection(id);
final FlowFileQueue queue = connection.getFlowFileQueue();
// ensure we can list
@@ -399,16 +372,15 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
}
@Override
- public void verifyList(String groupId, String id) {
- final Connection connection = locateConnection(groupId, id);
+ public void verifyList(String id) {
+ final Connection connection = locateConnection(id);
final FlowFileQueue queue = connection.getFlowFileQueue();
verifyList(queue);
}
@Override
- public void verifyUpdate(String groupId, ConnectionDTO connectionDTO) {
- final ProcessGroup group = locateProcessGroup(flowController, groupId);
- verifyUpdate(locateConnection(group, connectionDTO.getId()), connectionDTO);
+ public void verifyUpdate(ConnectionDTO connectionDTO) {
+ verifyUpdate(locateConnection(connectionDTO.getId()), connectionDTO);
}
private void verifyUpdate(final Connection connection, final ConnectionDTO connectionDTO) {
@@ -436,9 +408,9 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
}
@Override
- public Connection updateConnection(final String groupId, final ConnectionDTO connectionDTO) {
- final ProcessGroup group = locateProcessGroup(flowController, groupId);
- final Connection connection = locateConnection(group, connectionDTO.getId());
+ public Connection updateConnection(final ConnectionDTO connectionDTO) {
+ final Connection connection = locateConnection(connectionDTO.getId());
+ final ProcessGroup group = connection.getProcessGroup();
// ensure we can update
verifyUpdate(connection, connectionDTO);
@@ -494,7 +466,7 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
// if the destination is changing or the previous destination was a different remote process group
if (!proposedDestination.getId().equals(currentDestination.getIdentifier()) || isDifferentRemoteProcessGroup) {
- final ProcessGroup destinationParentGroup = locateProcessGroup(flowController, groupId);
+ final ProcessGroup destinationParentGroup = locateProcessGroup(flowController, group.getIdentifier());
final RemoteProcessGroup remoteProcessGroup = destinationParentGroup.getRemoteProcessGroup(proposedDestination.getGroupId());
// ensure the remote process group was found
@@ -521,7 +493,7 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
if (!proposedDestination.getId().equals(currentDestination.getIdentifier())) {
// if the destination connectable's group id has not been set, its inferred to be the current group
if (proposedDestination.getGroupId() == null) {
- proposedDestination.setGroupId(groupId);
+ proposedDestination.setGroupId(group.getIdentifier());
}
final ProcessGroup destinationGroup = locateProcessGroup(flowController, proposedDestination.getGroupId());
@@ -552,22 +524,20 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
}
@Override
- public void verifyDelete(String groupId, String id) {
- final ProcessGroup group = locateProcessGroup(flowController, groupId);
- final Connection connection = locateConnection(group, id);
+ public void verifyDelete(String id) {
+ final Connection connection = locateConnection(id);
connection.verifyCanDelete();
}
@Override
- public void deleteConnection(final String groupId, final String id) {
- final ProcessGroup group = locateProcessGroup(flowController, groupId);
- final Connection connection = locateConnection(group, id);
- group.removeConnection(connection);
+ public void deleteConnection(final String id) {
+ final Connection connection = locateConnection(id);
+ connection.getProcessGroup().removeConnection(connection);
}
@Override
- public DropFlowFileStatus deleteFlowFileDropRequest(String groupId, String connectionId, String dropRequestId) {
- final Connection connection = locateConnection(groupId, connectionId);
+ public DropFlowFileStatus deleteFlowFileDropRequest(String connectionId, String dropRequestId) {
+ final Connection connection = locateConnection(connectionId);
final FlowFileQueue queue = connection.getFlowFileQueue();
final DropFlowFileStatus dropFlowFileStatus = queue.cancelDropFlowFileRequest(dropRequestId);
@@ -579,8 +549,8 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
}
@Override
- public ListFlowFileStatus deleteFlowFileListingRequest(String groupId, String connectionId, String listingRequestId) {
- final Connection connection = locateConnection(groupId, connectionId);
+ public ListFlowFileStatus deleteFlowFileListingRequest(String connectionId, String listingRequestId) {
+ final Connection connection = locateConnection(connectionId);
final FlowFileQueue queue = connection.getFlowFileQueue();
final ListFlowFileStatus listFlowFileStatus = queue.cancelListFlowFileRequest(listingRequestId);
@@ -592,14 +562,14 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
}
@Override
- public DownloadableContent getContent(String groupId, String id, String flowFileUuid, String requestUri) {
+ public DownloadableContent getContent(String id, String flowFileUuid, String requestUri) {
try {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user == null) {
throw new WebApplicationException(new Throwable("Unable to access details for current user."));
}
- final Connection connection = locateConnection(groupId, id);
+ final Connection connection = locateConnection(id);
final FlowFileQueue queue = connection.getFlowFileQueue();
final FlowFileRecord flowFile = queue.getFlowFile(flowFileUuid);
@@ -610,12 +580,12 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
// calculate the dn chain
final List<String> dnChain = ProxiedEntitiesUtils.buildProxiedEntitiesChain(user);
- // ensure the users in this chain are allowed to download this content
+ // TODO - ensure the users in this chain are allowed to download this content
final Map<String, String> attributes = flowFile.getAttributes();
- final DownloadAuthorization downloadAuthorization = userService.authorizeDownload(dnChain, attributes);
- if (!downloadAuthorization.isApproved()) {
- throw new AccessDeniedException(downloadAuthorization.getExplanation());
- }
+// final DownloadAuthorization downloadAuthorization = keyService.authorizeDownload(dnChain, attributes);
+// if (!downloadAuthorization.isApproved()) {
+// throw new AccessDeniedException(downloadAuthorization.getExplanation());
+// }
// get the filename and fall back to the identifier (should never happen)
String filename = attributes.get(CoreAttributes.FILENAME.key());
@@ -642,7 +612,7 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
this.flowController = flowController;
}
- public void setUserService(UserService userService) {
- this.userService = userService;
+ public void setKeyService(KeyService keyService) {
+ this.keyService = keyService;
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardFunnelDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardFunnelDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardFunnelDAO.java
index 2be8e26..e4ec239 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardFunnelDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardFunnelDAO.java
@@ -16,8 +16,6 @@
*/
package org.apache.nifi.web.dao.impl;
-import java.util.Set;
-
import org.apache.nifi.connectable.Funnel;
import org.apache.nifi.connectable.Position;
import org.apache.nifi.controller.FlowController;
@@ -26,24 +24,27 @@ import org.apache.nifi.web.ResourceNotFoundException;
import org.apache.nifi.web.api.dto.FunnelDTO;
import org.apache.nifi.web.dao.FunnelDAO;
+import java.util.Set;
+
public class StandardFunnelDAO extends ComponentDAO implements FunnelDAO {
private FlowController flowController;
- private Funnel locateFunnel(String groupId, String funnelId) {
- return locateFunnel(locateProcessGroup(flowController, groupId), funnelId);
- }
-
- private Funnel locateFunnel(ProcessGroup group, String funnelId) {
- // get the funnel
- Funnel funnel = group.getFunnel(funnelId);
+ private Funnel locateFunnel(final String funnelId) {
+ final ProcessGroup rootGroup = flowController.getGroup(flowController.getRootGroupId());
+ final Funnel funnel = rootGroup.findFunnel(funnelId);
- // ensure the funnel exists
if (funnel == null) {
- throw new ResourceNotFoundException(String.format("Unable to locate funnel with id '%s'.", funnelId));
+ throw new ResourceNotFoundException(String.format("Unable to find funnel with id '%s'.", funnelId));
+ } else {
+ return funnel;
}
+ }
- return funnel;
+ @Override
+ public boolean hasFunnel(String funnelId) {
+ final ProcessGroup rootGroup = flowController.getGroup(flowController.getRootGroupId());
+ return rootGroup.findFunnel(funnelId) != null;
}
@Override
@@ -68,20 +69,8 @@ public class StandardFunnelDAO extends ComponentDAO implements FunnelDAO {
}
@Override
- public Funnel getFunnel(String groupId, String funnelId) {
- return locateFunnel(groupId, funnelId);
- }
-
- @Override
- public boolean hasFunnel(String groupId, String funnelId) {
- ProcessGroup group;
- try {
- group = flowController.getGroup(groupId);
- } catch (NullPointerException | IllegalArgumentException e) {
- return false;
- }
-
- return group.getFunnel(funnelId) != null;
+ public Funnel getFunnel(String funnelId) {
+ return locateFunnel(funnelId);
}
@Override
@@ -91,11 +80,9 @@ public class StandardFunnelDAO extends ComponentDAO implements FunnelDAO {
}
@Override
- public Funnel updateFunnel(String groupId, FunnelDTO funnelDTO) {
- ProcessGroup group = locateProcessGroup(flowController, groupId);
-
+ public Funnel updateFunnel(FunnelDTO funnelDTO) {
// get the funnel being updated
- Funnel funnel = locateFunnel(group, funnelDTO.getId());
+ Funnel funnel = locateFunnel(funnelDTO.getId());
// update the label state
if (isNotNull(funnelDTO.getPosition())) {
@@ -108,21 +95,18 @@ public class StandardFunnelDAO extends ComponentDAO implements FunnelDAO {
}
@Override
- public void verifyDelete(String groupId, String funnelId) {
- ProcessGroup group = locateProcessGroup(flowController, groupId);
- Funnel funnel = locateFunnel(group, funnelId);
+ public void verifyDelete(String funnelId) {
+ Funnel funnel = locateFunnel(funnelId);
funnel.verifyCanDelete();
}
@Override
- public void deleteFunnel(String groupId, String funnelId) {
- ProcessGroup group = locateProcessGroup(flowController, groupId);
-
+ public void deleteFunnel(String funnelId) {
// get the funnel
- Funnel funnel = locateFunnel(group, funnelId);
+ Funnel funnel = locateFunnel(funnelId);
// remove the funnel
- group.removeFunnel(funnel);
+ funnel.getProcessGroup().removeFunnel(funnel);
}
/* setters */
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardInputPortDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardInputPortDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardInputPortDAO.java
index fd133a5..35c537d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardInputPortDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardInputPortDAO.java
@@ -16,10 +16,6 @@
*/
package org.apache.nifi.web.dao.impl;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-
import org.apache.nifi.connectable.Port;
import org.apache.nifi.connectable.Position;
import org.apache.nifi.controller.FlowController;
@@ -32,23 +28,29 @@ import org.apache.nifi.web.ResourceNotFoundException;
import org.apache.nifi.web.api.dto.PortDTO;
import org.apache.nifi.web.dao.PortDAO;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
public class StandardInputPortDAO extends ComponentDAO implements PortDAO {
private FlowController flowController;
- private Port locatePort(String groupId, String portId) {
- return locatePort(locateProcessGroup(flowController, groupId), portId);
- }
+ private Port locatePort(final String portId) {
+ final ProcessGroup rootGroup = flowController.getGroup(flowController.getRootGroupId());
+ final Port port = rootGroup.findInputPort(portId);
- private Port locatePort(ProcessGroup group, String portId) {
- Port port = group.getInputPort(portId);
-
- // ensure the port exists
if (port == null) {
- throw new ResourceNotFoundException(String.format("Unable to locate an input port with id '%s'.", portId));
+ throw new ResourceNotFoundException(String.format("Unable to find port with id '%s'.", portId));
+ } else {
+ return port;
}
+ }
- return port;
+ @Override
+ public boolean hasPort(String portId) {
+ final ProcessGroup rootGroup = flowController.getGroup(flowController.getRootGroupId());
+ return rootGroup.findInputPort(portId) != null;
}
@Override
@@ -88,19 +90,8 @@ public class StandardInputPortDAO extends ComponentDAO implements PortDAO {
}
@Override
- public Port getPort(String groupId, String portId) {
- return locatePort(groupId, portId);
- }
-
- @Override
- public boolean hasPort(String groupId, String portId) {
- ProcessGroup group = flowController.getGroup(groupId);
-
- if (group == null) {
- return false;
- }
-
- return group.getInputPort(portId) != null;
+ public Port getPort(String portId) {
+ return locatePort(portId);
}
@Override
@@ -110,9 +101,8 @@ public class StandardInputPortDAO extends ComponentDAO implements PortDAO {
}
@Override
- public void verifyUpdate(String groupId, PortDTO portDTO) {
- final ProcessGroup group = locateProcessGroup(flowController, groupId);
- final Port inputPort = locatePort(group, portDTO.getId());
+ public void verifyUpdate(PortDTO portDTO) {
+ final Port inputPort = locatePort(portDTO.getId());
verifyUpdate(inputPort, portDTO);
}
@@ -178,9 +168,8 @@ public class StandardInputPortDAO extends ComponentDAO implements PortDAO {
}
@Override
- public Port updatePort(String groupId, PortDTO portDTO) {
- ProcessGroup group = locateProcessGroup(flowController, groupId);
- Port inputPort = locatePort(group, portDTO.getId());
+ public Port updatePort(PortDTO portDTO) {
+ Port inputPort = locatePort(portDTO.getId());
// ensure we can do this update
verifyUpdate(inputPort, portDTO);
@@ -195,20 +184,20 @@ public class StandardInputPortDAO extends ComponentDAO implements PortDAO {
// perform the appropriate action
switch (purposedScheduledState) {
case RUNNING:
- group.startInputPort(inputPort);
+ inputPort.getProcessGroup().startInputPort(inputPort);
break;
case STOPPED:
switch (inputPort.getScheduledState()) {
case RUNNING:
- group.stopInputPort(inputPort);
+ inputPort.getProcessGroup().stopInputPort(inputPort);
break;
case DISABLED:
- group.enableInputPort(inputPort);
+ inputPort.getProcessGroup().enableInputPort(inputPort);
break;
}
break;
case DISABLED:
- group.disableInputPort(inputPort);
+ inputPort.getProcessGroup().disableInputPort(inputPort);
break;
}
} catch (IllegalStateException ise) {
@@ -248,17 +237,15 @@ public class StandardInputPortDAO extends ComponentDAO implements PortDAO {
}
@Override
- public void verifyDelete(final String groupId, final String portId) {
- final ProcessGroup group = locateProcessGroup(flowController, groupId);
- final Port inputPort = locatePort(group, portId);
+ public void verifyDelete(final String portId) {
+ final Port inputPort = locatePort(portId);
inputPort.verifyCanDelete();
}
@Override
- public void deletePort(final String groupId, final String portId) {
- final ProcessGroup group = locateProcessGroup(flowController, groupId);
- final Port inputPort = locatePort(group, portId);
- group.removeInputPort(inputPort);
+ public void deletePort(final String portId) {
+ final Port inputPort = locatePort(portId);
+ inputPort.getProcessGroup().removeInputPort(inputPort);
}
/* setters */
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardLabelDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardLabelDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardLabelDAO.java
index bd774e2..2a8b19f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardLabelDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardLabelDAO.java
@@ -16,8 +16,6 @@
*/
package org.apache.nifi.web.dao.impl;
-import java.util.Set;
-
import org.apache.nifi.connectable.Position;
import org.apache.nifi.connectable.Size;
import org.apache.nifi.controller.FlowController;
@@ -27,24 +25,27 @@ import org.apache.nifi.web.ResourceNotFoundException;
import org.apache.nifi.web.api.dto.LabelDTO;
import org.apache.nifi.web.dao.LabelDAO;
+import java.util.Set;
+
public class StandardLabelDAO extends ComponentDAO implements LabelDAO {
private FlowController flowController;
- private Label locateLabel(String groupId, String labelId) {
- return locateLabel(locateProcessGroup(flowController, groupId), labelId);
- }
-
- private Label locateLabel(ProcessGroup group, String labelId) {
- // get the label
- Label label = group.getLabel(labelId);
+ private Label locateLabel(final String labelId) {
+ final ProcessGroup rootGroup = flowController.getGroup(flowController.getRootGroupId());
+ final Label label = rootGroup.findLabel(labelId);
- // ensure the label exists
if (label == null) {
- throw new ResourceNotFoundException(String.format("Unable to locate label with id '%s'.", labelId));
+ throw new ResourceNotFoundException(String.format("Unable to find label with id '%s'.", labelId));
+ } else {
+ return label;
}
+ }
- return label;
+ @Override
+ public boolean hasLabel(String labelId) {
+ final ProcessGroup rootGroup = flowController.getGroup(flowController.getRootGroupId());
+ return rootGroup.findLabel(labelId) != null;
}
@Override
@@ -72,20 +73,8 @@ public class StandardLabelDAO extends ComponentDAO implements LabelDAO {
}
@Override
- public Label getLabel(String groupId, String labelId) {
- return locateLabel(groupId, labelId);
- }
-
- @Override
- public boolean hasLabel(String groupId, String labelId) {
- ProcessGroup group;
- try {
- group = flowController.getGroup(groupId);
- } catch (NullPointerException | IllegalArgumentException e) {
- return false;
- }
-
- return group.getLabel(labelId) != null;
+ public Label getLabel(String labelId) {
+ return locateLabel(labelId);
}
@Override
@@ -95,11 +84,9 @@ public class StandardLabelDAO extends ComponentDAO implements LabelDAO {
}
@Override
- public Label updateLabel(String groupId, LabelDTO labelDTO) {
- ProcessGroup group = locateProcessGroup(flowController, groupId);
-
+ public Label updateLabel(LabelDTO labelDTO) {
// get the label being updated
- Label label = locateLabel(group, labelDTO.getId());
+ Label label = locateLabel(labelDTO.getId());
// update the label state
if (labelDTO.getPosition() != null) {
@@ -119,14 +106,12 @@ public class StandardLabelDAO extends ComponentDAO implements LabelDAO {
}
@Override
- public void deleteLabel(String groupId, String labelId) {
- ProcessGroup group = locateProcessGroup(flowController, groupId);
-
+ public void deleteLabel(String labelId) {
// get the label
- Label label = locateLabel(group, labelId);
+ Label label = locateLabel(labelId);
// remove the label
- group.removeLabel(label);
+ label.getProcessGroup().removeLabel(label);
}
/* setters */
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardOutputPortDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardOutputPortDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardOutputPortDAO.java
index a33682b..bad9e3a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardOutputPortDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardOutputPortDAO.java
@@ -16,10 +16,6 @@
*/
package org.apache.nifi.web.dao.impl;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-
import org.apache.nifi.connectable.Port;
import org.apache.nifi.connectable.Position;
import org.apache.nifi.controller.FlowController;
@@ -32,23 +28,29 @@ import org.apache.nifi.web.ResourceNotFoundException;
import org.apache.nifi.web.api.dto.PortDTO;
import org.apache.nifi.web.dao.PortDAO;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
public class StandardOutputPortDAO extends ComponentDAO implements PortDAO {
private FlowController flowController;
- private Port locatePort(String groupId, String portId) {
- return locatePort(locateProcessGroup(flowController, groupId), portId);
- }
+ private Port locatePort(final String portId) {
+ final ProcessGroup rootGroup = flowController.getGroup(flowController.getRootGroupId());
+ final Port port = rootGroup.findOutputPort(portId);
- private Port locatePort(ProcessGroup group, String portId) {
- Port port = group.getOutputPort(portId);
-
- // ensure the port exists
if (port == null) {
- throw new ResourceNotFoundException(String.format("Unable to locate an output port with id '%s'.", portId));
+ throw new ResourceNotFoundException(String.format("Unable to find port with id '%s'.", portId));
+ } else {
+ return port;
}
+ }
- return port;
+ @Override
+ public boolean hasPort(String portId) {
+ final ProcessGroup rootGroup = flowController.getGroup(flowController.getRootGroupId());
+ return rootGroup.findOutputPort(portId) != null;
}
@Override
@@ -88,19 +90,8 @@ public class StandardOutputPortDAO extends ComponentDAO implements PortDAO {
}
@Override
- public Port getPort(String groupId, String portId) {
- return locatePort(groupId, portId);
- }
-
- @Override
- public boolean hasPort(String groupId, String portId) {
- ProcessGroup group = flowController.getGroup(groupId);
-
- if (group == null) {
- return false;
- }
-
- return group.getOutputPort(portId) != null;
+ public Port getPort(String portId) {
+ return locatePort(portId);
}
@Override
@@ -110,9 +101,8 @@ public class StandardOutputPortDAO extends ComponentDAO implements PortDAO {
}
@Override
- public void verifyUpdate(String groupId, PortDTO portDTO) {
- final ProcessGroup group = locateProcessGroup(flowController, groupId);
- final Port outputPort = locatePort(group, portDTO.getId());
+ public void verifyUpdate(PortDTO portDTO) {
+ final Port outputPort = locatePort(portDTO.getId());
verifyUpdate(outputPort, portDTO);
}
@@ -178,9 +168,8 @@ public class StandardOutputPortDAO extends ComponentDAO implements PortDAO {
}
@Override
- public Port updatePort(String groupId, PortDTO portDTO) {
- ProcessGroup group = locateProcessGroup(flowController, groupId);
- Port outputPort = locatePort(group, portDTO.getId());
+ public Port updatePort(PortDTO portDTO) {
+ Port outputPort = locatePort(portDTO.getId());
// ensure we can do this update
verifyUpdate(outputPort, portDTO);
@@ -195,20 +184,20 @@ public class StandardOutputPortDAO extends ComponentDAO implements PortDAO {
// perform the appropriate action
switch (purposedScheduledState) {
case RUNNING:
- group.startOutputPort(outputPort);
+ outputPort.getProcessGroup().startOutputPort(outputPort);
break;
case STOPPED:
switch (outputPort.getScheduledState()) {
case RUNNING:
- group.stopOutputPort(outputPort);
+ outputPort.getProcessGroup().stopOutputPort(outputPort);
break;
case DISABLED:
- group.enableOutputPort(outputPort);
+ outputPort.getProcessGroup().enableOutputPort(outputPort);
break;
}
break;
case DISABLED:
- group.disableOutputPort(outputPort);
+ outputPort.getProcessGroup().disableOutputPort(outputPort);
break;
}
} catch (IllegalStateException ise) {
@@ -248,17 +237,15 @@ public class StandardOutputPortDAO extends ComponentDAO implements PortDAO {
}
@Override
- public void verifyDelete(final String groupId, final String portId) {
- final ProcessGroup group = locateProcessGroup(flowController, groupId);
- final Port outputPort = locatePort(group, portId);
+ public void verifyDelete(final String portId) {
+ final Port outputPort = locatePort(portId);
outputPort.verifyCanDelete();
}
@Override
- public void deletePort(String groupId, String portId) {
- ProcessGroup group = locateProcessGroup(flowController, groupId);
- Port outputPort = locatePort(group, portId);
- group.removeOutputPort(outputPort);
+ public void deletePort(String portId) {
+ Port outputPort = locatePort(portId);
+ outputPort.getProcessGroup().removeOutputPort(outputPort);
}
/* setters */
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardProcessGroupDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardProcessGroupDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardProcessGroupDAO.java
index 52887e4..5b4570b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardProcessGroupDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardProcessGroupDAO.java
@@ -16,14 +16,14 @@
*/
package org.apache.nifi.web.dao.impl;
-import java.util.Set;
-
import org.apache.nifi.connectable.Position;
import org.apache.nifi.controller.FlowController;
import org.apache.nifi.groups.ProcessGroup;
import org.apache.nifi.web.api.dto.ProcessGroupDTO;
import org.apache.nifi.web.dao.ProcessGroupDAO;
+import java.util.Set;
+
public class StandardProcessGroupDAO extends ComponentDAO implements ProcessGroupDAO {
private FlowController flowController;
@@ -52,13 +52,13 @@ public class StandardProcessGroupDAO extends ComponentDAO implements ProcessGrou
}
@Override
- public ProcessGroup getProcessGroup(String groupId) {
- return locateProcessGroup(flowController, groupId);
+ public boolean hasProcessGroup(String groupId) {
+ return flowController.getGroup(groupId) != null;
}
@Override
- public boolean hasProcessGroup(String groupId) {
- return flowController.getGroup(groupId) != null;
+ public ProcessGroup getProcessGroup(String groupId) {
+ return locateProcessGroup(flowController, groupId);
}
@Override
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardProcessorDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardProcessorDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardProcessorDAO.java
index 48d2bee..ab96117 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardProcessorDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardProcessorDAO.java
@@ -16,16 +16,7 @@
*/
package org.apache.nifi.web.dao.impl;
-import java.text.ParseException;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.RejectedExecutionException;
-import java.util.concurrent.TimeUnit;
-import java.util.regex.Matcher;
-
+import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.components.state.Scope;
import org.apache.nifi.components.state.StateMap;
import org.apache.nifi.connectable.Connection;
@@ -33,8 +24,8 @@ import org.apache.nifi.connectable.Position;
import org.apache.nifi.controller.FlowController;
import org.apache.nifi.controller.ProcessorNode;
import org.apache.nifi.controller.ScheduledState;
-import org.apache.nifi.controller.exception.ProcessorInstantiationException;
import org.apache.nifi.controller.exception.ComponentLifeCycleException;
+import org.apache.nifi.controller.exception.ProcessorInstantiationException;
import org.apache.nifi.controller.exception.ValidationException;
import org.apache.nifi.groups.ProcessGroup;
import org.apache.nifi.logging.LogLevel;
@@ -47,46 +38,45 @@ import org.apache.nifi.web.api.dto.ProcessorConfigDTO;
import org.apache.nifi.web.api.dto.ProcessorDTO;
import org.apache.nifi.web.dao.ComponentStateDAO;
import org.apache.nifi.web.dao.ProcessorDAO;
-
-import org.apache.commons.lang3.StringUtils;
import org.quartz.CronExpression;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.text.ParseException;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.RejectedExecutionException;
+import java.util.concurrent.TimeUnit;
+import java.util.regex.Matcher;
+
public class StandardProcessorDAO extends ComponentDAO implements ProcessorDAO {
private static final Logger logger = LoggerFactory.getLogger(StandardProcessorDAO.class);
private FlowController flowController;
private ComponentStateDAO componentStateDAO;
- private ProcessorNode locateProcessor(String groupId, String processorId) {
- return locateProcessor(locateProcessGroup(flowController, groupId), processorId);
- }
-
- private ProcessorNode locateProcessor(ProcessGroup group, String processorId) {
- // get the specified processor
- ProcessorNode processor = group.getProcessor(processorId);
+ private ProcessorNode locateProcessor(final String processorId) {
+ final ProcessGroup rootGroup = flowController.getGroup(flowController.getRootGroupId());
+ final ProcessorNode processor = rootGroup.findProcessor(processorId);
if (processor == null) {
throw new ResourceNotFoundException(String.format("Unable to find processor with id '%s'.", processorId));
+ } else {
+ return processor;
}
-
- return processor;
}
@Override
- public boolean hasProcessor(String groupId, String id) {
- ProcessGroup group = flowController.getGroup(groupId);
-
- if (group == null) {
- return false;
- }
-
- return group.getProcessor(id) != null;
+ public boolean hasProcessor(String id) {
+ final ProcessGroup rootGroup = flowController.getGroup(flowController.getRootGroupId());
+ return rootGroup.findProcessor(id) != null;
}
@Override
- public ProcessorNode createProcessor(String groupId, ProcessorDTO processorDTO) {
+ public ProcessorNode createProcessor(final String groupId, ProcessorDTO processorDTO) {
if (processorDTO.getParentGroupId() != null && !flowController.areGroupsSame(groupId, processorDTO.getParentGroupId())) {
throw new IllegalArgumentException("Cannot specify a different Parent Group ID than the Group to which the Processor is being added.");
}
@@ -120,7 +110,7 @@ public class StandardProcessorDAO extends ComponentDAO implements ProcessorDAO {
}
}
- private void configureProcessor(ProcessorNode processor, ProcessorDTO processorDTO) {
+ private void configureProcessor(final ProcessorNode processor, final ProcessorDTO processorDTO) {
final ProcessorConfigDTO config = processorDTO.getConfig();
// ensure some configuration was specified
@@ -206,7 +196,7 @@ public class StandardProcessorDAO extends ComponentDAO implements ProcessorDAO {
}
}
- private List<String> validateProposedConfiguration(ProcessorNode processorNode, ProcessorConfigDTO config) {
+ private List<String> validateProposedConfiguration(final ProcessorNode processorNode, final ProcessorConfigDTO config) {
List<String> validationErrors = new ArrayList<>();
// validate settings
@@ -297,8 +287,8 @@ public class StandardProcessorDAO extends ComponentDAO implements ProcessorDAO {
}
@Override
- public ProcessorNode getProcessor(String groupId, String id) {
- return locateProcessor(groupId, id);
+ public ProcessorNode getProcessor(final String id) {
+ return locateProcessor(id);
}
@Override
@@ -308,9 +298,8 @@ public class StandardProcessorDAO extends ComponentDAO implements ProcessorDAO {
}
@Override
- public void verifyUpdate(String groupId, ProcessorDTO processorDTO) {
- ProcessGroup group = locateProcessGroup(flowController, groupId);
- verifyUpdate(locateProcessor(group, processorDTO.getId()), processorDTO);
+ public void verifyUpdate(final ProcessorDTO processorDTO) {
+ verifyUpdate(locateProcessor(processorDTO.getId()), processorDTO);
}
private void verifyUpdate(ProcessorNode processor, ProcessorDTO processorDTO) {
@@ -384,8 +373,8 @@ public class StandardProcessorDAO extends ComponentDAO implements ProcessorDAO {
}
@Override
- public ProcessorNode updateProcessor(String groupId, ProcessorDTO processorDTO) {
- ProcessorNode processor = locateProcessor(groupId, processorDTO.getId());
+ public ProcessorNode updateProcessor(ProcessorDTO processorDTO) {
+ ProcessorNode processor = locateProcessor(processorDTO.getId());
ProcessGroup parentGroup = processor.getProcessGroup();
// ensure we can perform the update
@@ -436,41 +425,39 @@ public class StandardProcessorDAO extends ComponentDAO implements ProcessorDAO {
}
@Override
- public void verifyDelete(String groupId, String processorId) {
- ProcessGroup group = locateProcessGroup(flowController, groupId);
- ProcessorNode processor = locateProcessor(group, processorId);
+ public void verifyDelete(String processorId) {
+ ProcessorNode processor = locateProcessor(processorId);
processor.verifyCanDelete();
}
@Override
- public void deleteProcessor(String groupId, String processorId) {
+ public void deleteProcessor(String processorId) {
// get the group and the processor
- ProcessGroup group = locateProcessGroup(flowController, groupId);
- ProcessorNode processor = locateProcessor(group, processorId);
+ ProcessorNode processor = locateProcessor(processorId);
try {
// attempt remove the processor
- group.removeProcessor(processor);
+ processor.getProcessGroup().removeProcessor(processor);
} catch (ComponentLifeCycleException plce) {
throw new NiFiCoreException(plce.getMessage(), plce);
}
}
@Override
- public StateMap getState(String groupId, String processorId, final Scope scope) {
- final ProcessorNode processor = locateProcessor(groupId, processorId);
+ public StateMap getState(String processorId, final Scope scope) {
+ final ProcessorNode processor = locateProcessor(processorId);
return componentStateDAO.getState(processor, scope);
}
@Override
- public void verifyClearState(String groupId, String processorId) {
- final ProcessorNode processor = locateProcessor(groupId, processorId);
+ public void verifyClearState(String processorId) {
+ final ProcessorNode processor = locateProcessor(processorId);
processor.verifyCanClearState();
}
@Override
- public void clearState(String groupId, String processorId) {
- final ProcessorNode processor = locateProcessor(groupId, processorId);
+ public void clearState(String processorId) {
+ final ProcessorNode processor = locateProcessor(processorId);
componentStateDAO.clearState(processor);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardRemoteProcessGroupDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardRemoteProcessGroupDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardRemoteProcessGroupDAO.java
index 2b467c0..8c877e2 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardRemoteProcessGroupDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardRemoteProcessGroupDAO.java
@@ -16,11 +16,6 @@
*/
package org.apache.nifi.web.dao.impl;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Set;
-import java.util.regex.Matcher;
-
import org.apache.nifi.connectable.Position;
import org.apache.nifi.controller.FlowController;
import org.apache.nifi.groups.ProcessGroup;
@@ -31,28 +26,34 @@ import org.apache.nifi.web.ResourceNotFoundException;
import org.apache.nifi.web.api.dto.RemoteProcessGroupDTO;
import org.apache.nifi.web.api.dto.RemoteProcessGroupPortDTO;
import org.apache.nifi.web.dao.RemoteProcessGroupDAO;
-
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+import java.util.regex.Matcher;
+
public class StandardRemoteProcessGroupDAO extends ComponentDAO implements RemoteProcessGroupDAO {
private static final Logger logger = LoggerFactory.getLogger(StandardRemoteProcessGroupDAO.class);
private FlowController flowController;
- private RemoteProcessGroup locateRemoteProcessGroup(String groupId, String remoteProcessGroupId) {
- return locateRemoteProcessGroup(locateProcessGroup(flowController, groupId), remoteProcessGroupId);
- }
-
- private RemoteProcessGroup locateRemoteProcessGroup(ProcessGroup group, String remoteProcessGroupId) {
- RemoteProcessGroup remoteProcessGroup = group.getRemoteProcessGroup(remoteProcessGroupId);
+ private RemoteProcessGroup locateRemoteProcessGroup(final String remoteProcessGroupId) {
+ final ProcessGroup rootGroup = flowController.getGroup(flowController.getRootGroupId());
+ final RemoteProcessGroup remoteProcessGroup = rootGroup.findRemoteProcessGroup(remoteProcessGroupId);
if (remoteProcessGroup == null) {
- throw new ResourceNotFoundException(
- String.format("Unable to find remote process group with id '%s'.", remoteProcessGroupId));
+ throw new ResourceNotFoundException(String.format("Unable to find remote process group with id '%s'.", remoteProcessGroupId));
+ } else {
+ return remoteProcessGroup;
}
+ }
- return remoteProcessGroup;
+ @Override
+ public boolean hasRemoteProcessGroup(String remoteProcessGroupId) {
+ final ProcessGroup rootGroup = flowController.getGroup(flowController.getRootGroupId());
+ return rootGroup.findRemoteProcessGroup(remoteProcessGroupId) != null;
}
/**
@@ -96,30 +97,13 @@ public class StandardRemoteProcessGroupDAO extends ComponentDAO implements Remot
* @return The remote process group
*/
@Override
- public RemoteProcessGroup getRemoteProcessGroup(String groupId, String remoteProcessGroupId) {
- final RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(groupId, remoteProcessGroupId);
+ public RemoteProcessGroup getRemoteProcessGroup(String remoteProcessGroupId) {
+ final RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(remoteProcessGroupId);
return remoteProcessGroup;
}
/**
- * Determines if the specified remote process group exists.
- *
- * @param remoteProcessGroupId id
- * @return true if exists
- */
- @Override
- public boolean hasRemoteProcessGroup(String groupId, String remoteProcessGroupId) {
- ProcessGroup group = flowController.getGroup(groupId);
-
- if (group == null) {
- return false;
- }
-
- return group.getRemoteProcessGroup(remoteProcessGroupId) != null;
- }
-
- /**
* Gets all of the remote process groups.
*
* @return The remote process groups
@@ -132,9 +116,8 @@ public class StandardRemoteProcessGroupDAO extends ComponentDAO implements Remot
}
@Override
- public void verifyUpdate(String groupId, RemoteProcessGroupDTO remoteProcessGroup) {
- ProcessGroup group = locateProcessGroup(flowController, groupId);
- verifyUpdate(locateRemoteProcessGroup(group, remoteProcessGroup.getId()), remoteProcessGroup);
+ public void verifyUpdate(RemoteProcessGroupDTO remoteProcessGroup) {
+ verifyUpdate(locateRemoteProcessGroup(remoteProcessGroup.getId()), remoteProcessGroup);
}
/**
@@ -160,9 +143,8 @@ public class StandardRemoteProcessGroupDAO extends ComponentDAO implements Remot
}
@Override
- public void verifyUpdateInputPort(String groupId, String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDto) {
- final ProcessGroup group = locateProcessGroup(flowController, groupId);
- final RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(group, remoteProcessGroupId);
+ public void verifyUpdateInputPort(String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDto) {
+ final RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(remoteProcessGroupId);
final RemoteGroupPort port = remoteProcessGroup.getInputPort(remoteProcessGroupPortDto.getId());
if (port == null) {
@@ -174,9 +156,8 @@ public class StandardRemoteProcessGroupDAO extends ComponentDAO implements Remot
}
@Override
- public void verifyUpdateOutputPort(String groupId, String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDto) {
- final ProcessGroup group = locateProcessGroup(flowController, groupId);
- final RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(group, remoteProcessGroupId);
+ public void verifyUpdateOutputPort(String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDto) {
+ final RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(remoteProcessGroupId);
final RemoteGroupPort port = remoteProcessGroup.getOutputPort(remoteProcessGroupPortDto.getId());
if (port == null) {
@@ -246,8 +227,8 @@ public class StandardRemoteProcessGroupDAO extends ComponentDAO implements Remot
}
@Override
- public RemoteGroupPort updateRemoteProcessGroupInputPort(String groupId, String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDto) {
- final RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(groupId, remoteProcessGroupId);
+ public RemoteGroupPort updateRemoteProcessGroupInputPort(String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDto) {
+ final RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(remoteProcessGroupId);
final RemoteGroupPort port = remoteProcessGroup.getInputPort(remoteProcessGroupPortDto.getId());
if (port == null) {
@@ -280,8 +261,8 @@ public class StandardRemoteProcessGroupDAO extends ComponentDAO implements Remot
}
@Override
- public RemoteGroupPort updateRemoteProcessGroupOutputPort(String groupId, String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDto) {
- final RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(groupId, remoteProcessGroupId);
+ public RemoteGroupPort updateRemoteProcessGroupOutputPort(String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDto) {
+ final RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(remoteProcessGroupId);
final RemoteGroupPort port = remoteProcessGroup.getOutputPort(remoteProcessGroupPortDto.getId());
if (port == null) {
@@ -314,9 +295,8 @@ public class StandardRemoteProcessGroupDAO extends ComponentDAO implements Remot
}
@Override
- public RemoteProcessGroup updateRemoteProcessGroup(String groupId, RemoteProcessGroupDTO remoteProcessGroupDTO) {
- ProcessGroup group = locateProcessGroup(flowController, groupId);
- RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(group, remoteProcessGroupDTO.getId());
+ public RemoteProcessGroup updateRemoteProcessGroup(RemoteProcessGroupDTO remoteProcessGroupDTO) {
+ RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(remoteProcessGroupDTO.getId());
// verify the update request
verifyUpdate(remoteProcessGroup, remoteProcessGroupDTO);
@@ -357,17 +337,15 @@ public class StandardRemoteProcessGroupDAO extends ComponentDAO implements Remot
}
@Override
- public void verifyDelete(String groupId, String remoteProcessGroupId) {
- ProcessGroup group = locateProcessGroup(flowController, groupId);
- RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(group, remoteProcessGroupId);
+ public void verifyDelete(String remoteProcessGroupId) {
+ RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(remoteProcessGroupId);
remoteProcessGroup.verifyCanDelete();
}
@Override
- public void deleteRemoteProcessGroup(String groupId, String remoteProcessGroupId) {
- ProcessGroup group = locateProcessGroup(flowController, groupId);
- RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(group, remoteProcessGroupId);
- group.removeRemoteProcessGroup(remoteProcessGroup);
+ public void deleteRemoteProcessGroup(String remoteProcessGroupId) {
+ RemoteProcessGroup remoteProcessGroup = locateRemoteProcessGroup(remoteProcessGroupId);
+ remoteProcessGroup.getProcessGroup().removeRemoteProcessGroup(remoteProcessGroup);
}
public void setFlowController(FlowController flowController) {
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
index 6c2165f..a73e0b0 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
@@ -81,7 +81,7 @@
</bean>
<bean id="connectionDAO" class="org.apache.nifi.web.dao.impl.StandardConnectionDAO">
<property name="flowController" ref="flowController"/>
- <property name="userService" ref="userService"/>
+ <property name="keyService" ref="keyService"/>
</bean>
<bean id="processorDAO" class="org.apache.nifi.web.dao.impl.StandardProcessorDAO">
<property name="flowController" ref="flowController"/>
@@ -110,7 +110,7 @@
<property name="properties" ref="nifiProperties"/>
<property name="flowController" ref="flowController"/>
<property name="flowService" ref="flowService"/>
- <property name="userService" ref="userService"/>
+ <property name="keyService" ref="keyService"/>
<property name="dtoFactory" ref="dtoFactory"/>
</bean>
<bean id="serviceFacade" class="org.apache.nifi.web.StandardNiFiServiceFacade">
@@ -129,7 +129,7 @@
<property name="templateDAO" ref="templateDAO"/>
<property name="snippetDAO" ref="snippetDAO"/>
<property name="auditService" ref="auditService"/>
- <property name="userService" ref="userService"/>
+ <property name="keyService" ref="keyService"/>
<property name="snippetUtils" ref="snippetUtils"/>
<property name="optimisticLockingManager" ref="webOptimisticLockingManager"/>
<property name="dtoFactory" ref="dtoFactory"/>
@@ -181,42 +181,49 @@
<property name="properties" ref="nifiProperties"/>
<property name="clusterManager" ref="clusterManager"/>
</bean>
- <bean id="processGroupResource" class="org.apache.nifi.web.api.ProcessGroupResource" scope="prototype">
+ <bean id="processGroupResource" class="org.apache.nifi.web.api.ProcessGroupResource" scope="singleton">
<property name="serviceFacade" ref="serviceFacade"/>
<property name="properties" ref="nifiProperties"/>
<property name="clusterManager" ref="clusterManager"/>
+ <property name="processorResource" ref="processorResource"/>
+ <property name="inputPortResource" ref="inputPortResource"/>
+ <property name="outputPortResource" ref="outputPortResource"/>
+ <property name="funnelResource" ref="funnelResource"/>
+ <property name="labelResource" ref="labelResource"/>
+ <property name="remoteProcessGroupResource" ref="remoteProcessGroupResource"/>
+ <property name="connectionResource" ref="connectionResource"/>
</bean>
- <bean id="processorResource" class="org.apache.nifi.web.api.ProcessorResource" scope="prototype">
+ <bean id="processorResource" class="org.apache.nifi.web.api.ProcessorResource" scope="singleton">
<property name="serviceFacade" ref="serviceFacade"/>
<property name="properties" ref="nifiProperties"/>
<property name="clusterManager" ref="clusterManager"/>
</bean>
- <bean id="connectionResource" class="org.apache.nifi.web.api.ConnectionResource" scope="prototype">
+ <bean id="connectionResource" class="org.apache.nifi.web.api.ConnectionResource" scope="singleton">
<property name="serviceFacade" ref="serviceFacade"/>
<property name="properties" ref="nifiProperties"/>
<property name="clusterManager" ref="clusterManager"/>
</bean>
- <bean id="remoteProcessGroupResource" class="org.apache.nifi.web.api.RemoteProcessGroupResource" scope="prototype">
+ <bean id="remoteProcessGroupResource" class="org.apache.nifi.web.api.RemoteProcessGroupResource" scope="singleton">
<property name="serviceFacade" ref="serviceFacade"/>
<property name="properties" ref="nifiProperties"/>
<property name="clusterManager" ref="clusterManager"/>
</bean>
- <bean id="inputPortResource" class="org.apache.nifi.web.api.InputPortResource" scope="prototype">
+ <bean id="inputPortResource" class="org.apache.nifi.web.api.InputPortResource" scope="singleton">
<property name="serviceFacade" ref="serviceFacade"/>
<property name="properties" ref="nifiProperties"/>
<property name="clusterManager" ref="clusterManager"/>
</bean>
- <bean id="outputPortResource" class="org.apache.nifi.web.api.OutputPortResource" scope="prototype">
+ <bean id="outputPortResource" class="org.apache.nifi.web.api.OutputPortResource" scope="singleton">
<property name="serviceFacade" ref="serviceFacade"/>
<property name="properties" ref="nifiProperties"/>
<property name="clusterManager" ref="clusterManager"/>
</bean>
- <bean id="labelResource" class="org.apache.nifi.web.api.LabelResource" scope="prototype">
+ <bean id="labelResource" class="org.apache.nifi.web.api.LabelResource" scope="singleton">
<property name="serviceFacade" ref="serviceFacade"/>
<property name="properties" ref="nifiProperties"/>
<property name="clusterManager" ref="clusterManager"/>
</bean>
- <bean id="funnelResource" class="org.apache.nifi.web.api.FunnelResource" scope="prototype">
+ <bean id="funnelResource" class="org.apache.nifi.web.api.FunnelResource" scope="singleton">
<property name="serviceFacade" ref="serviceFacade"/>
<property name="properties" ref="nifiProperties"/>
<property name="clusterManager" ref="clusterManager"/>
@@ -225,6 +232,14 @@
<property name="serviceFacade" ref="serviceFacade"/>
<property name="properties" ref="nifiProperties"/>
<property name="clusterManager" ref="clusterManager"/>
+ <property name="processorResource" ref="processorResource"/>
+ <property name="inputPortResource" ref="inputPortResource"/>
+ <property name="outputPortResource" ref="outputPortResource"/>
+ <property name="funnelResource" ref="funnelResource"/>
+ <property name="labelResource" ref="labelResource"/>
+ <property name="remoteProcessGroupResource" ref="remoteProcessGroupResource"/>
+ <property name="connectionResource" ref="connectionResource"/>
+ <property name="processGroupResource" ref="processGroupResource"/>
</bean>
<bean id="historyResource" class="org.apache.nifi.web.api.HistoryResource" scope="singleton">
<property name="serviceFacade" ref="serviceFacade"/>
@@ -234,16 +249,6 @@
<property name="properties" ref="nifiProperties"/>
<property name="clusterManager" ref="clusterManager"/>
</bean>
- <bean id="userResource" class="org.apache.nifi.web.api.UserResource" scope="singleton">
- <property name="serviceFacade" ref="serviceFacade"/>
- <property name="properties" ref="nifiProperties"/>
- <property name="clusterManager" ref="clusterManager"/>
- </bean>
- <bean id="userGroupResource" class="org.apache.nifi.web.api.UserGroupResource" scope="singleton">
- <property name="serviceFacade" ref="serviceFacade"/>
- <property name="properties" ref="nifiProperties"/>
- <property name="clusterManager" ref="clusterManager"/>
- </bean>
<bean id="clusterResource" class="org.apache.nifi.web.api.ClusterResource" scope="singleton">
<property name="serviceFacade" ref="serviceFacade"/>
<property name="properties" ref="nifiProperties"/>
@@ -265,7 +270,6 @@
<property name="jwtService" ref="jwtService"/>
<property name="otpService" ref="otpService"/>
<property name="kerberosService" ref="kerberosService"/>
- <property name="userDetailsService" ref="userDetailsService"/>
</bean>
<!-- configuration for jaxb serialization -->
@@ -275,7 +279,6 @@
<bean class="org.apache.nifi.web.api.config.AccessDeniedExceptionMapper" scope="singleton"/>
<bean class="org.apache.nifi.web.api.config.InvalidAuthenticationExceptionMapper" scope="singleton"/>
<bean class="org.apache.nifi.web.api.config.AuthenticationCredentialsNotFoundExceptionMapper" scope="singleton"/>
- <bean class="org.apache.nifi.web.api.config.AccountNotFoundExceptionMapper" scope="singleton"/>
<bean class="org.apache.nifi.web.api.config.AdministrationExceptionMapper" scope="singleton"/>
<bean class="org.apache.nifi.web.api.config.ClusterExceptionMapper" scope="singleton"/>
<bean class="org.apache.nifi.web.api.config.IllegalArgumentExceptionMapper" scope="singleton"/>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessTokenEndpointTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessTokenEndpointTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessTokenEndpointTest.java
index fe48490..5b96c6e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessTokenEndpointTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessTokenEndpointTest.java
@@ -41,11 +41,13 @@ import org.apache.nifi.web.util.WebUtils;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
+import org.junit.Ignore;
import org.junit.Test;
/**
* Access token endpoint test.
*/
+@Ignore
public class AccessTokenEndpointTest {
private static final String CLIENT_ID = "token-endpoint-id";
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AdminAccessControlTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AdminAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AdminAccessControlTest.java
index 8e0efd1..dd69954 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AdminAccessControlTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AdminAccessControlTest.java
@@ -53,11 +53,13 @@ import org.apache.commons.collections4.CollectionUtils;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
+import org.junit.Ignore;
import org.junit.Test;
/**
* Access control test for the admin user.
*/
+@Ignore
public class AdminAccessControlTest {
public static final String ADMIN_USER_DN = "CN=Lastname Firstname Middlename admin, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown";
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/DfmAccessControlTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/DfmAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/DfmAccessControlTest.java
index 283a4a9..914cf60 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/DfmAccessControlTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/DfmAccessControlTest.java
@@ -78,6 +78,7 @@ import org.junit.Test;
/**
* Access control test for the dfm user.
*/
+@Ignore
public class DfmAccessControlTest {
public static final String DFM_USER_DN = "CN=Lastname Firstname Middlename dfm, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown";
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ReadOnlyAccessControlTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ReadOnlyAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ReadOnlyAccessControlTest.java
index 0ab074f..2ed653a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ReadOnlyAccessControlTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ReadOnlyAccessControlTest.java
@@ -49,11 +49,13 @@ import org.apache.nifi.web.api.entity.ProcessorsEntity;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
+import org.junit.Ignore;
import org.junit.Test;
/**
* Access control test for a read only user.
*/
+@Ignore
public class ReadOnlyAccessControlTest {
public static final String READ_ONLY_USER_DN = "CN=Lastname Firstname Middlename monitor, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown";
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizationProvider.java
deleted file mode 100644
index aa8a518..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizationProvider.java
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.integration.util;
-
-import java.util.EnumSet;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.AuthorityProviderConfigurationContext;
-import org.apache.nifi.authorization.AuthorityProviderInitializationContext;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.DownloadAuthorization;
-
-/**
- *
- */
-public class NiFiTestAuthorizationProvider implements AuthorityProvider {
-
- private final Map<String, Set<Authority>> users;
-
- /**
- * Creates a new FileAuthorizationProvider.
- */
- public NiFiTestAuthorizationProvider() {
- users = new HashMap<>();
- users.put("CN=localhost, OU=Apache NiFi, O=Apache, L=Santa Monica, ST=CA, C=US", EnumSet.of(Authority.ROLE_PROXY));
- users.put("CN=Lastname Firstname Middlename monitor, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown", EnumSet.of(Authority.ROLE_MONITOR));
- users.put("CN=Lastname Firstname Middlename dfm, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown", EnumSet.of(Authority.ROLE_DFM));
- users.put("CN=Lastname Firstname Middlename admin, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown", EnumSet.of(Authority.ROLE_ADMIN));
- users.put("user@nifi", EnumSet.of(Authority.ROLE_DFM));
- }
-
- @Override
- public void initialize(AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException {
- }
-
- @Override
- public void onConfigured(AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException {
- }
-
- @Override
- public void preDestruction() {
- }
-
- private void checkDn(String dn) throws UnknownIdentityException {
- if (!users.containsKey(dn)) {
- throw new UnknownIdentityException("Unknown user: " + dn);
- }
- }
-
- /**
- * Determines if the specified dn is known to this authority provider.
- *
- * @param dn dn
- * @return True if he dn is known, false otherwise
- */
- @Override
- public boolean doesDnExist(String dn) throws AuthorityAccessException {
- try {
- checkDn(dn);
- return true;
- } catch (UnknownIdentityException uie) {
- return false;
- }
- }
-
- /**
- * Loads the authorities for the specified user.
- *
- * @param dn dn
- * @return authorities
- * @throws UnknownIdentityException ex
- * @throws AuthorityAccessException ex
- */
- @Override
- public Set<Authority> getAuthorities(String dn) throws UnknownIdentityException, AuthorityAccessException {
- checkDn(dn);
- return new HashSet<>(users.get(dn));
- }
-
- /**
- * Sets the specified authorities to the specified user.
- *
- * @param dn dn
- * @param authorities authorities
- * @throws AuthorityAccessException ex
- */
- @Override
- public void setAuthorities(String dn, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- /**
- * Adds the specified user.
- *
- * @param dn dn
- * @param group group
- * @throws UnknownIdentityException ex
- * @throws AuthorityAccessException ex
- */
- @Override
- public void addUser(String dn, String group) throws AuthorityAccessException {
- }
-
- /**
- * Gets the users for the specified authority.
- *
- * @param authority authority
- * @return users
- * @throws AuthorityAccessException ex
- */
- @Override
- public Set<String> getUsers(Authority authority) throws AuthorityAccessException {
- Set<String> usersForAuthority = new HashSet<>();
- for (String dn : users.keySet()) {
- if (users.get(dn).contains(authority)) {
- usersForAuthority.add(dn);
- }
- }
- return usersForAuthority;
- }
-
- /**
- * Removes the specified user.
- *
- * @param dn dn
- * @throws UnknownIdentityException ex
- * @throws AuthorityAccessException ex
- */
- @Override
- public void revokeUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public String getGroupForUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- return StringUtils.EMPTY;
- }
-
- @Override
- public void revokeGroup(String group) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public void setUsersGroup(Set<String> dn, String group) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public void ungroupUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public void ungroup(String group) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException {
- return DownloadAuthorization.approved();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizer.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizer.java
new file mode 100644
index 0000000..5795b69
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizer.java
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.integration.util;
+
+import org.apache.nifi.authorization.AuthorizationRequest;
+import org.apache.nifi.authorization.AuthorizationResult;
+import org.apache.nifi.authorization.Authorizer;
+import org.apache.nifi.authorization.AuthorizerConfigurationContext;
+import org.apache.nifi.authorization.AuthorizerInitializationContext;
+import org.apache.nifi.authorization.exception.AuthorizationAccessException;
+import org.apache.nifi.authorization.exception.AuthorizerCreationException;
+
+/**
+ *
+ */
+public class NiFiTestAuthorizer implements Authorizer {
+
+
+ /**
+ * Creates a new FileAuthorizationProvider.
+ */
+ public NiFiTestAuthorizer() {
+ }
+
+ @Override
+ public void initialize(AuthorizerInitializationContext initializationContext) throws AuthorizerCreationException {
+ }
+
+ @Override
+ public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
+ }
+
+ @Override
+ public AuthorizationResult authorize(AuthorizationRequest request) throws AuthorizationAccessException {
+ return AuthorizationResult.approved();
+ }
+
+ @Override
+ public void preDestruction() {
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java
index c023ce1..967f652 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java
@@ -16,10 +16,6 @@
*/
package org.apache.nifi.integration.util;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.concurrent.TimeUnit;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
import org.apache.nifi.authentication.AuthenticationResponse;
import org.apache.nifi.authentication.LoginCredentials;
import org.apache.nifi.authentication.LoginIdentityProvider;
@@ -27,6 +23,11 @@ import org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
import org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
/**
*
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestServer.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestServer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestServer.java
index 38c2d41..4c1a417 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestServer.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestServer.java
@@ -79,7 +79,7 @@ public class NiFiTestServer {
org.eclipse.jetty.util.ssl.SslContextFactory contextFactory = new org.eclipse.jetty.util.ssl.SslContextFactory();
// require client auth when not supporting login or anonymous access
- if (StringUtils.isBlank(properties.getProperty(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER)) && properties.getAnonymousAuthorities().isEmpty()) {
+ if (StringUtils.isBlank(properties.getProperty(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER))) {
contextFactory.setNeedClientAuth(true);
} else {
contextFactory.setWantClientAuth(true);
[08/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java
index 802f46f..4a746b3 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java
@@ -16,36 +16,14 @@
*/
package org.apache.nifi.web.api;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.HashMap;
-import java.util.LinkedHashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.UUID;
-
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.FormParam;
-import javax.ws.rs.GET;
-import javax.ws.rs.HttpMethod;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-
+import com.wordnik.swagger.annotations.ApiOperation;
+import com.wordnik.swagger.annotations.ApiParam;
+import com.wordnik.swagger.annotations.ApiResponse;
+import com.wordnik.swagger.annotations.ApiResponses;
+import com.wordnik.swagger.annotations.Authorization;
import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.cluster.context.ClusterContext;
+import org.apache.nifi.cluster.context.ClusterContextThreadLocal;
import org.apache.nifi.cluster.manager.impl.WebClusterManager;
import org.apache.nifi.ui.extension.UiExtension;
import org.apache.nifi.ui.extension.UiExtensionMapping;
@@ -59,25 +37,40 @@ import org.apache.nifi.web.api.dto.PropertyDescriptorDTO;
import org.apache.nifi.web.api.dto.ReportingTaskDTO;
import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.entity.ComponentStateEntity;
+import org.apache.nifi.web.api.entity.Entity;
import org.apache.nifi.web.api.entity.PropertyDescriptorEntity;
import org.apache.nifi.web.api.entity.ReportingTaskEntity;
import org.apache.nifi.web.api.entity.ReportingTasksEntity;
import org.apache.nifi.web.api.request.ClientIdParameter;
import org.apache.nifi.web.api.request.LongParameter;
import org.apache.nifi.web.util.Availability;
-import org.springframework.security.access.prepost.PreAuthorize;
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiParam;
-import com.wordnik.swagger.annotations.ApiResponse;
-import com.wordnik.swagger.annotations.ApiResponses;
-import com.wordnik.swagger.annotations.Authorization;
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.GET;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.POST;
+import javax.ws.rs.PUT;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
+import java.net.URI;
+import java.nio.charset.StandardCharsets;
+import java.util.List;
+import java.util.Set;
+import java.util.UUID;
/**
* RESTful endpoint for managing a Reporting Task.
*/
-@Api(hidden = true)
+@Path("reporting-tasks")
public class ReportingTaskResource extends ApplicationResource {
private NiFiServiceFacade serviceFacade;
@@ -105,7 +98,7 @@ public class ReportingTaskResource extends ApplicationResource {
*/
private ReportingTaskDTO populateRemainingReportingTaskContent(final String availability, final ReportingTaskDTO reportingTask) {
// populate the reporting task href
- reportingTask.setUri(generateResourceUri("controller", "reporting-tasks", availability, reportingTask.getId()));
+ reportingTask.setUri(generateResourceUri("reporting-tasks", availability, reportingTask.getId()));
reportingTask.setAvailability(availability);
// see if this processor has any ui extensions
@@ -155,9 +148,9 @@ public class ReportingTaskResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets all reporting tasks",
response = ReportingTasksEntity.class,
@@ -212,52 +205,6 @@ public class ReportingTaskResource extends ApplicationResource {
}
/**
- * Creates a new reporting task.
- *
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with
- * the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a
- * new one will be generated. This value (whether specified or generated) is
- * included in the response.
- * @param availability Whether the reporting task is available on the NCM
- * only (ncm) or on the nodes only (node). If this instance is not clustered
- * all tasks should use the node availability.
- * @param type The type of reporting task to create.
- * @return A reportingTaskEntity.
- */
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}")
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response createReportingTask(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("availability") String availability,
- @FormParam("type") String type) {
-
- // create the reporting task DTO
- final ReportingTaskDTO reportingTaskDTO = new ReportingTaskDTO();
- reportingTaskDTO.setType(type);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the reporting task entity
- final ReportingTaskEntity reportingTaskEntity = new ReportingTaskEntity();
- reportingTaskEntity.setRevision(revision);
- reportingTaskEntity.setReportingTask(reportingTaskDTO);
-
- return createReportingTask(httpServletRequest, availability, reportingTaskEntity);
- }
-
- /**
* Creates a new Reporting Task.
*
* @param httpServletRequest request
@@ -268,10 +215,10 @@ public class ReportingTaskResource extends ApplicationResource {
* @return A reportingTaskEntity.
*/
@POST
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Creates a new reporting task",
response = ReportingTaskEntity.class,
@@ -321,28 +268,8 @@ public class ReportingTaskResource extends ApplicationResource {
// get the revision
final RevisionDTO revision = reportingTaskEntity.getRevision();
- // if cluster manager, convert POST to PUT (to maintain same ID across nodes) and replicate
- if (properties.isClusterManager() && Availability.NODE.equals(avail)) {
- // create ID for resource
- final String id = UUID.randomUUID().toString();
-
- // set ID for resource
- reportingTaskEntity.getReportingTask().setId(id);
-
- // convert POST request to PUT request to force entity ID to be the same across nodes
- URI putUri = null;
- try {
- putUri = new URI(getAbsolutePath().toString() + "/" + id);
- } catch (final URISyntaxException e) {
- throw new WebApplicationException(e);
- }
-
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // replicate put request
- return clusterManager.applyRequest(HttpMethod.PUT, putUri, updateClientId(reportingTaskEntity), getHeaders(headersToOverride)).getResponse();
+ if (properties.isClusterManager()) {
+ return clusterManager.applyRequest(HttpMethod.POST, getAbsolutePath(), updateClientId(reportingTaskEntity), getHeaders()).getResponse();
}
// handle expects request (usually from the cluster manager)
@@ -351,6 +278,14 @@ public class ReportingTaskResource extends ApplicationResource {
return generateContinueResponse().build();
}
+ // set the processor id as appropriate
+ final ClusterContext clusterContext = ClusterContextThreadLocal.getContext();
+ if (clusterContext != null) {
+ reportingTaskEntity.getReportingTask().setId(UUID.nameUUIDFromBytes(clusterContext.getIdGenerationSeed().getBytes(StandardCharsets.UTF_8)).toString());
+ } else {
+ reportingTaskEntity.getReportingTask().setId(UUID.randomUUID().toString());
+ }
+
// create the reporting task and generate the json
final ConfigurationSnapshot<ReportingTaskDTO> controllerResponse = serviceFacade.createReportingTask(
new Revision(revision.getVersion(), revision.getClientId()), reportingTaskEntity.getReportingTask());
@@ -384,9 +319,9 @@ public class ReportingTaskResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}/{id}")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets a reporting task",
response = ReportingTaskEntity.class,
@@ -458,9 +393,9 @@ public class ReportingTaskResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}/descriptors")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}/{id}/descriptors")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets a reporting task property descriptor",
response = PropertyDescriptorEntity.class,
@@ -542,9 +477,9 @@ public class ReportingTaskResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}/state")
- @PreAuthorize("hasAnyRole('ROLE_DFM')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}/{id}/state")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
@ApiOperation(
value = "Gets the state for a reporting task",
response = ComponentStateDTO.class,
@@ -605,8 +540,7 @@ public class ReportingTaskResource extends ApplicationResource {
/**
* Clears the state for a reporting task.
*
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param version The revision is used to verify the client is working with the latest version of the flow.
+ * @param revisionEntity The revision is used to verify the client is working with the latest version of the flow.
* @param availability Whether the reporting task is available on the
* NCM only (ncm) or on the nodes only (node). If this instance is not
* clustered all services should use the node availability.
@@ -614,10 +548,10 @@ public class ReportingTaskResource extends ApplicationResource {
* @return a componentStateEntity
*/
@POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}/state/clear-requests")
- @PreAuthorize("hasAnyRole('ROLE_DFM')")
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}/{id}/state/clear-requests")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
@ApiOperation(
value = "Clears the state for a reporting task",
response = ComponentStateDTO.class,
@@ -637,15 +571,10 @@ public class ReportingTaskResource extends ApplicationResource {
public Response clearState(
@Context HttpServletRequest httpServletRequest,
@ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @ApiParam(
- value = "The revision is used to verify the client is working with the latest version of the flow.",
+ value = "The revision used to verify the client is working with the latest version of the flow.",
required = true
)
- @FormParam(VERSION) LongParameter version,
+ Entity revisionEntity,
@ApiParam(
value = "Whether the reporting task is available on the NCM or nodes. If the NiFi is standalone the availability should be NODE.",
allowableValues = "NCM, NODE",
@@ -672,136 +601,24 @@ public class ReportingTaskResource extends ApplicationResource {
return generateContinueResponse().build();
}
- // get the revision specified by the user
- Long revision = null;
- if (version != null) {
- revision = version.getLong();
- }
-
// get the component state
- final ConfigurationSnapshot<Void> snapshot = serviceFacade.clearReportingTaskState(new Revision(revision, clientId.getClientId()), id);
+ final RevisionDTO requestRevision = revisionEntity.getRevision();
+ final ConfigurationSnapshot<Void> snapshot = serviceFacade.clearReportingTaskState(new Revision(requestRevision.getVersion(), requestRevision.getClientId()), id);
// create the revision
- final RevisionDTO revisionDTO = new RevisionDTO();
- revisionDTO.setClientId(clientId.getClientId());
- revisionDTO.setVersion(snapshot.getVersion());
+ final RevisionDTO responseRevision = new RevisionDTO();
+ responseRevision.setClientId(requestRevision.getClientId());
+ responseRevision.setVersion(snapshot.getVersion());
// generate the response entity
final ComponentStateEntity entity = new ComponentStateEntity();
- entity.setRevision(revisionDTO);
+ entity.setRevision(responseRevision);
// generate the response
return clusterContext(generateOkResponse(entity)).build();
}
/**
- * Updates the specified reporting task.
- *
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with
- * the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a
- * new one will be generated. This value (whether specified or generated) is
- * included in the response.
- * @param availability Whether the reporting task is available on the NCM
- * only (ncm) or on the nodes only (node). If this instance is not clustered
- * all tasks should use the node availability.
- * @param id The id of the reporting task to update.
- * @param name The name of the reporting task
- * @param annotationData The annotation data for the reporting task
- * @param markedForDeletion Array of property names whose value should be
- * removed.
- * @param state The updated scheduled state
- * @param schedulingStrategy The scheduling strategy for this reporting task
- * @param schedulingPeriod The scheduling period for this reporting task
- * @param comments The comments for this reporting task
- * @param formParams Additionally, the processor properties and styles are
- * specified in the form parameters. Because the property names and styles
- * differ from processor to processor they are specified in a map-like
- * fashion:
- * <br>
- * <ul>
- * <li>properties[required.file.path]=/path/to/file</li>
- * <li>properties[required.hostname]=localhost</li>
- * <li>properties[required.port]=80</li>
- * <li>properties[optional.file.path]=/path/to/file</li>
- * <li>properties[optional.hostname]=localhost</li>
- * <li>properties[optional.port]=80</li>
- * <li>properties[user.defined.pattern]=^.*?s.*$</li>
- * </ul>
- * @return A reportingTaskEntity.
- */
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response updateReportingTask(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("availability") String availability, @PathParam("id") String id, @FormParam("name") String name,
- @FormParam("annotationData") String annotationData, @FormParam("markedForDeletion[]") List<String> markedForDeletion,
- @FormParam("state") String state, @FormParam("schedulingStrategy") String schedulingStrategy,
- @FormParam("schedulingPeriod") String schedulingPeriod, @FormParam("comments") String comments,
- MultivaluedMap<String, String> formParams) {
-
- // create collections for holding the reporting task properties
- final Map<String, String> updatedProperties = new LinkedHashMap<>();
-
- // go through each parameter and look for processor properties
- for (String parameterName : formParams.keySet()) {
- if (StringUtils.isNotBlank(parameterName)) {
- // see if the parameter name starts with an expected parameter type...
- // if so, store the parameter name and value in the corresponding collection
- if (parameterName.startsWith("properties")) {
- final int startIndex = StringUtils.indexOf(parameterName, "[");
- final int endIndex = StringUtils.lastIndexOf(parameterName, "]");
- if (startIndex != -1 && endIndex != -1) {
- final String propertyName = StringUtils.substring(parameterName, startIndex + 1, endIndex);
- updatedProperties.put(propertyName, formParams.getFirst(parameterName));
- }
- }
- }
- }
-
- // set the properties to remove
- for (String propertyToDelete : markedForDeletion) {
- updatedProperties.put(propertyToDelete, null);
- }
-
- // create the reporting task DTO
- final ReportingTaskDTO reportingTaskDTO = new ReportingTaskDTO();
- reportingTaskDTO.setId(id);
- reportingTaskDTO.setName(name);
- reportingTaskDTO.setState(state);
- reportingTaskDTO.setSchedulingStrategy(schedulingStrategy);
- reportingTaskDTO.setSchedulingPeriod(schedulingPeriod);
- reportingTaskDTO.setAnnotationData(annotationData);
- reportingTaskDTO.setComments(comments);
-
- // only set the properties when appropriate
- if (!updatedProperties.isEmpty()) {
- reportingTaskDTO.setProperties(updatedProperties);
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the reporting task entity
- final ReportingTaskEntity reportingTaskEntity = new ReportingTaskEntity();
- reportingTaskEntity.setRevision(revision);
- reportingTaskEntity.setReportingTask(reportingTaskDTO);
-
- // update the reporting task
- return updateReportingTask(httpServletRequest, availability, id, reportingTaskEntity);
- }
-
- /**
* Updates the specified a Reporting Task.
*
* @param httpServletRequest request
@@ -813,10 +630,10 @@ public class ReportingTaskResource extends ApplicationResource {
* @return A reportingTaskEntity.
*/
@PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}/{id}")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates a reporting task",
response = ReportingTaskEntity.class,
@@ -870,12 +687,7 @@ public class ReportingTaskResource extends ApplicationResource {
// replicate if cluster manager
if (properties.isClusterManager() && Availability.NODE.equals(avail)) {
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // replicate the request
- return clusterManager.applyRequest(HttpMethod.PUT, getAbsolutePath(), updateClientId(reportingTaskEntity), getHeaders(headersToOverride)).getResponse();
+ return clusterManager.applyRequest(HttpMethod.PUT, getAbsolutePath(), updateClientId(reportingTaskEntity), getHeaders()).getResponse();
}
// handle expects request (usually from the cluster manager)
@@ -927,9 +739,9 @@ public class ReportingTaskResource extends ApplicationResource {
*/
@DELETE
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}/{id}")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Deletes a reporting task",
response = ReportingTaskEntity.class,
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java
index 247eac1..5eddcf7 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java
@@ -23,13 +23,21 @@ import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import com.wordnik.swagger.annotations.Authorization;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.UUID;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.cluster.manager.impl.WebClusterManager;
+import org.apache.nifi.util.NiFiProperties;
+import org.apache.nifi.web.ConfigurationSnapshot;
+import org.apache.nifi.web.NiFiServiceFacade;
+import org.apache.nifi.web.Revision;
+import org.apache.nifi.web.api.dto.FlowSnippetDTO;
+import org.apache.nifi.web.api.dto.RevisionDTO;
+import org.apache.nifi.web.api.dto.SnippetDTO;
+import org.apache.nifi.web.api.entity.SnippetEntity;
+import org.apache.nifi.web.api.request.ClientIdParameter;
+import org.apache.nifi.web.api.request.LongParameter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@@ -47,21 +55,13 @@ import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import org.apache.nifi.cluster.manager.impl.WebClusterManager;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.ConfigurationSnapshot;
-import org.apache.nifi.web.NiFiServiceFacade;
-import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.api.dto.FlowSnippetDTO;
-import org.apache.nifi.web.api.dto.RevisionDTO;
-import org.apache.nifi.web.api.dto.SnippetDTO;
-import org.apache.nifi.web.api.entity.SnippetEntity;
-import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.nifi.web.api.request.LongParameter;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.access.prepost.PreAuthorize;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
/**
* RESTful endpoint for managing a Snippet.
@@ -80,94 +80,14 @@ public class SnippetResource extends ApplicationResource {
private WebClusterManager clusterManager;
private NiFiProperties properties;
- /**
- * Get the processor resource within the specified group.
- *
- * @return the processor resource within the specified group
- */
- private ProcessorResource getProcessorResource(final String groupId) {
- ProcessorResource processorResource = resourceContext.getResource(ProcessorResource.class);
- processorResource.setGroupId(groupId);
- return processorResource;
- }
-
- /**
- * Get the connection sub-resource within the specified group.
- *
- * @return the connection sub-resource within the specified group
- */
- private ConnectionResource getConnectionResource(final String groupId) {
- ConnectionResource connectionResource = resourceContext.getResource(ConnectionResource.class);
- connectionResource.setGroupId(groupId);
- return connectionResource;
- }
-
- /**
- * Get the input ports sub-resource within the specified group.
- *
- * @return the input ports sub-resource within the specified group
- */
- private InputPortResource getInputPortResource(final String groupId) {
- InputPortResource inputPortResource = resourceContext.getResource(InputPortResource.class);
- inputPortResource.setGroupId(groupId);
- return inputPortResource;
- }
-
- /**
- * Get the output ports sub-resource within the specified group.
- *
- * @return the output ports sub-resource within the specified group
- */
- private OutputPortResource getOutputPortResource(final String groupId) {
- OutputPortResource outputPortResource = resourceContext.getResource(OutputPortResource.class);
- outputPortResource.setGroupId(groupId);
- return outputPortResource;
- }
-
- /**
- * Locates the label sub-resource within the specified group.
- *
- * @return the label sub-resource within the specified group
- */
- private LabelResource getLabelResource(final String groupId) {
- LabelResource labelResource = resourceContext.getResource(LabelResource.class);
- labelResource.setGroupId(groupId);
- return labelResource;
- }
-
- /**
- * Locates the funnel sub-resource within the specified group.
- *
- * @return the funnel sub-resource within the specified group
- */
- private FunnelResource getFunnelResource(final String groupId) {
- FunnelResource funnelResource = resourceContext.getResource(FunnelResource.class);
- funnelResource.setGroupId(groupId);
- return funnelResource;
- }
-
- /**
- * Locates the remote process group sub-resource within the specified group.
- *
- * @return the remote process group sub-resource within the specified group
- */
- private RemoteProcessGroupResource getRemoteProcessGroupResource(final String groupId) {
- RemoteProcessGroupResource remoteProcessGroupResource = resourceContext.getResource(RemoteProcessGroupResource.class);
- remoteProcessGroupResource.setGroupId(groupId);
- return remoteProcessGroupResource;
- }
-
- /**
- * Locates the process group sub-resource within the specified group.
- *
- * @param groupId group id
- * @return the process group sub-resource within the specified group
- */
- private ProcessGroupResource getProcessGroupResource(final String groupId) {
- ProcessGroupResource processGroupResource = resourceContext.getResource(ProcessGroupResource.class);
- processGroupResource.setGroupId(groupId);
- return processGroupResource;
- }
+ private ProcessorResource processorResource;
+ private InputPortResource inputPortResource;
+ private OutputPortResource outputPortResource;
+ private FunnelResource funnelResource;
+ private LabelResource labelResource;
+ private RemoteProcessGroupResource remoteProcessGroupResource;
+ private ConnectionResource connectionResource;
+ private ProcessGroupResource processGroupResource;
/**
* Populates the uri for the specified snippet.
@@ -181,14 +101,14 @@ public class SnippetResource extends ApplicationResource {
// populate the snippet content uris
if (snippet.getContents() != null) {
- getProcessorResource(snippetGroupId).populateRemainingProcessorsContent(snippetContents.getProcessors());
- getConnectionResource(snippetGroupId).populateRemainingConnectionsContent(snippetContents.getConnections());
- getInputPortResource(snippetGroupId).populateRemainingInputPortsContent(snippetContents.getInputPorts());
- getOutputPortResource(snippetGroupId).populateRemainingOutputPortsContent(snippetContents.getOutputPorts());
- getRemoteProcessGroupResource(snippetGroupId).populateRemainingRemoteProcessGroupsContent(snippetContents.getRemoteProcessGroups());
- getFunnelResource(snippetGroupId).populateRemainingFunnelsContent(snippetContents.getFunnels());
- getLabelResource(snippetGroupId).populateRemainingLabelsContent(snippetContents.getLabels());
- getProcessGroupResource(snippetGroupId).populateRemainingProcessGroupsContent(snippetContents.getProcessGroups());
+ processorResource.populateRemainingProcessorsContent(snippetContents.getProcessors());
+ connectionResource.populateRemainingConnectionsContent(snippetContents.getConnections());
+ inputPortResource.populateRemainingInputPortsContent(snippetContents.getInputPorts());
+ outputPortResource.populateRemainingOutputPortsContent(snippetContents.getOutputPorts());
+ remoteProcessGroupResource.populateRemainingRemoteProcessGroupsContent(snippetContents.getRemoteProcessGroups());
+ funnelResource.populateRemainingFunnelsContent(snippetContents.getFunnels());
+ labelResource.populateRemainingLabelsContent(snippetContents.getLabels());
+ processGroupResource.populateRemainingProcessGroupsContent(snippetContents.getProcessGroups());
}
return snippet;
@@ -222,7 +142,7 @@ public class SnippetResource extends ApplicationResource {
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
public Response createSnippet(
@Context HttpServletRequest httpServletRequest,
@FormParam(VERSION) LongParameter version,
@@ -279,7 +199,7 @@ public class SnippetResource extends ApplicationResource {
@Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Creates a snippet",
response = SnippetEntity.class,
@@ -393,7 +313,7 @@ public class SnippetResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("{id}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets a snippet",
response = SnippetEntity.class,
@@ -477,7 +397,7 @@ public class SnippetResource extends ApplicationResource {
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
public Response updateSnippet(
@Context HttpServletRequest httpServletRequest,
@FormParam(VERSION) LongParameter version,
@@ -523,7 +443,7 @@ public class SnippetResource extends ApplicationResource {
@Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates a snippet",
response = SnippetEntity.class,
@@ -629,7 +549,7 @@ public class SnippetResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Deletes a snippet",
response = SnippetEntity.class,
@@ -706,6 +626,38 @@ public class SnippetResource extends ApplicationResource {
this.clusterManager = clusterManager;
}
+ public void setProcessorResource(ProcessorResource processorResource) {
+ this.processorResource = processorResource;
+ }
+
+ public void setInputPortResource(InputPortResource inputPortResource) {
+ this.inputPortResource = inputPortResource;
+ }
+
+ public void setOutputPortResource(OutputPortResource outputPortResource) {
+ this.outputPortResource = outputPortResource;
+ }
+
+ public void setFunnelResource(FunnelResource funnelResource) {
+ this.funnelResource = funnelResource;
+ }
+
+ public void setLabelResource(LabelResource labelResource) {
+ this.labelResource = labelResource;
+ }
+
+ public void setRemoteProcessGroupResource(RemoteProcessGroupResource remoteProcessGroupResource) {
+ this.remoteProcessGroupResource = remoteProcessGroupResource;
+ }
+
+ public void setConnectionResource(ConnectionResource connectionResource) {
+ this.connectionResource = connectionResource;
+ }
+
+ public void setProcessGroupResource(ProcessGroupResource processGroupResource) {
+ this.processGroupResource = processGroupResource;
+ }
+
public void setProperties(NiFiProperties properties) {
this.properties = properties;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SystemDiagnosticsResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SystemDiagnosticsResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SystemDiagnosticsResource.java
index 1bde7bf..213190a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SystemDiagnosticsResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SystemDiagnosticsResource.java
@@ -34,7 +34,6 @@ import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.dto.SystemDiagnosticsDTO;
import org.apache.nifi.web.api.entity.SystemDiagnosticsEntity;
import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.springframework.security.access.prepost.PreAuthorize;
import javax.ws.rs.Consumes;
import javax.ws.rs.DefaultValue;
@@ -74,7 +73,7 @@ public class SystemDiagnosticsResource extends ApplicationResource {
@GET
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets the diagnostics for the system NiFi is running on",
response = SystemDiagnosticsEntity.class,
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java
index 03debbb..673373a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java
@@ -23,12 +23,18 @@ import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import com.wordnik.swagger.annotations.Authorization;
-import java.io.InputStream;
-import java.net.URI;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.cluster.manager.impl.WebClusterManager;
+import org.apache.nifi.util.NiFiProperties;
+import org.apache.nifi.web.NiFiServiceFacade;
+import org.apache.nifi.web.api.dto.RevisionDTO;
+import org.apache.nifi.web.api.dto.TemplateDTO;
+import org.apache.nifi.web.api.entity.TemplateEntity;
+import org.apache.nifi.web.api.entity.TemplatesEntity;
+import org.apache.nifi.web.api.request.ClientIdParameter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
@@ -49,19 +55,12 @@ import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.transform.stream.StreamSource;
-import org.apache.nifi.cluster.manager.impl.WebClusterManager;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.NiFiServiceFacade;
-import static org.apache.nifi.web.api.ApplicationResource.CLIENT_ID;
-import org.apache.nifi.web.api.dto.RevisionDTO;
-import org.apache.nifi.web.api.dto.TemplateDTO;
-import org.apache.nifi.web.api.entity.TemplateEntity;
-import org.apache.nifi.web.api.entity.TemplatesEntity;
-import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.access.prepost.PreAuthorize;
+import java.io.InputStream;
+import java.net.URI;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
/**
* RESTful endpoint for managing a Template.
@@ -109,7 +108,7 @@ public class TemplateResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("") // necessary due to bug in swagger
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets all templates",
response = TemplatesEntity.class,
@@ -172,7 +171,7 @@ public class TemplateResource extends ApplicationResource {
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Creates a template",
response = TemplateEntity.class,
@@ -254,7 +253,7 @@ public class TemplateResource extends ApplicationResource {
@Consumes(MediaType.MULTIPART_FORM_DATA)
@Produces(MediaType.APPLICATION_XML)
@Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
public Response importTemplate(
@Context HttpServletRequest httpServletRequest,
@FormDataParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
@@ -316,7 +315,7 @@ public class TemplateResource extends ApplicationResource {
@Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Produces(MediaType.APPLICATION_XML)
@Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
public Response importTemplate(
@Context HttpServletRequest httpServletRequest,
TemplateEntity templateEntity) {
@@ -377,7 +376,7 @@ public class TemplateResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.APPLICATION_XML)
@Path("{id}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Exports a template",
response = TemplateDTO.class,
@@ -445,7 +444,7 @@ public class TemplateResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Deletes a template",
response = TemplateEntity.class,
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserGroupResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserGroupResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserGroupResource.java
deleted file mode 100644
index 3a0b596..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserGroupResource.java
+++ /dev/null
@@ -1,465 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api;
-
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiParam;
-import com.wordnik.swagger.annotations.ApiResponse;
-import com.wordnik.swagger.annotations.ApiResponses;
-import com.wordnik.swagger.annotations.Authorization;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.FormParam;
-import javax.ws.rs.HttpMethod;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import org.apache.nifi.cluster.manager.NodeResponse;
-import org.apache.nifi.cluster.manager.impl.WebClusterManager;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.api.entity.UserGroupEntity;
-import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.web.NiFiServiceFacade;
-import org.apache.nifi.web.api.dto.RevisionDTO;
-import org.apache.nifi.web.api.dto.UserGroupDTO;
-import org.springframework.security.access.prepost.PreAuthorize;
-
-/**
- * RESTful endpoint for managing this Controller's user groups.
- */
-@Api(hidden = true)
-public class UserGroupResource extends ApplicationResource {
-
- /*
- * Developer Note: Clustering assumes a centralized security provider. The
- * cluster manager will manage user accounts when in clustered mode and
- * interface with the authorization provider. However, when nodes perform
- * Site-to-Site, the authorization details of the remote NiFi will be cached
- * locally. These details need to be invalidated when certain actions are
- * performed (revoking/deleting accounts, changing user authorities, user
- * group, etc).
- */
- private WebClusterManager clusterManager;
- private NiFiProperties properties;
- private NiFiServiceFacade serviceFacade;
-
- /**
- * Updates a new user group.
- *
- * @param httpServletRequest request
- * @param clientId Optional client id. If the client id is not specified, a
- * new one will be generated. This value (whether specified or generated) is
- * included in the response.
- * @param userIds A collection of user ids to include in this group. If a
- * user already belongs to another group, they will be placed in this group
- * instead. Existing users in this group will remain in this group.
- * @param group The name of the group.
- * @param rawAuthorities Array of authorities to assign to the specified
- * user.
- * @param status The status of the specified users account.
- * @param formParams form params
- * @return A userGroupEntity.
- */
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{group}")
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- public Response updateUserGroup(
- @Context HttpServletRequest httpServletRequest,
- @PathParam("group") String group,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @FormParam("userIds[]") Set<String> userIds,
- @FormParam("authorities[]") Set<String> rawAuthorities,
- @FormParam("status") String status,
- MultivaluedMap<String, String> formParams) {
-
- // get the collection of specified authorities
- final Set<String> authorities = new HashSet<>();
- for (String authority : rawAuthorities) {
- if (StringUtils.isNotBlank(authority)) {
- authorities.add(authority);
- }
- }
-
- // create the user group dto
- final UserGroupDTO userGroup = new UserGroupDTO();
- userGroup.setGroup(group);
- userGroup.setUserIds(userIds);
- userGroup.setStatus(status);
-
- // set the authorities
- if (!authorities.isEmpty() || formParams.containsKey("authorities")) {
- userGroup.setAuthorities(authorities);
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the user group entity
- final UserGroupEntity entity = new UserGroupEntity();
- entity.setRevision(revision);
- entity.setUserGroup(userGroup);
-
- // create the user group
- return updateUserGroup(httpServletRequest, group, entity);
- }
-
- /**
- * Creates a new user group with the specified users.
- *
- * @param httpServletRequest request
- * @param group The user group.
- * @param userGroupEntity A userGroupEntity.
- * @return A userGroupEntity.
- */
- @PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{group}")
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @ApiOperation(
- value = "Updates a user group",
- response = UserGroupEntity.class,
- authorizations = {
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response updateUserGroup(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The name of the user group.",
- required = true
- )
- @PathParam("group") String group,
- @ApiParam(
- value = "The user group configuration details.",
- required = true
- )
- UserGroupEntity userGroupEntity) {
-
- if (userGroupEntity == null || userGroupEntity.getUserGroup() == null) {
- throw new IllegalArgumentException("User group details must be specified.");
- }
-
- // get the user group
- UserGroupDTO userGroup = userGroupEntity.getUserGroup();
-
- // ensure the same id is being used
- if (!group.equals(userGroup.getGroup())) {
- throw new IllegalArgumentException(String.format("The user group (%s) in the request body does "
- + "not equal the user group of the requested resource (%s).", userGroup.getGroup(), group));
- }
-
- // the user group must be specified and cannot be blank
- if (StringUtils.isBlank(userGroup.getGroup())) {
- throw new IllegalArgumentException("User group must be specified and cannot be blank.");
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- if (userGroupEntity.getRevision() == null) {
- revision.setClientId(new ClientIdParameter().getClientId());
- } else {
- revision.setClientId(userGroupEntity.getRevision().getClientId());
- }
-
- // this user is being modified, replicate to the nodes to invalidate this account
- // so that it will be re-authorized during the next attempted access - if this wasn't
- // done the account would remain stale for up to the configured cache duration. this
- // is acceptable sometimes but when updating a users authorities or groups via the UI
- // they shouldn't have to wait for the changes to take effect`
- if (properties.isClusterManager()) {
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // identify yourself as the NCM attempting to invalidate the user
- final Map<String, String> headers = getHeaders(headersToOverride);
- headers.put(WebClusterManager.CLUSTER_INVALIDATE_USER_GROUP_HEADER, Boolean.TRUE.toString());
-
- final RevisionDTO invalidateUserRevision = new RevisionDTO();
- revision.setClientId(revision.getClientId());
-
- final UserGroupDTO invalidateUserGroup = new UserGroupDTO();
- invalidateUserGroup.setGroup(group);
- invalidateUserGroup.setUserIds(userGroup.getUserIds());
-
- final UserGroupEntity invalidateUserGroupEntity = new UserGroupEntity();
- invalidateUserGroupEntity.setRevision(invalidateUserRevision);
- invalidateUserGroupEntity.setUserGroup(invalidateUserGroup);
-
- // replicate the invalidate request to each node - if this request is not successful return that fact,
- // otherwise continue with the desired user modification
- final NodeResponse response = clusterManager.applyRequest(HttpMethod.PUT, getAbsolutePath(), invalidateUserGroupEntity, headers);
- if (!response.is2xx()) {
- return response.getResponse();
- }
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // handle an invalidate request from the NCM
- final String invalidateRequest = httpServletRequest.getHeader(WebClusterManager.CLUSTER_INVALIDATE_USER_GROUP_HEADER);
- if (invalidateRequest != null) {
- serviceFacade.invalidateUserGroup(userGroup.getGroup(), userGroup.getUserIds());
- return generateOkResponse().build();
- }
-
- // create the user group
- userGroup = serviceFacade.updateUserGroup(userGroup);
-
- // create the response entity
- final UserGroupEntity entity = new UserGroupEntity();
- entity.setRevision(revision);
- entity.setUserGroup(userGroup);
-
- // generate the URI for this group and return
- return generateOkResponse(entity).build();
- }
-
- /**
- * Deletes the user from the specified group. The user will not be removed,
- * just the fact that they were in this group.
- *
- * @param httpServletRequest request
- * @param group The user group.
- * @param userId The user id to remove.
- * @param clientId Optional client id. If the client id is not specified, a
- * new one will be generated. This value (whether specified or generated) is
- * included in the response.
- * @return A userGroupEntity.
- */
- @DELETE
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{group}/users/{userId}")
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @ApiOperation(
- value = "Removes a user from a user group",
- notes = "Removes a user from a user group. The will not be deleted, jsut the fact that they were in this group.",
- response = UserGroupEntity.class,
- authorizations = {
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response removeUserFromGroup(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The name of the user group.",
- required = true
- )
- @PathParam("group") String group,
- @ApiParam(
- value = "The id of the user to remove from the user group.",
- required = true
- )
- @PathParam("userId") String userId,
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId) {
-
- // this user is being modified, replicate to the nodes to invalidate this account
- // so that it will be re-authorized during the next attempted access - if this wasn't
- // done the account would remain stale for up to the configured cache duration. this
- // is acceptable sometimes but when removing a user via the UI they shouldn't have to
- // wait for the changes to take effect
- if (properties.isClusterManager()) {
- // identify yourself as the NCM attempting to invalidate the user
- final Map<String, String> headers = getHeaders();
- headers.put(WebClusterManager.CLUSTER_INVALIDATE_USER_HEADER, Boolean.TRUE.toString());
-
- // replicate the invalidate request to each node - if this request is not successful return that fact,
- // otherwise continue with the desired user modification
- final NodeResponse response = clusterManager.applyRequest(HttpMethod.DELETE, getAbsolutePath(), getRequestParameters(true), headers);
- if (!response.is2xx()) {
- return response.getResponse();
- }
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // handle an invalidate request from the NCM
- final String invalidateRequest = httpServletRequest.getHeader(WebClusterManager.CLUSTER_INVALIDATE_USER_HEADER);
- if (invalidateRequest != null) {
- serviceFacade.invalidateUser(userId);
- return generateOkResponse().build();
- }
-
- // ungroup the specified user
- serviceFacade.removeUserFromGroup(userId);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final UserGroupEntity entity = new UserGroupEntity();
- entity.setRevision(revision);
-
- // generate ok response
- return generateOkResponse(entity).build();
- }
-
- /**
- * Deletes the user group. The users will not be removed, just the fact that
- * they were grouped.
- *
- * @param httpServletRequest request
- * @param group The user group.
- * @param clientId Optional client id. If the client id is not specified, a
- * new one will be generated. This value (whether specified or generated) is
- * included in the response.
- * @return A userGroupEntity.
- */
- @DELETE
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{group}")
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @ApiOperation(
- value = "Deletes a user group",
- notes = "Deletes a user group. The users will not be removed, just the fact that they were grouped.",
- response = UserGroupEntity.class,
- authorizations = {
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response ungroup(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The name of the user group.",
- required = true
- )
- @PathParam("group") String group,
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId) {
-
- // this user is being modified, replicate to the nodes to invalidate this account
- // so that it will be re-authorized during the next attempted access - if this wasn't
- // done the account would remain stale for up to the configured cache duration. this
- // is acceptable sometimes but when removing a user via the UI they shouldn't have to
- // wait for the changes to take effect
- if (properties.isClusterManager()) {
- // identify yourself as the NCM attempting to invalidate the user
- final Map<String, String> headers = getHeaders();
- headers.put(WebClusterManager.CLUSTER_INVALIDATE_USER_GROUP_HEADER, Boolean.TRUE.toString());
-
- // replicate the invalidate request to each node - if this request is not successful return that fact,
- // otherwise continue with the desired user modification
- final NodeResponse response = clusterManager.applyRequest(HttpMethod.DELETE, getAbsolutePath(), getRequestParameters(true), headers);
- if (!response.is2xx()) {
- return response.getResponse();
- }
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // handle an invalidate request from the NCM
- final String invalidateRequest = httpServletRequest.getHeader(WebClusterManager.CLUSTER_INVALIDATE_USER_GROUP_HEADER);
- if (invalidateRequest != null) {
- serviceFacade.invalidateUserGroup(group, null);
- return generateOkResponse().build();
- }
-
- // delete the user group
- serviceFacade.removeUserGroup(group);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final UserGroupEntity entity = new UserGroupEntity();
- entity.setRevision(revision);
-
- // generate ok response
- return generateOkResponse(entity).build();
- }
-
- /* setters */
- public void setServiceFacade(NiFiServiceFacade serviceFacade) {
- this.serviceFacade = serviceFacade;
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
- public void setClusterManager(WebClusterManager clusterManager) {
- this.clusterManager = clusterManager;
- }
-}
[19/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java
deleted file mode 100644
index 1d7941f..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Updates all NiFiUser authorities in a specified group.
- */
-public class UpdateUserGroupAction extends AbstractUserAction<Void> {
-
- private static final Logger logger = LoggerFactory.getLogger(UpdateUserGroupAction.class);
-
- private final String group;
- private final Set<String> userIds;
- private final Set<Authority> authorities;
-
- public UpdateUserGroupAction(String group, Set<String> userIds, Set<Authority> authorities) {
- this.group = group;
- this.userIds = userIds;
- this.authorities = authorities;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- if (userIds == null && authorities == null) {
- throw new IllegalArgumentException("Must specify user Ids or authorities.");
- }
-
- UserDAO userDao = daoFactory.getUserDAO();
-
- // record the new users being added to this group
- final Set<NiFiUser> newUsers = new HashSet<>();
- final Set<String> newUserIdentities = new HashSet<>();
-
- // if the user ids have been specified we need to create/update a group using the specified group name
- if (userIds != null) {
- if (userIds.isEmpty()) {
- throw new IllegalArgumentException("When creating a group, at least one user id must be specified.");
- }
-
- // going to create a group using the specified user ids
- for (final String userId : userIds) {
- // get the user in question
- final NiFiUser user = userDao.findUserById(userId);
-
- // ensure the user exists
- if (user == null) {
- throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", userId));
- }
-
- try {
- // if the user is unknown to the authority provider we cannot continue
- if (!authorityProvider.doesDnExist(user.getIdentity()) || AccountStatus.DISABLED.equals(user.getStatus())) {
- throw new IllegalStateException(String.format("Unable to group these users because access for '%s' is not %s.", user.getIdentity(), AccountStatus.ACTIVE.toString()));
- }
-
- // record the user being added to this group
- newUsers.add(user);
- newUserIdentities.add(user.getIdentity());
- } catch (final AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
- }
- }
-
- try {
- // update the authority provider
- authorityProvider.setUsersGroup(newUserIdentities, group);
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserIdentities, ", "), uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserIdentities, ", "), aae.getMessage()), aae);
- }
- }
-
- // get all the users that need to be updated
- final Set<NiFiUser> users = new HashSet<>(userDao.findUsersForGroup(group));
- users.addAll(newUsers);
-
- // ensure the user exists
- if (users.isEmpty()) {
- throw new AccountNotFoundException(String.format("Unable to find user accounts with group id %s.", group));
- }
-
- // update each user in this group
- for (final NiFiUser user : users) {
- // if there are new authorities set them, otherwise refresh them according to the provider
- if (authorities != null) {
- try {
- // update the authority provider as approprivate
- authorityProvider.setAuthorities(user.getIdentity(), authorities);
-
- // since all the authorities were updated accordingly, set the authorities
- user.getAuthorities().clear();
- user.getAuthorities().addAll(authorities);
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
- }
- } else {
- try {
- // refresh the authorities according to the provider
- user.getAuthorities().clear();
- user.getAuthorities().addAll(authorityProvider.getAuthorities(user.getIdentity()));
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to determine the authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
- }
- }
-
- try {
- // get the user group
- user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity()));
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
- }
-
- // update the users status in case they were previously pending or disabled
- user.setStatus(AccountStatus.ACTIVE);
-
- // update the users last verified time - this timestamp shouldn't be recorded
- // until the both the user's authorities and group have been synced
- Date now = new Date();
- user.setLastVerified(now);
-
- // persist the user's updates
- UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user);
- updateUser.execute(daoFactory, authorityProvider);
-
- // persist the user's authorities
- UpdateUserAuthoritiesCacheAction updateUserAuthorities = new UpdateUserAuthoritiesCacheAction(user);
- updateUserAuthorities.execute(daoFactory, authorityProvider);
- }
-
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardKeyService.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardKeyService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardKeyService.java
new file mode 100644
index 0000000..7a7f62d
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardKeyService.java
@@ -0,0 +1,161 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.service.impl;
+
+import org.apache.nifi.admin.dao.DataAccessException;
+import org.apache.nifi.admin.service.AdministrationException;
+import org.apache.nifi.admin.service.KeyService;
+import org.apache.nifi.admin.service.action.DeleteKeysAction;
+import org.apache.nifi.admin.service.action.GetKeyByIdAction;
+import org.apache.nifi.admin.service.action.GetOrCreateKeyAction;
+import org.apache.nifi.admin.service.transaction.Transaction;
+import org.apache.nifi.admin.service.transaction.TransactionBuilder;
+import org.apache.nifi.admin.service.transaction.TransactionException;
+import org.apache.nifi.key.Key;
+import org.apache.nifi.util.NiFiProperties;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.io.IOException;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+
+/**
+ *
+ */
+public class StandardKeyService implements KeyService {
+
+ private static final Logger logger = LoggerFactory.getLogger(StandardKeyService.class);
+
+ private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock();
+ private final Lock readLock = lock.readLock();
+ private final Lock writeLock = lock.writeLock();
+
+ private TransactionBuilder transactionBuilder;
+ private NiFiProperties properties;
+
+ @Override
+ public Key getKey(int id) {
+ Transaction transaction = null;
+ Key key = null;
+
+ readLock.lock();
+ try {
+ // start the transaction
+ transaction = transactionBuilder.start();
+
+ // get the key
+ GetKeyByIdAction addActions = new GetKeyByIdAction(id);
+ key = transaction.execute(addActions);
+
+ // commit the transaction
+ transaction.commit();
+ } catch (TransactionException | DataAccessException te) {
+ rollback(transaction);
+ throw new AdministrationException(te);
+ } catch (Throwable t) {
+ rollback(transaction);
+ throw t;
+ } finally {
+ closeQuietly(transaction);
+ readLock.unlock();
+ }
+
+ return key;
+ }
+
+ @Override
+ public Key getOrCreateKey(String identity) {
+ Transaction transaction = null;
+ Key key = null;
+
+ writeLock.lock();
+ try {
+ // start the transaction
+ transaction = transactionBuilder.start();
+
+ // get or create a key
+ GetOrCreateKeyAction addActions = new GetOrCreateKeyAction(identity);
+ key = transaction.execute(addActions);
+
+ // commit the transaction
+ transaction.commit();
+ } catch (TransactionException | DataAccessException te) {
+ rollback(transaction);
+ throw new AdministrationException(te);
+ } catch (Throwable t) {
+ rollback(transaction);
+ throw t;
+ } finally {
+ closeQuietly(transaction);
+ writeLock.unlock();
+ }
+
+ return key;
+ }
+
+ @Override
+ public void deleteKey(String identity) {
+ Transaction transaction = null;
+
+ writeLock.lock();
+ try {
+ // start the transaction
+ transaction = transactionBuilder.start();
+
+ // delete the keys
+ DeleteKeysAction deleteKeys = new DeleteKeysAction(identity);
+ transaction.execute(deleteKeys);
+
+ // commit the transaction
+ transaction.commit();
+ } catch (TransactionException | DataAccessException te) {
+ rollback(transaction);
+ throw new AdministrationException(te);
+ } catch (Throwable t) {
+ rollback(transaction);
+ throw t;
+ } finally {
+ closeQuietly(transaction);
+ writeLock.unlock();
+ }
+ }
+
+ private void rollback(final Transaction transaction) {
+ if (transaction != null) {
+ transaction.rollback();
+ }
+ }
+
+ private void closeQuietly(final Transaction transaction) {
+ if (transaction != null) {
+ try {
+ transaction.close();
+ } catch (final IOException ioe) {
+ }
+ }
+ }
+
+ public void setTransactionBuilder(TransactionBuilder transactionBuilder) {
+ this.transactionBuilder = transactionBuilder;
+ }
+
+ public void setProperties(NiFiProperties properties) {
+ this.properties = properties;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardUserService.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardUserService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardUserService.java
deleted file mode 100644
index c37a562..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardUserService.java
+++ /dev/null
@@ -1,731 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.impl;
-
-import java.io.IOException;
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.locks.ReentrantReadWriteLock;
-
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.service.AccountDisabledException;
-import org.apache.nifi.admin.service.AccountPendingException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.admin.service.action.AuthorizeDownloadAction;
-import org.apache.nifi.admin.service.action.AuthorizeUserAction;
-import org.apache.nifi.admin.service.action.DeleteKeysAction;
-import org.apache.nifi.admin.service.action.DeleteUserAction;
-import org.apache.nifi.admin.service.action.DisableUserAction;
-import org.apache.nifi.admin.service.action.DisableUserGroupAction;
-import org.apache.nifi.admin.service.action.FindUserByDnAction;
-import org.apache.nifi.admin.service.action.FindUserByIdAction;
-import org.apache.nifi.admin.service.action.GetKeyByIdAction;
-import org.apache.nifi.admin.service.action.GetOrCreateKeyAction;
-import org.apache.nifi.admin.service.action.GetUserGroupAction;
-import org.apache.nifi.admin.service.action.GetUsersAction;
-import org.apache.nifi.admin.service.action.HasPendingUserAccounts;
-import org.apache.nifi.admin.service.action.InvalidateUserAccountAction;
-import org.apache.nifi.admin.service.action.InvalidateUserGroupAccountsAction;
-import org.apache.nifi.admin.service.action.RequestUserAccountAction;
-import org.apache.nifi.admin.service.action.SeedUserAccountsAction;
-import org.apache.nifi.admin.service.action.UpdateUserAction;
-import org.apache.nifi.admin.service.action.UpdateUserGroupAction;
-import org.apache.nifi.admin.service.action.UngroupUserAction;
-import org.apache.nifi.admin.service.action.UngroupUserGroupAction;
-import org.apache.nifi.admin.service.transaction.Transaction;
-import org.apache.nifi.admin.service.transaction.TransactionBuilder;
-import org.apache.nifi.admin.service.transaction.TransactionException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.DownloadAuthorization;
-import org.apache.nifi.key.Key;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.user.NiFiUserGroup;
-import org.apache.nifi.util.FormatUtils;
-import org.apache.nifi.util.NiFiProperties;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- *
- */
-public class StandardUserService implements UserService {
-
- private static final Logger logger = LoggerFactory.getLogger(StandardUserService.class);
-
- private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock();
- private final ReentrantReadWriteLock.ReadLock readLock = lock.readLock();
- private final ReentrantReadWriteLock.WriteLock writeLock = lock.writeLock();
-
- private TransactionBuilder transactionBuilder;
- private NiFiProperties properties;
-
- /**
- * Seed any users from the authority provider that are not already present.
- */
- public void seedUserAccounts() {
- // do not seed node's user cache. when/if the node disconnects its
- // cache will be populated lazily (as needed)
- if (properties.isNode()) {
- return;
- }
-
- Transaction transaction = null;
- writeLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // seed the accounts
- SeedUserAccountsAction seedUserAccounts = new SeedUserAccountsAction();
- transaction.execute(seedUserAccounts);
-
- // commit the transaction
- transaction.commit();
- } catch (AdministrationException ae) {
- rollback(transaction);
- throw ae;
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public NiFiUser createPendingUserAccount(String dn, String justification) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // create the account request
- RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(dn, justification);
- NiFiUser user = transaction.execute(requestUserAccount);
-
- // commit the transaction
- transaction.commit();
-
- // return the nifi user
- return user;
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public NiFiUserGroup updateGroup(final String group, final Set<String> userIds, final Set<Authority> authorities) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // if user ids have been specified, invalidate the user accounts before performing
- // the desired updates. if case of an error, this will ensure that these users are
- // authorized the next time the access the application
- if (userIds != null) {
- for (final String userId : userIds) {
- invalidateUserAccount(userId);
- }
- }
-
- // start the transaction
- transaction = transactionBuilder.start();
-
- // set the authorities for each user in this group if specified
- final UpdateUserGroupAction updateUserGroup = new UpdateUserGroupAction(group, userIds, authorities);
- transaction.execute(updateUserGroup);
-
- // get all the users that are now in this group
- final GetUserGroupAction getUserGroup = new GetUserGroupAction(group);
- final NiFiUserGroup userGroup = transaction.execute(getUserGroup);
-
- // commit the transaction
- transaction.commit();
-
- return userGroup;
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public void ungroupUser(String id) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // ungroup the specified user
- final UngroupUserAction ungroupUser = new UngroupUserAction(id);
- transaction.execute(ungroupUser);
-
- // commit the transaction
- transaction.commit();
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public void ungroup(String group) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // ungroup the specified user
- final UngroupUserGroupAction ungroupUserGroup = new UngroupUserGroupAction(group);
- transaction.execute(ungroupUserGroup);
-
- // commit the transaction
- transaction.commit();
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public NiFiUser checkAuthorization(String dn) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // create the connection
- transaction = transactionBuilder.start();
-
- // determine how long the cache is valid for
- final int cacheSeconds;
- try {
- cacheSeconds = (int) FormatUtils.getTimeDuration(properties.getUserCredentialCacheDuration(), TimeUnit.SECONDS);
- } catch (IllegalArgumentException iae) {
- throw new AdministrationException("User credential cache duration is not configured correctly.");
- }
-
- // attempt to authorize the user
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(dn, cacheSeconds);
- NiFiUser user = transaction.execute(authorizeUser);
-
- // commit the transaction
- transaction.commit();
-
- // return the nifi user
- return user;
- } catch (DataAccessException | TransactionException dae) {
- rollback(transaction);
- throw new AdministrationException(dae);
- } catch (AccountDisabledException | AccountPendingException ade) {
- rollback(transaction);
- throw ade;
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public void deleteUser(String id) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // create the connection
- transaction = transactionBuilder.start();
-
- // delete the user
- DeleteUserAction deleteUser = new DeleteUserAction(id);
- transaction.execute(deleteUser);
-
- // commit the transaction
- transaction.commit();
- } catch (DataAccessException | TransactionException dae) {
- rollback(transaction);
- throw new AdministrationException(dae);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public NiFiUser disable(String id) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // create the connection
- transaction = transactionBuilder.start();
-
- // disable the user
- DisableUserAction disableUser = new DisableUserAction(id);
- NiFiUser user = transaction.execute(disableUser);
-
- // commit the transaction
- transaction.commit();
-
- // return the user
- return user;
- } catch (DataAccessException | TransactionException dae) {
- rollback(transaction);
- throw new AdministrationException(dae);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public NiFiUserGroup disableGroup(String group) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // create the connection
- transaction = transactionBuilder.start();
-
- // disable the user
- DisableUserGroupAction disableUser = new DisableUserGroupAction(group);
- NiFiUserGroup userGroup = transaction.execute(disableUser);
-
- // commit the transaction
- transaction.commit();
-
- // return the user
- return userGroup;
- } catch (DataAccessException | TransactionException dae) {
- rollback(transaction);
- throw new AdministrationException(dae);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public NiFiUser update(String id, Set<Authority> authorities) {
- Transaction transaction = null;
-
- // may be empty but not null
- if (authorities == null) {
- throw new IllegalArgumentException("The specified authorities cannot be null.");
- }
-
- writeLock.lock();
- try {
- // invalidate the user account in preparation for potential subsequent errors
- invalidateUserAccount(id);
-
- // at this point the current user account has been invalidated so we will
- // attempt to update the account. if any part fails we are assured the
- // user will be need to be given approval before they access the system at
- // a later time
- // start the transaction
- transaction = transactionBuilder.start();
-
- // update the user authorities
- UpdateUserAction setUserAuthorities = new UpdateUserAction(id, authorities);
- NiFiUser user = transaction.execute(setUserAuthorities);
-
- // commit the transaction
- transaction.commit();
-
- // return the user
- return user;
- } catch (TransactionException | DataAccessException e) {
- rollback(transaction);
- throw new AdministrationException(e);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- /**
- * Invalidates the user with the specified id. This is done to ensure a user account will need to be re-validated in case an error occurs while modifying a user account. This method should only be
- * invoked from within a write lock.
- *
- * @param id user account identifier
- */
- @Override
- public void invalidateUserAccount(String id) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // invalidate the user account
- InvalidateUserAccountAction invalidateUserAccount = new InvalidateUserAccountAction(id);
- transaction.execute(invalidateUserAccount);
-
- // commit the transaction
- transaction.commit();
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public void invalidateUserGroupAccount(String group) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // invalidate the user account
- InvalidateUserGroupAccountsAction invalidateUserGroupAccounts = new InvalidateUserGroupAccountsAction(group);
- transaction.execute(invalidateUserGroupAccounts);
-
- // commit the transaction
- transaction.commit();
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- // -----------------
- // read only methods
- // -----------------
- @Override
- public Boolean hasPendingUserAccount() {
- Transaction transaction = null;
-
- readLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- final HasPendingUserAccounts hasPendingAccounts = new HasPendingUserAccounts();
- final Boolean hasPendingUserAccounts = transaction.execute(hasPendingAccounts);
-
- // commit the transaction
- transaction.commit();
-
- return hasPendingUserAccounts;
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- readLock.unlock();
- }
- }
-
- @Override
- public DownloadAuthorization authorizeDownload(final List<String> dnChain, final Map<String, String> attributes) {
- Transaction transaction = null;
-
- readLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // authorize the download
- AuthorizeDownloadAction authorizeDownload = new AuthorizeDownloadAction(dnChain, attributes);
- DownloadAuthorization downloadAuthorization = transaction.execute(authorizeDownload);
-
- // commit the transaction
- transaction.commit();
-
- // return the authorization
- return downloadAuthorization;
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- readLock.unlock();
- }
- }
-
- @Override
- public Collection<NiFiUser> getUsers() {
- Transaction transaction = null;
-
- readLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // get all users
- GetUsersAction getUsers = new GetUsersAction();
- Collection<NiFiUser> users = transaction.execute(getUsers);
-
- // commit the transaction
- transaction.commit();
-
- // return the users
- return users;
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- readLock.unlock();
- }
- }
-
- @Override
- public NiFiUser getUserById(String id) {
- Transaction transaction = null;
-
- readLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // return the desired user
- FindUserByIdAction findUserById = new FindUserByIdAction(id);
- NiFiUser user = transaction.execute(findUserById);
-
- // commit the transaction
- transaction.commit();
-
- // return the user
- return user;
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- readLock.unlock();
- }
- }
-
- @Override
- public NiFiUser getUserByDn(String dn) {
- Transaction transaction = null;
-
- readLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // return the desired user
- FindUserByDnAction findUserByDn = new FindUserByDnAction(dn);
- NiFiUser user = transaction.execute(findUserByDn);
-
- // commit the transaction
- transaction.commit();
-
- // return the user
- return user;
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- readLock.unlock();
- }
- }
-
- @Override
- public Key getKey(int id) {
- Transaction transaction = null;
- Key key = null;
-
- readLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // get the key
- GetKeyByIdAction addActions = new GetKeyByIdAction(id);
- key = transaction.execute(addActions);
-
- // commit the transaction
- transaction.commit();
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- readLock.unlock();
- }
-
- return key;
- }
-
- @Override
- public Key getOrCreateKey(String identity) {
- Transaction transaction = null;
- Key key = null;
-
- writeLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // get or create a key
- GetOrCreateKeyAction addActions = new GetOrCreateKeyAction(identity);
- key = transaction.execute(addActions);
-
- // commit the transaction
- transaction.commit();
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
-
- return key;
- }
-
- @Override
- public void deleteKey(String identity) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // delete the keys
- DeleteKeysAction deleteKeys = new DeleteKeysAction(identity);
- transaction.execute(deleteKeys);
-
- // commit the transaction
- transaction.commit();
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- private void rollback(final Transaction transaction) {
- if (transaction != null) {
- transaction.rollback();
- }
- }
-
- private void closeQuietly(final Transaction transaction) {
- if (transaction != null) {
- try {
- transaction.close();
- } catch (final IOException ioe) {
- }
- }
- }
-
- public void setTransactionBuilder(TransactionBuilder transactionBuilder) {
- this.transactionBuilder = transactionBuilder;
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransaction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransaction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransaction.java
index a3cfb5e..1390768 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransaction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransaction.java
@@ -16,19 +16,19 @@
*/
package org.apache.nifi.admin.service.transaction.impl;
-import java.io.IOException;
-import java.sql.Connection;
-import java.sql.SQLException;
import org.apache.nifi.admin.RepositoryUtils;
import org.apache.nifi.admin.dao.DAOFactory;
import org.apache.nifi.admin.dao.impl.DAOFactoryImpl;
import org.apache.nifi.admin.service.action.AdministrationAction;
-import org.apache.nifi.admin.service.transaction.TransactionException;
import org.apache.nifi.admin.service.transaction.Transaction;
-import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.admin.service.transaction.TransactionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.IOException;
+import java.sql.Connection;
+import java.sql.SQLException;
+
/**
* Transaction implementation that uses the specified SQL Connection and
* AuthorityProvider.
@@ -37,11 +37,9 @@ public class StandardTransaction implements Transaction {
private static final Logger logger = LoggerFactory.getLogger(StandardTransaction.class);
- private final AuthorityProvider authorityProvider;
private Connection connection;
- public StandardTransaction(AuthorityProvider authorityProvider, Connection connection) {
- this.authorityProvider = authorityProvider;
+ public StandardTransaction(Connection connection) {
this.connection = connection;
}
@@ -56,7 +54,7 @@ public class StandardTransaction implements Transaction {
DAOFactory daoFactory = new DAOFactoryImpl(connection);
// execute the specified action
- return action.execute(daoFactory, authorityProvider);
+ return action.execute(daoFactory);
}
@Override
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransactionBuilder.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransactionBuilder.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransactionBuilder.java
index b6e5a30..7d4a1fc 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransactionBuilder.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransactionBuilder.java
@@ -22,7 +22,6 @@ import javax.sql.DataSource;
import org.apache.nifi.admin.service.transaction.Transaction;
import org.apache.nifi.admin.service.transaction.TransactionBuilder;
import org.apache.nifi.admin.service.transaction.TransactionException;
-import org.apache.nifi.authorization.AuthorityProvider;
/**
*
@@ -30,7 +29,6 @@ import org.apache.nifi.authorization.AuthorityProvider;
public class StandardTransactionBuilder implements TransactionBuilder {
private DataSource dataSource;
- private AuthorityProvider authorityProvider;
@Override
public Transaction start() throws TransactionException {
@@ -40,7 +38,7 @@ public class StandardTransactionBuilder implements TransactionBuilder {
connection.setAutoCommit(false);
// create a new transaction
- return new StandardTransaction(authorityProvider, connection);
+ return new StandardTransaction(connection);
} catch (SQLException sqle) {
throw new TransactionException(sqle.getMessage());
}
@@ -50,8 +48,4 @@ public class StandardTransactionBuilder implements TransactionBuilder {
public void setDataSource(DataSource dataSource) {
this.dataSource = dataSource;
}
-
- public void setAuthorityProvider(AuthorityProvider authorityProvider) {
- this.authorityProvider = authorityProvider;
- }
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorityProviderFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorityProviderFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorityProviderFactoryBean.java
deleted file mode 100644
index e1a02b8..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorityProviderFactoryBean.java
+++ /dev/null
@@ -1,491 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.annotation.AuthorityProviderContext;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.authorization.generated.AuthorityProviderProperty;
-import org.apache.nifi.authorization.generated.AuthorityProviders;
-import org.apache.nifi.authorization.generated.Provider;
-import org.apache.nifi.nar.ExtensionManager;
-import org.apache.nifi.nar.NarCloseable;
-import org.apache.nifi.util.NiFiProperties;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.BeansException;
-import org.springframework.beans.factory.DisposableBean;
-import org.springframework.beans.factory.FactoryBean;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
-import org.xml.sax.SAXException;
-
-import javax.xml.XMLConstants;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.transform.stream.StreamSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.SchemaFactory;
-import java.io.File;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Field;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.util.EnumSet;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * Factory bean for loading the configured authority provider.
- */
-public class AuthorityProviderFactoryBean implements FactoryBean, ApplicationContextAware, DisposableBean, AuthorityProviderLookup {
-
- private static final Logger logger = LoggerFactory.getLogger(AuthorityProviderFactoryBean.class);
- private static final String AUTHORITY_PROVIDERS_XSD = "/authority-providers.xsd";
- private static final String JAXB_GENERATED_PATH = "org.apache.nifi.authorization.generated";
- private static final JAXBContext JAXB_CONTEXT = initializeJaxbContext();
-
- /**
- * Load the JAXBContext.
- */
- private static JAXBContext initializeJaxbContext() {
- try {
- return JAXBContext.newInstance(JAXB_GENERATED_PATH, AuthorityProviderFactoryBean.class.getClassLoader());
- } catch (JAXBException e) {
- throw new RuntimeException("Unable to create JAXBContext.");
- }
- }
-
- private ApplicationContext applicationContext;
- private AuthorityProvider authorityProvider;
- private NiFiProperties properties;
- private final Map<String, AuthorityProvider> authorityProviders = new HashMap<>();
-
- @Override
- public AuthorityProvider getAuthorityProvider(String identifier) {
- return authorityProviders.get(identifier);
- }
-
- @Override
- public Object getObject() throws Exception {
- if (authorityProvider == null) {
- // look up the authority provider to use
- final String authorityProviderIdentifier = properties.getProperty(NiFiProperties.SECURITY_USER_AUTHORITY_PROVIDER);
-
- // ensure the authority provider class name was specified
- if (StringUtils.isBlank(authorityProviderIdentifier)) {
- // if configured for ssl, the authority provider must be specified
- if (properties.getSslPort() != null) {
- throw new Exception("When running securely, the authority provider identifier must be specified in the nifi properties file.");
- }
-
- // use a default provider... only allowable when running not securely
- authorityProvider = createDefaultProvider();
- } else {
- final AuthorityProviders authorityProviderConfiguration = loadAuthorityProvidersConfiguration();
-
- // create each authority provider
- for (final Provider provider : authorityProviderConfiguration.getProvider()) {
- authorityProviders.put(provider.getIdentifier(), createAuthorityProvider(provider.getIdentifier(), provider.getClazz()));
- }
-
- // configure each authority provider
- for (final Provider provider : authorityProviderConfiguration.getProvider()) {
- final AuthorityProvider instance = authorityProviders.get(provider.getIdentifier());
- instance.onConfigured(loadAuthorityProviderConfiguration(provider));
- }
-
- // get the authority provider instance
- authorityProvider = getAuthorityProvider(authorityProviderIdentifier);
-
- // ensure it was found
- if (authorityProvider == null) {
- throw new Exception(String.format("The specified authority provider '%s' could not be found.", authorityProviderIdentifier));
- }
- }
- }
-
- return authorityProvider;
- }
-
- private AuthorityProviders loadAuthorityProvidersConfiguration() throws Exception {
- final File authorityProvidersConfigurationFile = properties.getAuthorityProviderConfiguraitonFile();
-
- // load the users from the specified file
- if (authorityProvidersConfigurationFile.exists()) {
- try {
- // find the schema
- final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
- final Schema schema = schemaFactory.newSchema(AuthorityProviders.class.getResource(AUTHORITY_PROVIDERS_XSD));
-
- // attempt to unmarshal
- final Unmarshaller unmarshaller = JAXB_CONTEXT.createUnmarshaller();
- unmarshaller.setSchema(schema);
- final JAXBElement<AuthorityProviders> element = unmarshaller.unmarshal(new StreamSource(authorityProvidersConfigurationFile), AuthorityProviders.class);
- return element.getValue();
- } catch (SAXException | JAXBException e) {
- throw new Exception("Unable to load the authority provider configuration file at: " + authorityProvidersConfigurationFile.getAbsolutePath());
- }
- } else {
- throw new Exception("Unable to find the authority provider configuration file at " + authorityProvidersConfigurationFile.getAbsolutePath());
- }
- }
-
- private AuthorityProvider createAuthorityProvider(final String identifier, final String authorityProviderClassName) throws Exception {
- // get the classloader for the specified authority provider
- final ClassLoader authorityProviderClassLoader = ExtensionManager.getClassLoader(authorityProviderClassName);
- if (authorityProviderClassLoader == null) {
- throw new Exception(String.format("The specified authority provider class '%s' is not known to this nifi.", authorityProviderClassName));
- }
-
- // get the current context classloader
- final ClassLoader currentClassLoader = Thread.currentThread().getContextClassLoader();
-
- final AuthorityProvider instance;
- try {
- // set the appropriate class loader
- Thread.currentThread().setContextClassLoader(authorityProviderClassLoader);
-
- // attempt to load the class
- Class<?> rawAuthorityProviderClass = Class.forName(authorityProviderClassName, true, authorityProviderClassLoader);
- Class<? extends AuthorityProvider> authorityProviderClass = rawAuthorityProviderClass.asSubclass(AuthorityProvider.class);
-
- // otherwise create a new instance
- Constructor constructor = authorityProviderClass.getConstructor();
- instance = (AuthorityProvider) constructor.newInstance();
-
- // method injection
- performMethodInjection(instance, authorityProviderClass);
-
- // field injection
- performFieldInjection(instance, authorityProviderClass);
-
- // call post construction lifecycle event
- instance.initialize(new StandardAuthorityProviderInitializationContext(identifier, this));
- } finally {
- if (currentClassLoader != null) {
- Thread.currentThread().setContextClassLoader(currentClassLoader);
- }
- }
-
- return withNarLoader(instance);
- }
-
- private AuthorityProviderConfigurationContext loadAuthorityProviderConfiguration(final Provider provider) {
- final Map<String, String> providerProperties = new HashMap<>();
-
- for (final AuthorityProviderProperty property : provider.getProperty()) {
- providerProperties.put(property.getName(), property.getValue());
- }
-
- return new StandardAuthorityProviderConfigurationContext(provider.getIdentifier(), providerProperties);
- }
-
- private void performMethodInjection(final AuthorityProvider instance, final Class authorityProviderClass) throws IllegalAccessException, IllegalArgumentException, InvocationTargetException {
- for (final Method method : authorityProviderClass.getMethods()) {
- if (method.isAnnotationPresent(AuthorityProviderContext.class)) {
- // make the method accessible
- final boolean isAccessible = method.isAccessible();
- method.setAccessible(true);
-
- try {
- final Class<?>[] argumentTypes = method.getParameterTypes();
-
- // look for setters (single argument)
- if (argumentTypes.length == 1) {
- final Class<?> argumentType = argumentTypes[0];
-
- // look for well known types
- if (NiFiProperties.class.isAssignableFrom(argumentType)) {
- // nifi properties injection
- method.invoke(instance, properties);
- } else if (ApplicationContext.class.isAssignableFrom(argumentType)) {
- // spring application context injection
- method.invoke(instance, applicationContext);
- }
- }
- } finally {
- method.setAccessible(isAccessible);
- }
- }
- }
-
- final Class parentClass = authorityProviderClass.getSuperclass();
- if (parentClass != null && AuthorityProvider.class.isAssignableFrom(parentClass)) {
- performMethodInjection(instance, parentClass);
- }
- }
-
- private void performFieldInjection(final AuthorityProvider instance, final Class authorityProviderClass) throws IllegalArgumentException, IllegalAccessException {
- for (final Field field : authorityProviderClass.getDeclaredFields()) {
- if (field.isAnnotationPresent(AuthorityProviderContext.class)) {
- // make the method accessible
- final boolean isAccessible = field.isAccessible();
- field.setAccessible(true);
-
- try {
- // get the type
- final Class<?> fieldType = field.getType();
-
- // only consider this field if it isn't set yet
- if (field.get(instance) == null) {
- // look for well known types
- if (NiFiProperties.class.isAssignableFrom(fieldType)) {
- // nifi properties injection
- field.set(instance, properties);
- } else if (ApplicationContext.class.isAssignableFrom(fieldType)) {
- // spring application context injection
- field.set(instance, applicationContext);
- }
- }
-
- } finally {
- field.setAccessible(isAccessible);
- }
- }
- }
-
- final Class parentClass = authorityProviderClass.getSuperclass();
- if (parentClass != null && AuthorityProvider.class.isAssignableFrom(parentClass)) {
- performFieldInjection(instance, parentClass);
- }
- }
-
- /**
- * @return a default provider to use when running unsecurely with no
- * provider configured
- */
- private AuthorityProvider createDefaultProvider() {
- return new AuthorityProvider() {
- @Override
- public boolean doesDnExist(String dn) throws AuthorityAccessException {
- return false;
- }
-
- @Override
- public Set<Authority> getAuthorities(String dn) throws UnknownIdentityException, AuthorityAccessException {
- return EnumSet.noneOf(Authority.class);
- }
-
- @Override
- public void setAuthorities(String dn, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public Set<String> getUsers(Authority authority) throws AuthorityAccessException {
- return new HashSet<>();
- }
-
- @Override
- public void revokeUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public void addUser(String dn, String group) throws IdentityAlreadyExistsException, AuthorityAccessException {
- }
-
- @Override
- public String getGroupForUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- return null;
- }
-
- @Override
- public void revokeGroup(String group) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public void setUsersGroup(Set<String> dn, String group) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public void ungroupUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public void ungroup(String group) throws AuthorityAccessException {
- }
-
- @Override
- public DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException {
- return DownloadAuthorization.approved();
- }
-
- @Override
- public void initialize(AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException {
- }
-
- @Override
- public void onConfigured(AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException {
- }
-
- @Override
- public void preDestruction() throws ProviderDestructionException {
- }
- };
- }
-
- /**
- * Decorates the base provider to ensure the nar context classloader is used
- * when invoking the underlying methods.
- *
- * @param baseProvider base provider
- * @return provider
- */
- public AuthorityProvider withNarLoader(final AuthorityProvider baseProvider) {
- return new AuthorityProvider() {
- @Override
- public boolean doesDnExist(String dn) throws AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- return baseProvider.doesDnExist(dn);
- }
- }
-
- @Override
- public Set<Authority> getAuthorities(String dn) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- return baseProvider.getAuthorities(dn);
- }
- }
-
- @Override
- public void setAuthorities(String dn, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.setAuthorities(dn, authorities);
- }
- }
-
- @Override
- public Set<String> getUsers(Authority authority) throws AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- return baseProvider.getUsers(authority);
- }
- }
-
- @Override
- public void revokeUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.revokeUser(dn);
- }
- }
-
- @Override
- public void addUser(String dn, String group) throws IdentityAlreadyExistsException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.addUser(dn, group);
- }
- }
-
- @Override
- public String getGroupForUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- return baseProvider.getGroupForUser(dn);
- }
- }
-
- @Override
- public void revokeGroup(String group) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.revokeGroup(group);
- }
- }
-
- @Override
- public void setUsersGroup(Set<String> dns, String group) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.setUsersGroup(dns, group);
- }
- }
-
- @Override
- public void ungroupUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.ungroupUser(dn);
- }
- }
-
- @Override
- public void ungroup(String group) throws AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.ungroup(group);
- }
- }
-
- @Override
- public DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- return baseProvider.authorizeDownload(dnChain, attributes);
- }
- }
-
- @Override
- public void initialize(AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.initialize(initializationContext);
- }
- }
-
- @Override
- public void onConfigured(AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.onConfigured(configurationContext);
- }
- }
-
- @Override
- public void preDestruction() throws ProviderDestructionException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.preDestruction();
- }
- }
- };
- }
-
- @Override
- public Class getObjectType() {
- return AuthorityProvider.class;
- }
-
- @Override
- public boolean isSingleton() {
- return true;
- }
-
- @Override
- public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
- this.applicationContext = applicationContext;
- }
-
- @Override
- public void destroy() throws Exception {
- if (authorityProvider != null) {
- authorityProvider.preDestruction();
- }
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorizerFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorizerFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorizerFactoryBean.java
index 58caea9..cf35c15 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorizerFactoryBean.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorizerFactoryBean.java
@@ -21,7 +21,6 @@ import org.apache.nifi.authorization.annotation.AuthorizerContext;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.exception.AuthorizerDestructionException;
-import org.apache.nifi.authorization.generated.AuthorityProviders;
import org.apache.nifi.authorization.generated.Authorizers;
import org.apache.nifi.authorization.generated.Property;
import org.apache.nifi.nar.ExtensionManager;
@@ -83,7 +82,7 @@ public class AuthorizerFactoryBean implements FactoryBean, DisposableBean, Autho
public Object getObject() throws Exception {
if (authorizer == null) {
// look up the authorizer to use
- final String authorizerIdentifier = properties.getProperty(NiFiProperties.SECURITY_USER_AUTHORITY_PROVIDER);
+ final String authorizerIdentifier = properties.getProperty(NiFiProperties.SECURITY_USER_AUTHORIZER);
// ensure the authorizer class name was specified
if (StringUtils.isBlank(authorizerIdentifier)) {
@@ -122,14 +121,14 @@ public class AuthorizerFactoryBean implements FactoryBean, DisposableBean, Autho
}
private Authorizers loadAuthorizersConfiguration() throws Exception {
- final File authorizersConfigurationFile = properties.getAuthorityProviderConfiguraitonFile();
+ final File authorizersConfigurationFile = properties.getAuthorizerConfiguraitonFile();
// load the authorizers from the specified file
if (authorizersConfigurationFile.exists()) {
try {
// find the schema
final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
- final Schema schema = schemaFactory.newSchema(AuthorityProviders.class.getResource(AUTHORIZERS_XSD));
+ final Schema schema = schemaFactory.newSchema(Authorizers.class.getResource(AUTHORIZERS_XSD));
// attempt to unmarshal
final Unmarshaller unmarshaller = JAXB_CONTEXT.createUnmarshaller();
@@ -221,7 +220,7 @@ public class AuthorizerFactoryBean implements FactoryBean, DisposableBean, Autho
}
final Class parentClass = authorizerClass.getSuperclass();
- if (parentClass != null && AuthorityProvider.class.isAssignableFrom(parentClass)) {
+ if (parentClass != null && Authorizer.class.isAssignableFrom(parentClass)) {
performMethodInjection(instance, parentClass);
}
}
@@ -253,7 +252,7 @@ public class AuthorizerFactoryBean implements FactoryBean, DisposableBean, Autho
}
final Class parentClass = authorizerClass.getSuperclass();
- if (parentClass != null && AuthorityProvider.class.isAssignableFrom(parentClass)) {
+ if (parentClass != null && Authorizer.class.isAssignableFrom(parentClass)) {
performFieldInjection(instance, parentClass);
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderConfigurationContext.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderConfigurationContext.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderConfigurationContext.java
deleted file mode 100644
index 45b84c8..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderConfigurationContext.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- *
- */
-public class StandardAuthorityProviderConfigurationContext implements AuthorityProviderConfigurationContext {
-
- private final String identifier;
- private final Map<String, String> properties;
-
- public StandardAuthorityProviderConfigurationContext(String identifier, Map<String, String> properties) {
- this.identifier = identifier;
- this.properties = Collections.unmodifiableMap(new HashMap<String, String>(properties));
- }
-
- @Override
- public String getIdentifier() {
- return identifier;
- }
-
- @Override
- public Map<String, String> getProperties() {
- return properties;
- }
-
- @Override
- public String getProperty(String property) {
- return properties.get(property);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderInitializationContext.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderInitializationContext.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderInitializationContext.java
deleted file mode 100644
index e4b16c4..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderInitializationContext.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-/**
- *
- */
-public class StandardAuthorityProviderInitializationContext implements AuthorityProviderInitializationContext {
-
- private final String identifier;
- private final AuthorityProviderLookup authorityProviderLookup;
-
- public StandardAuthorityProviderInitializationContext(String identifier, AuthorityProviderLookup authorityProviderLookup) {
- this.identifier = identifier;
- this.authorityProviderLookup = authorityProviderLookup;
- }
-
- @Override
- public String getIdentifier() {
- return identifier;
- }
-
- @Override
- public AuthorityProviderLookup getAuthorityProviderLookup() {
- return authorityProviderLookup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/AccountStatus.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/AccountStatus.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/AccountStatus.java
deleted file mode 100644
index d7becf1..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/AccountStatus.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.user;
-
-/**
- * Represents the status of a user's account.
- */
-public enum AccountStatus {
-
- ACTIVE,
- PENDING,
- DISABLED;
-
- /**
- * Returns the matching status or null if the specified status does not
- * match any statuses.
- *
- * @param rawStatus string form of status
- * @return account status object
- */
- public static AccountStatus valueOfStatus(String rawStatus) {
- AccountStatus desiredStatus = null;
-
- for (AccountStatus status : values()) {
- if (status.toString().equals(rawStatus)) {
- desiredStatus = status;
- break;
- }
- }
-
- return desiredStatus;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/NiFiUser.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/NiFiUser.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/NiFiUser.java
index 231b133..3a919ba 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/NiFiUser.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/NiFiUser.java
@@ -17,121 +17,54 @@
package org.apache.nifi.user;
import java.io.Serializable;
-import java.util.Date;
-import java.util.EnumSet;
import java.util.Objects;
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-import org.apache.commons.lang3.StringUtils;
/**
* An NiFiUser.
*/
public class NiFiUser implements Serializable {
- public static final String ANONYMOUS_USER_IDENTITY = "anonymous";
+ public static final NiFiUser ANONYMOUS = new NiFiUser("anonymous");
- private String id;
private String identity;
private String userName;
- private String userGroup;
- private String justification;
-
- private Date creation;
- private Date lastVerified;
- private Date lastAccessed;
-
- private AccountStatus status;
- private EnumSet<Authority> authorities;
private NiFiUser chain;
- /* getters / setters */
- public Date getCreation() {
- return creation;
+ public NiFiUser(String identity) {
+ this(identity, identity, null);
}
- public void setCreation(Date creation) {
- this.creation = creation;
+ public NiFiUser(String identity, String userName) {
+ this(identity, userName, null);
}
- public String getIdentity() {
- return identity;
+ public NiFiUser(String identity, NiFiUser chain) {
+ this(identity, identity, chain);
}
- public void setIdentity(String identity) {
+ public NiFiUser(String identity, String userName, NiFiUser chain) {
this.identity = identity;
- }
-
- public String getUserName() {
- return userName;
- }
-
- public void setUserName(String userName) {
this.userName = userName;
+ this.chain = chain;
}
- public String getUserGroup() {
- return userGroup;
- }
-
- public void setUserGroup(String userGroup) {
- this.userGroup = userGroup;
- }
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
- public String getJustification() {
- return justification;
- }
-
- public void setJustification(String justification) {
- this.justification = justification;
- }
-
- public AccountStatus getStatus() {
- return status;
- }
-
- public void setStatus(AccountStatus status) {
- this.status = status;
- }
-
- public Date getLastVerified() {
- return lastVerified;
- }
-
- public void setLastVerified(Date lastVerified) {
- this.lastVerified = lastVerified;
- }
+ /* getters / setters */
- public Date getLastAccessed() {
- return lastAccessed;
+ public String getIdentity() {
+ return identity;
}
- public void setLastAccessed(Date lastAccessed) {
- this.lastAccessed = lastAccessed;
+ public String getUserName() {
+ return userName;
}
public NiFiUser getChain() {
return chain;
}
- public void setChain(NiFiUser chain) {
- this.chain = chain;
- }
-
- public Set<Authority> getAuthorities() {
- if (authorities == null) {
- authorities = EnumSet.noneOf(Authority.class);
- }
- return authorities;
+ public boolean isAnonymous() {
+ return this == ANONYMOUS;
}
@Override
@@ -158,7 +91,7 @@ public class NiFiUser implements Serializable {
@Override
public String toString() {
- return String.format("identity[%s], userName[%s], justification[%s], authorities[%s]", getIdentity(), getUserName(), getJustification(), StringUtils.join(getAuthorities(), ", "));
+ return String.format("identity[%s], userName[%s]", getIdentity(), getUserName(), ", ");
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/resources/nifi-administration-context.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/resources/nifi-administration-context.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/resources/nifi-administration-context.xml
index 3a46314..deec073 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/resources/nifi-administration-context.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/resources/nifi-administration-context.xml
@@ -18,41 +18,34 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
- <!-- user authority provider -->
- <bean id="authorityProvider" class="org.apache.nifi.authorization.AuthorityProviderFactoryBean" depends-on="clusterManager">
- <property name="properties" ref="nifiProperties"/>
- </bean>
-
<!-- user/entity authorizer -->
- <bean id="authorizer" class="org.apache.nifi.authorization.AuthorizerFactoryBean" depends-on="clusterManager">
+ <bean id="authorizer" class="org.apache.nifi.authorization.AuthorizerFactoryBean">
<property name="properties" ref="nifiProperties"/>
</bean>
- <!-- initialize the user data source -->
- <bean id="userDataSource" class="org.apache.nifi.admin.UserDataSourceFactoryBean" destroy-method="shutdown">
+ <!-- initialize the user key data source -->
+ <bean id="keyDataSource" class="org.apache.nifi.admin.KeyDataSourceFactoryBean" destroy-method="shutdown">
<property name="properties" ref="nifiProperties"/>
</bean>
- <!-- initialize the data source -->
- <bean id="auditDataSource" class="org.apache.nifi.admin.AuditDataSourceFactoryBean" destroy-method="shutdown" depends-on="userDataSource">
+ <!-- initialize the audit data source -->
+ <bean id="auditDataSource" class="org.apache.nifi.admin.AuditDataSourceFactoryBean" destroy-method="shutdown">
<property name="properties" ref="nifiProperties"/>
</bean>
-
- <!-- initialize the user transaction builder -->
- <bean id="userTransactionBuilder" class="org.apache.nifi.admin.service.transaction.impl.StandardTransactionBuilder">
- <property name="authorityProvider" ref="authorityProvider"/>
- <property name="dataSource" ref="userDataSource"/>
+
+ <!-- initialize the user key transaction builder -->
+ <bean id="keyTransactionBuilder" class="org.apache.nifi.admin.service.transaction.impl.StandardTransactionBuilder">
+ <property name="dataSource" ref="keyDataSource"/>
</bean>
-
+
<!-- initialize the audit transaction builder -->
<bean id="auditTransactionBuilder" class="org.apache.nifi.admin.service.transaction.impl.StandardTransactionBuilder">
- <property name="authorityProvider" ref="authorityProvider"/>
<property name="dataSource" ref="auditDataSource"/>
</bean>
-
+
<!-- administration service -->
- <bean id="userService" class="org.apache.nifi.admin.service.impl.StandardUserService" init-method="seedUserAccounts">
- <property name="transactionBuilder" ref="userTransactionBuilder"/>
+ <bean id="keyService" class="org.apache.nifi.admin.service.impl.StandardKeyService">
+ <property name="transactionBuilder" ref="keyTransactionBuilder"/>
<property name="properties" ref="nifiProperties"/>
</bean>
[15/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java
index cfe18c5..0c6cbee 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java
@@ -50,8 +50,6 @@ import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.dto.SnippetDTO;
import org.apache.nifi.web.api.dto.SystemDiagnosticsDTO;
import org.apache.nifi.web.api.dto.TemplateDTO;
-import org.apache.nifi.web.api.dto.UserDTO;
-import org.apache.nifi.web.api.dto.UserGroupDTO;
import org.apache.nifi.web.api.dto.action.ActionDTO;
import org.apache.nifi.web.api.dto.action.HistoryDTO;
import org.apache.nifi.web.api.dto.action.HistoryQueryDTO;
@@ -68,7 +66,6 @@ import org.apache.nifi.web.api.dto.status.ProcessorStatusDTO;
import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO;
import org.apache.nifi.web.api.dto.status.StatusHistoryDTO;
-import java.util.Collection;
import java.util.Date;
import java.util.Set;
@@ -119,13 +116,12 @@ public interface NiFiServiceFacade {
/**
* Gets the content for the specified flowfile in the specified connection.
*
- * @param groupId group
* @param connectionId connection
* @param flowfileUuid flowfile
* @param uri uri
* @return content
*/
- DownloadableContent getContent(String groupId, String connectionId, String flowfileUuid, String uri);
+ DownloadableContent getContent(String connectionId, String flowfileUuid, String uri);
/**
* Retrieves provenance.
@@ -368,15 +364,6 @@ public interface NiFiServiceFacade {
/**
* Gets the Processor transfer object for the specified id.
*
- * @param groupId Id of the processor group containing the processor
- * @param id Id of the processor to return
- * @return The Processor transfer object
- */
- ProcessorDTO getProcessor(String groupId, String id);
-
- /**
- * Gets the Processor transfer object for the specified id.
- *
* @param id Id of the processor to return
* @return The Processor transfer object
*/
@@ -385,30 +372,27 @@ public interface NiFiServiceFacade {
/**
* Gets the processor status.
*
- * @param groupId group
* @param id id
* @return status
*/
- ProcessorStatusDTO getProcessorStatus(String groupId, String id);
+ ProcessorStatusDTO getProcessorStatus(String id);
/**
* Gets the processor status history.
*
- * @param groupId group
* @param id id
* @return history
*/
- StatusHistoryDTO getProcessorStatusHistory(String groupId, String id);
+ StatusHistoryDTO getProcessorStatusHistory(String id);
/**
* Get the descriptor for the specified property of the specified processor.
*
- * @param groupId group
* @param id id
* @param property property
* @return descriptor
*/
- PropertyDescriptorDTO getProcessorPropertyDescriptor(String groupId, String id, String property);
+ PropertyDescriptorDTO getProcessorPropertyDescriptor(String id, String property);
/**
* Gets all the Processor transfer objects for this controller.
@@ -426,44 +410,34 @@ public interface NiFiServiceFacade {
void verifyUpdateProcessor(ProcessorDTO processorDTO);
/**
- * Verifies the specified processor can be updated.
- *
- * @param groupId group
- * @param processorDTO processor
- */
- void verifyUpdateProcessor(String groupId, ProcessorDTO processorDTO);
-
- /**
* Updates the specified Processor.
*
* @param revision Revision to compare with current base revision
- * @param groupId group
* @param processorDTO The processorDTO
* @return The updated processor
*/
- ConfigurationSnapshot<ProcessorDTO> updateProcessor(Revision revision, String groupId, ProcessorDTO processorDTO);
+ ConfigurationSnapshot<ProcessorDTO> updateProcessor(Revision revision, ProcessorDTO processorDTO);
/**
* Verifies the specified processor can be removed.
*
- * @param groupId group
* @param processorId processor
*/
- void verifyDeleteProcessor(String groupId, String processorId);
+ void verifyDeleteProcessor(String processorId);
/**
* Deletes the specified processor.
*
* @param revision Revision to compare with current base revision
- * @param groupId group
* @param processorId The processor id to delete
* @return snapshot
*/
- ConfigurationSnapshot<Void> deleteProcessor(Revision revision, String groupId, String processorId);
+ ConfigurationSnapshot<Void> deleteProcessor(Revision revision, String processorId);
// ----------------------------------------
// Connections methods
// ----------------------------------------
+
/**
* Gets the Connection transfer objects for the specified source processor.
*
@@ -475,29 +449,26 @@ public interface NiFiServiceFacade {
/**
* Gets the specified Connection transfer object.
*
- * @param groupId group
* @param connectionId The ID of the connection
* @return The Connection transfer object
*/
- ConnectionDTO getConnection(String groupId, String connectionId);
+ ConnectionDTO getConnection(String connectionId);
/**
* Gets the status of the specified connection.
*
- * @param groupId group
* @param connectionId connection
* @return status
*/
- ConnectionStatusDTO getConnectionStatus(String groupId, String connectionId);
+ ConnectionStatusDTO getConnectionStatus(String connectionId);
/**
* Gets the status history of the specified connection.
*
- * @param groupId group
* @param connectionId connection
* @return history
*/
- StatusHistoryDTO getConnectionStatusHistory(String groupId, String connectionId);
+ StatusHistoryDTO getConnectionStatusHistory(String connectionId);
/**
* Creates a new Relationship target.
@@ -512,10 +483,9 @@ public interface NiFiServiceFacade {
/**
* Determines if this connection can be listed.
*
- * @param groupId group
* @param connectionId connection
*/
- void verifyListQueue(String groupId, String connectionId);
+ void verifyListQueue(String connectionId);
/**
* Determines if this connection can be created.
@@ -528,108 +498,97 @@ public interface NiFiServiceFacade {
/**
* Determines if this connection can be updated.
*
- * @param groupId group
* @param connectionDTO connection
*/
- void verifyUpdateConnection(String groupId, ConnectionDTO connectionDTO);
+ void verifyUpdateConnection(ConnectionDTO connectionDTO);
/**
* Updates the specified Relationship target.
*
* @param revision Revision to compare with current base revision
- * @param groupId group
* @param connectionDTO The Connection DTO
* @return The Connection DTO
*/
- ConfigurationSnapshot<ConnectionDTO> updateConnection(Revision revision, String groupId, ConnectionDTO connectionDTO);
+ ConfigurationSnapshot<ConnectionDTO> updateConnection(Revision revision, ConnectionDTO connectionDTO);
/**
* Determines if this connection can be removed.
*
- * @param groupId group
* @param connectionId connection
*/
- void verifyDeleteConnection(String groupId, String connectionId);
+ void verifyDeleteConnection(String connectionId);
/**
* Deletes the specified relationship target.
*
* @param revision Revision to compare with current base revision
- * @param groupId group
* @param connectionId The ID of the connection
* @return snapshot
*/
- ConfigurationSnapshot<Void> deleteConnection(Revision revision, String groupId, String connectionId);
+ ConfigurationSnapshot<Void> deleteConnection(Revision revision, String connectionId);
/**
* Creates a new flow file drop request.
*
- * @param groupId group
* @param connectionId The ID of the connection
* @param dropRequestId The ID of the drop request
* @return The DropRequest
*/
- DropRequestDTO createFlowFileDropRequest(String groupId, String connectionId, String dropRequestId);
+ DropRequestDTO createFlowFileDropRequest(String connectionId, String dropRequestId);
/**
* Gets the specified flow file drop request.
*
- * @param groupId group
* @param connectionId The ID of the connection
* @param dropRequestId The flow file drop request
* @return The DropRequest
*/
- DropRequestDTO getFlowFileDropRequest(String groupId, String connectionId, String dropRequestId);
+ DropRequestDTO getFlowFileDropRequest(String connectionId, String dropRequestId);
/**
* Cancels/removes the specified flow file drop request.
*
- * @param groupId group
* @param connectionId The ID of the connection
* @param dropRequestId The flow file drop request
* @return The DropRequest
*/
- DropRequestDTO deleteFlowFileDropRequest(String groupId, String connectionId, String dropRequestId);
+ DropRequestDTO deleteFlowFileDropRequest(String connectionId, String dropRequestId);
/**
* Creates a new flow file listing request.
*
- * @param groupId group
* @param connectionId The ID of the connection
* @param listingRequestId The ID of the listing request
* @return The ListingRequest
*/
- ListingRequestDTO createFlowFileListingRequest(String groupId, String connectionId, String listingRequestId);
+ ListingRequestDTO createFlowFileListingRequest(String connectionId, String listingRequestId);
/**
* Gets a new flow file listing request.
*
- * @param groupId group
* @param connectionId The ID of the connection
* @param listingRequestId The ID of the listing request
* @return The ListingRequest
*/
- ListingRequestDTO getFlowFileListingRequest(String groupId, String connectionId, String listingRequestId);
+ ListingRequestDTO getFlowFileListingRequest(String connectionId, String listingRequestId);
/**
* Deletes a new flow file listing request.
*
- * @param groupId group
* @param connectionId The ID of the connection
* @param listingRequestId The ID of the listing request
* @return The ListingRequest
*/
- ListingRequestDTO deleteFlowFileListingRequest(String groupId, String connectionId, String listingRequestId);
+ ListingRequestDTO deleteFlowFileListingRequest(String connectionId, String listingRequestId);
/**
* Gets the specified flowfile from the specified connection.
*
- * @param groupId group
* @param connectionId The ID of the connection
* @param flowFileUuid The UUID of the flowfile
* @return The FlowFileDTO
*/
- FlowFileDTO getFlowFile(String groupId, String connectionId, String flowFileUuid);
+ FlowFileDTO getFlowFile(String connectionId, String flowFileUuid);
// ----------------------------------------
// InputPort methods
@@ -647,11 +606,10 @@ public interface NiFiServiceFacade {
/**
* Gets an input port.
*
- * @param groupId The id of the group this port is in
* @param inputPortId The input port id
* @return port
*/
- PortDTO getInputPort(String groupId, String inputPortId);
+ PortDTO getInputPort(String inputPortId);
/**
* Gets all input ports in a given group.
@@ -664,47 +622,42 @@ public interface NiFiServiceFacade {
/**
* Gets the input port status.
*
- * @param groupId group
* @param inputPortId input port
* @return status
*/
- PortStatusDTO getInputPortStatus(String groupId, String inputPortId);
+ PortStatusDTO getInputPortStatus(String inputPortId);
/**
* Determines if the input port could be updated.
*
- * @param groupId The id of the group
* @param inputPortDTO The id of the input port
*/
- void verifyUpdateInputPort(String groupId, PortDTO inputPortDTO);
+ void verifyUpdateInputPort(PortDTO inputPortDTO);
/**
* Updates the specified input port.
*
* @param revision Revision to compare with current base revision
- * @param groupId The id of the group
* @param inputPortDTO The input PortDTO
* @return snapshort
*/
- ConfigurationSnapshot<PortDTO> updateInputPort(Revision revision, String groupId, PortDTO inputPortDTO);
+ ConfigurationSnapshot<PortDTO> updateInputPort(Revision revision, PortDTO inputPortDTO);
/**
* Determines if the input port could be deleted.
*
- * @param groupId The id of the group
* @param inputPortId The id of the input port
*/
- void verifyDeleteInputPort(String groupId, String inputPortId);
+ void verifyDeleteInputPort(String inputPortId);
/**
* Deletes the specified input port.
*
* @param revision Revision to compare with current base revision
- * @param groupId The id of the group
* @param inputPortId The id of the input port
* @return snapshot
*/
- ConfigurationSnapshot<Void> deleteInputPort(Revision revision, String groupId, String inputPortId);
+ ConfigurationSnapshot<Void> deleteInputPort(Revision revision, String inputPortId);
// ----------------------------------------
// OutputPort methods
@@ -722,11 +675,10 @@ public interface NiFiServiceFacade {
/**
* Gets an output port.
*
- * @param groupId The id of the group this port is in
* @param outputPortId The output port id
* @return port
*/
- PortDTO getOutputPort(String groupId, String outputPortId);
+ PortDTO getOutputPort(String outputPortId);
/**
* Gets all output ports in a given group.
@@ -739,47 +691,42 @@ public interface NiFiServiceFacade {
/**
* Gets the output port status.
*
- * @param groupId group
* @param outputPortId output port
* @return status
*/
- PortStatusDTO getOutputPortStatus(String groupId, String outputPortId);
+ PortStatusDTO getOutputPortStatus(String outputPortId);
/**
* Determines if the output port could be updated.
*
- * @param groupId The id of the group
* @param outputPortDTO The id of the output port
*/
- void verifyUpdateOutputPort(String groupId, PortDTO outputPortDTO);
+ void verifyUpdateOutputPort(PortDTO outputPortDTO);
/**
* Updates the specified output port.
*
* @param revision Revision to compare with current base revision
- * @param groupId The id of the group
* @param outputPortDTO The output PortDTO
* @return snapshot
*/
- ConfigurationSnapshot<PortDTO> updateOutputPort(Revision revision, String groupId, PortDTO outputPortDTO);
+ ConfigurationSnapshot<PortDTO> updateOutputPort(Revision revision, PortDTO outputPortDTO);
/**
* Determines if the output port could be deleted.
*
- * @param groupId The id of the group
* @param outputPortId The id of the output port
*/
- void verifyDeleteOutputPort(String groupId, String outputPortId);
+ void verifyDeleteOutputPort(String outputPortId);
/**
* Determines if the output port could be deleted.
*
* @param revision revision
- * @param groupId The id of the group
* @param outputPortId The id of the output port
* @return snapshot
*/
- ConfigurationSnapshot<Void> deleteOutputPort(Revision revision, String groupId, String outputPortId);
+ ConfigurationSnapshot<Void> deleteOutputPort(Revision revision, String outputPortId);
// ----------------------------------------
// ProcessGroup methods
@@ -822,11 +769,10 @@ public interface NiFiServiceFacade {
* Updates the specified process group.
*
* @param revision Revision to compare with current base revision
- * @param parentGroupId The id of the parent group
* @param processGroupDTO The ProcessGroupDTO
* @return snapshot
*/
- ConfigurationSnapshot<ProcessGroupDTO> updateProcessGroup(Revision revision, String parentGroupId, ProcessGroupDTO processGroupDTO);
+ ConfigurationSnapshot<ProcessGroupDTO> updateProcessGroup(Revision revision, ProcessGroupDTO processGroupDTO);
/**
* Verifies the specified process group can be removed.
@@ -844,13 +790,6 @@ public interface NiFiServiceFacade {
*/
ConfigurationSnapshot<Void> deleteProcessGroup(Revision revision, String groupId);
- /**
- * The instance id of this NiFi.
- *
- * @return identifier
- */
- String getInstanceId();
-
// ----------------------------------------
// RemoteProcessGroup methods
// ----------------------------------------
@@ -867,11 +806,10 @@ public interface NiFiServiceFacade {
/**
* Gets a remote process group.
*
- * @param groupId The id of the parent group
* @param remoteProcessGroupId The id of the remote process group
* @return group
*/
- RemoteProcessGroupDTO getRemoteProcessGroup(String groupId, String remoteProcessGroupId);
+ RemoteProcessGroupDTO getRemoteProcessGroup(String remoteProcessGroupId);
/**
* Gets all remote process groups in the a given parent group.
@@ -884,99 +822,86 @@ public interface NiFiServiceFacade {
/**
* Gets the remote process group status.
*
- * @param groupId group
* @param id remote process group
* @return status
*/
- RemoteProcessGroupStatusDTO getRemoteProcessGroupStatus(String groupId, String id);
+ RemoteProcessGroupStatusDTO getRemoteProcessGroupStatus(String id);
/**
* Gets the remote process group status history.
*
- * @param groupId The id of the parent group
* @param id The id of the remote process group
* @return history
*/
- StatusHistoryDTO getRemoteProcessGroupStatusHistory(String groupId, String id);
+ StatusHistoryDTO getRemoteProcessGroupStatusHistory(String id);
/**
* Verifies the specified remote process group can be updated.
*
- * @param groupId The id of the parent group
* @param remoteProcessGroupDTO The RemoteProcessGroupDTO
*/
- void verifyUpdateRemoteProcessGroup(String groupId, RemoteProcessGroupDTO remoteProcessGroupDTO);
+ void verifyUpdateRemoteProcessGroup(RemoteProcessGroupDTO remoteProcessGroupDTO);
/**
* Verifies the specified remote process group can update the specified remote input port.
*
- * @param groupId The id of the parent group
* @param remoteProcessGroupId The id of the remote process group
* @param remoteProcessGroupPortDTO The RemoteProcessGroupPortDTO
*/
- void verifyUpdateRemoteProcessGroupInputPort(String groupId, String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDTO);
+ void verifyUpdateRemoteProcessGroupInputPort(String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDTO);
/**
* Verifies the specified remote process group can update the specified remote output port.
*
- * @param groupId The id of the parent group
* @param remoteProcessGroupId The id of the remote process group
* @param remoteProcessGroupPortDTO The RemoteProcessGroupPortDTO
*/
- void verifyUpdateRemoteProcessGroupOutputPort(String groupId, String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDTO);
+ void verifyUpdateRemoteProcessGroupOutputPort(String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDTO);
/**
* Updates the specified remote process group.
*
* @param revision Revision to compare with current base revision
- * @param groupId The id of the parent group
* @param remoteProcessGroupDTO The RemoteProcessGroupDTO
* @return snapshot
*/
- ConfigurationSnapshot<RemoteProcessGroupDTO> updateRemoteProcessGroup(Revision revision, String groupId,
- RemoteProcessGroupDTO remoteProcessGroupDTO);
+ ConfigurationSnapshot<RemoteProcessGroupDTO> updateRemoteProcessGroup(Revision revision, RemoteProcessGroupDTO remoteProcessGroupDTO);
/**
* Updates the specified remote process groups input port.
*
* @param revision Revision to compare with current base revision
- * @param groupId The id of the parent group
* @param remoteProcessGroupId The id of the remote process group
* @param remoteProcessGroupPortDTO The RemoteProcessGroupPortDTO
* @return snapshot
*/
- ConfigurationSnapshot<RemoteProcessGroupPortDTO> updateRemoteProcessGroupInputPort(Revision revision, String groupId, String remoteProcessGroupId,
- RemoteProcessGroupPortDTO remoteProcessGroupPortDTO);
+ ConfigurationSnapshot<RemoteProcessGroupPortDTO> updateRemoteProcessGroupInputPort(Revision revision, String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDTO);
/**
* Updates the specified remote process groups output port.
*
* @param revision Revision to compare with current base revision
- * @param groupId The id of the parent group
* @param remoteProcessGroupId The id of the remote process group
* @param remoteProcessGroupPortDTO The RemoteProcessGroupPortDTO
* @return snapshot
*/
- ConfigurationSnapshot<RemoteProcessGroupPortDTO> updateRemoteProcessGroupOutputPort(Revision revision, String groupId, String remoteProcessGroupId,
- RemoteProcessGroupPortDTO remoteProcessGroupPortDTO);
+ ConfigurationSnapshot<RemoteProcessGroupPortDTO> updateRemoteProcessGroupOutputPort(Revision revision, String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDTO);
/**
* Verifies the remote process group can be deleted.
*
- * @param groupId The id of the parent group
* @param remoteProcessGroupId The id of the remote process group
*/
- void verifyDeleteRemoteProcessGroup(String groupId, String remoteProcessGroupId);
+ void verifyDeleteRemoteProcessGroup(String remoteProcessGroupId);
/**
* Deletes the specified remote process group.
*
* @param revision Revision to compare with current base revision
- * @param groupId The id of the parent group
* @param remoteProcessGroupId The id of the remote process group
* @return snapshot
*/
- ConfigurationSnapshot<Void> deleteRemoteProcessGroup(Revision revision, String groupId, String remoteProcessGroupId);
+ ConfigurationSnapshot<Void> deleteRemoteProcessGroup(Revision revision, String remoteProcessGroupId);
// ----------------------------------------
// Funnel methods
@@ -994,11 +919,10 @@ public interface NiFiServiceFacade {
/**
* Gets the specified funnel.
*
- * @param groupId group
* @param funnelId The funnel id
* @return The funnel transfer object
*/
- FunnelDTO getFunnel(String groupId, String funnelId);
+ FunnelDTO getFunnel(String funnelId);
/**
* Gets all of the funnels.
@@ -1012,29 +936,26 @@ public interface NiFiServiceFacade {
* Updates the specified label.
*
* @param revision Revision to compare with current base revision
- * @param groupId group
* @param funnelDTO The funnel DTO
* @return The funnel DTO
*/
- ConfigurationSnapshot<FunnelDTO> updateFunnel(Revision revision, String groupId, FunnelDTO funnelDTO);
+ ConfigurationSnapshot<FunnelDTO> updateFunnel(Revision revision, FunnelDTO funnelDTO);
/**
* Verifies the specified funnel can be deleted.
*
- * @param groupId group
* @param funnelId funnel
*/
- void verifyDeleteFunnel(String groupId, String funnelId);
+ void verifyDeleteFunnel(String funnelId);
/**
- * Deletes the specified label.
+ * Deletes the specified funnel.
*
* @param revision Revision to compare with current base revision
- * @param groupId group
* @param funnelId The funnel id
* @return snapshot
*/
- ConfigurationSnapshot<Void> deleteFunnel(Revision revision, String groupId, String funnelId);
+ ConfigurationSnapshot<Void> deleteFunnel(Revision revision, String funnelId);
// ----------------------------------------
// Component state methods
@@ -1043,29 +964,26 @@ public interface NiFiServiceFacade {
/**
* Gets the state for the specified processor.
*
- * @param groupId group
* @param processorId the processor id
* @return the component state
*/
- ComponentStateDTO getProcessorState(String groupId, String processorId);
+ ComponentStateDTO getProcessorState(String processorId);
/**
* Verifies the processor state could be cleared.
*
- * @param groupId group
* @param processorId the processor id
*/
- void verifyCanClearProcessorState(String groupId, String processorId);
+ void verifyCanClearProcessorState(String processorId);
/**
* Clears the state for the specified processor.
*
* @param revision Revision to compare with current base revision
- * @param groupId group
* @param processorId the processor id
* @return snapshot
*/
- ConfigurationSnapshot<Void> clearProcessorState(Revision revision, String groupId, String processorId);
+ ConfigurationSnapshot<Void> clearProcessorState(Revision revision, String processorId);
/**
* Gets the state for the specified controller service.
@@ -1131,11 +1049,10 @@ public interface NiFiServiceFacade {
/**
* Gets the specified label.
*
- * @param groupId group
* @param labelId The label id
* @return The label transfer object
*/
- LabelDTO getLabel(String groupId, String labelId);
+ LabelDTO getLabel(String labelId);
/**
* Gets all of the labels.
@@ -1149,21 +1066,19 @@ public interface NiFiServiceFacade {
* Updates the specified label.
*
* @param revision Revision to compare with current base revision
- * @param groupId group
* @param labelDTO The label DTO
* @return The label DTO
*/
- ConfigurationSnapshot<LabelDTO> updateLabel(Revision revision, String groupId, LabelDTO labelDTO);
+ ConfigurationSnapshot<LabelDTO> updateLabel(Revision revision, LabelDTO labelDTO);
/**
* Deletes the specified label.
*
* @param revision Revision to compare with current base revision
- * @param groupId group
* @param labelId The label id
* @return snapshot
*/
- ConfigurationSnapshot<Void> deleteLabel(Revision revision, String groupId, String labelId);
+ ConfigurationSnapshot<Void> deleteLabel(Revision revision, String labelId);
// ----------------------------------------
// Controller Services methods
@@ -1429,84 +1344,6 @@ public interface NiFiServiceFacade {
ConfigurationSnapshot<Void> deleteSnippet(Revision revision, String snippetId);
// ----------------------------------------
- // User methods
- // ----------------------------------------
- /**
- * Gets the user with the specified id.
- *
- * @param userId The user id
- * @return user
- */
- UserDTO getUser(String userId);
-
- /**
- * Gets all of the users registered with this controller.
- *
- * @param grouped grouped
- * @return user
- */
- Collection<UserDTO> getUsers(Boolean grouped);
-
- /**
- * Creates a new account request.
- *
- * @return user
- */
- UserDTO createUser();
-
- /**
- * Updates the specified user accordingly.
- *
- * @param user The user to update
- * @return user
- */
- UserDTO updateUser(UserDTO user);
-
- /**
- * Invalidates the specified user.
- *
- * @param userId user
- */
- void invalidateUser(String userId);
-
- /**
- * Invalidates the specified user accounts and all accounts associated with this group.
- *
- * @param userGroup group
- * @param userIds id
- */
- void invalidateUserGroup(String userGroup, Set<String> userIds);
-
- /**
- * Deletes the specified user.
- *
- * @param userId user id
- */
- void deleteUser(String userId);
-
- /**
- * Updates a user group with the specified group and comprised of the specified users.
- *
- * @param userGroup group
- * @return group
- */
- UserGroupDTO updateUserGroup(UserGroupDTO userGroup);
-
- /**
- * Ungroups the specified user.
- *
- * @param userId id
- */
- void removeUserFromGroup(String userId);
-
- /**
- * Deletes the specified user group.
- *
- * @param userGroup group
- */
- void removeUserGroup(String userGroup);
-
- // ----------------------------------------
// Cluster methods
// ----------------------------------------
/**
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
index fd44636..a3a9e48 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
@@ -16,17 +16,16 @@
*/
package org.apache.nifi.web;
-import org.apache.nifi.admin.service.UserService;
+import org.apache.nifi.admin.service.KeyService;
import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.security.NiFiAuthenticationProvider;
import org.apache.nifi.web.security.anonymous.NiFiAnonymousUserFilter;
import org.apache.nifi.web.security.jwt.JwtAuthenticationFilter;
-import org.apache.nifi.web.security.jwt.JwtService;
+import org.apache.nifi.web.security.jwt.JwtAuthenticationProvider;
import org.apache.nifi.web.security.node.NodeAuthorizedUserFilter;
import org.apache.nifi.web.security.otp.OtpAuthenticationFilter;
-import org.apache.nifi.web.security.otp.OtpService;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
+import org.apache.nifi.web.security.otp.OtpAuthenticationProvider;
import org.apache.nifi.web.security.x509.X509AuthenticationFilter;
+import org.apache.nifi.web.security.x509.X509AuthenticationProvider;
import org.apache.nifi.web.security.x509.X509CertificateExtractor;
import org.apache.nifi.web.security.x509.X509IdentityProvider;
import org.slf4j.Logger;
@@ -42,8 +41,8 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
+import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
/**
* NiFi Web Api Spring security
@@ -55,17 +54,22 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
private static final Logger logger = LoggerFactory.getLogger(NiFiWebApiSecurityConfiguration.class);
private NiFiProperties properties;
- private UserService userService;
- private AuthenticationUserDetailsService authenticationUserDetailsService;
- private JwtService jwtService;
- private OtpService otpService;
+ private KeyService keyService;
+
+ private NodeAuthorizedUserFilter nodeAuthorizedUserFilter;
+
+ private X509AuthenticationFilter x509AuthenticationFilter;
private X509CertificateExtractor certificateExtractor;
+ private X509PrincipalExtractor principalExtractor;
private X509IdentityProvider certificateIdentityProvider;
+ private X509AuthenticationProvider x509AuthenticationProvider;
- private NodeAuthorizedUserFilter nodeAuthorizedUserFilter;
private JwtAuthenticationFilter jwtAuthenticationFilter;
+ private JwtAuthenticationProvider jwtAuthenticationProvider;
+
private OtpAuthenticationFilter otpAuthenticationFilter;
- private X509AuthenticationFilter x509AuthenticationFilter;
+ private OtpAuthenticationProvider otpAuthenticationProvider;
+
private NiFiAnonymousUserFilter anonymousAuthenticationFilter;
public NiFiWebApiSecurityConfiguration() {
@@ -95,17 +99,17 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
// cluster authorized user
http.addFilterBefore(nodeAuthorizedUserFilterBean(), AnonymousAuthenticationFilter.class);
- // anonymous
- http.anonymous().authenticationFilter(anonymousFilterBean());
-
// x509
- http.addFilterAfter(x509FilterBean(), AnonymousAuthenticationFilter.class);
+ http.addFilterBefore(x509FilterBean(), AnonymousAuthenticationFilter.class);
// jwt
- http.addFilterAfter(jwtFilterBean(), AnonymousAuthenticationFilter.class);
+ http.addFilterBefore(jwtFilterBean(), AnonymousAuthenticationFilter.class);
// otp
- http.addFilterAfter(otpFilterBean(), AnonymousAuthenticationFilter.class);
+ http.addFilterBefore(otpFilterBean(), AnonymousAuthenticationFilter.class);
+
+ // anonymous
+ http.anonymous().authenticationFilter(anonymousFilterBean());
}
@Bean
@@ -117,7 +121,10 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.authenticationProvider(new NiFiAuthenticationProvider(authenticationUserDetailsService));
+ auth
+ .authenticationProvider(x509AuthenticationProvider)
+ .authenticationProvider(jwtAuthenticationProvider)
+ .authenticationProvider(otpAuthenticationProvider);
}
@Bean
@@ -137,7 +144,6 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
jwtAuthenticationFilter = new JwtAuthenticationFilter();
jwtAuthenticationFilter.setProperties(properties);
jwtAuthenticationFilter.setAuthenticationManager(authenticationManager());
- jwtAuthenticationFilter.setJwtService(jwtService);
}
return jwtAuthenticationFilter;
}
@@ -148,7 +154,6 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
otpAuthenticationFilter = new OtpAuthenticationFilter();
otpAuthenticationFilter.setProperties(properties);
otpAuthenticationFilter.setAuthenticationManager(authenticationManager());
- otpAuthenticationFilter.setOtpService(otpService);
}
return otpAuthenticationFilter;
}
@@ -159,7 +164,7 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
x509AuthenticationFilter = new X509AuthenticationFilter();
x509AuthenticationFilter.setProperties(properties);
x509AuthenticationFilter.setCertificateExtractor(certificateExtractor);
- x509AuthenticationFilter.setCertificateIdentityProvider(certificateIdentityProvider);
+ x509AuthenticationFilter.setPrincipalExtractor(principalExtractor);
x509AuthenticationFilter.setAuthenticationManager(authenticationManager());
}
return x509AuthenticationFilter;
@@ -169,34 +174,34 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
public NiFiAnonymousUserFilter anonymousFilterBean() throws Exception {
if (anonymousAuthenticationFilter == null) {
anonymousAuthenticationFilter = new NiFiAnonymousUserFilter();
- anonymousAuthenticationFilter.setUserService(userService);
+ anonymousAuthenticationFilter.setKeyService(keyService);
}
return anonymousAuthenticationFilter;
}
@Autowired
- public void setUserDetailsService(AuthenticationUserDetailsService<NiFiAuthorizationRequestToken> userDetailsService) {
- this.authenticationUserDetailsService = userDetailsService;
+ public void setKeyService(KeyService keyService) {
+ this.keyService = keyService;
}
@Autowired
- public void setUserService(UserService userService) {
- this.userService = userService;
+ public void setProperties(NiFiProperties properties) {
+ this.properties = properties;
}
@Autowired
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
+ public void setJwtAuthenticationProvider(JwtAuthenticationProvider jwtAuthenticationProvider) {
+ this.jwtAuthenticationProvider = jwtAuthenticationProvider;
}
@Autowired
- public void setJwtService(JwtService jwtService) {
- this.jwtService = jwtService;
+ public void setOtpAuthenticationProvider(OtpAuthenticationProvider otpAuthenticationProvider) {
+ this.otpAuthenticationProvider = otpAuthenticationProvider;
}
@Autowired
- public void setOtpService(OtpService otpService) {
- this.otpService = otpService;
+ public void setX509AuthenticationProvider(X509AuthenticationProvider x509AuthenticationProvider) {
+ this.x509AuthenticationProvider = x509AuthenticationProvider;
}
@Autowired
@@ -205,6 +210,11 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
}
@Autowired
+ public void setPrincipalExtractor(X509PrincipalExtractor principalExtractor) {
+ this.principalExtractor = principalExtractor;
+ }
+
+ @Autowired
public void setCertificateIdentityProvider(X509IdentityProvider certificateIdentityProvider) {
this.certificateIdentityProvider = certificateIdentityProvider;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiContentAccess.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiContentAccess.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiContentAccess.java
index afaf3ed..7b5ab27 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiContentAccess.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiContentAccess.java
@@ -20,7 +20,6 @@ import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.ClientResponse.Status;
import com.sun.jersey.core.util.MultivaluedMapImpl;
import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.Authority;
import org.apache.nifi.cluster.manager.NodeResponse;
import org.apache.nifi.cluster.manager.exception.UnknownNodeException;
import org.apache.nifi.cluster.manager.impl.WebClusterManager;
@@ -29,7 +28,6 @@ import org.apache.nifi.cluster.protocol.NodeIdentifier;
import org.apache.nifi.controller.repository.claim.ContentDirection;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.security.user.NiFiUserDetails;
-import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.apache.nifi.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -180,19 +178,19 @@ public class StandardNiFiContentAccess implements ContentAccess {
}
private DownloadableContent getFlowFileContent(final String groupId, final String connectionId, final String flowfileId, final String dataUri) {
- // ensure the user is authorized as DFM - not checking with @PreAuthorized annotation as aspect not trigger on call within a class
- if (!NiFiUserUtils.getAuthorities().contains(Authority.ROLE_DFM.toString())) {
- throw new AccessDeniedException("Access is denied.");
- }
+ // TODO - ensure the user is authorized - not checking with @PreAuthorized annotation as aspect not trigger on call within a class
+// if (!NiFiUserUtils.getAuthorities().contains(Authority.ROLE_DFM.toString())) {
+// throw new AccessDeniedException("Access is denied.");
+// }
- return serviceFacade.getContent(groupId, connectionId, flowfileId, dataUri);
+ return serviceFacade.getContent(connectionId, flowfileId, dataUri);
}
private DownloadableContent getProvenanceEventContent(final Long eventId, final String dataUri, final ContentDirection direction) {
- // ensure the user is authorized as Provenance - not checking with @PreAuthorized annotation as aspect not trigger on call within a class
- if (!NiFiUserUtils.getAuthorities().contains(Authority.ROLE_PROVENANCE.toString())) {
- throw new AccessDeniedException("Access is denied.");
- }
+ // TODO - ensure the user is authorized - not checking with @PreAuthorized annotation as aspect not trigger on call within a class
+// if (!NiFiUserUtils.getAuthorities().contains(Authority.ROLE_PROVENANCE.toString())) {
+// throw new AccessDeniedException("Access is denied.");
+// }
return serviceFacade.getContent(eventId, dataUri, direction);
}
[09/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessorResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessorResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessorResource.java
index adede7b..076b3c2 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessorResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessorResource.java
@@ -16,7 +16,6 @@
*/
package org.apache.nifi.web.api;
-import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
@@ -38,7 +37,6 @@ import org.apache.nifi.web.NiFiServiceFacade;
import org.apache.nifi.web.Revision;
import org.apache.nifi.web.UiExtensionType;
import org.apache.nifi.web.api.dto.ComponentStateDTO;
-import org.apache.nifi.web.api.dto.PositionDTO;
import org.apache.nifi.web.api.dto.ProcessorConfigDTO;
import org.apache.nifi.web.api.dto.ProcessorDTO;
import org.apache.nifi.web.api.dto.PropertyDescriptorDTO;
@@ -46,23 +44,19 @@ import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.dto.status.ProcessorStatusDTO;
import org.apache.nifi.web.api.dto.status.StatusHistoryDTO;
import org.apache.nifi.web.api.entity.ComponentStateEntity;
+import org.apache.nifi.web.api.entity.Entity;
import org.apache.nifi.web.api.entity.ProcessorEntity;
import org.apache.nifi.web.api.entity.ProcessorStatusEntity;
-import org.apache.nifi.web.api.entity.ProcessorsEntity;
import org.apache.nifi.web.api.entity.PropertyDescriptorEntity;
import org.apache.nifi.web.api.entity.StatusHistoryEntity;
import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.nifi.web.api.request.DoubleParameter;
-import org.apache.nifi.web.api.request.IntegerParameter;
import org.apache.nifi.web.api.request.LongParameter;
-import org.springframework.security.access.prepost.PreAuthorize;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
-import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HttpMethod;
import javax.ws.rs.POST;
@@ -71,26 +65,19 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import java.net.URI;
-import java.net.URISyntaxException;
import java.util.Arrays;
-import java.util.HashMap;
import java.util.HashSet;
-import java.util.LinkedHashMap;
import java.util.List;
-import java.util.Map;
import java.util.Set;
-import java.util.UUID;
/**
* RESTful endpoint for managing a Processor.
*/
-@Api(hidden = true)
+@Path("processors")
public class ProcessorResource extends ApplicationResource {
private static final List<Long> POSSIBLE_RUN_DURATIONS = Arrays.asList(0L, 25L, 50L, 100L, 250L, 500L, 1000L, 2000L);
@@ -98,7 +85,6 @@ public class ProcessorResource extends ApplicationResource {
private NiFiServiceFacade serviceFacade;
private WebClusterManager clusterManager;
private NiFiProperties properties;
- private String groupId;
@Context
private ServletContext servletContext;
@@ -119,9 +105,9 @@ public class ProcessorResource extends ApplicationResource {
/**
* Populate the uri's for the specified processor and its relationships.
*/
- private ProcessorDTO populateRemainingProcessorContent(ProcessorDTO processor) {
+ public ProcessorDTO populateRemainingProcessorContent(ProcessorDTO processor) {
// populate the remaining properties
- processor.setUri(generateResourceUri("controller", "process-groups", processor.getParentGroupId(), "processors", processor.getId()));
+ processor.setUri(generateResourceUri("processors", processor.getId()));
// get the config details and see if there is a custom ui for this processor type
ProcessorConfigDTO config = processor.getConfig();
@@ -148,216 +134,6 @@ public class ProcessorResource extends ApplicationResource {
}
/**
- * Retrieves all the processors in this NiFi.
- *
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @return A processorsEntity.
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
- @ApiOperation(
- value = "Gets all processors",
- response = ProcessorsEntity.class,
- authorizations = {
- @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response getProcessors(@QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId) {
-
- // replicate if cluster manager
- if (properties.isClusterManager()) {
- return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
- }
-
- // get the processors
- final Set<ProcessorDTO> processorDTOs = serviceFacade.getProcessors(groupId);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final ProcessorsEntity entity = new ProcessorsEntity();
- entity.setRevision(revision);
- entity.setProcessors(populateRemainingProcessorsContent(processorDTOs));
-
- // generate the response
- return clusterContext(generateOkResponse(entity)).build();
- }
-
- /**
- * Creates a new processor.
- *
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param name The name of the new processor.
- * @param type The type of the new processor. This type should refer to one of the types in the GET /controller/processor-types response.
- * @param x The x coordinate for this funnels position.
- * @param y The y coordinate for this funnels position.
- * @return A processorEntity.
- */
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response createProcessor(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @FormParam("name") String name, @FormParam("type") String type,
- @FormParam("x") DoubleParameter x, @FormParam("y") DoubleParameter y) {
-
- // ensure the position has been specified
- if (x == null || y == null) {
- throw new IllegalArgumentException("The position (x, y) must be specified");
- }
-
- // create the processor dto
- final ProcessorDTO processorDTO = new ProcessorDTO();
- processorDTO.setName(name);
- processorDTO.setType(type);
- processorDTO.setPosition(new PositionDTO(x.getDouble(), y.getDouble()));
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the entity dto
- final ProcessorEntity processorEntity = new ProcessorEntity();
- processorEntity.setRevision(revision);
- processorEntity.setProcessor(processorDTO);
-
- // create the processor
- return createProcessor(httpServletRequest, processorEntity);
- }
-
- /**
- * Creates a new processor.
- *
- * @param httpServletRequest request
- * @param processorEntity A processorEntity.
- * @return A processorEntity.
- */
- @POST
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- @ApiOperation(
- value = "Creates a new processor",
- response = ProcessorEntity.class,
- authorizations = {
- @Authorization(value = "ROLE_DFM", type = "ROLE_DFM")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response createProcessor(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The processor configuration details.",
- required = true
- )
- ProcessorEntity processorEntity) {
-
- if (processorEntity == null || processorEntity.getProcessor() == null) {
- throw new IllegalArgumentException("Processor details must be specified.");
- }
-
- if (processorEntity.getRevision() == null) {
- throw new IllegalArgumentException("Revision must be specified.");
- }
-
- if (processorEntity.getProcessor().getId() != null) {
- throw new IllegalArgumentException("Processor ID cannot be specified.");
- }
-
- if (StringUtils.isBlank(processorEntity.getProcessor().getType())) {
- throw new IllegalArgumentException("The type of processor to create must be specified.");
- }
-
- // if cluster manager, convert POST to PUT (to maintain same ID across nodes) and replicate
- if (properties.isClusterManager()) {
-
- // create ID for resource
- final String id = UUID.randomUUID().toString();
-
- // set ID for resource
- processorEntity.getProcessor().setId(id);
-
- // convert POST request to PUT request to force entity ID to be the same across nodes
- URI putUri = null;
- try {
- putUri = new URI(getAbsolutePath().toString() + "/" + id);
- } catch (final URISyntaxException e) {
- throw new WebApplicationException(e);
- }
-
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // replicate put request
- return clusterManager.applyRequest(HttpMethod.PUT, putUri, updateClientId(processorEntity), getHeaders(headersToOverride)).getResponse();
-
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // create the new processor
- final RevisionDTO revision = processorEntity.getRevision();
- final ConfigurationSnapshot<ProcessorDTO> controllerResponse = serviceFacade.createProcessor(
- new Revision(revision.getVersion(), revision.getClientId()), groupId, processorEntity.getProcessor());
- final ProcessorDTO processor = controllerResponse.getConfiguration();
- populateRemainingProcessorContent(processor);
-
- // get the updated revision
- final RevisionDTO updatedRevision = new RevisionDTO();
- updatedRevision.setClientId(revision.getClientId());
- updatedRevision.setVersion(controllerResponse.getVersion());
-
- // generate the response entity
- final ProcessorEntity entity = new ProcessorEntity();
- entity.setRevision(updatedRevision);
- entity.setProcessor(processor);
-
- // generate a 201 created response
- String uri = processor.getUri();
- return clusterContext(generateCreatedResponse(URI.create(uri), entity)).build();
- }
-
- /**
* Retrieves the specified processor.
*
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
@@ -366,9 +142,9 @@ public class ProcessorResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets a processor",
response = ProcessorEntity.class,
@@ -405,7 +181,7 @@ public class ProcessorResource extends ApplicationResource {
}
// get the specified processor
- final ProcessorDTO processor = serviceFacade.getProcessor(groupId, id);
+ final ProcessorDTO processor = serviceFacade.getProcessor(id);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -429,9 +205,9 @@ public class ProcessorResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/status")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets status for a processor",
response = ProcessorStatusEntity.class,
@@ -505,7 +281,7 @@ public class ProcessorResource extends ApplicationResource {
}
// get the specified processor status
- final ProcessorStatusDTO processorStatus = serviceFacade.getProcessorStatus(groupId, id);
+ final ProcessorStatusDTO processorStatus = serviceFacade.getProcessorStatus(id);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -529,9 +305,9 @@ public class ProcessorResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/status/history")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets status history for a processor",
response = StatusHistoryEntity.class,
@@ -568,7 +344,7 @@ public class ProcessorResource extends ApplicationResource {
}
// get the specified processor status history
- final StatusHistoryDTO processorStatusHistory = serviceFacade.getProcessorStatusHistory(groupId, id);
+ final StatusHistoryDTO processorStatusHistory = serviceFacade.getProcessorStatusHistory(id);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -593,9 +369,9 @@ public class ProcessorResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/descriptors")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets the descriptor for a processor property",
response = PropertyDescriptorEntity.class,
@@ -642,7 +418,7 @@ public class ProcessorResource extends ApplicationResource {
}
// get the property descriptor
- final PropertyDescriptorDTO descriptor = serviceFacade.getProcessorPropertyDescriptor(groupId, id, propertyName);
+ final PropertyDescriptorDTO descriptor = serviceFacade.getProcessorPropertyDescriptor(id, propertyName);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -666,9 +442,9 @@ public class ProcessorResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/state")
- @PreAuthorize("hasAnyRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
@ApiOperation(
value = "Gets the state for a processor",
response = ComponentStateDTO.class,
@@ -703,7 +479,7 @@ public class ProcessorResource extends ApplicationResource {
}
// get the component state
- final ComponentStateDTO state = serviceFacade.getProcessorState(groupId, id);
+ final ComponentStateDTO state = serviceFacade.getProcessorState(id);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -722,16 +498,15 @@ public class ProcessorResource extends ApplicationResource {
* Clears the state for a processor.
*
* @param httpServletRequest servlet request
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param version The revision is used to verify the client is working with the latest version of the flow.
+ * @param revisionEntity The revision is used to verify the client is working with the latest version of the flow.
* @param id The id of the processor
* @return a componentStateEntity
*/
@POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/state/clear-requests")
- @PreAuthorize("hasAnyRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
@ApiOperation(
value = "Clears the state for a processor",
response = ComponentStateDTO.class,
@@ -751,21 +526,21 @@ public class ProcessorResource extends ApplicationResource {
public Response clearState(
@Context HttpServletRequest httpServletRequest,
@ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @ApiParam(
- value = "The revision is used to verify the client is working with the latest version of the flow.",
+ value = "The revision used to verify the client is working with the latest version of the flow.",
required = true
)
- @FormParam(VERSION) LongParameter version,
+ Entity revisionEntity,
@ApiParam(
value = "The processor id.",
required = true
)
@PathParam("id") String id) {
+ // ensure the revision was specified
+ if (revisionEntity == null || revisionEntity.getRevision() == null) {
+ throw new IllegalArgumentException("Revision must be specified.");
+ }
+
// replicate if cluster manager
if (properties.isClusterManager()) {
return clusterManager.applyRequest(HttpMethod.POST, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
@@ -774,27 +549,22 @@ public class ProcessorResource extends ApplicationResource {
// handle expects request (usually from the cluster manager)
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
- serviceFacade.verifyCanClearProcessorState(groupId, id);
+ serviceFacade.verifyCanClearProcessorState(id);
return generateContinueResponse().build();
}
- // get the revision specified by the user
- Long revision = null;
- if (version != null) {
- revision = version.getLong();
- }
-
// get the component state
- final ConfigurationSnapshot<Void> snapshot = serviceFacade.clearProcessorState(new Revision(revision, clientId.getClientId()), groupId, id);
+ final RevisionDTO requestRevision = revisionEntity.getRevision();
+ final ConfigurationSnapshot<Void> snapshot = serviceFacade.clearProcessorState(new Revision(requestRevision.getVersion(), requestRevision.getClientId()), id);
// create the revision
- final RevisionDTO revisionDTO = new RevisionDTO();
- revisionDTO.setClientId(clientId.getClientId());
- revisionDTO.setVersion(snapshot.getVersion());
+ final RevisionDTO responseRevision = new RevisionDTO();
+ responseRevision.setClientId(requestRevision.getClientId());
+ responseRevision.setVersion(snapshot.getVersion());
// generate the response entity
final ComponentStateEntity entity = new ComponentStateEntity();
- entity.setRevision(revisionDTO);
+ entity.setRevision(responseRevision);
// generate the response
return clusterContext(generateOkResponse(entity)).build();
@@ -804,168 +574,15 @@ public class ProcessorResource extends ApplicationResource {
* Updates the specified processor with the specified values.
*
* @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param id The id of the processor to update.
- * @param x The x coordinate for this processors position.
- * @param y The y coordinate for this processors position.
- * @param name The name of the processor.
- * @param concurrentlySchedulableTaskCount The number of concurrentlySchedulableTasks
- * @param schedulingPeriod The scheduling period
- * @param schedulingStrategy The scheduling strategy
- * @param penaltyDuration The penalty duration
- * @param yieldDuration The yield duration
- * @param runDurationMillis The run duration in milliseconds
- * @param bulletinLevel The bulletin level
- * @param comments Any comments about this processor.
- * @param markedForDeletion Array of property names whose value should be removed.
- * @param state The processors state.
- * @param formParams Additionally, the processor properties and styles are specified in the form parameters. Because the property names and styles differ from processor to processor they are
- * specified in a map-like fashion:
- * <br>
- * <ul>
- * <li>properties[required.file.path]=/path/to/file</li>
- * <li>properties[required.hostname]=localhost</li>
- * <li>properties[required.port]=80</li>
- * <li>properties[optional.file.path]=/path/to/file</li>
- * <li>properties[optional.hostname]=localhost</li>
- * <li>properties[optional.port]=80</li>
- * <li>properties[user.defined.pattern]=^.*?s.*$</li>
- * <li>style[background-color]=#aaaaaa</li>
- * </ul>
- *
- * @return A processorEntity.
- */
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response updateProcessor(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("id") String id,
- @FormParam("x") DoubleParameter x,
- @FormParam("y") DoubleParameter y,
- @FormParam("name") String name,
- @FormParam("concurrentlySchedulableTaskCount") IntegerParameter concurrentlySchedulableTaskCount,
- @FormParam("schedulingPeriod") String schedulingPeriod,
- @FormParam("penaltyDuration") String penaltyDuration,
- @FormParam("yieldDuration") String yieldDuration,
- @FormParam("runDurationMillis") LongParameter runDurationMillis,
- @FormParam("bulletinLevel") String bulletinLevel,
- @FormParam("schedulingStrategy") String schedulingStrategy,
- @FormParam("comments") String comments,
- @FormParam("markedForDeletion[]") List<String> markedForDeletion,
- @FormParam("state") String state,
- MultivaluedMap<String, String> formParams) {
-
- // create collections for holding the processor settings/properties
- final Map<String, String> processorProperties = new LinkedHashMap<>();
- final Map<String, String> processorStyle = new LinkedHashMap<>();
-
- // go through each parameter and look for processor properties
- for (String parameterName : formParams.keySet()) {
- if (StringUtils.isNotBlank(parameterName)) {
- // see if the parameter name starts with an expected parameter type...
- // if so, store the parameter name and value in the corresponding collection
- if (parameterName.startsWith("properties")) {
- final int startIndex = StringUtils.indexOf(parameterName, "[");
- final int endIndex = StringUtils.lastIndexOf(parameterName, "]");
- if (startIndex != -1 && endIndex != -1) {
- final String propertyName = StringUtils.substring(parameterName, startIndex + 1, endIndex);
- processorProperties.put(propertyName, formParams.getFirst(parameterName));
- }
- } else if (parameterName.startsWith("style")) {
- final int startIndex = StringUtils.indexOf(parameterName, "[");
- final int endIndex = StringUtils.lastIndexOf(parameterName, "]");
- if (startIndex != -1 && endIndex != -1) {
- final String styleName = StringUtils.substring(parameterName, startIndex + 1, endIndex);
- processorStyle.put(styleName, formParams.getFirst(parameterName));
- }
- }
- }
- }
-
- // set the properties to remove
- for (String propertyToDelete : markedForDeletion) {
- processorProperties.put(propertyToDelete, null);
- }
-
- // create the processor config dto
- final ProcessorConfigDTO configDTO = new ProcessorConfigDTO();
- configDTO.setSchedulingPeriod(schedulingPeriod);
- configDTO.setPenaltyDuration(penaltyDuration);
- configDTO.setYieldDuration(yieldDuration);
- configDTO.setBulletinLevel(bulletinLevel);
- configDTO.setComments(comments);
-
- // if the run duration is specified
- if (runDurationMillis != null) {
- // ensure the value is supported
- if (!POSSIBLE_RUN_DURATIONS.contains(runDurationMillis.getLong())) {
- throw new IllegalArgumentException("The run duration must be one of: " + StringUtils.join(POSSIBLE_RUN_DURATIONS, ", ") + " millis.");
- }
- configDTO.setRunDurationMillis(runDurationMillis.getLong());
- }
-
- if (concurrentlySchedulableTaskCount != null) {
- configDTO.setConcurrentlySchedulableTaskCount(concurrentlySchedulableTaskCount.getInteger());
- }
-
- // only set the properties when appropriate
- if (!processorProperties.isEmpty()) {
- configDTO.setProperties(processorProperties);
- }
-
- // create the processor dto
- final ProcessorDTO processorDTO = new ProcessorDTO();
- processorDTO.setId(id);
- processorDTO.setName(name);
- processorDTO.setState(state);
- processorDTO.setConfig(configDTO);
-
- // only set the styles when appropriate
- if (!processorStyle.isEmpty()) {
- processorDTO.setStyle(processorStyle);
- }
-
- // require both coordinates to be specified
- if (x != null && y != null) {
- processorDTO.setPosition(new PositionDTO(x.getDouble(), y.getDouble()));
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the entity dto
- final ProcessorEntity dtoEntity = new ProcessorEntity();
- dtoEntity.setRevision(revision);
- dtoEntity.setProcessor(processorDTO);
-
- // update the processor
- return updateProcessor(httpServletRequest, id, dtoEntity);
- }
-
- /**
- * Updates the specified processor with the specified values.
- *
- * @param httpServletRequest request
* @param id The id of the processor to update.
* @param processorEntity A processorEntity.
* @return A processorEntity.
*/
@PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates a processor",
response = ProcessorEntity.class,
@@ -1021,25 +638,21 @@ public class ProcessorResource extends ApplicationResource {
}
}
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
// replicate the request
- return clusterManager.applyRequest(HttpMethod.PUT, getAbsolutePath(), updateClientId(processorEntity), getHeaders(headersToOverride)).getResponse();
+ return clusterManager.applyRequest(HttpMethod.PUT, getAbsolutePath(), updateClientId(processorEntity), getHeaders()).getResponse();
}
// handle expects request (usually from the cluster manager)
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
- serviceFacade.verifyUpdateProcessor(groupId, requestProcessorDTO);
+ serviceFacade.verifyUpdateProcessor(requestProcessorDTO);
return generateContinueResponse().build();
}
// update the processor
final RevisionDTO revision = processorEntity.getRevision();
final ConfigurationSnapshot<ProcessorDTO> controllerResponse = serviceFacade.updateProcessor(
- new Revision(revision.getVersion(), revision.getClientId()), groupId, requestProcessorDTO);
+ new Revision(revision.getVersion(), revision.getClientId()), requestProcessorDTO);
// get the processor dto
final ProcessorDTO responseProcessorDTO = controllerResponse.getConfiguration();
@@ -1073,9 +686,9 @@ public class ProcessorResource extends ApplicationResource {
*/
@DELETE
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Deletes a processor",
response = ProcessorEntity.class,
@@ -1118,7 +731,7 @@ public class ProcessorResource extends ApplicationResource {
// handle expects request (usually from the cluster manager)
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
- serviceFacade.verifyDeleteProcessor(groupId, id);
+ serviceFacade.verifyDeleteProcessor(id);
return generateContinueResponse().build();
}
@@ -1129,7 +742,7 @@ public class ProcessorResource extends ApplicationResource {
}
// delete the processor
- final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteProcessor(new Revision(clientVersion, clientId.getClientId()), groupId, id);
+ final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteProcessor(new Revision(clientVersion, clientId.getClientId()), id);
// get the updated revision
final RevisionDTO updatedRevision = new RevisionDTO();
@@ -1149,10 +762,6 @@ public class ProcessorResource extends ApplicationResource {
this.serviceFacade = serviceFacade;
}
- public void setGroupId(String groupId) {
- this.groupId = groupId;
- }
-
public void setClusterManager(WebClusterManager clusterManager) {
this.clusterManager = clusterManager;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProvenanceResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProvenanceResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProvenanceResource.java
index 9460f73..670b16a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProvenanceResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProvenanceResource.java
@@ -22,37 +22,7 @@ import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import com.wordnik.swagger.annotations.Authorization;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.net.URI;
-import java.nio.charset.StandardCharsets;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedHashMap;
-import java.util.Map;
-import java.util.Set;
-import java.util.UUID;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.FormParam;
-import javax.ws.rs.GET;
-import javax.ws.rs.HttpMethod;
-import javax.ws.rs.POST;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.StreamingOutput;
-
+import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.cluster.context.ClusterContext;
import org.apache.nifi.cluster.context.ClusterContextThreadLocal;
import org.apache.nifi.cluster.manager.exception.UnknownNodeException;
@@ -62,8 +32,8 @@ import org.apache.nifi.cluster.protocol.NodeIdentifier;
import org.apache.nifi.controller.repository.claim.ContentDirection;
import org.apache.nifi.stream.io.StreamUtils;
import org.apache.nifi.util.NiFiProperties;
+import org.apache.nifi.web.DownloadableContent;
import org.apache.nifi.web.NiFiServiceFacade;
-import static org.apache.nifi.web.api.ApplicationResource.CLIENT_ID;
import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.dto.provenance.ProvenanceDTO;
import org.apache.nifi.web.api.dto.provenance.ProvenanceEventDTO;
@@ -80,12 +50,38 @@ import org.apache.nifi.web.api.request.ClientIdParameter;
import org.apache.nifi.web.api.request.DateTimeParameter;
import org.apache.nifi.web.api.request.IntegerParameter;
import org.apache.nifi.web.api.request.LongParameter;
-import org.apache.nifi.web.DownloadableContent;
-
-import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.access.prepost.PreAuthorize;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DELETE;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.FormParam;
+import javax.ws.rs.GET;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.StreamingOutput;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.URI;
+import java.nio.charset.StandardCharsets;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.LinkedHashMap;
+import java.util.Map;
+import java.util.Set;
+import java.util.UUID;
/**
* RESTful endpoint for querying data provenance.
@@ -126,7 +122,7 @@ public class ProvenanceResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/search-options")
- @PreAuthorize("hasRole('ROLE_PROVENANCE')")
+ // TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
@ApiOperation(
value = "Gets the searchable attributes for provenance events",
response = ProvenanceOptionsEntity.class,
@@ -183,7 +179,7 @@ public class ProvenanceResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/replays")
- @PreAuthorize("hasRole('ROLE_PROVENANCE') and hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE') and hasRole('ROLE_DFM')")
@ApiOperation(
value = "Replays content from a provenance event",
response = ProvenanceEventEntity.class,
@@ -278,7 +274,7 @@ public class ProvenanceResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.WILDCARD)
@Path("/events/{id}/content/input")
- @PreAuthorize("hasRole('ROLE_PROVENANCE')")
+ // TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
@ApiOperation(
value = "Gets the input content for a provenance event",
authorizations = {
@@ -377,7 +373,7 @@ public class ProvenanceResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.WILDCARD)
@Path("/events/{id}/content/output")
- @PreAuthorize("hasRole('ROLE_PROVENANCE')")
+ // TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
@ApiOperation(
value = "Gets the output content for a provenance event",
authorizations = {
@@ -488,7 +484,7 @@ public class ProvenanceResource extends ApplicationResource {
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_PROVENANCE')")
+ // TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
public Response submitProvenanceRequest(
@Context HttpServletRequest httpServletRequest,
@FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
@@ -569,7 +565,7 @@ public class ProvenanceResource extends ApplicationResource {
@Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_PROVENANCE')")
+ // TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
@ApiOperation(
value = "Submits a provenance query",
notes = "Provenance queries may be long running so this endpoint submits a request. The response will include the "
@@ -685,7 +681,7 @@ public class ProvenanceResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/{id}")
- @PreAuthorize("hasRole('ROLE_PROVENANCE')")
+ // TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
@ApiOperation(
value = "Gets a provenance query",
response = ProvenanceEntity.class,
@@ -771,7 +767,7 @@ public class ProvenanceResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/{id}")
- @PreAuthorize("hasRole('ROLE_PROVENANCE')")
+ // TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
@ApiOperation(
value = "Deletes a provenance query",
response = ProvenanceEntity.class,
@@ -860,7 +856,7 @@ public class ProvenanceResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/events/{id}")
- @PreAuthorize("hasRole('ROLE_PROVENANCE')")
+ // TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
@ApiOperation(
value = "Gets a provenance event",
response = ProvenanceEventEntity.class,
@@ -959,7 +955,7 @@ public class ProvenanceResource extends ApplicationResource {
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/lineage")
- @PreAuthorize("hasRole('ROLE_PROVENANCE')")
+ // TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
public Response submitLineageRequest(
@Context HttpServletRequest httpServletRequest,
@FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
@@ -1020,7 +1016,7 @@ public class ProvenanceResource extends ApplicationResource {
@Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/lineage")
- @PreAuthorize("hasRole('ROLE_PROVENANCE')")
+ // TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
@ApiOperation(
value = "Submits a lineage query",
notes = "Lineage queries may be long running so this endpoint submits a request. The response will include the "
@@ -1142,7 +1138,7 @@ public class ProvenanceResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/lineage/{id}")
- @PreAuthorize("hasRole('ROLE_PROVENANCE')")
+ // TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
@ApiOperation(
value = "Gets a lineage query",
response = LineageEntity.class,
@@ -1226,7 +1222,7 @@ public class ProvenanceResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/lineage/{id}")
- @PreAuthorize("hasRole('ROLE_PROVENANCE')")
+ // TODO - @PreAuthorize("hasRole('ROLE_PROVENANCE')")
@ApiOperation(
value = "Deletes a lineage query",
response = LineageEntity.class,
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java
index 8fc6a2c..868e647 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java
@@ -16,7 +16,6 @@
*/
package org.apache.nifi.web.api;
-import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
@@ -32,24 +31,19 @@ import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.ConfigurationSnapshot;
import org.apache.nifi.web.NiFiServiceFacade;
import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.api.dto.PositionDTO;
import org.apache.nifi.web.api.dto.RemoteProcessGroupDTO;
import org.apache.nifi.web.api.dto.RemoteProcessGroupPortDTO;
import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO;
import org.apache.nifi.web.api.dto.status.StatusHistoryDTO;
-import org.apache.nifi.web.api.entity.ConnectionsEntity;
import org.apache.nifi.web.api.entity.ProcessorStatusEntity;
import org.apache.nifi.web.api.entity.RemoteProcessGroupEntity;
import org.apache.nifi.web.api.entity.RemoteProcessGroupPortEntity;
import org.apache.nifi.web.api.entity.RemoteProcessGroupStatusEntity;
-import org.apache.nifi.web.api.entity.RemoteProcessGroupsEntity;
import org.apache.nifi.web.api.entity.StatusHistoryEntity;
import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.nifi.web.api.request.DoubleParameter;
import org.apache.nifi.web.api.request.IntegerParameter;
import org.apache.nifi.web.api.request.LongParameter;
-import org.springframework.security.access.prepost.PreAuthorize;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
@@ -58,28 +52,24 @@ import javax.ws.rs.DefaultValue;
import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HttpMethod;
-import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.net.URI;
-import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
-import java.util.UUID;
/**
* RESTful endpoint for managing a Remote group.
*/
-@Api(hidden = true)
+@Path("remote-process-groups")
public class RemoteProcessGroupResource extends ApplicationResource {
private static final String VERBOSE_DEFAULT_VALUE = "false";
@@ -87,7 +77,6 @@ public class RemoteProcessGroupResource extends ApplicationResource {
private NiFiServiceFacade serviceFacade;
private WebClusterManager clusterManager;
private NiFiProperties properties;
- private String groupId;
/**
* Populates the remaining content for each remote process group. The uri must be generated and the remote process groups name must be retrieved.
@@ -108,84 +97,14 @@ public class RemoteProcessGroupResource extends ApplicationResource {
* @param remoteProcessGroup group
* @return dto
*/
- private RemoteProcessGroupDTO populateRemainingRemoteProcessGroupContent(RemoteProcessGroupDTO remoteProcessGroup) {
+ public RemoteProcessGroupDTO populateRemainingRemoteProcessGroupContent(RemoteProcessGroupDTO remoteProcessGroup) {
// populate the remaining content
- remoteProcessGroup.setUri(generateResourceUri("controller", "process-groups", remoteProcessGroup.getParentGroupId(), "remote-process-groups", remoteProcessGroup.getId()));
+ remoteProcessGroup.setUri(generateResourceUri("remote-process-groups", remoteProcessGroup.getId()));
return remoteProcessGroup;
}
/**
- * Retrieves all the of remote process groups in this NiFi.
- *
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param verbose Optional verbose flag that defaults to false. If the verbose flag is set to true remote group contents (ports) will be included.
- * @return A remoteProcessGroupEntity.
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
- @ApiOperation(
- value = "Gets all remote process groups",
- response = ConnectionsEntity.class,
- authorizations = {
- @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response getRemoteProcessGroups(
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @ApiParam(
- value = "Whether to include any encapulated ports or just details about the remote process group.",
- required = false
- )
- @QueryParam("verbose") @DefaultValue(VERBOSE_DEFAULT_VALUE) Boolean verbose) {
-
- // replicate if cluster manager
- if (properties.isClusterManager()) {
- return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
- }
-
- // get all the labels
- final Set<RemoteProcessGroupDTO> remoteProcessGroups = serviceFacade.getRemoteProcessGroups(groupId);
-
- // prune response as necessary
- if (!verbose) {
- for (RemoteProcessGroupDTO remoteProcessGroup : remoteProcessGroups) {
- remoteProcessGroup.setContents(null);
- }
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final RemoteProcessGroupsEntity entity = new RemoteProcessGroupsEntity();
- entity.setRevision(revision);
- entity.setRemoteProcessGroups(populateRemainingRemoteProcessGroupsContent(remoteProcessGroups));
-
- // generate the response
- return clusterContext(generateOkResponse(entity)).build();
- }
-
- /**
* Retrieves the specified remote process group.
*
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
@@ -195,9 +114,9 @@ public class RemoteProcessGroupResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets a remote process group",
response = RemoteProcessGroupEntity.class,
@@ -239,7 +158,7 @@ public class RemoteProcessGroupResource extends ApplicationResource {
}
// get the label
- final RemoteProcessGroupDTO remoteProcessGroup = serviceFacade.getRemoteProcessGroup(groupId, id);
+ final RemoteProcessGroupDTO remoteProcessGroup = serviceFacade.getRemoteProcessGroup(id);
// prune the response as necessary
if (!verbose) {
@@ -267,9 +186,9 @@ public class RemoteProcessGroupResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/status")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets status for a remote process group",
response = ProcessorStatusEntity.class,
@@ -343,7 +262,7 @@ public class RemoteProcessGroupResource extends ApplicationResource {
}
// get the specified remote process group status
- final RemoteProcessGroupStatusDTO remoteProcessGroupStatus = serviceFacade.getRemoteProcessGroupStatus(groupId, id);
+ final RemoteProcessGroupStatusDTO remoteProcessGroupStatus = serviceFacade.getRemoteProcessGroupStatus(id);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -367,9 +286,9 @@ public class RemoteProcessGroupResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/status/history")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets the status history",
response = StatusHistoryEntity.class,
@@ -406,7 +325,7 @@ public class RemoteProcessGroupResource extends ApplicationResource {
}
// get the specified processor status history
- final StatusHistoryDTO remoteProcessGroupStatusHistory = serviceFacade.getRemoteProcessGroupStatusHistory(groupId, id);
+ final StatusHistoryDTO remoteProcessGroupStatusHistory = serviceFacade.getRemoteProcessGroupStatusHistory(id);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -422,190 +341,6 @@ public class RemoteProcessGroupResource extends ApplicationResource {
}
/**
- * Creates a new remote process group.
- *
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param uri The uri to the remote process group that is being referenced.
- * @param x The x coordinate for this funnels position.
- * @param y The y coordinate for this funnels position.
- * @return A remoteProcessGroupEntity.
- */
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response createRemoteProcessGroup(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam("clientId") @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @FormParam("uri") String uri,
- @FormParam("x") DoubleParameter x, @FormParam("y") DoubleParameter y) {
-
- // ensure the position has been specified
- if (x == null || y == null) {
- throw new IllegalArgumentException("The position (x, y) must be specified");
- }
-
- // create the remote process group DTO
- final RemoteProcessGroupDTO remoteProcessGroupDTO = new RemoteProcessGroupDTO();
- remoteProcessGroupDTO.setTargetUri(uri);
- remoteProcessGroupDTO.setPosition(new PositionDTO(x.getDouble(), y.getDouble()));
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the remote process group entity
- final RemoteProcessGroupEntity entity = new RemoteProcessGroupEntity();
- entity.setRevision(revision);
- entity.setRemoteProcessGroup(remoteProcessGroupDTO);
-
- // create the new remote process group
- return createRemoteProcessGroup(httpServletRequest, entity);
- }
-
- /**
- * Creates a new remote process group.
- *
- * @param httpServletRequest request
- * @param remoteProcessGroupEntity A remoteProcessGroupEntity.
- * @return A remoteProcessGroupEntity.
- */
- @POST
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- @ApiOperation(
- value = "Creates a new process group",
- response = RemoteProcessGroupEntity.class,
- authorizations = {
- @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response createRemoteProcessGroup(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The remote process group configuration details.",
- required = true
- ) RemoteProcessGroupEntity remoteProcessGroupEntity) {
-
- if (remoteProcessGroupEntity == null || remoteProcessGroupEntity.getRemoteProcessGroup() == null) {
- throw new IllegalArgumentException("Remote process group details must be specified.");
- }
-
- if (remoteProcessGroupEntity.getRevision() == null) {
- throw new IllegalArgumentException("Revision must be specified.");
- }
-
- final RemoteProcessGroupDTO requestProcessGroupDTO = remoteProcessGroupEntity.getRemoteProcessGroup();
-
- if (requestProcessGroupDTO.getId() != null) {
- throw new IllegalArgumentException("Remote process group ID cannot be specified.");
- }
-
- if (requestProcessGroupDTO.getTargetUri() == null) {
- throw new IllegalArgumentException("The URI of the process group must be specified.");
- }
-
- // if cluster manager, convert POST to PUT (to maintain same ID across nodes) and replicate
- if (properties.isClusterManager()) {
-
- // create ID for resource
- final String id = UUID.randomUUID().toString();
-
- // set ID for resource
- remoteProcessGroupEntity.getRemoteProcessGroup().setId(id);
-
- // convert POST request to PUT request to force entity ID to be the same across nodes
- URI putUri = null;
- try {
- putUri = new URI(getAbsolutePath().toString() + "/" + id);
- } catch (final URISyntaxException e) {
- throw new WebApplicationException(e);
- }
-
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // replicate put request
- return clusterManager.applyRequest(HttpMethod.PUT, putUri, updateClientId(remoteProcessGroupEntity), getHeaders(headersToOverride)).getResponse();
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // parse the uri
- final URI uri;
- try {
- uri = URI.create(requestProcessGroupDTO.getTargetUri());
- } catch (final IllegalArgumentException e) {
- throw new IllegalArgumentException("The specified remote process group URL is malformed: " + requestProcessGroupDTO.getTargetUri());
- }
-
- // validate each part of the uri
- if (uri.getScheme() == null || uri.getHost() == null) {
- throw new IllegalArgumentException("The specified remote process group URL is malformed: " + requestProcessGroupDTO.getTargetUri());
- }
-
- if (!(uri.getScheme().equalsIgnoreCase("http") || uri.getScheme().equalsIgnoreCase("https"))) {
- throw new IllegalArgumentException("The specified remote process group URL is invalid because it is not http or https: " + requestProcessGroupDTO.getTargetUri());
- }
-
- // normalize the uri to the other controller
- String controllerUri = uri.toString();
- if (controllerUri.endsWith("/")) {
- controllerUri = StringUtils.substringBeforeLast(controllerUri, "/");
- }
-
- // since the uri is valid, use the normalized version
- requestProcessGroupDTO.setTargetUri(controllerUri);
-
- // create the remote process group
- final RevisionDTO revision = remoteProcessGroupEntity.getRevision();
- final ConfigurationSnapshot<RemoteProcessGroupDTO> controllerResponse
- = serviceFacade.createRemoteProcessGroup(new Revision(revision.getVersion(), revision.getClientId()), groupId, requestProcessGroupDTO);
-
- // prepare the response
- final RemoteProcessGroupDTO remoteProcessGroup = controllerResponse.getConfiguration();
- populateRemainingRemoteProcessGroupContent(remoteProcessGroup);
-
- // get the updated revision
- final RevisionDTO updatedRevision = new RevisionDTO();
- updatedRevision.setClientId(revision.getClientId());
- updatedRevision.setVersion(controllerResponse.getVersion());
-
- // build the response entity
- final RemoteProcessGroupEntity entity = new RemoteProcessGroupEntity();
- entity.setRevision(updatedRevision);
- entity.setRemoteProcessGroup(remoteProcessGroup);
-
- return clusterContext(generateCreatedResponse(URI.create(remoteProcessGroup.getUri()), entity)).build();
- }
-
- /**
* Removes the specified remote process group.
*
* @param httpServletRequest request
@@ -616,9 +351,9 @@ public class RemoteProcessGroupResource extends ApplicationResource {
*/
@DELETE
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Deletes a remote process group",
response = RemoteProcessGroupEntity.class,
@@ -661,7 +396,7 @@ public class RemoteProcessGroupResource extends ApplicationResource {
// handle expects request (usually from the cluster manager)
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
- serviceFacade.verifyDeleteRemoteProcessGroup(groupId, id);
+ serviceFacade.verifyDeleteRemoteProcessGroup(id);
return generateContinueResponse().build();
}
@@ -671,7 +406,7 @@ public class RemoteProcessGroupResource extends ApplicationResource {
clientVersion = version.getLong();
}
- final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteRemoteProcessGroup(new Revision(clientVersion, clientId.getClientId()), groupId, id);
+ final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteRemoteProcessGroup(new Revision(clientVersion, clientId.getClientId()), id);
// get the updated revision
final RevisionDTO revision = new RevisionDTO();
@@ -702,9 +437,9 @@ public class RemoteProcessGroupResource extends ApplicationResource {
*/
@PUT
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/input-ports/{port-id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
public Response updateRemoteProcessGroupInputPort(
@Context HttpServletRequest httpServletRequest,
@FormParam(VERSION) LongParameter version,
@@ -752,10 +487,10 @@ public class RemoteProcessGroupResource extends ApplicationResource {
* @return A remoteProcessGroupPortEntity
*/
@PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/input-ports/{port-id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates a remote port",
response = RemoteProcessGroupPortEntity.class,
@@ -807,7 +542,7 @@ public class RemoteProcessGroupResource extends ApplicationResource {
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
// verify the update at this time
- serviceFacade.verifyUpdateRemoteProcessGroupInputPort(groupId, id, requestRemoteProcessGroupPort);
+ serviceFacade.verifyUpdateRemoteProcessGroupInputPort(id, requestRemoteProcessGroupPort);
return generateContinueResponse().build();
}
@@ -815,7 +550,7 @@ public class RemoteProcessGroupResource extends ApplicationResource {
final RevisionDTO revision = remoteProcessGroupPortEntity.getRevision();
final ConfigurationSnapshot<RemoteProcessGroupPortDTO> controllerResponse
= serviceFacade.updateRemoteProcessGroupInputPort(new Revision(revision.getVersion(),
- revision.getClientId()), groupId, id, requestRemoteProcessGroupPort);
+ revision.getClientId()), id, requestRemoteProcessGroupPort);
// get the updated revision
final RevisionDTO updatedRevision = new RevisionDTO();
@@ -834,61 +569,6 @@ public class RemoteProcessGroupResource extends ApplicationResource {
* Updates the specified remote process group output port.
*
* @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param id The id of the remote process group to update.
- * @param portId The id of the output port to update.
- * @param isTransmitting Whether or not this port is transmitting.
- * @param isCompressed Whether or not this port should compress.
- * @param concurrentlySchedulableTaskCount The number of concurrent tasks that should be supported
- *
- * @return A remoteProcessGroupPortEntity
- */
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{id}/output-ports/{port-id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response updateRemoteProcessGroupOutputPort(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("id") String id,
- @PathParam("port-id") String portId,
- @FormParam("transmitting") Boolean isTransmitting,
- @FormParam("compressed") Boolean isCompressed,
- @FormParam("concurrentlySchedulableTaskCount") IntegerParameter concurrentlySchedulableTaskCount) {
-
- // create the remote group port dto
- final RemoteProcessGroupPortDTO remotePort = new RemoteProcessGroupPortDTO();
- remotePort.setId(portId);
- remotePort.setUseCompression(isCompressed);
- remotePort.setTransmitting(isTransmitting);
-
- if (concurrentlySchedulableTaskCount != null) {
- remotePort.setConcurrentlySchedulableTaskCount(concurrentlySchedulableTaskCount.getInteger());
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the remote group port entity
- final RemoteProcessGroupPortEntity entity = new RemoteProcessGroupPortEntity();
- entity.setRevision(revision);
- entity.setRemoteProcessGroupPort(remotePort);
-
- return updateRemoteProcessGroupOutputPort(httpServletRequest, id, portId, entity);
- }
-
- /**
- * Updates the specified remote process group output port.
- *
- * @param httpServletRequest request
* @param id The id of the remote process group to update.
* @param portId The id of the output port to update.
* @param remoteProcessGroupPortEntity The remoteProcessGroupPortEntity
@@ -896,10 +576,10 @@ public class RemoteProcessGroupResource extends ApplicationResource {
* @return A remoteProcessGroupPortEntity
*/
@PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/output-ports/{port-id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates a remote port",
response = RemoteProcessGroupPortEntity.class,
@@ -951,7 +631,7 @@ public class RemoteProcessGroupResource extends ApplicationResource {
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
// verify the update at this time
- serviceFacade.verifyUpdateRemoteProcessGroupOutputPort(groupId, id, requestRemoteProcessGroupPort);
+ serviceFacade.verifyUpdateRemoteProcessGroupOutputPort(id, requestRemoteProcessGroupPort);
return generateContinueResponse().build();
}
@@ -959,7 +639,7 @@ public class RemoteProcessGroupResource extends ApplicationResource {
final RevisionDTO revision = remoteProcessGroupPortEntity.getRevision();
final ConfigurationSnapshot<RemoteProcessGroupPortDTO> controllerResponse
= serviceFacade.updateRemoteProcessGroupOutputPort(new Revision(revision.getVersion(),
- revision.getClientId()), groupId, id, requestRemoteProcessGroupPort);
+ revision.getClientId()), id, requestRemoteProcessGroupPort);
// get the updated revision
final RevisionDTO updatedRevision = new RevisionDTO();
@@ -978,75 +658,15 @@ public class RemoteProcessGroupResource extends ApplicationResource {
* Updates the specified remote process group.
*
* @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param id The id of the remote process group to update.
- * @param isTransmitting Whether this remote process group is transmitting.
- * @param x The x coordinate for this funnels position.
- * @param y The y coordinate for this funnels position.
- * @param communicationsTimeout The timeout to use when communication with this remote process group.
- * @param yieldDuration The yield duration
- *
- * @return A remoteProcessGroupEntity.
- */
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response updateRemoteProcessGroup(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("id") String id,
- @FormParam("transmitting") Boolean isTransmitting,
- @FormParam("x") DoubleParameter x,
- @FormParam("y") DoubleParameter y,
- @FormParam("communicationsTimeout") String communicationsTimeout,
- @FormParam("yieldDuration") String yieldDuration) {
-
- // create the remote process group DTO
- final RemoteProcessGroupDTO remoteProcessGroup = new RemoteProcessGroupDTO();
- remoteProcessGroup.setId(id);
- remoteProcessGroup.setTransmitting(isTransmitting);
- remoteProcessGroup.setCommunicationsTimeout(communicationsTimeout);
- remoteProcessGroup.setYieldDuration(yieldDuration);
-
- // require both coordinates to be specified
- if (x != null && y != null) {
- remoteProcessGroup.setPosition(new PositionDTO(x.getDouble(), y.getDouble()));
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the remote process group entity
- final RemoteProcessGroupEntity entity = new RemoteProcessGroupEntity();
- entity.setRevision(revision);
- entity.setRemoteProcessGroup(remoteProcessGroup);
-
- // create the new remote process group
- return updateRemoteProcessGroup(httpServletRequest, id, entity);
- }
-
- /**
- * Updates the specified remote process group.
- *
- * @param httpServletRequest request
* @param id The id of the remote process group to update.
* @param remoteProcessGroupEntity A remoteProcessGroupEntity.
* @return A remoteProcessGroupEntity.
*/
@PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates a remote process group",
response = RemoteProcessGroupEntity.class,
@@ -1097,7 +717,7 @@ public class RemoteProcessGroupResource extends ApplicationResource {
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
// verify the update at this time
- serviceFacade.verifyUpdateRemoteProcessGroup(groupId, requestRemoteProcessGroup);
+ serviceFacade.verifyUpdateRemoteProcessGroup(requestRemoteProcessGroup);
return generateContinueResponse().build();
}
@@ -1136,7 +756,7 @@ public class RemoteProcessGroupResource extends ApplicationResource {
// update the specified remote process group
final RevisionDTO revision = remoteProcessGroupEntity.getRevision();
final ConfigurationSnapshot<RemoteProcessGroupDTO> controllerResponse
- = serviceFacade.updateRemoteProcessGroup(new Revision(revision.getVersion(), revision.getClientId()), groupId, requestRemoteProcessGroup);
+ = serviceFacade.updateRemoteProcessGroup(new Revision(revision.getVersion(), revision.getClientId()), requestRemoteProcessGroup);
final RemoteProcessGroupDTO responseRemoteProcessGroup = controllerResponse.getConfiguration();
populateRemainingRemoteProcessGroupContent(responseRemoteProcessGroup);
@@ -1163,10 +783,6 @@ public class RemoteProcessGroupResource extends ApplicationResource {
this.serviceFacade = serviceFacade;
}
- public void setGroupId(String groupId) {
- this.groupId = groupId;
- }
-
public void setClusterManager(WebClusterManager clusterManager) {
this.clusterManager = clusterManager;
}
[04/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java
index 341663e..255b3d5 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java
@@ -77,27 +77,6 @@ public final class NiFiUserUtils {
return user;
}
- /**
- * Returns the NewAccountRequest or null if this is not a new account request.
- *
- * @return new account request
- */
- public static NewAccountRequest getNewAccountRequest() {
- NewAccountRequest newAccountRequest = null;
-
- // obtain the principal in the current authentication
- final SecurityContext context = SecurityContextHolder.getContext();
- final Authentication authentication = context.getAuthentication();
- if (authentication != null) {
- Object principal = authentication.getPrincipal();
- if (principal instanceof NewAccountRequest) {
- newAccountRequest = (NewAccountRequest) principal;
- }
- }
-
- return newAccountRequest;
- }
-
public static String getNiFiUserName() {
// get the nifi user to extract the username
NiFiUser user = NiFiUserUtils.getNiFiUser();
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java
index 019a53c..ab6ceec 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java
@@ -16,18 +16,15 @@
*/
package org.apache.nifi.web.security.x509;
-import java.security.cert.X509Certificate;
-import java.util.List;
-import javax.servlet.http.HttpServletRequest;
-import org.apache.nifi.authentication.AuthenticationResponse;
-import org.apache.nifi.web.security.InvalidAuthenticationException;
import org.apache.nifi.web.security.NiFiAuthenticationFilter;
import org.apache.nifi.web.security.ProxiedEntitiesUtils;
-import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
-import org.apache.nifi.web.security.user.NewAccountRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
+
+import javax.servlet.http.HttpServletRequest;
+import java.security.cert.X509Certificate;
/**
* Custom X509 filter that will inspect the HTTP headers for a proxied user before extracting the user details from the client certificate.
@@ -37,10 +34,10 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter {
private static final Logger logger = LoggerFactory.getLogger(X509AuthenticationFilter.class);
private X509CertificateExtractor certificateExtractor;
- private X509IdentityProvider certificateIdentityProvider;
+ private X509PrincipalExtractor principalExtractor;
@Override
- public NiFiAuthorizationRequestToken attemptAuthentication(final HttpServletRequest request) {
+ public Authentication attemptAuthentication(final HttpServletRequest request) {
// only suppport x509 login when running securely
if (!request.isSecure()) {
return null;
@@ -52,20 +49,7 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter {
return null;
}
- // attempt to authenticate if certificates were found
- final AuthenticationResponse authenticationResponse;
- try {
- authenticationResponse = certificateIdentityProvider.authenticate(certificates);
- } catch (final IllegalArgumentException iae) {
- throw new InvalidAuthenticationException(iae.getMessage(), iae);
- }
-
- final List<String> proxyChain = ProxiedEntitiesUtils.buildProxiedEntitiesChain(request, authenticationResponse.getIdentity());
- if (isNewAccountRequest(request)) {
- return new NewAccountAuthorizationRequestToken(new NewAccountRequest(proxyChain, getJustification(request)));
- } else {
- return new NiFiAuthorizationRequestToken(proxyChain);
- }
+ return new X509AuthenticationRequestToken(request.getHeader(ProxiedEntitiesUtils.PROXY_ENTITIES_CHAIN), principalExtractor, certificates);
}
/* setters */
@@ -73,8 +57,8 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter {
this.certificateExtractor = certificateExtractor;
}
- public void setCertificateIdentityProvider(X509IdentityProvider certificateIdentityProvider) {
- this.certificateIdentityProvider = certificateIdentityProvider;
+ public void setPrincipalExtractor(X509PrincipalExtractor principalExtractor) {
+ this.principalExtractor = principalExtractor;
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java
new file mode 100644
index 0000000..2593f92
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.x509;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.authentication.AuthenticationResponse;
+import org.apache.nifi.user.NiFiUser;
+import org.apache.nifi.web.security.InvalidAuthenticationException;
+import org.apache.nifi.web.security.ProxiedEntitiesUtils;
+import org.apache.nifi.web.security.token.NiFiAuthenticationToken;
+import org.apache.nifi.web.security.user.NiFiUserDetails;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.ListIterator;
+
+/**
+ *
+ */
+public class X509AuthenticationProvider implements AuthenticationProvider {
+
+ private X509IdentityProvider certificateIdentityProvider;
+
+ public X509AuthenticationProvider(X509IdentityProvider certificateIdentityProvider) {
+ this.certificateIdentityProvider = certificateIdentityProvider;
+ }
+
+ @Override
+ public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+ final X509AuthenticationRequestToken request = (X509AuthenticationRequestToken) authentication;
+
+ // attempt to authenticate if certificates were found
+ final AuthenticationResponse authenticationResponse;
+ try {
+ authenticationResponse = certificateIdentityProvider.authenticate(request.getCertificates());
+ } catch (final IllegalArgumentException iae) {
+ throw new InvalidAuthenticationException(iae.getMessage(), iae);
+ }
+
+ if (StringUtils.isBlank(request.getProxiedEntitiesChain())) {
+ return new NiFiAuthenticationToken(new NiFiUserDetails(new NiFiUser(authenticationResponse.getIdentity(), authenticationResponse.getUsername(), null)));
+ } else {
+ // build the entire proxy chain if applicable - <end-user><proxy1><proxy2>
+ final List<String> proxyChain = new ArrayList<>(ProxiedEntitiesUtils.tokenizeProxiedEntitiesChain(request.getProxiedEntitiesChain()));
+ proxyChain.add(authenticationResponse.getIdentity());
+
+ // add the chain as appropriate to each proxy
+ NiFiUser proxy = null;
+ for (final ListIterator<String> chainIter = proxyChain.listIterator(proxyChain.size()); chainIter.hasPrevious();) {
+ proxy = new NiFiUser(chainIter.previous(), proxy);
+ }
+
+ return new NiFiAuthenticationToken(new NiFiUserDetails(proxy));
+ }
+ }
+
+ @Override
+ public boolean supports(Class<?> authentication) {
+ return X509AuthenticationRequestToken.class.isAssignableFrom(authentication);
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationRequestToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationRequestToken.java
new file mode 100644
index 0000000..cec72fe
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationRequestToken.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.x509;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
+
+import java.security.cert.X509Certificate;
+
+/**
+ * This is an authentication request with a given JWT token.
+ */
+public class X509AuthenticationRequestToken extends AbstractAuthenticationToken {
+
+ private final String proxiedEntitiesChain;
+ private final X509PrincipalExtractor principalExtractor;
+ private final X509Certificate[] certificates;
+
+ /**
+ * Creates a representation of the jwt authentication request for a user.
+ *
+ * @param proxiedEntitiesChain The http servlet request
+ * @param certificates The certificate chain
+ */
+ public X509AuthenticationRequestToken(final String proxiedEntitiesChain, final X509PrincipalExtractor principalExtractor, final X509Certificate[] certificates) {
+ super(null);
+ setAuthenticated(false);
+ this.proxiedEntitiesChain = proxiedEntitiesChain;
+ this.principalExtractor = principalExtractor;
+ this.certificates = certificates;
+ }
+
+ @Override
+ public Object getCredentials() {
+ return null;
+ }
+
+ @Override
+ public Object getPrincipal() {
+ if (StringUtils.isBlank(proxiedEntitiesChain)) {
+ return principalExtractor.extractPrincipal(certificates[0]);
+ } else {
+ return String.format("%s<%s>", proxiedEntitiesChain, principalExtractor.extractPrincipal(certificates[0]));
+ }
+ }
+
+ public String getProxiedEntitiesChain() {
+ return proxiedEntitiesChain;
+ }
+
+ public X509Certificate[] getCertificates() {
+ return certificates;
+ }
+
+ @Override
+ public String toString() {
+ return getName();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
index b0762b5..108926c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/ocsp/OcspCertificateValidator.java
@@ -121,9 +121,8 @@ public class OcspCertificateValidator {
trustedCAs.put(ocspCertificate.getSubjectX500Principal().getName(), ocspCertificate);
}
- // determine how long to cache the ocsp responses for
- final String rawCacheDurationDuration = properties.getUserCredentialCacheDuration();
- final long cacheDurationMillis = FormatUtils.getTimeDuration(rawCacheDurationDuration, TimeUnit.MILLISECONDS);
+ // TODO - determine how long to cache the ocsp responses for
+ final long cacheDurationMillis = FormatUtils.getTimeDuration("12 hours", TimeUnit.MILLISECONDS);
// build the ocsp cache
ocspCache = CacheBuilder.newBuilder().expireAfterWrite(cacheDurationMillis, TimeUnit.MILLISECONDS).build(new CacheLoader<OcspRequest, OcspStatus>() {
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml
index 4e24bad..12d8594 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml
@@ -39,22 +39,31 @@
<property name="certificateValidator" ref="certificateValidator"/>
</bean>
- <!-- user details service -->
- <bean id="userDetailsService" class="org.apache.nifi.web.security.authorization.NiFiAuthorizationService">
- <property name="userService" ref="userService"/>
- <property name="properties" ref="nifiProperties"/>
+ <!-- otp authentication provider -->
+ <bean id="x509AuthenticationProvider" class="org.apache.nifi.web.security.x509.X509AuthenticationProvider">
+ <constructor-arg ref="certificateIdentityProvider"/>
</bean>
<!-- jwt service -->
<bean id="jwtService" class="org.apache.nifi.web.security.jwt.JwtService">
- <constructor-arg ref="userService"/>
+ <constructor-arg ref="keyService"/>
+ </bean>
+
+ <!-- jwt authentication provider -->
+ <bean id="jwtAuthenticationProvider" class="org.apache.nifi.web.security.jwt.JwtAuthenticationProvider">
+ <constructor-arg ref="jwtService"/>
</bean>
<!-- otp service -->
<bean id="otpService" class="org.apache.nifi.web.security.otp.OtpService"/>
+ <!-- otp authentication provider -->
+ <bean id="otpAuthenticationProvider" class="org.apache.nifi.web.security.otp.OtpAuthenticationProvider">
+ <constructor-arg ref="otpService"/>
+ </bean>
+
<!-- Kerberos service -->
- <bean id="kerberosService" class="org.apache.nifi.web.security.kerberos.KerberosServiceFactoryBean">
+ <bean id="kerberosService" class="org.apache.nifi.web.security.spring.KerberosServiceFactoryBean">
<property name="properties" ref="nifiProperties"/>
</bean>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java
deleted file mode 100644
index 23b49b7..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java
+++ /dev/null
@@ -1,249 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.authorization;
-
-import java.util.Arrays;
-import org.apache.nifi.admin.service.AccountDisabledException;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AccountPendingException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.security.UntrustedProxyException;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
-import org.apache.nifi.web.security.user.NiFiUserDetails;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-import org.springframework.security.authentication.AccountStatusException;
-import org.springframework.security.authentication.AuthenticationServiceException;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-
-/**
- * Test case for NiFiAuthorizationService.
- */
-public class NiFiAuthorizationServiceTest {
-
- private static final String USER = "user";
- private static final String PROXY = "proxy";
- private static final String PROXY_PROXY = "proxy-proxy";
- private static final String USER_NOT_FOUND = "user-not-found";
- private static final String USER_DISABLED = "user-disabled";
- private static final String USER_PENDING = "user-pending";
- private static final String USER_ADMIN_EXCEPTION = "user-admin-exception";
- private static final String PROXY_NOT_FOUND = "proxy-not-found";
-
- private NiFiAuthorizationService authorizationService;
- private UserService userService;
-
- @Before
- public void setup() throws Exception {
- // mock the web security properties
- final NiFiProperties properties = Mockito.mock(NiFiProperties.class);
- Mockito.when(properties.getSupportNewAccountRequests()).thenReturn(Boolean.TRUE);
-
- userService = Mockito.mock(UserService.class);
- Mockito.doReturn(null).when(userService).createPendingUserAccount(Mockito.anyString(), Mockito.anyString());
- Mockito.doAnswer(new Answer() {
- @Override
- public Object answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String identity = (String) args[0];
-
- if (null != identity) {
- switch (identity) {
- case USER_NOT_FOUND:
- case PROXY_NOT_FOUND:
- throw new AccountNotFoundException("");
- case USER_DISABLED:
- throw new AccountDisabledException("");
- case USER_PENDING:
- throw new AccountPendingException("");
- case USER_ADMIN_EXCEPTION:
- throw new AdministrationException();
- case USER:
- final NiFiUser monitor = new NiFiUser();
- monitor.setIdentity(identity);
- monitor.getAuthorities().add(Authority.ROLE_MONITOR);
- return monitor;
- case PROXY:
- case PROXY_PROXY:
- final NiFiUser proxy = new NiFiUser();
- proxy.setIdentity(identity);
- proxy.getAuthorities().add(Authority.ROLE_PROXY);
- return proxy;
- }
- }
-
- return null;
- }
- }).when(userService).checkAuthorization(Mockito.anyString());
-
- // create the authorization service
- authorizationService = new NiFiAuthorizationService();
- authorizationService.setProperties(properties);
- authorizationService.setUserService(userService);
- }
-
- private NiFiAuthorizationRequestToken createRequestAuthentication(final String... identities) {
- return new NiFiAuthorizationRequestToken(Arrays.asList(identities));
- }
-
- /**
- * Ensures the authorization service correctly handles users invalid identity chain.
- *
- * @throws Exception ex
- */
- @Test(expected = UntrustedProxyException.class)
- public void testInvalidDnChain() throws Exception {
- authorizationService.loadUserDetails(createRequestAuthentication());
- }
-
- /**
- * Ensures the authorization service correctly handles account not found.
- *
- * @throws Exception ex
- */
- @Test(expected = UsernameNotFoundException.class)
- public void testAccountNotFound() throws Exception {
- authorizationService.loadUserDetails(createRequestAuthentication(USER_NOT_FOUND));
- }
-
- /**
- * Ensures the authorization service correctly handles account disabled.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountStatusException.class)
- public void testAccountDisabled() throws Exception {
- authorizationService.loadUserDetails(createRequestAuthentication(USER_DISABLED));
- }
-
- /**
- * Ensures the authorization service correctly handles account pending.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountStatusException.class)
- public void testAccountPending() throws Exception {
- authorizationService.loadUserDetails(createRequestAuthentication(USER_PENDING));
- }
-
- /**
- * Ensures the authorization service correctly handles account administration exception.
- *
- * @throws Exception ex
- */
- @Test(expected = AuthenticationServiceException.class)
- public void testAccountAdminException() throws Exception {
- authorizationService.loadUserDetails(createRequestAuthentication(USER_ADMIN_EXCEPTION));
- }
-
- /**
- * Tests the case when there is no proxy.
- *
- * @throws Exception ex
- */
- @Test
- public void testNoProxy() throws Exception {
- final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserDetails(createRequestAuthentication(USER));
- final NiFiUser user = details.getNiFiUser();
-
- Assert.assertEquals(USER, user.getIdentity());
- Assert.assertNull(user.getChain());
- }
-
- /**
- * Tests the case when the proxy does not have ROLE_PROXY.
- *
- * @throws Exception ex
- */
- @Test(expected = UntrustedProxyException.class)
- public void testInvalidProxy() throws Exception {
- authorizationService.loadUserDetails(createRequestAuthentication(USER, USER));
- }
-
- /**
- * Ensures the authorization service correctly handles proxy not found by attempting to create an account request for the proxy.
- *
- * @throws Exception ex
- */
- @Test(expected = UntrustedProxyException.class)
- public void testProxyNotFound() throws Exception {
- try {
- authorizationService.loadUserDetails(createRequestAuthentication(USER, PROXY_NOT_FOUND));
- } finally {
- Mockito.verify(userService).createPendingUserAccount(Mockito.eq(PROXY_NOT_FOUND), Mockito.anyString());
- }
- }
-
- /**
- * Tests the case when there is a proxy.
- *
- * @throws Exception ex
- */
- @Test
- public void testProxy() throws Exception {
- final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserDetails(createRequestAuthentication(USER, PROXY));
- final NiFiUser user = details.getNiFiUser();
-
- // verify the user
- Assert.assertEquals(USER, user.getIdentity());
- Assert.assertNotNull(user.getChain());
-
- // get the proxy
- final NiFiUser proxy = user.getChain();
-
- // verify the proxy
- Assert.assertEquals(PROXY, proxy.getIdentity());
- Assert.assertNull(proxy.getChain());
- }
-
- /**
- * Tests the case when there is are multiple proxies.
- *
- * @throws Exception ex
- */
- @Test
- public void testProxyProxy() throws Exception {
- final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserDetails(createRequestAuthentication(USER, PROXY, PROXY_PROXY));
- final NiFiUser user = details.getNiFiUser();
-
- // verify the user
- Assert.assertEquals(USER, user.getIdentity());
- Assert.assertNotNull(user.getChain());
-
- // get the proxy
- NiFiUser proxy = user.getChain();
-
- // verify the proxy
- Assert.assertEquals(PROXY, proxy.getIdentity());
- Assert.assertNotNull(proxy.getChain());
-
- // get the proxies proxy
- proxy = proxy.getChain();
-
- // verify the proxies proxy
- Assert.assertEquals(PROXY_PROXY, proxy.getIdentity());
- Assert.assertNull(proxy.getChain());
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/jwt/JwtServiceTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/jwt/JwtServiceTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/jwt/JwtServiceTest.java
index 658f3e6..59c66ef 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/jwt/JwtServiceTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/jwt/JwtServiceTest.java
@@ -20,7 +20,7 @@ import io.jsonwebtoken.JwtException;
import org.apache.commons.codec.CharEncoding;
import org.apache.commons.codec.binary.Base64;
import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.admin.service.UserService;
+import org.apache.nifi.admin.service.KeyService;
import org.apache.nifi.key.Key;
import org.apache.nifi.web.security.token.LoginAuthenticationToken;
import org.codehaus.jettison.json.JSONObject;
@@ -131,7 +131,7 @@ public class JwtServiceTest {
private static final String HMAC_SECRET = "test_hmac_shared_secret";
- private UserService mockUserService;
+ private KeyService mockKeyService;
// Class under test
private JwtService jwtService;
@@ -177,10 +177,10 @@ public class JwtServiceTest {
key.setIdentity(DEFAULT_IDENTITY);
key.setKey(HMAC_SECRET);
- mockUserService = Mockito.mock(UserService.class);
- when(mockUserService.getKey(anyInt())).thenReturn(key);
- when(mockUserService.getOrCreateKey(anyString())).thenReturn(key);
- jwtService = new JwtService(mockUserService);
+ mockKeyService = Mockito.mock(KeyService.class);
+ when(mockKeyService.getKey(anyInt())).thenReturn(key);
+ when(mockKeyService.getOrCreateKey(anyString())).thenReturn(key);
+ jwtService = new JwtService(mockKeyService);
}
@After
@@ -431,7 +431,7 @@ public class JwtServiceTest {
logger.debug("Generating token for " + loginAuthenticationToken);
// Set up the bad key service
- UserService missingKeyService = Mockito.mock(UserService.class);
+ KeyService missingKeyService = Mockito.mock(KeyService.class);
when(missingKeyService.getOrCreateKey(anyString())).thenThrow(new AdministrationException("Could not find a "
+ "key for that user"));
jwtService = new JwtService(missingKeyService);
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilterTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilterTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilterTest.java
index ad6f722..791ca54 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilterTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilterTest.java
@@ -16,24 +16,17 @@
*/
package org.apache.nifi.web.security.otp;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
import org.junit.Before;
import org.junit.Test;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
import javax.servlet.http.HttpServletRequest;
-import java.util.List;
import java.util.UUID;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
-import static org.mockito.Matchers.anyString;
-import static org.mockito.Mockito.doAnswer;
+import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
public class OtpAuthenticationFilterTest {
@@ -44,41 +37,11 @@ public class OtpAuthenticationFilterTest {
private final static String DOWNLOAD_AUTHENTICATED_USER = "download-token-authenticated-user";
private final static String DOWNLOAD_TOKEN = "download-token";
- private OtpService otpService;
private OtpAuthenticationFilter otpAuthenticationFilter;
@Before
public void setUp() throws Exception {
- otpService = mock(OtpService.class);
- doAnswer(new Answer<String>() {
- @Override
- public String answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String downloadToken = (String) args[0];
-
- if (DOWNLOAD_TOKEN.equals(downloadToken)) {
- return DOWNLOAD_AUTHENTICATED_USER;
- }
-
- throw new OtpAuthenticationException("Invalid token");
- }
- }).when(otpService).getAuthenticationFromDownloadToken(anyString());
- doAnswer(new Answer<String>() {
- @Override
- public String answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String uiExtensionToken = (String) args[0];
-
- if (UI_EXTENSION_TOKEN.equals(uiExtensionToken)) {
- return UI_EXTENSION_AUTHENTICATED_USER;
- }
-
- throw new OtpAuthenticationException("Invalid token");
- }
- }).when(otpService).getAuthenticationFromUiExtensionToken(anyString());
-
otpAuthenticationFilter = new OtpAuthenticationFilter();
- otpAuthenticationFilter.setOtpService(otpService);
}
@Test
@@ -114,13 +77,9 @@ public class OtpAuthenticationFilterTest {
when(request.getParameter(OtpAuthenticationFilter.ACCESS_TOKEN)).thenReturn(UI_EXTENSION_TOKEN);
when(request.getContextPath()).thenReturn("/nifi-update-attribute-ui");
- final NiFiAuthorizationRequestToken result = otpAuthenticationFilter.attemptAuthentication(request);
- final List<String> chain = result.getChain();
- assertEquals(1, chain.size());
- assertEquals(UI_EXTENSION_AUTHENTICATED_USER, chain.get(0));
-
- verify(otpService, times(1)).getAuthenticationFromUiExtensionToken(UI_EXTENSION_TOKEN);
- verify(otpService, never()).getAuthenticationFromDownloadToken(anyString());
+ final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
+ assertEquals(UI_EXTENSION_TOKEN, result.getToken());
+ assertFalse(result.isDownloadToken());
}
@Test
@@ -131,13 +90,9 @@ public class OtpAuthenticationFilterTest {
when(request.getContextPath()).thenReturn("/nifi-api");
when(request.getPathInfo()).thenReturn("/controller/provenance/events/0/content/input");
- final NiFiAuthorizationRequestToken result = otpAuthenticationFilter.attemptAuthentication(request);
- final List<String> chain = result.getChain();
- assertEquals(1, chain.size());
- assertEquals(DOWNLOAD_AUTHENTICATED_USER, chain.get(0));
-
- verify(otpService, never()).getAuthenticationFromUiExtensionToken(anyString());
- verify(otpService, times(1)).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
+ final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
+ assertEquals(DOWNLOAD_TOKEN, result.getToken());
+ assertTrue(result.isDownloadToken());
}
@Test
@@ -148,13 +103,9 @@ public class OtpAuthenticationFilterTest {
when(request.getContextPath()).thenReturn("/nifi-api");
when(request.getPathInfo()).thenReturn("/controller/provenance/events/0/content/output");
- final NiFiAuthorizationRequestToken result = otpAuthenticationFilter.attemptAuthentication(request);
- final List<String> chain = result.getChain();
- assertEquals(1, chain.size());
- assertEquals(DOWNLOAD_AUTHENTICATED_USER, chain.get(0));
-
- verify(otpService, never()).getAuthenticationFromUiExtensionToken(anyString());
- verify(otpService, times(1)).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
+ final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
+ assertEquals(DOWNLOAD_TOKEN, result.getToken());
+ assertTrue(result.isDownloadToken());
}
@Test
@@ -167,13 +118,9 @@ public class OtpAuthenticationFilterTest {
when(request.getContextPath()).thenReturn("/nifi-api");
when(request.getPathInfo()).thenReturn(String.format("/controller/process-groups/root/connections/%s/flowfiles/%s/content", uuid, uuid));
- final NiFiAuthorizationRequestToken result = otpAuthenticationFilter.attemptAuthentication(request);
- final List<String> chain = result.getChain();
- assertEquals(1, chain.size());
- assertEquals(DOWNLOAD_AUTHENTICATED_USER, chain.get(0));
-
- verify(otpService, never()).getAuthenticationFromUiExtensionToken(anyString());
- verify(otpService, times(1)).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
+ final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
+ assertEquals(DOWNLOAD_TOKEN, result.getToken());
+ assertTrue(result.isDownloadToken());
}
@Test
@@ -186,13 +133,9 @@ public class OtpAuthenticationFilterTest {
when(request.getContextPath()).thenReturn("/nifi-api");
when(request.getPathInfo()).thenReturn(String.format("/controller/templates/%s", uuid));
- final NiFiAuthorizationRequestToken result = otpAuthenticationFilter.attemptAuthentication(request);
- final List<String> chain = result.getChain();
- assertEquals(1, chain.size());
- assertEquals(DOWNLOAD_AUTHENTICATED_USER, chain.get(0));
-
- verify(otpService, never()).getAuthenticationFromUiExtensionToken(anyString());
- verify(otpService, times(1)).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
+ final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
+ assertEquals(DOWNLOAD_TOKEN, result.getToken());
+ assertTrue(result.isDownloadToken());
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationProviderTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationProviderTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationProviderTest.java
new file mode 100644
index 0000000..a95c1a0
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationProviderTest.java
@@ -0,0 +1,102 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.otp;
+
+import org.apache.nifi.web.security.token.NiFiAuthenticationToken;
+import org.apache.nifi.web.security.user.NiFiUserDetails;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+
+public class OtpAuthenticationProviderTest {
+
+ private final static String UI_EXTENSION_AUTHENTICATED_USER = "ui-extension-token-authenticated-user";
+ private final static String UI_EXTENSION_TOKEN = "ui-extension-token";
+
+ private final static String DOWNLOAD_AUTHENTICATED_USER = "download-token-authenticated-user";
+ private final static String DOWNLOAD_TOKEN = "download-token";
+
+ private OtpService otpService;
+ private OtpAuthenticationProvider otpAuthenticationProvider;
+
+ @Before
+ public void setUp() throws Exception {
+ otpService = mock(OtpService.class);
+ doAnswer(new Answer<String>() {
+ @Override
+ public String answer(InvocationOnMock invocation) throws Throwable {
+ Object[] args = invocation.getArguments();
+ String downloadToken = (String) args[0];
+
+ if (DOWNLOAD_TOKEN.equals(downloadToken)) {
+ return DOWNLOAD_AUTHENTICATED_USER;
+ }
+
+ throw new OtpAuthenticationException("Invalid token");
+ }
+ }).when(otpService).getAuthenticationFromDownloadToken(anyString());
+ doAnswer(new Answer<String>() {
+ @Override
+ public String answer(InvocationOnMock invocation) throws Throwable {
+ Object[] args = invocation.getArguments();
+ String uiExtensionToken = (String) args[0];
+
+ if (UI_EXTENSION_TOKEN.equals(uiExtensionToken)) {
+ return UI_EXTENSION_AUTHENTICATED_USER;
+ }
+
+ throw new OtpAuthenticationException("Invalid token");
+ }
+ }).when(otpService).getAuthenticationFromUiExtensionToken(anyString());
+
+ otpAuthenticationProvider = new OtpAuthenticationProvider(otpService);
+ }
+
+ @Test
+ public void testUiExtensionPath() throws Exception {
+ final OtpAuthenticationRequestToken request = new OtpAuthenticationRequestToken(UI_EXTENSION_TOKEN, false);
+
+ final NiFiAuthenticationToken result = (NiFiAuthenticationToken) otpAuthenticationProvider.authenticate(request);
+ final NiFiUserDetails details = (NiFiUserDetails) result.getPrincipal();
+ assertEquals(UI_EXTENSION_AUTHENTICATED_USER, details.getUsername());
+
+ verify(otpService, times(1)).getAuthenticationFromUiExtensionToken(UI_EXTENSION_TOKEN);
+ verify(otpService, never()).getAuthenticationFromDownloadToken(anyString());
+ }
+
+ @Test
+ public void testDownload() throws Exception {
+ final OtpAuthenticationRequestToken request = new OtpAuthenticationRequestToken(DOWNLOAD_TOKEN, true);
+
+ final NiFiAuthenticationToken result = (NiFiAuthenticationToken) otpAuthenticationProvider.authenticate(request);
+ final NiFiUserDetails details = (NiFiUserDetails) result.getPrincipal();
+ assertEquals(DOWNLOAD_AUTHENTICATED_USER, details.getUsername());
+
+ verify(otpService, never()).getAuthenticationFromUiExtensionToken(anyString());
+ verify(otpService, times(1)).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml
index 3d9a7d7..c798191 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/pom.xml
@@ -32,7 +32,6 @@
<counters.filter>counters.properties</counters.filter>
<cluster.filter>cluster.properties</cluster.filter>
<templates.filter>templates.properties</templates.filter>
- <users.filter>users.properties</users.filter>
<bulletin.board.filter>bulletin-board.properties</bulletin.board.filter>
<login.filter>login.properties</login.filter>
<provenance.filter>provenance.properties</provenance.filter>
@@ -55,7 +54,6 @@
<filter>src/main/resources/filters/${counters.filter}</filter>
<filter>src/main/resources/filters/${cluster.filter}</filter>
<filter>src/main/resources/filters/${templates.filter}</filter>
- <filter>src/main/resources/filters/${users.filter}</filter>
<filter>src/main/resources/filters/${bulletin.board.filter}</filter>
<filter>src/main/resources/filters/${login.filter}</filter>
<filter>src/main/resources/filters/${provenance.filter}</filter>
@@ -93,7 +91,6 @@
**/counters.jsp,
**/cluster.jsp,
**/templates.jsp,
- **/users.jsp,
**/bulletin-board.jsp,
**/login.jsp
</excludes>
@@ -195,14 +192,6 @@
<directory>src/main/webapp/WEB-INF/pages</directory>
<targetPath>WEB-INF/pages</targetPath>
<includes>
- <include>users.jsp</include>
- </includes>
- <filtering>true</filtering>
- </resource>
- <resource>
- <directory>src/main/webapp/WEB-INF/pages</directory>
- <targetPath>WEB-INF/pages</targetPath>
- <includes>
<include>cluster.jsp</include>
</includes>
<filtering>true</filtering>
@@ -241,7 +230,6 @@
<counters.filter>counters-min.properties</counters.filter>
<cluster.filter>cluster-min.properties</cluster.filter>
<templates.filter>templates-min.properties</templates.filter>
- <users.filter>users-min.properties</users.filter>
<bulletin.board.filter>bulletin-board-min.properties</bulletin.board.filter>
<login.filter>login-min.properties</login.filter>
<provenance.filter>provenance-min.properties</provenance.filter>
@@ -297,8 +285,6 @@
<include>${staging.dir}/js/nf/canvas/nf-remote-process-group-ports.js</include>
<include>${staging.dir}/js/nf/canvas/nf-port-configuration.js</include>
<include>${staging.dir}/js/nf/canvas/nf-port-details.js</include>
- <include>${staging.dir}/js/nf/canvas/nf-secure-port-configuration.js</include>
- <include>${staging.dir}/js/nf/canvas/nf-secure-port-details.js</include>
<include>${staging.dir}/js/nf/canvas/nf-label-configuration.js</include>
<include>${staging.dir}/js/nf/canvas/nf-connection-configuration.js</include>
<include>${staging.dir}/js/nf/nf-connection-details.js</include>
@@ -424,20 +410,6 @@
</aggregation>
<aggregation>
<insertNewLine>true</insertNewLine>
- <output>${project.build.directory}/${project.build.finalName}/js/nf/users/nf-users-all.js</output>
- <includes>
- <include>${staging.dir}/js/nf/nf-client.js</include>
- <include>${staging.dir}/js/nf/nf-common.js</include>
- <include>${staging.dir}/js/nf/nf-universal-capture.js</include>
- <include>${staging.dir}/js/nf/nf-dialog.js</include>
- <include>${staging.dir}/js/nf/nf-storage.js</include>
- <include>${staging.dir}/js/nf/nf-ajax-setup.js</include>
- <include>${staging.dir}/js/nf/users/nf-users.js</include>
- <include>${staging.dir}/js/nf/users/nf-users-table.js</include>
- </includes>
- </aggregation>
- <aggregation>
- <insertNewLine>true</insertNewLine>
<output>${project.build.directory}/${project.build.finalName}/js/nf/bulletin-board/nf-bulletin-board-all.js</output>
<includes>
<include>${staging.dir}/js/nf/nf-client.js</include>
@@ -561,16 +533,6 @@
</aggregation>
<aggregation>
<insertNewLine>true</insertNewLine>
- <output>${project.build.directory}/${project.build.finalName}/css/nf-users-all.css</output>
- <includes>
- <include>${staging.dir}/css/main.css</include>
- <include>${staging.dir}/css/banner.css</include>
- <include>${staging.dir}/css/dialog.css</include>
- <include>${staging.dir}/css/users.css</include>
- </includes>
- </aggregation>
- <aggregation>
- <insertNewLine>true</insertNewLine>
<output>${project.build.directory}/${project.build.finalName}/css/nf-bulletin-board-all.css</output>
<includes>
<include>${staging.dir}/css/main.css</include>
@@ -624,8 +586,6 @@
css/nf-cluster-all.css.gz,
css/nf-templates-all.css,
css/nf-templates-all.css.gz,
- css/nf-users-all.css,
- css/nf-users-all.css.gz,
css/nf-bulletin-board-all.css,
css/nf-bulletin-board-all.css.gz,
css/nf-login-all.css,
@@ -665,8 +625,6 @@
js/nf/cluster/nf-cluster-all.js.gz,
js/nf/templates/nf-templates-all.js,
js/nf/templates/nf-templates-all.js.gz,
- js/nf/users/nf-users-all.js,
- js/nf/users/nf-users-all.js.gz,
js/nf/bulletin-board/nf-bulletin-board-all.js,
js/nf/bulletin-board/nf-bulletin-board-all.js.gz,
js/nf/login/nf-login-all.js,
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/canvas.properties
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/canvas.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/canvas.properties
index ab42f86..67a02f4 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/canvas.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/canvas.properties
@@ -38,8 +38,6 @@ nf.canvas.script.tags=<script type="text/javascript" src="js/nf/nf-namespace.js?
<script type="text/javascript" src="js/nf/canvas/nf-remote-process-group-ports.js?${project.version}"></script>\n\
<script type="text/javascript" src="js/nf/canvas/nf-port-configuration.js?${project.version}"></script>\n\
<script type="text/javascript" src="js/nf/canvas/nf-port-details.js?${project.version}"></script>\n\
-<script type="text/javascript" src="js/nf/canvas/nf-secure-port-configuration.js?${project.version}"></script>\n\
-<script type="text/javascript" src="js/nf/canvas/nf-secure-port-details.js?${project.version}"></script>\n\
<script type="text/javascript" src="js/nf/canvas/nf-label-configuration.js?${project.version}"></script>\n\
<script type="text/javascript" src="js/nf/canvas/nf-connection-configuration.js?${project.version}"></script>\n\
<script type="text/javascript" src="js/nf/nf-connection-details.js?${project.version}"></script>\n\
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/users-min.properties
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/users-min.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/users-min.properties
deleted file mode 100644
index 9375334..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/users-min.properties
+++ /dev/null
@@ -1,18 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-nf.users.script.tags=<script type="text/javascript" src="js/nf/users/nf-users-all.js?${project.version}"></script>
-nf.users.style.tags=<link rel="stylesheet" href="css/nf-users-all.css?${project.version}" type="text/css" />\n\
-<link rel="stylesheet" href="css/message-pane.css?${project.version}" type="text/css" />
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/users.properties
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/users.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/users.properties
deleted file mode 100644
index 0b37363..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/resources/filters/users.properties
+++ /dev/null
@@ -1,29 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-nf.users.script.tags=<script type="text/javascript" src="js/nf/nf-namespace.js?${project.version}"></script>\n\
-<script type="text/javascript" src="js/nf/nf-common.js?${project.version}"></script>\n\
-<script type="text/javascript" src="js/nf/nf-universal-capture.js?${project.version}"></script>\n\
-<script type="text/javascript" src="js/nf/nf-dialog.js?${project.version}"></script>\n\
-<script type="text/javascript" src="js/nf/nf-storage.js?${project.version}"></script>\n\
-<script type="text/javascript" src="js/nf/nf-ajax-setup.js?${project.version}"></script>\n\
-<script type="text/javascript" src="js/nf/users/nf-users.js?${project.version}"></script>\n\
-<script type="text/javascript" src="js/nf/users/nf-users-table.js?${project.version}"></script>
-nf.users.style.tags=<link rel="stylesheet" href="css/reset.css?${project.version}" type="text/css" />\n\
-<link rel="stylesheet" href="css/main.css?${project.version}" type="text/css" />\n\
-<link rel="stylesheet" href="css/banner.css?${project.version}" type="text/css" />\n\
-<link rel="stylesheet" href="css/dialog.css?${project.version}" type="text/css" />\n\
-<link rel="stylesheet" href="css/message-pane.css?${project.version}" type="text/css" />\n\
-<link rel="stylesheet" href="css/users.css?${project.version}" type="text/css" />
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/canvas.jsp
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/canvas.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/canvas.jsp
index c6fe35d..fbab590 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/canvas.jsp
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/canvas.jsp
@@ -124,8 +124,6 @@
<jsp:include page="/WEB-INF/partials/canvas/remote-port-configuration.jsp"/>
<jsp:include page="/WEB-INF/partials/canvas/port-configuration.jsp"/>
<jsp:include page="/WEB-INF/partials/canvas/port-details.jsp"/>
- <jsp:include page="/WEB-INF/partials/canvas/secure-port-configuration.jsp"/>
- <jsp:include page="/WEB-INF/partials/canvas/secure-port-details.jsp"/>
<jsp:include page="/WEB-INF/partials/canvas/label-configuration.jsp"/>
<jsp:include page="/WEB-INF/partials/canvas/connection-configuration.jsp"/>
<jsp:include page="/WEB-INF/partials/canvas/drop-request-status-dialog.jsp"/>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/users.jsp
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/users.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/users.jsp
deleted file mode 100644
index b3e0968..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/pages/users.jsp
+++ /dev/null
@@ -1,72 +0,0 @@
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %>
-<!DOCTYPE html>
-<html>
- <head>
- <title>NiFi Users</title>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
- <link rel="shortcut icon" href="images/nifi16.ico"/>
- <link rel="stylesheet" href="css/reset.css" type="text/css" />
- ${nf.users.style.tags}
- <link rel="stylesheet" href="js/jquery/tabbs/jquery.tabbs.css?${project.version}" type="text/css" />
- <link rel="stylesheet" href="js/jquery/combo/jquery.combo.css?${project.version}" type="text/css" />
- <link rel="stylesheet" href="js/jquery/modal/jquery.modal.css?${project.version}" type="text/css" />
- <link rel="stylesheet" href="js/jquery/qtip2/jquery.qtip.min.css?" type="text/css" />
- <link rel="stylesheet" href="js/jquery/ui-smoothness/jquery-ui-1.10.4.min.css" type="text/css" />
- <link rel="stylesheet" href="js/jquery/slickgrid/css/slick.grid.css" type="text/css" />
- <link rel="stylesheet" href="js/jquery/slickgrid/css/slick-default-theme.css" type="text/css" />
- <script type="text/javascript" src="js/jquery/jquery-2.1.1.min.js"></script>
- <script type="text/javascript" src="js/jquery/jquery.base64.js"></script>
- <script type="text/javascript" src="js/jquery/jquery.center.js"></script>
- <script type="text/javascript" src="js/jquery/tabbs/jquery.tabbs.js?${project.version}"></script>
- <script type="text/javascript" src="js/jquery/combo/jquery.combo.js?${project.version}"></script>
- <script type="text/javascript" src="js/jquery/modal/jquery.modal.js?${project.version}"></script>
- <script type="text/javascript" src="js/jquery/jquery.ellipsis.js"></script>
- <script type="text/javascript" src="js/jquery/jquery.each.js"></script>
- <script type="text/javascript" src="js/jquery/ui-smoothness/jquery-ui-1.10.4.min.js"></script>
- <script type="text/javascript" src="js/jquery/qtip2/jquery.qtip.min.js"></script>
- <script type="text/javascript" src="js/jquery/jquery.event.drag-2.2.min.js"></script>
- <script type="text/javascript" src="js/jquery/slickgrid/plugins/slick.cellrangeselector.js"></script>
- <script type="text/javascript" src="js/jquery/slickgrid/plugins/slick.cellselectionmodel.js"></script>
- <script type="text/javascript" src="js/jquery/slickgrid/plugins/slick.rowselectionmodel.js"></script>
- <script type="text/javascript" src="js/jquery/slickgrid/plugins/slick.autotooltips.js"></script>
- <script type="text/javascript" src="js/jquery/slickgrid/slick.formatters.js"></script>
- <script type="text/javascript" src="js/jquery/slickgrid/slick.editors.js"></script>
- <script type="text/javascript" src="js/jquery/slickgrid/slick.dataview.js"></script>
- <script type="text/javascript" src="js/jquery/slickgrid/slick.core.js"></script>
- <script type="text/javascript" src="js/jquery/slickgrid/slick.grid.js"></script>
- <script type="text/javascript" src="js/nf/nf-namespace.js?${project.version}"></script>
- ${nf.users.script.tags}
- </head>
- <body>
- <jsp:include page="/WEB-INF/partials/message-pane.jsp"/>
- <jsp:include page="/WEB-INF/partials/banners-utility.jsp"/>
- <jsp:include page="/WEB-INF/partials/yes-no-dialog.jsp"/>
- <jsp:include page="/WEB-INF/partials/ok-dialog.jsp"/>
- <jsp:include page="/WEB-INF/partials/users/users-content.jsp"/>
- <jsp:include page="/WEB-INF/partials/users/user-details-dialog.jsp"/>
- <jsp:include page="/WEB-INF/partials/users/user-roles-dialog.jsp"/>
- <jsp:include page="/WEB-INF/partials/users/group-roles-dialog.jsp"/>
- <jsp:include page="/WEB-INF/partials/users/user-delete-dialog.jsp"/>
- <jsp:include page="/WEB-INF/partials/users/user-revoke-dialog.jsp"/>
- <jsp:include page="/WEB-INF/partials/users/group-revoke-dialog.jsp"/>
- <jsp:include page="/WEB-INF/partials/users/user-group-dialog.jsp"/>
- <div id="faded-background"></div>
- <div id="glass-pane"></div>
- </body>
-</html>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp
index 7a1d22d..ed93e43 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/canvas-header.jsp
@@ -33,7 +33,6 @@
<div id="provenance-link" class="utility-button" title="Data Provenance"></div>
<div id="flow-settings-link" class="utility-button" title="Controller Settings"></div>
<div id="templates-link" class="utility-button" title="Templates"></div>
- <div id="users-link" class="utility-button" title="Users"><div id="has-pending-accounts" class="hidden"></div></div>
<div id="cluster-link" class="utility-button" title="Cluster"></div>
<div id="bulletin-board-link" class="utility-button" title="Bulletin Board"></div>
</div>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/secure-port-configuration.jsp
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/secure-port-configuration.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/secure-port-configuration.jsp
deleted file mode 100644
index bd87018..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/secure-port-configuration.jsp
+++ /dev/null
@@ -1,82 +0,0 @@
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %>
-<div id="secure-port-configuration">
- <div class="dialog-content">
- <span id="secure-port-type" class="hidden"></span>
- <div id="secure-port-configuration-tabs"></div>
- <div id="secure-port-configuration-tabs-content">
- <div id="secure-port-settings-tab-content" class="configuration-tab">
- <div class="secure-port-setting">
- <div class="setting-name">Port name</div>
- <div class="setting-field">
- <input type="text" id="secure-port-name"/>
- <div class="port-enabled-container">
- <div id="secure-port-enabled" class="port-enabled nf-checkbox checkbox-unchecked"></div>
- <span> Enabled</span>
- </div>
- <div class="clear"></div>
- </div>
- </div>
- <div class="secure-port-setting">
- <div class="setting-name">
- Id
- </div>
- <div class="setting-field">
- <span id="secure-port-id"></span>
- </div>
- </div>
- <div id="secure-port-concurrent-task-container" class="secure-port-setting">
- <div class="setting-name">
- Concurrent tasks
- <img class="setting-icon icon-info" src="images/iconInfo.png" alt="Info" title="The number of tasks that should be concurrently scheduled for this port."/>
- </div>
- <div class="setting-field">
- <input type="text" id="secure-port-concurrent-tasks" class="secure-port-field"></input>
- </div>
- </div>
- <div class="secure-port-setting">
- <div class="setting-name">Comments</div>
- <div class="setting-field">
- <textarea cols="30" rows="4" id="secure-port-comments" class="secure-port-field"></textarea>
- </div>
- </div>
- </div>
- <div id="secure-port-access-control-tab-content" class="configuration-tab">
- <div class="secure-port-setting">
- <div class="setting-name">Search Users</div>
- <div class="setting-field">
- <input type="text" id="secure-port-access-control" class="secure-port-field"/>
- </div>
- </div>
- <div class="secure-port-setting">
- <div class="setting-name">Allowed Users</div>
- <div class="setting-field allowed-container">
- <ul id="allowed-users" class="allowed"></ul>
- </div>
- </div>
- <div class="secure-port-setting">
- <div class="setting-name">Allowed Groups</div>
- <div class="setting-field allowed-container">
- <ul id="allowed-groups" class="allowed"></ul>
- </div>
- </div>
- </div>
- </div>
- </div>
-</div>
-<div id="search-users-results"></div>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/secure-port-details.jsp
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/secure-port-details.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/secure-port-details.jsp
deleted file mode 100644
index 7b62450..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/canvas/secure-port-details.jsp
+++ /dev/null
@@ -1,67 +0,0 @@
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %>
-<div id="secure-port-details">
- <div class="dialog-content">
- <div id="secure-port-details-tabs"></div>
- <div id="secure-port-details-tabs-content">
- <div id="read-only-secure-port-settings-tab-content" class="configuration-tab">
- <div class="secure-port-setting">
- <div class="setting-name">Port name</div>
- <div class="setting-field">
- <div id="read-only-secure-port-name"></div>
- </div>
- </div>
- <div class="secure-port-setting">
- <div class="setting-name">Id</div>
- <div class="setting-field">
- <span id="read-only-secure-port-id"></span>
- </div>
- </div>
- <div id="secure-port-concurrent-task-container" class="secure-port-setting">
- <div class="setting-name">
- Concurrent tasks
- <img class="setting-icon icon-info" src="images/iconInfo.png" alt="Info" title="The number of tasks that should be concurrently scheduled for this port."/>
- </div>
- <div class="setting-field">
- <div id="read-only-secure-port-concurrent-tasks"></div>
- </div>
- </div>
- <div class="secure-port-setting">
- <div class="setting-name">Comments</div>
- <div class="setting-field">
- <div id="read-only-secure-port-comments"></div>
- </div>
- </div>
- </div>
- <div id="read-only-secure-port-access-control-tab-content" class="configuration-tab">
- <div class="secure-port-setting">
- <div class="setting-name">Allowed Users</div>
- <div class="setting-field allowed-container">
- <ul id="read-only-allowed-users" class="allowed"></ul>
- </div>
- </div>
- <div class="secure-port-setting">
- <div class="setting-name">Allowed Groups</div>
- <div class="setting-field allowed-container">
- <ul id="read-only-allowed-groups" class="allowed"></ul>
- </div>
- </div>
- </div>
- </div>
- </div>
-</div>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/group-revoke-dialog.jsp
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/group-revoke-dialog.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/group-revoke-dialog.jsp
deleted file mode 100644
index 436e28d..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/group-revoke-dialog.jsp
+++ /dev/null
@@ -1,22 +0,0 @@
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %>
-<div id="group-revoke-dialog">
- <div class="dialog-content">
- Are you sure you want to revoke access for all users in '<span id="group-name-revoke-dialog"></span>'?
- </div>
-</div>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/group-roles-dialog.jsp
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/group-roles-dialog.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/group-roles-dialog.jsp
deleted file mode 100644
index f0db958..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/group-roles-dialog.jsp
+++ /dev/null
@@ -1,52 +0,0 @@
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %>
-<div id="group-roles-dialog">
- <div class="dialog-content">
- <div class="setting">
- <div class="setting-name">Group</div>
- <div class="setting-field">
- <span id="group-name-roles-dialog"></span>
- </div>
- <div class="clear"></div>
- </div>
- <div class="setting">
- <div class="setting-name">Roles</div>
- <div class="group-roles-container">
- <div class="role-container">
- <div id="group-role-admin-checkbox" class="role-checkbox nf-checkbox checkbox-unchecked"></div><div class="role-name">Administrator</div>
- </div>
- <div class="role-container">
- <div id="group-role-dfm-checkbox" class="role-checkbox nf-checkbox checkbox-unchecked"></div><div class="role-name">Data Flow Manager</div>
- </div>
- <div class="role-container">
- <div id="group-role-monitor-checkbox" class="role-checkbox nf-checkbox checkbox-unchecked"></div><div class="role-name">Read Only</div>
- </div>
- <div class="role-container" style="margin-top: 5px;">
- <div id="group-role-provenance-checkbox" class="role-checkbox nf-checkbox checkbox-unchecked"></div><div class="role-name">Provenance</div>
- </div>
- <div class="role-container" style="margin-top: 5px;">
- <div id="group-role-nifi-checkbox" class="role-checkbox nf-checkbox checkbox-unchecked"></div><div class="role-name">NiFi</div>
- </div>
- <div class="role-container">
- <div id="group-role-proxy-checkbox" class="role-checkbox nf-checkbox checkbox-unchecked"></div><div class="role-name">Proxy</div>
- </div>
- </div>
- <div class="clear"></div>
- </div>
- </div>
-</div>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-delete-dialog.jsp
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-delete-dialog.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-delete-dialog.jsp
deleted file mode 100644
index d926691..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-delete-dialog.jsp
+++ /dev/null
@@ -1,23 +0,0 @@
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %>
-<div id="user-delete-dialog">
- <div class="dialog-content">
- <input type="hidden" id="user-id-delete-dialog"/>
- Are you sure you want to delete the user account for '<span id="user-name-delete-dialog"></span>'?
- </div>
-</div>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-details-dialog.jsp
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-details-dialog.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-details-dialog.jsp
deleted file mode 100644
index 8a81882..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-details-dialog.jsp
+++ /dev/null
@@ -1,56 +0,0 @@
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %>
-<div id="user-details-dialog">
- <div class="dialog-content">
- <div class="setting">
- <div class="setting-name">User</div>
- <div class="setting-field">
- <span id="user-name-details-dialog"></span>
- </div>
- <div class="clear"></div>
- </div>
- <div class="setting">
- <div class="setting-name">Identity</div>
- <div class="setting-field">
- <span id="user-dn-details-dialog"></span>
- </div>
- <div class="clear"></div>
- </div>
- <div class="setting">
- <div class="setting-name">Created</div>
- <div class="setting-field">
- <span id="user-created-details-dialog"></span>
- </div>
- <div class="clear"></div>
- </div>
- <div class="setting">
- <div class="setting-name">Last Verified</div>
- <div class="setting-field">
- <span id="user-verified-details-dialog"></span>
- </div>
- <div class="clear"></div>
- </div>
- <div class="setting">
- <div class="setting-name">Justification</div>
- <div class="setting-field">
- <div id="user-justification-details-dialog"></div>
- </div>
- <div class="clear"></div>
- </div>
- </div>
-</div>
[21/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml
index dca1d97..bd8272a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml
@@ -31,14 +31,6 @@
<groupId>org.apache.nifi</groupId>
<artifactId>nifi-jetty</artifactId>
</dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-cluster-authorization-provider</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-file-authorization-provider</artifactId>
- </dependency>
<!-- mark these nifi artifacts as provided since it is included in the lib -->
<dependency>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java
new file mode 100644
index 0000000..8347953
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java
@@ -0,0 +1,147 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.util.NiFiProperties;
+import org.h2.jdbcx.JdbcConnectionPool;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.FactoryBean;
+
+import java.io.File;
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+public class KeyDataSourceFactoryBean implements FactoryBean {
+
+ private static final Logger logger = LoggerFactory.getLogger(KeyDataSourceFactoryBean.class);
+ private static final String NF_USERNAME_PASSWORD = "nf";
+ private static final int MAX_CONNECTIONS = 5;
+
+ // database file name
+ private static final String USER_KEYS_DATABASE_FILE_NAME = "nifi-user-keys";
+
+ // ----------
+ // keys table
+ // ----------
+
+ private static final String CREATE_KEY_TABLE = "CREATE TABLE KEY ("
+ + "ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, "
+ + "IDENTITY VARCHAR2(4096) NOT NULL UNIQUE, "
+ + "KEY VARCHAR2(100) NOT NULL"
+ + ")";
+
+ private JdbcConnectionPool connectionPool;
+
+ private NiFiProperties properties;
+
+ @Override
+ public Object getObject() throws Exception {
+ if (connectionPool == null) {
+
+ // locate the repository directory
+ String repositoryDirectoryPath = properties.getProperty(NiFiProperties.REPOSITORY_DATABASE_DIRECTORY);
+
+ // ensure the repository directory is specified
+ if (repositoryDirectoryPath == null) {
+ throw new NullPointerException("Database directory must be specified.");
+ }
+
+ // create a handle to the repository directory
+ File repositoryDirectory = new File(repositoryDirectoryPath);
+
+ // create a handle to the database directory and file
+ File databaseFile = new File(repositoryDirectory, USER_KEYS_DATABASE_FILE_NAME);
+ String databaseUrl = getDatabaseUrl(databaseFile);
+
+ // create the pool
+ connectionPool = JdbcConnectionPool.create(databaseUrl, NF_USERNAME_PASSWORD, NF_USERNAME_PASSWORD);
+ connectionPool.setMaxConnections(MAX_CONNECTIONS);
+
+ Connection connection = null;
+ ResultSet rs = null;
+ Statement statement = null;
+ try {
+ // get a connection
+ connection = connectionPool.getConnection();
+ connection.setAutoCommit(false);
+
+ // create a statement for creating/updating the database
+ statement = connection.createStatement();
+
+ // determine if the key table need to be created
+ rs = connection.getMetaData().getTables(null, null, "KEY", null);
+ if (!rs.next()) {
+ statement.execute(CREATE_KEY_TABLE);
+ }
+
+ // commit any changes
+ connection.commit();
+ } catch (SQLException sqle) {
+ RepositoryUtils.rollback(connection, logger);
+ throw sqle;
+ } finally {
+ RepositoryUtils.closeQuietly(rs);
+ RepositoryUtils.closeQuietly(statement);
+ RepositoryUtils.closeQuietly(connection);
+ }
+ }
+
+ return connectionPool;
+ }
+
+ private String getDatabaseUrl(File databaseFile) {
+ String databaseUrl = "jdbc:h2:" + databaseFile + ";AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3";
+ String databaseUrlAppend = properties.getProperty(NiFiProperties.H2_URL_APPEND);
+ if (StringUtils.isNotBlank(databaseUrlAppend)) {
+ databaseUrl += databaseUrlAppend;
+ }
+ return databaseUrl;
+ }
+
+ @Override
+ public Class getObjectType() {
+ return JdbcConnectionPool.class;
+ }
+
+ @Override
+ public boolean isSingleton() {
+ return true;
+ }
+
+ public void setProperties(NiFiProperties properties) {
+ this.properties = properties;
+ }
+
+ public void shutdown() {
+ // shutdown the connection pool
+ if (connectionPool != null) {
+ try {
+ connectionPool.dispose();
+ } catch (Exception e) {
+ logger.warn("Unable to dispose of connection pool: " + e.getMessage());
+ if (logger.isDebugEnabled()) {
+ logger.warn(StringUtils.EMPTY, e);
+ }
+ }
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java
deleted file mode 100644
index d45719d..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin;
-
-import java.io.File;
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.UUID;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.Authority;
-import org.h2.jdbcx.JdbcConnectionPool;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.util.NiFiProperties;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.FactoryBean;
-
-public class UserDataSourceFactoryBean implements FactoryBean {
-
- private static final Logger logger = LoggerFactory.getLogger(UserDataSourceFactoryBean.class);
- private static final String NF_USERNAME_PASSWORD = "nf";
- private static final int MAX_CONNECTIONS = 5;
-
- // database file name
- private static final String AUDIT_DATABASE_FILE_NAME = "nifi-users";
-
- private static final String CREATE_USER_TABLE = "CREATE TABLE USER ("
- + "ID VARCHAR2(100) NOT NULL PRIMARY KEY, "
- + "IDENTITY VARCHAR2(4096) NOT NULL UNIQUE, "
- + "USER_NAME VARCHAR2(4096) NOT NULL, "
- + "USER_GROUP VARCHAR2(100), "
- + "CREATION TIMESTAMP NOT NULL, "
- + "LAST_ACCESSED TIMESTAMP, "
- + "LAST_VERIFIED TIMESTAMP, "
- + "JUSTIFICATION VARCHAR2(500) NOT NULL, "
- + "STATUS VARCHAR2(10) NOT NULL"
- + ")";
-
- private static final String CREATE_AUTHORITY_TABLE = "CREATE TABLE AUTHORITY ("
- + "ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, "
- + "USER_ID VARCHAR2(100) NOT NULL, "
- + "ROLE VARCHAR2(50) NOT NULL, "
- + "FOREIGN KEY (USER_ID) REFERENCES USER (ID), "
- + "CONSTRAINT USER_ROLE_UNIQUE_CONSTRAINT UNIQUE (USER_ID, ROLE)"
- + ")";
-
- private static final String INSERT_ANONYMOUS_USER = "INSERT INTO USER ("
- + "ID, IDENTITY, USER_NAME, CREATION, LAST_VERIFIED, JUSTIFICATION, STATUS"
- + ") VALUES ("
- + "'" + UUID.randomUUID().toString() + "', "
- + "'" + NiFiUser.ANONYMOUS_USER_IDENTITY + "', "
- + "'" + NiFiUser.ANONYMOUS_USER_IDENTITY + "', "
- + "NOW(), "
- + "NOW(), "
- + "'Anonymous user needs no justification', "
- + "'ACTIVE'"
- + ")";
-
- private static final String INSERT_ANONYMOUS_AUTHORITY = "INSERT INTO AUTHORITY ("
- + "USER_ID, ROLE"
- + ") VALUES ("
- + "(SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_IDENTITY + "'), "
- + "'%s'"
- + ")";
-
- private static final String DELETE_ANONYMOUS_AUTHORITIES = "DELETE FROM AUTHORITY "
- + "WHERE USER_ID = (SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_IDENTITY + "')";
-
- private static final String RENAME_DN_COLUMN = "ALTER TABLE USER ALTER COLUMN DN RENAME TO IDENTITY";
- private static final String RESIZE_IDENTITY_COLUMN = "ALTER TABLE USER MODIFY IDENTITY VARCHAR(4096)";
- private static final String RESIZE_USER_NAME_COLUMN = "ALTER TABLE USER MODIFY USER_NAME VARCHAR(4096)";
-
- // ----------
- // keys table
- // ----------
- private static final String CREATE_KEY_TABLE = "CREATE TABLE KEY ("
- + "ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, "
- + "IDENTITY VARCHAR2(4096) NOT NULL UNIQUE, "
- + "KEY VARCHAR2(100) NOT NULL"
- + ")";
-
- private JdbcConnectionPool connectionPool;
-
- private NiFiProperties properties;
-
- @Override
- public Object getObject() throws Exception {
- if (connectionPool == null) {
-
- // locate the repository directory
- String repositoryDirectoryPath = properties.getProperty(NiFiProperties.REPOSITORY_DATABASE_DIRECTORY);
-
- // ensure the repository directory is specified
- if (repositoryDirectoryPath == null) {
- throw new NullPointerException("Database directory must be specified.");
- }
-
- // get the roles being granted to anonymous users
- final Set<String> rawAnonymousAuthorities = new HashSet<>(properties.getAnonymousAuthorities());
- final Set<Authority> anonymousAuthorities = Authority.convertRawAuthorities(rawAnonymousAuthorities);
-
- // ensure every authorities was recognized
- if (rawAnonymousAuthorities.size() != anonymousAuthorities.size()) {
- final Set<String> validAuthorities = Authority.convertAuthorities(anonymousAuthorities);
- rawAnonymousAuthorities.removeAll(validAuthorities);
- throw new IllegalStateException(String.format("Invalid authorities specified for anonymous access: [%s]. Valid values are: [%s].",
- StringUtils.join(rawAnonymousAuthorities, ", "), StringUtils.join(Authority.values(), ", ")));
- }
-
- // create a handle to the repository directory
- File repositoryDirectory = new File(repositoryDirectoryPath);
-
- // create a handle to the database directory and file
- File databaseFile = new File(repositoryDirectory, AUDIT_DATABASE_FILE_NAME);
- String databaseUrl = getDatabaseUrl(databaseFile);
-
- // create the pool
- connectionPool = JdbcConnectionPool.create(databaseUrl, NF_USERNAME_PASSWORD, NF_USERNAME_PASSWORD);
- connectionPool.setMaxConnections(MAX_CONNECTIONS);
-
- Connection connection = null;
- ResultSet rs = null;
- Statement statement = null;
- try {
- // get a connection
- connection = connectionPool.getConnection();
- connection.setAutoCommit(false);
-
- // create a statement for creating/updating the database
- statement = connection.createStatement();
-
- // determine if the tables need to be created
- rs = connection.getMetaData().getTables(null, null, "USER", null);
- if (!rs.next()) {
- logger.info("Database not built for repository: " + databaseUrl + ". Building now...");
-
- // create the tables
- statement.execute(CREATE_USER_TABLE);
- statement.execute(CREATE_AUTHORITY_TABLE);
-
- // seed the anonymous user
- statement.execute(INSERT_ANONYMOUS_USER);
- } else {
- logger.info("Existing database found and connected to at: " + databaseUrl);
- RepositoryUtils.closeQuietly(rs);
-
- // if the DN column exists, transform the table
- rs = connection.getMetaData().getColumns(null, null, "USER", "DN");
- if (rs.next()) {
- statement.execute(RENAME_DN_COLUMN);
- statement.execute(RESIZE_IDENTITY_COLUMN);
- statement.execute(RESIZE_USER_NAME_COLUMN);
- }
-
- // remove all authorities for the anonymous user
- statement.execute(DELETE_ANONYMOUS_AUTHORITIES);
- }
-
- // add all authorities for the anonymous user
- for (final Authority authority : anonymousAuthorities) {
- statement.execute(String.format(INSERT_ANONYMOUS_AUTHORITY, authority.name()));
- }
-
- RepositoryUtils.closeQuietly(rs);
-
- // determine if the key table need to be created
- rs = connection.getMetaData().getTables(null, null, "KEY", null);
- if (!rs.next()) {
- statement.execute(CREATE_KEY_TABLE);
- }
-
- // commit any changes
- connection.commit();
- } catch (SQLException sqle) {
- RepositoryUtils.rollback(connection, logger);
- throw sqle;
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- RepositoryUtils.closeQuietly(connection);
- }
- }
-
- return connectionPool;
- }
-
- private String getDatabaseUrl(File databaseFile) {
- String databaseUrl = "jdbc:h2:" + databaseFile + ";AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3";
- String databaseUrlAppend = properties.getProperty(NiFiProperties.H2_URL_APPEND);
- if (StringUtils.isNotBlank(databaseUrlAppend)) {
- databaseUrl += databaseUrlAppend;
- }
- return databaseUrl;
- }
-
- @Override
- public Class getObjectType() {
- return JdbcConnectionPool.class;
- }
-
- @Override
- public boolean isSingleton() {
- return true;
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
- public void shutdown() {
-
- // shutdown the connection pool
- if (connectionPool != null) {
- try {
- connectionPool.dispose();
- } catch (Exception e) {
- logger.warn("Unable to dispose of connection pool: " + e.getMessage());
- if (logger.isDebugEnabled()) {
- logger.warn(StringUtils.EMPTY, e);
- }
- }
- }
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java
deleted file mode 100644
index b80b78e..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.dao;
-
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-
-/**
- * Authority data access.
- */
-public interface AuthorityDAO {
-
- /**
- * Finds all Authority for the specified user.
- *
- * @param userId identifier of user
- * @return authorities
- */
- Set<Authority> findAuthoritiesByUserId(String userId) throws DataAccessException;
-
- /**
- * Creates new Authorities for the specified user in addition to authorities
- * they already have.
- *
- * @param authorities to add to the given user
- * @param userId identifier of user
- */
- void createAuthorities(Set<Authority> authorities, String userId) throws DataAccessException;
-
- /**
- * Removes all Authorities for the specified user.
- *
- * @param userId user identifier
- * @throws DataAccessException if unable to access authorities
- */
- void deleteAuthorities(String userId) throws DataAccessException;
-
- /**
- * Removes the specified Authority.
- *
- * @param authorities to remove
- * @param userId user id
- */
- void deleteAuthorities(Set<Authority> authorities, String userId) throws DataAccessException;
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
index eb7e3ce..3fcc6d8 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
@@ -21,11 +21,7 @@ package org.apache.nifi.admin.dao;
*/
public interface DAOFactory {
- UserDAO getUserDAO();
-
ActionDAO getActionDAO();
- AuthorityDAO getAuthorityDAO();
-
KeyDAO getKeyDAO();
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java
deleted file mode 100644
index 7e91c07..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.dao;
-
-import java.util.Date;
-import java.util.Set;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- * Defines the user data access object.
- */
-public interface UserDAO {
-
- /**
- * Determines whether there are any PENDING user accounts.
- *
- * @return true if pending
- * @throws DataAccessException dae
- */
- Boolean hasPendingUserAccounts() throws DataAccessException;
-
- /**
- * Returns all users.
- *
- * @return all users
- * @throws DataAccessException dae
- */
- Set<NiFiUser> findUsers() throws DataAccessException;
-
- /**
- * Returns all user groups.
- *
- * @return all group names
- * @throws DataAccessException dae
- */
- Set<String> findUserGroups() throws DataAccessException;
-
- /**
- * Returns all users for the specified group.
- *
- * @param group group
- * @return users in group
- * @throws DataAccessException dae
- */
- Set<NiFiUser> findUsersForGroup(String group) throws DataAccessException;
-
- /**
- * Returns the user with the specified id.
- *
- * @param id user id
- * @return user for the given id
- * @throws DataAccessException dae
- */
- NiFiUser findUserById(String id) throws DataAccessException;
-
- /**
- * Returns the user with the specified DN.
- *
- * @param dn user dn
- * @return user
- */
- NiFiUser findUserByDn(String dn) throws DataAccessException;
-
- /**
- * Creates a new user based off the specified NiFiUser.
- *
- * @param user to create
- * @return the created user with it's id
- */
- NiFiUser createUser(NiFiUser user) throws DataAccessException;
-
- /**
- * Updates the specified NiFiUser.
- *
- * @param user to update
- */
- void updateUser(NiFiUser user) throws DataAccessException;
-
- /**
- * Deletes the specified user.
- *
- * @param id user identifier
- * @throws DataAccessException dae
- */
- void deleteUser(String id) throws DataAccessException;
-
- /**
- * Sets the status of the specified group.
- *
- * @param group group
- * @param status status
- * @throws DataAccessException dae
- */
- void updateGroupStatus(String group, AccountStatus status) throws DataAccessException;
-
- /**
- * Sets the last verified time for all users in the specified group.
- *
- * @param group group
- * @param lastVerified date last verified
- * @throws DataAccessException dae
- */
- void updateGroupVerification(String group, Date lastVerified) throws DataAccessException;
-
- /**
- * Ungroups the specified group.
- *
- * @param group to ungroup
- * @throws DataAccessException dae
- */
- void ungroup(String group) throws DataAccessException;
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
index 940e364..09ad103 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
@@ -18,10 +18,8 @@ package org.apache.nifi.admin.dao.impl;
import java.sql.Connection;
import org.apache.nifi.admin.dao.ActionDAO;
-import org.apache.nifi.admin.dao.AuthorityDAO;
import org.apache.nifi.admin.dao.DAOFactory;
import org.apache.nifi.admin.dao.KeyDAO;
-import org.apache.nifi.admin.dao.UserDAO;
/**
*
@@ -40,16 +38,6 @@ public class DAOFactoryImpl implements DAOFactory {
}
@Override
- public AuthorityDAO getAuthorityDAO() {
- return new StandardAuthorityDAO(connection);
- }
-
- @Override
- public UserDAO getUserDAO() {
- return new StandardUserDAO(connection);
- }
-
- @Override
public KeyDAO getKeyDAO() {
return new StandardKeyDAO(connection);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java
deleted file mode 100644
index 4e2cc26..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.dao.impl;
-
-import java.sql.Connection;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.util.EnumSet;
-import java.util.Set;
-import org.apache.nifi.admin.RepositoryUtils;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.authorization.Authority;
-
-/**
- *
- */
-public class StandardAuthorityDAO implements AuthorityDAO {
-
- private static final String SELECT_AUTHORITIES_FOR_USER = "SELECT ID, ROLE "
- + "FROM AUTHORITY "
- + "WHERE USER_ID = ?";
-
- private static final String INSERT_AUTHORITY = "INSERT INTO AUTHORITY ("
- + "USER_ID, ROLE"
- + ") VALUES ("
- + "?, ?"
- + ")";
-
- private static final String DELETE_AUTHORITY = "DELETE FROM AUTHORITY "
- + "WHERE USER_ID = ? AND ROLE = ?";
-
- private static final String DELETE_AUTHORITIES_FOR_USER = "DELETE FROM AUTHORITY "
- + "WHERE USER_ID = ?";
-
- private final Connection connection;
-
- public StandardAuthorityDAO(Connection connection) {
- this.connection = connection;
- }
-
- @Override
- public void createAuthorities(Set<Authority> authorities, String userId) throws DataAccessException {
- if (authorities == null) {
- throw new IllegalArgumentException("Specified authorities cannot be null.");
- }
-
- // ensure there are some authorities to create
- if (!authorities.isEmpty()) {
- PreparedStatement statement = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(INSERT_AUTHORITY);
- statement.setString(1, userId);
- for (Authority authority : authorities) {
- statement.setString(2, authority.toString());
- statement.addBatch();
- }
-
- // insert the authorities
- int[] updateCounts = statement.executeBatch();
- for (int updateCount : updateCounts) {
- if (updateCount != 1) {
- throw new DataAccessException("Unable to insert user authorities.");
- }
- }
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
- }
-
- @Override
- public void deleteAuthorities(String userId) throws DataAccessException {
- // ensure there are some authorities to create
- PreparedStatement statement = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(DELETE_AUTHORITIES_FOR_USER);
- statement.setString(1, userId);
-
- // insert the authorities
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void deleteAuthorities(Set<Authority> authorities, String userId) throws DataAccessException {
- if (authorities == null) {
- throw new IllegalArgumentException("Specified authorities cannot be null.");
- }
-
- // ensure there are some authorities to create
- if (!authorities.isEmpty()) {
- PreparedStatement statement = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(DELETE_AUTHORITY);
- statement.setString(1, userId);
- for (Authority authority : authorities) {
- statement.setString(2, authority.toString());
- statement.addBatch();
- }
-
- // insert the authorities
- int[] updateCounts = statement.executeBatch();
- for (int updateCount : updateCounts) {
- if (updateCount != 1) {
- throw new DataAccessException("Unable to remove user authorities.");
- }
- }
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
- }
-
- @Override
- public Set<Authority> findAuthoritiesByUserId(String userId) throws DataAccessException {
- Set<Authority> authorities = EnumSet.noneOf(Authority.class);
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(SELECT_AUTHORITIES_FOR_USER);
- statement.setString(1, userId);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create each corresponding authority
- while (rs.next()) {
- authorities.add(Authority.valueOfAuthority(rs.getString("ROLE")));
- }
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
-
- return authorities;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java
deleted file mode 100644
index 20356e3..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java
+++ /dev/null
@@ -1,641 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.dao.impl;
-
-import java.nio.charset.StandardCharsets;
-import java.sql.Connection;
-import org.apache.nifi.admin.dao.UserDAO;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.sql.Types;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.UUID;
-import org.apache.nifi.admin.RepositoryUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- * Responsible for loading and persisting NiFiUsers.
- */
-public class StandardUserDAO implements UserDAO {
-
- private static final String SELECT_PENDING_ACCOUNTS_COUNT = "SELECT "
- + "COUNT(*) as PENDING_ACCOUNTS "
- + "FROM USER U "
- + "WHERE U.STATUS = 'PENDING'";
-
- private static final String SELECT_USER_BY_USER = "SELECT "
- + "U.ID, "
- + "U.IDENTITY, "
- + "U.USER_NAME, "
- + "U.USER_GROUP, "
- + "U.CREATION, "
- + "U.LAST_ACCESSED, "
- + "U.LAST_VERIFIED, "
- + "U.JUSTIFICATION, "
- + "U.STATUS, "
- + "A.ROLE "
- + "FROM USER U "
- + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
- + "ON U.ID = A.USER_ID "
- + "WHERE U.IDENTITY = ?";
-
- private static final String SELECT_USER_BY_ID = "SELECT "
- + "U.ID, "
- + "U.IDENTITY, "
- + "U.USER_NAME, "
- + "U.USER_GROUP, "
- + "U.CREATION, "
- + "U.LAST_ACCESSED, "
- + "U.LAST_VERIFIED, "
- + "U.JUSTIFICATION, "
- + "U.STATUS, "
- + "A.ROLE "
- + "FROM USER U "
- + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
- + "ON U.ID = A.USER_ID "
- + "WHERE U.ID = ?";
-
- private static final String SELECT_USERS = "SELECT "
- + "U.ID, "
- + "U.IDENTITY, "
- + "U.USER_NAME, "
- + "U.USER_GROUP, "
- + "U.CREATION, "
- + "U.LAST_ACCESSED, "
- + "U.LAST_VERIFIED, "
- + "U.JUSTIFICATION, "
- + "U.STATUS, "
- + "A.ROLE "
- + "FROM USER U "
- + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
- + "ON U.ID = A.USER_ID "
- + "WHERE U.IDENTITY <> ?";
-
- private static final String SELECT_USER_GROUPS = "SELECT DISTINCT "
- + "U.USER_GROUP "
- + "FROM USER U";
-
- private static final String SELECT_USER_GROUP = "SELECT "
- + "U.ID, "
- + "U.IDENTITY, "
- + "U.USER_NAME, "
- + "U.USER_GROUP, "
- + "U.CREATION, "
- + "U.LAST_ACCESSED, "
- + "U.LAST_VERIFIED, "
- + "U.JUSTIFICATION, "
- + "U.STATUS, "
- + "A.ROLE "
- + "FROM USER U "
- + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
- + "ON U.ID = A.USER_ID "
- + "WHERE U.IDENTITY <> ? AND U.USER_GROUP = ?";
-
- private static final String INSERT_USER = "INSERT INTO USER ("
- + "ID, IDENTITY, USER_NAME, USER_GROUP, CREATION, LAST_VERIFIED, JUSTIFICATION, STATUS"
- + ") VALUES ("
- + "?, "
- + "?, "
- + "?, "
- + "?, "
- + "NOW(), "
- + "?, "
- + "?, "
- + "?"
- + ")";
-
- private static final String UPDATE_USER = "UPDATE USER SET "
- + "IDENTITY = ?, "
- + "USER_NAME = ?, "
- + "USER_GROUP = ?, "
- + "LAST_ACCESSED = ?, "
- + "LAST_VERIFIED = ?, "
- + "JUSTIFICATION = ?, "
- + "STATUS = ? "
- + "WHERE ID = ?";
-
- private static final String UPDATE_USER_GROUP_STATUS = "UPDATE USER SET "
- + "STATUS = ?,"
- + "USER_GROUP = NULL "
- + "WHERE USER_GROUP = ?";
-
- private static final String UPDATE_USER_GROUP_VERIFICATION = "UPDATE USER SET "
- + "LAST_VERIFIED = ? "
- + "WHERE USER_GROUP = ?";
-
- private static final String UNGROUP_GROUP = "UPDATE USER SET "
- + "USER_GROUP = NULL "
- + "WHERE USER_GROUP = ?";
-
- private static final String DELETE_USER = "DELETE FROM USER "
- + "WHERE ID = ?";
-
- private final Connection connection;
-
- public StandardUserDAO(Connection connection) {
- this.connection = connection;
- }
-
- @Override
- public Boolean hasPendingUserAccounts() throws DataAccessException {
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_PENDING_ACCOUNTS_COUNT);
-
- // execute the query
- rs = statement.executeQuery();
-
- // get the first row which will contain the number of pending accounts
- if (rs.next()) {
- int pendingAccounts = rs.getInt("PENDING_ACCOUNTS");
- return pendingAccounts > 0;
- }
-
- // query returned no results?
- return false;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public Set<NiFiUser> findUsers() throws DataAccessException {
- Set<NiFiUser> users = new HashSet<>();
-
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USERS);
- statement.setString(1, NiFiUser.ANONYMOUS_USER_IDENTITY);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create the user
- NiFiUser user = null;
-
- // go through the user and its roles
- while (rs.next()) {
- // get the user id for the current record
- String userId = rs.getString("ID");
-
- // create the user during the first iteration
- if (user == null || !userId.equals(user.getId())) {
- user = new NiFiUser();
- user.setId(userId);
- user.setIdentity(rs.getString("IDENTITY"));
- user.setUserName(rs.getString("USER_NAME"));
- user.setUserGroup(rs.getString("USER_GROUP"));
- user.setJustification(rs.getString("JUSTIFICATION"));
- user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
-
- // set the creation date
- user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
-
- // get the last accessed date
- if (rs.getTimestamp("LAST_ACCESSED") != null) {
- user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
- }
-
- // get the last verified date
- if (rs.getTimestamp("LAST_VERIFIED") != null) {
- user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
- }
-
- // add the user
- users.add(user);
- }
-
- // the select statement performs a left join since the desired
- // user may not have any authorities
- String authority = rs.getString("ROLE");
- if (StringUtils.isNotBlank(authority)) {
- user.getAuthorities().add(Authority.valueOfAuthority(authority));
- }
- }
-
- return users;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public Set<String> findUserGroups() throws DataAccessException {
- Set<String> userGroups = new HashSet<>();
-
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USER_GROUPS);
-
- // execute the query
- rs = statement.executeQuery();
-
- // get each user group
- while (rs.next()) {
- userGroups.add(rs.getString("USER_GROUP"));
- }
-
- return userGroups;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public Set<NiFiUser> findUsersForGroup(String group) throws DataAccessException {
- Set<NiFiUser> users = new HashSet<>();
-
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USER_GROUP);
- statement.setString(1, NiFiUser.ANONYMOUS_USER_IDENTITY);
- statement.setString(2, group);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create the user
- NiFiUser user = null;
-
- // go through the user and its roles
- while (rs.next()) {
- // get the user id for the current record
- String userId = rs.getString("ID");
-
- // create the user during the first iteration
- if (user == null || !userId.equals(user.getId())) {
- user = new NiFiUser();
- user.setId(userId);
- user.setIdentity(rs.getString("IDENTITY"));
- user.setUserName(rs.getString("USER_NAME"));
- user.setUserGroup(rs.getString("USER_GROUP"));
- user.setJustification(rs.getString("JUSTIFICATION"));
- user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
-
- // set the creation date
- user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
-
- // get the last accessed date
- if (rs.getTimestamp("LAST_ACCESSED") != null) {
- user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
- }
-
- // get the last verified date
- if (rs.getTimestamp("LAST_VERIFIED") != null) {
- user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
- }
-
- // add the user
- users.add(user);
- }
-
- // the select statement performs a left join since the desired
- // user may not have any authorities
- String authority = rs.getString("ROLE");
- if (StringUtils.isNotBlank(authority)) {
- user.getAuthorities().add(Authority.valueOfAuthority(authority));
- }
- }
-
- return users;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public NiFiUser findUserById(String id) throws DataAccessException {
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USER_BY_ID);
- statement.setString(1, id);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create the user
- NiFiUser user = null;
-
- // go through the user and its roles
- while (rs.next()) {
- // create the user during the first iteration
- if (user == null) {
- user = new NiFiUser();
- user.setId(rs.getString("ID"));
- user.setIdentity(rs.getString("IDENTITY"));
- user.setUserName(rs.getString("USER_NAME"));
- user.setUserGroup(rs.getString("USER_GROUP"));
- user.setJustification(rs.getString("JUSTIFICATION"));
- user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
-
- // set the creation date
- user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
-
- // get the last accessed date
- if (rs.getTimestamp("LAST_ACCESSED") != null) {
- user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
- }
-
- // get the last verified date
- if (rs.getTimestamp("LAST_VERIFIED") != null) {
- user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
- }
- }
-
- // the select statement performs a left join since the desired
- // user may not have any authorities
- String authority = rs.getString("ROLE");
- if (StringUtils.isNotBlank(authority)) {
- user.getAuthorities().add(Authority.valueOfAuthority(authority));
- }
- }
-
- return user;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public NiFiUser findUserByDn(String dn) throws DataAccessException {
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USER_BY_USER);
- statement.setString(1, dn);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create the user
- NiFiUser user = null;
-
- // go through the user and its roles
- while (rs.next()) {
- // create the user during the first iteration
- if (user == null) {
- user = new NiFiUser();
- user.setId(rs.getString("ID"));
- user.setIdentity(rs.getString("IDENTITY"));
- user.setUserName(rs.getString("USER_NAME"));
- user.setUserGroup(rs.getString("USER_GROUP"));
- user.setJustification(rs.getString("JUSTIFICATION"));
- user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
-
- // set the creation date
- user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
-
- // get the last accessed date
- if (rs.getTimestamp("LAST_ACCESSED") != null) {
- user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
- }
-
- // get the last verified date
- if (rs.getTimestamp("LAST_VERIFIED") != null) {
- user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
- }
- }
-
- // the select statement performs a left join since the desired
- // user may not have any authorities
- String authority = rs.getString("ROLE");
- if (StringUtils.isNotBlank(authority)) {
- user.getAuthorities().add(Authority.valueOfAuthority(authority));
- }
- }
-
- return user;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public NiFiUser createUser(NiFiUser user) throws DataAccessException {
- if (user.getIdentity() == null) {
- throw new IllegalArgumentException("User identity must be specified.");
- }
-
- // ensure the user identity is not too lengthy
- if (user.getIdentity().length() > 4096) {
- throw new IllegalArgumentException("User identity must be less than 4096 characters.");
- }
-
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- final String id = UUID.nameUUIDFromBytes(user.getIdentity().getBytes(StandardCharsets.UTF_8)).toString();
-
- // create a statement
- statement = connection.prepareStatement(INSERT_USER, Statement.RETURN_GENERATED_KEYS);
- statement.setString(1, id);
- statement.setString(2, StringUtils.left(user.getIdentity(), 4096));
- statement.setString(3, StringUtils.left(user.getUserName(), 4096));
- statement.setString(4, StringUtils.left(user.getUserGroup(), 100));
- if (user.getLastVerified() != null) {
- statement.setTimestamp(5, new java.sql.Timestamp(user.getLastVerified().getTime()));
- } else {
- statement.setTimestamp(5, null);
- }
- statement.setString(6, StringUtils.left(user.getJustification(), 500));
- statement.setString(7, user.getStatus().toString());
-
- // insert the user
- int updateCount = statement.executeUpdate();
- if (updateCount == 1) {
- user.setId(id);
- } else {
- throw new DataAccessException("Unable to insert user.");
- }
-
- return user;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void deleteUser(String id) throws DataAccessException {
- // ensure there are some authorities to create
- PreparedStatement statement = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(DELETE_USER);
- statement.setString(1, id);
-
- // insert the authorities
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void updateUser(NiFiUser user) throws DataAccessException {
- PreparedStatement statement = null;
- try {
- // create a statement
- statement = connection.prepareStatement(UPDATE_USER);
- statement.setString(1, StringUtils.left(user.getIdentity(), 4096));
- statement.setString(2, StringUtils.left(user.getUserName(), 4096));
- statement.setString(3, StringUtils.left(user.getUserGroup(), 100));
- statement.setString(6, StringUtils.left(user.getJustification(), 500));
- statement.setString(7, user.getStatus().toString());
- statement.setString(8, user.getId());
-
- // set the last accessed time accordingly
- if (user.getLastAccessed() == null) {
- statement.setNull(4, Types.TIMESTAMP);
- } else {
- statement.setTimestamp(4, new java.sql.Timestamp(user.getLastAccessed().getTime()));
- }
-
- // set the last verified time accordingly
- if (user.getLastVerified() == null) {
- statement.setNull(5, Types.TIMESTAMP);
- } else {
- statement.setTimestamp(5, new java.sql.Timestamp(user.getLastVerified().getTime()));
- }
-
- // perform the update
- int updateCount = statement.executeUpdate();
- if (updateCount != 1) {
- throw new DataAccessException("Unable to update user.");
- }
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void updateGroupStatus(String group, AccountStatus status) throws DataAccessException {
- PreparedStatement statement = null;
- try {
- // create a statement
- statement = connection.prepareStatement(UPDATE_USER_GROUP_STATUS);
- statement.setString(1, status.toString());
- statement.setString(2, group);
-
- // perform the update
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void updateGroupVerification(String group, Date lastVerified) throws DataAccessException {
- PreparedStatement statement = null;
- try {
- // create a statement
- statement = connection.prepareStatement(UPDATE_USER_GROUP_VERIFICATION);
-
- // set the last verified time accordingly
- if (lastVerified == null) {
- statement.setNull(1, Types.TIMESTAMP);
- } else {
- statement.setTimestamp(1, new java.sql.Timestamp(lastVerified.getTime()));
- }
-
- // set the group
- statement.setString(2, group);
-
- // perform the update
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void ungroup(String group) throws DataAccessException {
- PreparedStatement statement = null;
- try {
- // create a statement
- statement = connection.prepareStatement(UNGROUP_GROUP);
- statement.setString(1, group);
-
- // perform the update
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java
deleted file mode 100644
index e8b3d10..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service;
-
-/**
- * Exception to indicate that the user account is disabled.
- */
-public class AccountDisabledException extends RuntimeException {
-
- public AccountDisabledException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
- super(message, cause, enableSuppression, writableStackTrace);
- }
-
- public AccountDisabledException(Throwable cause) {
- super(cause);
- }
-
- public AccountDisabledException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public AccountDisabledException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountNotFoundException.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountNotFoundException.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountNotFoundException.java
deleted file mode 100644
index 88287ce..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountNotFoundException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service;
-
-/**
- * Exception to indicate that the user account is disabled.
- */
-public class AccountNotFoundException extends RuntimeException {
-
- public AccountNotFoundException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
- super(message, cause, enableSuppression, writableStackTrace);
- }
-
- public AccountNotFoundException(Throwable cause) {
- super(cause);
- }
-
- public AccountNotFoundException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public AccountNotFoundException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java
deleted file mode 100644
index dacc483..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service;
-
-/**
- * Exception to indicate that the user has already submitting an account request
- * and that request is still pending.
- */
-public class AccountPendingException extends RuntimeException {
-
- public AccountPendingException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
- super(message, cause, enableSuppression, writableStackTrace);
- }
-
- public AccountPendingException(Throwable cause) {
- super(cause);
- }
-
- public AccountPendingException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public AccountPendingException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/KeyService.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/KeyService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/KeyService.java
new file mode 100644
index 0000000..4543475
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/KeyService.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.service;
+
+import org.apache.nifi.key.Key;
+
+/**
+ * Manages NiFi user keys.
+ */
+public interface KeyService {
+
+ /**
+ * Gets a key for the specified user identity. Returns null if the user has not had a key issued
+ *
+ * @param id The key id
+ * @return The key or null
+ */
+ Key getKey(int id);
+
+ /**
+ * Gets a key for the specified user identity. If a key does not exist, one will be created.
+ *
+ * @param identity The user identity
+ * @return The key
+ * @throws AdministrationException if it failed to get/create the key
+ */
+ Key getOrCreateKey(String identity);
+
+ /**
+ * Deletes keys for the specified identity.
+ *
+ * @param identity The user identity
+ */
+ void deleteKey(String identity);
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java
deleted file mode 100644
index 4ea71af..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service;
-
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.DownloadAuthorization;
-import org.apache.nifi.key.Key;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.user.NiFiUserGroup;
-
-/**
- * Manages NiFi user accounts.
- */
-public interface UserService {
-
- /**
- * Creates a new user account using the specified dn and justification.
- *
- * @param dn user dn
- * @param justification why the account is necessary
- * @return the created NiFiUser
- */
- NiFiUser createPendingUserAccount(String dn, String justification);
-
- /**
- * @return Determines if there are any PENDING user accounts present
- */
- Boolean hasPendingUserAccount();
-
- /**
- * @param dnChain user dn chain
- * @param attributes attributes for authorization request
- * @return Determines if the users in the dnChain are authorized to download content with the specified attributes
- */
- DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes);
-
- /**
- * Updates a user group using the specified group comprised of the specified users. Returns all the users that are currently in the specified group.
- *
- * @param group group
- * @param userIds users
- * @param authorities auths
- * @return a user group
- */
- NiFiUserGroup updateGroup(String group, Set<String> userIds, Set<Authority> authorities);
-
- /**
- * Authorizes the user specified.
- *
- * @param dn user dn
- * @return the user for the given dn if found
- */
- NiFiUser checkAuthorization(String dn);
-
- /**
- * Deletes the user with the specified id.
- *
- * @param id user identifier
- */
- void deleteUser(String id);
-
- /**
- * Disables the specified users account.
- *
- * @param id user identifier
- * @return user for the given identifier
- */
- NiFiUser disable(String id);
-
- /**
- * Disables the specified user group.
- *
- * @param group to disable
- * @return user group
- */
- NiFiUserGroup disableGroup(String group);
-
- /**
- * Updates the specified user with the specified authorities.
- *
- * @param id identifier of user
- * @param authorities auths to set
- * @return the updated user
- */
- NiFiUser update(String id, Set<Authority> authorities);
-
- /**
- * Invalidates the specified user account.
- *
- * @param id identifier of user account to invalidate
- */
- void invalidateUserAccount(String id);
-
- /**
- * Invalidates the user accounts associated with the specified user group.
- *
- * @param group to invalidate user accounts on
- */
- void invalidateUserGroupAccount(String group);
-
- /**
- * Ungroups the specified group.
- *
- * @param group to split up
- */
- void ungroup(String group);
-
- /**
- * Ungroups the specified user.
- *
- * @param id user to ungroup
- */
- void ungroupUser(String id);
-
- /**
- * Returns a collection of all NiFiUsers.
- *
- * @return Collection of users
- */
- Collection<NiFiUser> getUsers();
-
- /**
- * Finds the specified user by id.
- *
- * @param id of the user
- * @return the user object
- */
- NiFiUser getUserById(String id);
-
- /**
- * Finds the specified user by dn.
- *
- * @param dn the user dn
- * @return the newly created user
- * @throws AdministrationException ae
- */
- NiFiUser getUserByDn(String dn);
-
- /**
- * Gets a key for the specified user identity. Returns null if the user has not had a key issued
- *
- * @param id The key id
- * @return The key or null
- */
- Key getKey(int id);
-
- /**
- * Gets a key for the specified user identity. If a key does not exist, one will be created.
- *
- * @param identity The user identity
- * @return The key
- * @throws AdministrationException if it failed to get/create the key
- */
- Key getOrCreateKey(String identity);
-
- /**
- * Deletes keys for the specified identity.
- *
- * @param identity The user identity
- */
- void deleteKey(String identity);
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java
deleted file mode 100644
index 69c6c1f..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Date;
-import java.util.EnumSet;
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- * @param <T> type of user action
- */
-public abstract class AbstractUserAction<T> implements AdministrationAction<T> {
-
- /**
- * Determines the authorities that need to be added to the specified user.
- *
- * @param user user
- * @param authorities auths
- * @return authorities to add
- */
- protected Set<Authority> determineAuthoritiesToAdd(NiFiUser user, Set<Authority> authorities) {
- // not using copyOf since authorities may be empty and copyOf can throw an IllegalArgumentException when empty
- Set<Authority> authoritiesToAdd = EnumSet.noneOf(Authority.class);
- authoritiesToAdd.addAll(authorities);
-
- // identify the authorities that need to be inserted
- authoritiesToAdd.removeAll(user.getAuthorities());
-
- // return the desired authorities
- return authoritiesToAdd;
- }
-
- /**
- * Determines the authorities that need to be removed from the specified
- * user.
- *
- * @param user user
- * @param authorities auths
- * @return auths to remove
- */
- protected Set<Authority> determineAuthoritiesToRemove(NiFiUser user, Set<Authority> authorities) {
- Set<Authority> authoritiesToRemove = EnumSet.copyOf(user.getAuthorities());
-
- // identify the authorities that need to be removed
- authoritiesToRemove.removeAll(authorities);
-
- // return the desired authorities
- return authoritiesToRemove;
- }
-
- /**
- * Verifies the specified users account. Includes obtaining the authorities
- * and group according to the specified authority provider.
- *
- * @param authorityProvider provider
- * @param user user to verify
- */
- protected void verifyAccount(AuthorityProvider authorityProvider, NiFiUser user) {
- // load the roles for the user
- Set<Authority> authorities = authorityProvider.getAuthorities(user.getIdentity());
-
- // update the user's authorities
- user.getAuthorities().clear();
- user.getAuthorities().addAll(authorities);
-
- // get the user group
- user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity()));
-
- // update the users status in case they were previously pending or disabled
- user.setStatus(AccountStatus.ACTIVE);
-
- // update the users last verified time - this timestampt shouldn't be record
- // until the both the user's authorities and group have been synced
- Date now = new Date();
- user.setLastVerified(now);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
index db1d8a2..937603e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
@@ -19,7 +19,6 @@ package org.apache.nifi.admin.service.action;
import org.apache.nifi.action.Action;
import org.apache.nifi.admin.dao.ActionDAO;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
import java.util.Collection;
@@ -35,7 +34,7 @@ public class AddActionsAction implements AdministrationAction<Void> {
}
@Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Void execute(DAOFactory daoFactory) {
ActionDAO actionDao = daoFactory.getActionDAO();
// add each action
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
index f1795a9..141aa84 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
@@ -17,7 +17,6 @@
package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
/**
* Defines the administration action. Actions are provided a DAO factory and
@@ -31,8 +30,7 @@ public interface AdministrationAction<T> {
* Performs an action using the specified DAOFactory and AuthorityProvider.
*
* @param daoFactory factory
- * @param authorityProvider provider
* @return action result
*/
- T execute(DAOFactory daoFactory, AuthorityProvider authorityProvider);
+ T execute(DAOFactory daoFactory);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java
deleted file mode 100644
index d1b994c..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.List;
-import java.util.Map;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.DownloadAuthorization;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-
-/**
- * Attempts to obtain authorization to download the content with the specified
- * attributes for the specified user.
- */
-public class AuthorizeDownloadAction implements AdministrationAction<DownloadAuthorization> {
-
- private final List<String> dnChain;
- private final Map<String, String> attributes;
-
- public AuthorizeDownloadAction(List<String> dnChain, Map<String, String> attributes) {
- this.dnChain = dnChain;
- this.attributes = attributes;
- }
-
- @Override
- public DownloadAuthorization execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
- try {
- return authorityProvider.authorizeDownload(dnChain, attributes);
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(uie.getMessage(), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(aae.getMessage(), aae);
- }
- }
-
-}
[03/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-group-dialog.jsp
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-group-dialog.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-group-dialog.jsp
deleted file mode 100644
index 0578825..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-group-dialog.jsp
+++ /dev/null
@@ -1,27 +0,0 @@
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %>
-<div id="user-group-dialog">
- <div class="dialog-content">
- <div class="setting">
- <div class="setting-name">Group name</div>
- <div class="setting-field">
- <input id="group-name" name="group-name" type="text"/>
- </div>
- </div>
- </div>
-</div>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-revoke-dialog.jsp
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-revoke-dialog.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-revoke-dialog.jsp
deleted file mode 100644
index 498c3c2..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-revoke-dialog.jsp
+++ /dev/null
@@ -1,23 +0,0 @@
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %>
-<div id="user-revoke-dialog">
- <div class="dialog-content">
- <input type="hidden" id="user-id-revoke-dialog"/>
- Are you sure you want to revoke access for '<span id="user-name-revoke-dialog"></span>'?
- </div>
-</div>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-roles-dialog.jsp
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-roles-dialog.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-roles-dialog.jsp
deleted file mode 100644
index dfd256b..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/user-roles-dialog.jsp
+++ /dev/null
@@ -1,60 +0,0 @@
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %>
-<div id="user-roles-dialog">
- <div class="dialog-content">
- <div class="setting">
- <input type="hidden" id="user-id-roles-dialog"/>
- <div class="setting-name">User</div>
- <div class="setting-field">
- <span id="user-name-roles-dialog"></span>
- </div>
- <div class="clear"></div>
- </div>
- <div class="setting">
- <div class="setting-name">Justification</div>
- <div class="setting-field">
- <div id="user-justification-roles-dialog"></div>
- </div>
- <div class="clear"></div>
- </div>
- <div class="setting">
- <div class="setting-name">Roles</div>
- <div class="roles-container">
- <div class="role-container">
- <div id="role-admin-checkbox" class="role-checkbox nf-checkbox checkbox-unchecked"></div><div class="role-name">Administrator</div>
- </div>
- <div class="role-container">
- <div id="role-dfm-checkbox" class="role-checkbox nf-checkbox checkbox-unchecked"></div><div class="role-name">Data Flow Manager</div>
- </div>
- <div class="role-container">
- <div id="role-monitor-checkbox" class="role-checkbox nf-checkbox checkbox-unchecked"></div><div class="role-name">Read Only</div>
- </div>
- <div class="role-container" style="margin-top: 5px;">
- <div id="role-provenance-checkbox" class="role-checkbox nf-checkbox checkbox-unchecked"></div><div class="role-name">Provenance</div>
- </div>
- <div class="role-container" style="margin-top: 5px;">
- <div id="role-nifi-checkbox" class="role-checkbox nf-checkbox checkbox-unchecked"></div><div class="role-name">NiFi</div>
- </div>
- <div class="role-container">
- <div id="role-proxy-checkbox" class="role-checkbox nf-checkbox checkbox-unchecked"></div><div class="role-name">Proxy</div>
- </div>
- </div>
- <div class="clear"></div>
- </div>
- </div>
-</div>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/users-content.jsp
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/users-content.jsp b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/users-content.jsp
deleted file mode 100644
index cdaf6c1..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/WEB-INF/partials/users/users-content.jsp
+++ /dev/null
@@ -1,46 +0,0 @@
-<%--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
---%>
-<%@ page contentType="text/html" pageEncoding="UTF-8" session="false" %>
-<div id="users">
- <div id="users-header-and-filter">
- <div id="users-header-text">NiFi Users</div>
- <div id="users-filter-controls">
- <div id="users-filter-container">
- <input type="text" id="users-filter"/>
- <div id="users-filter-type"></div>
- </div>
- <div id="users-filter-stats">
- Displaying <span id="displayed-users"></span> of <span id="total-users"></span>
- </div>
- </div>
- </div>
- <div id="users-refresh-container">
- <div id="refresh-button" class="users-refresh pointer" title="Refresh"></div>
- <div id="users-last-refreshed-container">
- Last updated: <span id="users-last-refreshed"></span>
- </div>
- <div id="users-loading-container" class="loading-container"></div>
- <div id="group-controls-container">
- <div id="group-collaspe-container">
- <div id="group-collaspe-checkbox" class="nf-checkbox checkbox-unchecked"></div>
- <span> Show by group</span>
- </div>
- <div id="group-button" class="button-normal pointer">Group</div>
- </div>
- </div>
- <div id="users-table"></div>
-</div>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css
index 200f6bb..0dd10d7 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/header.css
@@ -622,19 +622,6 @@ div.provenance-link-disabled {
background: transparent url(../images/iconProvenance.png) no-repeat scroll top right;
}
-div.users-link {
- background: transparent url(../images/iconAdminUser.png) no-repeat scroll top left;
-}
-
-div.users-link-hover {
- background: transparent url(../images/iconAdminUser.png) no-repeat scroll top center;
- cursor: pointer;
-}
-
-div.users-link-disabled {
- background: transparent url(../images/iconAdminUser.png) no-repeat scroll top right;
-}
-
div.cluster-link {
background: transparent url(../images/iconCluster.png) no-repeat scroll top left;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/port-configuration.css
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/port-configuration.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/port-configuration.css
index ce1f00a..f48d893 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/port-configuration.css
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/port-configuration.css
@@ -54,137 +54,4 @@ div.port-enabled-container {
float: left;
margin-top: 5px;
margin-left: 10px;
-}
-
-/*
- Secure port configuration
-*/
-
-#secure-port-configuration {
- z-index: 1301;
- display: none;
- width: 400px;
- height: 450px;
-}
-
-#secure-port-configuration div.dialog-content {
- margin-top: -10px;
-}
-#secure-port-configuration-tabs {
- background-color: transparent;
- border-bottom: 3px solid #666666;
- height: 21px;
- width: 380px;
-}
-
-#secure-port-configuration div.configuration-tab {
- z-index: 1301;
- display: none;
- background: url("../images/bgTabContainer.png") repeat-x scroll 0 0 #EEEEEE;
- padding: 10px;
- width: 360px;
- height: 340px;
-}
-
-#secure-port-name {
- width: 280px;
- float: left;
-}
-
-.secure-port-field {
- width: 350px;
-}
-
-textarea.secure-port-field {
- height: 100px;
-}
-
-div.secure-port-setting {
- margin-bottom: 15px;
- width: 360px;
-}
-
-input.search-users {
- color: #888;
-}
-
-#search-users-results .ui-autocomplete {
- max-height: 300px;
- overflow: auto;
- border: 1px solid #aaaaaa;
- z-index: 1351;
- border-radius: 0;
-}
-
-#search-users-results .ui-menu .ui-menu-item a.ui-state-focus {
- background: #D4E0E5 !important;
- border: 1px solid #999999;
- border-radius: 0;
-}
-
-li.search-users-header {
- font-weight: bold;
- padding-top: 4px;
- padding-left: 4px;
- padding-right: 4px;
- height: 14px;
-}
-
-div.search-users-match-header {
- font-weight: normal;
- margin-left: 10px;
-}
-
-li.search-users-no-matches {
- padding: 4px;
- font-weight: bold;
- color: #aaa;
- font-style: italic;
-}
-
-#secure-port-configuration div.port-setting-left {
- margin-right: 10px;
-}
-
-#secure-port-configuration div.port-setting-left, #secure-port-configuration div.port-setting-right {
- width: 185px;
- float: left;
-}
-
-div.allowed-container {
- width: 358px;
- height: 100px;
- border: 1px solid #aaa;
- overflow-x: hidden;
- overflow-y: scroll;
-}
-
-ul.allowed {
- list-style-type: none;
-}
-
-ul.allowed li {
- height: 16px;
- width: 331px;
- border: 1px solid #618BA3;
- background-color: #c5d5de;
- color: #555;
- overflow: hidden;
- margin: 2px;
- padding: 2px;
- line-height: 16px;
- font-weight: bold;
-}
-
-span.allowed-entity {
- float: left;
- width: 310px;
-}
-
-div.remove-allowed-entity {
- float: right;
- width: 16px;
- height: 16px;
- background-image: url(../images/iconDelete.png);
- cursor: pointer;
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/port-details.css
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/port-details.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/port-details.css
index 831c5ee..055103e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/port-details.css
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/port-details.css
@@ -23,31 +23,4 @@
display: none;
width: 400px;
height: 300px;
-}
-
-/*
- Secure port details.
-*/
-
-#secure-port-details {
- z-index: 1301;
- display: none;
- height: 425px;
- width: 400px;
-}
-
-#secure-port-details-tabs {
- background-color: transparent;
- border-bottom: 3px solid #666666;
- height: 21px;
- width: 380px;
-}
-
-#secure-port-details div.configuration-tab {
- background: url("../images/bgTabContainer.png") repeat-x scroll 0 0 #EEEEEE;
- display: none;
- height: 315px;
- padding: 10px;
- width: 360px;
- z-index: 1301;
}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/users.css
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/users.css b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/users.css
deleted file mode 100644
index 9c304fe..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/css/users.css
+++ /dev/null
@@ -1,254 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/*
- Counters Styles
-*/
-
-#users {
- position: absolute;
- top: 0px;
- bottom: 0px;
- left: 0px;
- right: 0px;
-}
-
-#users-header-and-filter {
- height: 35px;
- margin-top: 20px;
- margin-left: 20px;
- margin-right: 20px;
-}
-
-#users-header-text {
- float: left;
- font-size: 16px;
- font-weight: bold;
-}
-
-#users-refresh-container {
- height: 26px;
- margin-left: 20px;
- margin-right: 20px;
- margin-top: 18px;
- -webkit-user-select: none;
- -moz-user-select: none;
-}
-
-#users-last-refreshed-container {
- float: left;
- color: #666;
- font-weight: normal;
- margin-top: 6px;
- margin-left: 3px;
-}
-
-#users-loading-container {
- float: left;
- width: 16px;
- height: 16px;
- background-color: transparent;
- margin-top: 4px;
- margin-left: 3px;
-}
-
-#users-last-refreshed {
- font-weight: bold;
-}
-
-#users-header {
- padding-top: 10px;
-}
-
-#refresh-button {
- height: 24px;
- width: 26px;
- float: left;
-}
-
-/* group controls */
-
-#group-controls-container {
- position: absolute;
- right: 20px;
- top: 75px;
-}
-
-#group-collaspe-container {
- float: left;
- margin-top: 5px;
- margin-right: 10px;
-}
-
-#group-button {
- height: 20px;
- line-height: 20px;
- width: 55px;
- text-align: center;
- font-weight: bold;
- border: 1px solid #AAAAAA;
- color: #525252;
- float: left;
-}
-
-/* group dialog */
-
-#user-group-dialog {
- display: none;
- width: 350px;
- height: 150px;
- z-index: 1301;
-}
-
-#group-name {
- width: 320px;
-}
-
-/* filter controls */
-
-#users-filter-controls {
- float: right;
-}
-
-#users-filter-container {
- height: 24px;
- width: 318px;
-}
-
-#users-filter {
- padding: 3px 0px 1px 3px;
- font-size: 12px;
- height: 18px;
- line-height: 20px;
- width: 173px;
- border: 1px solid #ccc;
- margin-right: 3px;
- float: left;
-}
-
-input.users-filter-list {
- color: #888;
-}
-
-#users-filter-type {
- width: 127px;
- height: 18px;
- line-height: 18px;
- float: left;
-}
-
-#users-filter-stats {
- font-size: 9px;
- font-weight: bold;
- color: #9f6000;
- clear: left;
- line-height: normal;
- margin-left: 5px;
-}
-
-/* users table */
-
-#users-table {
- position: absolute;
- top: 100px;
- left: 20px;
- bottom: 20px;
- right: 20px;
- border: 1px solid #666;
- overflow: hidden;
-}
-
-a.user-account-action:link, a.user-account-action:visited, a.user-account-action:active {
- color: #355b6a;
- text-decoration: underline;
-}
-
-a.user-account-action:hover {
- color: #4b788a;
- text-decoration: none;
-}
-
-/* user details dialog */
-
-#user-details-dialog {
- display: none;
- width: 350px;
- height: 400px;
- z-index: 1301;
-}
-
-#user-justification-details-dialog {
- max-height: 120px;
- overflow-y: auto;
-}
-
-#user-roles-dialog {
- display: none;
- width: 350px;
- height: 400px;
- z-index: 1301;
-}
-
-#user-justification-roles-dialog {
- max-height: 120px;
- overflow-y: auto;
-}
-
-#group-roles-dialog {
- display: none;
- width: 350px;
- height: 375px;
- z-index: 1301;
-}
-
-div.roles-container {
- margin-top: 3px;
- margin-left: 3px;
-}
-
-div.role-container {
- height: 16px;
-}
-
-div.role-name {
- display: inline-block;
- line-height: normal;
-}
-
-/* user revoke dialog */
-
-#user-revoke-dialog {
- display: none;
- width: 450px;
- height: 165px;
- z-index: 1301;
-}
-
-#group-revoke-dialog {
- display: none;
- width: 450px;
- height: 165px;
- z-index: 1301;
-}
-
-/* user delete dialog */
-
-#user-delete-dialog {
- display: none;
- width: 450px;
- height: 165px;
- z-index: 1301;
-}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/images/iconAdminUser.png
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/images/iconAdminUser.png b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/images/iconAdminUser.png
deleted file mode 100755
index fbaf73b..0000000
Binary files a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/images/iconAdminUser.png and /dev/null differ
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/jquery/propertytable/jquery.propertytable.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/jquery/propertytable/jquery.propertytable.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/jquery/propertytable/jquery.propertytable.js
index b686eb9..4de1e1c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/jquery/propertytable/jquery.propertytable.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/jquery/propertytable/jquery.propertytable.js
@@ -891,7 +891,7 @@
// add the new controller service
$.ajax({
type: 'POST',
- url: '../nifi-api/controller/controller-services/node',
+ url: '../nifi-api/controller-services/node',
data: {
version: revision.version,
clientId: revision.clientId,
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/bulletin-board/nf-bulletin-board.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/bulletin-board/nf-bulletin-board.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/bulletin-board/nf-bulletin-board.js
index 55d0a9d..d318d27 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/bulletin-board/nf-bulletin-board.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/bulletin-board/nf-bulletin-board.js
@@ -34,7 +34,7 @@ nf.BulletinBoard = (function () {
urls: {
banners: '../nifi-api/controller/banners',
controllerAbout: '../nifi-api/controller/about',
- bulletinBoard: '../nifi-api/controller/bulletin-board'
+ bulletinBoard: '../nifi-api/bulletin-board'
},
styles: {
filterList: 'bulletin-board-filter-list',
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-actions.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-actions.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-actions.js
index d92ebc2..9a1e934 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-actions.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-actions.js
@@ -56,23 +56,21 @@ nf.Actions = (function () {
/**
- * Updates the resource with the specified data.
+ * Updates the resource with the specified entity.
*
* @param {string} uri
- * @param {object} data
+ * @param {object} entity
*/
- var updateResource = function (uri, data) {
- var revision = nf.Client.getRevision();
-
- // ensure the version and client ids are specified
- data.version = revision.version;
- data.clientId = revision.clientId;
+ var updateResource = function (uri, entity) {
+ // add the revision
+ entity['revision'] = nf.Client.getRevision();
return $.ajax({
type: 'PUT',
url: uri,
- data: data,
- dataType: 'json'
+ data: JSON.stringify(entity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
// update the revision
nf.Client.setRevision(response.revision);
@@ -412,7 +410,15 @@ nf.Actions = (function () {
// enable the selected processors
componentsToEnable.each(function (d) {
var selected = d3.select(this);
- enableRequests.push(updateResource(d.component.uri, {state: 'STOPPED'}).done(function (response) {
+
+ // build the entity
+ var entity = {};
+ entity[nf[d.type].getEntityKey()] = {
+ 'id': d.component.id,
+ 'state': 'STOPPED'
+ };
+
+ enableRequests.push(updateResource(d.component.uri, entity).done(function (response) {
if (nf.CanvasUtils.isProcessor(selected)) {
nf.Processor.set(response.processor);
} else if (nf.CanvasUtils.isInputPort(selected)) {
@@ -451,7 +457,15 @@ nf.Actions = (function () {
// disable the selected components
componentsToDisable.each(function (d) {
var selected = d3.select(this);
- disableRequests.push(updateResource(d.component.uri, {state: 'DISABLED'}).done(function (response) {
+
+ // build the entity
+ var entity = {};
+ entity[nf[d.type].getEntityKey()] = {
+ 'id': d.component.id,
+ 'state': 'DISABLED'
+ };
+
+ disableRequests.push(updateResource(d.component.uri, entity).done(function (response) {
if (nf.CanvasUtils.isProcessor(selected)) {
nf.Processor.set(response.processor);
} else if (nf.CanvasUtils.isInputPort(selected)) {
@@ -494,7 +508,15 @@ nf.Actions = (function () {
*/
start: function (selection) {
if (selection.empty()) {
- updateResource(config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()), {running: true}).done(updateProcessGroup);
+ // build the entity
+ var entity = {
+ 'processGroup': {
+ 'id': nf.Canvas.getGroupId(),
+ 'running': true
+ }
+ };
+
+ updateResource(config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()), entity).done(updateProcessGroup);
} else {
var componentsToStart = selection.filter(function (d) {
return nf.CanvasUtils.isRunnable(d3.select(this));
@@ -514,14 +536,20 @@ nf.Actions = (function () {
var selected = d3.select(this);
// processor endpoint does not use running flag...
- var data = {};
+ var component = {
+ 'id': d.component.id,
+ };
if (nf.CanvasUtils.isProcessor(selected) || nf.CanvasUtils.isInputPort(selected) || nf.CanvasUtils.isOutputPort(selected)) {
- data['state'] = 'RUNNING';
+ component['state'] = 'RUNNING';
} else {
- data['running'] = true;
+ component['running'] = true;
}
- startRequests.push(updateResource(d.component.uri, data).done(function (response) {
+ // build the entity
+ var entity = {};
+ entity[nf[d.type].getEntityKey()] = component;
+
+ startRequests.push(updateResource(d.component.uri, entity).done(function (response) {
if (nf.CanvasUtils.isProcessor(selected)) {
nf.Processor.set(response.processor);
} else if (nf.CanvasUtils.isProcessGroup(selected)) {
@@ -557,7 +585,15 @@ nf.Actions = (function () {
*/
stop: function (selection) {
if (selection.empty()) {
- updateResource(config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()), {running: false}).done(updateProcessGroup);
+ // build the entity
+ var entity = {
+ 'processGroup': {
+ 'id': nf.Canvas.getGroupId(),
+ 'running': false
+ }
+ };
+
+ updateResource(config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()), entity).done(updateProcessGroup);
} else {
var componentsToStop = selection.filter(function (d) {
return nf.CanvasUtils.isStoppable(d3.select(this));
@@ -577,14 +613,20 @@ nf.Actions = (function () {
var selected = d3.select(this);
// processor endpoint does not use running flag...
- var data = {};
+ var component = {
+ 'id': d.component.id,
+ };
if (nf.CanvasUtils.isProcessor(selected) || nf.CanvasUtils.isInputPort(selected) || nf.CanvasUtils.isOutputPort(selected)) {
- data['state'] = 'STOPPED';
+ component['state'] = 'STOPPED';
} else {
- data['running'] = false;
+ component['running'] = false;
}
- stopRequests.push(updateResource(d.component.uri, data).done(function (response) {
+ // build the entity
+ var entity = {};
+ entity[nf[d.type].getEntityKey()] = component;
+
+ stopRequests.push(updateResource(d.component.uri, entity).done(function (response) {
if (nf.CanvasUtils.isProcessor(selected)) {
nf.Processor.set(response.processor);
} else if (nf.CanvasUtils.isProcessGroup(selected)) {
@@ -625,7 +667,15 @@ nf.Actions = (function () {
// start each selected component
componentsToEnable.each(function (d) {
- updateResource(d.component.uri, {transmitting: true}).done(function (response) {
+ // build the entity
+ var entity = {};
+ entity[nf[d.type].getEntityKey()] = {
+ 'id': d.component.id,
+ 'transmitting': true
+ };
+
+ // start transmitting
+ updateResource(d.component.uri, entity).done(function (response) {
nf.RemoteProcessGroup.set(response.remoteProcessGroup);
});
});
@@ -643,7 +693,14 @@ nf.Actions = (function () {
// stop each selected component
componentsToDisable.each(function (d) {
- updateResource(d.component.uri, {transmitting: false}).done(function (response) {
+ // build the entity
+ var entity = {};
+ entity[nf[d.type].getEntityKey()] = {
+ 'id': d.component.id,
+ 'transmitting': false
+ };
+
+ updateResource(d.component.uri, entity).done(function (response) {
nf.RemoteProcessGroup.set(response.remoteProcessGroup);
});
});
@@ -665,12 +722,7 @@ nf.Actions = (function () {
} else if (nf.CanvasUtils.isRemoteProcessGroup(selection)) {
nf.RemoteProcessGroupConfiguration.showConfiguration(selection);
} else if (nf.CanvasUtils.isInputPort(selection) || nf.CanvasUtils.isOutputPort(selection)) {
- // ports in the root group can be configured for access control
- if (nf.Canvas.getParentGroupId() === null && nf.Canvas.isSecureSiteToSite()) {
- nf.SecurePortConfiguration.showConfiguration(selection);
- } else {
- nf.PortConfiguration.showConfiguration(selection);
- }
+ nf.PortConfiguration.showConfiguration(selection);
} else if (nf.CanvasUtils.isConnection(selection)) {
nf.ConnectionConfiguration.showConfiguration(selection);
}
@@ -688,12 +740,7 @@ nf.Actions = (function () {
} else if (nf.CanvasUtils.isRemoteProcessGroup(selection)) {
nf.RemoteProcessGroupDetails.showDetails(selection);
} else if (nf.CanvasUtils.isInputPort(selection) || nf.CanvasUtils.isOutputPort(selection)) {
- // ports in the root group can be configured for access control
- if (nf.Canvas.getParentGroupId() === null && nf.Canvas.isSecureSiteToSite()) {
- nf.SecurePortDetails.showDetails(selection);
- } else {
- nf.PortDetails.showDetails(selection);
- }
+ nf.PortDetails.showDetails(selection);
} else if (nf.CanvasUtils.isConnection(selection)) {
nf.ConnectionDetails.showDetails(nf.Canvas.getGroupId(), selectionData.component.id);
}
@@ -1018,7 +1065,8 @@ nf.Actions = (function () {
$.ajax({
type: 'POST',
url: connection.component.uri + '/drop-requests',
- dataType: 'json'
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function(response) {
// initialize the progress bar value
updateProgress(0);
@@ -1383,18 +1431,22 @@ nf.Actions = (function () {
// use one higher
var zIndex = maxZIndex + 1;
- var revision = nf.Client.getRevision();
+ // build the connection entity
+ var connectionEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'connection': {
+ 'id': connection.component.id,
+ 'zIndex': zIndex
+ }
+ };
// update the edge in question
$.ajax({
type: 'PUT',
url: connection.component.uri,
- data: {
- version: revision.version,
- clientId: revision.clientId,
- zIndex: zIndex
- },
- dataType: 'json'
+ data: JSON.stringify(connectionEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
// update the edge's zIndex
nf.Connection.set(response.connection);
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-header.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-header.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-header.js
index 80cabe4..02000c5 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-header.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-header.js
@@ -71,15 +71,6 @@ nf.CanvasHeader = (function () {
});
});
- // mouse over for the users link
- if (nf.Common.isAdmin()) {
- nf.Common.addHoverEffect('#users-link', 'users-link', 'users-link-hover').click(function () {
- nf.Shell.showPage('users');
- });
- } else {
- $('#users-link').addClass('users-link-disabled');
- }
-
// mouse over for the cluster link
if (nf.Canvas.isClustered()) {
nf.Common.addHoverEffect('#cluster-link', 'cluster-link', 'cluster-link-hover').click(function () {
@@ -181,8 +172,6 @@ nf.CanvasHeader = (function () {
// color the selected components
selection.each(function (d) {
var selected = d3.select(this);
-
- var revision = nf.Client.getRevision();
var selectedData = selected.datum();
// get the color and update the styles
@@ -190,16 +179,24 @@ nf.CanvasHeader = (function () {
// ensure the color actually changed
if (color !== selectedData.component.style['background-color']) {
+ // build the request entity
+ var entity = {
+ 'revision': nf.Client.getRevision()
+ };
+ entity[nf[selectedData.type].getEntityKey()] = {
+ 'id': selectedData.component.id,
+ 'style': {
+ 'background-color': color
+ }
+ };
+
// update the style for the specified component
$.ajax({
type: 'PUT',
url: selectedData.component.uri,
- data: {
- 'version': revision.version,
- 'clientId': revision.clientId,
- 'style[background-color]': color
- },
- dataType: 'json'
+ data: JSON.stringify(entity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
// update the revision
nf.Client.setRevision(response.revision);
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-toolbox.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-toolbox.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-toolbox.js
index 8c666ab..3d6a33f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-toolbox.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas-toolbox.js
@@ -36,6 +36,7 @@ nf.CanvasToolbox = (function () {
filterList: 'filter-list'
},
urls: {
+ api: '../nifi-api',
controller: '../nifi-api/controller',
processorTypes: '../nifi-api/controller/processor-types',
templates: '../nifi-api/controller/templates'
@@ -361,21 +362,25 @@ nf.CanvasToolbox = (function () {
* @argument {object} pt The point that the processor was dropped
*/
var createProcessor = function (name, processorType, pt) {
- var revision = nf.Client.getRevision();
+ var processorEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'processor': {
+ 'type': processorType,
+ 'name': name,
+ 'position': {
+ 'x': pt.x,
+ 'y': pt.y
+ }
+ }
+ };
// create a new processor of the defined type
$.ajax({
type: 'POST',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/processors',
- data: {
- version: revision.version,
- clientId: revision.clientId,
- name: name,
- type: processorType,
- x: pt.x,
- y: pt.y
- },
- dataType: 'json'
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/processors',
+ data: JSON.stringify(processorEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
if (nf.Common.isDefinedAndNotNull(response.processor)) {
// update the revision
@@ -448,20 +453,24 @@ nf.CanvasToolbox = (function () {
* @argument {object} pt The point that the input port was dropped
*/
var createInputPort = function (portName, pt) {
- var revision = nf.Client.getRevision();
-
+ var inputPortEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'inputPort': {
+ 'name': portName,
+ 'position': {
+ 'x': pt.x,
+ 'y': pt.y
+ }
+ }
+ };
+
// create a new processor of the defined type
$.ajax({
type: 'POST',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/input-ports',
- data: {
- version: revision.version,
- clientId: revision.clientId,
- name: portName,
- x: pt.x,
- y: pt.y
- },
- dataType: 'json'
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/input-ports',
+ data: JSON.stringify(inputPortEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
if (nf.Common.isDefinedAndNotNull(response.inputPort)) {
// update the revision
@@ -534,20 +543,24 @@ nf.CanvasToolbox = (function () {
* @argument {object} pt The point that the output port was dropped
*/
var createOutputPort = function (portName, pt) {
- var revision = nf.Client.getRevision();
+ var outputPortEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'outputPort': {
+ 'name': portName,
+ 'position': {
+ 'x': pt.x,
+ 'y': pt.y
+ }
+ }
+ };
// create a new processor of the defined type
$.ajax({
type: 'POST',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/output-ports',
- data: {
- version: revision.version,
- clientId: revision.clientId,
- name: portName,
- x: pt.x,
- y: pt.y
- },
- dataType: 'json'
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/output-ports',
+ data: JSON.stringify(outputPortEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
if (nf.Common.isDefinedAndNotNull(response.outputPort)) {
// update the revision
@@ -574,20 +587,24 @@ nf.CanvasToolbox = (function () {
* @argument {object} pt The point that the group was dropped
*/
var createGroup = function (groupName, pt) {
- var revision = nf.Client.getRevision();
+ var processGroupEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'processGroup': {
+ 'name': groupName,
+ 'position': {
+ 'x': pt.x,
+ 'y': pt.y
+ }
+ }
+ };
// create a new processor of the defined type
return $.ajax({
type: 'POST',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/process-group-references',
- data: {
- version: revision.version,
- clientId: revision.clientId,
- name: groupName,
- x: pt.x,
- y: pt.y
- },
- dataType: 'json'
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/process-groups',
+ data: JSON.stringify(processGroupEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
if (nf.Common.isDefinedAndNotNull(response.processGroup)) {
// update the revision
@@ -657,20 +674,24 @@ nf.CanvasToolbox = (function () {
* @argument {object} pt The point that the remote group was dropped
*/
var createRemoteProcessGroup = function (remoteProcessGroupUri, pt) {
- var revision = nf.Client.getRevision();
+ var remoteProcessGroupEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'remoteProcessGroup': {
+ 'targetUri': remoteProcessGroupUri,
+ 'position': {
+ 'x': pt.x,
+ 'y': pt.y
+ }
+ }
+ };
// create a new processor of the defined type
$.ajax({
type: 'POST',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/remote-process-groups',
- data: {
- version: revision.version,
- clientId: revision.clientId,
- uri: remoteProcessGroupUri,
- x: pt.x,
- y: pt.y
- },
- dataType: 'json'
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/remote-process-groups',
+ data: JSON.stringify(remoteProcessGroupEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
if (nf.Common.isDefinedAndNotNull(response.remoteProcessGroup)) {
// update the revision
@@ -696,19 +717,23 @@ nf.CanvasToolbox = (function () {
* @argument {object} pt The point that the funnel was dropped
*/
var createFunnel = function (pt) {
- var revision = nf.Client.getRevision();
+ var outputPortEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'funnel': {
+ 'position': {
+ 'x': pt.x,
+ 'y': pt.y
+ }
+ }
+ };
// create a new funnel
$.ajax({
type: 'POST',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/funnels',
- data: {
- version: revision.version,
- clientId: revision.clientId,
- x: pt.x,
- y: pt.y
- },
- dataType: 'json'
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/funnels',
+ data: JSON.stringify(outputPortEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
if (nf.Common.isDefinedAndNotNull(response.funnel)) {
// update the revision
@@ -803,7 +828,7 @@ nf.CanvasToolbox = (function () {
// create a new instance of the new template
$.ajax({
type: 'POST',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/template-instance',
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/template-instance',
data: {
version: revision.version,
clientId: revision.clientId,
@@ -833,21 +858,25 @@ nf.CanvasToolbox = (function () {
* @argument {object} pt The point that the label was dropped
*/
var createLabel = function (pt) {
- var revision = nf.Client.getRevision();
+ var labelEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'label': {
+ 'width': nf.Label.config.width,
+ 'height': nf.Label.config.height,
+ 'position': {
+ 'x': pt.x,
+ 'y': pt.y
+ }
+ }
+ };
// create a new label
$.ajax({
type: 'POST',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/labels',
- data: {
- version: revision.version,
- clientId: revision.clientId,
- x: pt.x,
- y: pt.y,
- width: nf.Label.config.width,
- height: nf.Label.config.height
- },
- dataType: 'json'
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/labels',
+ data: JSON.stringify(labelEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
if (nf.Common.isDefinedAndNotNull(response.label)) {
// update the revision
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js
index ae3323b..84cc2c4 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-canvas.js
@@ -76,12 +76,13 @@ nf.Canvas = (function () {
var config = {
urls: {
+ api: '../nifi-api',
identity: '../nifi-api/controller/identity',
authorities: '../nifi-api/controller/authorities',
kerberos: '../nifi-api/access/kerberos',
revision: '../nifi-api/controller/revision',
status: '../nifi-api/controller/status',
- bulletinBoard: '../nifi-api/controller/bulletin-board',
+ bulletinBoard: '../nifi-api/bulletin-board',
banners: '../nifi-api/controller/banners',
controller: '../nifi-api/controller',
controllerConfig: '../nifi-api/controller/config',
@@ -782,7 +783,7 @@ nf.Canvas = (function () {
// load the controller
return $.ajax({
type: 'GET',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(processGroupId),
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(processGroupId),
data: {
verbose: true
},
@@ -833,7 +834,7 @@ nf.Canvas = (function () {
return $.Deferred(function (deferred) {
$.ajax({
type: 'GET',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(processGroupId) + '/status',
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(processGroupId) + '/status',
data: {
recursive: false
},
@@ -1108,12 +1109,10 @@ nf.Canvas = (function () {
nf.RemoteProcessGroupConfiguration.init();
nf.RemoteProcessGroupPorts.init();
nf.PortConfiguration.init();
- nf.SecurePortConfiguration.init();
nf.LabelConfiguration.init();
nf.ProcessorDetails.init();
nf.ProcessGroupDetails.init();
nf.PortDetails.init();
- nf.SecurePortDetails.init();
nf.ConnectionDetails.init();
nf.RemoteProcessGroupDetails.init();
nf.GoTo.init();
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-component-state.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-component-state.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-component-state.js
index fd2f4f6..afef31c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-component-state.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-component-state.js
@@ -255,15 +255,15 @@ nf.ComponentState = (function () {
if (stateEntryCount > 0) {
// clear the state
- var revision = nf.Client.getRevision();
+ var revision = {
+ 'revision': nf.Client.getRevision()
+ };
+
var component = componentStateTable.data('component');
$.ajax({
type: 'POST',
url: component.uri + '/state/clear-requests',
- data: {
- version: revision.version,
- clientId: revision.clientId
- },
+ data: JSON.stringify(revision),
dataType: 'json'
}).done(function (response) {
// update the revision
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-connection-configuration.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-connection-configuration.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-connection-configuration.js
index 9f83fae..73ea71b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-connection-configuration.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-connection-configuration.js
@@ -24,7 +24,7 @@ nf.ConnectionConfiguration = (function () {
var config = {
urls: {
- controller: '../nifi-api/controller',
+ api: '../nifi-api',
prioritizers: '../nifi-api/controller/prioritizers'
}
};
@@ -248,7 +248,7 @@ nf.ConnectionConfiguration = (function () {
$.ajax({
type: 'GET',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(processGroupData.component.id),
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(processGroupData.component.id),
data: {
verbose: true
},
@@ -473,7 +473,7 @@ nf.ConnectionConfiguration = (function () {
$.ajax({
type: 'GET',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(processGroupData.component.id),
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(processGroupData.component.id),
data: {
verbose: true
},
@@ -717,8 +717,14 @@ nf.ConnectionConfiguration = (function () {
var xOffset = nf.Connection.config.selfLoopXOffset;
var yOffset = nf.Connection.config.selfLoopYOffset;
- bends.push((rightCenter.x + xOffset) + ',' + (rightCenter.y - yOffset));
- bends.push((rightCenter.x + xOffset) + ',' + (rightCenter.y + yOffset));
+ bends.push({
+ 'x': (rightCenter.x + xOffset),
+ 'y': (rightCenter.y - yOffset)
+ });
+ bends.push({
+ 'x': (rightCenter.x + xOffset),
+ 'y': (rightCenter.y + yOffset)
+ });
} else {
var existingConnections = [];
@@ -794,10 +800,16 @@ nf.ConnectionConfiguration = (function () {
while (positioned === false) {
// consider above and below, then increment and try again (if necessary)
if (collides(xCandidate - xStep, yCandidate - yStep) === false) {
- bends.push((xCandidate - xStep) + ',' + (yCandidate - yStep));
+ bends.push({
+ 'x': (xCandidate - xStep),
+ 'y': (yCandidate - yStep)
+ });
positioned = true;
} else if (collides(xCandidate + xStep, yCandidate + yStep) === false) {
- bends.push((xCandidate + xStep) + ',' + (yCandidate + yStep));
+ bends.push({
+ 'x': (xCandidate + xStep),
+ 'y': (yCandidate + yStep)
+ });
positioned = true;
}
@@ -827,30 +839,36 @@ nf.ConnectionConfiguration = (function () {
var prioritizers = $('#prioritizer-selected').sortable('toArray');
if (validateSettings()) {
- var revision = nf.Client.getRevision();
+ var connectionEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'connection': {
+ 'name': connectionName,
+ 'source': {
+ 'id': sourceId,
+ 'groupId': sourceGroupId,
+ 'type': sourceType
+ },
+ 'destination': {
+ 'id': destinationId,
+ 'groupId': destinationGroupId,
+ 'type': destinationType
+ },
+ 'selectedRelationships': selectedRelationships,
+ 'flowFileExpiration': flowFileExpiration,
+ 'backPressureDataSizeThreshold': backPressureDataSizeThreshold,
+ 'backPressureObjectThreshold': backPressureObjectThreshold,
+ 'bends': bends,
+ 'prioritizers': prioritizers
+ }
+ };
// create the new connection
$.ajax({
type: 'POST',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/connections',
- data: {
- version: revision.version,
- clientId: revision.clientId,
- sourceId: sourceId,
- sourceGroupId: sourceGroupId,
- sourceType: sourceType,
- relationships: selectedRelationships,
- bends: bends,
- name: connectionName,
- flowFileExpiration: flowFileExpiration,
- backPressureObjectThreshold: backPressureObjectThreshold,
- backPressureDataSizeThreshold: backPressureDataSizeThreshold,
- prioritizers: prioritizers,
- destinationId: destinationId,
- destinationGroupId: destinationGroupId,
- destinationType: destinationType
- },
- dataType: 'json'
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(nf.Canvas.getGroupId()) + '/connections',
+ data: JSON.stringify(connectionEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
// update the revision
nf.Client.setRevision(response.revision);
@@ -882,6 +900,7 @@ nf.ConnectionConfiguration = (function () {
*/
var updateConnection = function (selectedRelationships) {
// get the connection details
+ var connectionId = $('#connection-id').text();
var connectionUri = $('#connection-uri').val();
// get the source details
@@ -904,26 +923,31 @@ nf.ConnectionConfiguration = (function () {
var prioritizers = $('#prioritizer-selected').sortable('toArray');
if (validateSettings()) {
- var revision = nf.Client.getRevision();
+ var connectionEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'connection': {
+ 'id': connectionId,
+ 'name': connectionName,
+ 'destination': {
+ 'id': destinationId,
+ 'groupId': destinationGroupId,
+ 'type': destinationType
+ },
+ 'selectedRelationships': selectedRelationships,
+ 'flowFileExpiration': flowFileExpiration,
+ 'backPressureDataSizeThreshold': backPressureDataSizeThreshold,
+ 'backPressureObjectThreshold': backPressureObjectThreshold,
+ 'prioritizers': prioritizers
+ }
+ };
// update the connection
return $.ajax({
type: 'PUT',
url: connectionUri,
- data: {
- version: revision.version,
- clientId: revision.clientId,
- relationships: selectedRelationships,
- name: connectionName,
- flowFileExpiration: flowFileExpiration,
- backPressureObjectThreshold: backPressureObjectThreshold,
- backPressureDataSizeThreshold: backPressureDataSizeThreshold,
- prioritizers: prioritizers,
- destinationId: destinationId,
- destinationType: destinationType,
- destinationGroupId: destinationGroupId
- },
- dataType: 'json'
+ data: JSON.stringify(connectionEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
if (nf.Common.isDefinedAndNotNull(response.connection)) {
var connection = response.connection;
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-connection.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-connection.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-connection.js
index ec0ed4f..8cab85e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-connection.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-connection.js
@@ -1168,18 +1168,20 @@ nf.Connection = (function () {
connection.call(updateConnections, true, false);
});
} else {
- var revision = nf.Client.getRevision();
-
// get the destination details
var destinationData = destination.datum();
var destinationType = nf.CanvasUtils.getConnectableTypeForDestination(destination);
- var updatedConnectionData = {
- version: revision.version,
- clientId: revision.clientId,
- destinationId: destinationData.component.id,
- destinationType: destinationType,
- destinationGroupId: nf.Canvas.getGroupId()
+ var connectionEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'connection': {
+ 'id': connectionData.component.id,
+ 'destination': {
+ 'id': destinationData.component.id,
+ 'groupId': nf.Canvas.getGroupId(),
+ 'type': destinationType
+ }
+ }
};
// if this is a self loop and there are less than 2 bends, add them
@@ -1191,16 +1193,23 @@ nf.Connection = (function () {
var xOffset = nf.Connection.config.selfLoopXOffset;
var yOffset = nf.Connection.config.selfLoopYOffset;
- updatedConnectionData.bends = [];
- updatedConnectionData.bends.push((rightCenter.x + xOffset) + ',' + (rightCenter.y - yOffset));
- updatedConnectionData.bends.push((rightCenter.x + xOffset) + ',' + (rightCenter.y + yOffset));
+ connectionEntity.connection.bends = [];
+ connectionEntity.connection.bends.push({
+ 'x': (rightCenter.x + xOffset),
+ 'y': (rightCenter.y - yOffset)
+ });
+ connectionEntity.connection.bends.push({
+ 'x': (rightCenter.x + xOffset),
+ 'y': (rightCenter.y + yOffset)
+ });
}
$.ajax({
type: 'PUT',
url: connectionData.component.uri,
- data: updatedConnectionData,
- dataType: 'json'
+ data: JSON.stringify(connectionEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
var updatedConnectionData = response.connection;
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-service.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-service.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-service.js
index ebaf6c1..2cf0fc0 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-service.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-controller-service.js
@@ -548,7 +548,7 @@ nf.ControllerService = (function () {
return $.ajax({
type: 'GET',
- url: '../nifi-api/controller/bulletin-board',
+ url: '../nifi-api/bulletin-board',
data: {
sourceId: ids
},
@@ -564,22 +564,26 @@ nf.ControllerService = (function () {
* @param {function} pollCondition
*/
var setEnabled = function (controllerService, enabled, pollCondition) {
- var revision = nf.Client.getRevision();
-
+ // build the request entity
+ var controllerServiceEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'controllerService': {
+ 'id': controllerService.id,
+ 'state': enabled ? 'ENABLED' : 'DISABLED'
+ }
+ };
+
var updated = $.ajax({
type: 'PUT',
url: controllerService.uri,
- data: {
- clientId: revision.clientId,
- version: revision.version,
- state: enabled === true ? 'ENABLED' : 'DISABLED'
- },
- dataType: 'json'
+ data: JSON.stringify(controllerServiceEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
nf.Client.setRevision(response.revision);
}).fail(nf.Common.handleAjaxError);
- // wait unil the polling of each service finished
+ // wait until the polling of each service finished
return $.Deferred(function(deferred) {
updated.done(function() {
var serviceUpdated = pollService(controllerService, function (service, bulletins) {
@@ -650,18 +654,19 @@ nf.ControllerService = (function () {
* @param {function} pollCondition
*/
var updateReferencingSchedulableComponents = function (controllerService, running, pollCondition) {
- var revision = nf.Client.getRevision();
-
+ var referenceEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'id': controllerService.id,
+ 'state': running ? 'RUNNING' : 'STOPPED'
+ };
+
// issue the request to update the referencing components
var updated = $.ajax({
type: 'PUT',
url: controllerService.uri + '/references',
- data: {
- clientId: revision.clientId,
- version: revision.version,
- state: running ? 'RUNNING' : 'STOPPED'
- },
- dataType: 'json'
+ data: JSON.stringify(referenceEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
nf.Client.setRevision(response.revision);
}).fail(nf.Common.handleAjaxError);
@@ -908,18 +913,20 @@ nf.ControllerService = (function () {
* @param {function} pollCondition
*/
var updateReferencingServices = function (controllerService, enabled, pollCondition) {
- var revision = nf.Client.getRevision();
+ // build the reference entity
+ var referenceEntity = {
+ 'revision': nf.Client.getRevision(),
+ 'id': controllerService.id,
+ 'state': enabled ? 'ENABLED' : 'DISABLED'
+ };
// issue the request to update the referencing components
var updated = $.ajax({
type: 'PUT',
url: controllerService.uri + '/references',
- data: {
- clientId: revision.clientId,
- version: revision.version,
- state: enabled ? 'ENABLED' : 'DISABLED'
- },
- dataType: 'json'
+ data: JSON.stringify(referenceEntity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
nf.Client.setRevision(response.revision);
}).fail(nf.Common.handleAjaxError);
@@ -1301,7 +1308,6 @@ nf.ControllerService = (function () {
data: JSON.stringify(updatedControllerService),
url: controllerService.uri,
dataType: 'json',
- processData: false,
contentType: 'application/json'
}).done(function (response) {
if (nf.Common.isDefinedAndNotNull(response.controllerService)) {
@@ -1605,7 +1611,7 @@ nf.ControllerService = (function () {
// get the controller service history
var loadHistory = $.ajax({
type: 'GET',
- url: '../nifi-api/controller/history/controller-services/' + encodeURIComponent(controllerService.id),
+ url: '../nifi-api/history/controller-services/' + encodeURIComponent(controllerService.id),
dataType: 'json'
});
@@ -1762,7 +1768,7 @@ nf.ControllerService = (function () {
// get the controller service history
var loadHistory = $.ajax({
type: 'GET',
- url: '../nifi-api/controller/history/controller-services/' + encodeURIComponent(controllerService.id),
+ url: '../nifi-api/history/controller-services/' + encodeURIComponent(controllerService.id),
dataType: 'json'
});
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-draggable.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-draggable.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-draggable.js
index d44f1ed..d4dd1de 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-draggable.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-draggable.js
@@ -27,7 +27,6 @@ nf.Draggable = (function () {
* @param {selection} dragSelection The current drag selection
*/
var updateComponentsPosition = function (dragSelection) {
- var revision = nf.Client.getRevision();
var updates = d3.map();
// determine the drag delta
@@ -44,8 +43,19 @@ nf.Draggable = (function () {
var updateComponentPosition = function(d) {
var newPosition = {
- x: d.component.position.x + delta.x,
- y: d.component.position.y + delta.y
+ 'x': d.component.position.x + delta.x,
+ 'y': d.component.position.y + delta.y
+ };
+
+ // build the entity
+ var entity = {
+ 'revision': nf.Client.getRevision()
+ };
+
+ // use bracket notation to dynamic get the key based on the entity type
+ entity[nf[d.type].getEntityKey(d)] = {
+ 'id': d.component.id,
+ 'position': newPosition
};
// update the component positioning
@@ -53,13 +63,9 @@ nf.Draggable = (function () {
$.ajax({
type: 'PUT',
url: d.component.uri,
- data: {
- version: revision.version,
- clientId: revision.clientId,
- x: newPosition.x,
- y: newPosition.y
- },
- dataType: 'json'
+ data: JSON.stringify(entity),
+ dataType: 'json',
+ contentType: 'application/json'
}).done(function (response) {
// update the revision
nf.Client.setRevision(response.revision);
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-funnel.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-funnel.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-funnel.js
index 8943ddf..555450e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-funnel.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-funnel.js
@@ -253,7 +253,14 @@ nf.Funnel = (function () {
set(funnels);
}
},
-
+
+ /**
+ * Returns the entity key when marshalling an entity of this type.
+ */
+ getEntityKey: function (d) {
+ return 'funnel';
+ },
+
/**
* Removes the specified funnel.
*
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-go-to.js
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-go-to.js b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-go-to.js
index 2c75b7e..f3d0738 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-go-to.js
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-ui/src/main/webapp/js/nf/canvas/nf-go-to.js
@@ -24,8 +24,8 @@ nf.GoTo = (function () {
var config = {
urls: {
- controller: '../nifi-api/controller',
- processGroups: '../nifi-api/controller/process-groups/'
+ api: '../nifi-api',
+ processGroups: '../nifi-api/process-groups/'
}
};
@@ -350,7 +350,7 @@ nf.GoTo = (function () {
$.ajax({
type: 'GET',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
dataType: 'json'
}).done(function (response) {
var connections = response.connections;
@@ -389,7 +389,7 @@ nf.GoTo = (function () {
$.ajax({
type: 'GET',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
dataType: 'json'
}).done(function (response) {
var connections = response.connections;
@@ -428,7 +428,7 @@ nf.GoTo = (function () {
$.ajax({
type: 'GET',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
dataType: 'json'
}).done(function (response) {
var connections = response.connections;
@@ -467,7 +467,7 @@ nf.GoTo = (function () {
$.ajax({
type: 'GET',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
dataType: 'json'
}).done(function (response) {
var connections = response.connections;
@@ -506,7 +506,7 @@ nf.GoTo = (function () {
$.ajax({
type: 'GET',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
dataType: 'json'
}).done(function (response) {
var connections = response.connections;
@@ -545,7 +545,7 @@ nf.GoTo = (function () {
$.ajax({
type: 'GET',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getParentGroupId()) + '/connections',
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(nf.Canvas.getParentGroupId()) + '/connections',
dataType: 'json'
}).done(function (response) {
var connections = response.connections;
@@ -587,7 +587,7 @@ nf.GoTo = (function () {
$.ajax({
type: 'GET',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(nf.Canvas.getParentGroupId()) + '/connections',
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(nf.Canvas.getParentGroupId()) + '/connections',
dataType: 'json'
}).done(function (response) {
var connections = response.connections;
@@ -629,7 +629,7 @@ nf.GoTo = (function () {
$.ajax({
type: 'GET',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
dataType: 'json'
}).done(function (response) {
var connections = response.connections;
@@ -668,7 +668,7 @@ nf.GoTo = (function () {
$.ajax({
type: 'GET',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
dataType: 'json'
}).done(function (response) {
var connections = response.connections;
@@ -704,7 +704,7 @@ nf.GoTo = (function () {
$.ajax({
type: 'GET',
- url: config.urls.controller + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
+ url: config.urls.api + '/process-groups/' + encodeURIComponent(selectionData.component.parentGroupId) + '/connections',
dataType: 'json'
}).done(function (response) {
var connections = response.connections;
[12/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java
index 685fac8..2cff337 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java
@@ -16,13 +16,14 @@
*/
package org.apache.nifi.web.api;
-import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import com.wordnik.swagger.annotations.Authorization;
import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.cluster.context.ClusterContext;
+import org.apache.nifi.cluster.context.ClusterContextThreadLocal;
import org.apache.nifi.cluster.manager.impl.WebClusterManager;
import org.apache.nifi.controller.ScheduledState;
import org.apache.nifi.controller.service.ControllerServiceState;
@@ -42,20 +43,20 @@ import org.apache.nifi.web.api.entity.ComponentStateEntity;
import org.apache.nifi.web.api.entity.ControllerServiceEntity;
import org.apache.nifi.web.api.entity.ControllerServiceReferencingComponentsEntity;
import org.apache.nifi.web.api.entity.ControllerServicesEntity;
+import org.apache.nifi.web.api.entity.Entity;
import org.apache.nifi.web.api.entity.PropertyDescriptorEntity;
+import org.apache.nifi.web.api.entity.UpdateControllerServiceReferenceRequestEntity;
import org.apache.nifi.web.api.request.ClientIdParameter;
import org.apache.nifi.web.api.request.LongParameter;
import org.apache.nifi.web.util.Availability;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.access.prepost.PreAuthorize;
import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
-import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HttpMethod;
import javax.ws.rs.POST;
@@ -64,15 +65,12 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import java.net.URI;
-import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
import java.util.HashMap;
-import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -81,7 +79,7 @@ import java.util.UUID;
/**
* RESTful endpoint for managing a Controller Service.
*/
-@Api(hidden = true)
+@Path("controller-services")
public class ControllerServiceResource extends ApplicationResource {
private static final Logger logger = LoggerFactory.getLogger(ControllerServiceResource.class);
@@ -99,7 +97,7 @@ public class ControllerServiceResource extends ApplicationResource {
* @param controllerServices services
* @return dtos
*/
- private Set<ControllerServiceDTO> populateRemainingControllerServicesContent(final String availability, final Set<ControllerServiceDTO> controllerServices) {
+ public Set<ControllerServiceDTO> populateRemainingControllerServicesContent(final String availability, final Set<ControllerServiceDTO> controllerServices) {
for (ControllerServiceDTO controllerService : controllerServices) {
populateRemainingControllerServiceContent(availability, controllerService);
}
@@ -109,9 +107,9 @@ public class ControllerServiceResource extends ApplicationResource {
/**
* Populates the uri for the specified controller service.
*/
- private ControllerServiceDTO populateRemainingControllerServiceContent(final String availability, final ControllerServiceDTO controllerService) {
+ public ControllerServiceDTO populateRemainingControllerServiceContent(final String availability, final ControllerServiceDTO controllerService) {
// populate the controller service href
- controllerService.setUri(generateResourceUri("controller", "controller-services", availability, controllerService.getId()));
+ controllerService.setUri(generateResourceUri("controller-services", availability, controllerService.getId()));
controllerService.setAvailability(availability);
// see if this processor has any ui extensions
@@ -164,9 +162,9 @@ public class ControllerServiceResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets all controller services",
response = ControllerServicesEntity.class,
@@ -221,52 +219,6 @@ public class ControllerServiceResource extends ApplicationResource {
}
/**
- * Creates a new controller service.
- *
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with
- * the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a
- * new one will be generated. This value (whether specified or generated) is
- * included in the response.
- * @param availability Whether the controller service is available on the
- * NCM only (ncm) or on the nodes only (node). If this instance is not
- * clustered all services should use the node availability.
- * @param type The type of controller service to create.
- * @return A controllerServiceEntity.
- */
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}")
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response createControllerService(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("availability") String availability,
- @FormParam("type") String type) {
-
- // create the controller service DTO
- final ControllerServiceDTO controllerServiceDTO = new ControllerServiceDTO();
- controllerServiceDTO.setType(type);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the controller service entity
- final ControllerServiceEntity controllerServiceEntity = new ControllerServiceEntity();
- controllerServiceEntity.setRevision(revision);
- controllerServiceEntity.setControllerService(controllerServiceDTO);
-
- return createControllerService(httpServletRequest, availability, controllerServiceEntity);
- }
-
- /**
* Creates a new Controller Service.
*
* @param httpServletRequest request
@@ -277,10 +229,10 @@ public class ControllerServiceResource extends ApplicationResource {
* @return A controllerServiceEntity.
*/
@POST
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Creates a new controller service",
response = ControllerServiceEntity.class,
@@ -330,28 +282,8 @@ public class ControllerServiceResource extends ApplicationResource {
// get the revision
final RevisionDTO revision = controllerServiceEntity.getRevision();
- // if cluster manager, convert POST to PUT (to maintain same ID across nodes) and replicate
- if (properties.isClusterManager() && Availability.NODE.equals(avail)) {
- // create ID for resource
- final String id = UUID.randomUUID().toString();
-
- // set ID for resource
- controllerServiceEntity.getControllerService().setId(id);
-
- // convert POST request to PUT request to force entity ID to be the same across nodes
- URI putUri = null;
- try {
- putUri = new URI(getAbsolutePath().toString() + "/" + id);
- } catch (final URISyntaxException e) {
- throw new WebApplicationException(e);
- }
-
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // replicate put request
- return (Response) clusterManager.applyRequest(HttpMethod.PUT, putUri, updateClientId(controllerServiceEntity), getHeaders(headersToOverride)).getResponse();
+ if (properties.isClusterManager()) {
+ return clusterManager.applyRequest(HttpMethod.POST, getAbsolutePath(), updateClientId(controllerServiceEntity), getHeaders()).getResponse();
}
// handle expects request (usually from the cluster manager)
@@ -360,6 +292,14 @@ public class ControllerServiceResource extends ApplicationResource {
return generateContinueResponse().build();
}
+ // set the processor id as appropriate
+ final ClusterContext clusterContext = ClusterContextThreadLocal.getContext();
+ if (clusterContext != null) {
+ controllerServiceEntity.getControllerService().setId(UUID.nameUUIDFromBytes(clusterContext.getIdGenerationSeed().getBytes(StandardCharsets.UTF_8)).toString());
+ } else {
+ controllerServiceEntity.getControllerService().setId(UUID.randomUUID().toString());
+ }
+
// create the controller service and generate the json
final ConfigurationSnapshot<ControllerServiceDTO> controllerResponse = serviceFacade.createControllerService(
new Revision(revision.getVersion(), revision.getClientId()), controllerServiceEntity.getControllerService());
@@ -393,9 +333,9 @@ public class ControllerServiceResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}/{id}")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets a controller service",
response = ControllerServiceEntity.class,
@@ -467,9 +407,9 @@ public class ControllerServiceResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}/descriptors")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}/{id}/descriptors")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets a controller service property descriptor",
response = PropertyDescriptorEntity.class,
@@ -551,9 +491,9 @@ public class ControllerServiceResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}/state")
- @PreAuthorize("hasAnyRole('ROLE_DFM')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}/{id}/state")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
@ApiOperation(
value = "Gets the state for a controller service",
response = ComponentStateDTO.class,
@@ -614,8 +554,7 @@ public class ControllerServiceResource extends ApplicationResource {
/**
* Clears the state for a controller service.
*
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param version The revision is used to verify the client is working with the latest version of the flow.
+ * @param revisionEntity The revision is used to verify the client is working with the latest version of the flow.
* @param availability Whether the controller service is available on the
* NCM only (ncm) or on the nodes only (node). If this instance is not
* clustered all services should use the node availability.
@@ -623,10 +562,10 @@ public class ControllerServiceResource extends ApplicationResource {
* @return a componentStateEntity
*/
@POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}/state/clear-requests")
- @PreAuthorize("hasAnyRole('ROLE_DFM')")
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}/{id}/state/clear-requests")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
@ApiOperation(
value = "Clears the state for a controller service",
response = ComponentStateDTO.class,
@@ -646,15 +585,10 @@ public class ControllerServiceResource extends ApplicationResource {
public Response clearState(
@Context HttpServletRequest httpServletRequest,
@ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @ApiParam(
- value = "The revision is used to verify the client is working with the latest version of the flow.",
+ value = "The revision used to verify the client is working with the latest version of the flow.",
required = true
)
- @FormParam(VERSION) LongParameter version,
+ Entity revisionEntity,
@ApiParam(
value = "Whether the controller service is available on the NCM or nodes. If the NiFi is standalone the availability should be NODE.",
allowableValues = "NCM, NODE",
@@ -681,23 +615,18 @@ public class ControllerServiceResource extends ApplicationResource {
return generateContinueResponse().build();
}
- // get the revision specified by the user
- Long revision = null;
- if (version != null) {
- revision = version.getLong();
- }
-
// get the component state
- final ConfigurationSnapshot<Void> snapshot = serviceFacade.clearControllerServiceState(new Revision(revision, clientId.getClientId()), id);
+ final RevisionDTO requestRevision = revisionEntity.getRevision();
+ final ConfigurationSnapshot<Void> snapshot = serviceFacade.clearControllerServiceState(new Revision(requestRevision.getVersion(), requestRevision.getClientId()), id);
// create the revision
- final RevisionDTO revisionDTO = new RevisionDTO();
- revisionDTO.setClientId(clientId.getClientId());
- revisionDTO.setVersion(snapshot.getVersion());
+ final RevisionDTO responseRevision = new RevisionDTO();
+ responseRevision.setClientId(requestRevision.getClientId());
+ responseRevision.setVersion(snapshot.getVersion());
// generate the response entity
final ComponentStateEntity entity = new ComponentStateEntity();
- entity.setRevision(revisionDTO);
+ entity.setRevision(responseRevision);
// generate the response
return clusterContext(generateOkResponse(entity)).build();
@@ -717,9 +646,9 @@ public class ControllerServiceResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}/references")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}/{id}/references")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets a controller service",
response = ControllerServiceEntity.class,
@@ -782,29 +711,20 @@ public class ControllerServiceResource extends ApplicationResource {
* Updates the references of the specified controller service.
*
* @param httpServletRequest request
- * @param version The revision is used to verify the client is working with
- * the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a
- * new one will be generated. This value (whether specified or generated) is
- * included in the response.
* @param availability Whether the controller service is available on the
* NCM only (ncm) or on the nodes only (node). If this instance is not
* clustered all services should use the node availability.
- * @param id The id of the controller service to retrieve
- * @param state Sets the state of referencing components. A value of RUNNING
- * or STOPPED will update referencing schedulable components (Processors and
- * Reporting Tasks). A value of ENABLED or DISABLED will update referencing
- * controller services.
- * @return A controllerServiceEntity.
+ * @param updateReferenceRequest The update request
+ * @return A controllerServiceReferencingComponentsEntity.
*/
@PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}/references")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}/{id}/references")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates a controller services references",
- response = ControllerServiceEntity.class,
+ response = ControllerServiceReferencingComponentsEntity.class,
authorizations = {
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
}
@@ -821,32 +741,19 @@ public class ControllerServiceResource extends ApplicationResource {
public Response updateControllerServiceReferences(
@Context HttpServletRequest httpServletRequest,
@ApiParam(
- value = "The revision is used to verify the client is working with the latest version of the flow.",
- required = false
- )
- @FormParam(VERSION) LongParameter version,
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @ApiParam(
- value = "Whether the controller service is available on the NCM or nodes. If the NiFi is standalone the availability should be NODE.",
- allowableValues = "NCM, NODE",
- required = true
+ value = "Whether the controller service is available on the NCM or nodes. If the NiFi is standalone the availability should be NODE.",
+ allowableValues = "NCM, NODE",
+ required = true
)
@PathParam("availability") String availability,
@ApiParam(
- value = "The controller service id.",
- required = true
- )
- @PathParam("id") String id,
- @ApiParam(
- value = "The new state of the references for the controller service.",
- allowableValues = "ENABLED, DISABLED, RUNNING, STOPPED",
- required = true
- )
- @FormParam("state") @DefaultValue(StringUtils.EMPTY) String state) {
+ value = "The controller service request update request.",
+ required = true
+ ) UpdateControllerServiceReferenceRequestEntity updateReferenceRequest) {
+
+ if (updateReferenceRequest.getId() == null) {
+ throw new IllegalArgumentException("The controller service identifier must be specified.");
+ }
// parse the state to determine the desired action
// need to consider controller service state first as it shares a state with
@@ -854,14 +761,14 @@ public class ControllerServiceResource extends ApplicationResource {
// but not referencing schedulable components
ControllerServiceState controllerServiceState = null;
try {
- controllerServiceState = ControllerServiceState.valueOf(state);
+ controllerServiceState = ControllerServiceState.valueOf(updateReferenceRequest.getState());
} catch (final IllegalArgumentException iae) {
// ignore
}
ScheduledState scheduledState = null;
try {
- scheduledState = ScheduledState.valueOf(state);
+ scheduledState = ScheduledState.valueOf(updateReferenceRequest.getState());
} catch (final IllegalArgumentException iae) {
// ignore
}
@@ -889,23 +796,18 @@ public class ControllerServiceResource extends ApplicationResource {
// handle expects request (usually from the cluster manager)
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
- serviceFacade.verifyUpdateControllerServiceReferencingComponents(id, scheduledState, controllerServiceState);
+ serviceFacade.verifyUpdateControllerServiceReferencingComponents(updateReferenceRequest.getId(), scheduledState, controllerServiceState);
return generateContinueResponse().build();
}
- // determine the specified version
- Long clientVersion = null;
- if (version != null) {
- clientVersion = version.getLong();
- }
-
// get the controller service
- final ConfigurationSnapshot<Set<ControllerServiceReferencingComponentDTO>> response
- = serviceFacade.updateControllerServiceReferencingComponents(new Revision(clientVersion, clientId.getClientId()), id, scheduledState, controllerServiceState);
+ final RevisionDTO requestRevision = updateReferenceRequest.getRevision();
+ final ConfigurationSnapshot<Set<ControllerServiceReferencingComponentDTO>> response = serviceFacade.updateControllerServiceReferencingComponents(
+ new Revision(requestRevision.getVersion(), requestRevision.getClientId()), updateReferenceRequest.getId(), scheduledState, controllerServiceState);
// create the revision
final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
+ revision.setClientId(requestRevision.getClientId());
revision.setVersion(response.getVersion());
// create the response entity
@@ -917,109 +819,6 @@ public class ControllerServiceResource extends ApplicationResource {
}
/**
- * Updates the specified controller service.
- *
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with
- * the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a
- * new one will be generated. This value (whether specified or generated) is
- * included in the response.
- * @param availability Whether the controller service is available on the
- * NCM only (ncm) or on the nodes only (node). If this instance is not
- * clustered all services should use the node availability.
- * @param id The id of the controller service to update.
- * @param name The name of the controller service
- * @param annotationData The annotation data for the controller service
- * @param comments The comments for the controller service
- * @param state The state of this controller service. Should be ENABLED or
- * DISABLED.
- * @param markedForDeletion Array of property names whose value should be
- * removed.
- * @param formParams Additionally, the processor properties and styles are
- * specified in the form parameters. Because the property names and styles
- * differ from processor to processor they are specified in a map-like
- * fashion:
- * <br>
- * <ul>
- * <li>properties[required.file.path]=/path/to/file</li>
- * <li>properties[required.hostname]=localhost</li>
- * <li>properties[required.port]=80</li>
- * <li>properties[optional.file.path]=/path/to/file</li>
- * <li>properties[optional.hostname]=localhost</li>
- * <li>properties[optional.port]=80</li>
- * <li>properties[user.defined.pattern]=^.*?s.*$</li>
- * </ul>
- * @return A controllerServiceEntity.
- */
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response updateControllerService(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("availability") String availability, @PathParam("id") String id, @FormParam("name") String name,
- @FormParam("annotationData") String annotationData, @FormParam("comments") String comments,
- @FormParam("state") String state, @FormParam("markedForDeletion[]") List<String> markedForDeletion,
- MultivaluedMap<String, String> formParams) {
-
- // create collections for holding the controller service properties
- final Map<String, String> updatedProperties = new LinkedHashMap<>();
-
- // go through each parameter and look for processor properties
- for (String parameterName : formParams.keySet()) {
- if (StringUtils.isNotBlank(parameterName)) {
- // see if the parameter name starts with an expected parameter type...
- // if so, store the parameter name and value in the corresponding collection
- if (parameterName.startsWith("properties")) {
- final int startIndex = StringUtils.indexOf(parameterName, "[");
- final int endIndex = StringUtils.lastIndexOf(parameterName, "]");
- if (startIndex != -1 && endIndex != -1) {
- final String propertyName = StringUtils.substring(parameterName, startIndex + 1, endIndex);
- updatedProperties.put(propertyName, formParams.getFirst(parameterName));
- }
- }
- }
- }
-
- // set the properties to remove
- for (String propertyToDelete : markedForDeletion) {
- updatedProperties.put(propertyToDelete, null);
- }
-
- // create the controller service DTO
- final ControllerServiceDTO controllerServiceDTO = new ControllerServiceDTO();
- controllerServiceDTO.setId(id);
- controllerServiceDTO.setName(name);
- controllerServiceDTO.setAnnotationData(annotationData);
- controllerServiceDTO.setComments(comments);
- controllerServiceDTO.setState(state);
-
- // only set the properties when appropriate
- if (!updatedProperties.isEmpty()) {
- controllerServiceDTO.setProperties(updatedProperties);
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the controller service entity
- final ControllerServiceEntity controllerServiceEntity = new ControllerServiceEntity();
- controllerServiceEntity.setRevision(revision);
- controllerServiceEntity.setControllerService(controllerServiceDTO);
-
- // update the controller service
- return updateControllerService(httpServletRequest, availability, id, controllerServiceEntity);
- }
-
- /**
* Updates the specified a new Controller Service.
*
* @param httpServletRequest request
@@ -1031,10 +830,10 @@ public class ControllerServiceResource extends ApplicationResource {
* @return A controllerServiceEntity.
*/
@PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}/{id}")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates a controller service",
response = ControllerServiceEntity.class,
@@ -1145,9 +944,9 @@ public class ControllerServiceResource extends ApplicationResource {
*/
@DELETE
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{availability}/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{availability}/{id}")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Deletes a controller service",
response = ControllerServiceEntity.class,
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FunnelResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FunnelResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FunnelResource.java
index 0ab6c32..541241c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FunnelResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FunnelResource.java
@@ -16,57 +16,48 @@
*/
package org.apache.nifi.web.api;
-import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import com.wordnik.swagger.annotations.Authorization;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
-import java.util.UUID;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.cluster.manager.impl.WebClusterManager;
+import org.apache.nifi.util.NiFiProperties;
+import org.apache.nifi.web.ConfigurationSnapshot;
+import org.apache.nifi.web.NiFiServiceFacade;
+import org.apache.nifi.web.Revision;
+import org.apache.nifi.web.api.dto.FunnelDTO;
+import org.apache.nifi.web.api.dto.RevisionDTO;
+import org.apache.nifi.web.api.entity.FunnelEntity;
+import org.apache.nifi.web.api.request.ClientIdParameter;
+import org.apache.nifi.web.api.request.LongParameter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
-import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HttpMethod;
-import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import org.apache.nifi.cluster.manager.impl.WebClusterManager;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.ConfigurationSnapshot;
-import org.apache.nifi.web.NiFiServiceFacade;
-import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.api.dto.FunnelDTO;
-import org.apache.nifi.web.api.dto.PositionDTO;
-import org.apache.nifi.web.api.dto.RevisionDTO;
-import org.apache.nifi.web.api.entity.FunnelEntity;
-import org.apache.nifi.web.api.entity.FunnelsEntity;
-import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.nifi.web.api.request.DoubleParameter;
-import org.apache.nifi.web.api.request.LongParameter;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.security.access.prepost.PreAuthorize;
+import java.net.URI;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Set;
/**
* RESTful endpoint for managing a Funnel.
*/
-@Api(hidden = true)
+@Path("funnels")
public class FunnelResource extends ApplicationResource {
private static final Logger logger = LoggerFactory.getLogger(FunnelResource.class);
@@ -74,7 +65,6 @@ public class FunnelResource extends ApplicationResource {
private NiFiServiceFacade serviceFacade;
private WebClusterManager clusterManager;
private NiFiProperties properties;
- private String groupId;
/**
* Populates the uri for the specified funnels.
@@ -92,220 +82,13 @@ public class FunnelResource extends ApplicationResource {
/**
* Populates the uri for the specified funnel.
*/
- private FunnelDTO populateRemainingFunnelContent(FunnelDTO funnel) {
+ public FunnelDTO populateRemainingFunnelContent(FunnelDTO funnel) {
// populate the funnel href
- funnel.setUri(generateResourceUri("controller", "process-groups", groupId, "funnels", funnel.getId()));
+ funnel.setUri(generateResourceUri("funnels", funnel.getId()));
return funnel;
}
/**
- * Retrieves all the of funnels in this NiFi.
- *
- * @param clientId Optional client id. If the client id is not specified, a
- * new one will be generated. This value (whether specified or generated) is
- * included in the response.
- * @return A funnelsEntity.
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
- @ApiOperation(
- value = "Gets all funnels",
- response = FunnelsEntity.class,
- authorizations = {
- @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response getFunnels(
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId) {
-
- // replicate if cluster manager
- if (properties.isClusterManager()) {
- return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
- }
-
- // get all the funnels
- final Set<FunnelDTO> funnels = populateRemainingFunnelsContent(serviceFacade.getFunnels(groupId));
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final FunnelsEntity entity = new FunnelsEntity();
- entity.setRevision(revision);
- entity.setFunnels(funnels);
-
- // generate the response
- return clusterContext(generateOkResponse(entity)).build();
- }
-
- /**
- * Creates a new funnel.
- *
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with
- * the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a
- * new one will be generated. This value (whether specified or generated) is
- * included in the response.
- * @param x The x coordinate for this funnels position.
- * @param y The y coordinate for this funnels position.
- * @return A funnelEntity.
- */
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response createFunnel(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @FormParam("x") DoubleParameter x, @FormParam("y") DoubleParameter y) {
-
- // ensure the position has been specified
- if (x == null || y == null) {
- throw new IllegalArgumentException("The position (x, y) must be specified");
- }
-
- // create the funnel DTO
- final FunnelDTO funnelDTO = new FunnelDTO();
- funnelDTO.setPosition(new PositionDTO(x.getDouble(), y.getDouble()));
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the funnel entity
- final FunnelEntity funnelEntity = new FunnelEntity();
- funnelEntity.setRevision(revision);
- funnelEntity.setFunnel(funnelDTO);
-
- return createFunnel(httpServletRequest, funnelEntity);
- }
-
- /**
- * Creates a new Funnel.
- *
- * @param httpServletRequest request
- * @param funnelEntity A funnelEntity.
- * @return A funnelEntity.
- */
- @POST
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- @ApiOperation(
- value = "Creates a funnel",
- response = FunnelEntity.class,
- authorizations = {
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response createFunnel(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The funnel configuration details.",
- required = true
- ) FunnelEntity funnelEntity) {
-
- if (funnelEntity == null || funnelEntity.getFunnel() == null) {
- throw new IllegalArgumentException("Funnel details must be specified.");
- }
-
- if (funnelEntity.getRevision() == null) {
- throw new IllegalArgumentException("Revision must be specified.");
- }
-
- if (funnelEntity.getFunnel().getId() != null) {
- throw new IllegalArgumentException("Funnel ID cannot be specified.");
- }
-
- // if cluster manager, convert POST to PUT (to maintain same ID across nodes) and replicate
- if (properties.isClusterManager()) {
-
- // create ID for resource
- final String id = UUID.randomUUID().toString();
-
- // set ID for resource
- funnelEntity.getFunnel().setId(id);
-
- // convert POST request to PUT request to force entity ID to be the same across nodes
- URI putUri = null;
- try {
- putUri = new URI(getAbsolutePath().toString() + "/" + id);
- } catch (final URISyntaxException e) {
- throw new WebApplicationException(e);
- }
-
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // replicate put request
- return (Response) clusterManager.applyRequest(HttpMethod.PUT, putUri, updateClientId(funnelEntity), getHeaders(headersToOverride)).getResponse();
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // create the funnel and generate the json
- final RevisionDTO revision = funnelEntity.getRevision();
- final ConfigurationSnapshot<FunnelDTO> controllerResponse = serviceFacade.createFunnel(
- new Revision(revision.getVersion(), revision.getClientId()), groupId, funnelEntity.getFunnel());
- final FunnelDTO funnel = controllerResponse.getConfiguration();
- populateRemainingFunnelContent(funnel);
-
- // get the updated revision
- final RevisionDTO updatedRevision = new RevisionDTO();
- updatedRevision.setClientId(revision.getClientId());
- updatedRevision.setVersion(controllerResponse.getVersion());
-
- // build the response entity
- final FunnelEntity entity = new FunnelEntity();
- entity.setRevision(updatedRevision);
- entity.setFunnel(funnel);
-
- // build the response
- return clusterContext(generateCreatedResponse(URI.create(funnel.getUri()), entity)).build();
- }
-
- /**
* Retrieves the specified funnel.
*
* @param clientId Optional client id. If the client id is not specified, a
@@ -316,9 +99,9 @@ public class FunnelResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets a funnel",
response = FunnelEntity.class,
@@ -355,7 +138,7 @@ public class FunnelResource extends ApplicationResource {
}
// get the funnel
- final FunnelDTO funnel = serviceFacade.getFunnel(groupId, id);
+ final FunnelDTO funnel = serviceFacade.getFunnel(id);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -370,60 +153,6 @@ public class FunnelResource extends ApplicationResource {
}
/**
- * Updates the specified funnel.
- *
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with
- * the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a
- * new one will be generated. This value (whether specified or generated) is
- * included in the response.
- * @param id The id of the funnel to update.
- * @param parentGroupId The id of the process group to move this funnel to.
- * @param x The x coordinate for this funnels position.
- * @param y The y coordinate for this funnels position.
- * @return A funnelEntity.
- */
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response updateFunnel(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("id") String id, @FormParam("parentGroupId") String parentGroupId,
- @FormParam("x") DoubleParameter x, @FormParam("y") DoubleParameter y) {
-
- // create the funnel DTO
- final FunnelDTO funnelDTO = new FunnelDTO();
- funnelDTO.setId(id);
- funnelDTO.setParentGroupId(parentGroupId);
-
- // require both coordinates to be specified
- if (x != null && y != null) {
- funnelDTO.setPosition(new PositionDTO(x.getDouble(), y.getDouble()));
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the funnel entity
- final FunnelEntity funnelEntity = new FunnelEntity();
- funnelEntity.setRevision(revision);
- funnelEntity.setFunnel(funnelDTO);
-
- // update the funnel
- return updateFunnel(httpServletRequest, id, funnelEntity);
- }
-
- /**
* Creates a new Funnel.
*
* @param httpServletRequest request
@@ -432,10 +161,10 @@ public class FunnelResource extends ApplicationResource {
* @return A funnelEntity.
*/
@PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates a funnel",
response = FunnelEntity.class,
@@ -498,7 +227,7 @@ public class FunnelResource extends ApplicationResource {
// update the funnel
final RevisionDTO revision = funnelEntity.getRevision();
final ConfigurationSnapshot<FunnelDTO> controllerResponse = serviceFacade.updateFunnel(
- new Revision(revision.getVersion(), revision.getClientId()), groupId, requestFunnelDTO);
+ new Revision(revision.getVersion(), revision.getClientId()), requestFunnelDTO);
// get the results
final FunnelDTO responseFunnelDTO = controllerResponse.getConfiguration();
@@ -535,9 +264,9 @@ public class FunnelResource extends ApplicationResource {
*/
@DELETE
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Deletes a funnel",
response = FunnelEntity.class,
@@ -580,7 +309,7 @@ public class FunnelResource extends ApplicationResource {
// handle expects request (usually from the cluster manager)
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
- serviceFacade.verifyDeleteFunnel(groupId, id);
+ serviceFacade.verifyDeleteFunnel(id);
return generateContinueResponse().build();
}
@@ -591,7 +320,7 @@ public class FunnelResource extends ApplicationResource {
}
// delete the specified funnel
- final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteFunnel(new Revision(clientVersion, clientId.getClientId()), groupId, id);
+ final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteFunnel(new Revision(clientVersion, clientId.getClientId()), id);
// get the updated revision
final RevisionDTO revision = new RevisionDTO();
@@ -610,10 +339,6 @@ public class FunnelResource extends ApplicationResource {
this.serviceFacade = serviceFacade;
}
- public void setGroupId(String groupId) {
- this.groupId = groupId;
- }
-
public void setClusterManager(WebClusterManager clusterManager) {
this.clusterManager = clusterManager;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/HistoryResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/HistoryResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/HistoryResource.java
index 7462ff8..47c2b17 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/HistoryResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/HistoryResource.java
@@ -16,12 +16,24 @@
*/
package org.apache.nifi.web.api;
-import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import com.wordnik.swagger.annotations.Authorization;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.web.NiFiServiceFacade;
+import org.apache.nifi.web.api.dto.RevisionDTO;
+import org.apache.nifi.web.api.dto.action.ActionDTO;
+import org.apache.nifi.web.api.dto.action.HistoryDTO;
+import org.apache.nifi.web.api.dto.action.HistoryQueryDTO;
+import org.apache.nifi.web.api.entity.ActionEntity;
+import org.apache.nifi.web.api.entity.ComponentHistoryEntity;
+import org.apache.nifi.web.api.entity.HistoryEntity;
+import org.apache.nifi.web.api.request.ClientIdParameter;
+import org.apache.nifi.web.api.request.DateTimeParameter;
+import org.apache.nifi.web.api.request.IntegerParameter;
+
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
@@ -32,25 +44,11 @@ import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
-import org.apache.nifi.web.api.entity.ActionEntity;
-import org.apache.nifi.web.api.entity.HistoryEntity;
-import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.nifi.web.api.request.DateTimeParameter;
-import org.apache.nifi.web.api.request.IntegerParameter;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.web.NiFiServiceFacade;
-import static org.apache.nifi.web.api.ApplicationResource.CLIENT_ID;
-import org.apache.nifi.web.api.dto.RevisionDTO;
-import org.apache.nifi.web.api.dto.action.ActionDTO;
-import org.apache.nifi.web.api.dto.action.HistoryDTO;
-import org.apache.nifi.web.api.dto.action.HistoryQueryDTO;
-import org.apache.nifi.web.api.entity.ComponentHistoryEntity;
-import org.springframework.security.access.prepost.PreAuthorize;
/**
* RESTful endpoint for querying the history of this Controller.
*/
-@Api(hidden = true)
+@Path("history")
public class HistoryResource extends ApplicationResource {
private NiFiServiceFacade serviceFacade;
@@ -85,9 +83,9 @@ public class HistoryResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("") // necessary due to bug in swagger
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets configuration history",
response = HistoryEntity.class,
@@ -234,8 +232,8 @@ public class HistoryResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @Produces(MediaType.APPLICATION_JSON)
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@Path("{id}")
@ApiOperation(
value = "Gets an action",
@@ -299,9 +297,9 @@ public class HistoryResource extends ApplicationResource {
*/
@DELETE
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasRole('ROLE_ADMIN')")
@ApiOperation(
value = "Purges history",
response = HistoryEntity.class,
@@ -360,9 +358,9 @@ public class HistoryResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/processors/{processorId}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("processors/{processorId}")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets configuration history for a processor",
response = ComponentHistoryEntity.class,
@@ -417,9 +415,9 @@ public class HistoryResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/controller-services/{controllerServiceId}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("controller-services/{controllerServiceId}")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets configuration history for a controller service",
response = ComponentHistoryEntity.class,
@@ -474,9 +472,9 @@ public class HistoryResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/reporting-tasks/{reportingTaskId}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("reporting-tasks/{reportingTaskId}")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets configuration history for a reporting task",
response = ComponentHistoryEntity.class,
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/InputPortResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/InputPortResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/InputPortResource.java
index 2f7eed6..568628e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/InputPortResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/InputPortResource.java
@@ -16,7 +16,6 @@
*/
package org.apache.nifi.web.api;
-import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
@@ -33,54 +32,42 @@ import org.apache.nifi.web.ConfigurationSnapshot;
import org.apache.nifi.web.NiFiServiceFacade;
import org.apache.nifi.web.Revision;
import org.apache.nifi.web.api.dto.PortDTO;
-import org.apache.nifi.web.api.dto.PositionDTO;
import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.dto.status.PortStatusDTO;
import org.apache.nifi.web.api.entity.InputPortEntity;
-import org.apache.nifi.web.api.entity.InputPortsEntity;
import org.apache.nifi.web.api.entity.PortStatusEntity;
import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.nifi.web.api.request.DoubleParameter;
-import org.apache.nifi.web.api.request.IntegerParameter;
import org.apache.nifi.web.api.request.LongParameter;
-import org.springframework.security.access.prepost.PreAuthorize;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
-import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HttpMethod;
-import javax.ws.rs.POST;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import java.net.URI;
-import java.net.URISyntaxException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
-import java.util.UUID;
/**
* RESTful endpoint for managing an Input Port.
*/
-@Api(hidden = true)
+@Path("input-ports")
public class InputPortResource extends ApplicationResource {
private NiFiServiceFacade serviceFacade;
private WebClusterManager clusterManager;
private NiFiProperties properties;
- private String groupId;
/**
* Populates the uri for the specified input ports.
@@ -98,220 +85,13 @@ public class InputPortResource extends ApplicationResource {
/**
* Populates the uri for the specified input ports.
*/
- private PortDTO populateRemainingInputPortContent(PortDTO inputPort) {
+ public PortDTO populateRemainingInputPortContent(PortDTO inputPort) {
// populate the input port uri
- inputPort.setUri(generateResourceUri("controller", "process-groups", inputPort.getParentGroupId(), "input-ports", inputPort.getId()));
+ inputPort.setUri(generateResourceUri("input-ports", inputPort.getId()));
return inputPort;
}
/**
- * Retrieves all the of input ports in this NiFi.
- *
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @return A inputPortsEntity.
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
- @ApiOperation(
- value = "Gets all input ports",
- response = InputPortsEntity.class,
- authorizations = {
- @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response getInputPorts(
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId) {
-
- // replicate if cluster manager
- if (properties.isClusterManager()) {
- return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
- }
-
- // get all the input ports
- final Set<PortDTO> inputPorts = populateRemainingInputPortsContent(serviceFacade.getInputPorts(groupId));
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final InputPortsEntity entity = new InputPortsEntity();
- entity.setRevision(revision);
- entity.setInputPorts(inputPorts);
-
- // generate the response
- return clusterContext(generateOkResponse(entity)).build();
- }
-
- /**
- * Creates a new input port.
- *
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param x The x coordinate for this funnels position.
- * @param y The y coordinate for this funnels position.
- * @param name The input ports name.
- * @return A inputPortEntity.
- */
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response createInputPort(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @FormParam("x") DoubleParameter x, @FormParam("y") DoubleParameter y,
- @FormParam("name") String name) {
-
- // ensure the position has been specified
- if (x == null || y == null) {
- throw new IllegalArgumentException("The position (x, y) must be specified");
- }
-
- // create the input port DTO
- final PortDTO inputPortDTO = new PortDTO();
- inputPortDTO.setPosition(new PositionDTO(x.getDouble(), y.getDouble()));
- inputPortDTO.setName(name);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the input port entity entity
- final InputPortEntity portEntity = new InputPortEntity();
- portEntity.setRevision(revision);
- portEntity.setInputPort(inputPortDTO);
-
- // create the input port
- return createInputPort(httpServletRequest, portEntity);
- }
-
- /**
- * Creates a new input port.
- *
- * @param httpServletRequest request
- * @param portEntity A inputPortEntity.
- * @return A inputPortEntity.
- */
- @POST
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- @ApiOperation(
- value = "Creates an input port",
- response = InputPortEntity.class,
- authorizations = {
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response createInputPort(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The input port configuration details.",
- required = true
- ) InputPortEntity portEntity) {
-
- if (portEntity == null || portEntity.getInputPort() == null) {
- throw new IllegalArgumentException("Port details must be specified.");
- }
-
- if (portEntity.getRevision() == null) {
- throw new IllegalArgumentException("Revision must be specified.");
- }
-
- if (portEntity.getInputPort().getId() != null) {
- throw new IllegalArgumentException("Input port ID cannot be specified.");
- }
-
- // if cluster manager, convert POST to PUT (to maintain same ID across nodes) and replicate
- if (properties.isClusterManager()) {
-
- // create ID for resource
- final String id = UUID.randomUUID().toString();
-
- // set ID for resource
- portEntity.getInputPort().setId(id);
-
- // convert POST request to PUT request to force entity ID to be the same across nodes
- URI putUri = null;
- try {
- putUri = new URI(getAbsolutePath().toString() + "/" + id);
- } catch (final URISyntaxException e) {
- throw new WebApplicationException(e);
- }
-
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // replicate put request
- return clusterManager.applyRequest(HttpMethod.PUT, putUri, updateClientId(portEntity), getHeaders(headersToOverride)).getResponse();
-
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // create the input port and generate the json
- final RevisionDTO revision = portEntity.getRevision();
- final ConfigurationSnapshot<PortDTO> controllerResponse = serviceFacade.createInputPort(
- new Revision(revision.getVersion(), revision.getClientId()), groupId, portEntity.getInputPort());
- final PortDTO port = controllerResponse.getConfiguration();
- populateRemainingInputPortContent(port);
-
- // get the updated revision
- final RevisionDTO updatedRevision = new RevisionDTO();
- updatedRevision.setClientId(revision.getClientId());
- updatedRevision.setVersion(controllerResponse.getVersion());
-
- // build the response entity
- final InputPortEntity entity = new InputPortEntity();
- entity.setRevision(updatedRevision);
- entity.setInputPort(port);
-
- // build the response
- return clusterContext(generateCreatedResponse(URI.create(port.getUri()), entity)).build();
- }
-
- /**
* Retrieves the specified input port.
*
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
@@ -320,9 +100,9 @@ public class InputPortResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets an input port",
response = InputPortEntity.class,
@@ -359,7 +139,7 @@ public class InputPortResource extends ApplicationResource {
}
// get the port
- final PortDTO port = serviceFacade.getInputPort(groupId, id);
+ final PortDTO port = serviceFacade.getInputPort(id);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -382,9 +162,9 @@ public class InputPortResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/status")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets status for an input port",
response = PortStatusEntity.class,
@@ -458,7 +238,7 @@ public class InputPortResource extends ApplicationResource {
}
// get the specified input port status
- final PortStatusDTO portStatus = serviceFacade.getInputPortStatus(groupId, id);
+ final PortStatusDTO portStatus = serviceFacade.getInputPortStatus(id);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -477,95 +257,15 @@ public class InputPortResource extends ApplicationResource {
* Updates the specified input port.
*
* @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param id The id of the input port to update.
- * @param x The x coordinate for this funnels position.
- * @param y The y coordinate for this funnels position.
- * @param groupAccessControl The allowed groups for this input port.
- * @param userAccessControl The allowed users for this input port.
- * @param comments Any comments about this input port.
- * @param name The input ports name.
- * @param state The state of this port.
- * @param concurrentlySchedulableTaskCount The number of concurrently schedulable tasks.
- * @param formParams form params
- * @return A inputPortEntity.
- */
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response updateInputPort(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("id") String id,
- @FormParam("x") DoubleParameter x, @FormParam("y") DoubleParameter y,
- @FormParam("comments") String comments,
- @FormParam("groupAccessControl[]") Set<String> groupAccessControl,
- @FormParam("userAccessControl[]") Set<String> userAccessControl,
- @FormParam("name") String name,
- @FormParam("state") String state,
- @FormParam("concurrentlySchedulableTaskCount") IntegerParameter concurrentlySchedulableTaskCount,
- MultivaluedMap<String, String> formParams) {
-
- // create the input port DTO
- final PortDTO portDTO = new PortDTO();
- portDTO.setId(id);
- portDTO.setComments(comments);
- portDTO.setName(name);
- portDTO.setState(state);
-
- if (concurrentlySchedulableTaskCount != null) {
- portDTO.setConcurrentlySchedulableTaskCount(concurrentlySchedulableTaskCount.getInteger());
- }
-
- // require both coordinates to be specified
- if (x != null && y != null) {
- portDTO.setPosition(new PositionDTO(x.getDouble(), y.getDouble()));
- }
-
- // only set the group access control when applicable
- if (!groupAccessControl.isEmpty() || formParams.containsKey("groupAccessControl[]")) {
- portDTO.setGroupAccessControl(groupAccessControl);
- }
-
- // only set the user access control when applicable
- if (!userAccessControl.isEmpty() || formParams.containsKey("userAccessControl[]")) {
- portDTO.setUserAccessControl(userAccessControl);
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the input port entity
- final InputPortEntity portEntity = new InputPortEntity();
- portEntity.setRevision(revision);
- portEntity.setInputPort(portDTO);
-
- // update the port
- return updateInputPort(httpServletRequest, id, portEntity);
- }
-
- /**
- * Updates the specified input port.
- *
- * @param httpServletRequest request
* @param id The id of the input port to update.
* @param portEntity A inputPortEntity.
* @return A inputPortEntity.
*/
@PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates an input port",
response = InputPortEntity.class,
@@ -622,14 +322,14 @@ public class InputPortResource extends ApplicationResource {
// handle expects request (usually from the cluster manager)
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
- serviceFacade.verifyUpdateInputPort(groupId, requestPortDTO);
+ serviceFacade.verifyUpdateInputPort(requestPortDTO);
return generateContinueResponse().build();
}
// update the input port
final RevisionDTO revision = portEntity.getRevision();
final ConfigurationSnapshot<PortDTO> controllerResponse = serviceFacade.updateInputPort(
- new Revision(revision.getVersion(), revision.getClientId()), groupId, requestPortDTO);
+ new Revision(revision.getVersion(), revision.getClientId()), requestPortDTO);
// get the results
final PortDTO responsePortDTO = controllerResponse.getConfiguration();
@@ -663,9 +363,9 @@ public class InputPortResource extends ApplicationResource {
*/
@DELETE
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Deletes an input port",
response = InputPortEntity.class,
@@ -708,7 +408,7 @@ public class InputPortResource extends ApplicationResource {
// handle expects request (usually from the cluster manager)
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
- serviceFacade.verifyDeleteInputPort(groupId, id);
+ serviceFacade.verifyDeleteInputPort(id);
return generateContinueResponse().build();
}
@@ -719,7 +419,7 @@ public class InputPortResource extends ApplicationResource {
}
// delete the specified input port
- final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteInputPort(new Revision(clientVersion, clientId.getClientId()), groupId, id);
+ final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteInputPort(new Revision(clientVersion, clientId.getClientId()), id);
// get the updated revision
final RevisionDTO revision = new RevisionDTO();
@@ -738,10 +438,6 @@ public class InputPortResource extends ApplicationResource {
this.serviceFacade = serviceFacade;
}
- public void setGroupId(String groupId) {
- this.groupId = groupId;
- }
-
public void setClusterManager(WebClusterManager clusterManager) {
this.clusterManager = clusterManager;
}
[05/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
deleted file mode 100644
index dcdc53e..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
+++ /dev/null
@@ -1,15 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-org.apache.nifi.integration.util.NiFiTestAuthorizationProvider
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.Authorizer
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.Authorizer b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.Authorizer
new file mode 100644
index 0000000..e7d65f4
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.Authorizer
@@ -0,0 +1,15 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+org.apache.nifi.integration.util.NiFiTestAuthorizer
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/authority-providers.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/authority-providers.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/authority-providers.xml
index 418f717..a3fb088 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/authority-providers.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/authority-providers.xml
@@ -19,6 +19,6 @@
<authorityProviders>
<provider>
<identifier>test-provider</identifier>
- <class>org.apache.nifi.integration.util.NiFiTestAuthorizationProvider</class>
+ <class>org.apache.nifi.integration.util.NiFiTestAuthorizer</class>
</provider>
</authorityProviders>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/nifi.properties
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/nifi.properties
index 1726a07..e655f06 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/nifi.properties
@@ -98,12 +98,8 @@ nifi.security.truststore=target/test-classes/access-control/localhost-ts.jks
nifi.security.truststoreType=JKS
nifi.security.truststorePasswd=localtest
nifi.security.needClientAuth=true
-nifi.security.user.authority.provider=test-provider
nifi.security.user.login.identity.provider=test-provider
-nifi.security.authorizedUsers.file=target/test-classes/access-control/users.xml
-nifi.security.user.credential.cache.duration=1 hr
-nifi.security.support.new.account.requests=
-nifi.security.anonymous.authorities=
+nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #
nifi.cluster.protocol.heartbeat.interval=5 sec
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
index 0520ac8..7108edb 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
@@ -25,19 +25,15 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.user.NiFiUser;
import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.authentication.AccountStatusException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.web.filter.GenericFilterBean;
/**
@@ -65,72 +61,41 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
}
private boolean requiresAuthentication(final HttpServletRequest request) {
- // continue attempting authorization if the user is anonymous
- if (isAnonymousUser()) {
- return true;
- }
-
- // or there is no user yet
- return NiFiUserUtils.getNiFiUser() == null && NiFiUserUtils.getNewAccountRequest() == null;
- }
-
- private boolean isAnonymousUser() {
- final NiFiUser user = NiFiUserUtils.getNiFiUser();
- return user != null && NiFiUser.ANONYMOUS_USER_IDENTITY.equals(user.getIdentity());
+ return NiFiUserUtils.getNiFiUser() == null;
}
private void authenticate(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException {
String dnChain = null;
try {
- final NiFiAuthorizationRequestToken authenticated = attemptAuthentication(request);
- if (authenticated != null) {
- dnChain = ProxiedEntitiesUtils.formatProxyDn(StringUtils.join(authenticated.getChain(), "><"));
-
+ final Authentication authenticationRequest = attemptAuthentication(request);
+ if (authenticationRequest != null) {
// log the request attempt - response details will be logged later
- log.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", dnChain, request.getMethod(),
+ log.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", authenticationRequest.toString(), request.getMethod(),
request.getRequestURL().toString(), request.getRemoteAddr()));
// attempt to authorize the user
- final Authentication authorized = authenticationManager.authenticate(authenticated);
- successfulAuthorization(request, response, authorized);
+ final Authentication authenticated = authenticationManager.authenticate(authenticationRequest);
+ successfulAuthorization(request, response, authenticated);
}
// continue
chain.doFilter(request, response);
- } catch (final InvalidAuthenticationException iae) {
- // invalid authentication - always error out
- unsuccessfulAuthorization(request, response, iae);
} catch (final AuthenticationException ae) {
- // other authentication exceptions... if we are already the anonymous user, allow through otherwise error out
- if (isAnonymousUser()) {
- if (dnChain == null) {
- log.info(String.format("Continuing as anonymous user. Unable to authenticate %s: %s", dnChain, ae));
- } else {
- log.info(String.format("Continuing as anonymous user. Unable to authenticate: %s", ae));
- }
-
- chain.doFilter(request, response);
- } else {
- unsuccessfulAuthorization(request, response, ae);
- }
+ // invalid authentication - always error out
+ unsuccessfulAuthorization(request, response, ae);
}
}
/**
- * Attempt to authenticate the client making the request. If the request does not contain an authentication attempt, this method should return null. If the request contains an authentication
- * request, the implementation should convert it to a NiFiAuthorizationRequestToken (which is used when authorizing the client). Implementations should throw InvalidAuthenticationException when
- * the request contains an authentication request but it could not be authenticated.
+ * Attempt to extract an authentication attempt from the specified request.
*
* @param request The request
- * @return The NiFiAutorizationRequestToken used to later authorized the client
- * @throws InvalidAuthenticationException If the request contained an authentication attempt, but could not authenticate
+ * @return The authentication attempt or null if none is found int he request
*/
- public abstract NiFiAuthorizationRequestToken attemptAuthentication(HttpServletRequest request);
+ public abstract Authentication attemptAuthentication(HttpServletRequest request);
protected void successfulAuthorization(HttpServletRequest request, HttpServletResponse response, Authentication authResult) {
- if (log.isDebugEnabled()) {
- log.debug("Authentication success: " + authResult);
- }
+ log.info("Authentication success for " + authResult);
SecurityContextHolder.getContext().setAuthentication(authResult);
ProxiedEntitiesUtils.successfulAuthorization(request, response, authResult);
@@ -147,20 +112,9 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
PrintWriter out = response.getWriter();
// use the type of authentication exception to determine the response code
- if (ae instanceof UsernameNotFoundException) {
- if (properties.getSupportNewAccountRequests()) {
- response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
- out.println("Not authorized.");
- } else {
- response.setStatus(HttpServletResponse.SC_FORBIDDEN);
- out.println("Access is denied.");
- }
- } else if (ae instanceof InvalidAuthenticationException) {
+ if (ae instanceof InvalidAuthenticationException) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
out.println(ae.getMessage());
- } else if (ae instanceof AccountStatusException) {
- response.setStatus(HttpServletResponse.SC_FORBIDDEN);
- out.println(ae.getMessage());
} else if (ae instanceof UntrustedProxyException) {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
out.println(ae.getMessage());
@@ -183,39 +137,6 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
}
}
- /**
- * Determines if the specified request is attempting to register a new user account.
- *
- * @param request http request
- * @return true if new user
- */
- protected final boolean isNewAccountRequest(HttpServletRequest request) {
- if ("POST".equalsIgnoreCase(request.getMethod())) {
- String path = request.getPathInfo();
- if (StringUtils.isNotBlank(path)) {
- if ("/controller/users".equals(path)) {
- return true;
- }
- }
- }
- return false;
- }
-
- /**
- * Extracts the justification from the specified request.
- *
- * @param request The request
- * @return The justification
- */
- protected final String getJustification(HttpServletRequest request) {
- // get the justification
- String justification = request.getParameter("justification");
- if (justification == null) {
- justification = StringUtils.EMPTY;
- }
- return justification;
- }
-
@Override
public void destroy() {
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java
deleted file mode 100644
index e51a26e..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security;
-
-import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken;
-import org.apache.nifi.web.security.token.NewAccountAuthorizationToken;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
-import org.apache.nifi.web.security.token.NiFiAuthorizationToken;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-
-/**
- *
- */
-public class NiFiAuthenticationProvider implements AuthenticationProvider {
-
- private final AuthenticationUserDetailsService<NiFiAuthorizationRequestToken> userDetailsService;
-
- public NiFiAuthenticationProvider(final AuthenticationUserDetailsService<NiFiAuthorizationRequestToken> userDetailsService) {
- this.userDetailsService = userDetailsService;
- }
-
- @Override
- public Authentication authenticate(Authentication authentication) throws AuthenticationException {
- final NiFiAuthorizationRequestToken request = (NiFiAuthorizationRequestToken) authentication;
-
- try {
- // defer to the nifi user details service to authorize the user
- final UserDetails userDetails = userDetailsService.loadUserDetails(request);
-
- // build a token for accesing nifi
- final NiFiAuthorizationToken result = new NiFiAuthorizationToken(userDetails);
- result.setDetails(request.getDetails());
- return result;
- } catch (final UsernameNotFoundException unfe) {
- // if the authorization request is for a new account and it could not be authorized because the user was not found,
- // return the token so the new account could be created. this must go here to ensure that any proxies have been authorized
- if (isNewAccountAuthenticationToken(request)) {
- return new NewAccountAuthorizationToken(((NewAccountAuthorizationRequestToken) authentication).getNewAccountRequest());
- } else {
- throw unfe;
- }
- }
- }
-
- private boolean isNewAccountAuthenticationToken(final Authentication authentication) {
- return NewAccountAuthorizationRequestToken.class.isAssignableFrom(authentication.getClass());
- }
-
- @Override
- public boolean supports(Class<?> authentication) {
- return NiFiAuthorizationRequestToken.class.isAssignableFrom(authentication);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java
index 05c5fb8..3f45629 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java
@@ -16,20 +16,17 @@
*/
package org.apache.nifi.web.security.anonymous;
-import java.util.EnumSet;
-import javax.servlet.http.HttpServletRequest;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.authorization.Authority;
+import org.apache.nifi.admin.service.KeyService;
import org.apache.nifi.user.NiFiUser;
+import org.apache.nifi.web.security.token.NiFiAuthenticationToken;
import org.apache.nifi.web.security.user.NiFiUserDetails;
-import org.apache.nifi.web.security.token.NiFiAuthorizationToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
+import javax.servlet.http.HttpServletRequest;
+
/**
* Custom AnonymouseAuthenticationFilter used to grant additional authorities depending on the current operating mode.
*/
@@ -39,7 +36,7 @@ public class NiFiAnonymousUserFilter extends AnonymousAuthenticationFilter {
private static final String ANONYMOUS_KEY = "anonymousNifiKey";
- private UserService userService;
+ private KeyService keyService;
public NiFiAnonymousUserFilter() {
super(ANONYMOUS_KEY);
@@ -47,40 +44,12 @@ public class NiFiAnonymousUserFilter extends AnonymousAuthenticationFilter {
@Override
protected Authentication createAuthentication(HttpServletRequest request) {
- Authentication authentication = null;
-
- try {
- // load the anonymous user from the database
- NiFiUser user = userService.getUserByDn(NiFiUser.ANONYMOUS_USER_IDENTITY);
-
- // if this is an unsecure request allow full access
- if (!request.isSecure()) {
- user.getAuthorities().addAll(EnumSet.allOf(Authority.class));
- }
-
- // only create an authentication token if the anonymous user has some authorities or they are accessing a ui
- // extension. ui extensions have run this security filter but we shouldn't require authentication/authorization
- // when accessing static resources like images, js, and css. authentication/authorization is required when
- // interacting with nifi however and that will be verified in the NiFiWebContext or NiFiWebConfigurationContext
- if (!user.getAuthorities().isEmpty() || !request.getContextPath().startsWith("/nifi-api")) {
- NiFiUserDetails userDetails = new NiFiUserDetails(user);
-
- // get the granted authorities
- authentication = new NiFiAuthorizationToken(userDetails);
- }
- } catch (AdministrationException ase) {
- // record the issue
- anonymousUserFilterLogger.warn("Unable to load anonymous user from accounts database: " + ase.getMessage());
- if (anonymousUserFilterLogger.isDebugEnabled()) {
- anonymousUserFilterLogger.warn(StringUtils.EMPTY, ase);
- }
- }
- return authentication;
+ return new NiFiAuthenticationToken(new NiFiUserDetails(NiFiUser.ANONYMOUS));
}
/* setters */
- public void setUserService(UserService userService) {
- this.userService = userService;
+ public void setKeyService(KeyService keyService) {
+ this.keyService = keyService;
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
deleted file mode 100644
index dd87cfa..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.authorization;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.ListIterator;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.admin.service.AccountDisabledException;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AccountPendingException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.security.UntrustedProxyException;
-import org.apache.nifi.web.security.user.NiFiUserDetails;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.dao.DataAccessException;
-import org.springframework.security.authentication.AccountStatusException;
-import org.springframework.security.authentication.AuthenticationServiceException;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-
-/**
- * UserDetailsService that will verify user identity and grant user authorities.
- */
-public class NiFiAuthorizationService implements AuthenticationUserDetailsService<NiFiAuthorizationRequestToken> {
-
- private static final Logger logger = LoggerFactory.getLogger(NiFiAuthorizationService.class);
-
- private UserService userService;
- private NiFiProperties properties;
-
- /**
- * Loads the user details for the specified dn.
- *
- * Synchronizing because we want each request to be authorized atomically since each may contain any number of DNs. We wanted an access decision made for each individual request as a whole
- * (without other request potentially impacting it).
- *
- * @param request request
- * @return user details
- * @throws UsernameNotFoundException ex
- * @throws org.springframework.dao.DataAccessException ex
- */
- @Override
- public synchronized UserDetails loadUserDetails(NiFiAuthorizationRequestToken request) throws UsernameNotFoundException, DataAccessException {
- NiFiUserDetails userDetails = null;
- final List<String> chain = new ArrayList<>(request.getChain());
-
- // ensure valid input
- if (chain.isEmpty()) {
- logger.warn("Malformed proxy chain: " + StringUtils.join(request.getChain()));
- throw new UntrustedProxyException("Malformed proxy chain.");
- }
-
- NiFiUser proxy = null;
-
- // process each part of the proxy chain
- for (final ListIterator<String> chainIter = request.getChain().listIterator(chain.size()); chainIter.hasPrevious();) {
- final String dn = chainIter.previous();
-
- // if there is another dn after this one, this dn is a proxy for the request
- if (chainIter.hasPrevious()) {
- try {
- // get the user details for the proxy
- final NiFiUserDetails proxyDetails = getNiFiUserDetails(dn);
- final NiFiUser user = proxyDetails.getNiFiUser();
-
- // verify the proxy has the appropriate role
- if (!user.getAuthorities().contains(Authority.ROLE_PROXY)) {
- logger.warn(String.format("Proxy '%s' must have '%s' authority. Current authorities: %s", dn, Authority.ROLE_PROXY.toString(), StringUtils.join(user.getAuthorities(), ", ")));
- throw new UntrustedProxyException(String.format("Untrusted proxy '%s' must be authorized with '%s'.", dn, Authority.ROLE_PROXY.toString()));
- }
-
- // if we've already encountered a proxy, update the chain
- if (proxy != null) {
- user.setChain(proxy);
- }
-
- // record this user as the proxy for the next user in the chain
- proxy = user;
- } catch (UsernameNotFoundException unfe) {
- // if this proxy is a new user, conditionally create a new account automatically
- if (properties.getSupportNewAccountRequests()) {
- try {
- logger.warn(String.format("Automatic account request generated for unknown proxy: %s", dn));
-
- // attempt to create a new user account for the proxying client
- userService.createPendingUserAccount(dn, "Automatic account request generated for unknown proxy.");
- } catch (AdministrationException ae) {
- throw new AuthenticationServiceException(String.format("Unable to create an account request for '%s': %s", dn, ae.getMessage()), ae);
- } catch (IllegalArgumentException iae) {
- // check then modified... account didn't exist when getting the user details but did when
- // attempting to auto create the user account request
- final String message = String.format("Account request was already submitted for '%s'", dn);
- logger.warn(message);
- throw new AccountStatusException(message) {
- };
- }
- }
-
- logger.warn(String.format("Untrusted proxy '%s' must be authorized with '%s' authority: %s", dn, Authority.ROLE_PROXY.toString(), unfe.getMessage()));
- throw new UntrustedProxyException(String.format("Untrusted proxy '%s' must be authorized with '%s'.", dn, Authority.ROLE_PROXY.toString()));
- } catch (AuthenticationException ae) {
- logger.warn(String.format("Untrusted proxy '%s' must be authorized with '%s' authority: %s", dn, Authority.ROLE_PROXY.toString(), ae.getMessage()));
- throw new UntrustedProxyException(String.format("Untrusted proxy '%s' must be authorized with '%s'.", dn, Authority.ROLE_PROXY.toString()));
- }
- } else {
- userDetails = getNiFiUserDetails(dn);
-
- // if we've already encountered a proxy, update the chain
- if (proxy != null) {
- final NiFiUser user = userDetails.getNiFiUser();
- user.setChain(proxy);
- }
- }
- }
-
- return userDetails;
- }
-
- /**
- * Loads the user details for the specified dn.
- *
- * @param dn user dn
- * @return user detail
- */
- private NiFiUserDetails getNiFiUserDetails(String dn) {
- try {
- NiFiUser user = userService.checkAuthorization(dn);
- return new NiFiUserDetails(user);
- } catch (AdministrationException ase) {
- throw new AuthenticationServiceException(String.format("An error occurred while accessing the user credentials for '%s': %s", dn, ase.getMessage()), ase);
- } catch (AccountDisabledException | AccountPendingException e) {
- throw new AccountStatusException(e.getMessage(), e) {
- };
- } catch (AccountNotFoundException anfe) {
- throw new UsernameNotFoundException(anfe.getMessage());
- }
- }
-
- /* setters */
- public void setUserService(UserService userService) {
- this.userService = userService;
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
index bd468e4..4f7383e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
@@ -16,18 +16,13 @@
*/
package org.apache.nifi.web.security.jwt;
-import io.jsonwebtoken.JwtException;
import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.web.security.InvalidAuthenticationException;
import org.apache.nifi.web.security.NiFiAuthenticationFilter;
-import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
-import org.apache.nifi.web.security.user.NewAccountRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
import javax.servlet.http.HttpServletRequest;
-import java.util.Arrays;
/**
*/
@@ -36,12 +31,11 @@ public class JwtAuthenticationFilter extends NiFiAuthenticationFilter {
private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationFilter.class);
public static final String AUTHORIZATION = "Authorization";
-
- private JwtService jwtService;
+ public static final String BEARER = "Bearer ";
@Override
- public NiFiAuthorizationRequestToken attemptAuthentication(final HttpServletRequest request) {
- // only suppport jwt login when running securely
+ public Authentication attemptAuthentication(final HttpServletRequest request) {
+ // only support jwt login when running securely
if (!request.isSecure()) {
return null;
}
@@ -52,28 +46,12 @@ public class JwtAuthenticationFilter extends NiFiAuthenticationFilter {
final String authorization = request.getHeader(AUTHORIZATION);
// if there is no authorization header, we don't know the user
- if (authorization == null || !StringUtils.startsWith(authorization, "Bearer ")) {
+ if (authorization == null || !StringUtils.startsWith(authorization, BEARER)) {
return null;
} else {
// Extract the Base64 encoded token from the Authorization header
final String token = StringUtils.substringAfterLast(authorization, " ");
-
- try {
- final String jwtPrincipal = jwtService.getAuthenticationFromToken(token);
-
- if (isNewAccountRequest(request)) {
- return new NewAccountAuthorizationRequestToken(new NewAccountRequest(Arrays.asList(jwtPrincipal), getJustification(request)));
- } else {
- return new NiFiAuthorizationRequestToken(Arrays.asList(jwtPrincipal));
- }
- } catch (JwtException e) {
- throw new InvalidAuthenticationException(e.getMessage(), e);
- }
+ return new JwtAuthenticationRequestToken(token);
}
}
-
- public void setJwtService(JwtService jwtService) {
- this.jwtService = jwtService;
- }
-
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java
new file mode 100644
index 0000000..289cc87
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.jwt;
+
+import io.jsonwebtoken.JwtException;
+import org.apache.nifi.user.NiFiUser;
+import org.apache.nifi.web.security.InvalidAuthenticationException;
+import org.apache.nifi.web.security.token.NiFiAuthenticationToken;
+import org.apache.nifi.web.security.user.NiFiUserDetails;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+
+/**
+ *
+ */
+public class JwtAuthenticationProvider implements AuthenticationProvider {
+
+ private final JwtService jwtService;
+
+ public JwtAuthenticationProvider(JwtService jwtService) {
+ this.jwtService = jwtService;
+ }
+
+ @Override
+ public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+ final JwtAuthenticationRequestToken request = (JwtAuthenticationRequestToken) authentication;
+
+ try {
+ final String jwtPrincipal = jwtService.getAuthenticationFromToken(request.getToken());
+ final NiFiUser user = new NiFiUser(jwtPrincipal);
+ return new NiFiAuthenticationToken(new NiFiUserDetails(user));
+ } catch (JwtException e) {
+ throw new InvalidAuthenticationException(e.getMessage(), e);
+ }
+ }
+
+ @Override
+ public boolean supports(Class<?> authentication) {
+ return JwtAuthenticationRequestToken.class.isAssignableFrom(authentication);
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationRequestToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationRequestToken.java
new file mode 100644
index 0000000..0be30bf
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationRequestToken.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.jwt;
+
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+
+/**
+ * This is an authentication request with a given JWT token.
+ */
+public class JwtAuthenticationRequestToken extends AbstractAuthenticationToken {
+
+ private final String token;
+
+ /**
+ * Creates a representation of the jwt authentication request for a user.
+ *
+ * @param token The unique token for this user
+ */
+ public JwtAuthenticationRequestToken(final String token) {
+ super(null);
+ setAuthenticated(false);
+ this.token = token;
+ }
+
+ @Override
+ public Object getCredentials() {
+ return null;
+ }
+
+ @Override
+ public Object getPrincipal() {
+ return token;
+ }
+
+ public String getToken() {
+ return token;
+ }
+
+ @Override
+ public String toString() {
+ return getName();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtService.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtService.java
index dd6a17a..bd58141 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtService.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtService.java
@@ -29,7 +29,7 @@ import io.jsonwebtoken.SigningKeyResolverAdapter;
import io.jsonwebtoken.UnsupportedJwtException;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.admin.service.UserService;
+import org.apache.nifi.admin.service.KeyService;
import org.apache.nifi.key.Key;
import org.apache.nifi.web.security.token.LoginAuthenticationToken;
import org.slf4j.LoggerFactory;
@@ -48,10 +48,10 @@ public class JwtService {
private static final String KEY_ID_CLAIM = "kid";
private static final String USERNAME_CLAIM = "preferred_username";
- private final UserService userService;
+ private final KeyService keyService;
- public JwtService(final UserService userService) {
- this.userService = userService;
+ public JwtService(final KeyService keyService) {
+ this.keyService = keyService;
}
public String getAuthenticationFromToken(final String base64EncodedToken) throws JwtException {
@@ -90,7 +90,7 @@ public class JwtService {
// Get the key based on the key id in the claims
final Integer keyId = claims.get(KEY_ID_CLAIM, Integer.class);
- final Key key = userService.getKey(keyId);
+ final Key key = keyService.getKey(keyId);
// Ensure we were able to find a key that was previously issued by this key service for this user
if (key == null || key.getKey() == null) {
@@ -136,7 +136,7 @@ public class JwtService {
try {
// Get/create the key for this user
- final Key key = userService.getOrCreateKey(identity);
+ final Key key = keyService.getOrCreateKey(identity);
final byte[] keyBytes = key.getKey().getBytes(StandardCharsets.UTF_8);
logger.trace("Generating JWT for " + authenticationToken);
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosServiceFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosServiceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosServiceFactoryBean.java
deleted file mode 100644
index 8b834a1..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosServiceFactoryBean.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.kerberos;
-
-import org.apache.nifi.util.NiFiProperties;
-import org.springframework.beans.factory.FactoryBean;
-import org.springframework.core.io.FileSystemResource;
-import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
-import org.springframework.security.kerberos.authentication.KerberosTicketValidator;
-import org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator;
-
-public class KerberosServiceFactoryBean implements FactoryBean<KerberosService> {
-
- private KerberosService kerberosService = null;
- private NiFiProperties properties = null;
-
- @Override
- public KerberosService getObject() throws Exception {
- if (kerberosService == null && properties.isKerberosServiceSupportEnabled()) {
- kerberosService = new KerberosService();
- kerberosService.setKerberosServiceAuthenticationProvider(createKerberosServiceAuthenticationProvider());
- }
-
- return kerberosService;
- }
-
- @Override
- public Class<?> getObjectType() {
- return KerberosService.class;
- }
-
- @Override
- public boolean isSingleton() {
- return true;
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
- private KerberosServiceAuthenticationProvider createKerberosServiceAuthenticationProvider() throws Exception {
- KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider = new KerberosServiceAuthenticationProvider();
- kerberosServiceAuthenticationProvider.setTicketValidator(createTicketValidator());
- kerberosServiceAuthenticationProvider.setUserDetailsService(createAlternateKerberosUserDetailsService());
- kerberosServiceAuthenticationProvider.afterPropertiesSet();
- return kerberosServiceAuthenticationProvider;
- }
-
- private AlternateKerberosUserDetailsService createAlternateKerberosUserDetailsService() {
- return new AlternateKerberosUserDetailsService();
- }
-
- private KerberosTicketValidator createTicketValidator() throws Exception {
- SunJaasKerberosTicketValidator ticketValidator = new SunJaasKerberosTicketValidator();
- ticketValidator.setServicePrincipal(properties.getKerberosServicePrincipal());
- ticketValidator.setKeyTabLocation(new FileSystemResource(properties.getKerberosKeytabLocation()));
- ticketValidator.afterPropertiesSet();
- return ticketValidator;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/node/NodeAuthorizedUserFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/node/NodeAuthorizedUserFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/node/NodeAuthorizedUserFilter.java
index a3e6c3c..03e1400 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/node/NodeAuthorizedUserFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/node/NodeAuthorizedUserFilter.java
@@ -30,7 +30,7 @@ import org.apache.nifi.authentication.AuthenticationResponse;
import org.apache.nifi.web.security.user.NiFiUserDetails;
import org.apache.nifi.user.NiFiUser;
import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.security.token.NiFiAuthorizationToken;
+import org.apache.nifi.web.security.token.NiFiAuthenticationToken;
import org.apache.nifi.web.security.x509.X509CertificateExtractor;
import org.apache.nifi.web.security.x509.X509IdentityProvider;
import org.apache.nifi.web.util.WebUtils;
@@ -96,7 +96,7 @@ public class NodeAuthorizedUserFilter extends GenericFilterBean {
httpServletRequest.getRequestURL().toString(), request.getRemoteAddr()));
// create the authorized nifi token
- final NiFiAuthorizationToken token = new NiFiAuthorizationToken(userDetails);
+ final NiFiAuthenticationToken token = new NiFiAuthenticationToken(userDetails);
SecurityContextHolder.getContext().setAuthentication(token);
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java
index 7cf3eeb..5f5a3cd 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java
@@ -16,14 +16,12 @@
*/
package org.apache.nifi.web.security.otp;
-import org.apache.nifi.web.security.InvalidAuthenticationException;
import org.apache.nifi.web.security.NiFiAuthenticationFilter;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
import javax.servlet.http.HttpServletRequest;
-import java.util.Arrays;
import java.util.regex.Pattern;
/**
@@ -41,10 +39,8 @@ public class OtpAuthenticationFilter extends NiFiAuthenticationFilter {
protected static final String ACCESS_TOKEN = "access_token";
- private OtpService otpService;
-
@Override
- public NiFiAuthorizationRequestToken attemptAuthentication(final HttpServletRequest request) {
+ public Authentication attemptAuthentication(final HttpServletRequest request) {
// only support otp login when running securely
if (!request.isSecure()) {
return null;
@@ -57,27 +53,18 @@ public class OtpAuthenticationFilter extends NiFiAuthenticationFilter {
if (accessToken == null) {
return null;
} else {
- try {
- String identity = null;
- if (request.getContextPath().equals("/nifi-api")) {
- if (isDownloadRequest(request.getPathInfo())) {
- // handle download requests
- identity = otpService.getAuthenticationFromDownloadToken(accessToken);
- }
- } else {
- // handle requests to other context paths (other UI extensions)
- identity = otpService.getAuthenticationFromUiExtensionToken(accessToken);
- }
-
- // the path is a support path for otp tokens
- if (identity == null) {
- return null;
+ if (request.getContextPath().equals("/nifi-api")) {
+ if (isDownloadRequest(request.getPathInfo())) {
+ // handle download requests
+ return new OtpAuthenticationRequestToken(accessToken, true);
}
-
- return new NiFiAuthorizationRequestToken(Arrays.asList(identity));
- } catch (final OtpAuthenticationException oae) {
- throw new InvalidAuthenticationException(oae.getMessage(), oae);
+ } else {
+ // handle requests to other context paths (other UI extensions)
+ return new OtpAuthenticationRequestToken(accessToken, false);
}
+
+ // the path is a support path for otp tokens
+ return null;
}
}
@@ -85,8 +72,4 @@ public class OtpAuthenticationFilter extends NiFiAuthenticationFilter {
return PROVENANCE_DOWNLOAD_PATTERN.matcher(pathInfo).matches() || QUEUE_DOWNLOAD_PATTERN.matcher(pathInfo).matches() || TEMPLATE_DOWNLOAD_PATTERN.matcher(pathInfo).matches();
}
- public void setOtpService(OtpService otpService) {
- this.otpService = otpService;
- }
-
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java
new file mode 100644
index 0000000..411efc1
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.otp;
+
+import org.apache.nifi.user.NiFiUser;
+import org.apache.nifi.web.security.InvalidAuthenticationException;
+import org.apache.nifi.web.security.token.NiFiAuthenticationToken;
+import org.apache.nifi.web.security.user.NiFiUserDetails;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+
+/**
+ *
+ */
+public class OtpAuthenticationProvider implements AuthenticationProvider {
+
+ private OtpService otpService;
+
+ public OtpAuthenticationProvider(OtpService otpService) {
+ this.otpService = otpService;
+ }
+
+ @Override
+ public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+ final OtpAuthenticationRequestToken request = (OtpAuthenticationRequestToken) authentication;
+
+ try {
+ final String otpPrincipal;
+ if (request.isDownloadToken()) {
+ otpPrincipal = otpService.getAuthenticationFromDownloadToken(request.getToken());
+ } else {
+ otpPrincipal = otpService.getAuthenticationFromUiExtensionToken(request.getToken());
+ }
+ final NiFiUser user = new NiFiUser(otpPrincipal);
+ return new NiFiAuthenticationToken(new NiFiUserDetails(user));
+ } catch (OtpAuthenticationException e) {
+ throw new InvalidAuthenticationException(e.getMessage(), e);
+ }
+ }
+
+ @Override
+ public boolean supports(Class<?> authentication) {
+ return OtpAuthenticationRequestToken.class.isAssignableFrom(authentication);
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationRequestToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationRequestToken.java
new file mode 100644
index 0000000..e5dd6ee
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationRequestToken.java
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.otp;
+
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+
+/**
+ * This is an authentication request with a given OTP token.
+ */
+public class OtpAuthenticationRequestToken extends AbstractAuthenticationToken {
+
+ private final String token;
+ private final boolean isDownloadToken;
+
+ /**
+ * Creates a representation of the otp authentication request for a user.
+ *
+ * @param token The unique token for this user
+ */
+ public OtpAuthenticationRequestToken(final String token, final boolean isDownloadToken) {
+ super(null);
+ setAuthenticated(false);
+ this.token = token;
+ this.isDownloadToken = isDownloadToken;
+ }
+
+ @Override
+ public Object getCredentials() {
+ return null;
+ }
+
+ @Override
+ public Object getPrincipal() {
+ return token;
+ }
+
+ public String getToken() {
+ return token;
+ }
+
+ public boolean isDownloadToken() {
+ return isDownloadToken;
+ }
+
+ @Override
+ public String toString() {
+ return getName();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/KerberosServiceFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/KerberosServiceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/KerberosServiceFactoryBean.java
new file mode 100644
index 0000000..bbe15d1
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/KerberosServiceFactoryBean.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.spring;
+
+import org.apache.nifi.util.NiFiProperties;
+import org.apache.nifi.web.security.kerberos.AlternateKerberosUserDetailsService;
+import org.apache.nifi.web.security.kerberos.KerberosService;
+import org.springframework.beans.factory.FactoryBean;
+import org.springframework.core.io.FileSystemResource;
+import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
+import org.springframework.security.kerberos.authentication.KerberosTicketValidator;
+import org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator;
+
+public class KerberosServiceFactoryBean implements FactoryBean<KerberosService> {
+
+ private KerberosService kerberosService = null;
+ private NiFiProperties properties = null;
+
+ @Override
+ public KerberosService getObject() throws Exception {
+ if (kerberosService == null && properties.isKerberosServiceSupportEnabled()) {
+ kerberosService = new KerberosService();
+ kerberosService.setKerberosServiceAuthenticationProvider(createKerberosServiceAuthenticationProvider());
+ }
+
+ return kerberosService;
+ }
+
+ @Override
+ public Class<?> getObjectType() {
+ return KerberosService.class;
+ }
+
+ @Override
+ public boolean isSingleton() {
+ return true;
+ }
+
+ public void setProperties(NiFiProperties properties) {
+ this.properties = properties;
+ }
+
+ private KerberosServiceAuthenticationProvider createKerberosServiceAuthenticationProvider() throws Exception {
+ KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider = new KerberosServiceAuthenticationProvider();
+ kerberosServiceAuthenticationProvider.setTicketValidator(createTicketValidator());
+ kerberosServiceAuthenticationProvider.setUserDetailsService(createAlternateKerberosUserDetailsService());
+ kerberosServiceAuthenticationProvider.afterPropertiesSet();
+ return kerberosServiceAuthenticationProvider;
+ }
+
+ private AlternateKerberosUserDetailsService createAlternateKerberosUserDetailsService() {
+ return new AlternateKerberosUserDetailsService();
+ }
+
+ private KerberosTicketValidator createTicketValidator() throws Exception {
+ SunJaasKerberosTicketValidator ticketValidator = new SunJaasKerberosTicketValidator();
+ ticketValidator.setServicePrincipal(properties.getKerberosServicePrincipal());
+ ticketValidator.setKeyTabLocation(new FileSystemResource(properties.getKerberosKeytabLocation()));
+ ticketValidator.afterPropertiesSet();
+ return ticketValidator;
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/LoginIdentityProviderFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/LoginIdentityProviderFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/LoginIdentityProviderFactoryBean.java
index 92a27ae..2ee187a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/LoginIdentityProviderFactoryBean.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/LoginIdentityProviderFactoryBean.java
@@ -16,21 +16,6 @@
*/
package org.apache.nifi.web.security.spring;
-import java.io.File;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Field;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.util.HashMap;
-import java.util.Map;
-import javax.xml.XMLConstants;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.transform.stream.StreamSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.SchemaFactory;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authentication.AuthenticationResponse;
import org.apache.nifi.authentication.LoginCredentials;
@@ -39,11 +24,11 @@ import org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
import org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
import org.apache.nifi.authentication.LoginIdentityProviderLookup;
import org.apache.nifi.authentication.annotation.LoginIdentityProviderContext;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderDestructionException;
import org.apache.nifi.authentication.generated.LoginIdentityProviders;
import org.apache.nifi.authentication.generated.Property;
import org.apache.nifi.authentication.generated.Provider;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
import org.apache.nifi.nar.ExtensionManager;
import org.apache.nifi.nar.NarCloseable;
import org.apache.nifi.util.NiFiProperties;
@@ -53,6 +38,22 @@ import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.FactoryBean;
import org.xml.sax.SAXException;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+import java.io.File;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.HashMap;
+import java.util.Map;
+
/**
*
*/
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java
deleted file mode 100644
index 693d420..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.token;
-
-import org.apache.nifi.web.security.user.NewAccountRequest;
-
-/**
- * An authentication token that is used as an authorization request when submitting a new account.
- */
-public class NewAccountAuthorizationRequestToken extends NiFiAuthorizationRequestToken {
-
- final NewAccountRequest newAccountRequest;
-
- public NewAccountAuthorizationRequestToken(final NewAccountRequest newAccountRequest) {
- super(newAccountRequest.getChain());
- this.newAccountRequest = newAccountRequest;
- }
-
- public String getJustification() {
- return newAccountRequest.getJustification();
- }
-
- public NewAccountRequest getNewAccountRequest() {
- return newAccountRequest;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java
deleted file mode 100644
index de0fde6..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.token;
-
-import org.apache.nifi.web.security.user.NewAccountRequest;
-import org.springframework.security.authentication.AbstractAuthenticationToken;
-
-/**
- * This is an Authentication Token for a user that has been authenticated but is not authorized to access the NiFi APIs. Typically, this authentication token is used successfully when requesting a
- * NiFi account. Requesting any other endpoint would be rejected due to lack of roles.
- */
-public class NewAccountAuthorizationToken extends AbstractAuthenticationToken {
-
- final NewAccountRequest newAccountRequest;
-
- public NewAccountAuthorizationToken(final NewAccountRequest newAccountRequest) {
- super(null);
- super.setAuthenticated(true);
- this.newAccountRequest = newAccountRequest;
- }
-
- @Override
- public Object getCredentials() {
- return null;
- }
-
- @Override
- public Object getPrincipal() {
- return newAccountRequest;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationToken.java
new file mode 100644
index 0000000..f7964f5
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationToken.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.token;
+
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.userdetails.UserDetails;
+
+/**
+ * An authentication token that represents an Authenticated and Authorized user of the NiFi Apis. The authorities are based off the specified UserDetails.
+ */
+public class NiFiAuthenticationToken extends AbstractAuthenticationToken {
+
+ final UserDetails nifiUserDetails;
+
+ public NiFiAuthenticationToken(final UserDetails nifiUserDetails) {
+ super(nifiUserDetails.getAuthorities());
+ super.setAuthenticated(true);
+ setDetails(nifiUserDetails);
+ this.nifiUserDetails = nifiUserDetails;
+ }
+
+ @Override
+ public Object getCredentials() {
+ return nifiUserDetails.getPassword();
+ }
+
+ @Override
+ public Object getPrincipal() {
+ return nifiUserDetails;
+ }
+
+ @Override
+ public final void setAuthenticated(boolean authenticated) {
+ throw new IllegalArgumentException("Cannot change the authenticated state.");
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationRequestToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationRequestToken.java
deleted file mode 100644
index c20aaf3..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationRequestToken.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.token;
-
-import java.util.Collections;
-import java.util.List;
-import org.springframework.security.authentication.AbstractAuthenticationToken;
-
-/**
- * An authentication token that is used as an authorization request. The request has already been authenticated and is now going to be authorized.
- * The request chain is specified during creation and is used authorize the user(s).
- */
-public class NiFiAuthorizationRequestToken extends AbstractAuthenticationToken {
-
- private final List<String> chain;
-
- public NiFiAuthorizationRequestToken(final List<String> chain) {
- super(null);
- this.chain = chain;
- }
-
- @Override
- public Object getCredentials() {
- return null;
- }
-
- @Override
- public Object getPrincipal() {
- return chain;
- }
-
- public List<String> getChain() {
- return Collections.unmodifiableList(chain);
- }
-
- @Override
- public final void setAuthenticated(boolean authenticated) {
- throw new IllegalArgumentException("Cannot change the authenticated state.");
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationToken.java
deleted file mode 100644
index 0cb0353..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationToken.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.token;
-
-import org.springframework.security.authentication.AbstractAuthenticationToken;
-import org.springframework.security.core.userdetails.UserDetails;
-
-/**
- * An authentication token that represents an Authenticated and Authorized user of the NiFi Apis. The authorities are based off the specified UserDetails.
- */
-public class NiFiAuthorizationToken extends AbstractAuthenticationToken {
-
- final UserDetails nifiUserDetails;
-
- public NiFiAuthorizationToken(final UserDetails nifiUserDetails) {
- super(nifiUserDetails.getAuthorities());
- super.setAuthenticated(true);
- setDetails(nifiUserDetails);
- this.nifiUserDetails = nifiUserDetails;
- }
-
- @Override
- public Object getCredentials() {
- return nifiUserDetails.getPassword();
- }
-
- @Override
- public Object getPrincipal() {
- return nifiUserDetails;
- }
-
- @Override
- public final void setAuthenticated(boolean authenticated) {
- throw new IllegalArgumentException("Cannot change the authenticated state.");
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NewAccountRequest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NewAccountRequest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NewAccountRequest.java
deleted file mode 100644
index 3ec147a..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NewAccountRequest.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.user;
-
-import java.util.List;
-
-/**
- *
- */
-public class NewAccountRequest {
-
- private final List<String> chain;
- private final String justification;
-
- public NewAccountRequest(final List<String> chain, final String justification) {
- this.chain = chain;
- this.justification = justification;
- }
-
- public List<String> getChain() {
- return chain;
- }
-
- public String getJustification() {
- return justification;
- }
-
- public String getUsername() {
- // the end user is the first item in the chain
- return chain.get(0);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java
index b559269..86668fe 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java
@@ -16,16 +16,14 @@
*/
package org.apache.nifi.web.security.user;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.user.NiFiUser;
import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.user.NiFiUser;
import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
+import java.util.Collection;
+import java.util.Collections;
+
/**
* User details for a NiFi user.
*/
@@ -58,12 +56,7 @@ public class NiFiUserDetails implements UserDetails {
*/
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
- final Set<Authority> authorities = user.getAuthorities();
- final Set<GrantedAuthority> grantedAuthorities = new HashSet<>(authorities.size());
- for (final Authority authority : authorities) {
- grantedAuthorities.add(new SimpleGrantedAuthority(authority.toString()));
- }
- return grantedAuthorities;
+ return Collections.EMPTY_SET;
}
@Override
[13/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java
index 712233f..fd4a81c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java
@@ -16,7 +16,6 @@
*/
package org.apache.nifi.web.api;
-import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
@@ -36,34 +35,27 @@ import org.apache.nifi.web.ConfigurationSnapshot;
import org.apache.nifi.web.DownloadableContent;
import org.apache.nifi.web.NiFiServiceFacade;
import org.apache.nifi.web.Revision;
-import org.apache.nifi.web.api.dto.ConnectableDTO;
import org.apache.nifi.web.api.dto.ConnectionDTO;
import org.apache.nifi.web.api.dto.DropRequestDTO;
import org.apache.nifi.web.api.dto.FlowFileDTO;
import org.apache.nifi.web.api.dto.FlowFileSummaryDTO;
import org.apache.nifi.web.api.dto.ListingRequestDTO;
-import org.apache.nifi.web.api.dto.PositionDTO;
import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.dto.status.ConnectionStatusDTO;
import org.apache.nifi.web.api.dto.status.StatusHistoryDTO;
import org.apache.nifi.web.api.entity.ConnectionEntity;
import org.apache.nifi.web.api.entity.ConnectionStatusEntity;
-import org.apache.nifi.web.api.entity.ConnectionsEntity;
import org.apache.nifi.web.api.entity.DropRequestEntity;
import org.apache.nifi.web.api.entity.FlowFileEntity;
import org.apache.nifi.web.api.entity.ListingRequestEntity;
import org.apache.nifi.web.api.entity.StatusHistoryEntity;
import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.nifi.web.api.request.ConnectableTypeParameter;
-import org.apache.nifi.web.api.request.IntegerParameter;
import org.apache.nifi.web.api.request.LongParameter;
-import org.springframework.security.access.prepost.PreAuthorize;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
import javax.ws.rs.DELETE;
import javax.ws.rs.DefaultValue;
-import javax.ws.rs.FormParam;
import javax.ws.rs.GET;
import javax.ws.rs.HttpMethod;
import javax.ws.rs.POST;
@@ -75,7 +67,6 @@ import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.StreamingOutput;
@@ -83,12 +74,9 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
-import java.net.URISyntaxException;
import java.nio.charset.StandardCharsets;
-import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
-import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
@@ -96,13 +84,12 @@ import java.util.UUID;
/**
* RESTful endpoint for managing a Connection.
*/
-@Api(hidden = true)
+@Path("connections")
public class ConnectionResource extends ApplicationResource {
private NiFiServiceFacade serviceFacade;
private WebClusterManager clusterManager;
private NiFiProperties properties;
- private String groupId;
/**
* Populate the URIs for the specified connections.
@@ -123,9 +110,9 @@ public class ConnectionResource extends ApplicationResource {
* @param connection connection
* @return dto
*/
- private ConnectionDTO populateRemainingConnectionContent(ConnectionDTO connection) {
+ public ConnectionDTO populateRemainingConnectionContent(ConnectionDTO connection) {
// populate the remaining properties
- connection.setUri(generateResourceUri("controller", "process-groups", groupId, "connections", connection.getId()));
+ connection.setUri(generateResourceUri("connections", connection.getId()));
return connection;
}
@@ -138,7 +125,7 @@ public class ConnectionResource extends ApplicationResource {
*/
public ListingRequestDTO populateRemainingFlowFileListingContent(final String connectionId, final ListingRequestDTO flowFileListing) {
// uri of the listing
- flowFileListing.setUri(generateResourceUri("controller", "process-groups", groupId, "connections", connectionId, "listing-requests", flowFileListing.getId()));
+ flowFileListing.setUri(generateResourceUri("connections", connectionId, "listing-requests", flowFileListing.getId()));
// uri of each flowfile
if (flowFileListing.getFlowFileSummaries() != null) {
@@ -156,69 +143,12 @@ public class ConnectionResource extends ApplicationResource {
* @param flowFile the flowfile
* @return the dto
*/
- private FlowFileSummaryDTO populateRemainingFlowFileContent(final String connectionId, final FlowFileSummaryDTO flowFile) {
- flowFile.setUri(generateResourceUri("controller", "process-groups", groupId, "connections", connectionId, "flowfiles", flowFile.getUuid()));
+ public FlowFileSummaryDTO populateRemainingFlowFileContent(final String connectionId, final FlowFileSummaryDTO flowFile) {
+ flowFile.setUri(generateResourceUri("connections", connectionId, "flowfiles", flowFile.getUuid()));
return flowFile;
}
/**
- * Gets all the connections.
- *
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @return A connectionsEntity.
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
- @ApiOperation(
- value = "Gets all connections",
- response = ConnectionsEntity.class,
- authorizations = {
- @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response getConnections(
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId) {
-
- // replicate if cluster manager
- if (properties.isClusterManager()) {
- return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
- }
-
- // all of the relationships for the specified source processor
- Set<ConnectionDTO> connections = serviceFacade.getConnections(groupId);
-
- // create the revision
- RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the client response entity
- ConnectionsEntity entity = new ConnectionsEntity();
- entity.setRevision(revision);
- entity.setConnections(populateRemainingConnectionsContent(connections));
-
- // generate the response
- return clusterContext(generateOkResponse(entity)).build();
- }
-
- /**
* Retrieves the specified connection.
*
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
@@ -227,9 +157,9 @@ public class ConnectionResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets a connection",
response = ConnectionEntity.class,
@@ -266,7 +196,7 @@ public class ConnectionResource extends ApplicationResource {
}
// get the specified relationship
- ConnectionDTO connection = serviceFacade.getConnection(groupId, id);
+ ConnectionDTO connection = serviceFacade.getConnection(id);
// create the revision
RevisionDTO revision = new RevisionDTO();
@@ -290,9 +220,9 @@ public class ConnectionResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/status")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets status for a connection",
response = ConnectionStatusEntity.class,
@@ -366,7 +296,7 @@ public class ConnectionResource extends ApplicationResource {
}
// get the specified connection status
- final ConnectionStatusDTO connectionStatus = serviceFacade.getConnectionStatus(groupId, id);
+ final ConnectionStatusDTO connectionStatus = serviceFacade.getConnectionStatus(id);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -390,9 +320,9 @@ public class ConnectionResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}/status/history")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets the status history for a connection",
response = StatusHistoryEntity.class,
@@ -429,7 +359,7 @@ public class ConnectionResource extends ApplicationResource {
}
// get the specified processor status history
- final StatusHistoryDTO connectionStatusHistory = serviceFacade.getConnectionStatusHistory(groupId, id);
+ final StatusHistoryDTO connectionStatusHistory = serviceFacade.getConnectionStatusHistory(id);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -445,415 +375,6 @@ public class ConnectionResource extends ApplicationResource {
}
/**
- * Creates a connection.
- *
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param name The name of the connection.
- * @param sourceId The id of the source connectable.
- * @param sourceGroupId The parent group id for the source.
- * @param sourceType The type of the source connectable.
- * @param bends Array of bend points in string form ["x,y", "x,y", "x,y"]
- * @param relationships Array of relationships.
- * @param flowFileExpiration The flow file expiration in minutes
- * @param backPressureObjectThreshold The object count for when to apply back pressure.
- * @param backPressureDataSizeThreshold The object size for when to apply back pressure.
- * @param prioritizers Array of prioritizer types. These types should refer to one of the types in the GET /controller/prioritizers response. If this parameter is not specified no change will be
- * made. If this parameter appears with no value (empty string), it will be treated as an empty array.
- * @param destinationId The id of the destination connectable.
- * @param destinationGroupId The parent group id for the destination.
- * @param destinationType The type of the destination connectable.
- * @param formParams params
- * @return A connectionEntity.
- */
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response createConnection(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @FormParam("name") String name,
- @FormParam("sourceId") String sourceId,
- @FormParam("sourceGroupId") String sourceGroupId,
- @FormParam("sourceType") ConnectableTypeParameter sourceType,
- @FormParam("relationships[]") Set<String> relationships,
- @FormParam("bends[]") List<String> bends,
- @FormParam("flowFileExpiration") String flowFileExpiration,
- @FormParam("backPressureObjectThreshold") LongParameter backPressureObjectThreshold,
- @FormParam("backPressureDataSizeThreshold") String backPressureDataSizeThreshold,
- @FormParam("prioritizers[]") List<String> prioritizers,
- @FormParam("destinationId") String destinationId,
- @FormParam("destinationGroupId") String destinationGroupId,
- @FormParam("destinationType") ConnectableTypeParameter destinationType,
- MultivaluedMap<String, String> formParams) {
-
- if (sourceId == null || sourceGroupId == null || destinationId == null || destinationGroupId == null) {
- throw new IllegalArgumentException("The source and destination (and parent groups) must be specified.");
- }
-
- // ensure the source and destination type has been specified
- if (sourceType == null || destinationType == null) {
- throw new IllegalArgumentException("The source and destination type must be specified.");
- }
-
- // create the source dto
- final ConnectableDTO source = new ConnectableDTO();
- source.setId(sourceId);
- source.setType(sourceType.getConnectableType().name());
- source.setGroupId(sourceGroupId);
-
- // create the destination dto
- final ConnectableDTO destination = new ConnectableDTO();
- destination.setId(destinationId);
- destination.setType(destinationType.getConnectableType().name());
- destination.setGroupId(destinationGroupId);
-
- // create the connection dto
- final ConnectionDTO connectionDTO = new ConnectionDTO();
- connectionDTO.setName(name);
- connectionDTO.setSource(source);
- connectionDTO.setDestination(destination);
-
- // only set the relationships when applicable
- if (!relationships.isEmpty() || formParams.containsKey("relationships[]")) {
- connectionDTO.setSelectedRelationships(relationships);
- }
-
- connectionDTO.setFlowFileExpiration(flowFileExpiration);
- connectionDTO.setBackPressureDataSizeThreshold(backPressureDataSizeThreshold);
-
- if (backPressureObjectThreshold != null) {
- connectionDTO.setBackPressureObjectThreshold(backPressureObjectThreshold.getLong());
- }
-
- // handle the bends when applicable
- if (!bends.isEmpty() || formParams.containsKey("bends[]")) {
- final List<PositionDTO> bendPoints = new ArrayList<>(bends.size());
- for (final String bend : bends) {
- final String[] coordinate = bend.split(",");
-
- // ensure the appropriate number of tokens
- if (coordinate.length != 2) {
- throw new IllegalArgumentException("Bend points should be an array where each entry is in the form 'x,y'");
- }
-
- // convert the coordinate
- final Double x;
- final Double y;
- try {
- x = Double.parseDouble(coordinate[0].trim());
- y = Double.parseDouble(coordinate[1].trim());
- } catch (final NumberFormatException nfe) {
- throw new IllegalArgumentException("Bend points should be an array where each entry is in the form 'x,y'");
- }
-
- // add the bend point
- bendPoints.add(new PositionDTO(x, y));
- }
-
- // set the bend points
- connectionDTO.setBends(bendPoints);
- }
-
- // create prioritizer list
- final List<String> prioritizerTypes = new ArrayList<>(prioritizers.size());
-
- // add each prioritizer specified
- for (String rawPrioritizer : prioritizers) {
- // when prioritizers[] is specified in the request with no value, it creates an array
- // with a single element (empty string). an empty array is created when prioritizers[]
- // is not found in the request
- if (StringUtils.isNotBlank(rawPrioritizer)) {
- prioritizerTypes.add(rawPrioritizer);
- }
- }
-
- // only set the prioritizers when appropriate
- if (!prioritizerTypes.isEmpty() || formParams.containsKey("prioritizers[]")) {
- connectionDTO.setPrioritizers(prioritizerTypes);
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the connection entity
- final ConnectionEntity entity = new ConnectionEntity();
- entity.setRevision(revision);
- entity.setConnection(connectionDTO);
-
- // create the relationship target
- return createConnection(httpServletRequest, entity);
- }
-
- /**
- * Creates a new connection.
- *
- * @param httpServletRequest request
- * @param connectionEntity A connectionEntity.
- * @return A connectionEntity.
- */
- @POST
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- @ApiOperation(
- value = "Creates a connection",
- response = ConnectionEntity.class,
- authorizations = {
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response createConnection(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The connection configuration details.",
- required = true
- ) ConnectionEntity connectionEntity) {
-
- if (connectionEntity == null || connectionEntity.getConnection() == null) {
- throw new IllegalArgumentException("Connection details must be specified.");
- }
-
- if (connectionEntity.getConnection().getId() != null) {
- throw new IllegalArgumentException("Connection ID cannot be specified.");
- }
-
- if (connectionEntity.getRevision() == null) {
- throw new IllegalArgumentException("Revision must be specified.");
- }
-
- // if cluster manager, convert POST to PUT (to maintain same ID across nodes) and replicate
- if (properties.isClusterManager()) {
-
- // create ID for resource
- final String id = UUID.randomUUID().toString();
-
- // set ID for resource
- connectionEntity.getConnection().setId(id);
-
- // convert POST request to PUT request to force entity ID to be the same across nodes
- URI putUri = null;
- try {
- putUri = new URI(getAbsolutePath().toString() + "/" + id);
- } catch (final URISyntaxException e) {
- throw new WebApplicationException(e);
- }
-
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // replicate put request
- return clusterManager.applyRequest(HttpMethod.PUT, putUri, updateClientId(connectionEntity), getHeaders(headersToOverride)).getResponse();
- }
-
- // get the connection
- final ConnectionDTO connection = connectionEntity.getConnection();
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- serviceFacade.verifyCreateConnection(groupId, connection);
- return generateContinueResponse().build();
- }
-
- // create the new relationship target
- final RevisionDTO revision = connectionEntity.getRevision();
- final ConfigurationSnapshot<ConnectionDTO> controllerResponse = serviceFacade.createConnection(
- new Revision(revision.getVersion(), revision.getClientId()), groupId, connection);
- ConnectionDTO connectionDTO = controllerResponse.getConfiguration();
-
- // marshall the target and add the source processor
- populateRemainingConnectionContent(connectionDTO);
-
- // get the updated revision
- final RevisionDTO updatedRevision = new RevisionDTO();
- updatedRevision.setClientId(revision.getClientId());
- updatedRevision.setVersion(controllerResponse.getVersion());
-
- // create the response entity
- ConnectionEntity entity = new ConnectionEntity();
- entity.setRevision(updatedRevision);
- entity.setConnection(connectionDTO);
-
- // extract the href and build the response
- String href = connectionDTO.getUri();
-
- return clusterContext(generateCreatedResponse(URI.create(href), entity)).build();
- }
-
- /**
- * Updates the specified relationship target.
- *
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param connectionId The id of the source processor.
- * @param name The name of the connection.
- * @param relationships Array of relationships.
- * @param bends Array of bend points in string form ["x,y", "x,y", "x,y"]
- * @param labelIndex The control point index for the connection label
- * @param zIndex The zIndex for this connection
- * @param flowFileExpiration The flow file expiration in minutes
- * @param backPressureObjectThreshold The object count for when to apply back pressure.
- * @param backPressureDataSizeThreshold The object size for when to apply back pressure.
- * @param prioritizers Array of prioritizer types. These types should refer to one of the types in the GET /controller/prioritizers response. If this parameter is not specified no change will be
- * made. If this parameter appears with no value (empty string), it will be treated as an empty array.
- * @param destinationId The id of the destination connectable.
- * @param destinationGroupId The group id of the destination.
- * @param destinationType The type of the destination type.
- * @param formParams params
- * @return A connectionEntity.
- */
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response updateConnection(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("id") String connectionId,
- @FormParam("name") String name,
- @FormParam("relationships[]") Set<String> relationships,
- @FormParam("bends[]") List<String> bends,
- @FormParam("labelIndex") IntegerParameter labelIndex,
- @FormParam("zIndex") LongParameter zIndex,
- @FormParam("flowFileExpiration") String flowFileExpiration,
- @FormParam("backPressureObjectThreshold") LongParameter backPressureObjectThreshold,
- @FormParam("backPressureDataSizeThreshold") String backPressureDataSizeThreshold,
- @FormParam("prioritizers[]") List<String> prioritizers,
- @FormParam("destinationId") String destinationId,
- @FormParam("destinationGroupId") String destinationGroupId,
- @FormParam("destinationType") ConnectableTypeParameter destinationType,
- MultivaluedMap<String, String> formParams) {
-
- // create the target connectable if necessary
- ConnectableDTO destination = null;
- if (destinationId != null) {
- if (destinationGroupId == null) {
- throw new IllegalArgumentException("The destination group must be specified.");
- }
-
- if (destinationType == null) {
- throw new IllegalArgumentException("The destination type must be specified.");
- }
-
- destination = new ConnectableDTO();
- destination.setId(destinationId);
- destination.setType(destinationType.getConnectableType().name());
- destination.setGroupId(destinationGroupId);
- }
-
- // create the relationship target dto
- final ConnectionDTO connectionDTO = new ConnectionDTO();
- connectionDTO.setId(connectionId);
- connectionDTO.setName(name);
- connectionDTO.setDestination(destination);
- if (labelIndex != null) {
- connectionDTO.setLabelIndex(labelIndex.getInteger());
- }
- if (zIndex != null) {
- connectionDTO.setzIndex(zIndex.getLong());
- }
-
- // handle the bends when applicable
- if (!bends.isEmpty() || formParams.containsKey("bends[]")) {
- final List<PositionDTO> bendPoints = new ArrayList<>(bends.size());
- for (final String bend : bends) {
- final String[] coordinate = bend.split(",");
-
- // ensure the appropriate number of tokens
- if (coordinate.length != 2) {
- throw new IllegalArgumentException("Bend points should be an array where each entry is in the form 'x,y'");
- }
-
- // convert the coordinate
- final Double x;
- final Double y;
- try {
- x = Double.parseDouble(coordinate[0].trim());
- y = Double.parseDouble(coordinate[1].trim());
- } catch (final NumberFormatException nfe) {
- throw new IllegalArgumentException("Bend points should be an array where each entry is in the form 'x,y'");
- }
-
- // add the bend point
- bendPoints.add(new PositionDTO(x, y));
- }
-
- // set the bend points
- connectionDTO.setBends(bendPoints);
- }
-
- // only set the relationships when applicable
- if (!relationships.isEmpty() || formParams.containsKey("relationships[]")) {
- connectionDTO.setSelectedRelationships(relationships);
- }
-
- connectionDTO.setFlowFileExpiration(flowFileExpiration);
- connectionDTO.setBackPressureDataSizeThreshold(backPressureDataSizeThreshold);
-
- if (backPressureObjectThreshold != null) {
- connectionDTO.setBackPressureObjectThreshold(backPressureObjectThreshold.getLong());
- }
-
- // create prioritizer list
- final List<String> prioritizerTypes = new ArrayList<>(prioritizers.size());
-
- // add each prioritizer specified
- for (final String rawPrioritizer : prioritizers) {
- // when prioritizers[] is specified in the request with no value, it creates an array
- // with a single element (empty string). an empty array is created when prioritizers[]
- // is not found in the request
- if (StringUtils.isNotBlank(rawPrioritizer)) {
- prioritizerTypes.add(rawPrioritizer);
- }
- }
-
- // only set the prioritizers when appropriate
- if (!prioritizerTypes.isEmpty() || formParams.containsKey("prioritizers[]")) {
- connectionDTO.setPrioritizers(prioritizerTypes);
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the connection entity
- final ConnectionEntity entity = new ConnectionEntity();
- entity.setRevision(revision);
- entity.setConnection(connectionDTO);
-
- // update the relationship target
- return updateConnection(httpServletRequest, connectionId, entity);
- }
-
- /**
* Updates the specified connection.
*
* @param httpServletRequest request
@@ -862,10 +383,10 @@ public class ConnectionResource extends ApplicationResource {
* @return A connectionEntity.
*/
@PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates a connection",
response = ConnectionEntity.class,
@@ -923,14 +444,14 @@ public class ConnectionResource extends ApplicationResource {
// handle expects request (usually from the cluster manager)
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
- serviceFacade.verifyUpdateConnection(groupId, connection);
+ serviceFacade.verifyUpdateConnection(connection);
return generateContinueResponse().build();
}
// update the relationship target
final RevisionDTO revision = connectionEntity.getRevision();
final ConfigurationSnapshot<ConnectionDTO> controllerResponse = serviceFacade.updateConnection(
- new Revision(revision.getVersion(), revision.getClientId()), groupId, connection);
+ new Revision(revision.getVersion(), revision.getClientId()), connection);
// get the updated revision
final RevisionDTO updatedRevision = new RevisionDTO();
@@ -965,9 +486,9 @@ public class ConnectionResource extends ApplicationResource {
*/
@DELETE
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Deletes a connection",
response = ConnectionEntity.class,
@@ -1010,7 +531,7 @@ public class ConnectionResource extends ApplicationResource {
// handle expects request (usually from the cluster manager)
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
- serviceFacade.verifyDeleteConnection(groupId, id);
+ serviceFacade.verifyDeleteConnection(id);
return generateContinueResponse().build();
}
@@ -1021,7 +542,7 @@ public class ConnectionResource extends ApplicationResource {
}
// delete the connection
- final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteConnection(new Revision(clientVersion, clientId.getClientId()), groupId, id);
+ final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteConnection(new Revision(clientVersion, clientId.getClientId()), id);
// create the revision
final RevisionDTO updatedRevision = new RevisionDTO();
@@ -1047,9 +568,9 @@ public class ConnectionResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{connection-id}/flowfiles/{flowfile-uuid}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Gets a FlowFile from a Connection.",
authorizations = {
@@ -1108,7 +629,7 @@ public class ConnectionResource extends ApplicationResource {
}
// get the flowfile
- final FlowFileDTO flowfileDto = serviceFacade.getFlowFile(groupId, connectionId, flowFileUuid);
+ final FlowFileDTO flowfileDto = serviceFacade.getFlowFile(connectionId, flowFileUuid);
populateRemainingFlowFileContent(connectionId, flowfileDto);
// create the revision
@@ -1136,7 +657,7 @@ public class ConnectionResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces(MediaType.WILDCARD)
@Path("/{connection-id}/flowfiles/{flowfile-uuid}/content")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Gets the content for a FlowFile in a Connection.",
authorizations = {
@@ -1195,10 +716,10 @@ public class ConnectionResource extends ApplicationResource {
}
// get the uri of the request
- final String uri = generateResourceUri("controller", "process-groups", groupId, "connections", connectionId, "flowfiles", flowFileUuid, "content");
+ final String uri = generateResourceUri("connections", connectionId, "flowfiles", flowFileUuid, "content");
// get an input stream to the content
- final DownloadableContent content = serviceFacade.getContent(groupId, connectionId, flowFileUuid, uri);
+ final DownloadableContent content = serviceFacade.getContent(connectionId, flowFileUuid, uri);
// generate a streaming response
final StreamingOutput response = new StreamingOutput() {
@@ -1224,73 +745,17 @@ public class ConnectionResource extends ApplicationResource {
}
/**
- * Drops the flowfiles in the queue of the specified connection. This endpoint is DEPRECATED. Please use
- * POST /nifi-api/controller/process-groups/{process-group-id}/connections/{connection-id}/drop-requests instead.
- *
- * @param httpServletRequest request
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param id The id of the connection
- * @return A dropRequestEntity
- */
- @DELETE
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{connection-id}/contents")
- @PreAuthorize("hasRole('ROLE_DFM')")
- @ApiOperation(
- value = "Drops the contents of the queue in this connection.",
- notes = "This endpoint is DEPRECATED. Please use POST /nifi-api/controller/process-groups/{process-group-id}/connections/{connection-id}/drop-requests instead.",
- response = DropRequestEntity.class,
- authorizations = {
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 202, message = "The request has been accepted. A HTTP response header will contain the URI where the response can be polled."),
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- @Deprecated
- public Response dropQueueContents(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @ApiParam(
- value = "The connection id.",
- required = true
- )
- @PathParam("connection-id") String id) {
-
- // replicate if cluster manager
- if (properties.isClusterManager()) {
- return clusterManager.applyRequest(HttpMethod.DELETE, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
- }
-
- // defer to the new endpoint that references /drop-requests in the URI
- return createDropRequest(httpServletRequest, clientId, id);
- }
-
- /**
* Creates a request to list the flowfiles in the queue of the specified connection.
*
* @param httpServletRequest request
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
* @param id The id of the connection
* @return A listRequestEntity
*/
@POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Consumes(MediaType.WILDCARD)
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{connection-id}/listing-requests")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Lists the contents of the queue in this connection.",
response = ListingRequestEntity.class,
@@ -1311,11 +776,6 @@ public class ConnectionResource extends ApplicationResource {
public Response createFlowFileListing(
@Context HttpServletRequest httpServletRequest,
@ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @ApiParam(
value = "The connection id.",
required = true
)
@@ -1329,7 +789,7 @@ public class ConnectionResource extends ApplicationResource {
// handle expects request (usually from the cluster manager)
final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
if (expects != null) {
- serviceFacade.verifyListQueue(groupId, id);
+ serviceFacade.verifyListQueue(id);
return generateContinueResponse().build();
}
@@ -1343,12 +803,11 @@ public class ConnectionResource extends ApplicationResource {
}
// submit the listing request
- final ListingRequestDTO listingRequest = serviceFacade.createFlowFileListingRequest(groupId, id, listingRequestId);
+ final ListingRequestDTO listingRequest = serviceFacade.createFlowFileListingRequest(id, listingRequestId);
populateRemainingFlowFileListingContent(id, listingRequest);
// create the revision
final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
// create the response entity
final ListingRequestEntity entity = new ListingRequestEntity();
@@ -1370,9 +829,9 @@ public class ConnectionResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{connection-id}/listing-requests/{listing-request-id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Gets the current status of a listing request for the specified connection.",
response = ListingRequestEntity.class,
@@ -1412,7 +871,7 @@ public class ConnectionResource extends ApplicationResource {
}
// get the listing request
- final ListingRequestDTO listingRequest = serviceFacade.getFlowFileListingRequest(groupId, connectionId, listingRequestId);
+ final ListingRequestDTO listingRequest = serviceFacade.getFlowFileListingRequest(connectionId, listingRequestId);
populateRemainingFlowFileListingContent(connectionId, listingRequest);
// create the revision
@@ -1438,8 +897,9 @@ public class ConnectionResource extends ApplicationResource {
*/
@DELETE
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{connection-id}/listing-requests/{listing-request-id}")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Cancels and/or removes a request to list the contents of this connection.",
response = DropRequestEntity.class,
@@ -1486,7 +946,7 @@ public class ConnectionResource extends ApplicationResource {
}
// delete the listing request
- final ListingRequestDTO listingRequest = serviceFacade.deleteFlowFileListingRequest(groupId, connectionId, listingRequestId);
+ final ListingRequestDTO listingRequest = serviceFacade.deleteFlowFileListingRequest(connectionId, listingRequestId);
// prune the results as they were already received when the listing completed
listingRequest.setFlowFileSummaries(null);
@@ -1510,15 +970,14 @@ public class ConnectionResource extends ApplicationResource {
* Creates a request to delete the flowfiles in the queue of the specified connection.
*
* @param httpServletRequest request
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
* @param id The id of the connection
* @return A dropRequestEntity
*/
@POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Consumes(MediaType.WILDCARD)
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{connection-id}/drop-requests")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Creates a request to drop the contents of the queue in this connection.",
response = DropRequestEntity.class,
@@ -1539,11 +998,6 @@ public class ConnectionResource extends ApplicationResource {
public Response createDropRequest(
@Context HttpServletRequest httpServletRequest,
@ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @ApiParam(
value = "The connection id.",
required = true
)
@@ -1570,12 +1024,11 @@ public class ConnectionResource extends ApplicationResource {
}
// submit the drop request
- final DropRequestDTO dropRequest = serviceFacade.createFlowFileDropRequest(groupId, id, dropRequestId);
- dropRequest.setUri(generateResourceUri("controller", "process-groups", groupId, "connections", id, "drop-requests", dropRequest.getId()));
+ final DropRequestDTO dropRequest = serviceFacade.createFlowFileDropRequest(id, dropRequestId);
+ dropRequest.setUri(generateResourceUri("connections", id, "drop-requests", dropRequest.getId()));
// create the revision
final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
// create the response entity
final DropRequestEntity entity = new DropRequestEntity();
@@ -1597,9 +1050,9 @@ public class ConnectionResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{connection-id}/drop-requests/{drop-request-id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Gets the current status of a drop request for the specified connection.",
response = DropRequestEntity.class,
@@ -1639,8 +1092,8 @@ public class ConnectionResource extends ApplicationResource {
}
// get the drop request
- final DropRequestDTO dropRequest = serviceFacade.getFlowFileDropRequest(groupId, connectionId, dropRequestId);
- dropRequest.setUri(generateResourceUri("controller", "process-groups", groupId, "connections", connectionId, "drop-requests", dropRequestId));
+ final DropRequestDTO dropRequest = serviceFacade.getFlowFileDropRequest(connectionId, dropRequestId);
+ dropRequest.setUri(generateResourceUri("connections", connectionId, "drop-requests", dropRequestId));
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -1665,9 +1118,9 @@ public class ConnectionResource extends ApplicationResource {
*/
@DELETE
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("/{connection-id}/drop-requests/{drop-request-id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Cancels and/or removes a request to drop the contents of this connection.",
response = DropRequestEntity.class,
@@ -1714,8 +1167,8 @@ public class ConnectionResource extends ApplicationResource {
}
// delete the drop request
- final DropRequestDTO dropRequest = serviceFacade.deleteFlowFileDropRequest(groupId, connectionId, dropRequestId);
- dropRequest.setUri(generateResourceUri("controller", "process-groups", groupId, "connections", connectionId, "drop-requests", dropRequestId));
+ final DropRequestDTO dropRequest = serviceFacade.deleteFlowFileDropRequest(connectionId, dropRequestId);
+ dropRequest.setUri(generateResourceUri("connections", connectionId, "drop-requests", dropRequestId));
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -1734,10 +1187,6 @@ public class ConnectionResource extends ApplicationResource {
this.serviceFacade = serviceFacade;
}
- public void setGroupId(String groupId) {
- this.groupId = groupId;
- }
-
public void setClusterManager(WebClusterManager clusterManager) {
this.clusterManager = clusterManager;
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java
index a3d0dc1..a3fdc12 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java
@@ -64,7 +64,6 @@ import org.apache.nifi.web.api.request.ClientIdParameter;
import org.apache.nifi.web.api.request.IntegerParameter;
import org.apache.nifi.web.api.request.LongParameter;
import org.apache.nifi.web.security.user.NiFiUserUtils;
-import org.springframework.security.access.prepost.PreAuthorize;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
@@ -84,6 +83,7 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.net.URI;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -121,62 +121,6 @@ public class ControllerResource extends ApplicationResource {
}
/**
- * Locates the User sub-resource.
- *
- * @return the User sub-resource
- */
- @Path("/users")
- @ApiOperation(
- value = "Gets the user resource",
- response = UserResource.class
- )
- public UserResource getUserResource() {
- return resourceContext.getResource(UserResource.class);
- }
-
- /**
- * Locates the User sub-resource.
- *
- * @return the User sub-resource
- */
- @Path("/user-groups")
- @ApiOperation(
- value = "Gets the user group resource",
- response = UserGroupResource.class
- )
- public UserGroupResource getUserGroupResource() {
- return resourceContext.getResource(UserGroupResource.class);
- }
-
- /**
- * Locates the History sub-resource.
- *
- * @return the History sub-resource
- */
- @Path("/history")
- @ApiOperation(
- value = "Gets the history resource",
- response = HistoryResource.class
- )
- public HistoryResource getHistoryResource() {
- return resourceContext.getResource(HistoryResource.class);
- }
-
- /**
- * Locates the History sub-resource.
- *
- * @return the History sub-resource
- */
- @Path("/bulletin-board")
- @ApiOperation(
- value = "Gets the bulletin board resource",
- response = BulletinBoardResource.class
- )
- public BulletinBoardResource getBulletinBoardResource() {
- return resourceContext.getResource(BulletinBoardResource.class);
- }
-
- /**
* Locates the Template sub-resource.
*
* @return the Template sub-resource
@@ -205,63 +149,12 @@ public class ControllerResource extends ApplicationResource {
}
/**
- * Locates the Controller Services sub-resource.
- *
- * @return the Controller Services sub-resource
- */
- @Path("/controller-services")
- @ApiOperation(
- value = "Gets the controller service resource",
- response = ControllerServiceResource.class
- )
- public ControllerServiceResource getControllerServiceResource() {
- return resourceContext.getResource(ControllerServiceResource.class);
- }
-
- /**
- * Locates the Reporting Tasks sub-resource.
- *
- * @return the Reporting Tasks sub-resource
- */
- @Path("/reporting-tasks")
- @ApiOperation(
- value = "Gets the reporting task resource",
- response = ReportingTaskResource.class
- )
- public ReportingTaskResource getReportingTaskResource() {
- return resourceContext.getResource(ReportingTaskResource.class);
- }
-
- /**
- * Locates the Group sub-resource.
- *
- * @param groupId The process group id
- * @return the Group sub-resource
- */
- @Path("/process-groups/{process-group-id}")
- @ApiOperation(
- value = "Gets the process group resource",
- response = ProcessGroupResource.class
- )
- public ProcessGroupResource getGroupResource(
- @ApiParam(
- value = "The id of the process group that is the parent of the requested resource(s). If the desired process group is "
- + "the root group an alias 'root' may be used as the process-group-id.",
- required = true
- )
- @PathParam("process-group-id") String groupId) {
- ProcessGroupResource groupResource = resourceContext.getResource(ProcessGroupResource.class);
- groupResource.setGroupId(groupId);
- return groupResource;
- }
-
- /**
* Returns a 200 OK response to indicate this is a valid controller endpoint.
*
* @return An OK response with an empty entity body.
*/
@HEAD
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
public Response getControllerHead() {
if (properties.isClusterManager()) {
throw new IllegalClusterResourceRequestException("A cluster manager cannot process the request.");
@@ -279,7 +172,7 @@ public class ControllerResource extends ApplicationResource {
@GET
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @PreAuthorize("hasRole('ROLE_NIFI')")
+ // TODO - @PreAuthorize("hasRole('ROLE_NIFI')")
@ApiOperation(
value = "Returns the details about this NiFi necessary to communicate via site to site",
response = ControllerEntity.class,
@@ -330,7 +223,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/search-results")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Performs a search against this NiFi using the specified search term",
response = SearchResultsEntity.class,
@@ -380,7 +273,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/archive")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Creates a new archive of this NiFi flow configuration",
notes = "This POST operation returns a URI that is not representative of the thing "
@@ -457,7 +350,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/revision")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets the current revision of this NiFi",
notes = "NiFi employs an optimistic locking strategy where the client must include a revision in their request when "
@@ -505,7 +398,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/status")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets the current status of this NiFi",
response = Entity.class,
@@ -559,7 +452,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/counters")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets the current counters for this NiFi",
response = Entity.class,
@@ -654,7 +547,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/counters/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates the specified counter. This will reset the counter value to 0",
response = CounterEntity.class,
@@ -717,7 +610,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/config")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN', 'ROLE_NIFI')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN', 'ROLE_NIFI')")
@ApiOperation(
value = "Retrieves the configuration for this NiFi",
response = ControllerConfigurationEntity.class,
@@ -780,7 +673,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/config")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
public Response updateControllerConfig(
@Context HttpServletRequest httpServletRequest,
@FormParam(VERSION) LongParameter version,
@@ -831,7 +724,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/config")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Retrieves the configuration for this NiFi",
response = ControllerConfigurationEntity.class,
@@ -932,7 +825,7 @@ public class ControllerResource extends ApplicationResource {
// create the response entity
IdentityEntity entity = new IdentityEntity();
entity.setRevision(revision);
- entity.setUserId(user.getId());
+ entity.setUserId(user.getIdentity());
entity.setIdentity(user.getUserName());
// generate the response
@@ -949,7 +842,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/authorities")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN', 'ROLE_PROXY', 'ROLE_NIFI', 'ROLE_PROVENANCE')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN', 'ROLE_PROXY', 'ROLE_NIFI', 'ROLE_PROVENANCE')")
@ApiOperation(
value = "Retrieves the user details, including the authorities, about the user making the request",
response = AuthorityEntity.class,
@@ -990,8 +883,8 @@ public class ControllerResource extends ApplicationResource {
// create the response entity
AuthorityEntity entity = new AuthorityEntity();
entity.setRevision(revision);
- entity.setUserId(user.getId());
- entity.setAuthorities(NiFiUserUtils.getAuthorities());
+ entity.setUserId(user.getIdentity());
+ entity.setAuthorities(new HashSet<>(Arrays.asList("ROLE_MONITOR", "ROLE_DFM", "ROLE_ADMIN", "ROLE_PROXY", "ROLE_NIFI", "ROLE_PROVENANCE")));
// generate the response
return clusterContext(generateOkResponse(entity)).build();
@@ -1007,7 +900,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/banners")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Retrieves the banners for this NiFi",
response = BannerEntity.class,
@@ -1063,7 +956,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/processor-types")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Retrieves the types of processors that this NiFi supports",
response = ProcessorTypesEntity.class,
@@ -1117,7 +1010,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/controller-service-types")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Retrieves the types of controller services that this NiFi supports",
response = ControllerServiceTypesEntity.class,
@@ -1175,7 +1068,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/reporting-task-types")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Retrieves the types of reporting tasks that this NiFi supports",
response = ReportingTaskTypesEntity.class,
@@ -1228,7 +1121,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/prioritizers")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Retrieves the types of prioritizers that this NiFi supports",
response = PrioritizerTypesEntity.class,
@@ -1281,7 +1174,7 @@ public class ControllerResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Path("/about")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Retrieves details about this NiFi to put in the About dialog",
response = AboutEntity.class,
[14/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
index d6de553..5621990 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
@@ -16,38 +16,14 @@
*/
package org.apache.nifi.web;
-import java.nio.charset.StandardCharsets;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.ListIterator;
-import java.util.Map;
-import java.util.Set;
-import java.util.TimeZone;
-import java.util.UUID;
-import java.util.concurrent.TimeUnit;
-import java.util.function.Function;
-import java.util.function.Supplier;
-
-import javax.ws.rs.WebApplicationException;
-
-import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.action.Action;
import org.apache.nifi.action.Component;
import org.apache.nifi.action.FlowChangeAction;
import org.apache.nifi.action.Operation;
import org.apache.nifi.action.details.FlowChangePurgeDetails;
-import org.apache.nifi.admin.service.AccountNotFoundException;
import org.apache.nifi.admin.service.AuditService;
-import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.authorization.Authority;
+import org.apache.nifi.admin.service.KeyService;
import org.apache.nifi.cluster.context.ClusterContext;
import org.apache.nifi.cluster.context.ClusterContextThreadLocal;
import org.apache.nifi.cluster.manager.exception.UnknownNodeException;
@@ -84,9 +60,7 @@ import org.apache.nifi.remote.RootGroupPort;
import org.apache.nifi.reporting.Bulletin;
import org.apache.nifi.reporting.BulletinQuery;
import org.apache.nifi.reporting.BulletinRepository;
-import org.apache.nifi.user.AccountStatus;
import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.user.NiFiUserGroup;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.api.dto.BulletinBoardDTO;
@@ -127,8 +101,6 @@ import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.dto.SnippetDTO;
import org.apache.nifi.web.api.dto.SystemDiagnosticsDTO;
import org.apache.nifi.web.api.dto.TemplateDTO;
-import org.apache.nifi.web.api.dto.UserDTO;
-import org.apache.nifi.web.api.dto.UserGroupDTO;
import org.apache.nifi.web.api.dto.action.ActionDTO;
import org.apache.nifi.web.api.dto.action.HistoryDTO;
import org.apache.nifi.web.api.dto.action.HistoryQueryDTO;
@@ -156,12 +128,28 @@ import org.apache.nifi.web.dao.RemoteProcessGroupDAO;
import org.apache.nifi.web.dao.ReportingTaskDAO;
import org.apache.nifi.web.dao.SnippetDAO;
import org.apache.nifi.web.dao.TemplateDAO;
-import org.apache.nifi.web.security.user.NewAccountRequest;
import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.apache.nifi.web.util.SnippetUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.access.AccessDeniedException;
+
+import javax.ws.rs.WebApplicationException;
+import java.nio.charset.StandardCharsets;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Date;
+import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.ListIterator;
+import java.util.Map;
+import java.util.Set;
+import java.util.TimeZone;
+import java.util.UUID;
+import java.util.concurrent.TimeUnit;
+import java.util.function.Function;
+import java.util.function.Supplier;
/**
* Implementation of NiFiServiceFacade that performs revision checking.
@@ -193,7 +181,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
// administrative services
private AuditService auditService;
- private UserService userService;
+ private KeyService keyService;
// cluster manager
private WebClusterManager clusterManager;
@@ -207,8 +195,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
// -----------------------------------------
@Override
- public void verifyListQueue(String groupId, String connectionId) {
- connectionDAO.verifyList(groupId, connectionId);
+ public void verifyListQueue(String connectionId) {
+ connectionDAO.verifyList(connectionId);
}
@Override
@@ -217,77 +205,66 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public void verifyUpdateConnection(String groupId, ConnectionDTO connectionDTO) {
+ public void verifyUpdateConnection(ConnectionDTO connectionDTO) {
// if connection does not exist, then the update request is likely creating it
// so we don't verify since it will fail
- if (connectionDAO.hasConnection(groupId, connectionDTO.getId())) {
- connectionDAO.verifyUpdate(groupId, connectionDTO);
+ if (connectionDAO.hasConnection(connectionDTO.getId())) {
+ connectionDAO.verifyUpdate(connectionDTO);
} else {
- connectionDAO.verifyCreate(groupId, connectionDTO);
+ connectionDAO.verifyCreate(connectionDTO.getParentGroupId(), connectionDTO);
}
}
@Override
- public void verifyDeleteConnection(String groupId, String connectionId) {
- connectionDAO.verifyDelete(groupId, connectionId);
+ public void verifyDeleteConnection(String connectionId) {
+ connectionDAO.verifyDelete(connectionId);
}
@Override
- public void verifyDeleteFunnel(String groupId, String funnelId) {
- funnelDAO.verifyDelete(groupId, funnelId);
+ public void verifyDeleteFunnel(String funnelId) {
+ funnelDAO.verifyDelete(funnelId);
}
@Override
- public void verifyUpdateInputPort(String groupId, PortDTO inputPortDTO) {
+ public void verifyUpdateInputPort(PortDTO inputPortDTO) {
// if connection does not exist, then the update request is likely creating it
// so we don't verify since it will fail
- if (inputPortDAO.hasPort(groupId, inputPortDTO.getId())) {
- inputPortDAO.verifyUpdate(groupId, inputPortDTO);
+ if (inputPortDAO.hasPort(inputPortDTO.getId())) {
+ inputPortDAO.verifyUpdate(inputPortDTO);
}
}
@Override
- public void verifyDeleteInputPort(String groupId, String inputPortId) {
- inputPortDAO.verifyDelete(groupId, inputPortId);
+ public void verifyDeleteInputPort(String inputPortId) {
+ inputPortDAO.verifyDelete(inputPortId);
}
@Override
- public void verifyUpdateOutputPort(String groupId, PortDTO outputPortDTO) {
+ public void verifyUpdateOutputPort(PortDTO outputPortDTO) {
// if connection does not exist, then the update request is likely creating it
// so we don't verify since it will fail
- if (outputPortDAO.hasPort(groupId, outputPortDTO.getId())) {
- outputPortDAO.verifyUpdate(groupId, outputPortDTO);
+ if (outputPortDAO.hasPort(outputPortDTO.getId())) {
+ outputPortDAO.verifyUpdate(outputPortDTO);
}
}
@Override
- public void verifyDeleteOutputPort(String groupId, String outputPortId) {
- outputPortDAO.verifyDelete(groupId, outputPortId);
+ public void verifyDeleteOutputPort(String outputPortId) {
+ outputPortDAO.verifyDelete(outputPortId);
}
@Override
public void verifyUpdateProcessor(ProcessorDTO processorDTO) {
- final String groupId = controllerFacade.findProcessGroupIdForProcessor(processorDTO.getId());
-
- // if processor does not exist, then the update request is likely creating it
- // so we don't verify since it will fail
- if (groupId != null) {
- verifyUpdateProcessor(groupId, processorDTO);
- }
- }
-
- @Override
- public void verifyUpdateProcessor(String groupId, ProcessorDTO processorDTO) {
- // if processor does not exist, then the update request is likely creating it
+ // if group does not exist, then the update request is likely creating it
// so we don't verify since it will fail
- if (processorDAO.hasProcessor(groupId, processorDTO.getId())) {
- processorDAO.verifyUpdate(groupId, processorDTO);
+ if (processorDAO.hasProcessor(processorDTO.getId())) {
+ processorDAO.verifyUpdate(processorDTO);
}
}
@Override
- public void verifyDeleteProcessor(String groupId, String processorId) {
- processorDAO.verifyDelete(groupId, processorId);
+ public void verifyDeleteProcessor(String processorId) {
+ processorDAO.verifyDelete(processorId);
}
@Override
@@ -305,27 +282,27 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public void verifyUpdateRemoteProcessGroup(String groupId, RemoteProcessGroupDTO remoteProcessGroupDTO) {
+ public void verifyUpdateRemoteProcessGroup(RemoteProcessGroupDTO remoteProcessGroupDTO) {
// if remote group does not exist, then the update request is likely creating it
// so we don't verify since it will fail
- if (remoteProcessGroupDAO.hasRemoteProcessGroup(groupId, remoteProcessGroupDTO.getId())) {
- remoteProcessGroupDAO.verifyUpdate(groupId, remoteProcessGroupDTO);
+ if (remoteProcessGroupDAO.hasRemoteProcessGroup(remoteProcessGroupDTO.getId())) {
+ remoteProcessGroupDAO.verifyUpdate(remoteProcessGroupDTO);
}
}
@Override
- public void verifyUpdateRemoteProcessGroupInputPort(String groupId, String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDTO) {
- remoteProcessGroupDAO.verifyUpdateInputPort(groupId, remoteProcessGroupId, remoteProcessGroupPortDTO);
+ public void verifyUpdateRemoteProcessGroupInputPort(String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDTO) {
+ remoteProcessGroupDAO.verifyUpdateInputPort(remoteProcessGroupId, remoteProcessGroupPortDTO);
}
@Override
- public void verifyUpdateRemoteProcessGroupOutputPort(String groupId, String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDTO) {
- remoteProcessGroupDAO.verifyUpdateOutputPort(groupId, remoteProcessGroupId, remoteProcessGroupPortDTO);
+ public void verifyUpdateRemoteProcessGroupOutputPort(String remoteProcessGroupId, RemoteProcessGroupPortDTO remoteProcessGroupPortDTO) {
+ remoteProcessGroupDAO.verifyUpdateOutputPort(remoteProcessGroupId, remoteProcessGroupPortDTO);
}
@Override
- public void verifyDeleteRemoteProcessGroup(String groupId, String remoteProcessGroupId) {
- remoteProcessGroupDAO.verifyDelete(groupId, remoteProcessGroupId);
+ public void verifyDeleteRemoteProcessGroup(String remoteProcessGroupId) {
+ remoteProcessGroupDAO.verifyDelete(remoteProcessGroupId);
}
@Override
@@ -365,43 +342,43 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
// Write Operations
// -----------------------------------------
@Override
- public ConfigurationSnapshot<ConnectionDTO> updateConnection(final Revision revision, final String groupId, final ConnectionDTO connectionDTO) {
+ public ConfigurationSnapshot<ConnectionDTO> updateConnection(final Revision revision, final ConnectionDTO connectionDTO) {
// if connection does not exist, then create new connection
- if (connectionDAO.hasConnection(groupId, connectionDTO.getId()) == false) {
- return createConnection(revision, groupId, connectionDTO);
+ if (connectionDAO.hasConnection(connectionDTO.getId()) == false) {
+ return createConnection(revision, connectionDTO.getParentGroupId(), connectionDTO);
}
- return updateComponent(revision, () -> connectionDAO.updateConnection(groupId, connectionDTO), connection -> dtoFactory.createConnectionDto(connection));
+ return updateComponent(revision, () -> connectionDAO.updateConnection(connectionDTO), connection -> dtoFactory.createConnectionDto(connection));
}
@Override
- public ConfigurationSnapshot<ProcessorDTO> updateProcessor(final Revision revision, final String groupId, final ProcessorDTO processorDTO) {
+ public ConfigurationSnapshot<ProcessorDTO> updateProcessor(final Revision revision, final ProcessorDTO processorDTO) {
// if processor does not exist, then create new processor
- if (processorDAO.hasProcessor(groupId, processorDTO.getId()) == false) {
- return createProcessor(revision, groupId, processorDTO);
+ if (processorDAO.hasProcessor(processorDTO.getId()) == false) {
+ return createProcessor(revision, processorDTO.getParentGroupId(), processorDTO);
}
- return updateComponent(revision, () -> processorDAO.updateProcessor(groupId, processorDTO), proc -> dtoFactory.createProcessorDto(proc));
+ return updateComponent(revision, () -> processorDAO.updateProcessor(processorDTO), proc -> dtoFactory.createProcessorDto(proc));
}
@Override
- public ConfigurationSnapshot<LabelDTO> updateLabel(final Revision revision, final String groupId, final LabelDTO labelDTO) {
+ public ConfigurationSnapshot<LabelDTO> updateLabel(final Revision revision, final LabelDTO labelDTO) {
// if label does not exist, then create new label
- if (labelDAO.hasLabel(groupId, labelDTO.getId()) == false) {
- return createLabel(revision, groupId, labelDTO);
+ if (labelDAO.hasLabel(labelDTO.getId()) == false) {
+ return createLabel(revision, labelDTO.getParentGroupId(), labelDTO);
}
- return updateComponent(revision, () -> labelDAO.updateLabel(groupId, labelDTO), label -> dtoFactory.createLabelDto(label));
+ return updateComponent(revision, () -> labelDAO.updateLabel(labelDTO), label -> dtoFactory.createLabelDto(label));
}
@Override
- public ConfigurationSnapshot<FunnelDTO> updateFunnel(final Revision revision, final String groupId, final FunnelDTO funnelDTO) {
+ public ConfigurationSnapshot<FunnelDTO> updateFunnel(final Revision revision, final FunnelDTO funnelDTO) {
// if label does not exist, then create new label
- if (funnelDAO.hasFunnel(groupId, funnelDTO.getId()) == false) {
- return createFunnel(revision, groupId, funnelDTO);
+ if (funnelDAO.hasFunnel(funnelDTO.getId()) == false) {
+ return createFunnel(revision, funnelDTO.getParentGroupId(), funnelDTO);
}
- return updateComponent(revision, () -> funnelDAO.updateFunnel(groupId, funnelDTO), funnel -> dtoFactory.createFunnelDto(funnel));
+ return updateComponent(revision, () -> funnelDAO.updateFunnel(funnelDTO), funnel -> dtoFactory.createFunnelDto(funnel));
}
@@ -469,63 +446,63 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public ConfigurationSnapshot<PortDTO> updateInputPort(final Revision revision, final String groupId, final PortDTO inputPortDTO) {
+ public ConfigurationSnapshot<PortDTO> updateInputPort(final Revision revision, final PortDTO inputPortDTO) {
// if input port does not exist, then create new input port
- if (inputPortDAO.hasPort(groupId, inputPortDTO.getId()) == false) {
- return createInputPort(revision, groupId, inputPortDTO);
+ if (inputPortDAO.hasPort(inputPortDTO.getId()) == false) {
+ return createInputPort(revision, inputPortDTO.getParentGroupId(), inputPortDTO);
}
- return updateComponent(revision, () -> inputPortDAO.updatePort(groupId, inputPortDTO), port -> dtoFactory.createPortDto(port));
+ return updateComponent(revision, () -> inputPortDAO.updatePort(inputPortDTO), port -> dtoFactory.createPortDto(port));
}
@Override
- public ConfigurationSnapshot<PortDTO> updateOutputPort(final Revision revision, final String groupId, final PortDTO outputPortDTO) {
+ public ConfigurationSnapshot<PortDTO> updateOutputPort(final Revision revision, final PortDTO outputPortDTO) {
// if output port does not exist, then create new output port
- if (outputPortDAO.hasPort(groupId, outputPortDTO.getId()) == false) {
- return createOutputPort(revision, groupId, outputPortDTO);
+ if (outputPortDAO.hasPort(outputPortDTO.getId()) == false) {
+ return createOutputPort(revision, outputPortDTO.getParentGroupId(), outputPortDTO);
}
- return updateComponent(revision, () -> outputPortDAO.updatePort(groupId, outputPortDTO), port -> dtoFactory.createPortDto(port));
+ return updateComponent(revision, () -> outputPortDAO.updatePort(outputPortDTO), port -> dtoFactory.createPortDto(port));
}
@Override
- public ConfigurationSnapshot<RemoteProcessGroupDTO> updateRemoteProcessGroup(final Revision revision, final String groupId, final RemoteProcessGroupDTO remoteProcessGroupDTO) {
+ public ConfigurationSnapshot<RemoteProcessGroupDTO> updateRemoteProcessGroup(final Revision revision, final RemoteProcessGroupDTO remoteProcessGroupDTO) {
// if controller reference does not exist, then create new controller reference
- if (remoteProcessGroupDAO.hasRemoteProcessGroup(groupId, remoteProcessGroupDTO.getId()) == false) {
- return createRemoteProcessGroup(revision, groupId, remoteProcessGroupDTO);
+ if (remoteProcessGroupDAO.hasRemoteProcessGroup(remoteProcessGroupDTO.getId()) == false) {
+ return createRemoteProcessGroup(revision, remoteProcessGroupDTO.getParentGroupId(), remoteProcessGroupDTO);
}
return updateComponent(revision,
- () -> remoteProcessGroupDAO.updateRemoteProcessGroup(groupId, remoteProcessGroupDTO),
+ () -> remoteProcessGroupDAO.updateRemoteProcessGroup(remoteProcessGroupDTO),
remoteProcessGroup -> dtoFactory.createRemoteProcessGroupDto(remoteProcessGroup));
}
@Override
public ConfigurationSnapshot<RemoteProcessGroupPortDTO> updateRemoteProcessGroupInputPort(
- final Revision revision, final String groupId, final String remoteProcessGroupId, final RemoteProcessGroupPortDTO remoteProcessGroupPortDTO) {
+ final Revision revision, final String remoteProcessGroupId, final RemoteProcessGroupPortDTO remoteProcessGroupPortDTO) {
return updateComponent(revision,
- () -> remoteProcessGroupDAO.updateRemoteProcessGroupInputPort(groupId, remoteProcessGroupId, remoteProcessGroupPortDTO),
+ () -> remoteProcessGroupDAO.updateRemoteProcessGroupInputPort(remoteProcessGroupId, remoteProcessGroupPortDTO),
remoteGroupPort -> dtoFactory.createRemoteProcessGroupPortDto(remoteGroupPort));
}
@Override
public ConfigurationSnapshot<RemoteProcessGroupPortDTO> updateRemoteProcessGroupOutputPort(
- final Revision revision, final String groupId, final String remoteProcessGroupId, final RemoteProcessGroupPortDTO remoteProcessGroupPortDTO) {
+ final Revision revision, final String remoteProcessGroupId, final RemoteProcessGroupPortDTO remoteProcessGroupPortDTO) {
return updateComponent(revision,
- () -> remoteProcessGroupDAO.updateRemoteProcessGroupOutputPort(groupId, remoteProcessGroupId, remoteProcessGroupPortDTO),
+ () -> remoteProcessGroupDAO.updateRemoteProcessGroupOutputPort(remoteProcessGroupId, remoteProcessGroupPortDTO),
remoteGroupPort -> dtoFactory.createRemoteProcessGroupPortDto(remoteGroupPort));
}
@Override
- public ConfigurationSnapshot<ProcessGroupDTO> updateProcessGroup(final Revision revision, final String parentGroupId, final ProcessGroupDTO processGroupDTO) {
+ public ConfigurationSnapshot<ProcessGroupDTO> updateProcessGroup(final Revision revision, final ProcessGroupDTO processGroupDTO) {
// if process group does not exist, then create new process group
if (processGroupDAO.hasProcessGroup(processGroupDTO.getId()) == false) {
- if (parentGroupId == null) {
+ if (processGroupDTO.getParentGroupId() == null) {
throw new IllegalArgumentException("Unable to create the specified process group since the parent group was not specified.");
} else {
- return createProcessGroup(parentGroupId, revision, processGroupDTO);
+ return createProcessGroup(processGroupDTO.getParentGroupId(), revision, processGroupDTO);
}
}
@@ -579,13 +556,13 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public void verifyCanClearProcessorState(final String groupId, final String processorId) {
- processorDAO.verifyClearState(groupId, processorId);
+ public void verifyCanClearProcessorState(final String processorId) {
+ processorDAO.verifyClearState(processorId);
}
@Override
- public ConfigurationSnapshot<Void> clearProcessorState(final Revision revision, final String groupId, final String processorId) {
- return clearComponentState(revision, () -> processorDAO.clearState(groupId, processorId));
+ public ConfigurationSnapshot<Void> clearProcessorState(final Revision revision, final String processorId) {
+ return clearComponentState(revision, () -> processorDAO.clearState(processorId));
}
private ConfigurationSnapshot<Void> clearComponentState(final Revision revision, final Runnable clearState) {
@@ -621,21 +598,21 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public ConfigurationSnapshot<Void> deleteConnection(final Revision revision, final String groupId, final String connectionId) {
- return deleteComponent(revision, () -> connectionDAO.deleteConnection(groupId, connectionId));
+ public ConfigurationSnapshot<Void> deleteConnection(final Revision revision, final String connectionId) {
+ return deleteComponent(revision, () -> connectionDAO.deleteConnection(connectionId));
}
@Override
- public DropRequestDTO deleteFlowFileDropRequest(String groupId, String connectionId, String dropRequestId) {
- return dtoFactory.createDropRequestDTO(connectionDAO.deleteFlowFileDropRequest(groupId, connectionId, dropRequestId));
+ public DropRequestDTO deleteFlowFileDropRequest(String connectionId, String dropRequestId) {
+ return dtoFactory.createDropRequestDTO(connectionDAO.deleteFlowFileDropRequest(connectionId, dropRequestId));
}
@Override
- public ListingRequestDTO deleteFlowFileListingRequest(String groupId, String connectionId, String listingRequestId) {
- final ListingRequestDTO listRequest = dtoFactory.createListingRequestDTO(connectionDAO.deleteFlowFileListingRequest(groupId, connectionId, listingRequestId));
+ public ListingRequestDTO deleteFlowFileListingRequest(String connectionId, String listingRequestId) {
+ final ListingRequestDTO listRequest = dtoFactory.createListingRequestDTO(connectionDAO.deleteFlowFileListingRequest(connectionId, listingRequestId));
// include whether the source and destination are running
- final Connection connection = connectionDAO.getConnection(groupId, connectionId);
+ final Connection connection = connectionDAO.getConnection(connectionId);
if (connection.getSource() != null) {
listRequest.setSourceRunning(connection.getSource().isRunning());
}
@@ -647,18 +624,18 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public ConfigurationSnapshot<Void> deleteProcessor(final Revision revision, final String groupId, final String processorId) {
- return deleteComponent(revision, () -> processorDAO.deleteProcessor(groupId, processorId));
+ public ConfigurationSnapshot<Void> deleteProcessor(final Revision revision, final String processorId) {
+ return deleteComponent(revision, () -> processorDAO.deleteProcessor(processorId));
}
@Override
- public ConfigurationSnapshot<Void> deleteLabel(final Revision revision, final String groupId, final String labelId) {
- return deleteComponent(revision, () -> labelDAO.deleteLabel(groupId, labelId));
+ public ConfigurationSnapshot<Void> deleteLabel(final Revision revision, final String labelId) {
+ return deleteComponent(revision, () -> labelDAO.deleteLabel(labelId));
}
@Override
- public ConfigurationSnapshot<Void> deleteFunnel(final Revision revision, final String groupId, final String funnelId) {
- return deleteComponent(revision, () -> funnelDAO.deleteFunnel(groupId, funnelId));
+ public ConfigurationSnapshot<Void> deleteFunnel(final Revision revision, final String funnelId) {
+ return deleteComponent(revision, () -> funnelDAO.deleteFunnel(funnelId));
}
/**
@@ -702,13 +679,13 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public ConfigurationSnapshot<Void> deleteInputPort(final Revision revision, final String groupId, final String inputPortId) {
- return deleteComponent(revision, () -> inputPortDAO.deletePort(groupId, inputPortId));
+ public ConfigurationSnapshot<Void> deleteInputPort(final Revision revision, final String inputPortId) {
+ return deleteComponent(revision, () -> inputPortDAO.deletePort(inputPortId));
}
@Override
- public ConfigurationSnapshot<Void> deleteOutputPort(final Revision revision, final String groupId, final String outputPortId) {
- return deleteComponent(revision, () -> outputPortDAO.deletePort(groupId, outputPortId));
+ public ConfigurationSnapshot<Void> deleteOutputPort(final Revision revision, final String outputPortId) {
+ return deleteComponent(revision, () -> outputPortDAO.deletePort(outputPortId));
}
@Override
@@ -717,8 +694,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public ConfigurationSnapshot<Void> deleteRemoteProcessGroup(final Revision revision, final String groupId, final String remoteProcessGroupId) {
- return deleteComponent(revision, () -> remoteProcessGroupDAO.deleteRemoteProcessGroup(groupId, remoteProcessGroupId));
+ public ConfigurationSnapshot<Void> deleteRemoteProcessGroup(final Revision revision, final String remoteProcessGroupId) {
+ return deleteComponent(revision, () -> remoteProcessGroupDAO.deleteRemoteProcessGroup(remoteProcessGroupId));
}
@Override
@@ -733,16 +710,16 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public DropRequestDTO createFlowFileDropRequest(String groupId, String connectionId, String dropRequestId) {
- return dtoFactory.createDropRequestDTO(connectionDAO.createFlowFileDropRequest(groupId, connectionId, dropRequestId));
+ public DropRequestDTO createFlowFileDropRequest(String connectionId, String dropRequestId) {
+ return dtoFactory.createDropRequestDTO(connectionDAO.createFlowFileDropRequest(connectionId, dropRequestId));
}
@Override
- public ListingRequestDTO createFlowFileListingRequest(String groupId, String connectionId, String listingRequestId) {
- final ListingRequestDTO listRequest = dtoFactory.createListingRequestDTO(connectionDAO.createFlowFileListingRequest(groupId, connectionId, listingRequestId));
+ public ListingRequestDTO createFlowFileListingRequest(String connectionId, String listingRequestId) {
+ final ListingRequestDTO listRequest = dtoFactory.createListingRequestDTO(connectionDAO.createFlowFileListingRequest(connectionId, listingRequestId));
// include whether the source and destination are running
- final Connection connection = connectionDAO.getConnection(groupId, connectionId);
+ final Connection connection = connectionDAO.getConnection(connectionId);
if (connection.getSource() != null) {
listRequest.setSourceRunning(connection.getSource().isRunning());
}
@@ -815,11 +792,11 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
return createComponent(revision, funnelDTO, () -> funnelDAO.createFunnel(groupId, funnelDTO), funnel -> dtoFactory.createFunnelDto(funnel));
}
- private void validateSnippetContents(final FlowSnippetDTO flowSnippet, final String groupId) {
+ private void validateSnippetContents(final FlowSnippetDTO flowSnippet) {
// validate any processors
if (flowSnippet.getProcessors() != null) {
for (final ProcessorDTO processorDTO : flowSnippet.getProcessors()) {
- final ProcessorNode processorNode = processorDAO.getProcessor(groupId, processorDTO.getId());
+ final ProcessorNode processorNode = processorDAO.getProcessor(processorDTO.getId());
final Collection<ValidationResult> validationErrors = processorNode.getValidationErrors();
if (validationErrors != null && !validationErrors.isEmpty()) {
final List<String> errors = new ArrayList<>();
@@ -833,7 +810,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
if (flowSnippet.getInputPorts() != null) {
for (final PortDTO portDTO : flowSnippet.getInputPorts()) {
- final Port port = inputPortDAO.getPort(groupId, portDTO.getId());
+ final Port port = inputPortDAO.getPort(portDTO.getId());
final Collection<ValidationResult> validationErrors = port.getValidationErrors();
if (validationErrors != null && !validationErrors.isEmpty()) {
final List<String> errors = new ArrayList<>();
@@ -847,7 +824,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
if (flowSnippet.getOutputPorts() != null) {
for (final PortDTO portDTO : flowSnippet.getOutputPorts()) {
- final Port port = outputPortDAO.getPort(groupId, portDTO.getId());
+ final Port port = outputPortDAO.getPort(portDTO.getId());
final Collection<ValidationResult> validationErrors = port.getValidationErrors();
if (validationErrors != null && !validationErrors.isEmpty()) {
final List<String> errors = new ArrayList<>();
@@ -862,7 +839,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
// get any remote process group issues
if (flowSnippet.getRemoteProcessGroups() != null) {
for (final RemoteProcessGroupDTO remoteProcessGroupDTO : flowSnippet.getRemoteProcessGroups()) {
- final RemoteProcessGroup remoteProcessGroup = remoteProcessGroupDAO.getRemoteProcessGroup(groupId, remoteProcessGroupDTO.getId());
+ final RemoteProcessGroup remoteProcessGroup = remoteProcessGroupDAO.getRemoteProcessGroup(remoteProcessGroupDTO.getId());
if (remoteProcessGroup.getAuthorizationIssue() != null) {
remoteProcessGroupDTO.setAuthorizationIssues(Arrays.asList(remoteProcessGroup.getAuthorizationIssue()));
}
@@ -886,7 +863,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
final FlowSnippetDTO flowSnippet = snippetDAO.copySnippet(groupId, id, originX, originY);
// validate the new snippet
- validateSnippetContents(flowSnippet, groupId);
+ validateSnippetContents(flowSnippet);
// save the flow
controllerFacade.save();
@@ -1012,7 +989,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
final FlowSnippetDTO flowSnippet = templateDAO.instantiateTemplate(groupId, originX, originY, templateId);
// validate the new snippet
- validateSnippetContents(flowSnippet, groupId);
+ validateSnippetContents(flowSnippet);
// save the flow
controllerFacade.save();
@@ -1059,16 +1036,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
processorDTO.setId(processorId);
processorDTO.setConfig(config);
- // get the parent group id for the specified processor
- String groupId = controllerFacade.findProcessGroupIdForProcessor(processorId);
-
- // ensure the parent group id was found
- if (groupId == null) {
- throw new ResourceNotFoundException(String.format("Unable to locate Processor with id '%s'.", processorId));
- }
-
// update the processor configuration
- final ProcessorNode processor = processorDAO.updateProcessor(groupId, processorDTO);
+ final ProcessorNode processor = processorDAO.updateProcessor(processorDTO);
// save the flow
controllerFacade.save();
@@ -1262,120 +1231,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public void invalidateUser(String userId) {
- try {
- userService.invalidateUserAccount(userId);
- } catch (final AccountNotFoundException anfe) {
- // ignore
- }
- }
-
- @Override
- public void invalidateUserGroup(String userGroup, Set<String> userIds) {
- // invalidates any user currently associated with this group
- if (userGroup != null) {
- userService.invalidateUserGroupAccount(userGroup);
- }
-
- // invalidates any user that will be associated with this group
- if (userIds != null) {
- for (final String userId : userIds) {
- invalidateUser(userId);
- }
- }
- }
-
- @Override
- public UserDTO createUser() {
- NewAccountRequest newAccountRequest = NiFiUserUtils.getNewAccountRequest();
-
- // log the new user account request
- logger.info("Requesting new user account for " + newAccountRequest.getUsername());
-
- // get the justification
- String justification = newAccountRequest.getJustification();
- if (justification == null) {
- justification = StringUtils.EMPTY;
- }
-
- // create the pending user account
- return dtoFactory.createUserDTO(userService.createPendingUserAccount(newAccountRequest.getUsername(), justification));
- }
-
- @Override
- public UserDTO updateUser(UserDTO userDto) {
- NiFiUser user;
-
- // attempt to parse the user id
- final String id = userDto.getId();
-
- // determine the authorities that have been specified in the request
- Set<Authority> authorities = null;
- if (userDto.getAuthorities() != null) {
- authorities = Authority.convertRawAuthorities(userDto.getAuthorities());
- }
-
- // if the account status isn't specified or isn't changing
- final AccountStatus accountStatus = AccountStatus.valueOfStatus(userDto.getStatus());
- if (accountStatus == null || AccountStatus.ACTIVE.equals(accountStatus)) {
- // ensure that authorities have been specified (may be empty, but not null)
- if (authorities == null) {
- throw new IllegalArgumentException("Authorities must be specified when updating an account.");
- }
-
- // update the user account
- user = userService.update(id, authorities);
- } else if (AccountStatus.DISABLED.equals(accountStatus)) {
- // disable the account
- user = userService.disable(id);
- } else {
- throw new IllegalArgumentException("Accounts cannot be marked pending.");
- }
-
- return dtoFactory.createUserDTO(user);
- }
-
- @Override
- public void deleteUser(String userId) {
- userService.deleteUser(userId);
- }
-
- @Override
- public UserGroupDTO updateUserGroup(final UserGroupDTO userGroupDTO) {
- NiFiUserGroup userGroup;
-
- // convert the authorities
- Set<Authority> authorities = null;
- if (userGroupDTO.getAuthorities() != null) {
- authorities = Authority.convertRawAuthorities(userGroupDTO.getAuthorities());
- }
-
- final AccountStatus accountStatus = AccountStatus.valueOfStatus(userGroupDTO.getStatus());
- if (accountStatus == null || AccountStatus.ACTIVE.equals(accountStatus)) {
- // update the user group
- userGroup = userService.updateGroup(userGroupDTO.getGroup(), userGroupDTO.getUserIds(), authorities);
- } else if (AccountStatus.DISABLED.equals(accountStatus)) {
- // disable the accounts
- userGroup = userService.disableGroup(userGroupDTO.getGroup());
- } else {
- throw new IllegalArgumentException("Accounts cannot be marked pending.");
- }
-
- // generate the user group dto
- return dtoFactory.createUserGroupDTO(userGroup);
- }
-
- @Override
- public void removeUserFromGroup(String userId) {
- userService.ungroupUser(userId);
- }
-
- @Override
- public void removeUserGroup(String userGroup) {
- userService.ungroup(userGroup);
- }
-
- @Override
public ProvenanceDTO submitProvenance(ProvenanceDTO query) {
return controllerFacade.submitProvenance(query);
}
@@ -1414,8 +1269,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public DownloadableContent getContent(String groupId, String connectionId, String flowFileUuid, String uri) {
- return connectionDAO.getContent(groupId, connectionId, flowFileUuid, uri);
+ public DownloadableContent getContent(String connectionId, String flowFileUuid, String uri) {
+ return connectionDAO.getContent(connectionId, flowFileUuid, uri);
}
@Override
@@ -1450,24 +1305,16 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
@Override
public ControllerStatusDTO getControllerStatus() {
- // get the controller status
- final ControllerStatusDTO controllerStatus = controllerFacade.getControllerStatus();
-
- // determine if there are any pending user accounts - only include if appropriate
- if (NiFiUserUtils.getAuthorities().contains(Authority.ROLE_ADMIN.toString())) {
- controllerStatus.setHasPendingAccounts(userService.hasPendingUserAccount());
- }
-
- return controllerStatus;
+ return controllerFacade.getControllerStatus();
}
@Override
- public ComponentStateDTO getProcessorState(String groupId, String processorId) {
- final StateMap clusterState = isClustered() ? processorDAO.getState(groupId, processorId, Scope.CLUSTER) : null;
- final StateMap localState = processorDAO.getState(groupId, processorId, Scope.LOCAL);
+ public ComponentStateDTO getProcessorState(String processorId) {
+ final StateMap clusterState = isClustered() ? processorDAO.getState(processorId, Scope.CLUSTER) : null;
+ final StateMap localState = processorDAO.getState(processorId, Scope.LOCAL);
// processor will be non null as it was already found when getting the state
- final ProcessorNode processor = processorDAO.getProcessor(groupId, processorId);
+ final ProcessorNode processor = processorDAO.getProcessor(processorId);
return dtoFactory.createComponentStateDTO(processorId, processor.getProcessor().getClass(), localState, clusterState);
}
@@ -1516,21 +1363,21 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public ConnectionDTO getConnection(String groupId, String connectionId) {
- return dtoFactory.createConnectionDto(connectionDAO.getConnection(groupId, connectionId));
+ public ConnectionDTO getConnection(String connectionId) {
+ return dtoFactory.createConnectionDto(connectionDAO.getConnection(connectionId));
}
@Override
- public DropRequestDTO getFlowFileDropRequest(String groupId, String connectionId, String dropRequestId) {
- return dtoFactory.createDropRequestDTO(connectionDAO.getFlowFileDropRequest(groupId, connectionId, dropRequestId));
+ public DropRequestDTO getFlowFileDropRequest(String connectionId, String dropRequestId) {
+ return dtoFactory.createDropRequestDTO(connectionDAO.getFlowFileDropRequest(connectionId, dropRequestId));
}
@Override
- public ListingRequestDTO getFlowFileListingRequest(String groupId, String connectionId, String listingRequestId) {
- final ListingRequestDTO listRequest = dtoFactory.createListingRequestDTO(connectionDAO.getFlowFileListingRequest(groupId, connectionId, listingRequestId));
+ public ListingRequestDTO getFlowFileListingRequest(String connectionId, String listingRequestId) {
+ final ListingRequestDTO listRequest = dtoFactory.createListingRequestDTO(connectionDAO.getFlowFileListingRequest(connectionId, listingRequestId));
// include whether the source and destination are running
- final Connection connection = connectionDAO.getConnection(groupId, connectionId);
+ final Connection connection = connectionDAO.getConnection(connectionId);
if (connection.getSource() != null) {
listRequest.setSourceRunning(connection.getSource().isRunning());
}
@@ -1542,18 +1389,18 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public FlowFileDTO getFlowFile(String groupId, String connectionId, String flowFileUuid) {
- return dtoFactory.createFlowFileDTO(connectionDAO.getFlowFile(groupId, connectionId, flowFileUuid));
+ public FlowFileDTO getFlowFile(String connectionId, String flowFileUuid) {
+ return dtoFactory.createFlowFileDTO(connectionDAO.getFlowFile(connectionId, flowFileUuid));
}
@Override
- public ConnectionStatusDTO getConnectionStatus(String groupId, String connectionId) {
- return controllerFacade.getConnectionStatus(groupId, connectionId);
+ public ConnectionStatusDTO getConnectionStatus(String connectionId) {
+ return controllerFacade.getConnectionStatus(connectionId);
}
@Override
- public StatusHistoryDTO getConnectionStatusHistory(String groupId, String connectionId) {
- return controllerFacade.getConnectionStatusHistory(groupId, connectionId);
+ public StatusHistoryDTO getConnectionStatusHistory(String connectionId) {
+ return controllerFacade.getConnectionStatusHistory(connectionId);
}
@Override
@@ -1610,15 +1457,15 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public ProcessorDTO getProcessor(String groupId, String id) {
- final ProcessorNode processor = processorDAO.getProcessor(groupId, id);
+ public ProcessorDTO getProcessor(String id) {
+ final ProcessorNode processor = processorDAO.getProcessor(id);
final ProcessorDTO processorDto = dtoFactory.createProcessorDto(processor);
return processorDto;
}
@Override
- public PropertyDescriptorDTO getProcessorPropertyDescriptor(String groupId, String id, String property) {
- final ProcessorNode processor = processorDAO.getProcessor(groupId, id);
+ public PropertyDescriptorDTO getProcessorPropertyDescriptor(String id, String property) {
+ final ProcessorNode processor = processorDAO.getProcessor(id);
PropertyDescriptor descriptor = processor.getPropertyDescriptor(property);
// return an invalid descriptor if the processor doesn't suppor this property
@@ -1630,13 +1477,13 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public ProcessorStatusDTO getProcessorStatus(String groupId, String id) {
- return controllerFacade.getProcessorStatus(groupId, id);
+ public ProcessorStatusDTO getProcessorStatus(String id) {
+ return controllerFacade.getProcessorStatus(id);
}
@Override
- public StatusHistoryDTO getProcessorStatusHistory(String groupId, String id) {
- return controllerFacade.getProcessorStatusHistory(groupId, id);
+ public StatusHistoryDTO getProcessorStatusHistory(String id) {
+ return controllerFacade.getProcessorStatusHistory(id);
}
@Override
@@ -1693,18 +1540,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
return true;
}
- final Set<String> allowedUsers = port.getUserAccessControl();
- if (allowedUsers.contains(user.getIdentity())) {
- return true;
- }
-
- final String userGroup = user.getUserGroup();
- if (userGroup == null) {
- return false;
- }
-
- final Set<String> allowedGroups = port.getGroupAccessControl();
- return allowedGroups.contains(userGroup);
+ // TODO - defer to authorizer to see if user is able to retrieve site-to-site details for the specified port
+ return true;
}
@Override
@@ -1714,12 +1551,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
throw new WebApplicationException(new Throwable("Unable to access details for current user."));
}
- // at this point we know that the user must have ROLE_NIFI because it's required
- // get to the endpoint that calls this method but we'll check again anyways
- final Set<Authority> authorities = user.getAuthorities();
- if (!authorities.contains(Authority.ROLE_NIFI)) {
- throw new AccessDeniedException("User must have the NiFi role in order to access these details.");
- }
+ // TODO - defer to authorizer to see if user is able to retrieve site-to-site details
+
+ // TODO - filter response for access to specific ports
// serialize the input ports this NiFi has access to
final Set<PortDTO> inputPorts = new LinkedHashSet<>();
@@ -1779,11 +1613,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public String getInstanceId() {
- return controllerFacade.getInstanceId();
- }
-
- @Override
public ControllerConfigurationDTO getControllerConfiguration() {
ControllerConfigurationDTO controllerConfig = new ControllerConfigurationDTO();
controllerConfig.setName(controllerFacade.getName());
@@ -1822,8 +1651,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public LabelDTO getLabel(String groupId, String labelId) {
- return dtoFactory.createLabelDto(labelDAO.getLabel(groupId, labelId));
+ public LabelDTO getLabel(String labelId) {
+ return dtoFactory.createLabelDto(labelDAO.getLabel(labelId));
}
@Override
@@ -1836,8 +1665,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public FunnelDTO getFunnel(String groupId, String funnelId) {
- return dtoFactory.createFunnelDto(funnelDAO.getFunnel(groupId, funnelId));
+ public FunnelDTO getFunnel(String funnelId) {
+ return dtoFactory.createFunnelDto(funnelDAO.getFunnel(funnelId));
}
@Override
@@ -1885,38 +1714,38 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public PortDTO getInputPort(String groupId, String inputPortId) {
- return dtoFactory.createPortDto(inputPortDAO.getPort(groupId, inputPortId));
+ public PortDTO getInputPort(String inputPortId) {
+ return dtoFactory.createPortDto(inputPortDAO.getPort(inputPortId));
}
@Override
- public PortStatusDTO getInputPortStatus(String groupId, String inputPortId) {
- return controllerFacade.getInputPortStatus(groupId, inputPortId);
+ public PortStatusDTO getInputPortStatus(String inputPortId) {
+ return controllerFacade.getInputPortStatus(inputPortId);
}
@Override
- public PortDTO getOutputPort(String groupId, String outputPortId) {
- return dtoFactory.createPortDto(outputPortDAO.getPort(groupId, outputPortId));
+ public PortDTO getOutputPort(String outputPortId) {
+ return dtoFactory.createPortDto(outputPortDAO.getPort(outputPortId));
}
@Override
- public PortStatusDTO getOutputPortStatus(String groupId, String outputPortId) {
- return controllerFacade.getOutputPortStatus(groupId, outputPortId);
+ public PortStatusDTO getOutputPortStatus(String outputPortId) {
+ return controllerFacade.getOutputPortStatus(outputPortId);
}
@Override
- public RemoteProcessGroupDTO getRemoteProcessGroup(String groupId, String remoteProcessGroupId) {
- return dtoFactory.createRemoteProcessGroupDto(remoteProcessGroupDAO.getRemoteProcessGroup(groupId, remoteProcessGroupId));
+ public RemoteProcessGroupDTO getRemoteProcessGroup(String remoteProcessGroupId) {
+ return dtoFactory.createRemoteProcessGroupDto(remoteProcessGroupDAO.getRemoteProcessGroup(remoteProcessGroupId));
}
@Override
- public RemoteProcessGroupStatusDTO getRemoteProcessGroupStatus(String groupId, String id) {
- return controllerFacade.getRemoteProcessGroupStatus(groupId, id);
+ public RemoteProcessGroupStatusDTO getRemoteProcessGroupStatus(String id) {
+ return controllerFacade.getRemoteProcessGroupStatus(id);
}
@Override
- public StatusHistoryDTO getRemoteProcessGroupStatusHistory(String groupId, String id) {
- return controllerFacade.getRemoteProcessGroupStatusHistory(groupId, id);
+ public StatusHistoryDTO getRemoteProcessGroupStatusHistory(String id) {
+ return controllerFacade.getRemoteProcessGroupStatusHistory(id);
}
@Override
@@ -2057,83 +1886,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public UserDTO getUser(String userId) {
- // get the user
- NiFiUser user = userService.getUserById(userId);
-
- // ensure the user was found
- if (user == null) {
- throw new ResourceNotFoundException(String.format("Unable to find user with id '%s'.", userId));
- }
-
- return dtoFactory.createUserDTO(user);
- }
-
- @Override
- public Collection<UserDTO> getUsers(Boolean grouped) {
- // get the users
- final Collection<NiFiUser> users = userService.getUsers();
- final Collection<UserDTO> userDTOs = new HashSet<>();
-
- if (grouped) {
- final Map<String, UserDTO> groupedUserDTOs = new HashMap<>();
-
- // group the users
- for (final NiFiUser user : users) {
- if (StringUtils.isNotBlank(user.getUserGroup())) {
- if (groupedUserDTOs.containsKey(user.getUserGroup())) {
- final UserDTO groupedUser = groupedUserDTOs.get(user.getUserGroup());
- groupedUser.setId(groupedUser.getId() + "," + String.valueOf(user.getId()));
- groupedUser.setUserName(groupedUser.getUserName() + ", " + user.getUserName());
- groupedUser.setDn(groupedUser.getDn() + ", " + user.getIdentity());
- groupedUser.setCreation(getOldestDate(groupedUser.getCreation(), user.getCreation()));
- groupedUser.setLastAccessed(getNewestDate(groupedUser.getLastAccessed(), user.getLastAccessed()));
- groupedUser.setLastVerified(getNewestDate(groupedUser.getLastVerified(), user.getLastVerified()));
-
- // only retain the justification if al users have the same justification
- if (groupedUser.getJustification() != null) {
- if (!groupedUser.getStatus().equals(user.getJustification())) {
- groupedUser.setJustification(null);
- }
- }
-
- // only retain the status if all users have the same status
- if (groupedUser.getStatus() != null) {
- if (!groupedUser.getStatus().equals(user.getStatus().toString())) {
- groupedUser.setStatus(null);
- }
- }
-
- // only retain the authorities if all users have the same authorities
- if (groupedUser.getAuthorities() != null) {
- final Set<String> groupAuthorities = new HashSet<>(groupedUser.getAuthorities());
- final Set<String> userAuthorities = Authority.convertAuthorities(user.getAuthorities());
- if (!CollectionUtils.isEqualCollection(groupAuthorities, userAuthorities)) {
- groupedUser.setAuthorities(null);
- }
- }
- } else {
- groupedUserDTOs.put(user.getUserGroup(), dtoFactory.createUserDTO(user));
- }
- } else {
- userDTOs.add(dtoFactory.createUserDTO(user));
- }
- }
-
- // add the grouped users
- userDTOs.addAll(groupedUserDTOs.values());
- } else {
- // convert each into a DTOs
- for (final NiFiUser user : users) {
- userDTOs.add(dtoFactory.createUserDTO(user));
- }
- }
-
- return userDTOs;
- }
-
-
- @Override
public boolean isClustered() {
return controllerFacade.isClustered();
}
@@ -2189,26 +1941,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
clusterManager.deleteNode(nodeId, userDn);
}
- @Override
- public ProcessorDTO getProcessor(String id) {
- ClassLoader currentContextClassLoader = Thread.currentThread().getContextClassLoader();
- try {
- String groupId = controllerFacade.findProcessGroupIdForProcessor(id);
-
- // ensure the parent group id was found
- if (groupId == null) {
- throw new ResourceNotFoundException(String.format("Unable to locate Processor with id '%s'.", id));
- }
-
- // get the processor
- return getProcessor(groupId, id);
- } finally {
- if (currentContextClassLoader != null) {
- Thread.currentThread().setContextClassLoader(currentContextClassLoader);
- }
- }
- }
-
/* setters */
public void setProperties(NiFiProperties properties) {
this.properties = properties;
@@ -2246,8 +1978,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
this.auditService = auditService;
}
- public void setUserService(UserService userService) {
- this.userService = userService;
+ public void setKeyService(KeyService keyService) {
+ this.keyService = keyService;
}
public void setOptimisticLockingManager(OptimisticLockingManager optimisticLockingManager) {
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java
index cae1175..f5d5e2f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java
@@ -16,22 +16,8 @@
*/
package org.apache.nifi.web;
-import java.io.Serializable;
-import java.io.UnsupportedEncodingException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.net.URLEncoder;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Objects;
-
-import javax.ws.rs.HttpMethod;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-
+import com.sun.jersey.core.util.MultivaluedMapImpl;
+import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.action.Action;
import org.apache.nifi.action.Component;
import org.apache.nifi.action.FlowChangeAction;
@@ -42,31 +28,41 @@ import org.apache.nifi.admin.service.AuditService;
import org.apache.nifi.cluster.manager.NodeResponse;
import org.apache.nifi.cluster.manager.impl.WebClusterManager;
import org.apache.nifi.controller.ControllerService;
-import org.apache.nifi.web.security.user.NiFiUserDetails;
-import org.apache.nifi.web.security.user.NiFiUserUtils;
+import org.apache.nifi.controller.ControllerServiceLookup;
+import org.apache.nifi.controller.reporting.ReportingTaskProvider;
import org.apache.nifi.user.NiFiUser;
import org.apache.nifi.util.NiFiProperties;
+import org.apache.nifi.web.api.dto.ControllerServiceDTO;
import org.apache.nifi.web.api.dto.ProcessorConfigDTO;
import org.apache.nifi.web.api.dto.ProcessorDTO;
+import org.apache.nifi.web.api.dto.ReportingTaskDTO;
import org.apache.nifi.web.api.dto.RevisionDTO;
+import org.apache.nifi.web.api.entity.ControllerServiceEntity;
import org.apache.nifi.web.api.entity.ProcessorEntity;
+import org.apache.nifi.web.api.entity.ReportingTaskEntity;
+import org.apache.nifi.web.security.user.NiFiUserDetails;
+import org.apache.nifi.web.security.user.NiFiUserUtils;
+import org.apache.nifi.web.util.ClientResponseUtils;
import org.apache.nifi.web.util.WebUtils;
-
-import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
-import com.sun.jersey.core.util.MultivaluedMapImpl;
-import org.apache.nifi.controller.ControllerServiceLookup;
-import org.apache.nifi.controller.reporting.ReportingTaskProvider;
-import org.apache.nifi.web.api.dto.ControllerServiceDTO;
-import org.apache.nifi.web.api.dto.ReportingTaskDTO;
-import org.apache.nifi.web.api.entity.ControllerServiceEntity;
-import org.apache.nifi.web.api.entity.ReportingTaskEntity;
-import org.apache.nifi.web.util.ClientResponseUtils;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+import java.io.Serializable;
+import java.io.UnsupportedEncodingException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URLEncoder;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Objects;
/**
* Implements the NiFiWebConfigurationContext interface to support a context in both standalone and clustered environments.
@@ -86,13 +82,13 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration
private AuditService auditService;
@Override
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
public ControllerService getControllerService(String serviceIdentifier) {
return controllerServiceLookup.getControllerService(serviceIdentifier);
}
@Override
- @PreAuthorize("hasAnyRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
public void saveActions(final NiFiWebRequestContext requestContext, final Collection<ConfigurationAction> configurationActions) {
Objects.requireNonNull(configurationActions, "Actions cannot be null.");
@@ -158,9 +154,9 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration
}
@Override
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
public String getCurrentUserDn() {
- String userIdentity = NiFiUser.ANONYMOUS_USER_IDENTITY;
+ String userIdentity = NiFiUser.ANONYMOUS.getIdentity();
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user != null) {
@@ -171,9 +167,9 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration
}
@Override
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
public String getCurrentUserName() {
- String userName = NiFiUser.ANONYMOUS_USER_IDENTITY;
+ String userName = NiFiUser.ANONYMOUS.getIdentity();
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user != null) {
@@ -184,7 +180,7 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration
}
@Override
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
public ComponentDetails getComponentDetails(final NiFiWebRequestContext requestContext) throws ResourceNotFoundException, ClusterRequestException {
final String id = requestContext.getId();
@@ -219,7 +215,7 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration
}
@Override
- @PreAuthorize("hasAnyRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
public ComponentDetails setAnnotationData(final NiFiWebConfigurationRequestContext requestContext, final String annotationData)
throws ResourceNotFoundException, InvalidRevisionException, ClusterRequestException {
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebContext.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebContext.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebContext.java
index 9667ad6..158dbfa 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebContext.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebContext.java
@@ -16,22 +16,8 @@
*/
package org.apache.nifi.web;
-import java.io.Serializable;
-import java.io.UnsupportedEncodingException;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.net.URLEncoder;
-import java.util.Collection;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Objects;
-
-import javax.ws.rs.HttpMethod;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-
+import com.sun.jersey.core.util.MultivaluedMapImpl;
+import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.action.Action;
import org.apache.nifi.action.Component;
import org.apache.nifi.action.FlowChangeAction;
@@ -42,26 +28,36 @@ import org.apache.nifi.admin.service.AuditService;
import org.apache.nifi.cluster.manager.NodeResponse;
import org.apache.nifi.cluster.manager.impl.WebClusterManager;
import org.apache.nifi.controller.ControllerService;
-import org.apache.nifi.web.security.user.NiFiUserDetails;
-import org.apache.nifi.web.security.user.NiFiUserUtils;
+import org.apache.nifi.controller.ControllerServiceLookup;
import org.apache.nifi.user.NiFiUser;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.api.dto.ProcessorConfigDTO;
import org.apache.nifi.web.api.dto.ProcessorDTO;
import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.entity.ProcessorEntity;
+import org.apache.nifi.web.security.user.NiFiUserDetails;
+import org.apache.nifi.web.security.user.NiFiUserUtils;
+import org.apache.nifi.web.util.ClientResponseUtils;
import org.apache.nifi.web.util.WebUtils;
-
-import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
-import com.sun.jersey.core.util.MultivaluedMapImpl;
-import org.apache.nifi.controller.ControllerServiceLookup;
-import org.apache.nifi.web.util.ClientResponseUtils;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response;
+import java.io.Serializable;
+import java.io.UnsupportedEncodingException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.net.URLEncoder;
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Objects;
/**
* Implements the NiFiWebContext interface to support a context in both standalone and clustered environments.
@@ -81,13 +77,13 @@ public class StandardNiFiWebContext implements NiFiWebContext {
private AuditService auditService;
@Override
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
public ControllerService getControllerService(String serviceIdentifier) {
return controllerServiceLookup.getControllerService(serviceIdentifier);
}
@Override
- @PreAuthorize("hasRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
public void saveActions(final Collection<ProcessorConfigurationAction> processorActions) {
Objects.requireNonNull(processorActions, "Actions cannot be null.");
@@ -129,9 +125,9 @@ public class StandardNiFiWebContext implements NiFiWebContext {
}
@Override
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
public String getCurrentUserDn() {
- String userIdentity = NiFiUser.ANONYMOUS_USER_IDENTITY;
+ String userIdentity = NiFiUser.ANONYMOUS.getIdentity();
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user != null) {
@@ -142,9 +138,9 @@ public class StandardNiFiWebContext implements NiFiWebContext {
}
@Override
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
public String getCurrentUserName() {
- String userName = NiFiUser.ANONYMOUS_USER_IDENTITY;
+ String userName = NiFiUser.ANONYMOUS.getIdentity();
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user != null) {
@@ -155,7 +151,7 @@ public class StandardNiFiWebContext implements NiFiWebContext {
}
@Override
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
public ProcessorInfo getProcessor(final NiFiWebContextConfig config) throws ResourceNotFoundException, ClusterRequestException {
final Revision revision = config.getRevision();
@@ -221,7 +217,7 @@ public class StandardNiFiWebContext implements NiFiWebContext {
}
@Override
- @PreAuthorize("hasAnyRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
public void setProcessorAnnotationData(final NiFiWebContextConfig config, String annotationData)
throws ResourceNotFoundException, InvalidRevisionException, ClusterRequestException {
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
index 5ec8d01..c57e4ff 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
@@ -47,7 +47,6 @@ import org.apache.nifi.web.security.jwt.JwtService;
import org.apache.nifi.web.security.kerberos.KerberosService;
import org.apache.nifi.web.security.otp.OtpService;
import org.apache.nifi.web.security.token.LoginAuthenticationToken;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
import org.apache.nifi.web.security.token.OtpAuthenticationToken;
import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.apache.nifi.web.security.x509.X509CertificateExtractor;
@@ -59,8 +58,6 @@ import org.springframework.security.authentication.AccountStatusException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
-import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import javax.servlet.http.HttpServletRequest;
@@ -103,8 +100,6 @@ public class AccessResource extends ApplicationResource {
private KerberosService kerberosService;
- private AuthenticationUserDetailsService<NiFiAuthorizationRequestToken> userDetailsService;
-
/**
* Retrieves the access configuration for this NiFi.
*
@@ -132,7 +127,7 @@ public class AccessResource extends ApplicationResource {
// specify whether login should be supported and only support for secure requests
accessConfiguration.setSupportsLogin(loginIdentityProvider != null && httpServletRequest.isSecure());
- accessConfiguration.setSupportsAnonymous(!properties.getAnonymousAuthorities().isEmpty() || !httpServletRequest.isSecure());
+ accessConfiguration.setSupportsAnonymous(false);
// create the revision
final RevisionDTO revision = new RevisionDTO();
@@ -211,16 +206,12 @@ public class AccessResource extends ApplicationResource {
// without a certificate, this is not a proxied request
final List<String> chain = Arrays.asList(principal);
- // ensure the proxy chain is authorized
- final UserDetails userDetails = checkAuthorization(chain);
+ // TODO - ensure the proxy chain is authorized
+// final UserDetails userDetails = checkAuthorization(chain);
// no issues with authorization... verify authorities
accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name());
- if (userDetails.getAuthorities().isEmpty()) {
- accessStatus.setMessage("Your account is active but currently does not have any level of access.");
- } else {
- accessStatus.setMessage("Your account is active and you are already logged in.");
- }
+ accessStatus.setMessage("Your account is active and you are already logged in.");
} catch (JwtException e) {
throw new InvalidAuthenticationException(e.getMessage(), e);
}
@@ -240,28 +231,19 @@ public class AccessResource extends ApplicationResource {
accessStatus.setIdentity(proxyChain.get(0));
accessStatus.setUsername(CertificateUtils.extractUsername(proxyChain.get(0)));
- // ensure the proxy chain is authorized
- final UserDetails userDetails = checkAuthorization(proxyChain);
+ // TODO - ensure the proxy chain is authorized
+// final UserDetails userDetails = checkAuthorization(proxyChain);
// no issues with authorization... verify authorities
accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name());
- if (userDetails.getAuthorities().isEmpty()) {
- accessStatus.setMessage("Your account is active but currently does not have any level of access.");
- } else {
- accessStatus.setMessage("Your account is active and you are already logged in.");
- }
+ accessStatus.setMessage("Your account is active and you are already logged in.");
} catch (final IllegalArgumentException iae) {
throw new InvalidAuthenticationException(iae.getMessage(), iae);
}
}
} catch (final UsernameNotFoundException unfe) {
- if (properties.getSupportNewAccountRequests()) {
- accessStatus.setStatus(AccessStatusDTO.Status.UNREGISTERED.name());
- accessStatus.setMessage(String.format("Unregistered user %s", accessStatus.getIdentity()));
- } else {
- accessStatus.setStatus(AccessStatusDTO.Status.NOT_ACTIVE.name());
- accessStatus.setMessage("This NiFi does not support new account requests.");
- }
+ accessStatus.setStatus(AccessStatusDTO.Status.NOT_ACTIVE.name());
+ accessStatus.setMessage("This NiFi does not support new account requests.");
} catch (final AccountStatusException ase) {
accessStatus.setStatus(AccessStatusDTO.Status.NOT_ACTIVE.name());
accessStatus.setMessage(ase.getMessage());
@@ -284,16 +266,6 @@ public class AccessResource extends ApplicationResource {
}
/**
- * Checks the status of the proxy.
- *
- * @param proxyChain the proxy chain
- * @throws AuthenticationException if the proxy chain is not authorized
- */
- private UserDetails checkAuthorization(final List<String> proxyChain) throws AuthenticationException {
- return userDetailsService.loadUserDetails(new NiFiAuthorizationRequestToken(proxyChain));
- }
-
- /**
* Creates a single use access token for downloading FlowFile content.
*
* @param httpServletRequest the servlet request
@@ -535,8 +507,8 @@ public class AccessResource extends ApplicationResource {
throw new IllegalArgumentException("Unable to determine the user from the incoming request.");
}
- // authorize the proxy if necessary
- authorizeProxyIfNecessary(proxyChain);
+ // TODO - authorize the proxy if necessary
+// authorizeProxyIfNecessary(proxyChain);
// create the authentication token
loginAuthenticationToken = new LoginAuthenticationToken(proxyChain.get(0), authenticationResponse.getExpiration(), authenticationResponse.getIssuer());
@@ -550,30 +522,6 @@ public class AccessResource extends ApplicationResource {
return generateCreatedResponse(uri, token).build();
}
- /**
- * Ensures the proxyChain is authorized before allowing the user to be authenticated.
- *
- * @param proxyChain the proxy chain
- * @throws AuthenticationException if the proxy chain is not authorized
- */
- private void authorizeProxyIfNecessary(final List<String> proxyChain) throws AuthenticationException {
- if (proxyChain.size() > 1) {
- try {
- userDetailsService.loadUserDetails(new NiFiAuthorizationRequestToken(proxyChain));
- } catch (final UsernameNotFoundException unfe) {
- // if a username not found exception was thrown, the proxies were authorized and now
- // we can issue a new token to the end user which they will use to identify themselves
- // when they enter a new account request
- } catch (final AuthenticationServiceException ase) {
- // throw an administration exception which will return a 500
- throw new AdministrationException(ase.getMessage(), ase);
- } catch (final Exception e) {
- // any other issue we're going to treat as access denied exception which will return 403
- throw new AccessDeniedException(e.getMessage(), e);
- }
- }
- }
-
private long validateTokenExpiration(long proposedTokenExpiration, String identity) {
final long maxExpiration = TimeUnit.MILLISECONDS.convert(12, TimeUnit.HOURS);
final long minExpiration = TimeUnit.MILLISECONDS.convert(1, TimeUnit.MINUTES);
@@ -619,9 +567,4 @@ public class AccessResource extends ApplicationResource {
public void setCertificateIdentityProvider(X509IdentityProvider certificateIdentityProvider) {
this.certificateIdentityProvider = certificateIdentityProvider;
}
-
- public void setUserDetailsService(AuthenticationUserDetailsService<NiFiAuthorizationRequestToken> userDetailsService) {
- this.userDetailsService = userDetailsService;
- }
-
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/BulletinBoardResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/BulletinBoardResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/BulletinBoardResource.java
index d13b5c9..f7ae37e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/BulletinBoardResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/BulletinBoardResource.java
@@ -16,16 +16,11 @@
*/
package org.apache.nifi.web.api;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.GET;
-import javax.ws.rs.HttpMethod;
-import javax.ws.rs.Path;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-
+import com.wordnik.swagger.annotations.ApiOperation;
+import com.wordnik.swagger.annotations.ApiParam;
+import com.wordnik.swagger.annotations.ApiResponse;
+import com.wordnik.swagger.annotations.ApiResponses;
+import com.wordnik.swagger.annotations.Authorization;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.cluster.manager.impl.WebClusterManager;
import org.apache.nifi.util.NiFiProperties;
@@ -38,19 +33,21 @@ import org.apache.nifi.web.api.request.BulletinBoardPatternParameter;
import org.apache.nifi.web.api.request.ClientIdParameter;
import org.apache.nifi.web.api.request.IntegerParameter;
import org.apache.nifi.web.api.request.LongParameter;
-import org.springframework.security.access.prepost.PreAuthorize;
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiParam;
-import com.wordnik.swagger.annotations.ApiResponse;
-import com.wordnik.swagger.annotations.ApiResponses;
-import com.wordnik.swagger.annotations.Authorization;
+import javax.ws.rs.Consumes;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.GET;
+import javax.ws.rs.HttpMethod;
+import javax.ws.rs.Path;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
/**
* RESTful endpoint for managing a Template.
*/
-@Api(hidden = true)
+@Path("bulletin-board")
public class BulletinBoardResource extends ApplicationResource {
private NiFiProperties properties;
@@ -75,9 +72,9 @@ public class BulletinBoardResource extends ApplicationResource {
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
+ @Produces(MediaType.APPLICATION_JSON)
@Path("") // necessary due to bug in swagger
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets current bulletins",
response = BulletinBoardEntity.class,
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ClusterResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ClusterResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ClusterResource.java
index ec4c69e..a2a2d5b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ClusterResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ClusterResource.java
@@ -42,7 +42,6 @@ import org.apache.nifi.web.api.entity.ClusterSearchResultsEntity;
import org.apache.nifi.web.api.entity.ProcessorEntity;
import org.apache.nifi.web.api.request.ClientIdParameter;
import org.apache.nifi.web.api.request.LongParameter;
-import org.springframework.security.access.prepost.PreAuthorize;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
@@ -115,7 +114,7 @@ public class ClusterResource extends ApplicationResource {
@GET
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets the contents of the cluster",
notes = "Returns the contents of the cluster including all nodes and their status.",
@@ -171,7 +170,7 @@ public class ClusterResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
@Path("/search-results")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Searches the cluster for a node with the specified address",
response = ClusterSearchResultsEntity.class,
@@ -245,7 +244,7 @@ public class ClusterResource extends ApplicationResource {
@Consumes(MediaType.WILDCARD)
@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
@Path("/processors/{id}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
@ApiOperation(
value = "Gets the specified processor",
response = ProcessorEntity.class,
@@ -310,7 +309,7 @@ public class ClusterResource extends ApplicationResource {
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
@Path("/processors/{id}")
- @PreAuthorize("hasAnyRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
public Response updateProcessor(
@Context HttpServletRequest httpServletRequest,
@FormParam(VERSION) LongParameter version,
@@ -360,7 +359,7 @@ public class ClusterResource extends ApplicationResource {
@Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
@Produces({MediaType.APPLICATION_XML, MediaType.APPLICATION_JSON})
@Path("/processors/{id}")
- @PreAuthorize("hasAnyRole('ROLE_DFM')")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')")
@ApiOperation(
value = "Updates processor annotation data",
response = ProcessorEntity.class,
[10/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java
index 96beff5..1154a39 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java
@@ -17,13 +17,14 @@
package org.apache.nifi.web.api;
import com.sun.jersey.api.core.ResourceContext;
-import com.wordnik.swagger.annotations.Api;
import com.wordnik.swagger.annotations.ApiOperation;
import com.wordnik.swagger.annotations.ApiParam;
import com.wordnik.swagger.annotations.ApiResponse;
import com.wordnik.swagger.annotations.ApiResponses;
import com.wordnik.swagger.annotations.Authorization;
import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.cluster.context.ClusterContext;
+import org.apache.nifi.cluster.context.ClusterContextThreadLocal;
import org.apache.nifi.cluster.manager.NodeResponse;
import org.apache.nifi.cluster.manager.exception.UnknownNodeException;
import org.apache.nifi.cluster.manager.impl.WebClusterManager;
@@ -33,23 +34,41 @@ import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.ConfigurationSnapshot;
import org.apache.nifi.web.NiFiServiceFacade;
import org.apache.nifi.web.Revision;
+import org.apache.nifi.web.api.dto.ConnectionDTO;
import org.apache.nifi.web.api.dto.FlowSnippetDTO;
-import org.apache.nifi.web.api.dto.PositionDTO;
+import org.apache.nifi.web.api.dto.FunnelDTO;
+import org.apache.nifi.web.api.dto.LabelDTO;
+import org.apache.nifi.web.api.dto.PortDTO;
import org.apache.nifi.web.api.dto.ProcessGroupDTO;
+import org.apache.nifi.web.api.dto.ProcessorDTO;
+import org.apache.nifi.web.api.dto.RemoteProcessGroupDTO;
import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.dto.status.NodeProcessGroupStatusSnapshotDTO;
import org.apache.nifi.web.api.dto.status.ProcessGroupStatusDTO;
import org.apache.nifi.web.api.dto.status.ProcessGroupStatusSnapshotDTO;
import org.apache.nifi.web.api.dto.status.StatusHistoryDTO;
+import org.apache.nifi.web.api.entity.ConnectionEntity;
+import org.apache.nifi.web.api.entity.ConnectionsEntity;
import org.apache.nifi.web.api.entity.FlowSnippetEntity;
+import org.apache.nifi.web.api.entity.FunnelEntity;
+import org.apache.nifi.web.api.entity.FunnelsEntity;
+import org.apache.nifi.web.api.entity.InputPortEntity;
+import org.apache.nifi.web.api.entity.InputPortsEntity;
+import org.apache.nifi.web.api.entity.LabelEntity;
+import org.apache.nifi.web.api.entity.LabelsEntity;
+import org.apache.nifi.web.api.entity.OutputPortEntity;
+import org.apache.nifi.web.api.entity.OutputPortsEntity;
import org.apache.nifi.web.api.entity.ProcessGroupEntity;
import org.apache.nifi.web.api.entity.ProcessGroupStatusEntity;
import org.apache.nifi.web.api.entity.ProcessGroupsEntity;
+import org.apache.nifi.web.api.entity.ProcessorEntity;
+import org.apache.nifi.web.api.entity.ProcessorsEntity;
+import org.apache.nifi.web.api.entity.RemoteProcessGroupEntity;
+import org.apache.nifi.web.api.entity.RemoteProcessGroupsEntity;
import org.apache.nifi.web.api.entity.StatusHistoryEntity;
import org.apache.nifi.web.api.request.ClientIdParameter;
import org.apache.nifi.web.api.request.DoubleParameter;
import org.apache.nifi.web.api.request.LongParameter;
-import org.springframework.security.access.prepost.PreAuthorize;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Consumes;
@@ -64,12 +83,11 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.net.URI;
-import java.net.URISyntaxException;
+import java.nio.charset.StandardCharsets;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -79,7 +97,7 @@ import java.util.UUID;
/**
* RESTful endpoint for managing a Group.
*/
-@Api(hidden = true)
+@Path("process-groups")
public class ProcessGroupResource extends ApplicationResource {
private static final String VERBOSE = "false";
@@ -91,119 +109,14 @@ public class ProcessGroupResource extends ApplicationResource {
private NiFiServiceFacade serviceFacade;
private WebClusterManager clusterManager;
private NiFiProperties properties;
- private String groupId;
- /**
- * Get the processor resource within the specified group.
- *
- * @return the processor resource within the specified group
- */
- @Path("processors")
- @ApiOperation(
- value = "Gets the processor resource",
- response = ProcessorResource.class
- )
- public ProcessorResource getProcessorResource() {
- ProcessorResource processorResource = resourceContext.getResource(ProcessorResource.class);
- processorResource.setGroupId(groupId);
- return processorResource;
- }
-
- /**
- * Get the connection sub-resource within the specified group.
- *
- * @return the connection sub-resource within the specified group
- */
- @Path("connections")
- @ApiOperation(
- value = "Gets the connection resource",
- response = ConnectionResource.class
- )
- public ConnectionResource getConnectionResource() {
- ConnectionResource connectionResource = resourceContext.getResource(ConnectionResource.class);
- connectionResource.setGroupId(groupId);
- return connectionResource;
- }
-
- /**
- * Get the input ports sub-resource within the specified group.
- *
- * @return the input ports sub-resource within the specified group
- */
- @Path("input-ports")
- @ApiOperation(
- value = "Gets the input port resource",
- response = InputPortResource.class
- )
- public InputPortResource getInputPortResource() {
- InputPortResource inputPortResource = resourceContext.getResource(InputPortResource.class);
- inputPortResource.setGroupId(groupId);
- return inputPortResource;
- }
-
- /**
- * Get the output ports sub-resource within the specified group.
- *
- * @return the output ports sub-resource within the specified group
- */
- @Path("output-ports")
- @ApiOperation(
- value = "Gets the output port resource",
- response = OutputPortResource.class
- )
- public OutputPortResource getOutputPortResource() {
- OutputPortResource outputPortResource = resourceContext.getResource(OutputPortResource.class);
- outputPortResource.setGroupId(groupId);
- return outputPortResource;
- }
-
- /**
- * Locates the label sub-resource within the specified group.
- *
- * @return the label sub-resource within the specified group
- */
- @Path("labels")
- @ApiOperation(
- value = "Gets the label resource",
- response = LabelResource.class
- )
- public LabelResource getLabelResource() {
- LabelResource labelResource = resourceContext.getResource(LabelResource.class);
- labelResource.setGroupId(groupId);
- return labelResource;
- }
-
- /**
- * Locates the funnel sub-resource within the specified group.
- *
- * @return the funnel sub-resource within the specified group
- */
- @Path("funnels")
- @ApiOperation(
- value = "Gets the funnel resource",
- response = FunnelResource.class
- )
- public FunnelResource getFunnelResource() {
- FunnelResource funnelResource = resourceContext.getResource(FunnelResource.class);
- funnelResource.setGroupId(groupId);
- return funnelResource;
- }
-
- /**
- * Locates the remote process group sub-resource within the specified group.
- *
- * @return the remote process group sub-resource within the specified group
- */
- @Path("remote-process-groups")
- @ApiOperation(
- value = "Gets the remote process group resource",
- response = RemoteProcessGroupResource.class
- )
- public RemoteProcessGroupResource getRemoteProcessGroupResource() {
- RemoteProcessGroupResource remoteProcessGroupResource = resourceContext.getResource(RemoteProcessGroupResource.class);
- remoteProcessGroupResource.setGroupId(groupId);
- return remoteProcessGroupResource;
- }
+ private ProcessorResource processorResource;
+ private InputPortResource inputPortResource;
+ private OutputPortResource outputPortResource;
+ private FunnelResource funnelResource;
+ private LabelResource labelResource;
+ private RemoteProcessGroupResource remoteProcessGroupResource;
+ private ConnectionResource connectionResource;
/**
* Populates the remaining fields in the specified process groups.
@@ -213,7 +126,7 @@ public class ProcessGroupResource extends ApplicationResource {
*/
public Set<ProcessGroupDTO> populateRemainingProcessGroupsContent(Set<ProcessGroupDTO> processGroups) {
for (ProcessGroupDTO processGroup : processGroups) {
- populateRemainingProcessGroupContent(processGroup, getProcessGroupReferenceUri(processGroup));
+ populateRemainingProcessGroupContent(processGroup);
}
return processGroups;
}
@@ -222,10 +135,9 @@ public class ProcessGroupResource extends ApplicationResource {
* Populates the remaining fields in the specified process group.
*
* @param processGroup group
- * @param processGroupUri processGroupUri
* @return group dto
*/
- private ProcessGroupDTO populateRemainingProcessGroupContent(ProcessGroupDTO processGroup, String processGroupUri) {
+ private ProcessGroupDTO populateRemainingProcessGroupContent(ProcessGroupDTO processGroup) {
FlowSnippetDTO flowSnippet = processGroup.getContents();
// populate the remaining fields for the processors, connections, process group refs, remote process groups, and labels if appropriate
@@ -234,7 +146,7 @@ public class ProcessGroupResource extends ApplicationResource {
}
// set the process group uri
- processGroup.setUri(processGroupUri);
+ processGroup.setUri(generateResourceUri("process-groups", processGroup.getId()));
return processGroup;
}
@@ -243,13 +155,13 @@ public class ProcessGroupResource extends ApplicationResource {
* Populates the remaining content of the specified snippet.
*/
private FlowSnippetDTO populateRemainingSnippetContent(FlowSnippetDTO snippet) {
- getProcessorResource().populateRemainingProcessorsContent(snippet.getProcessors());
- getConnectionResource().populateRemainingConnectionsContent(snippet.getConnections());
- getInputPortResource().populateRemainingInputPortsContent(snippet.getInputPorts());
- getOutputPortResource().populateRemainingOutputPortsContent(snippet.getOutputPorts());
- getRemoteProcessGroupResource().populateRemainingRemoteProcessGroupsContent(snippet.getRemoteProcessGroups());
- getFunnelResource().populateRemainingFunnelsContent(snippet.getFunnels());
- getLabelResource().populateRemainingLabelsContent(snippet.getLabels());
+ processorResource.populateRemainingProcessorsContent(snippet.getProcessors());
+ connectionResource.populateRemainingConnectionsContent(snippet.getConnections());
+ inputPortResource.populateRemainingInputPortsContent(snippet.getInputPorts());
+ outputPortResource.populateRemainingOutputPortsContent(snippet.getOutputPorts());
+ remoteProcessGroupResource.populateRemainingRemoteProcessGroupsContent(snippet.getRemoteProcessGroups());
+ funnelResource.populateRemainingFunnelsContent(snippet.getFunnels());
+ labelResource.populateRemainingLabelsContent(snippet.getLabels());
// go through each process group child and populate its uri
if (snippet.getProcessGroups() != null) {
@@ -260,108 +172,13 @@ public class ProcessGroupResource extends ApplicationResource {
}
/**
- * Generates a URI for a process group.
- */
- private String getProcessGroupUri(String processGroupId) {
- return generateResourceUri("controller", "process-groups", processGroupId);
- }
-
- /**
- * Generates a URI for a process group reference.
- */
- private String getProcessGroupReferenceUri(ProcessGroupDTO processGroup) {
- return generateResourceUri("controller", "process-groups", processGroup.getParentGroupId(), "process-group-references", processGroup.getId());
- }
-
- /**
- * Retrieves the content of the specified group. This includes all processors, the connections, the process group references, the remote process group references, and the labels.
- *
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param recursive Optional recursive flag that defaults to false. If set to true, all descendent groups and their content will be included if the verbose flag is also set to true.
- * @param verbose Optional verbose flag that defaults to false. If the verbose flag is set to true processor configuration and property details will be included in the response.
- * @return A processGroupEntity.
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
- @ApiOperation(
- value = "Gets a process group",
- notes = "Gets a process group and includes all components contained in this group. The verbose and recursive flags can be used to adjust "
- + "the default behavior. This endpoint is starting point for obtaining the current flow and consequently includes the current "
- + "flow revision.",
- response = ProcessGroupEntity.class,
- authorizations = {
- @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response getProcessGroup(
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @ApiParam(
- value = "Whether the response should contain all encapsulated components or just the immediate children.",
- required = false,
- allowableValues = "true, false"
- )
- @QueryParam("recursive") @DefaultValue(RECURSIVE) Boolean recursive,
- @ApiParam(
- value = "Whether to include any encapulated components or just details about the process group.",
- required = false
- )
- @QueryParam("verbose") @DefaultValue(VERBOSE) Boolean verbose) {
-
- // replicate if cluster manager
- if (properties.isClusterManager()) {
- return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
- }
-
- // only recurse if the request is verbose and recursive
- final boolean recurse = verbose && recursive;
-
- // get this process group contents
- final ConfigurationSnapshot<ProcessGroupDTO> controllerResponse = serviceFacade.getProcessGroup(groupId, recurse);
- final ProcessGroupDTO processGroup = controllerResponse.getConfiguration();
-
- // prune response if necessary
- if (!verbose) {
- processGroup.setContents(null);
- }
-
- // get the updated revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
- revision.setVersion(controllerResponse.getVersion());
-
- // create the response entity
- final ProcessGroupEntity processGroupEntity = new ProcessGroupEntity();
- processGroupEntity.setRevision(revision);
- processGroupEntity.setProcessGroup(populateRemainingProcessGroupContent(processGroup, getProcessGroupUri(processGroup.getId())));
-
- return clusterContext(generateOkResponse(processGroupEntity)).build();
- }
-
- /**
* Copies the specified snippet within this ProcessGroup. The snippet instance that is instantiated cannot be referenced at a later time, therefore there is no
* corresponding URI. Instead the request URI is returned.
*
* Alternatively, we could have performed a PUT request. However, PUT requests are supposed to be idempotent and this endpoint is certainly not.
*
* @param httpServletRequest request
+ * @param groupId The group id
* @param version The revision is used to verify the client is working with the latest version of the flow.
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
* @param snippetId The id of the snippet to copy.
@@ -371,9 +188,9 @@ public class ProcessGroupResource extends ApplicationResource {
*/
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/snippet-instance")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}/snippet-instance")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Copies a snippet",
response = FlowSnippetEntity.class,
@@ -393,6 +210,11 @@ public class ProcessGroupResource extends ApplicationResource {
public Response copySnippet(
@Context HttpServletRequest httpServletRequest,
@ApiParam(
+ value = "The process group id.",
+ required = true
+ )
+ @PathParam("id") String groupId,
+ @ApiParam(
value = "The revision is used to verify the client is working with the latest version of the flow.",
required = false
)
@@ -476,6 +298,7 @@ public class ProcessGroupResource extends ApplicationResource {
* Alternatively, we could have performed a PUT request. However, PUT requests are supposed to be idempotent and this endpoint is certainly not.
*
* @param httpServletRequest request
+ * @param groupId The group id
* @param version The revision is used to verify the client is working with the latest version of the flow.
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
* @param templateId The id of the template to instantiate.
@@ -485,9 +308,9 @@ public class ProcessGroupResource extends ApplicationResource {
*/
@POST
@Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/template-instance")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}/template-instance")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Instantiates a template",
response = FlowSnippetEntity.class,
@@ -507,6 +330,11 @@ public class ProcessGroupResource extends ApplicationResource {
public Response instantiateTemplate(
@Context HttpServletRequest httpServletRequest,
@ApiParam(
+ value = "The process group id.",
+ required = true
+ )
+ @PathParam("id") String groupId,
+ @ApiParam(
value = "The revision is used to verify the client is working with the latest version of the flow.",
required = false
)
@@ -581,66 +409,107 @@ public class ProcessGroupResource extends ApplicationResource {
}
/**
- * Updates the state of all processors in the process group. Supports modifying whether the processors and process groups are running/stopped and instantiating templates.
+ * Retrieves the contents of the specified group.
*
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param running Optional flag that indicates whether all processors in this group should be started/stopped.
+ * @param recursive Optional recursive flag that defaults to false. If set to true, all descendent groups and their content will be included if the verbose flag is also set to true.
+ * @param groupId The id of the process group.
+ * @param verbose Optional verbose flag that defaults to false. If the verbose flag is set to true processor configuration and property details will be included in the response.
* @return A processGroupEntity.
*/
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response updateProcessGroup(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @FormParam("running") Boolean running) {
+ @GET
+ @Consumes(MediaType.WILDCARD)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @ApiOperation(
+ value = "Gets a process group",
+ response = ProcessGroupEntity.class,
+ authorizations = {
+ @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
+ @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
+ @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+ }
+ )
+ @ApiResponses(
+ value = {
+ @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+ @ApiResponse(code = 401, message = "Client could not be authenticated."),
+ @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+ @ApiResponse(code = 404, message = "The specified resource could not be found."),
+ @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+ }
+ )
+ public Response getProcessGroup(
+ @ApiParam(
+ value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
+ required = false
+ )
+ @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
+ @ApiParam(
+ value = "The process group id.",
+ required = false
+ )
+ @PathParam("id") String groupId,
+ @ApiParam(
+ value = "Whether the response should contain all encapsulated components or just the immediate children.",
+ required = false
+ )
+ @QueryParam("recursive") @DefaultValue(RECURSIVE) Boolean recursive,
+ @ApiParam(
+ value = "Whether to include any encapulated components or just details about the process group.",
+ required = false
+ )
+ @QueryParam("verbose") @DefaultValue(VERBOSE) Boolean verbose) {
+
+ // replicate if cluster manager
+ if (properties.isClusterManager()) {
+ return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
+ }
+
+ // only recurse if the request is verbose and recursive
+ final boolean recurse = verbose && recursive;
- // create the process group dto
- final ProcessGroupDTO processGroup = new ProcessGroupDTO();
- processGroup.setId(groupId);
- processGroup.setRunning(running);
+ // get this process group contents
+ final ConfigurationSnapshot<ProcessGroupDTO> controllerResponse = serviceFacade.getProcessGroup(groupId, recurse);
+ final ProcessGroupDTO processGroup = controllerResponse.getConfiguration();
+
+ // prune the response if necessary
+ if (!verbose) {
+ processGroup.setContents(null);
+ }
// create the revision
final RevisionDTO revision = new RevisionDTO();
revision.setClientId(clientId.getClientId());
+ revision.setVersion(controllerResponse.getVersion());
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the entity for the request
- final ProcessGroupEntity entity = new ProcessGroupEntity();
- entity.setRevision(revision);
- entity.setProcessGroup(processGroup);
+ // create the response entity
+ final ProcessGroupEntity processGroupEntity = new ProcessGroupEntity();
+ processGroupEntity.setRevision(revision);
+ processGroupEntity.setProcessGroup(populateRemainingProcessGroupContent(processGroup));
- // update the process group
- return updateProcessGroup(httpServletRequest, entity);
+ return clusterContext(generateOkResponse(processGroupEntity)).build();
}
/**
- * Updates the state of all processors in the process group. Supports modifying whether the processors and process groups are running/stopped and instantiating templates.
+ * Updates the specified process group.
*
* @param httpServletRequest request
- * @param processGroupEntity A processGroupEntity
- * @return A processGroupEntity
+ * @param id The id of the process group.
+ * @param processGroupEntity A processGroupEntity.
+ * @return A processGroupEntity.
*/
@PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to bug in swagger
- @PreAuthorize("hasRole('ROLE_DFM')")
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
value = "Updates a process group",
response = ProcessGroupEntity.class,
authorizations = {
- @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+ @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
}
)
@ApiResponses(
@@ -652,11 +521,15 @@ public class ProcessGroupResource extends ApplicationResource {
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
}
)
- public Response updateProcessGroup(
+ public Response updateProcessGroupReference(
@Context HttpServletRequest httpServletRequest,
@ApiParam(
- value = "The process group to update. The only action that is supported at this endpoint is to set the running flag in order "
- + "to start or stop all descendent schedulable components. This defines the schema of the expected input.",
+ value = "The process group id.",
+ required = true
+ )
+ @PathParam("id") String id,
+ @ApiParam(
+ value = "The process group configuration details.",
required = true
)
ProcessGroupEntity processGroupEntity) {
@@ -670,20 +543,14 @@ public class ProcessGroupResource extends ApplicationResource {
}
// ensure the same id is being used
- ProcessGroupDTO requestProcessGroupDTO = processGroupEntity.getProcessGroup();
- if (!groupId.equals(requestProcessGroupDTO.getId())) {
+ final ProcessGroupDTO requestProcessGroupDTO = processGroupEntity.getProcessGroup();
+ if (!id.equals(requestProcessGroupDTO.getId())) {
throw new IllegalArgumentException(String.format("The process group id (%s) in the request body does "
- + "not equal the process group id of the requested resource (%s).", requestProcessGroupDTO.getId(), groupId));
+ + "not equal the process group id of the requested resource (%s).", requestProcessGroupDTO.getId(), id));
}
- // replicate if cluster manager
if (properties.isClusterManager()) {
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // replicate the request
- return clusterManager.applyRequest(HttpMethod.PUT, getAbsolutePath(), updateClientId(processGroupEntity), getHeaders(headersToOverride)).getResponse();
+ return clusterManager.applyRequest(HttpMethod.PUT, getAbsolutePath(), updateClientId(processGroupEntity), getHeaders()).getResponse();
}
// handle expects request (usually from the cluster manager)
@@ -696,10 +563,10 @@ public class ProcessGroupResource extends ApplicationResource {
// update the process group
final RevisionDTO revision = processGroupEntity.getRevision();
final ConfigurationSnapshot<ProcessGroupDTO> response = serviceFacade.updateProcessGroup(
- new Revision(revision.getVersion(), revision.getClientId()), null, requestProcessGroupDTO);
+ new Revision(revision.getVersion(), revision.getClientId()), requestProcessGroupDTO);
final ProcessGroupDTO processGroup = response.getConfiguration();
- // get the updated revision
+ // create the revision
final RevisionDTO updatedRevision = new RevisionDTO();
updatedRevision.setClientId(revision.getClientId());
updatedRevision.setVersion(response.getVersion());
@@ -707,33 +574,34 @@ public class ProcessGroupResource extends ApplicationResource {
// create the response entity
final ProcessGroupEntity entity = new ProcessGroupEntity();
entity.setRevision(updatedRevision);
- entity.setProcessGroup(populateRemainingProcessGroupContent(processGroup, getProcessGroupUri(processGroup.getId())));
+ entity.setProcessGroup(populateRemainingProcessGroupContent(processGroup));
- // generate the response
- return clusterContext(generateOkResponse(entity)).build();
+ if (response.isNew()) {
+ return clusterContext(generateCreatedResponse(URI.create(processGroup.getUri()), entity)).build();
+ } else {
+ return clusterContext(generateOkResponse(entity)).build();
+ }
}
/**
- * Retrieves the contents of the specified group.
+ * Removes the specified process group reference.
*
+ * @param httpServletRequest request
+ * @param version The revision is used to verify the client is working with the latest version of the flow.
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param recursive Optional recursive flag that defaults to false. If set to true, all descendent groups and their content will be included if the verbose flag is also set to true.
- * @param processGroupReferenceId The id of the process group.
- * @param verbose Optional verbose flag that defaults to false. If the verbose flag is set to true processor configuration and property details will be included in the response.
+ * @param id The id of the process group to be removed.
* @return A processGroupEntity.
*/
- @GET
+ @DELETE
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/process-group-references/{id}")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
- value = "Gets a process group",
+ value = "Deletes a process group",
response = ProcessGroupEntity.class,
authorizations = {
- @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+ @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
}
)
@ApiResponses(
@@ -745,77 +613,81 @@ public class ProcessGroupResource extends ApplicationResource {
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
}
)
- public Response getProcessGroup(
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
+ public Response removeProcessGroupReference(
+ @Context HttpServletRequest httpServletRequest,
@ApiParam(
- value = "The process group id.",
+ value = "The revision is used to verify the client is working with the latest version of the flow.",
required = false
)
- @PathParam("id") String processGroupReferenceId,
+ @QueryParam(VERSION) LongParameter version,
@ApiParam(
- value = "Whether the response should contain all encapsulated components or just the immediate children.",
+ value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
required = false
)
- @QueryParam("recursive") @DefaultValue(RECURSIVE) Boolean recursive,
+ @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
@ApiParam(
- value = "Whether to include any encapulated components or just details about the process group.",
- required = false
+ value = "The process group id.",
+ required = true
)
- @QueryParam("verbose") @DefaultValue(VERBOSE) Boolean verbose) {
+ @PathParam("id") String id) {
// replicate if cluster manager
if (properties.isClusterManager()) {
- return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
+ return clusterManager.applyRequest(HttpMethod.DELETE, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
}
- // only recurse if the request is verbose and recursive
- final boolean recurse = verbose && recursive;
-
- // get this process group contents
- final ConfigurationSnapshot<ProcessGroupDTO> controllerResponse = serviceFacade.getProcessGroup(processGroupReferenceId, recurse);
- final ProcessGroupDTO processGroup = controllerResponse.getConfiguration();
+ // handle expects request (usually from the cluster manager)
+ final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
+ if (expects != null) {
+ serviceFacade.verifyDeleteProcessGroup(id);
+ return generateContinueResponse().build();
+ }
- // prune the response if necessary
- if (!verbose) {
- processGroup.setContents(null);
+ // determine the specified version
+ Long clientVersion = null;
+ if (version != null) {
+ clientVersion = version.getLong();
}
- // create the revision
+ // delete the process group
+ final ConfigurationSnapshot<Void> controllerResponse = serviceFacade.deleteProcessGroup(new Revision(clientVersion, clientId.getClientId()), id);
+
+ // get the updated revision
final RevisionDTO revision = new RevisionDTO();
revision.setClientId(clientId.getClientId());
revision.setVersion(controllerResponse.getVersion());
// create the response entity
- final ProcessGroupEntity processGroupEntity = new ProcessGroupEntity();
- processGroupEntity.setRevision(revision);
- processGroupEntity.setProcessGroup(populateRemainingProcessGroupContent(processGroup, getProcessGroupReferenceUri(processGroup)));
+ final ProcessGroupEntity entity = new ProcessGroupEntity();
+ entity.setRevision(revision);
- return clusterContext(generateOkResponse(processGroupEntity)).build();
+ // create the response
+ return clusterContext(generateOkResponse(entity)).build();
}
/**
- * Retrieves the content of the specified group reference.
+ * Retrieves the status report for this NiFi.
*
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param verbose Optional verbose flag that defaults to false. If the verbose flag is set to true processor configuration and property details will be included in the response.
- * @return A controllerEntity.
+ * @param recursive Optional recursive flag that defaults to false. If set to true, all descendant groups and the status of their content will be included.
+ * @param groupId The group id
+ * @return A processGroupStatusEntity.
*/
@GET
@Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/process-group-references")
- @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}/status")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN', 'ROLE_NIFI')")
@ApiOperation(
- value = "Gets all process groups",
- response = ProcessGroupsEntity.class,
+ value = "Gets the status for a process group",
+ notes = "The status for a process group includes status for all descendent components. When invoked on the root group with "
+ + "recursive set to true, it will return the current status of every component in the flow.",
+ response = ProcessGroupStatusEntity.class,
authorizations = {
@Authorization(value = "Read Only", type = "ROLE_MONITOR"),
@Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+ @Authorization(value = "Administrator", type = "ROLE_ADMIN"),
+ @Authorization(value = "NiFi", type = "ROLE_NIFI")
}
)
@ApiResponses(
@@ -827,30 +699,75 @@ public class ProcessGroupResource extends ApplicationResource {
@ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
}
)
- public Response getProcessGroupReferences(
+ public Response getProcessGroupStatus(
@ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
+ value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
+ required = false
)
@QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
@ApiParam(
- value = "Whether to include any encapulated components or just details about the process group.",
- required = false
+ value = "Whether all descendant groups and the status of their content will be included. Optional, defaults to false",
+ required = false
)
- @QueryParam("verbose") @DefaultValue(VERBOSE) Boolean verbose) {
+ @QueryParam("recursive") @DefaultValue(RECURSIVE) Boolean recursive,
+ @ApiParam(
+ value = "Whether or not to include the breakdown per node. Optional, defaults to false",
+ required = false
+ )
+ @QueryParam("nodewise") @DefaultValue(NODEWISE) Boolean nodewise,
+ @ApiParam(
+ value = "The id of the node where to get the status.",
+ required = false
+ )
+ @QueryParam("clusterNodeId") String clusterNodeId,
+ @ApiParam(
+ value = "The process group id.",
+ required = true
+ )
+ @PathParam("id") String groupId) {
+
+ // ensure a valid request
+ if (Boolean.TRUE.equals(nodewise) && clusterNodeId != null) {
+ throw new IllegalArgumentException("Nodewise requests cannot be directed at a specific node.");
+ }
- // replicate if cluster manager
if (properties.isClusterManager()) {
- return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
+ // determine where this request should be sent
+ if (clusterNodeId == null) {
+ final NodeResponse nodeResponse = clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders());
+ final ProcessGroupStatusEntity entity = (ProcessGroupStatusEntity) nodeResponse.getUpdatedEntity();
+
+ // ensure there is an updated entity (result of merging) and prune the response as necessary
+ if (entity != null && !nodewise) {
+ entity.getProcessGroupStatus().setNodeSnapshots(null);
+ }
+
+ return nodeResponse.getResponse();
+ } else {
+ // get the target node and ensure it exists
+ final Node targetNode = clusterManager.getNode(clusterNodeId);
+ if (targetNode == null) {
+ throw new UnknownNodeException("The specified cluster node does not exist.");
+ }
+
+ final Set<NodeIdentifier> targetNodes = new HashSet<>();
+ targetNodes.add(targetNode.getNodeId());
+
+ // replicate the request to the specific node
+ return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders(), targetNodes).getResponse();
+ }
}
- // get this process group contents
- final Set<ProcessGroupDTO> processGroups = serviceFacade.getProcessGroups(groupId);
+ // get the status
+ final ProcessGroupStatusDTO statusReport = serviceFacade.getProcessGroupStatus(groupId);
- // prune the response if necessary
- if (!verbose) {
- for (ProcessGroupDTO processGroup : processGroups) {
- processGroup.setContents(null);
+ // prune the response as necessary
+ if (!recursive) {
+ pruneChildGroups(statusReport.getAggregateSnapshot());
+ if (statusReport.getNodeSnapshots() != null) {
+ for (final NodeProcessGroupStatusSnapshotDTO nodeSnapshot : statusReport.getNodeSnapshots()) {
+ pruneChildGroups(nodeSnapshot.getStatusSnapshot());
+ }
}
}
@@ -859,96 +776,124 @@ public class ProcessGroupResource extends ApplicationResource {
revision.setClientId(clientId.getClientId());
// create the response entity
- final ProcessGroupsEntity processGroupsEntity = new ProcessGroupsEntity();
- processGroupsEntity.setRevision(revision);
- processGroupsEntity.setProcessGroups(populateRemainingProcessGroupsContent(processGroups));
+ final ProcessGroupStatusEntity entity = new ProcessGroupStatusEntity();
+ entity.setRevision(revision);
+ entity.setProcessGroupStatus(statusReport);
+
+ // generate the response
+ return clusterContext(generateOkResponse(entity)).build();
+ }
- return clusterContext(generateOkResponse(processGroupsEntity)).build();
+ private void pruneChildGroups(final ProcessGroupStatusSnapshotDTO snapshot) {
+ for (final ProcessGroupStatusSnapshotDTO childProcessGroupStatus : snapshot.getProcessGroupStatusSnapshots()) {
+ childProcessGroupStatus.setConnectionStatusSnapshots(null);
+ childProcessGroupStatus.setProcessGroupStatusSnapshots(null);
+ childProcessGroupStatus.setInputPortStatusSnapshots(null);
+ childProcessGroupStatus.setOutputPortStatusSnapshots(null);
+ childProcessGroupStatus.setProcessorStatusSnapshots(null);
+ childProcessGroupStatus.setRemoteProcessGroupStatusSnapshots(null);
+ }
}
/**
- * Adds the specified process group.
+ * Retrieves the specified remote process groups status history.
*
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param name The name of the process group
- * @param x The x coordinate for this funnels position.
- * @param y The y coordinate for this funnels position.
- * @return A processGroupEntity
+ * @param groupId The group id
+ * @return A processorEntity.
*/
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/process-group-references")
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response createProcessGroupReference(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @FormParam("name") String name, @FormParam("x") DoubleParameter x, @FormParam("y") DoubleParameter y) {
+ @GET
+ @Consumes(MediaType.WILDCARD)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}/status/history")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @ApiOperation(
+ value = "Gets status history for a remote process group",
+ response = StatusHistoryEntity.class,
+ authorizations = {
+ @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
+ @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
+ @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+ }
+ )
+ @ApiResponses(
+ value = {
+ @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+ @ApiResponse(code = 401, message = "Client could not be authenticated."),
+ @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+ @ApiResponse(code = 404, message = "The specified resource could not be found."),
+ @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+ }
+ )
+ public Response getProcessGroupStatusHistory(
+ @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
+ @ApiParam(
+ value = "The process group id.",
+ required = true
+ )
+ @PathParam("id") String groupId) {
- // ensure the position has been specified
- if (x == null || y == null) {
- throw new IllegalArgumentException("The position (x, y) must be specified");
+ // replicate if cluster manager
+ if (properties.isClusterManager()) {
+ return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
}
- // create the process group dto
- final ProcessGroupDTO processGroup = new ProcessGroupDTO();
- processGroup.setName(name);
- processGroup.setPosition(new PositionDTO(x.getDouble(), y.getDouble()));
+ // get the specified processor status history
+ final StatusHistoryDTO processGroupStatusHistory = serviceFacade.getProcessGroupStatusHistory(groupId);
// create the revision
final RevisionDTO revision = new RevisionDTO();
revision.setClientId(clientId.getClientId());
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the entity for the request
- final ProcessGroupEntity entity = new ProcessGroupEntity();
+ // generate the response entity
+ final StatusHistoryEntity entity = new StatusHistoryEntity();
entity.setRevision(revision);
- entity.setProcessGroup(processGroup);
+ entity.setStatusHistory(processGroupStatusHistory);
- // create the process group
- return createProcessGroupReference(httpServletRequest, entity);
+ // generate the response
+ return clusterContext(generateOkResponse(entity)).build();
}
/**
* Adds the specified process group.
*
* @param httpServletRequest request
+ * @param groupId The group id
* @param processGroupEntity A processGroupEntity
* @return A processGroupEntity
*/
@POST
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/process-group-references")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}/process-groups")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
- value = "Creates a process group",
- response = ProcessGroupEntity.class,
- authorizations = {
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
- }
+ value = "Creates a process group",
+ response = ProcessGroupEntity.class,
+ authorizations = {
+ @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
+ }
)
@ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
+ value = {
+ @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+ @ApiResponse(code = 401, message = "Client could not be authenticated."),
+ @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+ @ApiResponse(code = 404, message = "The specified resource could not be found."),
+ @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+ }
)
- public Response createProcessGroupReference(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The process group configuration details.",
- required = true
- )
+ public Response createProcessGroup(
+ @Context HttpServletRequest httpServletRequest,
+ @ApiParam(
+ value = "The process group id.",
+ required = false
+ )
+ @PathParam("id") String groupId,
+ @ApiParam(
+ value = "The process group configuration details.",
+ required = true
+ )
ProcessGroupEntity processGroupEntity) {
if (processGroupEntity == null || processGroupEntity.getProcessGroup() == null) {
@@ -963,29 +908,8 @@ public class ProcessGroupResource extends ApplicationResource {
throw new IllegalArgumentException("Process group ID cannot be specified.");
}
- // if cluster manager, convert POST to PUT (to maintain same ID across nodes) and replicate
if (properties.isClusterManager()) {
-
- // create ID for resource
- final String id = UUID.randomUUID().toString();
-
- // set ID for resource
- processGroupEntity.getProcessGroup().setId(id);
-
- // convert POST request to PUT request to force entity ID to be the same across nodes
- URI putUri = null;
- try {
- putUri = new URI(getAbsolutePath().toString() + "/" + id);
- } catch (final URISyntaxException e) {
- throw new WebApplicationException(e);
- }
-
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // replicate put request
- return clusterManager.applyRequest(HttpMethod.PUT, putUri, updateClientId(processGroupEntity), getHeaders(headersToOverride)).getResponse();
+ return clusterManager.applyRequest(HttpMethod.POST, getAbsolutePath(), updateClientId(processGroupEntity), getHeaders()).getResponse();
}
// handle expects request (usually from the cluster manager)
@@ -994,10 +918,18 @@ public class ProcessGroupResource extends ApplicationResource {
return generateContinueResponse().build();
}
+ // set the processor id as appropriate
+ final ClusterContext clusterContext = ClusterContextThreadLocal.getContext();
+ if (clusterContext != null) {
+ processGroupEntity.getProcessGroup().setId(UUID.nameUUIDFromBytes(clusterContext.getIdGenerationSeed().getBytes(StandardCharsets.UTF_8)).toString());
+ } else {
+ processGroupEntity.getProcessGroup().setId(UUID.randomUUID().toString());
+ }
+
// create the process group contents
final RevisionDTO revision = processGroupEntity.getRevision();
final ConfigurationSnapshot<ProcessGroupDTO> controllerResponse = serviceFacade.createProcessGroup(groupId,
- new Revision(revision.getVersion(), revision.getClientId()), processGroupEntity.getProcessGroup());
+ new Revision(revision.getVersion(), revision.getClientId()), processGroupEntity.getProcessGroup());
final ProcessGroupDTO processGroup = controllerResponse.getConfiguration();
// get the updated revision
@@ -1008,7 +940,7 @@ public class ProcessGroupResource extends ApplicationResource {
// create the response entity
final ProcessGroupEntity entity = new ProcessGroupEntity();
entity.setRevision(updatedRevision);
- entity.setProcessGroup(populateRemainingProcessGroupContent(processGroup, getProcessGroupReferenceUri(processGroup)));
+ entity.setProcessGroup(populateRemainingProcessGroupContent(processGroup));
// generate a 201 created response
String uri = processGroup.getUri();
@@ -1016,414 +948,1210 @@ public class ProcessGroupResource extends ApplicationResource {
}
/**
- * Updates the specified process group.
+ * Retrieves all the processors in this NiFi.
*
- * @param httpServletRequest request
- * @param version The revision is used to verify the client is working with the latest version of the flow.
* @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param id The id of the process group
- * @param name The name of the process group.
- * @param comments The comments for the process group.
- * @param running Optional flag that indicates whether all processors should be started/stopped.
- * @param x The x coordinate for this funnels position.
- * @param y The y coordinate for this funnels position.
- * @return A processGroupEntity.
+ * @return A processorsEntity.
*/
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/process-group-references/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
- public Response updateProcessGroupReference(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(VERSION) LongParameter version,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("id") String id,
- @FormParam("name") String name,
- @FormParam("comments") String comments,
- @FormParam("running") Boolean running,
- @FormParam("x") DoubleParameter x,
- @FormParam("y") DoubleParameter y) {
-
- // create the process group dto
- final ProcessGroupDTO processGroup = new ProcessGroupDTO();
- processGroup.setId(id);
- processGroup.setName(name);
- processGroup.setComments(comments);
- processGroup.setRunning(running);
+ @GET
+ @Consumes(MediaType.WILDCARD)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}/process-groups")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @ApiOperation(
+ value = "Gets all process groups",
+ response = ProcessorsEntity.class,
+ authorizations = {
+ @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
+ @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
+ @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+ }
+ )
+ @ApiResponses(
+ value = {
+ @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+ @ApiResponse(code = 401, message = "Client could not be authenticated."),
+ @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+ @ApiResponse(code = 404, message = "The specified resource could not be found."),
+ @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+ }
+ )
+ public Response getProcessGroups(
+ @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
+ @ApiParam(
+ value = "The process group id.",
+ required = true
+ )
+ @PathParam("id") String groupId) {
- // require both coordinates to be specified
- if (x != null && y != null) {
- processGroup.setPosition(new PositionDTO(x.getDouble(), y.getDouble()));
+ // replicate if cluster manager
+ if (properties.isClusterManager()) {
+ return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
}
+ // get the process groups
+ final Set<ProcessGroupDTO> processGroupDTOs = serviceFacade.getProcessGroups(groupId);
+
// create the revision
final RevisionDTO revision = new RevisionDTO();
revision.setClientId(clientId.getClientId());
- if (version != null) {
- revision.setVersion(version.getLong());
- }
-
- // create the entity for the request
- final ProcessGroupEntity entity = new ProcessGroupEntity();
+ // create the response entity
+ final ProcessGroupsEntity entity = new ProcessGroupsEntity();
entity.setRevision(revision);
- entity.setProcessGroup(processGroup);
+ entity.setProcessGroups(populateRemainingProcessGroupsContent(processGroupDTOs));
- // update the process group
- return updateProcessGroupReference(httpServletRequest, id, entity);
+ // generate the response
+ return clusterContext(generateOkResponse(entity)).build();
}
/**
- * Updates the specified process group.
+ * Creates a new processor.
*
* @param httpServletRequest request
- * @param id The id of the process group.
- * @param processGroupEntity A processGroupEntity.
- * @return A processGroupEntity.
+ * @param groupId The group id
+ * @param processorEntity A processorEntity.
+ * @return A processorEntity.
*/
- @PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/process-group-references/{id}")
- @PreAuthorize("hasRole('ROLE_DFM')")
+ @POST
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}/processors")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
@ApiOperation(
- value = "Updates a process group",
- response = ProcessGroupEntity.class,
- authorizations = {
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
- }
+ value = "Creates a new processor",
+ response = ProcessorEntity.class,
+ authorizations = {
+ @Authorization(value = "ROLE_DFM", type = "ROLE_DFM")
+ }
)
@ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
+ value = {
+ @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+ @ApiResponse(code = 401, message = "Client could not be authenticated."),
+ @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+ @ApiResponse(code = 404, message = "The specified resource could not be found."),
+ @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+ }
)
- public Response updateProcessGroupReference(
+ public Response createProcessor(
@Context HttpServletRequest httpServletRequest,
@ApiParam(
- value = "The process group id.",
- required = true
+ value = "The process group id.",
+ required = true
)
- @PathParam("id") String id,
+ @PathParam("id") String groupId,
@ApiParam(
- value = "The process group configuration details.",
- required = true
+ value = "The processor configuration details.",
+ required = true
)
- ProcessGroupEntity processGroupEntity) {
+ ProcessorEntity processorEntity) {
- if (processGroupEntity == null || processGroupEntity.getProcessGroup() == null) {
- throw new IllegalArgumentException("Process group details must be specified.");
+ if (processorEntity == null || processorEntity.getProcessor() == null) {
+ throw new IllegalArgumentException("Processor details must be specified.");
}
- if (processGroupEntity.getRevision() == null) {
+ if (processorEntity.getRevision() == null) {
throw new IllegalArgumentException("Revision must be specified.");
}
- // ensure the same id is being used
- final ProcessGroupDTO requestProcessGroupDTO = processGroupEntity.getProcessGroup();
- if (!id.equals(requestProcessGroupDTO.getId())) {
- throw new IllegalArgumentException(String.format("The process group id (%s) in the request body does "
- + "not equal the process group id of the requested resource (%s).", requestProcessGroupDTO.getId(), id));
+ if (processorEntity.getProcessor().getId() != null) {
+ throw new IllegalArgumentException("Processor ID cannot be specified.");
+ }
+
+ if (StringUtils.isBlank(processorEntity.getProcessor().getType())) {
+ throw new IllegalArgumentException("The type of processor to create must be specified.");
+ }
+
+ if (properties.isClusterManager()) {
+ return clusterManager.applyRequest(HttpMethod.POST, getAbsolutePath(), updateClientId(processorEntity), getHeaders()).getResponse();
+ }
+
+ // handle expects request (usually from the cluster manager)
+ final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
+ if (expects != null) {
+ return generateContinueResponse().build();
+ }
+
+ // set the processor id as appropriate
+ final ClusterContext clusterContext = ClusterContextThreadLocal.getContext();
+ if (clusterContext != null) {
+ processorEntity.getProcessor().setId(UUID.nameUUIDFromBytes(clusterContext.getIdGenerationSeed().getBytes(StandardCharsets.UTF_8)).toString());
+ } else {
+ processorEntity.getProcessor().setId(UUID.randomUUID().toString());
+ }
+
+ // create the new processor
+ final RevisionDTO revision = processorEntity.getRevision();
+ final ConfigurationSnapshot<ProcessorDTO> controllerResponse = serviceFacade.createProcessor(
+ new Revision(revision.getVersion(), revision.getClientId()), groupId, processorEntity.getProcessor());
+ final ProcessorDTO processor = controllerResponse.getConfiguration();
+ processorResource.populateRemainingProcessorContent(processor);
+
+ // get the updated revision
+ final RevisionDTO updatedRevision = new RevisionDTO();
+ updatedRevision.setClientId(revision.getClientId());
+ updatedRevision.setVersion(controllerResponse.getVersion());
+
+ // generate the response entity
+ final ProcessorEntity entity = new ProcessorEntity();
+ entity.setRevision(updatedRevision);
+ entity.setProcessor(processor);
+
+ // generate a 201 created response
+ String uri = processor.getUri();
+ return clusterContext(generateCreatedResponse(URI.create(uri), entity)).build();
+ }
+
+ /**
+ * Retrieves all the processors in this NiFi.
+ *
+ * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
+ * @return A processorsEntity.
+ */
+ @GET
+ @Consumes(MediaType.WILDCARD)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}/processors")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @ApiOperation(
+ value = "Gets all processors",
+ response = ProcessorsEntity.class,
+ authorizations = {
+ @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
+ @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
+ @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+ }
+ )
+ @ApiResponses(
+ value = {
+ @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+ @ApiResponse(code = 401, message = "Client could not be authenticated."),
+ @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+ @ApiResponse(code = 404, message = "The specified resource could not be found."),
+ @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+ }
+ )
+ public Response getProcessors(
+ @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
+ @ApiParam(
+ value = "The process group id.",
+ required = true
+ )
+ @PathParam("id") String groupId) {
+
+ // replicate if cluster manager
+ if (properties.isClusterManager()) {
+ return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
+ }
+
+ // get the processors
+ final Set<ProcessorDTO> processorDTOs = serviceFacade.getProcessors(groupId);
+
+ // create the revision
+ final RevisionDTO revision = new RevisionDTO();
+ revision.setClientId(clientId.getClientId());
+
+ // create the response entity
+ final ProcessorsEntity entity = new ProcessorsEntity();
+ entity.setRevision(revision);
+ entity.setProcessors(processorResource.populateRemainingProcessorsContent(processorDTOs));
+
+ // generate the response
+ return clusterContext(generateOkResponse(entity)).build();
+ }
+
+ /**
+ * Creates a new input port.
+ *
+ * @param httpServletRequest request
+ * @param groupId The group id
+ * @param portEntity A inputPortEntity.
+ * @return A inputPortEntity.
+ */
+ @POST
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}/input-ports")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
+ @ApiOperation(
+ value = "Creates an input port",
+ response = InputPortEntity.class,
+ authorizations = {
+ @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
+ }
+ )
+ @ApiResponses(
+ value = {
+ @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+ @ApiResponse(code = 401, message = "Client could not be authenticated."),
+ @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+ @ApiResponse(code = 404, message = "The specified resource could not be found."),
+ @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+ }
+ )
+ public Response createInputPort(
+ @Context HttpServletRequest httpServletRequest,
+ @ApiParam(
+ value = "The process group id.",
+ required = true
+ )
+ @PathParam("id") String groupId,
+ @ApiParam(
+ value = "The input port configuration details.",
+ required = true
+ ) InputPortEntity portEntity) {
+
+ if (portEntity == null || portEntity.getInputPort() == null) {
+ throw new IllegalArgumentException("Port details must be specified.");
+ }
+
+ if (portEntity.getRevision() == null) {
+ throw new IllegalArgumentException("Revision must be specified.");
+ }
+
+ if (portEntity.getInputPort().getId() != null) {
+ throw new IllegalArgumentException("Input port ID cannot be specified.");
+ }
+
+ if (properties.isClusterManager()) {
+ return clusterManager.applyRequest(HttpMethod.POST, getAbsolutePath(), updateClientId(portEntity), getHeaders()).getResponse();
+ }
+
+ // handle expects request (usually from the cluster manager)
+ final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
+ if (expects != null) {
+ return generateContinueResponse().build();
+ }
+
+ // set the processor id as appropriate
+ final ClusterContext clusterContext = ClusterContextThreadLocal.getContext();
+ if (clusterContext != null) {
+ portEntity.getInputPort().setId(UUID.nameUUIDFromBytes(clusterContext.getIdGenerationSeed().getBytes(StandardCharsets.UTF_8)).toString());
+ } else {
+ portEntity.getInputPort().setId(UUID.randomUUID().toString());
+ }
+
+ // create the input port and generate the json
+ final RevisionDTO revision = portEntity.getRevision();
+ final ConfigurationSnapshot<PortDTO> controllerResponse = serviceFacade.createInputPort(
+ new Revision(revision.getVersion(), revision.getClientId()), groupId, portEntity.getInputPort());
+ final PortDTO port = controllerResponse.getConfiguration();
+ inputPortResource.populateRemainingInputPortContent(port);
+
+ // get the updated revision
+ final RevisionDTO updatedRevision = new RevisionDTO();
+ updatedRevision.setClientId(revision.getClientId());
+ updatedRevision.setVersion(controllerResponse.getVersion());
+
+ // build the response entity
+ final InputPortEntity entity = new InputPortEntity();
+ entity.setRevision(updatedRevision);
+ entity.setInputPort(port);
+
+ // build the response
+ return clusterContext(generateCreatedResponse(URI.create(port.getUri()), entity)).build();
+ }
+
+ /**
+ * Retrieves all the of input ports in this NiFi.
+ *
+ * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
+ * @return A inputPortsEntity.
+ */
+ @GET
+ @Consumes(MediaType.WILDCARD)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}/input-ports")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @ApiOperation(
+ value = "Gets all input ports",
+ response = InputPortsEntity.class,
+ authorizations = {
+ @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
+ @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
+ @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+ }
+ )
+ @ApiResponses(
+ value = {
+ @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+ @ApiResponse(code = 401, message = "Client could not be authenticated."),
+ @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+ @ApiResponse(code = 404, message = "The specified resource could not be found."),
+ @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+ }
+ )
+ public Response getInputPorts(
+ @ApiParam(
+ value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
+ required = false
+ )
+ @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
+ @ApiParam(
+ value = "The process group id.",
+ required = true
+ )
+ @PathParam("id") String groupId) {
+
+ // replicate if cluster manager
+ if (properties.isClusterManager()) {
+ return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
+ }
+
+ // get all the input ports
+ final Set<PortDTO> inputPorts = inputPortResource.populateRemainingInputPortsContent(serviceFacade.getInputPorts(groupId));
+
+ // create the revision
+ final RevisionDTO revision = new RevisionDTO();
+ revision.setClientId(clientId.getClientId());
+
+ // create the response entity
+ final InputPortsEntity entity = new InputPortsEntity();
+ entity.setRevision(revision);
+ entity.setInputPorts(inputPorts);
+
+ // generate the response
+ return clusterContext(generateOkResponse(entity)).build();
+ }
+
+ /**
+ * Creates a new output port.
+ *
+ * @param httpServletRequest request
+ * @param groupId The group id
+ * @param portEntity A outputPortEntity.
+ * @return A outputPortEntity.
+ */
+ @POST
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}/output-ports")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
+ @ApiOperation(
+ value = "Creates an output port",
+ response = OutputPortEntity.class,
+ authorizations = {
+ @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
+ }
+ )
+ @ApiResponses(
+ value = {
+ @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+ @ApiResponse(code = 401, message = "Client could not be authenticated."),
+ @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+ @ApiResponse(code = 404, message = "The specified resource could not be found."),
+ @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+ }
+ )
+ public Response createOutputPort(
+ @Context HttpServletRequest httpServletRequest,
+ @ApiParam(
+ value = "The process group id.",
+ required = true
+ )
+ @PathParam("id") String groupId,
+ @ApiParam(
+ value = "The output port configuration.",
+ required = true
+ ) OutputPortEntity portEntity) {
+
+ if (portEntity == null || portEntity.getOutputPort() == null) {
+ throw new IllegalArgumentException("Port details must be specified.");
+ }
+
+ if (portEntity.getRevision() == null) {
+ throw new IllegalArgumentException("Revision must be specified.");
+ }
+
+ if (portEntity.getOutputPort().getId() != null) {
+ throw new IllegalArgumentException("Output port ID cannot be specified.");
+ }
+
+ if (properties.isClusterManager()) {
+ return clusterManager.applyRequest(HttpMethod.POST, getAbsolutePath(), updateClientId(portEntity), getHeaders()).getResponse();
+ }
+
+ // handle expects request (usually from the cluster manager)
+ final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
+ if (expects != null) {
+ return generateContinueResponse().build();
+ }
+
+ // set the processor id as appropriate
+ final ClusterContext clusterContext = ClusterContextThreadLocal.getContext();
+ if (clusterContext != null) {
+ portEntity.getOutputPort().setId(UUID.nameUUIDFromBytes(clusterContext.getIdGenerationSeed().getBytes(StandardCharsets.UTF_8)).toString());
+ } else {
+ portEntity.getOutputPort().setId(UUID.randomUUID().toString());
+ }
+
+ // create the output port and generate the json
+ final RevisionDTO revision = portEntity.getRevision();
+ final ConfigurationSnapshot<PortDTO> controllerResponse = serviceFacade.createOutputPort(
+ new Revision(revision.getVersion(), revision.getClientId()), groupId, portEntity.getOutputPort());
+ final PortDTO port = controllerResponse.getConfiguration();
+ outputPortResource.populateRemainingOutputPortContent(port);
+
+ // get the updated revision
+ final RevisionDTO updatedRevision = new RevisionDTO();
+ updatedRevision.setClientId(revision.getClientId());
+ updatedRevision.setVersion(controllerResponse.getVersion());
+
+ // build the response entity
+ final OutputPortEntity entity = new OutputPortEntity();
+ entity.setRevision(updatedRevision);
+ entity.setOutputPort(port);
+
+ // build the response
+ return clusterContext(generateCreatedResponse(URI.create(port.getUri()), entity)).build();
+ }
+
+ /**
+ * Retrieves all the of output ports in this NiFi.
+ *
+ * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
+ * @return A outputPortsEntity.
+ */
+ @GET
+ @Consumes(MediaType.WILDCARD)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}/output-ports")
+ // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
+ @ApiOperation(
+ value = "Gets all output ports",
+ response = OutputPortsEntity.class,
+ authorizations = {
+ @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
+ @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
+ @Authorization(value = "Administrator", type = "ROLE_ADMIN")
+ }
+ )
+ @ApiResponses(
+ value = {
+ @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+ @ApiResponse(code = 401, message = "Client could not be authenticated."),
+ @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
+ @ApiResponse(code = 404, message = "The specified resource could not be found."),
+ @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
+ }
+ )
+ public Response getOutputPorts(
+ @ApiParam(
+ value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
+ required = false
+ )
+ @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
+ @ApiParam(
+ value = "The process group id.",
+ required = true
+ )
+ @PathParam("id") String groupId) {
+
+ // replicate if cluster manager
+ if (properties.isClusterManager()) {
+ return clusterManager.applyRequest(HttpMethod.GET, getAbsolutePath(), getRequestParameters(true), getHeaders()).getResponse();
+ }
+
+ // get all the output ports
+ final Set<PortDTO> outputPorts = outputPortResource.populateRemainingOutputPortsContent(serviceFacade.getOutputPorts(groupId));
+
+ // create the revision
+ final RevisionDTO revision = new RevisionDTO();
+ revision.setClientId(clientId.getClientId());
+
+ // create the response entity
+ final OutputPortsEntity entity = new OutputPortsEntity();
+ entity.setRevision(revision);
+ entity.setOutputPorts(outputPorts);
+
+ // generate the response
+ return clusterContext(generateOkResponse(entity)).build();
+ }
+
+ /**
+ * Creates a new Funnel.
+ *
+ * @param httpServletRequest request
+ * @param groupId The group id
+ * @param funnelEntity A funnelEntity.
+ * @return A funnelEntity.
+ */
+ @POST
+ @Consumes(MediaType.APPLICATION_JSON)
+ @Produces(MediaType.APPLICATION_JSON)
+ @Path("{id}/funnels")
+ // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
+ @ApiOperation(
+ value = "Creates a funnel",
+ response = FunnelEntity.class,
+ authorizations = {
+ @Authorization(value = "Data Flow Manager", type = "ROLE_DFM")
+ }
+ )
+ @ApiResponses(
+ value = {
+ @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
+ @ApiResponse(code = 401, message = "Client could not be authenticated."),
+ @ApiResponse(code = 403, message =
<TRUNCATED>
[17/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
Posted by ma...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/ClusterManagerAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/ClusterManagerAuthorizationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/ClusterManagerAuthorizationProvider.java
deleted file mode 100644
index 2b3b38c..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/ClusterManagerAuthorizationProvider.java
+++ /dev/null
@@ -1,225 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization;
-
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.net.Socket;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.AuthorityProviderConfigurationContext;
-import org.apache.nifi.authorization.AuthorityProviderInitializationContext;
-import org.apache.nifi.authorization.FileAuthorizationProvider;
-import org.apache.nifi.authorization.annotation.AuthorityProviderContext;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
-import org.apache.nifi.cluster.authorization.protocol.message.DoesDnExistMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.GetAuthoritiesMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.GetGroupForUserMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.ProtocolMessage;
-import static org.apache.nifi.cluster.authorization.protocol.message.ProtocolMessage.MessageType.DOES_DN_EXIST;
-import static org.apache.nifi.cluster.authorization.protocol.message.ProtocolMessage.MessageType.GET_AUTHORITIES;
-import static org.apache.nifi.cluster.authorization.protocol.message.ProtocolMessage.MessageType.GET_GROUP_FOR_USER;
-import org.apache.nifi.cluster.authorization.protocol.message.jaxb.JaxbProtocolUtils;
-import org.apache.nifi.cluster.manager.impl.WebClusterManager;
-import org.apache.nifi.cluster.protocol.ProtocolContext;
-import org.apache.nifi.cluster.protocol.ProtocolMessageMarshaller;
-import org.apache.nifi.cluster.protocol.ProtocolMessageUnmarshaller;
-import org.apache.nifi.cluster.protocol.jaxb.JaxbProtocolContext;
-import org.apache.nifi.io.socket.ServerSocketConfiguration;
-import org.apache.nifi.io.socket.SocketListener;
-import org.apache.nifi.io.socket.SocketUtils;
-import org.apache.nifi.io.socket.multicast.DiscoverableService;
-import org.apache.nifi.io.socket.multicast.DiscoverableServiceImpl;
-import org.apache.nifi.logging.NiFiLog;
-import org.apache.nifi.util.NiFiProperties;
-import static org.apache.nifi.util.NiFiProperties.CLUSTER_MANAGER_ADDRESS;
-import org.apache.nifi.util.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.BeansException;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
-
-/**
- * Provides authorities for the NCM in clustered environments. Communication
- * occurs over TCP/IP sockets. All method calls are deferred to the
- * FileAuthorizationProvider.
- */
-public class ClusterManagerAuthorizationProvider extends FileAuthorizationProvider implements AuthorityProvider, ApplicationContextAware {
-
- public static final String AUTHORITY_PROVIDER_SERVIVE_NAME = "cluster-authority-provider";
-
- private static final Logger logger = new NiFiLog(LoggerFactory.getLogger(ClusterManagerAuthorizationProvider.class));
- private static final String CLUSTER_MANAGER_AUTHORITY_PROVIDER_PORT = "Authority Provider Port";
- private static final String CLUSTER_MANAGER_AUTHORITY_PROVIDER_THREADS = "Authority Provider Threads";
- private static final int DEFAULT_CLUSTER_MANAGER_AUTHORITY_PROVIDER_THREADS = 10;
-
- private WebClusterManager clusterManager;
- private ProtocolContext<ProtocolMessage> authorityProviderProtocolContext;
- private SocketListener socketListener;
- private NiFiProperties properties;
- private ApplicationContext applicationContext;
-
- @Override
- public void initialize(final AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException {
- super.initialize(initializationContext);
- }
-
- @Override
- public void onConfigured(final AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException {
- super.onConfigured(configurationContext);
-
- // get the socket address of the cluster authority provider
- final InetSocketAddress clusterAuthorityProviderAddress = getClusterManagerAuthorityProviderAddress(configurationContext);
-
- // get the cluster manager
- clusterManager = applicationContext.getBean("clusterManager", WebClusterManager.class);
-
- // if using multicast, then the authority provider's service is broadcasted
- if (properties.getClusterProtocolUseMulticast()) {
-
- // create the authority provider service for discovery
- final DiscoverableService clusterAuthorityProviderService = new DiscoverableServiceImpl(AUTHORITY_PROVIDER_SERVIVE_NAME, clusterAuthorityProviderAddress);
-
- // register the authority provider service with the cluster manager
- clusterManager.addBroadcastedService(clusterAuthorityProviderService);
- }
-
- // get the number of protocol listening thread
- final int numThreads = getClusterManagerAuthorityProviderThreads(configurationContext);
-
- // the server socket configuration
- final ServerSocketConfiguration configuration = applicationContext.getBean("protocolServerSocketConfiguration", ServerSocketConfiguration.class);
-
- // the authority provider listens for node messages
- socketListener = new SocketListener(numThreads, clusterAuthorityProviderAddress.getPort(), configuration) {
- @Override
- public void dispatchRequest(final Socket socket) {
- ClusterManagerAuthorizationProvider.this.dispatchRequest(socket);
- }
- };
-
- // start the socket listener
- if (socketListener != null && !socketListener.isRunning()) {
- try {
- socketListener.start();
- } catch (final IOException ioe) {
- throw new ProviderCreationException("Failed to start Cluster Manager Authorization Provider due to: " + ioe, ioe);
- }
- }
-
- // initialize the protocol context
- authorityProviderProtocolContext = new JaxbProtocolContext<ProtocolMessage>(JaxbProtocolUtils.JAXB_CONTEXT);
- }
-
- @Override
- public void preDestruction() throws ProviderDestructionException {
- if (socketListener != null && socketListener.isRunning()) {
- try {
- socketListener.stop();
- } catch (final IOException ioe) {
- throw new ProviderDestructionException("Failed to stop Cluster Manager Authorization Provider due to: " + ioe, ioe);
- }
- }
- super.preDestruction();
- }
-
- private int getClusterManagerAuthorityProviderThreads(final AuthorityProviderConfigurationContext configurationContext) {
- try {
- return Integer.parseInt(configurationContext.getProperty(CLUSTER_MANAGER_AUTHORITY_PROVIDER_THREADS));
- } catch (NumberFormatException nfe) {
- return DEFAULT_CLUSTER_MANAGER_AUTHORITY_PROVIDER_THREADS;
- }
- }
-
- private InetSocketAddress getClusterManagerAuthorityProviderAddress(final AuthorityProviderConfigurationContext configurationContext) {
- try {
- String socketAddress = properties.getProperty(CLUSTER_MANAGER_ADDRESS);
- if (StringUtils.isBlank(socketAddress)) {
- socketAddress = "localhost";
- }
- return InetSocketAddress.createUnresolved(socketAddress, getClusterManagerAuthorityProviderPort(configurationContext));
- } catch (Exception ex) {
- throw new RuntimeException("Invalid manager authority provider address/port due to: " + ex, ex);
- }
- }
-
- private Integer getClusterManagerAuthorityProviderPort(final AuthorityProviderConfigurationContext configurationContext) {
- final String authorityProviderPort = configurationContext.getProperty(CLUSTER_MANAGER_AUTHORITY_PROVIDER_PORT);
- if (authorityProviderPort == null || authorityProviderPort.trim().isEmpty()) {
- throw new ProviderCreationException("The authority provider port must be specified.");
- }
-
- return Integer.parseInt(authorityProviderPort);
- }
-
- private void dispatchRequest(final Socket socket) {
- try {
- // unmarshall message
- final ProtocolMessageUnmarshaller<ProtocolMessage> unmarshaller = authorityProviderProtocolContext.createUnmarshaller();
- final ProtocolMessage request = unmarshaller.unmarshal(socket.getInputStream());
- final ProtocolMessage response = request;
-
- try {
- switch (request.getType()) {
- case DOES_DN_EXIST: {
- final DoesDnExistMessage castedMsg = (DoesDnExistMessage) request;
- castedMsg.setResponse(doesDnExist(castedMsg.getDn()));
- break;
- }
- case GET_AUTHORITIES: {
- final GetAuthoritiesMessage castedMsg = (GetAuthoritiesMessage) request;
- castedMsg.setResponse(getAuthorities(castedMsg.getDn()));
- break;
- }
- case GET_GROUP_FOR_USER: {
- final GetGroupForUserMessage castedMsg = (GetGroupForUserMessage) request;
- castedMsg.setResponse(getGroupForUser(castedMsg.getDn()));
- break;
- }
- default: {
- throw new Exception("Unsupported Message Type: " + request.getType());
- }
- }
- } catch (final Exception ex) {
- response.setExceptionClass(ex.getClass().getName());
- response.setExceptionMessage(ex.getMessage());
- }
-
- final ProtocolMessageMarshaller<ProtocolMessage> marshaller = authorityProviderProtocolContext.createMarshaller();
- marshaller.marshal(response, socket.getOutputStream());
-
- } catch (final Exception e) {
- logger.warn("Failed processing Socket Authorization Provider protocol message due to " + e, e);
- } finally {
- SocketUtils.closeQuietly(socket);
- }
- }
-
- @Override
- @AuthorityProviderContext
- public void setApplicationContext(final ApplicationContext applicationContext) throws BeansException {
- this.applicationContext = applicationContext;
- }
-
- @Override
- @AuthorityProviderContext
- public void setNiFiProperties(NiFiProperties properties) {
- super.setNiFiProperties(properties);
- this.properties = properties;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/NodeAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/NodeAuthorizationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/NodeAuthorizationProvider.java
deleted file mode 100644
index 840422f..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/NodeAuthorizationProvider.java
+++ /dev/null
@@ -1,389 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization;
-
-import org.apache.nifi.cluster.authorization.protocol.message.DoesDnExistMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.GetAuthoritiesMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.ProtocolMessage;
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.net.Socket;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.TimeUnit;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.AuthorityProviderConfigurationContext;
-import org.apache.nifi.authorization.AuthorityProviderInitializationContext;
-import org.apache.nifi.authorization.DownloadAuthorization;
-import org.apache.nifi.authorization.annotation.AuthorityProviderContext;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.cluster.authorization.protocol.message.GetGroupForUserMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.jaxb.JaxbProtocolUtils;
-import org.apache.nifi.io.socket.SocketConfiguration;
-import org.apache.nifi.io.socket.SocketUtils;
-import org.apache.nifi.io.socket.multicast.DiscoverableService;
-import org.apache.nifi.cluster.protocol.ProtocolContext;
-import org.apache.nifi.cluster.protocol.ProtocolMessageMarshaller;
-import org.apache.nifi.cluster.protocol.ProtocolMessageUnmarshaller;
-import org.apache.nifi.cluster.protocol.impl.ClusterServiceDiscovery;
-import org.apache.nifi.cluster.protocol.impl.ClusterServiceLocator;
-import org.apache.nifi.cluster.protocol.jaxb.JaxbProtocolContext;
-import org.apache.nifi.io.socket.multicast.DiscoverableServiceImpl;
-import org.apache.nifi.io.socket.multicast.MulticastConfiguration;
-import org.apache.nifi.logging.NiFiLog;
-import org.apache.nifi.util.NiFiProperties;
-import static org.apache.nifi.util.NiFiProperties.CLUSTER_NODE_UNICAST_MANAGER_ADDRESS;
-import org.apache.nifi.util.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.BeansException;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
-
-/**
- * Provides authorities for nodes in clustered environments. Communication
- * occurs over TCP/IP sockets. All method calls are communicated to the cluster
- * manager provider via socket.
- */
-public class NodeAuthorizationProvider implements AuthorityProvider, ApplicationContextAware {
-
- private static final Logger logger = new NiFiLog(LoggerFactory.getLogger(NodeAuthorizationProvider.class));
- private static final String CLUSTER_NODE_MANAGER_AUTHORITY_PROVIDER_PORT = "Cluster Manager Authority Provider Port";
-
- private ProtocolContext<ProtocolMessage> authorityProviderProtocolContext;
- private SocketConfiguration socketConfiguration;
- private ClusterServiceLocator serviceLocator;
- private ApplicationContext applicationContext;
- private NiFiProperties properties;
-
- @Override
- public void initialize(AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException {
- }
-
- @Override
- public void onConfigured(final AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException {
- // TODO clear user cache?
-
- // if using multicast, then the authority provider's service is broadcasted
- if (properties.getClusterProtocolUseMulticast()) {
- // create the service discovery
- final ClusterServiceDiscovery serviceDiscovery = new ClusterServiceDiscovery(
- ClusterManagerAuthorizationProvider.AUTHORITY_PROVIDER_SERVIVE_NAME,
- properties.getClusterProtocolMulticastAddress(),
- applicationContext.getBean("protocolMulticastConfiguration", MulticastConfiguration.class),
- applicationContext.getBean("protocolContext", ProtocolContext.class));
-
- // create service location configuration
- final ClusterServiceLocator.AttemptsConfig config = new ClusterServiceLocator.AttemptsConfig();
- config.setNumAttempts(3);
- config.setTimeBetweenAttempts(1);
- config.setTimeBetweenAttempsUnit(TimeUnit.SECONDS);
-
- serviceLocator = new ClusterServiceLocator(serviceDiscovery);
- serviceLocator.setAttemptsConfig(config);
- } else {
- final InetSocketAddress serviceAddress = getClusterNodeManagerAuthorityProviderAddress(configurationContext);
- final DiscoverableService service = new DiscoverableServiceImpl(ClusterManagerAuthorizationProvider.AUTHORITY_PROVIDER_SERVIVE_NAME, serviceAddress);
- serviceLocator = new ClusterServiceLocator(service);
- }
-
- try {
- // start the service locator
- serviceLocator.start();
- } catch (final IOException ioe) {
- throw new ProviderCreationException(ioe);
- }
-
- // the socket configuration
- socketConfiguration = applicationContext.getBean("protocolSocketConfiguration", SocketConfiguration.class);
-
- // initialize the protocol context
- authorityProviderProtocolContext = new JaxbProtocolContext<ProtocolMessage>(JaxbProtocolUtils.JAXB_CONTEXT);
- }
-
- private InetSocketAddress getClusterNodeManagerAuthorityProviderAddress(final AuthorityProviderConfigurationContext configurationContext) {
- try {
- String socketAddress = properties.getProperty(CLUSTER_NODE_UNICAST_MANAGER_ADDRESS);
- if (StringUtils.isBlank(socketAddress)) {
- socketAddress = "localhost";
- }
- return InetSocketAddress.createUnresolved(socketAddress, getClusterNodeManagerAuthorityProviderPort(configurationContext));
- } catch (Exception ex) {
- throw new ProviderCreationException("Invalid cluster manager authority provider address/port due to: " + ex, ex);
- }
- }
-
- private Integer getClusterNodeManagerAuthorityProviderPort(final AuthorityProviderConfigurationContext configurationContext) {
- final String nodeAuthorityProviderPort = configurationContext.getProperty(CLUSTER_NODE_MANAGER_AUTHORITY_PROVIDER_PORT);
- if (nodeAuthorityProviderPort == null || nodeAuthorityProviderPort.trim().isEmpty()) {
- throw new ProviderCreationException("The cluster manager authority provider port must be specified.");
- }
-
- return Integer.parseInt(nodeAuthorityProviderPort);
- }
-
- @Override
- public void setAuthorities(String dn, Set<Authority> authorities) throws AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to set user authorities.");
- }
-
- @Override
- public void addUser(String dn, String group) throws IdentityAlreadyExistsException, AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to add users.");
- }
-
- @Override
- public boolean doesDnExist(String dn) throws AuthorityAccessException {
- // create message
- final DoesDnExistMessage msg = new DoesDnExistMessage();
- msg.setDn(dn);
-
- Socket socket = null;
- try {
-
- final InetSocketAddress socketAddress = getServiceAddress();
- if (socketAddress == null) {
- throw new AuthorityAccessException("Cluster Authority Provider's address is not known.");
- }
-
- try {
- // create a socket
- socket = SocketUtils.createSocket(socketAddress, socketConfiguration);
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed to create socket due to: " + ioe, ioe);
- }
-
- try {
- // marshal message to output stream
- final ProtocolMessageMarshaller marshaller = authorityProviderProtocolContext.createMarshaller();
- marshaller.marshal(msg, socket.getOutputStream());
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed marshalling '" + msg.getType() + "' protocol message due to: " + ioe, ioe);
- }
-
- try {
-
- // unmarshall response and return
- final ProtocolMessageUnmarshaller<ProtocolMessage> unmarshaller = authorityProviderProtocolContext.createUnmarshaller();
- final DoesDnExistMessage response = (DoesDnExistMessage) unmarshaller.unmarshal(socket.getInputStream());
-
- // check if there was an exception
- if (response.wasException()) {
- throw new AuthorityAccessException(response.getExceptionMessage());
- }
-
- // return provider's response
- return response.getResponse();
-
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed unmarshalling '" + msg.getType() + "' response protocol message due to: " + ioe, ioe);
- }
-
- } finally {
- SocketUtils.closeQuietly(socket);
- }
- }
-
- @Override
- public Set<Authority> getAuthorities(String dn) throws UnknownIdentityException, AuthorityAccessException {
- // create message
- final GetAuthoritiesMessage msg = new GetAuthoritiesMessage();
- msg.setDn(dn);
-
- Socket socket = null;
- try {
-
- final InetSocketAddress socketAddress = getServiceAddress();
- if (socketAddress == null) {
- throw new AuthorityAccessException("Cluster Authority Provider's address is not known.");
- }
-
- try {
- // create a socket
- socket = SocketUtils.createSocket(socketAddress, socketConfiguration);
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed to create socket due to: " + ioe, ioe);
- }
-
- try {
- // marshal message to output stream
- final ProtocolMessageMarshaller marshaller = authorityProviderProtocolContext.createMarshaller();
- marshaller.marshal(msg, socket.getOutputStream());
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed marshalling '" + msg.getType() + "' protocol message due to: " + ioe, ioe);
- }
-
- try {
-
- // unmarshall response and return
- final ProtocolMessageUnmarshaller<ProtocolMessage> unmarshaller = authorityProviderProtocolContext.createUnmarshaller();
- final GetAuthoritiesMessage response = (GetAuthoritiesMessage) unmarshaller.unmarshal(socket.getInputStream());
-
- // check if there was an exception
- if (response.wasException()) {
- if (isException(UnknownIdentityException.class, response)) {
- throw new UnknownIdentityException(response.getExceptionMessage());
- } else {
- throw new AuthorityAccessException(response.getExceptionMessage());
- }
- }
-
- // return provider's response
- return response.getResponse();
-
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed unmarshalling '" + msg.getType() + "' response protocol message due to: " + ioe, ioe);
- }
-
- } finally {
- SocketUtils.closeQuietly(socket);
- }
- }
-
- @Override
- public Set<String> getUsers(Authority authority) throws AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to get users for a given authority.");
- }
-
- @Override
- public void revokeUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to revoke users.");
- }
-
- @Override
- public void setUsersGroup(Set<String> dns, String group) throws UnknownIdentityException, AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to set user groups.");
- }
-
- @Override
- public void ungroupUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to ungroup users.");
- }
-
- @Override
- public void ungroup(String group) throws AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to ungroup.");
- }
-
- @Override
- public DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException {
- return DownloadAuthorization.approved();
- }
-
- @Override
- public String getGroupForUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- // create message
- final GetGroupForUserMessage msg = new GetGroupForUserMessage();
- msg.setDn(dn);
-
- Socket socket = null;
- try {
-
- final InetSocketAddress socketAddress = getServiceAddress();
- if (socketAddress == null) {
- throw new AuthorityAccessException("Cluster Authority Provider's address is not known.");
- }
-
- try {
- // create a socket
- socket = SocketUtils.createSocket(socketAddress, socketConfiguration);
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed to create socket due to: " + ioe, ioe);
- }
-
- try {
- // marshal message to output stream
- final ProtocolMessageMarshaller marshaller = authorityProviderProtocolContext.createMarshaller();
- marshaller.marshal(msg, socket.getOutputStream());
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed marshalling '" + msg.getType() + "' protocol message due to: " + ioe, ioe);
- }
-
- try {
-
- // unmarshall response and return
- final ProtocolMessageUnmarshaller<ProtocolMessage> unmarshaller = authorityProviderProtocolContext.createUnmarshaller();
- final GetGroupForUserMessage response = (GetGroupForUserMessage) unmarshaller.unmarshal(socket.getInputStream());
-
- // check if there was an exception
- if (response.wasException()) {
- if (isException(UnknownIdentityException.class, response)) {
- throw new UnknownIdentityException(response.getExceptionMessage());
- } else {
- throw new AuthorityAccessException(response.getExceptionMessage());
- }
- }
-
- return response.getResponse();
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed unmarshalling '" + msg.getType() + "' response protocol message due to: " + ioe, ioe);
- }
-
- } finally {
- SocketUtils.closeQuietly(socket);
- }
- }
-
- @Override
- public void revokeGroup(String group) throws UnknownIdentityException, AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to revoke groups.");
- }
-
- @Override
- public void preDestruction() throws ProviderDestructionException {
- try {
- if (serviceLocator != null && serviceLocator.isRunning()) {
- serviceLocator.stop();
- }
- } catch (final IOException ioe) {
- throw new ProviderDestructionException(ioe);
- }
- }
-
- @Override
- @AuthorityProviderContext
- public void setApplicationContext(final ApplicationContext applicationContext) throws BeansException {
- this.applicationContext = applicationContext;
- }
-
- @AuthorityProviderContext
- public void setNiFiProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
- private InetSocketAddress getServiceAddress() {
- final DiscoverableService service = serviceLocator.getService();
- if (service != null) {
- return service.getServiceAddress();
- }
- return null;
- }
-
- private boolean isException(final Class<? extends Exception> exception, final ProtocolMessage protocolMessage) {
- if (protocolMessage.wasException()) {
- return exception.getName().equals(protocolMessage.getExceptionClass());
- } else {
- return false;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/DoesDnExistMessage.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/DoesDnExistMessage.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/DoesDnExistMessage.java
deleted file mode 100644
index 5436140..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/DoesDnExistMessage.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization.protocol.message;
-
-import javax.xml.bind.annotation.XmlRootElement;
-import org.apache.nifi.cluster.authorization.protocol.message.ProtocolMessage.MessageType;
-
-/**
- */
-@XmlRootElement(name = "doesDnExistMessage")
-public class DoesDnExistMessage extends ProtocolMessage {
-
- private String dn;
-
- private boolean response;
-
- public DoesDnExistMessage() {
- }
-
- @Override
- public MessageType getType() {
- return MessageType.DOES_DN_EXIST;
- }
-
- public String getDn() {
- return dn;
- }
-
- public void setDn(String dn) {
- this.dn = dn;
- }
-
- public boolean getResponse() {
- return response;
- }
-
- public void setResponse(boolean response) {
- this.response = response;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetAuthoritiesMessage.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetAuthoritiesMessage.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetAuthoritiesMessage.java
deleted file mode 100644
index 50d371d..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetAuthoritiesMessage.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization.protocol.message;
-
-import java.util.HashSet;
-import java.util.Set;
-import javax.xml.bind.annotation.XmlRootElement;
-import org.apache.nifi.authorization.Authority;
-
-/**
- */
-@XmlRootElement(name = "getAuthoritiesMessage")
-public class GetAuthoritiesMessage extends ProtocolMessage {
-
- private String dn;
-
- private Set<Authority> response = new HashSet<>();
-
- public GetAuthoritiesMessage() {
- }
-
- @Override
- public MessageType getType() {
- return MessageType.GET_AUTHORITIES;
- }
-
- public String getDn() {
- return dn;
- }
-
- public void setDn(String dn) {
- this.dn = dn;
- }
-
- public Set<Authority> getResponse() {
- return response;
- }
-
- public void setResponse(Set<Authority> response) {
- this.response = response;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetGroupForUserMessage.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetGroupForUserMessage.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetGroupForUserMessage.java
deleted file mode 100644
index 72a6af5..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetGroupForUserMessage.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization.protocol.message;
-
-import javax.xml.bind.annotation.XmlRootElement;
-
-/**
- */
-@XmlRootElement(name = "getGroupForUserMessage")
-public class GetGroupForUserMessage extends ProtocolMessage {
-
- private String dn;
-
- private String response;
-
- public GetGroupForUserMessage() {
- }
-
- @Override
- public MessageType getType() {
- return MessageType.GET_GROUP_FOR_USER;
- }
-
- public String getDn() {
- return dn;
- }
-
- public void setDn(String dn) {
- this.dn = dn;
- }
-
- public String getResponse() {
- return response;
- }
-
- public void setResponse(String response) {
- this.response = response;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/ProtocolMessage.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/ProtocolMessage.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/ProtocolMessage.java
deleted file mode 100644
index ddeb69e..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/ProtocolMessage.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization.protocol.message;
-
-/**
- */
-public abstract class ProtocolMessage {
-
- private String exceptionClass;
- private String exceptionMessage;
-
- public static enum MessageType {
-
- DOES_DN_EXIST,
- GET_AUTHORITIES,
- GET_USERS,
- GET_GROUP_FOR_USER
- }
-
- public abstract MessageType getType();
-
- public boolean wasException() {
- return exceptionClass != null;
- }
-
- public String getExceptionMessage() {
- return exceptionMessage;
- }
-
- public void setExceptionMessage(final String exceptionMessage) {
- this.exceptionMessage = exceptionMessage;
- }
-
- public String getExceptionClass() {
- return exceptionClass;
- }
-
- public void setExceptionClass(String exceptionClass) {
- this.exceptionClass = exceptionClass;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/JaxbProtocolUtils.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/JaxbProtocolUtils.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/JaxbProtocolUtils.java
deleted file mode 100644
index 2a32d84..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/JaxbProtocolUtils.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization.protocol.message.jaxb;
-
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-
-/**
- */
-public final class JaxbProtocolUtils {
-
- public static final String JAXB_CONTEXT_PATH = ObjectFactory.class.getPackage().getName();
-
- public static final JAXBContext JAXB_CONTEXT = initializeJaxbContext();
-
- /**
- * Load the JAXBContext version.
- */
- private static JAXBContext initializeJaxbContext() {
- try {
- return JAXBContext.newInstance(JAXB_CONTEXT_PATH);
- } catch (JAXBException e) {
- throw new RuntimeException("Unable to create JAXBContext.");
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/ObjectFactory.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/ObjectFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/ObjectFactory.java
deleted file mode 100644
index 2e70a19..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/ObjectFactory.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization.protocol.message.jaxb;
-
-import javax.xml.bind.annotation.XmlRegistry;
-import org.apache.nifi.cluster.authorization.protocol.message.DoesDnExistMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.GetAuthoritiesMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.GetGroupForUserMessage;
-
-/**
- */
-@XmlRegistry
-public class ObjectFactory {
-
- public ObjectFactory() {
- }
-
- public DoesDnExistMessage createDoesDnExistMessage() {
- return new DoesDnExistMessage();
- }
-
- public GetAuthoritiesMessage createGetAuthoritiesMessage() {
- return new GetAuthoritiesMessage();
- }
-
- public GetGroupForUserMessage createGetGroupForUserMessage() {
- return new GetGroupForUserMessage();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
deleted file mode 100644
index 56f4c3e..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
+++ /dev/null
@@ -1,16 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-org.apache.nifi.cluster.authorization.ClusterManagerAuthorizationProvider
-org.apache.nifi.cluster.authorization.NodeAuthorizationProvider
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-documentation/src/test/resources/conf/nifi.properties
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-documentation/src/test/resources/conf/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-documentation/src/test/resources/conf/nifi.properties
index bfc9376..c6b5d36 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-documentation/src/test/resources/conf/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-documentation/src/test/resources/conf/nifi.properties
@@ -84,11 +84,7 @@ nifi.security.truststore=
nifi.security.truststoreType=
nifi.security.truststorePasswd=
nifi.security.needClientAuth=
-nifi.security.authorizedUsers.file=./target/conf/authorized-users.xml
-nifi.security.user.credential.cache.duration=24 hours
-nifi.security.user.authority.provider=nifi.authorization.FileAuthorizationProvider
-nifi.security.support.new.account.requests=
-nifi.security.default.user.roles=
+nifi.security.user.authorizer=
# cluster common properties (cluster manager and nodes must have same values) #
nifi.cluster.protocol.heartbeat.interval=5 sec
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/pom.xml
deleted file mode 100644
index caa75de..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/pom.xml
+++ /dev/null
@@ -1,85 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-framework</artifactId>
- <version>1.0.0-SNAPSHOT</version>
- </parent>
- <artifactId>nifi-file-authorization-provider</artifactId>
- <build>
- <resources>
- <resource>
- <directory>src/main/resources</directory>
- </resource>
- <resource>
- <directory>src/main/xsd</directory>
- </resource>
- </resources>
- <plugins>
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>jaxb2-maven-plugin</artifactId>
- <executions>
- <execution>
- <id>xjc</id>
- <goals>
- <goal>xjc</goal>
- </goals>
- <configuration>
- <packageName>org.apache.nifi.user.generated</packageName>
- </configuration>
- </execution>
- </executions>
- <configuration>
- <generateDirectory>${project.build.directory}/generated-sources/jaxb</generateDirectory>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-checkstyle-plugin</artifactId>
- <configuration>
- <excludes>**/user/generated/*.java</excludes>
- </configuration>
- </plugin>
-
- </plugins>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-utils</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-properties</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-lang3</artifactId>
- </dependency>
- <dependency>
- <groupId>commons-codec</groupId>
- <artifactId>commons-codec</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/java/org/apache/nifi/authorization/FileAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/java/org/apache/nifi/authorization/FileAuthorizationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/java/org/apache/nifi/authorization/FileAuthorizationProvider.java
deleted file mode 100644
index 9c2cad5..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/java/org/apache/nifi/authorization/FileAuthorizationProvider.java
+++ /dev/null
@@ -1,496 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Collection;
-import java.util.EnumSet;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import javax.xml.XMLConstants;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.transform.stream.StreamSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.SchemaFactory;
-import org.apache.nifi.authorization.annotation.AuthorityProviderContext;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.util.file.FileUtils;
-import org.apache.nifi.user.generated.ObjectFactory;
-import org.apache.nifi.user.generated.Role;
-import org.apache.nifi.user.generated.User;
-import org.apache.nifi.user.generated.Users;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.xml.sax.SAXException;
-
-/**
- * Provides identity checks and grants authorities.
- */
-public class FileAuthorizationProvider implements AuthorityProvider {
-
- private static final Logger logger = LoggerFactory.getLogger(FileAuthorizationProvider.class);
- private static final String USERS_XSD = "/users.xsd";
- private static final String JAXB_GENERATED_PATH = "org.apache.nifi.user.generated";
- private static final JAXBContext JAXB_CONTEXT = initializeJaxbContext();
-
- /**
- * Load the JAXBContext.
- */
- private static JAXBContext initializeJaxbContext() {
- try {
- return JAXBContext.newInstance(JAXB_GENERATED_PATH, FileAuthorizationProvider.class.getClassLoader());
- } catch (JAXBException e) {
- throw new RuntimeException("Unable to create JAXBContext.");
- }
- }
-
- private NiFiProperties properties;
- private File usersFile;
- private File restoreUsersFile;
- private Users users;
- private final Set<String> defaultAuthorities = new HashSet<>();
-
- @Override
- public void initialize(final AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException {
- }
-
- @Override
- public void onConfigured(final AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException {
- try {
- final String usersFilePath = configurationContext.getProperty("Authorized Users File");
- if (usersFilePath == null || usersFilePath.trim().isEmpty()) {
- throw new ProviderCreationException("The authorized users file must be specified.");
- }
-
- // the users file instance will never be null because a default is used
- usersFile = new File(usersFilePath);
- final File usersFileDirectory = usersFile.getParentFile();
-
- // the restore directory is optional and may be null
- final File restoreDirectory = properties.getRestoreDirectory();
-
- if (restoreDirectory != null) {
-
- // sanity check that restore directory is a directory, creating it if necessary
- FileUtils.ensureDirectoryExistAndCanAccess(restoreDirectory);
-
- // check that restore directory is not the same as the primary directory
- if (usersFileDirectory.getAbsolutePath().equals(restoreDirectory.getAbsolutePath())) {
- throw new ProviderCreationException(String.format("Authorized User's directory '%s' is the same as restore directory '%s' ",
- usersFileDirectory.getAbsolutePath(), restoreDirectory.getAbsolutePath()));
- }
-
- // the restore copy will have same file name, but reside in a different directory
- restoreUsersFile = new File(restoreDirectory, usersFile.getName());
-
- // sync the primary copy with the restore copy
- try {
- FileUtils.syncWithRestore(usersFile, restoreUsersFile, logger);
- } catch (final IOException | IllegalStateException ioe) {
- throw new ProviderCreationException(ioe);
- }
-
- }
-
- // load the users from the specified file
- if (usersFile.exists()) {
- // find the schema
- final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
- final Schema schema = schemaFactory.newSchema(FileAuthorizationProvider.class.getResource(USERS_XSD));
-
- // attempt to unmarshal
- final Unmarshaller unmarshaller = JAXB_CONTEXT.createUnmarshaller();
- unmarshaller.setSchema(schema);
- final JAXBElement<Users> element = unmarshaller.unmarshal(new StreamSource(usersFile), Users.class);
- users = element.getValue();
- } else {
- final ObjectFactory objFactory = new ObjectFactory();
- users = objFactory.createUsers();
- }
-
- // attempt to load a default roles
- final String rawDefaultAuthorities = configurationContext.getProperty("Default User Roles");
- if (StringUtils.isNotBlank(rawDefaultAuthorities)) {
- final Set<String> invalidDefaultAuthorities = new HashSet<>();
-
- // validate the specified authorities
- final String[] rawDefaultAuthorityList = rawDefaultAuthorities.split(",");
- for (String rawAuthority : rawDefaultAuthorityList) {
- rawAuthority = rawAuthority.trim();
- final Authority authority = Authority.valueOfAuthority(rawAuthority);
- if (authority == null) {
- invalidDefaultAuthorities.add(rawAuthority);
- } else {
- defaultAuthorities.add(rawAuthority);
- }
- }
-
- // report any unrecognized authorities
- if (!invalidDefaultAuthorities.isEmpty()) {
- logger.warn(String.format("The following default role(s) '%s' were not recognized. Possible values: %s.",
- StringUtils.join(invalidDefaultAuthorities, ", "), StringUtils.join(Authority.getRawAuthorities(), ", ")));
- }
- }
- } catch (IOException | ProviderCreationException | SAXException | JAXBException e) {
- throw new ProviderCreationException(e);
- }
-
- }
-
- @Override
- public void preDestruction() {
- }
-
- private boolean hasDefaultRoles() {
- return !defaultAuthorities.isEmpty();
- }
-
- @Override
- public boolean doesDnExist(String dn) throws AuthorityAccessException {
- if (hasDefaultRoles()) {
- return true;
- }
-
- final User user = getUser(dn);
- return user != null;
- }
-
- @Override
- public synchronized Set<Authority> getAuthorities(String dn) throws UnknownIdentityException, AuthorityAccessException {
- final Set<Authority> authorities = EnumSet.noneOf(Authority.class);
-
- // get the user
- final User user = getUser(dn);
-
- // ensure the user was located
- if (user == null) {
- if (hasDefaultRoles()) {
- logger.debug(String.format("User DN not found: %s. Creating new user with default roles.", dn));
-
- // create the user (which will automatically add any default authorities)
- addUser(dn, null);
-
- // get the authorities for the newly created user
- authorities.addAll(getAuthorities(dn));
- } else {
- throw new UnknownIdentityException(String.format("User DN not found: %s.", dn));
- }
- } else {
- // create the authorities that this user has
- for (final Role role : user.getRole()) {
- authorities.add(Authority.valueOfAuthority(role.getName()));
- }
- }
-
- return authorities;
- }
-
- @Override
- public synchronized void setAuthorities(String dn, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException {
- // get the user
- final User user = getUser(dn);
-
- // ensure the user was located
- if (user == null) {
- throw new UnknownIdentityException(String.format("User DN not found: %s.", dn));
- }
-
- // add the user authorities
- setUserAuthorities(user, authorities);
-
- try {
- // save the file
- save();
- } catch (Exception e) {
- throw new AuthorityAccessException(e.getMessage(), e);
- }
- }
-
- private void setUserAuthorities(final User user, final Set<Authority> authorities) {
- // clear the existing rules
- user.getRole().clear();
-
- // set the new roles
- final ObjectFactory objFactory = new ObjectFactory();
- for (final Authority authority : authorities) {
- final Role role = objFactory.createRole();
- role.setName(authority.toString());
-
- // add the new role
- user.getRole().add(role);
- }
- }
-
- @Override
- public synchronized void addUser(String dn, String group) throws IdentityAlreadyExistsException, AuthorityAccessException {
- final User user = getUser(dn);
-
- // ensure the user doesn't already exist
- if (user != null) {
- throw new IdentityAlreadyExistsException(String.format("User DN already exists: %s", dn));
- }
-
- // create the new user
- final ObjectFactory objFactory = new ObjectFactory();
- final User newUser = objFactory.createUser();
-
- // set the user properties
- newUser.setDn(dn);
- newUser.setGroup(group);
-
- // add default roles if appropriate
- if (hasDefaultRoles()) {
- for (final String authority : defaultAuthorities) {
- Role role = objFactory.createRole();
- role.setName(authority);
-
- // add the role
- newUser.getRole().add(role);
- }
- }
-
- // add the user
- users.getUser().add(newUser);
-
- try {
- // save the file
- save();
- } catch (Exception e) {
- throw new AuthorityAccessException(e.getMessage(), e);
- }
- }
-
- @Override
- public synchronized Set<String> getUsers(Authority authority) throws AuthorityAccessException {
- final Set<String> userSet = new HashSet<>();
- for (final User user : users.getUser()) {
- for (final Role role : user.getRole()) {
- if (role.getName().equals(authority.toString())) {
- userSet.add(user.getDn());
- }
- }
- }
- return userSet;
- }
-
- @Override
- public synchronized void revokeUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- // get the user
- final User user = getUser(dn);
-
- // ensure the user was located
- if (user == null) {
- throw new UnknownIdentityException(String.format("User DN not found: %s.", dn));
- }
-
- // remove the specified user
- users.getUser().remove(user);
-
- try {
- // save the file
- save();
- } catch (Exception e) {
- throw new AuthorityAccessException(e.getMessage(), e);
- }
- }
-
- @Override
- public void setUsersGroup(Set<String> dns, String group) throws UnknownIdentityException, AuthorityAccessException {
- final Collection<User> groupedUsers = new HashSet<>();
-
- // get the specified users
- for (final String dn : dns) {
- // get the user
- final User user = getUser(dn);
-
- // ensure the user was located
- if (user == null) {
- throw new UnknownIdentityException(String.format("User DN not found: %s.", dn));
- }
-
- groupedUsers.add(user);
- }
-
- // update each user group
- for (final User user : groupedUsers) {
- user.setGroup(group);
- }
-
- try {
- // save the file
- save();
- } catch (Exception e) {
- throw new AuthorityAccessException(e.getMessage(), e);
- }
- }
-
- @Override
- public void ungroupUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- // get the user
- final User user = getUser(dn);
-
- // ensure the user was located
- if (user == null) {
- throw new UnknownIdentityException(String.format("User DN not found: %s.", dn));
- }
-
- // remove the users group
- user.setGroup(null);
-
- try {
- // save the file
- save();
- } catch (Exception e) {
- throw new AuthorityAccessException(e.getMessage(), e);
- }
- }
-
- @Override
- public void ungroup(String group) throws AuthorityAccessException {
- // get the user group
- final Collection<User> userGroup = getUserGroup(group);
-
- // ensure the user group was located
- if (userGroup == null) {
- return;
- }
-
- // update each user group
- for (final User user : userGroup) {
- user.setGroup(null);
- }
-
- try {
- // save the file
- save();
- } catch (Exception e) {
- throw new AuthorityAccessException(e.getMessage(), e);
- }
- }
-
- @Override
- public String getGroupForUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- // get the user
- final User user = getUser(dn);
-
- // ensure the user was located
- if (user == null) {
- throw new UnknownIdentityException(String.format("User DN not found: %s.", dn));
- }
-
- return user.getGroup();
- }
-
- @Override
- public void revokeGroup(String group) throws UnknownIdentityException, AuthorityAccessException {
- // get the user group
- final Collection<User> userGroup = getUserGroup(group);
-
- // ensure the user group was located
- if (userGroup == null) {
- throw new UnknownIdentityException(String.format("User group not found: %s.", group));
- }
-
- // remove each user in the group
- for (final User user : userGroup) {
- users.getUser().remove(user);
- }
-
- try {
- // save the file
- save();
- } catch (Exception e) {
- throw new AuthorityAccessException(e.getMessage(), e);
- }
- }
-
- /**
- * Grants access to download content regardless of FlowFile attributes.
- */
- @Override
- public DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException {
- return DownloadAuthorization.approved();
- }
-
- private User getUser(String dn) throws UnknownIdentityException {
- // ensure the DN was specified
- if (dn == null) {
- throw new UnknownIdentityException("User DN not specified.");
- }
-
- // attempt to get the user and ensure it was located
- User desiredUser = null;
- for (final User user : users.getUser()) {
- if (dn.equalsIgnoreCase(user.getDn())) {
- desiredUser = user;
- break;
- }
- }
-
- return desiredUser;
- }
-
- private Collection<User> getUserGroup(String group) throws UnknownIdentityException {
- // ensure the DN was specified
- if (group == null) {
- throw new UnknownIdentityException("User group not specified.");
- }
-
- // get all users with this group
- Collection<User> userGroup = null;
- for (final User user : users.getUser()) {
- if (group.equals(user.getGroup())) {
- if (userGroup == null) {
- userGroup = new HashSet<>();
- }
- userGroup.add(user);
- }
- }
-
- return userGroup;
- }
-
- private void save() throws Exception {
- final Marshaller marshaller = JAXB_CONTEXT.createMarshaller();
- marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
-
- // save users to restore directory before primary directory
- if (restoreUsersFile != null) {
- marshaller.marshal(users, restoreUsersFile);
- }
-
- // save users to primary directory
- marshaller.marshal(users, usersFile);
- }
-
- @AuthorityProviderContext
- public void setNiFiProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
deleted file mode 100755
index 93d2941..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
+++ /dev/null
@@ -1,15 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-org.apache.nifi.authorization.FileAuthorizationProvider
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/xsd/users.xsd
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/xsd/users.xsd b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/xsd/users.xsd
deleted file mode 100644
index 4ee1e17..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/xsd/users.xsd
+++ /dev/null
@@ -1,64 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
- <!-- role -->
- <xs:complexType name="Role">
- <xs:attribute name="name">
- <xs:simpleType>
- <xs:restriction base="xs:string">
- <xs:enumeration value="ROLE_MONITOR"/>
- <xs:enumeration value="ROLE_PROVENANCE"/>
- <xs:enumeration value="ROLE_DFM"/>
- <xs:enumeration value="ROLE_ADMIN"/>
- <xs:enumeration value="ROLE_PROXY"/>
- <xs:enumeration value="ROLE_NIFI"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- </xs:complexType>
-
- <!-- user -->
- <xs:complexType name="User">
- <xs:sequence>
- <xs:element name="role" type="Role" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="dn">
- <xs:simpleType>
- <xs:restriction base="xs:string">
- <xs:minLength value="1"/>
- <xs:pattern value=".*[^\s].*"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- <xs:attribute name="group">
- <xs:simpleType>
- <xs:restriction base="xs:string">
- <xs:minLength value="1"/>
- <xs:pattern value=".*[^\s].*"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- </xs:complexType>
-
- <!-- users -->
- <xs:element name="users">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="user" type="User" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-</xs:schema>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/test/java/org/apache/nifi/authorization/FileAuthorizationProviderTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/test/java/org/apache/nifi/authorization/FileAuthorizationProviderTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/test/java/org/apache/nifi/authorization/FileAuthorizationProviderTest.java
deleted file mode 100644
index 7428500..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/test/java/org/apache/nifi/authorization/FileAuthorizationProviderTest.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.util.file.FileUtils;
-import org.apache.nifi.util.NiFiProperties;
-import org.junit.After;
-import static org.junit.Assert.assertEquals;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.Ignore;
-import org.mockito.Mockito;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-@Ignore
-public class FileAuthorizationProviderTest {
-
- private FileAuthorizationProvider provider;
-
- private File primary;
-
- private File restore;
-
- private NiFiProperties mockProperties;
-
- private AuthorityProviderConfigurationContext mockConfigurationContext;
-
- @Before
- public void setup() throws IOException {
-
- primary = new File("target/primary/users.txt");
- restore = new File("target/restore/users.txt");
-
- System.out.println("absolute path: " + primary.getAbsolutePath());
-
- mockProperties = mock(NiFiProperties.class);
- when(mockProperties.getRestoreDirectory()).thenReturn(restore.getParentFile());
-
- mockConfigurationContext = mock(AuthorityProviderConfigurationContext.class);
- when(mockConfigurationContext.getProperty(Mockito.eq("Authorized Users File"))).thenReturn(primary.getPath());
-
- provider = new FileAuthorizationProvider();
- provider.setNiFiProperties(mockProperties);
- provider.initialize(null);
- }
-
- @After
- public void cleanup() throws Exception {
- deleteFile(primary);
- deleteFile(restore);
- }
-
- private boolean deleteFile(final File file) {
- if (file.isDirectory()) {
- FileUtils.deleteFilesInDir(file, null, null, true, true);
- }
- return FileUtils.deleteFile(file, null, 10);
- }
-
- @Test
- public void testPostContructionWhenRestoreDoesNotExist() throws Exception {
-
- byte[] primaryBytes = "<users/>".getBytes();
- FileOutputStream fos = new FileOutputStream(primary);
- fos.write(primaryBytes);
- fos.close();
-
- provider.onConfigured(mockConfigurationContext);
- assertEquals(primary.length(), restore.length());
- }
-
- @Test
- public void testPostContructionWhenPrimaryDoesNotExist() throws Exception {
-
- byte[] restoreBytes = "<users/>".getBytes();
- FileOutputStream fos = new FileOutputStream(restore);
- fos.write(restoreBytes);
- fos.close();
-
- provider.onConfigured(mockConfigurationContext);
- assertEquals(restore.length(), primary.length());
-
- }
-
- @Test(expected = ProviderCreationException.class)
- public void testPostContructionWhenPrimaryDifferentThanRestore() throws Exception {
-
- byte[] primaryBytes = "<users></users>".getBytes();
- FileOutputStream fos = new FileOutputStream(primary);
- fos.write(primaryBytes);
- fos.close();
-
- byte[] restoreBytes = "<users/>".getBytes();
- fos = new FileOutputStream(restore);
- fos.write(restoreBytes);
- fos.close();
-
- provider.onConfigured(mockConfigurationContext);
- }
-
- @Test
- public void testPostContructionWhenPrimaryAndBackupDoNotExist() throws Exception {
-
- provider.onConfigured(mockConfigurationContext);
- assertEquals(0, restore.length());
- assertEquals(restore.length(), primary.length());
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
index 174e501..8529caf 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java
@@ -19,7 +19,7 @@ package org.apache.nifi.authorization;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authorization.annotation.AuthorizerContext;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
+import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.generated.Authorization;
import org.apache.nifi.authorization.generated.Resource;
import org.apache.nifi.authorization.generated.Resources;
@@ -85,21 +85,21 @@ public class FileAuthorizer implements Authorizer {
private final AtomicReference<Map<String, Map<String, Set<RequestAction>>>> authorizations = new AtomicReference<>();
@Override
- public void initialize(final AuthorizerInitializationContext initializationContext) throws ProviderCreationException {
+ public void initialize(final AuthorizerInitializationContext initializationContext) throws AuthorizerCreationException {
}
@Override
- public void onConfigured(final AuthorizerConfigurationContext configurationContext) throws ProviderCreationException {
+ public void onConfigured(final AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
try {
final PropertyValue authorizationsPath = configurationContext.getProperty("Authorizations File");
if (StringUtils.isBlank(authorizationsPath.getValue())) {
- throw new ProviderCreationException("The authorizations file must be specified.");
+ throw new AuthorizerCreationException("The authorizations file must be specified.");
}
// get the authorizations file and ensure it exists
authorizationsFile = new File(authorizationsPath.getValue());
if (!authorizationsFile.exists()) {
- throw new ProviderCreationException("The authorizations file must exist.");
+ throw new AuthorizerCreationException("The authorizations file must exist.");
}
final File authorizationsFileDirectory = authorizationsFile.getAbsoluteFile().getParentFile();
@@ -112,7 +112,7 @@ public class FileAuthorizer implements Authorizer {
// check that restore directory is not the same as the primary directory
if (authorizationsFileDirectory.getAbsolutePath().equals(restoreDirectory.getAbsolutePath())) {
- throw new ProviderCreationException(String.format("Authorizations file directory '%s' is the same as restore directory '%s' ",
+ throw new AuthorizerCreationException(String.format("Authorizations file directory '%s' is the same as restore directory '%s' ",
authorizationsFileDirectory.getAbsolutePath(), restoreDirectory.getAbsolutePath()));
}
@@ -123,7 +123,7 @@ public class FileAuthorizer implements Authorizer {
// sync the primary copy with the restore copy
FileUtils.syncWithRestore(authorizationsFile, restoreAuthorizationsFile, logger);
} catch (final IOException | IllegalStateException ioe) {
- throw new ProviderCreationException(ioe);
+ throw new AuthorizerCreationException(ioe);
}
}
@@ -160,8 +160,8 @@ public class FileAuthorizer implements Authorizer {
}
}
}, reloadInterval, reloadInterval, TimeUnit.MILLISECONDS);
- } catch (IOException | ProviderCreationException | SAXException | JAXBException | IllegalStateException e) {
- throw new ProviderCreationException(e);
+ } catch (IOException | AuthorizerCreationException | SAXException | JAXBException | IllegalStateException e) {
+ throw new AuthorizerCreationException(e);
}
}