You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by bb...@apache.org on 2017/06/09 17:55:16 UTC
[09/11] nifi git commit: NIFI-3653: - Introducing UserGroup and
Policy provider interfaces. - Introducing FileUserGroupProvider and
FileAccessPolicyProvider. - Refactoring FileAuthorizer to utilize the file
based implementations. - Introducing the Standa
http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/java/org/apache/nifi/authorization/UserGroupProviderFactory.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/java/org/apache/nifi/authorization/UserGroupProviderFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/java/org/apache/nifi/authorization/UserGroupProviderFactory.java
new file mode 100644
index 0000000..caa265f
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/java/org/apache/nifi/authorization/UserGroupProviderFactory.java
@@ -0,0 +1,228 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authorization;
+
+import org.apache.nifi.authorization.exception.AuthorizationAccessException;
+import org.apache.nifi.authorization.exception.AuthorizerCreationException;
+import org.apache.nifi.authorization.exception.AuthorizerDestructionException;
+import org.apache.nifi.authorization.exception.UninheritableAuthorizationsException;
+import org.apache.nifi.nar.NarCloseable;
+
+import java.util.Set;
+
+public final class UserGroupProviderFactory {
+
+ public static UserGroupProvider withNarLoader(final UserGroupProvider baseUserGroupProvider) {
+ if (baseUserGroupProvider instanceof ConfigurableUserGroupProvider) {
+ final ConfigurableUserGroupProvider baseConfigurableUserGroupProvider = (ConfigurableUserGroupProvider) baseUserGroupProvider;
+ return new ConfigurableUserGroupProvider() {
+ @Override
+ public User addUser(User user) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseConfigurableUserGroupProvider.addUser(user);
+ }
+ }
+
+ @Override
+ public User updateUser(User user) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseConfigurableUserGroupProvider.updateUser(user);
+ }
+ }
+
+ @Override
+ public User deleteUser(User user) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseConfigurableUserGroupProvider.deleteUser(user);
+ }
+ }
+
+ @Override
+ public Group addGroup(Group group) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseConfigurableUserGroupProvider.addGroup(group);
+ }
+ }
+
+ @Override
+ public Group updateGroup(Group group) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseConfigurableUserGroupProvider.updateGroup(group);
+ }
+ }
+
+ @Override
+ public Group deleteGroup(Group group) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseConfigurableUserGroupProvider.deleteGroup(group);
+ }
+ }
+
+ @Override
+ public Set<User> getUsers() throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseConfigurableUserGroupProvider.getUsers();
+ }
+ }
+
+ @Override
+ public User getUser(String identifier) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseConfigurableUserGroupProvider.getUser(identifier);
+ }
+ }
+
+ @Override
+ public User getUserByIdentity(String identity) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseConfigurableUserGroupProvider.getUserByIdentity(identity);
+ }
+ }
+
+ @Override
+ public Set<Group> getGroups() throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseConfigurableUserGroupProvider.getGroups();
+ }
+ }
+
+ @Override
+ public Group getGroup(String identifier) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseConfigurableUserGroupProvider.getGroup(identifier);
+ }
+ }
+
+ @Override
+ public UserAndGroups getUserAndGroups(String identity) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseConfigurableUserGroupProvider.getUserAndGroups(identity);
+ }
+ }
+
+ @Override
+ public void inheritFingerprint(String fingerprint) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ baseConfigurableUserGroupProvider.inheritFingerprint(fingerprint);
+ }
+ }
+
+ @Override
+ public void checkInheritability(String proposedFingerprint) throws AuthorizationAccessException, UninheritableAuthorizationsException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ baseConfigurableUserGroupProvider.checkInheritability(proposedFingerprint);
+ }
+ }
+
+ @Override
+ public String getFingerprint() throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseConfigurableUserGroupProvider.getFingerprint();
+ }
+ }
+
+ @Override
+ public void initialize(UserGroupProviderInitializationContext initializationContext) throws AuthorizerCreationException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ baseConfigurableUserGroupProvider.initialize(initializationContext);
+ }
+ }
+
+ @Override
+ public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ baseConfigurableUserGroupProvider.onConfigured(configurationContext);
+ }
+ }
+
+ @Override
+ public void preDestruction() throws AuthorizerDestructionException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ baseConfigurableUserGroupProvider.preDestruction();
+ }
+ }
+ };
+ } else {
+ return new UserGroupProvider() {
+ @Override
+ public Set<User> getUsers() throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseUserGroupProvider.getUsers();
+ }
+ }
+
+ @Override
+ public User getUser(String identifier) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseUserGroupProvider.getUser(identifier);
+ }
+ }
+
+ @Override
+ public User getUserByIdentity(String identity) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseUserGroupProvider.getUserByIdentity(identity);
+ }
+ }
+
+ @Override
+ public Set<Group> getGroups() throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseUserGroupProvider.getGroups();
+ }
+ }
+
+ @Override
+ public Group getGroup(String identifier) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseUserGroupProvider.getGroup(identifier);
+ }
+ }
+
+ @Override
+ public UserAndGroups getUserAndGroups(String identity) throws AuthorizationAccessException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ return baseUserGroupProvider.getUserAndGroups(identity);
+ }
+ }
+
+ @Override
+ public void initialize(UserGroupProviderInitializationContext initializationContext) throws AuthorizerCreationException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ baseUserGroupProvider.initialize(initializationContext);
+ }
+ }
+
+ @Override
+ public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ baseUserGroupProvider.onConfigured(configurationContext);
+ }
+ }
+
+ @Override
+ public void preDestruction() throws AuthorizerDestructionException {
+ try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
+ baseUserGroupProvider.preDestruction();
+ }
+ }
+ };
+ }
+ }
+
+ private UserGroupProviderFactory() {}
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/xsd/authorizers.xsd
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/xsd/authorizers.xsd b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/xsd/authorizers.xsd
index 4b68b00..46c004a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/xsd/authorizers.xsd
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/xsd/authorizers.xsd
@@ -14,7 +14,25 @@
limitations under the License.
-->
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
- <!-- role -->
+ <!-- user group providers type -->
+ <xs:complexType name="UserGroupProvider">
+ <xs:sequence>
+ <xs:element name="identifier" type="NonEmptyStringType"/>
+ <xs:element name="class" type="NonEmptyStringType"/>
+ <xs:element name="property" type="Property" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ </xs:complexType>
+
+ <!-- access policy provider type -->
+ <xs:complexType name="AccessPolicyProvider">
+ <xs:sequence>
+ <xs:element name="identifier" type="NonEmptyStringType"/>
+ <xs:element name="class" type="NonEmptyStringType"/>
+ <xs:element name="property" type="Property" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ </xs:complexType>
+
+ <!-- authorizers type -->
<xs:complexType name="Authorizer">
<xs:sequence>
<xs:element name="identifier" type="NonEmptyStringType"/>
@@ -38,10 +56,12 @@
</xs:restriction>
</xs:simpleType>
- <!-- users -->
+ <!-- authorizers -->
<xs:element name="authorizers">
<xs:complexType>
<xs:sequence>
+ <xs:element name="userGroupProvider" type="UserGroupProvider" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="accessPolicyProvider" type="AccessPolicyProvider" minOccurs="0" maxOccurs="unbounded"/>
<xs:element name="authorizer" type="Authorizer" minOccurs="0" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/AuthorizerFactoryTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/AuthorizerFactoryTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/AuthorizerFactoryTest.java
new file mode 100644
index 0000000..13d6f5a
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/AuthorizerFactoryTest.java
@@ -0,0 +1,264 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authorization;
+
+import org.apache.nifi.authorization.exception.AuthorizerCreationException;
+import org.junit.Assert;
+import org.junit.Test;
+import org.mockito.Mockito;
+
+import java.util.HashSet;
+import java.util.LinkedHashSet;
+import java.util.Set;
+
+public class AuthorizerFactoryTest {
+
+ @Test(expected = AuthorizerCreationException.class)
+ public void testOnConfiguredWhenPoliciesWithSameResourceAndAction() {
+ User user1 = new User.Builder().identifier("user-id-1").identity("user-1").build();
+
+ AccessPolicy policy1 = new AccessPolicy.Builder()
+ .identifier("policy-id-1")
+ .resource("resource1")
+ .action(RequestAction.READ)
+ .addUser(user1.getIdentifier())
+ .build();
+
+ AccessPolicy policy2 = new AccessPolicy.Builder()
+ .identifier("policy-id-2")
+ .resource("resource1")
+ .action(RequestAction.READ)
+ .addUser(user1.getIdentifier())
+ .build();
+
+ Set<AccessPolicy> policies = new LinkedHashSet<>();
+ policies.add(policy1);
+ policies.add(policy2);
+
+ Set<User> users = new LinkedHashSet<>();
+ users.add(user1);
+
+ AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class);
+ Authorizer authorizer = AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer(new HashSet<>(), users, policies));
+ authorizer.onConfigured(context);
+ }
+
+ @Test(expected = AuthorizerCreationException.class)
+ public void testOnConfiguredWhenUsersWithSameIdentity() {
+ User user1 = new User.Builder().identifier("user-id-1").identity("user-1").build();
+ User user2 = new User.Builder().identifier("user-id-2").identity("user-1").build();
+
+ Set<User> users = new LinkedHashSet<>();
+ users.add(user1);
+ users.add(user2);
+
+ AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class);
+ Authorizer authorizer = AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer(new HashSet<>(), users, new HashSet<>()));
+ authorizer.onConfigured(context);
+ }
+
+ @Test(expected = AuthorizerCreationException.class)
+ public void testOnConfiguredWhenGroupsWithSameName() {
+ Group group1 = new Group.Builder().identifier("group-id-1").name("group-1").build();
+ Group group2 = new Group.Builder().identifier("group-id-2").name("group-1").build();
+
+ Set<Group> groups = new LinkedHashSet<>();
+ groups.add(group1);
+ groups.add(group2);
+
+ AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class);
+ Authorizer authorizer = AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer(groups, new HashSet<>(), new HashSet<>()));
+ authorizer.onConfigured(context);
+ }
+
+ @Test
+ public void testAddPoliciesWithSameResourceAndAction() {
+ AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class);
+
+ final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer());
+ managedAuthorizer.onConfigured(context);
+
+ final ConfigurableAccessPolicyProvider accessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider();
+ final ConfigurableUserGroupProvider userGroupProvider = (ConfigurableUserGroupProvider) accessPolicyProvider.getUserGroupProvider();
+
+ User user1 = new User.Builder().identifier("user-id-1").identity("user-1").build();
+ userGroupProvider.addUser(user1);
+
+ AccessPolicy policy1 = new AccessPolicy.Builder()
+ .identifier("policy-id-1")
+ .resource("resource1")
+ .action(RequestAction.READ)
+ .addUser(user1.getIdentifier())
+ .build();
+ accessPolicyProvider.addAccessPolicy(policy1);
+
+ AccessPolicy policy2 = new AccessPolicy.Builder()
+ .identifier("policy-id-2")
+ .resource("resource1")
+ .action(RequestAction.READ)
+ .addUser(user1.getIdentifier())
+ .build();
+
+ try {
+ accessPolicyProvider.addAccessPolicy(policy2);
+ Assert.fail("Should have thrown exception");
+ } catch (IllegalStateException e) {
+
+ }
+ }
+
+ @Test
+ public void testAddUsersWithSameIdentity() {
+ AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class);
+
+ final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer());
+ managedAuthorizer.onConfigured(context);
+
+ final ConfigurableAccessPolicyProvider accessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider();
+ final ConfigurableUserGroupProvider userGroupProvider = (ConfigurableUserGroupProvider) accessPolicyProvider.getUserGroupProvider();
+
+ User user1 = new User.Builder().identifier("user-id-1").identity("user-1").build();
+ userGroupProvider.addUser(user1);
+
+ User user2 = new User.Builder().identifier("user-id-2").identity("user-1").build();
+
+ try {
+ userGroupProvider.addUser(user2);
+ Assert.fail("Should have thrown exception");
+ } catch (IllegalStateException e) {
+
+ }
+ }
+
+ @Test
+ public void testAddGroupsWithSameName() {
+ AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class);
+
+ final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer());
+ managedAuthorizer.onConfigured(context);
+
+ final ConfigurableAccessPolicyProvider accessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider();
+ final ConfigurableUserGroupProvider userGroupProvider = (ConfigurableUserGroupProvider) accessPolicyProvider.getUserGroupProvider();
+
+ Group group1 = new Group.Builder().identifier("group-id-1").name("group-1").build();
+ userGroupProvider.addGroup(group1);
+
+ Group group2 = new Group.Builder().identifier("group-id-2").name("group-1").build();
+
+ try {
+ userGroupProvider.addGroup(group2);
+ Assert.fail("Should have thrown exception");
+ } catch (IllegalStateException e) {
+
+ }
+ }
+
+ @Test
+ public void testAddUsersWithSameIdentityAsGroupName() {
+ AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class);
+
+ final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer());
+ managedAuthorizer.onConfigured(context);
+
+ final ConfigurableAccessPolicyProvider accessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider();
+ final ConfigurableUserGroupProvider userGroupProvider = (ConfigurableUserGroupProvider) accessPolicyProvider.getUserGroupProvider();
+
+ Group group1 = new Group.Builder().identifier("group-id-1").name("abc").build();
+ userGroupProvider.addGroup(group1);
+
+ User user = new User.Builder().identifier("user-id-2").identity("abc").build();
+
+ try {
+ userGroupProvider.addUser(user);
+ Assert.fail("Should have thrown exception");
+ } catch (IllegalStateException e) {
+
+ }
+ }
+
+ @Test
+ public void testAddGroupWithSameNameAsUserIdentity() {
+ AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class);
+
+ final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer());
+ managedAuthorizer.onConfigured(context);
+
+ final ConfigurableAccessPolicyProvider accessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider();
+ final ConfigurableUserGroupProvider userGroupProvider = (ConfigurableUserGroupProvider) accessPolicyProvider.getUserGroupProvider();
+
+ User user = new User.Builder().identifier("user-id-2").identity("abc").build();
+ userGroupProvider.addUser(user);
+
+ Group group1 = new Group.Builder().identifier("group-id-1").name("abc").build();
+ try {
+ userGroupProvider.addGroup(group1);
+ Assert.fail("Should have thrown exception");
+ } catch (IllegalStateException e) {
+
+ }
+ }
+
+ @Test
+ public void testUpdateUserWithSameIdentity() {
+ AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class);
+
+ final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer());
+ managedAuthorizer.onConfigured(context);
+
+ final ConfigurableAccessPolicyProvider accessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider();
+ final ConfigurableUserGroupProvider userGroupProvider = (ConfigurableUserGroupProvider) accessPolicyProvider.getUserGroupProvider();
+
+ User user1 = new User.Builder().identifier("user-id-1").identity("abc").build();
+ userGroupProvider.addUser(user1);
+
+ User user2 = new User.Builder().identifier("user-id-2").identity("xyz").build();
+ userGroupProvider.addUser(user2);
+
+ try {
+ User user1Updated = new User.Builder().identifier("user-id-1").identity("xyz").build();
+ userGroupProvider.updateUser(user1Updated);
+ Assert.fail("Should have thrown exception");
+ } catch (IllegalStateException e) {
+
+ }
+ }
+
+ @Test
+ public void testUpdateGroupWithSameName() {
+ AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class);
+
+ final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer());
+ managedAuthorizer.onConfigured(context);
+
+ final ConfigurableAccessPolicyProvider accessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider();
+ final ConfigurableUserGroupProvider userGroupProvider = (ConfigurableUserGroupProvider) accessPolicyProvider.getUserGroupProvider();
+
+ Group group1 = new Group.Builder().identifier("group-id-1").name("abc").build();
+ userGroupProvider.addGroup(group1);
+
+ Group group2 = new Group.Builder().identifier("group-id-2").name("xyz").build();
+ userGroupProvider.addGroup(group2);
+
+ try {
+ Group group1Updated = new Group.Builder().identifier("group-id-1").name("xyz").build();
+ userGroupProvider.updateGroup(group1Updated);
+ Assert.fail("Should have thrown exception");
+ } catch (IllegalStateException e) {
+
+ }
+ }
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/MockPolicyBasedAuthorizer.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/MockPolicyBasedAuthorizer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/MockPolicyBasedAuthorizer.java
new file mode 100644
index 0000000..9b50b50
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/MockPolicyBasedAuthorizer.java
@@ -0,0 +1,183 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authorization;
+
+import org.apache.nifi.authorization.exception.AuthorizationAccessException;
+import org.apache.nifi.authorization.exception.AuthorizerCreationException;
+import org.apache.nifi.authorization.exception.AuthorizerDestructionException;
+
+import java.util.HashSet;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+/**
+ * Mock implementation of AbstractPolicyBasedAuthorizer.
+ */
+public class MockPolicyBasedAuthorizer extends AbstractPolicyBasedAuthorizer {
+
+ private Set<Group> groups = new HashSet<>();
+ private Set<User> users = new HashSet<>();
+ private Set<AccessPolicy> policies = new HashSet<>();
+
+ public MockPolicyBasedAuthorizer() {
+
+ }
+
+ public MockPolicyBasedAuthorizer(Set<Group> groups, Set<User> users, Set<AccessPolicy> policies) {
+ if (groups != null) {
+ this.groups.addAll(groups);
+ }
+ if (users != null) {
+ this.users.addAll(users);
+ }
+ if (policies != null) {
+ this.policies.addAll(policies);
+ }
+ }
+
+ @Override
+ public Group doAddGroup(Group group) throws AuthorizationAccessException {
+ groups.add(group);
+ return group;
+ }
+
+ @Override
+ public Group getGroup(String identifier) throws AuthorizationAccessException {
+ return groups.stream().filter(g -> g.getIdentifier().equals(identifier)).findFirst().get();
+ }
+
+ @Override
+ public Group doUpdateGroup(Group group) throws AuthorizationAccessException {
+ deleteGroup(group);
+ return addGroup(group);
+ }
+
+ @Override
+ public Group deleteGroup(Group group) throws AuthorizationAccessException {
+ groups.remove(group);
+ return group;
+ }
+
+ @Override
+ public Set<Group> getGroups() throws AuthorizationAccessException {
+ return groups;
+ }
+
+ @Override
+ public User doAddUser(User user) throws AuthorizationAccessException {
+ users.add(user);
+ return user;
+ }
+
+ @Override
+ public User getUser(String identifier) throws AuthorizationAccessException {
+ return users.stream().filter(u -> u.getIdentifier().equals(identifier)).findFirst().get();
+ }
+
+ @Override
+ public User getUserByIdentity(String identity) throws AuthorizationAccessException {
+ return users.stream().filter(u -> u.getIdentity().equals(identity)).findFirst().get();
+ }
+
+ @Override
+ public User doUpdateUser(User user) throws AuthorizationAccessException {
+ deleteUser(user);
+ return addUser(user);
+ }
+
+ @Override
+ public User deleteUser(User user) throws AuthorizationAccessException {
+ users.remove(user);
+ return user;
+ }
+
+ @Override
+ public Set<User> getUsers() throws AuthorizationAccessException {
+ return users;
+ }
+
+ @Override
+ protected AccessPolicy doAddAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
+ policies.add(accessPolicy);
+ return accessPolicy;
+ }
+
+ @Override
+ public AccessPolicy getAccessPolicy(String identifier) throws AuthorizationAccessException {
+ return policies.stream().filter(p -> p.getIdentifier().equals(identifier)).findFirst().get();
+ }
+
+ @Override
+ public AccessPolicy updateAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException {
+ deleteAccessPolicy(accessPolicy);
+ return addAccessPolicy(accessPolicy);
+ }
+
+ @Override
+ public AccessPolicy deleteAccessPolicy(AccessPolicy policy) throws AuthorizationAccessException {
+ policies.remove(policy);
+ return policy;
+ }
+
+ @Override
+ public Set<AccessPolicy> getAccessPolicies() throws AuthorizationAccessException {
+ return policies;
+ }
+
+ @Override
+ public UsersAndAccessPolicies getUsersAndAccessPolicies() throws AuthorizationAccessException {
+ return new UsersAndAccessPolicies() {
+ @Override
+ public AccessPolicy getAccessPolicy(String resourceIdentifier, RequestAction action) {
+ return null;
+ }
+
+ @Override
+ public User getUser(String identity) {
+ return getUserByIdentity(identity);
+ }
+
+ @Override
+ public Set<Group> getGroups(String userIdentity) {
+ User user = getUserByIdentity(userIdentity);
+ if (user == null) {
+ return new HashSet<>();
+ } else {
+ return groups.stream()
+ .filter(g -> g.getUsers().contains(user.getIdentifier()))
+ .collect(Collectors.toSet());
+ }
+ }
+ };
+ }
+
+ @Override
+ public void initialize(AuthorizerInitializationContext initializationContext) throws AuthorizerCreationException {
+
+ }
+
+ @Override
+ public void doOnConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
+
+ }
+
+ @Override
+ public void preDestruction() throws AuthorizerDestructionException {
+
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/FlowConfigurationDTO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/FlowConfigurationDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/FlowConfigurationDTO.java
index 9e546b1..fa039fe 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/FlowConfigurationDTO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/FlowConfigurationDTO.java
@@ -29,7 +29,9 @@ import java.util.Date;
@XmlType(name = "flowConfiguration")
public class FlowConfigurationDTO {
+ private Boolean supportsManagedAuthorizer;
private Boolean supportsConfigurableAuthorizer;
+ private Boolean supportsConfigurableUsersAndGroups;
private Long autoRefreshIntervalSeconds;
private Date currentTime;
@@ -51,6 +53,37 @@ public class FlowConfigurationDTO {
}
/**
+ * @return whether this NiFi supports a managed authorizer. Managed authorizers can visualize users, groups,
+ * and policies in the UI. This value is read only
+ */
+ @ApiModelProperty(
+ value = "Whether this NiFi supports a managed authorizer. Managed authorizers can visualize users, groups, and policies in the UI.",
+ readOnly = true
+ )
+ public Boolean getSupportsManagedAuthorizer() {
+ return supportsManagedAuthorizer;
+ }
+
+ public void setSupportsManagedAuthorizer(Boolean supportsManagedAuthorizer) {
+ this.supportsManagedAuthorizer = supportsManagedAuthorizer;
+ }
+
+ /**
+ * @return whether this NiFi supports configurable users and groups. This value is read only
+ */
+ @ApiModelProperty(
+ value = "Whether this NiFi supports configurable users and groups.",
+ readOnly = true
+ )
+ public Boolean getSupportsConfigurableUsersAndGroups() {
+ return supportsConfigurableUsersAndGroups;
+ }
+
+ public void setSupportsConfigurableUsersAndGroups(Boolean supportsConfigurableUsersAndGroups) {
+ this.supportsConfigurableUsersAndGroups = supportsConfigurableUsersAndGroups;
+ }
+
+ /**
* @return whether this NiFi supports a configurable authorizer. This value is read only
*/
@ApiModelProperty(
http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessPolicyEntity.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessPolicyEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessPolicyEntity.java
index d42f498..19d831d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessPolicyEntity.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessPolicyEntity.java
@@ -28,7 +28,7 @@ import java.util.Date;
* A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to an {@link AccessPolicyDTO}.
*/
@XmlRootElement(name = "accessPolicyEntity")
-public class AccessPolicyEntity extends ComponentEntity {
+public class AccessPolicyEntity extends ComponentEntity implements Permissible<AccessPolicyDTO> {
private Date generated;
private AccessPolicyDTO component;
http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantsEntity.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantsEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantsEntity.java
index 49c51c3..cc97619 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantsEntity.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantsEntity.java
@@ -24,7 +24,7 @@ import java.util.Collection;
* TenantEntity objects.
*/
@XmlRootElement(name = "tenantsEntity")
-public class TenantsEntity {
+public class TenantsEntity extends Entity {
private Collection<TenantEntity> users;
private Collection<TenantEntity> userGroups;
http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserEntity.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserEntity.java
index 983cdfb..11d2f9d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserEntity.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserEntity.java
@@ -24,7 +24,7 @@ import javax.xml.bind.annotation.XmlRootElement;
* A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a UserDTO.
*/
@XmlRootElement(name = "userEntity")
-public class UserEntity extends ComponentEntity {
+public class UserEntity extends ComponentEntity implements Permissible<UserDTO> {
private UserDTO component;
http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupEntity.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupEntity.java
index ea8238a..d70489c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupEntity.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupEntity.java
@@ -16,14 +16,15 @@
*/
package org.apache.nifi.web.api.entity;
-import javax.xml.bind.annotation.XmlRootElement;
import org.apache.nifi.web.api.dto.UserGroupDTO;
+import javax.xml.bind.annotation.XmlRootElement;
+
/**
* A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a UserGroupDTO.
*/
@XmlRootElement(name = "userGroupEntity")
-public class UserGroupEntity extends ComponentEntity {
+public class UserGroupEntity extends ComponentEntity implements Permissible<UserGroupDTO> {
private UserGroupDTO component;
http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupsEntity.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupsEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupsEntity.java
index bdde662..d4b4c5d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupsEntity.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupsEntity.java
@@ -24,7 +24,7 @@ import java.util.Collection;
* UserGroupEntity objects.
*/
@XmlRootElement(name = "userGroupsEntity")
-public class UserGroupsEntity {
+public class UserGroupsEntity extends Entity {
private Collection<UserGroupEntity> userGroups;
http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml
index 0f44b6a..bba0413 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml
@@ -41,8 +41,9 @@
<goal>xjc</goal>
</goals>
<configuration>
- <schemaDirectory>src/main/xsd</schemaDirectory>
- <schemaFiles>authorizations.xsd</schemaFiles>
+ <sources>
+ <source>src/main/xsd/authorizations.xsd</source>
+ </sources>
<packageName>org.apache.nifi.authorization.file.generated</packageName>
</configuration>
</execution>
@@ -52,8 +53,9 @@
<goal>xjc</goal>
</goals>
<configuration>
- <schemaDirectory>src/main/xsd</schemaDirectory>
- <schemaFiles>tenants.xsd</schemaFiles>
+ <sources>
+ <source>src/main/xsd/tenants.xsd</source>
+ </sources>
<packageName>org.apache.nifi.authorization.file.tenants.generated</packageName>
<clearOutputDir>false</clearOutputDir>
</configuration>
@@ -64,8 +66,9 @@
<goal>xjc</goal>
</goals>
<configuration>
- <schemaDirectory>src/main/xsd</schemaDirectory>
- <schemaFiles>legacy-users.xsd</schemaFiles>
+ <sources>
+ <source>src/main/xsd/legacy-users.xsd</source>
+ </sources>
<packageName>org.apache.nifi.user.generated</packageName>
<clearOutputDir>false</clearOutputDir>
</configuration>
http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/AuthorizationsHolder.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/AuthorizationsHolder.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/AuthorizationsHolder.java
index e407289..0d3ea64 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/AuthorizationsHolder.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/AuthorizationsHolder.java
@@ -19,9 +19,6 @@ package org.apache.nifi.authorization;
import org.apache.nifi.authorization.file.generated.Authorizations;
import org.apache.nifi.authorization.file.generated.Policies;
-import org.apache.nifi.authorization.file.tenants.generated.Groups;
-import org.apache.nifi.authorization.file.tenants.generated.Tenants;
-import org.apache.nifi.authorization.file.tenants.generated.Users;
import java.util.Collections;
import java.util.HashMap;
@@ -32,56 +29,26 @@ import java.util.Set;
/**
* A holder to provide atomic access to data structures.
*/
-public class AuthorizationsHolder implements UsersAndAccessPolicies {
+public class AuthorizationsHolder {
- private final Tenants tenants;
private final Authorizations authorizations;
private final Set<AccessPolicy> allPolicies;
private final Map<String, Set<AccessPolicy>> policiesByResource;
private final Map<String, AccessPolicy> policiesById;
- private final Set<User> allUsers;
- private final Map<String,User> usersById;
- private final Map<String,User> usersByIdentity;
-
- private final Set<Group> allGroups;
- private final Map<String,Group> groupsById;
- private final Map<String, Set<Group>> groupsByUserIdentity;
-
/**
- * Creates a new holder and populates all convenience data structures.
+ * Creates a new holder and populates all convenience authorizations data structures.
*
* @param authorizations the current authorizations instance
*/
- public AuthorizationsHolder(final Authorizations authorizations, final Tenants tenants) {
+ public AuthorizationsHolder(final Authorizations authorizations) {
this.authorizations = authorizations;
- this.tenants = tenants;
-
- // load all users
- final Users users = tenants.getUsers();
- final Set<User> allUsers = Collections.unmodifiableSet(createUsers(users));
-
- // load all groups
- final Groups groups = tenants.getGroups();
- final Set<Group> allGroups = Collections.unmodifiableSet(createGroups(groups, users));
// load all access policies
final Policies policies = authorizations.getPolicies();
final Set<AccessPolicy> allPolicies = Collections.unmodifiableSet(createAccessPolicies(policies));
- // create a convenience map to retrieve a user by id
- final Map<String, User> userByIdMap = Collections.unmodifiableMap(createUserByIdMap(allUsers));
-
- // create a convenience map to retrieve a user by identity
- final Map<String, User> userByIdentityMap = Collections.unmodifiableMap(createUserByIdentityMap(allUsers));
-
- // create a convenience map to retrieve a group by id
- final Map<String, Group> groupByIdMap = Collections.unmodifiableMap(createGroupByIdMap(allGroups));
-
- // create a convenience map to retrieve the groups for a user identity
- final Map<String, Set<Group>> groupsByUserIdentityMap = Collections.unmodifiableMap(createGroupsByUserIdentityMap(allGroups, allUsers));
-
// create a convenience map from resource id to policies
final Map<String, Set<AccessPolicy>> policiesByResourceMap = Collections.unmodifiableMap(createResourcePolicyMap(allPolicies));
@@ -89,13 +56,7 @@ public class AuthorizationsHolder implements UsersAndAccessPolicies {
final Map<String, AccessPolicy> policiesByIdMap = Collections.unmodifiableMap(createPoliciesByIdMap(allPolicies));
// set all the holders
- this.allUsers = allUsers;
- this.allGroups = allGroups;
this.allPolicies = allPolicies;
- this.usersById = userByIdMap;
- this.usersByIdentity = userByIdentityMap;
- this.groupsById = groupByIdMap;
- this.groupsByUserIdentity = groupsByUserIdentityMap;
this.policiesByResource = policiesByResourceMap;
this.policiesById = policiesByIdMap;
}
@@ -134,9 +95,9 @@ public class AuthorizationsHolder implements UsersAndAccessPolicies {
// add the appropriate request actions
final String authorizationCode = policy.getAction();
- if (authorizationCode.equals(FileAuthorizer.READ_CODE)) {
+ if (authorizationCode.equals(FileAccessPolicyProvider.READ_CODE)) {
builder.action(RequestAction.READ);
- } else if (authorizationCode.equals(FileAuthorizer.WRITE_CODE)){
+ } else if (authorizationCode.equals(FileAccessPolicyProvider.WRITE_CODE)){
builder.action(RequestAction.WRITE);
} else {
throw new IllegalStateException("Unknown Policy Action: " + authorizationCode);
@@ -150,57 +111,6 @@ public class AuthorizationsHolder implements UsersAndAccessPolicies {
}
/**
- * Creates a set of Users from the JAXB Users.
- *
- * @param users the JAXB Users
- * @return a set of API Users matching the provided JAXB Users
- */
- private Set<User> createUsers(org.apache.nifi.authorization.file.tenants.generated.Users users) {
- Set<User> allUsers = new HashSet<>();
- if (users == null || users.getUser() == null) {
- return allUsers;
- }
-
- for (org.apache.nifi.authorization.file.tenants.generated.User user : users.getUser()) {
- final User.Builder builder = new User.Builder()
- .identity(user.getIdentity())
- .identifier(user.getIdentifier());
-
- allUsers.add(builder.build());
- }
-
- return allUsers;
- }
-
- /**
- * Creates a set of Groups from the JAXB Groups.
- *
- * @param groups the JAXB Groups
- * @return a set of API Groups matching the provided JAXB Groups
- */
- private Set<Group> createGroups(org.apache.nifi.authorization.file.tenants.generated.Groups groups,
- org.apache.nifi.authorization.file.tenants.generated.Users users) {
- Set<Group> allGroups = new HashSet<>();
- if (groups == null || groups.getGroup() == null) {
- return allGroups;
- }
-
- for (org.apache.nifi.authorization.file.tenants.generated.Group group : groups.getGroup()) {
- final Group.Builder builder = new Group.Builder()
- .identifier(group.getIdentifier())
- .name(group.getName());
-
- for (org.apache.nifi.authorization.file.tenants.generated.Group.User groupUser : group.getUser()) {
- builder.addUser(groupUser.getIdentifier());
- }
-
- allGroups.add(builder.build());
- }
-
- return allGroups;
- }
-
- /**
* Creates a map from resource identifier to the set of policies for the given resource.
*
* @param allPolicies the set of all policies
@@ -222,74 +132,6 @@ public class AuthorizationsHolder implements UsersAndAccessPolicies {
}
/**
- * Creates a Map from user identifier to User.
- *
- * @param users the set of all users
- * @return the Map from user identifier to User
- */
- private Map<String,User> createUserByIdMap(final Set<User> users) {
- Map<String,User> usersMap = new HashMap<>();
- for (User user : users) {
- usersMap.put(user.getIdentifier(), user);
- }
- return usersMap;
- }
-
- /**
- * Creates a Map from user identity to User.
- *
- * @param users the set of all users
- * @return the Map from user identity to User
- */
- private Map<String,User> createUserByIdentityMap(final Set<User> users) {
- Map<String,User> usersMap = new HashMap<>();
- for (User user : users) {
- usersMap.put(user.getIdentity(), user);
- }
- return usersMap;
- }
-
- /**
- * Creates a Map from group identifier to Group.
- *
- * @param groups the set of all groups
- * @return the Map from group identifier to Group
- */
- private Map<String,Group> createGroupByIdMap(final Set<Group> groups) {
- Map<String,Group> groupsMap = new HashMap<>();
- for (Group group : groups) {
- groupsMap.put(group.getIdentifier(), group);
- }
- return groupsMap;
- }
-
- /**
- * Creates a Map from user identity to the set of Groups for that identity.
- *
- * @param groups all groups
- * @param users all users
- * @return a Map from User identity to the set of Groups for that identity
- */
- private Map<String, Set<Group>> createGroupsByUserIdentityMap(final Set<Group> groups, final Set<User> users) {
- Map<String, Set<Group>> groupsByUserIdentity = new HashMap<>();
-
- for (User user : users) {
- Set<Group> userGroups = new HashSet<>();
- for (Group group : groups) {
- for (String groupUser : group.getUsers()) {
- if (groupUser.equals(user.getIdentifier())) {
- userGroups.add(group);
- }
- }
- }
-
- groupsByUserIdentity.put(user.getIdentity(), userGroups);
- }
-
- return groupsByUserIdentity;
- }
-
- /**
* Creates a Map from policy identifier to AccessPolicy.
*
* @param policies the set of all access policies
@@ -307,10 +149,6 @@ public class AuthorizationsHolder implements UsersAndAccessPolicies {
return authorizations;
}
- public Tenants getTenants() {
- return tenants;
- }
-
public Set<AccessPolicy> getAllPolicies() {
return allPolicies;
}
@@ -323,27 +161,6 @@ public class AuthorizationsHolder implements UsersAndAccessPolicies {
return policiesById;
}
- public Set<User> getAllUsers() {
- return allUsers;
- }
-
- public Map<String, User> getUsersById() {
- return usersById;
- }
-
- public Map<String, User> getUsersByIdentity() {
- return usersByIdentity;
- }
-
- public Set<Group> getAllGroups() {
- return allGroups;
- }
-
- public Map<String, Group> getGroupsById() {
- return groupsById;
- }
-
- @Override
public AccessPolicy getAccessPolicy(final String resourceIdentifier, final RequestAction action) {
if (resourceIdentifier == null) {
throw new IllegalArgumentException("Resource Identifier cannot be null");
@@ -363,20 +180,4 @@ public class AuthorizationsHolder implements UsersAndAccessPolicies {
return null;
}
- @Override
- public User getUser(String identity) {
- if (identity == null) {
- throw new IllegalArgumentException("Identity cannot be null");
- }
- return usersByIdentity.get(identity);
- }
-
- @Override
- public Set<Group> getGroups(String userIdentity) {
- if (userIdentity == null) {
- throw new IllegalArgumentException("User Identity cannot be null");
- }
- return groupsByUserIdentity.get(userIdentity);
- }
-
}