You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2016/04/07 22:23:36 UTC
[8/9] nifi git commit: Revert "NIFI-1551:"
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java
new file mode 100644
index 0000000..4e2cc26
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java
@@ -0,0 +1,172 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.dao.impl;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.EnumSet;
+import java.util.Set;
+import org.apache.nifi.admin.RepositoryUtils;
+import org.apache.nifi.admin.dao.AuthorityDAO;
+import org.apache.nifi.admin.dao.DataAccessException;
+import org.apache.nifi.authorization.Authority;
+
+/**
+ *
+ */
+public class StandardAuthorityDAO implements AuthorityDAO {
+
+ private static final String SELECT_AUTHORITIES_FOR_USER = "SELECT ID, ROLE "
+ + "FROM AUTHORITY "
+ + "WHERE USER_ID = ?";
+
+ private static final String INSERT_AUTHORITY = "INSERT INTO AUTHORITY ("
+ + "USER_ID, ROLE"
+ + ") VALUES ("
+ + "?, ?"
+ + ")";
+
+ private static final String DELETE_AUTHORITY = "DELETE FROM AUTHORITY "
+ + "WHERE USER_ID = ? AND ROLE = ?";
+
+ private static final String DELETE_AUTHORITIES_FOR_USER = "DELETE FROM AUTHORITY "
+ + "WHERE USER_ID = ?";
+
+ private final Connection connection;
+
+ public StandardAuthorityDAO(Connection connection) {
+ this.connection = connection;
+ }
+
+ @Override
+ public void createAuthorities(Set<Authority> authorities, String userId) throws DataAccessException {
+ if (authorities == null) {
+ throw new IllegalArgumentException("Specified authorities cannot be null.");
+ }
+
+ // ensure there are some authorities to create
+ if (!authorities.isEmpty()) {
+ PreparedStatement statement = null;
+ try {
+ // add each authority for the specified user
+ statement = connection.prepareStatement(INSERT_AUTHORITY);
+ statement.setString(1, userId);
+ for (Authority authority : authorities) {
+ statement.setString(2, authority.toString());
+ statement.addBatch();
+ }
+
+ // insert the authorities
+ int[] updateCounts = statement.executeBatch();
+ for (int updateCount : updateCounts) {
+ if (updateCount != 1) {
+ throw new DataAccessException("Unable to insert user authorities.");
+ }
+ }
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } catch (DataAccessException dae) {
+ throw dae;
+ } finally {
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+ }
+
+ @Override
+ public void deleteAuthorities(String userId) throws DataAccessException {
+ // ensure there are some authorities to create
+ PreparedStatement statement = null;
+ try {
+ // add each authority for the specified user
+ statement = connection.prepareStatement(DELETE_AUTHORITIES_FOR_USER);
+ statement.setString(1, userId);
+
+ // insert the authorities
+ statement.executeUpdate();
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } finally {
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+
+ @Override
+ public void deleteAuthorities(Set<Authority> authorities, String userId) throws DataAccessException {
+ if (authorities == null) {
+ throw new IllegalArgumentException("Specified authorities cannot be null.");
+ }
+
+ // ensure there are some authorities to create
+ if (!authorities.isEmpty()) {
+ PreparedStatement statement = null;
+ try {
+ // add each authority for the specified user
+ statement = connection.prepareStatement(DELETE_AUTHORITY);
+ statement.setString(1, userId);
+ for (Authority authority : authorities) {
+ statement.setString(2, authority.toString());
+ statement.addBatch();
+ }
+
+ // insert the authorities
+ int[] updateCounts = statement.executeBatch();
+ for (int updateCount : updateCounts) {
+ if (updateCount != 1) {
+ throw new DataAccessException("Unable to remove user authorities.");
+ }
+ }
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } catch (DataAccessException dae) {
+ throw dae;
+ } finally {
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+ }
+
+ @Override
+ public Set<Authority> findAuthoritiesByUserId(String userId) throws DataAccessException {
+ Set<Authority> authorities = EnumSet.noneOf(Authority.class);
+ PreparedStatement statement = null;
+ ResultSet rs = null;
+ try {
+ // add each authority for the specified user
+ statement = connection.prepareStatement(SELECT_AUTHORITIES_FOR_USER);
+ statement.setString(1, userId);
+
+ // execute the query
+ rs = statement.executeQuery();
+
+ // create each corresponding authority
+ while (rs.next()) {
+ authorities.add(Authority.valueOfAuthority(rs.getString("ROLE")));
+ }
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } finally {
+ RepositoryUtils.closeQuietly(rs);
+ RepositoryUtils.closeQuietly(statement);
+ }
+
+ return authorities;
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java
new file mode 100644
index 0000000..20356e3
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java
@@ -0,0 +1,641 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.dao.impl;
+
+import java.nio.charset.StandardCharsets;
+import java.sql.Connection;
+import org.apache.nifi.admin.dao.UserDAO;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+import java.sql.Types;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.UUID;
+import org.apache.nifi.admin.RepositoryUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.admin.dao.DataAccessException;
+import org.apache.nifi.authorization.Authority;
+import org.apache.nifi.user.AccountStatus;
+import org.apache.nifi.user.NiFiUser;
+
+/**
+ * Responsible for loading and persisting NiFiUsers.
+ */
+public class StandardUserDAO implements UserDAO {
+
+ private static final String SELECT_PENDING_ACCOUNTS_COUNT = "SELECT "
+ + "COUNT(*) as PENDING_ACCOUNTS "
+ + "FROM USER U "
+ + "WHERE U.STATUS = 'PENDING'";
+
+ private static final String SELECT_USER_BY_USER = "SELECT "
+ + "U.ID, "
+ + "U.IDENTITY, "
+ + "U.USER_NAME, "
+ + "U.USER_GROUP, "
+ + "U.CREATION, "
+ + "U.LAST_ACCESSED, "
+ + "U.LAST_VERIFIED, "
+ + "U.JUSTIFICATION, "
+ + "U.STATUS, "
+ + "A.ROLE "
+ + "FROM USER U "
+ + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
+ + "ON U.ID = A.USER_ID "
+ + "WHERE U.IDENTITY = ?";
+
+ private static final String SELECT_USER_BY_ID = "SELECT "
+ + "U.ID, "
+ + "U.IDENTITY, "
+ + "U.USER_NAME, "
+ + "U.USER_GROUP, "
+ + "U.CREATION, "
+ + "U.LAST_ACCESSED, "
+ + "U.LAST_VERIFIED, "
+ + "U.JUSTIFICATION, "
+ + "U.STATUS, "
+ + "A.ROLE "
+ + "FROM USER U "
+ + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
+ + "ON U.ID = A.USER_ID "
+ + "WHERE U.ID = ?";
+
+ private static final String SELECT_USERS = "SELECT "
+ + "U.ID, "
+ + "U.IDENTITY, "
+ + "U.USER_NAME, "
+ + "U.USER_GROUP, "
+ + "U.CREATION, "
+ + "U.LAST_ACCESSED, "
+ + "U.LAST_VERIFIED, "
+ + "U.JUSTIFICATION, "
+ + "U.STATUS, "
+ + "A.ROLE "
+ + "FROM USER U "
+ + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
+ + "ON U.ID = A.USER_ID "
+ + "WHERE U.IDENTITY <> ?";
+
+ private static final String SELECT_USER_GROUPS = "SELECT DISTINCT "
+ + "U.USER_GROUP "
+ + "FROM USER U";
+
+ private static final String SELECT_USER_GROUP = "SELECT "
+ + "U.ID, "
+ + "U.IDENTITY, "
+ + "U.USER_NAME, "
+ + "U.USER_GROUP, "
+ + "U.CREATION, "
+ + "U.LAST_ACCESSED, "
+ + "U.LAST_VERIFIED, "
+ + "U.JUSTIFICATION, "
+ + "U.STATUS, "
+ + "A.ROLE "
+ + "FROM USER U "
+ + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
+ + "ON U.ID = A.USER_ID "
+ + "WHERE U.IDENTITY <> ? AND U.USER_GROUP = ?";
+
+ private static final String INSERT_USER = "INSERT INTO USER ("
+ + "ID, IDENTITY, USER_NAME, USER_GROUP, CREATION, LAST_VERIFIED, JUSTIFICATION, STATUS"
+ + ") VALUES ("
+ + "?, "
+ + "?, "
+ + "?, "
+ + "?, "
+ + "NOW(), "
+ + "?, "
+ + "?, "
+ + "?"
+ + ")";
+
+ private static final String UPDATE_USER = "UPDATE USER SET "
+ + "IDENTITY = ?, "
+ + "USER_NAME = ?, "
+ + "USER_GROUP = ?, "
+ + "LAST_ACCESSED = ?, "
+ + "LAST_VERIFIED = ?, "
+ + "JUSTIFICATION = ?, "
+ + "STATUS = ? "
+ + "WHERE ID = ?";
+
+ private static final String UPDATE_USER_GROUP_STATUS = "UPDATE USER SET "
+ + "STATUS = ?,"
+ + "USER_GROUP = NULL "
+ + "WHERE USER_GROUP = ?";
+
+ private static final String UPDATE_USER_GROUP_VERIFICATION = "UPDATE USER SET "
+ + "LAST_VERIFIED = ? "
+ + "WHERE USER_GROUP = ?";
+
+ private static final String UNGROUP_GROUP = "UPDATE USER SET "
+ + "USER_GROUP = NULL "
+ + "WHERE USER_GROUP = ?";
+
+ private static final String DELETE_USER = "DELETE FROM USER "
+ + "WHERE ID = ?";
+
+ private final Connection connection;
+
+ public StandardUserDAO(Connection connection) {
+ this.connection = connection;
+ }
+
+ @Override
+ public Boolean hasPendingUserAccounts() throws DataAccessException {
+ PreparedStatement statement = null;
+ ResultSet rs = null;
+ try {
+ // create the connection and obtain a statement
+ statement = connection.prepareStatement(SELECT_PENDING_ACCOUNTS_COUNT);
+
+ // execute the query
+ rs = statement.executeQuery();
+
+ // get the first row which will contain the number of pending accounts
+ if (rs.next()) {
+ int pendingAccounts = rs.getInt("PENDING_ACCOUNTS");
+ return pendingAccounts > 0;
+ }
+
+ // query returned no results?
+ return false;
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } finally {
+ RepositoryUtils.closeQuietly(rs);
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+
+ @Override
+ public Set<NiFiUser> findUsers() throws DataAccessException {
+ Set<NiFiUser> users = new HashSet<>();
+
+ PreparedStatement statement = null;
+ ResultSet rs = null;
+ try {
+ // create the connection and obtain a statement
+ statement = connection.prepareStatement(SELECT_USERS);
+ statement.setString(1, NiFiUser.ANONYMOUS_USER_IDENTITY);
+
+ // execute the query
+ rs = statement.executeQuery();
+
+ // create the user
+ NiFiUser user = null;
+
+ // go through the user and its roles
+ while (rs.next()) {
+ // get the user id for the current record
+ String userId = rs.getString("ID");
+
+ // create the user during the first iteration
+ if (user == null || !userId.equals(user.getId())) {
+ user = new NiFiUser();
+ user.setId(userId);
+ user.setIdentity(rs.getString("IDENTITY"));
+ user.setUserName(rs.getString("USER_NAME"));
+ user.setUserGroup(rs.getString("USER_GROUP"));
+ user.setJustification(rs.getString("JUSTIFICATION"));
+ user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
+
+ // set the creation date
+ user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
+
+ // get the last accessed date
+ if (rs.getTimestamp("LAST_ACCESSED") != null) {
+ user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
+ }
+
+ // get the last verified date
+ if (rs.getTimestamp("LAST_VERIFIED") != null) {
+ user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
+ }
+
+ // add the user
+ users.add(user);
+ }
+
+ // the select statement performs a left join since the desired
+ // user may not have any authorities
+ String authority = rs.getString("ROLE");
+ if (StringUtils.isNotBlank(authority)) {
+ user.getAuthorities().add(Authority.valueOfAuthority(authority));
+ }
+ }
+
+ return users;
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } finally {
+ RepositoryUtils.closeQuietly(rs);
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+
+ @Override
+ public Set<String> findUserGroups() throws DataAccessException {
+ Set<String> userGroups = new HashSet<>();
+
+ PreparedStatement statement = null;
+ ResultSet rs = null;
+ try {
+ // create the connection and obtain a statement
+ statement = connection.prepareStatement(SELECT_USER_GROUPS);
+
+ // execute the query
+ rs = statement.executeQuery();
+
+ // get each user group
+ while (rs.next()) {
+ userGroups.add(rs.getString("USER_GROUP"));
+ }
+
+ return userGroups;
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } finally {
+ RepositoryUtils.closeQuietly(rs);
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+
+ @Override
+ public Set<NiFiUser> findUsersForGroup(String group) throws DataAccessException {
+ Set<NiFiUser> users = new HashSet<>();
+
+ PreparedStatement statement = null;
+ ResultSet rs = null;
+ try {
+ // create the connection and obtain a statement
+ statement = connection.prepareStatement(SELECT_USER_GROUP);
+ statement.setString(1, NiFiUser.ANONYMOUS_USER_IDENTITY);
+ statement.setString(2, group);
+
+ // execute the query
+ rs = statement.executeQuery();
+
+ // create the user
+ NiFiUser user = null;
+
+ // go through the user and its roles
+ while (rs.next()) {
+ // get the user id for the current record
+ String userId = rs.getString("ID");
+
+ // create the user during the first iteration
+ if (user == null || !userId.equals(user.getId())) {
+ user = new NiFiUser();
+ user.setId(userId);
+ user.setIdentity(rs.getString("IDENTITY"));
+ user.setUserName(rs.getString("USER_NAME"));
+ user.setUserGroup(rs.getString("USER_GROUP"));
+ user.setJustification(rs.getString("JUSTIFICATION"));
+ user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
+
+ // set the creation date
+ user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
+
+ // get the last accessed date
+ if (rs.getTimestamp("LAST_ACCESSED") != null) {
+ user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
+ }
+
+ // get the last verified date
+ if (rs.getTimestamp("LAST_VERIFIED") != null) {
+ user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
+ }
+
+ // add the user
+ users.add(user);
+ }
+
+ // the select statement performs a left join since the desired
+ // user may not have any authorities
+ String authority = rs.getString("ROLE");
+ if (StringUtils.isNotBlank(authority)) {
+ user.getAuthorities().add(Authority.valueOfAuthority(authority));
+ }
+ }
+
+ return users;
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } finally {
+ RepositoryUtils.closeQuietly(rs);
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+
+ @Override
+ public NiFiUser findUserById(String id) throws DataAccessException {
+ PreparedStatement statement = null;
+ ResultSet rs = null;
+ try {
+ // create the connection and obtain a statement
+ statement = connection.prepareStatement(SELECT_USER_BY_ID);
+ statement.setString(1, id);
+
+ // execute the query
+ rs = statement.executeQuery();
+
+ // create the user
+ NiFiUser user = null;
+
+ // go through the user and its roles
+ while (rs.next()) {
+ // create the user during the first iteration
+ if (user == null) {
+ user = new NiFiUser();
+ user.setId(rs.getString("ID"));
+ user.setIdentity(rs.getString("IDENTITY"));
+ user.setUserName(rs.getString("USER_NAME"));
+ user.setUserGroup(rs.getString("USER_GROUP"));
+ user.setJustification(rs.getString("JUSTIFICATION"));
+ user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
+
+ // set the creation date
+ user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
+
+ // get the last accessed date
+ if (rs.getTimestamp("LAST_ACCESSED") != null) {
+ user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
+ }
+
+ // get the last verified date
+ if (rs.getTimestamp("LAST_VERIFIED") != null) {
+ user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
+ }
+ }
+
+ // the select statement performs a left join since the desired
+ // user may not have any authorities
+ String authority = rs.getString("ROLE");
+ if (StringUtils.isNotBlank(authority)) {
+ user.getAuthorities().add(Authority.valueOfAuthority(authority));
+ }
+ }
+
+ return user;
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } finally {
+ RepositoryUtils.closeQuietly(rs);
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+
+ @Override
+ public NiFiUser findUserByDn(String dn) throws DataAccessException {
+ PreparedStatement statement = null;
+ ResultSet rs = null;
+ try {
+ // create the connection and obtain a statement
+ statement = connection.prepareStatement(SELECT_USER_BY_USER);
+ statement.setString(1, dn);
+
+ // execute the query
+ rs = statement.executeQuery();
+
+ // create the user
+ NiFiUser user = null;
+
+ // go through the user and its roles
+ while (rs.next()) {
+ // create the user during the first iteration
+ if (user == null) {
+ user = new NiFiUser();
+ user.setId(rs.getString("ID"));
+ user.setIdentity(rs.getString("IDENTITY"));
+ user.setUserName(rs.getString("USER_NAME"));
+ user.setUserGroup(rs.getString("USER_GROUP"));
+ user.setJustification(rs.getString("JUSTIFICATION"));
+ user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
+
+ // set the creation date
+ user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
+
+ // get the last accessed date
+ if (rs.getTimestamp("LAST_ACCESSED") != null) {
+ user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
+ }
+
+ // get the last verified date
+ if (rs.getTimestamp("LAST_VERIFIED") != null) {
+ user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
+ }
+ }
+
+ // the select statement performs a left join since the desired
+ // user may not have any authorities
+ String authority = rs.getString("ROLE");
+ if (StringUtils.isNotBlank(authority)) {
+ user.getAuthorities().add(Authority.valueOfAuthority(authority));
+ }
+ }
+
+ return user;
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } finally {
+ RepositoryUtils.closeQuietly(rs);
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+
+ @Override
+ public NiFiUser createUser(NiFiUser user) throws DataAccessException {
+ if (user.getIdentity() == null) {
+ throw new IllegalArgumentException("User identity must be specified.");
+ }
+
+ // ensure the user identity is not too lengthy
+ if (user.getIdentity().length() > 4096) {
+ throw new IllegalArgumentException("User identity must be less than 4096 characters.");
+ }
+
+ PreparedStatement statement = null;
+ ResultSet rs = null;
+ try {
+ final String id = UUID.nameUUIDFromBytes(user.getIdentity().getBytes(StandardCharsets.UTF_8)).toString();
+
+ // create a statement
+ statement = connection.prepareStatement(INSERT_USER, Statement.RETURN_GENERATED_KEYS);
+ statement.setString(1, id);
+ statement.setString(2, StringUtils.left(user.getIdentity(), 4096));
+ statement.setString(3, StringUtils.left(user.getUserName(), 4096));
+ statement.setString(4, StringUtils.left(user.getUserGroup(), 100));
+ if (user.getLastVerified() != null) {
+ statement.setTimestamp(5, new java.sql.Timestamp(user.getLastVerified().getTime()));
+ } else {
+ statement.setTimestamp(5, null);
+ }
+ statement.setString(6, StringUtils.left(user.getJustification(), 500));
+ statement.setString(7, user.getStatus().toString());
+
+ // insert the user
+ int updateCount = statement.executeUpdate();
+ if (updateCount == 1) {
+ user.setId(id);
+ } else {
+ throw new DataAccessException("Unable to insert user.");
+ }
+
+ return user;
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } catch (DataAccessException dae) {
+ throw dae;
+ } finally {
+ RepositoryUtils.closeQuietly(rs);
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+
+ @Override
+ public void deleteUser(String id) throws DataAccessException {
+ // ensure there are some authorities to create
+ PreparedStatement statement = null;
+ try {
+ // add each authority for the specified user
+ statement = connection.prepareStatement(DELETE_USER);
+ statement.setString(1, id);
+
+ // insert the authorities
+ statement.executeUpdate();
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } catch (DataAccessException dae) {
+ throw dae;
+ } finally {
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+
+ @Override
+ public void updateUser(NiFiUser user) throws DataAccessException {
+ PreparedStatement statement = null;
+ try {
+ // create a statement
+ statement = connection.prepareStatement(UPDATE_USER);
+ statement.setString(1, StringUtils.left(user.getIdentity(), 4096));
+ statement.setString(2, StringUtils.left(user.getUserName(), 4096));
+ statement.setString(3, StringUtils.left(user.getUserGroup(), 100));
+ statement.setString(6, StringUtils.left(user.getJustification(), 500));
+ statement.setString(7, user.getStatus().toString());
+ statement.setString(8, user.getId());
+
+ // set the last accessed time accordingly
+ if (user.getLastAccessed() == null) {
+ statement.setNull(4, Types.TIMESTAMP);
+ } else {
+ statement.setTimestamp(4, new java.sql.Timestamp(user.getLastAccessed().getTime()));
+ }
+
+ // set the last verified time accordingly
+ if (user.getLastVerified() == null) {
+ statement.setNull(5, Types.TIMESTAMP);
+ } else {
+ statement.setTimestamp(5, new java.sql.Timestamp(user.getLastVerified().getTime()));
+ }
+
+ // perform the update
+ int updateCount = statement.executeUpdate();
+ if (updateCount != 1) {
+ throw new DataAccessException("Unable to update user.");
+ }
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } catch (DataAccessException dae) {
+ throw dae;
+ } finally {
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+
+ @Override
+ public void updateGroupStatus(String group, AccountStatus status) throws DataAccessException {
+ PreparedStatement statement = null;
+ try {
+ // create a statement
+ statement = connection.prepareStatement(UPDATE_USER_GROUP_STATUS);
+ statement.setString(1, status.toString());
+ statement.setString(2, group);
+
+ // perform the update
+ statement.executeUpdate();
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } catch (DataAccessException dae) {
+ throw dae;
+ } finally {
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+
+ @Override
+ public void updateGroupVerification(String group, Date lastVerified) throws DataAccessException {
+ PreparedStatement statement = null;
+ try {
+ // create a statement
+ statement = connection.prepareStatement(UPDATE_USER_GROUP_VERIFICATION);
+
+ // set the last verified time accordingly
+ if (lastVerified == null) {
+ statement.setNull(1, Types.TIMESTAMP);
+ } else {
+ statement.setTimestamp(1, new java.sql.Timestamp(lastVerified.getTime()));
+ }
+
+ // set the group
+ statement.setString(2, group);
+
+ // perform the update
+ statement.executeUpdate();
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } catch (DataAccessException dae) {
+ throw dae;
+ } finally {
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+
+ @Override
+ public void ungroup(String group) throws DataAccessException {
+ PreparedStatement statement = null;
+ try {
+ // create a statement
+ statement = connection.prepareStatement(UNGROUP_GROUP);
+ statement.setString(1, group);
+
+ // perform the update
+ statement.executeUpdate();
+ } catch (SQLException sqle) {
+ throw new DataAccessException(sqle);
+ } catch (DataAccessException dae) {
+ throw dae;
+ } finally {
+ RepositoryUtils.closeQuietly(statement);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java
new file mode 100644
index 0000000..e8b3d10
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.service;
+
+/**
+ * Exception to indicate that the user account is disabled.
+ */
+public class AccountDisabledException extends RuntimeException {
+
+ public AccountDisabledException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
+ super(message, cause, enableSuppression, writableStackTrace);
+ }
+
+ public AccountDisabledException(Throwable cause) {
+ super(cause);
+ }
+
+ public AccountDisabledException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public AccountDisabledException(String message) {
+ super(message);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java
new file mode 100644
index 0000000..dacc483
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java
@@ -0,0 +1,41 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.service;
+
+/**
+ * Exception to indicate that the user has already submitting an account request
+ * and that request is still pending.
+ */
+public class AccountPendingException extends RuntimeException {
+
+ public AccountPendingException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
+ super(message, cause, enableSuppression, writableStackTrace);
+ }
+
+ public AccountPendingException(Throwable cause) {
+ super(cause);
+ }
+
+ public AccountPendingException(String message, Throwable cause) {
+ super(message, cause);
+ }
+
+ public AccountPendingException(String message) {
+ super(message);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java
index 3759b14..4ea71af 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java
@@ -16,14 +16,145 @@
*/
package org.apache.nifi.admin.service;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import org.apache.nifi.authorization.Authority;
+import org.apache.nifi.authorization.DownloadAuthorization;
import org.apache.nifi.key.Key;
+import org.apache.nifi.user.NiFiUser;
+import org.apache.nifi.user.NiFiUserGroup;
/**
- * Manages NiFi user keys.
+ * Manages NiFi user accounts.
*/
public interface UserService {
/**
+ * Creates a new user account using the specified dn and justification.
+ *
+ * @param dn user dn
+ * @param justification why the account is necessary
+ * @return the created NiFiUser
+ */
+ NiFiUser createPendingUserAccount(String dn, String justification);
+
+ /**
+ * @return Determines if there are any PENDING user accounts present
+ */
+ Boolean hasPendingUserAccount();
+
+ /**
+ * @param dnChain user dn chain
+ * @param attributes attributes for authorization request
+ * @return Determines if the users in the dnChain are authorized to download content with the specified attributes
+ */
+ DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes);
+
+ /**
+ * Updates a user group using the specified group comprised of the specified users. Returns all the users that are currently in the specified group.
+ *
+ * @param group group
+ * @param userIds users
+ * @param authorities auths
+ * @return a user group
+ */
+ NiFiUserGroup updateGroup(String group, Set<String> userIds, Set<Authority> authorities);
+
+ /**
+ * Authorizes the user specified.
+ *
+ * @param dn user dn
+ * @return the user for the given dn if found
+ */
+ NiFiUser checkAuthorization(String dn);
+
+ /**
+ * Deletes the user with the specified id.
+ *
+ * @param id user identifier
+ */
+ void deleteUser(String id);
+
+ /**
+ * Disables the specified users account.
+ *
+ * @param id user identifier
+ * @return user for the given identifier
+ */
+ NiFiUser disable(String id);
+
+ /**
+ * Disables the specified user group.
+ *
+ * @param group to disable
+ * @return user group
+ */
+ NiFiUserGroup disableGroup(String group);
+
+ /**
+ * Updates the specified user with the specified authorities.
+ *
+ * @param id identifier of user
+ * @param authorities auths to set
+ * @return the updated user
+ */
+ NiFiUser update(String id, Set<Authority> authorities);
+
+ /**
+ * Invalidates the specified user account.
+ *
+ * @param id identifier of user account to invalidate
+ */
+ void invalidateUserAccount(String id);
+
+ /**
+ * Invalidates the user accounts associated with the specified user group.
+ *
+ * @param group to invalidate user accounts on
+ */
+ void invalidateUserGroupAccount(String group);
+
+ /**
+ * Ungroups the specified group.
+ *
+ * @param group to split up
+ */
+ void ungroup(String group);
+
+ /**
+ * Ungroups the specified user.
+ *
+ * @param id user to ungroup
+ */
+ void ungroupUser(String id);
+
+ /**
+ * Returns a collection of all NiFiUsers.
+ *
+ * @return Collection of users
+ */
+ Collection<NiFiUser> getUsers();
+
+ /**
+ * Finds the specified user by id.
+ *
+ * @param id of the user
+ * @return the user object
+ */
+ NiFiUser getUserById(String id);
+
+ /**
+ * Finds the specified user by dn.
+ *
+ * @param dn the user dn
+ * @return the newly created user
+ * @throws AdministrationException ae
+ */
+ NiFiUser getUserByDn(String dn);
+
+ /**
* Gets a key for the specified user identity. Returns null if the user has not had a key issued
*
* @param id The key id
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java
new file mode 100644
index 0000000..69c6c1f
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java
@@ -0,0 +1,97 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.service.action;
+
+import java.util.Date;
+import java.util.EnumSet;
+import java.util.Set;
+import org.apache.nifi.authorization.Authority;
+import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.user.AccountStatus;
+import org.apache.nifi.user.NiFiUser;
+
+/**
+ *
+ * @param <T> type of user action
+ */
+public abstract class AbstractUserAction<T> implements AdministrationAction<T> {
+
+ /**
+ * Determines the authorities that need to be added to the specified user.
+ *
+ * @param user user
+ * @param authorities auths
+ * @return authorities to add
+ */
+ protected Set<Authority> determineAuthoritiesToAdd(NiFiUser user, Set<Authority> authorities) {
+ // not using copyOf since authorities may be empty and copyOf can throw an IllegalArgumentException when empty
+ Set<Authority> authoritiesToAdd = EnumSet.noneOf(Authority.class);
+ authoritiesToAdd.addAll(authorities);
+
+ // identify the authorities that need to be inserted
+ authoritiesToAdd.removeAll(user.getAuthorities());
+
+ // return the desired authorities
+ return authoritiesToAdd;
+ }
+
+ /**
+ * Determines the authorities that need to be removed from the specified
+ * user.
+ *
+ * @param user user
+ * @param authorities auths
+ * @return auths to remove
+ */
+ protected Set<Authority> determineAuthoritiesToRemove(NiFiUser user, Set<Authority> authorities) {
+ Set<Authority> authoritiesToRemove = EnumSet.copyOf(user.getAuthorities());
+
+ // identify the authorities that need to be removed
+ authoritiesToRemove.removeAll(authorities);
+
+ // return the desired authorities
+ return authoritiesToRemove;
+ }
+
+ /**
+ * Verifies the specified users account. Includes obtaining the authorities
+ * and group according to the specified authority provider.
+ *
+ * @param authorityProvider provider
+ * @param user user to verify
+ */
+ protected void verifyAccount(AuthorityProvider authorityProvider, NiFiUser user) {
+ // load the roles for the user
+ Set<Authority> authorities = authorityProvider.getAuthorities(user.getIdentity());
+
+ // update the user's authorities
+ user.getAuthorities().clear();
+ user.getAuthorities().addAll(authorities);
+
+ // get the user group
+ user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity()));
+
+ // update the users status in case they were previously pending or disabled
+ user.setStatus(AccountStatus.ACTIVE);
+
+ // update the users last verified time - this timestampt shouldn't be record
+ // until the both the user's authorities and group have been synced
+ Date now = new Date();
+ user.setLastVerified(now);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
index 937603e..db1d8a2 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
@@ -19,6 +19,7 @@ package org.apache.nifi.admin.service.action;
import org.apache.nifi.action.Action;
import org.apache.nifi.admin.dao.ActionDAO;
import org.apache.nifi.admin.dao.DAOFactory;
+import org.apache.nifi.authorization.AuthorityProvider;
import java.util.Collection;
@@ -34,7 +35,7 @@ public class AddActionsAction implements AdministrationAction<Void> {
}
@Override
- public Void execute(DAOFactory daoFactory) {
+ public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
ActionDAO actionDao = daoFactory.getActionDAO();
// add each action
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
index 141aa84..f1795a9 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
@@ -17,6 +17,7 @@
package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
+import org.apache.nifi.authorization.AuthorityProvider;
/**
* Defines the administration action. Actions are provided a DAO factory and
@@ -30,7 +31,8 @@ public interface AdministrationAction<T> {
* Performs an action using the specified DAOFactory and AuthorityProvider.
*
* @param daoFactory factory
+ * @param authorityProvider provider
* @return action result
*/
- T execute(DAOFactory daoFactory);
+ T execute(DAOFactory daoFactory, AuthorityProvider authorityProvider);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java
new file mode 100644
index 0000000..d1b994c
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java
@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.service.action;
+
+import java.util.List;
+import java.util.Map;
+import org.apache.nifi.admin.dao.DAOFactory;
+import org.apache.nifi.admin.service.AccountNotFoundException;
+import org.apache.nifi.admin.service.AdministrationException;
+import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.authorization.DownloadAuthorization;
+import org.apache.nifi.authorization.exception.AuthorityAccessException;
+import org.apache.nifi.authorization.exception.UnknownIdentityException;
+
+/**
+ * Attempts to obtain authorization to download the content with the specified
+ * attributes for the specified user.
+ */
+public class AuthorizeDownloadAction implements AdministrationAction<DownloadAuthorization> {
+
+ private final List<String> dnChain;
+ private final Map<String, String> attributes;
+
+ public AuthorizeDownloadAction(List<String> dnChain, Map<String, String> attributes) {
+ this.dnChain = dnChain;
+ this.attributes = attributes;
+ }
+
+ @Override
+ public DownloadAuthorization execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ try {
+ return authorityProvider.authorizeDownload(dnChain, attributes);
+ } catch (UnknownIdentityException uie) {
+ throw new AccountNotFoundException(uie.getMessage(), uie);
+ } catch (AuthorityAccessException aae) {
+ throw new AdministrationException(aae.getMessage(), aae);
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java
new file mode 100644
index 0000000..ed4dfa1
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java
@@ -0,0 +1,173 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.service.action;
+
+import java.util.Calendar;
+import java.util.Date;
+import org.apache.nifi.admin.dao.DAOFactory;
+import org.apache.nifi.admin.dao.DataAccessException;
+import org.apache.nifi.admin.dao.UserDAO;
+import org.apache.nifi.admin.service.AccountDisabledException;
+import org.apache.nifi.admin.service.AccountNotFoundException;
+import org.apache.nifi.admin.service.AccountPendingException;
+import org.apache.nifi.admin.service.AdministrationException;
+import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.authorization.exception.AuthorityAccessException;
+import org.apache.nifi.authorization.exception.UnknownIdentityException;
+import org.apache.nifi.security.util.CertificateUtils;
+import org.apache.nifi.user.AccountStatus;
+import org.apache.nifi.user.NiFiUser;
+
+/**
+ *
+ */
+public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
+
+ private final String identity;
+ private final int cacheDurationSeconds;
+
+ public AuthorizeUserAction(String identity, int cacheDurationSeconds) {
+ this.identity = identity;
+ this.cacheDurationSeconds = cacheDurationSeconds;
+ }
+
+ @Override
+ public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
+ UserDAO userDao = daoFactory.getUserDAO();
+
+ // get the user
+ NiFiUser user = userDao.findUserByDn(identity);
+
+ // verify the user was found
+ if (user == null) {
+ // determine whether this users exists
+ boolean doesDnExist = false;
+ try {
+ doesDnExist = authorityProvider.doesDnExist(identity);
+ } catch (AuthorityAccessException aae) {
+ throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
+ }
+
+ // if the authority provider has the details for this user, create the account
+ if (doesDnExist) {
+ // create the user
+ user = new NiFiUser();
+ user.setIdentity(identity);
+ user.setUserName(CertificateUtils.extractUsername(identity));
+ user.setJustification("User details specified by authority provider.");
+
+ try {
+ // verify the users account
+ verifyAccount(authorityProvider, user);
+
+ // get the date used for verification
+ Date now = user.getLastVerified();
+
+ // update the last accessed field
+ user.setLastAccessed(now);
+ user.setCreation(now);
+
+ // create the new user account
+ CreateUserAction createUser = new CreateUserAction(user);
+ createUser.execute(daoFactory, authorityProvider);
+ } catch (UnknownIdentityException uie) {
+ // strange since the provider just reported this dn existed but handleing anyways...
+ throw new AccountNotFoundException(String.format("Unable to verify access for %s.", identity));
+ } catch (AuthorityAccessException aae) {
+ throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
+ }
+ } else {
+ throw new AccountNotFoundException(String.format("Unable to verify access for %s.", identity));
+ }
+ } else {
+ Throwable providerError = null;
+
+ // verify the users account if necessary
+ if (isAccountVerificationRequired(user)) {
+ try {
+ // verify the users account
+ verifyAccount(authorityProvider, user);
+
+ // update the last accessed field
+ user.setLastAccessed(user.getLastVerified());
+ } catch (UnknownIdentityException uie) {
+ // check the account status before attempting to update the account - depending on the account
+ // status we might not need to update the account
+ checkAccountStatus(user);
+
+ // the user is currently active and they were not found in the providers - disable the account...
+ user.setStatus(AccountStatus.DISABLED);
+
+ // record the exception
+ providerError = uie;
+ } catch (AuthorityAccessException aae) {
+ throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
+ }
+ } else {
+ // verfiy the users account status before allowing access.
+ checkAccountStatus(user);
+
+ // update the users last accessed time
+ user.setLastAccessed(new Date());
+ }
+
+ // persist the user's updates
+ UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user);
+ updateUser.execute(daoFactory, authorityProvider);
+
+ // persist the user's authorities
+ UpdateUserAuthoritiesCacheAction updateUserAuthorities = new UpdateUserAuthoritiesCacheAction(user);
+ updateUserAuthorities.execute(daoFactory, authorityProvider);
+
+ if (providerError != null) {
+ throw new AccountDisabledException(String.format("User credentials for %s were not found. This account has been disabled.", user.getIdentity()), providerError);
+ }
+ }
+
+ return user;
+ }
+
+ /**
+ * @return Determines if account verification is required
+ */
+ private boolean isAccountVerificationRequired(NiFiUser user) {
+ // accounts that have never been verified obviously needs to be re-verified
+ if (user.getLastVerified() == null) {
+ return true;
+ }
+
+ // create a calendar and substract the threshold - anything
+ // before this time will need to be re-verified
+ Calendar calendar = Calendar.getInstance();
+ calendar.add(Calendar.SECOND, -cacheDurationSeconds);
+
+ return user.getLastVerified().before(calendar.getTime());
+ }
+
+ /**
+ * Checks the account status of the specified user.
+ *
+ * @param user to check
+ */
+ private void checkAccountStatus(NiFiUser user) {
+ if (AccountStatus.DISABLED.equals(user.getStatus())) {
+ throw new AccountDisabledException(String.format("The account for %s has been disabled.", user.getIdentity()));
+ } else if (AccountStatus.PENDING.equals(user.getStatus())) {
+ throw new AccountPendingException(String.format("The account for %s is currently pending approval.", user.getIdentity()));
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/CreateUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/CreateUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/CreateUserAction.java
new file mode 100644
index 0000000..3833abb
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/CreateUserAction.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.service.action;
+
+import java.util.Set;
+import org.apache.nifi.admin.dao.AuthorityDAO;
+import org.apache.nifi.admin.dao.DAOFactory;
+import org.apache.nifi.admin.dao.DataAccessException;
+import org.apache.nifi.admin.dao.UserDAO;
+import org.apache.nifi.authorization.Authority;
+import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.user.NiFiUser;
+
+/**
+ * Action for creating a NiFiUser account.
+ */
+public class CreateUserAction extends AbstractUserAction<Void> {
+
+ private final NiFiUser user;
+
+ public CreateUserAction(NiFiUser user) {
+ this.user = user;
+ }
+
+ @Override
+ public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
+ UserDAO userDao = daoFactory.getUserDAO();
+ AuthorityDAO authorityDao = daoFactory.getAuthorityDAO();
+
+ // create the user entry
+ userDao.createUser(user);
+
+ // create the authorities
+ Set<Authority> authorities = user.getAuthorities();
+ authorityDao.createAuthorities(authorities, user.getId());
+
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java
index 6b8a2d5..cd13fa5 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java
@@ -19,6 +19,7 @@ package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
import org.apache.nifi.admin.dao.DataAccessException;
import org.apache.nifi.admin.dao.KeyDAO;
+import org.apache.nifi.authorization.AuthorityProvider;
/**
*
@@ -37,7 +38,7 @@ public class DeleteKeysAction implements AdministrationAction<Void> {
}
@Override
- public Void execute(DAOFactory daoFactory) throws DataAccessException {
+ public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
final KeyDAO keyDao = daoFactory.getKeyDAO();
keyDao.deleteKeys(identity);
return null;
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteUserAction.java
new file mode 100644
index 0000000..c2695d0
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteUserAction.java
@@ -0,0 +1,73 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.service.action;
+
+import org.apache.nifi.admin.dao.AuthorityDAO;
+import org.apache.nifi.admin.dao.DAOFactory;
+import org.apache.nifi.admin.dao.DataAccessException;
+import org.apache.nifi.admin.dao.KeyDAO;
+import org.apache.nifi.admin.dao.UserDAO;
+import org.apache.nifi.admin.service.AccountNotFoundException;
+import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.user.AccountStatus;
+import org.apache.nifi.user.NiFiUser;
+
+/**
+ *
+ */
+public class DeleteUserAction implements AdministrationAction<Void> {
+
+ private final String userId;
+
+ /**
+ * Creates a new transactions for deleting the specified user.
+ *
+ * @param userId user identifier
+ */
+ public DeleteUserAction(String userId) {
+ this.userId = userId;
+ }
+
+ @Override
+ public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
+ final AuthorityDAO authorityDAO = daoFactory.getAuthorityDAO();
+ final UserDAO userDAO = daoFactory.getUserDAO();
+
+ // find the user and ensure they are currently revoked
+ final NiFiUser user = userDAO.findUserById(userId);
+
+ // ensure the user was found
+ if (user == null) {
+ throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", userId));
+ }
+
+ // ensure the user is in the appropriate state
+ if (AccountStatus.ACTIVE.equals(user.getStatus())) {
+ throw new IllegalStateException(String.format("An active user cannot be removed. Revoke user access before attempting to remove."));
+ }
+
+ // remove the user's keys
+ final KeyDAO keyDao = daoFactory.getKeyDAO();
+ keyDao.deleteKeys(user.getIdentity());
+
+ // remove the user and their authorities
+ authorityDAO.deleteAuthorities(userId);
+ userDAO.deleteUser(userId);
+
+ return null;
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java
new file mode 100644
index 0000000..bf7eae3
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.service.action;
+
+import org.apache.nifi.admin.dao.DAOFactory;
+import org.apache.nifi.admin.dao.DataAccessException;
+import org.apache.nifi.admin.dao.KeyDAO;
+import org.apache.nifi.admin.dao.UserDAO;
+import org.apache.nifi.admin.service.AccountNotFoundException;
+import org.apache.nifi.admin.service.AdministrationException;
+import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.authorization.exception.AuthorityAccessException;
+import org.apache.nifi.authorization.exception.UnknownIdentityException;
+import org.apache.nifi.user.AccountStatus;
+import org.apache.nifi.user.NiFiUser;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ *
+ */
+public class DisableUserAction implements AdministrationAction<NiFiUser> {
+
+ private static final Logger logger = LoggerFactory.getLogger(DisableUserAction.class);
+
+ private final String id;
+
+ public DisableUserAction(String id) {
+ this.id = id;
+ }
+
+ @Override
+ public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
+ UserDAO userDao = daoFactory.getUserDAO();
+
+ // get the user
+ NiFiUser user = userDao.findUserById(id);
+
+ // ensure the user exists
+ if (user == null) {
+ throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", id));
+ }
+
+ // update the account
+ user.setStatus(AccountStatus.DISABLED);
+ user.setUserGroup(null);
+
+ // update the user locally
+ userDao.updateUser(user);
+
+ // remove the user's keys
+ KeyDAO keyDao = daoFactory.getKeyDAO();
+ keyDao.deleteKeys(user.getIdentity());
+
+ try {
+ // revoke the user in the authority provider
+ authorityProvider.revokeUser(user.getIdentity());
+ } catch (UnknownIdentityException uie) {
+ // user identity is not known
+ logger.info(String.format("User %s has already been removed from the authority provider.", user.getIdentity()));
+ } catch (AuthorityAccessException aae) {
+ throw new AdministrationException(String.format("Unable to revoke user '%s': %s", user.getIdentity(), aae.getMessage()), aae);
+ }
+
+ return user;
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserGroupAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserGroupAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserGroupAction.java
new file mode 100644
index 0000000..c6480ed
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserGroupAction.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.service.action;
+
+import java.util.Set;
+import org.apache.nifi.admin.dao.DAOFactory;
+import org.apache.nifi.admin.dao.DataAccessException;
+import org.apache.nifi.admin.dao.KeyDAO;
+import org.apache.nifi.admin.dao.UserDAO;
+import org.apache.nifi.admin.service.AdministrationException;
+import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.authorization.exception.AuthorityAccessException;
+import org.apache.nifi.authorization.exception.UnknownIdentityException;
+import org.apache.nifi.user.AccountStatus;
+import org.apache.nifi.user.NiFiUser;
+import org.apache.nifi.user.NiFiUserGroup;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ *
+ */
+public class DisableUserGroupAction implements AdministrationAction<NiFiUserGroup> {
+
+ private static final Logger logger = LoggerFactory.getLogger(DisableUserGroupAction.class);
+
+ private final String group;
+
+ public DisableUserGroupAction(final String group) {
+ this.group = group;
+ }
+
+ @Override
+ public NiFiUserGroup execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
+ final UserDAO userDao = daoFactory.getUserDAO();
+ final Set<NiFiUser> users = userDao.findUsersForGroup(group);
+
+ // delete the keys for each user
+ final KeyDAO keyDao = daoFactory.getKeyDAO();
+ for (final NiFiUser user : users) {
+ keyDao.deleteKeys(user.getIdentity());
+ }
+
+ // update the user group locally
+ userDao.updateGroupStatus(group, AccountStatus.DISABLED);
+
+ // populate the group details
+ final NiFiUserGroup userGroup = new NiFiUserGroup();
+ userGroup.setGroup(group);
+ userGroup.setUsers(userDao.findUsersForGroup(group));
+
+ try {
+ // revoke the user in the authority provider
+ authorityProvider.revokeGroup(group);
+ } catch (UnknownIdentityException uie) {
+ // user identity is not known
+ logger.info(String.format("User group %s has already been removed from the authority provider.", group));
+ } catch (AuthorityAccessException aae) {
+ throw new AdministrationException(String.format("Unable to revoke user group '%s': %s", group, aae.getMessage()), aae);
+ }
+
+ return userGroup;
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByDnAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByDnAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByDnAction.java
new file mode 100644
index 0000000..8e5b574
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByDnAction.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.service.action;
+
+import org.apache.nifi.admin.dao.DAOFactory;
+import org.apache.nifi.admin.dao.DataAccessException;
+import org.apache.nifi.admin.dao.UserDAO;
+import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.user.NiFiUser;
+
+/**
+ *
+ */
+public class FindUserByDnAction implements AdministrationAction<NiFiUser> {
+
+ private final String dn;
+
+ /**
+ * Creates a new transactions for getting a user with the specified DN.
+ *
+ * @param dn The DN of the user to obtain
+ */
+ public FindUserByDnAction(String dn) {
+ this.dn = dn;
+ }
+
+ @Override
+ public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
+ // get a UserDAO
+ UserDAO userDAO = daoFactory.getUserDAO();
+
+ // return the desired user
+ return userDAO.findUserByDn(dn);
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByIdAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByIdAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByIdAction.java
new file mode 100644
index 0000000..0a10841
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByIdAction.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.service.action;
+
+import org.apache.nifi.admin.dao.DAOFactory;
+import org.apache.nifi.admin.dao.DataAccessException;
+import org.apache.nifi.admin.dao.UserDAO;
+import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.user.NiFiUser;
+
+public class FindUserByIdAction implements AdministrationAction<NiFiUser> {
+
+ private final String id;
+
+ /**
+ * Creates a new transactions for getting a user with the specified id.
+ *
+ * @param id of user
+ */
+ public FindUserByIdAction(String id) {
+ this.id = id;
+ }
+
+ @Override
+ public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
+ // get a UserDAO
+ UserDAO userDAO = daoFactory.getUserDAO();
+
+ // return the desired user
+ return userDAO.findUserById(id);
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java
index 28bfe22..1dc5588 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java
@@ -19,6 +19,7 @@ package org.apache.nifi.admin.service.action;
import org.apache.nifi.action.Action;
import org.apache.nifi.admin.dao.ActionDAO;
import org.apache.nifi.admin.dao.DAOFactory;
+import org.apache.nifi.authorization.AuthorityProvider;
/**
* Gets the action with the specified id.
@@ -32,7 +33,7 @@ public class GetActionAction implements AdministrationAction<Action> {
}
@Override
- public Action execute(DAOFactory daoFactory) {
+ public Action execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
ActionDAO actionDao = daoFactory.getActionDAO();
return actionDao.getAction(id);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java
index f975393..3b82d79 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java
@@ -16,13 +16,13 @@
*/
package org.apache.nifi.admin.service.action;
+import java.util.Date;
import org.apache.nifi.admin.dao.ActionDAO;
import org.apache.nifi.admin.dao.DAOFactory;
+import org.apache.nifi.authorization.AuthorityProvider;
import org.apache.nifi.history.History;
import org.apache.nifi.history.HistoryQuery;
-import java.util.Date;
-
/**
* Get all actions that match the specified query.
*/
@@ -35,7 +35,7 @@ public class GetActionsAction implements AdministrationAction<History> {
}
@Override
- public History execute(DAOFactory daoFactory) {
+ public History execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
ActionDAO actionDao = daoFactory.getActionDAO();
// find all matching history
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java
index 7ef2272..8763b9d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java
@@ -17,6 +17,8 @@
package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
+import org.apache.nifi.authorization.AuthorityProvider;
+
import org.apache.nifi.admin.dao.KeyDAO;
import org.apache.nifi.key.Key;
@@ -32,7 +34,7 @@ public class GetKeyByIdAction implements AdministrationAction<Key> {
}
@Override
- public Key execute(DAOFactory daoFactory) {
+ public Key execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
final KeyDAO keyDao = daoFactory.getKeyDAO();
return keyDao.findKeyById(id);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/3f4ac315/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java
index 3dd3794..9bcb0b3 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java
@@ -17,6 +17,8 @@
package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
+import org.apache.nifi.authorization.AuthorityProvider;
+
import org.apache.nifi.admin.dao.KeyDAO;
import org.apache.nifi.key.Key;
@@ -32,7 +34,7 @@ public class GetKeyByIdentityAction implements AdministrationAction<Key> {
}
@Override
- public Key execute(DAOFactory daoFactory) {
+ public Key execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
final KeyDAO keyDao = daoFactory.getKeyDAO();
return keyDao.findLatestKeyByIdentity(identity);
}