You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2014/12/23 15:35:02 UTC
[5/7] incubator-nifi git commit: NIFI-65: - Calling the userService
to verify the user has authorization to download content.
NIFI-65:
- Calling the userService to verify the user has authorization to download content.
Project: http://git-wip-us.apache.org/repos/asf/incubator-nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-nifi/commit/2fed1388
Tree: http://git-wip-us.apache.org/repos/asf/incubator-nifi/tree/2fed1388
Diff: http://git-wip-us.apache.org/repos/asf/incubator-nifi/diff/2fed1388
Branch: refs/heads/NIFI-65
Commit: 2fed138888fbc4d4ae4c93f13c9f9cf81dfcae92
Parents: e1ffbdf
Author: Matt Gilman <ma...@gmail.com>
Authored: Tue Dec 23 09:32:54 2014 -0500
Committer: Matt Gilman <ma...@gmail.com>
Committed: Tue Dec 23 09:32:54 2014 -0500
----------------------------------------------------------------------
.../nifi/web/controller/ControllerFacade.java | 31 ++++++++++++++++++++
.../src/main/resources/nifi-web-api-context.xml | 1 +
2 files changed, 32 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/2fed1388/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
----------------------------------------------------------------------
diff --git a/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java b/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
index 2c2d4dc..99440bc 100644
--- a/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
+++ b/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
@@ -26,6 +26,7 @@ import java.util.Comparator;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
+import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
@@ -111,8 +112,11 @@ import org.apache.nifi.web.util.DownloadableContent;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.admin.service.UserService;
+import org.apache.nifi.authorization.DownloadAuthorization;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.security.access.AccessDeniedException;
/**
*
@@ -124,6 +128,7 @@ public class ControllerFacade implements ControllerServiceProvider {
// nifi components
private FlowController flowController;
private FlowService flowService;
+ private UserService userService;
// properties
private NiFiProperties properties;
@@ -787,6 +792,28 @@ public class ControllerFacade implements ControllerServiceProvider {
throw new ResourceNotFoundException("Unable to find the specified event.");
}
+ // get the flowfile attributes
+ final Map<String, String> attributes = event.getAttributes();
+
+ // calculate the dn chain
+ final LinkedList<String> dnChain = new LinkedList<>();
+
+ // build the dn chain
+ NiFiUser chainedUser = user;
+ do {
+ // add the entry for this user
+ dnChain.push(chainedUser.getDn());
+
+ // go to the next user in the chain
+ chainedUser = chainedUser.getChain();
+ } while (chainedUser != null);
+
+ // ensure the users in this chain are allowed to download this content
+ final DownloadAuthorization downloadAuthorization = userService.authorizeDownload(dnChain, attributes);
+ if (!downloadAuthorization.isApproved()) {
+ throw new AccessDeniedException(downloadAuthorization.getExplanation());
+ }
+
// get the filename and fall back to the idnetifier (should never happen)
String filename = event.getAttributes().get(CoreAttributes.FILENAME.key());
if (filename == null) {
@@ -1329,6 +1356,10 @@ public class ControllerFacade implements ControllerServiceProvider {
this.properties = properties;
}
+ public void setUserService(UserService userService) {
+ this.userService = userService;
+ }
+
public void setFlowService(FlowService flowService) {
this.flowService = flowService;
}
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/2fed1388/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
----------------------------------------------------------------------
diff --git a/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/resources/nifi-web-api-context.xml b/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
index 484ceff..39677ca 100644
--- a/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
+++ b/nar-bundles/framework-bundle/framework/web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
@@ -80,6 +80,7 @@
<property name="properties" ref="nifiProperties"/>
<property name="flowController" ref="flowController"/>
<property name="flowService" ref="flowService"/>
+ <property name="userService" ref="userService"/>
<property name="dtoFactory" ref="dtoFactory"/>
</bean>
<bean id="serviceFacade" class="org.apache.nifi.web.StandardNiFiServiceFacade">