You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by mc...@apache.org on 2016/04/07 22:19:13 UTC
[1/9] nifi git commit: NIFI-1551: - Starting to remove the
AuthorityProvider. - This closes #330
Repository: nifi
Updated Branches:
refs/heads/master 2bcc31330 -> c4d06f203
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationToken.java
deleted file mode 100644
index 0cb0353..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationToken.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.token;
-
-import org.springframework.security.authentication.AbstractAuthenticationToken;
-import org.springframework.security.core.userdetails.UserDetails;
-
-/**
- * An authentication token that represents an Authenticated and Authorized user of the NiFi Apis. The authorities are based off the specified UserDetails.
- */
-public class NiFiAuthorizationToken extends AbstractAuthenticationToken {
-
- final UserDetails nifiUserDetails;
-
- public NiFiAuthorizationToken(final UserDetails nifiUserDetails) {
- super(nifiUserDetails.getAuthorities());
- super.setAuthenticated(true);
- setDetails(nifiUserDetails);
- this.nifiUserDetails = nifiUserDetails;
- }
-
- @Override
- public Object getCredentials() {
- return nifiUserDetails.getPassword();
- }
-
- @Override
- public Object getPrincipal() {
- return nifiUserDetails;
- }
-
- @Override
- public final void setAuthenticated(boolean authenticated) {
- throw new IllegalArgumentException("Cannot change the authenticated state.");
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NewAccountRequest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NewAccountRequest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NewAccountRequest.java
deleted file mode 100644
index 3ec147a..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NewAccountRequest.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.user;
-
-import java.util.List;
-
-/**
- *
- */
-public class NewAccountRequest {
-
- private final List<String> chain;
- private final String justification;
-
- public NewAccountRequest(final List<String> chain, final String justification) {
- this.chain = chain;
- this.justification = justification;
- }
-
- public List<String> getChain() {
- return chain;
- }
-
- public String getJustification() {
- return justification;
- }
-
- public String getUsername() {
- // the end user is the first item in the chain
- return chain.get(0);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java
index b559269..86668fe 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserDetails.java
@@ -16,16 +16,14 @@
*/
package org.apache.nifi.web.security.user;
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.user.NiFiUser;
import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.user.NiFiUser;
import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
+import java.util.Collection;
+import java.util.Collections;
+
/**
* User details for a NiFi user.
*/
@@ -58,12 +56,7 @@ public class NiFiUserDetails implements UserDetails {
*/
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
- final Set<Authority> authorities = user.getAuthorities();
- final Set<GrantedAuthority> grantedAuthorities = new HashSet<>(authorities.size());
- for (final Authority authority : authorities) {
- grantedAuthorities.add(new SimpleGrantedAuthority(authority.toString()));
- }
- return grantedAuthorities;
+ return Collections.EMPTY_SET;
}
@Override
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java
index 341663e..255b3d5 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/user/NiFiUserUtils.java
@@ -77,27 +77,6 @@ public final class NiFiUserUtils {
return user;
}
- /**
- * Returns the NewAccountRequest or null if this is not a new account request.
- *
- * @return new account request
- */
- public static NewAccountRequest getNewAccountRequest() {
- NewAccountRequest newAccountRequest = null;
-
- // obtain the principal in the current authentication
- final SecurityContext context = SecurityContextHolder.getContext();
- final Authentication authentication = context.getAuthentication();
- if (authentication != null) {
- Object principal = authentication.getPrincipal();
- if (principal instanceof NewAccountRequest) {
- newAccountRequest = (NewAccountRequest) principal;
- }
- }
-
- return newAccountRequest;
- }
-
public static String getNiFiUserName() {
// get the nifi user to extract the username
NiFiUser user = NiFiUserUtils.getNiFiUser();
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java
index 019a53c..ab6ceec 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationFilter.java
@@ -16,18 +16,15 @@
*/
package org.apache.nifi.web.security.x509;
-import java.security.cert.X509Certificate;
-import java.util.List;
-import javax.servlet.http.HttpServletRequest;
-import org.apache.nifi.authentication.AuthenticationResponse;
-import org.apache.nifi.web.security.InvalidAuthenticationException;
import org.apache.nifi.web.security.NiFiAuthenticationFilter;
import org.apache.nifi.web.security.ProxiedEntitiesUtils;
-import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
-import org.apache.nifi.web.security.user.NewAccountRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
+
+import javax.servlet.http.HttpServletRequest;
+import java.security.cert.X509Certificate;
/**
* Custom X509 filter that will inspect the HTTP headers for a proxied user before extracting the user details from the client certificate.
@@ -37,10 +34,10 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter {
private static final Logger logger = LoggerFactory.getLogger(X509AuthenticationFilter.class);
private X509CertificateExtractor certificateExtractor;
- private X509IdentityProvider certificateIdentityProvider;
+ private X509PrincipalExtractor principalExtractor;
@Override
- public NiFiAuthorizationRequestToken attemptAuthentication(final HttpServletRequest request) {
+ public Authentication attemptAuthentication(final HttpServletRequest request) {
// only suppport x509 login when running securely
if (!request.isSecure()) {
return null;
@@ -52,20 +49,7 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter {
return null;
}
- // attempt to authenticate if certificates were found
- final AuthenticationResponse authenticationResponse;
- try {
- authenticationResponse = certificateIdentityProvider.authenticate(certificates);
- } catch (final IllegalArgumentException iae) {
- throw new InvalidAuthenticationException(iae.getMessage(), iae);
- }
-
- final List<String> proxyChain = ProxiedEntitiesUtils.buildProxiedEntitiesChain(request, authenticationResponse.getIdentity());
- if (isNewAccountRequest(request)) {
- return new NewAccountAuthorizationRequestToken(new NewAccountRequest(proxyChain, getJustification(request)));
- } else {
- return new NiFiAuthorizationRequestToken(proxyChain);
- }
+ return new X509AuthenticationRequestToken(request.getHeader(ProxiedEntitiesUtils.PROXY_ENTITIES_CHAIN), principalExtractor, certificates);
}
/* setters */
@@ -73,8 +57,8 @@ public class X509AuthenticationFilter extends NiFiAuthenticationFilter {
this.certificateExtractor = certificateExtractor;
}
- public void setCertificateIdentityProvider(X509IdentityProvider certificateIdentityProvider) {
- this.certificateIdentityProvider = certificateIdentityProvider;
+ public void setPrincipalExtractor(X509PrincipalExtractor principalExtractor) {
+ this.principalExtractor = principalExtractor;
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java
new file mode 100644
index 0000000..2593f92
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationProvider.java
@@ -0,0 +1,78 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.x509;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.authentication.AuthenticationResponse;
+import org.apache.nifi.user.NiFiUser;
+import org.apache.nifi.web.security.InvalidAuthenticationException;
+import org.apache.nifi.web.security.ProxiedEntitiesUtils;
+import org.apache.nifi.web.security.token.NiFiAuthenticationToken;
+import org.apache.nifi.web.security.user.NiFiUserDetails;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.ListIterator;
+
+/**
+ *
+ */
+public class X509AuthenticationProvider implements AuthenticationProvider {
+
+ private X509IdentityProvider certificateIdentityProvider;
+
+ public X509AuthenticationProvider(X509IdentityProvider certificateIdentityProvider) {
+ this.certificateIdentityProvider = certificateIdentityProvider;
+ }
+
+ @Override
+ public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+ final X509AuthenticationRequestToken request = (X509AuthenticationRequestToken) authentication;
+
+ // attempt to authenticate if certificates were found
+ final AuthenticationResponse authenticationResponse;
+ try {
+ authenticationResponse = certificateIdentityProvider.authenticate(request.getCertificates());
+ } catch (final IllegalArgumentException iae) {
+ throw new InvalidAuthenticationException(iae.getMessage(), iae);
+ }
+
+ if (StringUtils.isBlank(request.getProxiedEntitiesChain())) {
+ return new NiFiAuthenticationToken(new NiFiUserDetails(new NiFiUser(authenticationResponse.getIdentity(), authenticationResponse.getUsername(), null)));
+ } else {
+ // build the entire proxy chain if applicable - <end-user><proxy1><proxy2>
+ final List<String> proxyChain = new ArrayList<>(ProxiedEntitiesUtils.tokenizeProxiedEntitiesChain(request.getProxiedEntitiesChain()));
+ proxyChain.add(authenticationResponse.getIdentity());
+
+ // add the chain as appropriate to each proxy
+ NiFiUser proxy = null;
+ for (final ListIterator<String> chainIter = proxyChain.listIterator(proxyChain.size()); chainIter.hasPrevious();) {
+ proxy = new NiFiUser(chainIter.previous(), proxy);
+ }
+
+ return new NiFiAuthenticationToken(new NiFiUserDetails(proxy));
+ }
+ }
+
+ @Override
+ public boolean supports(Class<?> authentication) {
+ return X509AuthenticationRequestToken.class.isAssignableFrom(authentication);
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationRequestToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationRequestToken.java
new file mode 100644
index 0000000..cec72fe
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/x509/X509AuthenticationRequestToken.java
@@ -0,0 +1,75 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.x509;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
+
+import java.security.cert.X509Certificate;
+
+/**
+ * This is an authentication request with a given JWT token.
+ */
+public class X509AuthenticationRequestToken extends AbstractAuthenticationToken {
+
+ private final String proxiedEntitiesChain;
+ private final X509PrincipalExtractor principalExtractor;
+ private final X509Certificate[] certificates;
+
+ /**
+ * Creates a representation of the jwt authentication request for a user.
+ *
+ * @param proxiedEntitiesChain The http servlet request
+ * @param certificates The certificate chain
+ */
+ public X509AuthenticationRequestToken(final String proxiedEntitiesChain, final X509PrincipalExtractor principalExtractor, final X509Certificate[] certificates) {
+ super(null);
+ setAuthenticated(false);
+ this.proxiedEntitiesChain = proxiedEntitiesChain;
+ this.principalExtractor = principalExtractor;
+ this.certificates = certificates;
+ }
+
+ @Override
+ public Object getCredentials() {
+ return null;
+ }
+
+ @Override
+ public Object getPrincipal() {
+ if (StringUtils.isBlank(proxiedEntitiesChain)) {
+ return principalExtractor.extractPrincipal(certificates[0]);
+ } else {
+ return String.format("%s<%s>", proxiedEntitiesChain, principalExtractor.extractPrincipal(certificates[0]));
+ }
+ }
+
+ public String getProxiedEntitiesChain() {
+ return proxiedEntitiesChain;
+ }
+
+ public X509Certificate[] getCertificates() {
+ return certificates;
+ }
+
+ @Override
+ public String toString() {
+ return getName();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml
index 4e24bad..1dbba7d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/resources/nifi-web-security-context.xml
@@ -39,10 +39,9 @@
<property name="certificateValidator" ref="certificateValidator"/>
</bean>
- <!-- user details service -->
- <bean id="userDetailsService" class="org.apache.nifi.web.security.authorization.NiFiAuthorizationService">
- <property name="userService" ref="userService"/>
- <property name="properties" ref="nifiProperties"/>
+ <!-- otp authentication provider -->
+ <bean id="x509AuthenticationProvider" class="org.apache.nifi.web.security.x509.X509AuthenticationProvider">
+ <constructor-arg ref="certificateIdentityProvider"/>
</bean>
<!-- jwt service -->
@@ -50,11 +49,21 @@
<constructor-arg ref="userService"/>
</bean>
+ <!-- jwt authentication provider -->
+ <bean id="jwtAuthenticationProvider" class="org.apache.nifi.web.security.jwt.JwtAuthenticationProvider">
+ <constructor-arg ref="jwtService"/>
+ </bean>
+
<!-- otp service -->
<bean id="otpService" class="org.apache.nifi.web.security.otp.OtpService"/>
+ <!-- otp authentication provider -->
+ <bean id="otpAuthenticationProvider" class="org.apache.nifi.web.security.otp.OtpAuthenticationProvider">
+ <constructor-arg ref="otpService"/>
+ </bean>
+
<!-- Kerberos service -->
- <bean id="kerberosService" class="org.apache.nifi.web.security.kerberos.KerberosServiceFactoryBean">
+ <bean id="kerberosService" class="org.apache.nifi.web.security.spring.KerberosServiceFactoryBean">
<property name="properties" ref="nifiProperties"/>
</bean>
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java
deleted file mode 100644
index 23b49b7..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationServiceTest.java
+++ /dev/null
@@ -1,249 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.authorization;
-
-import java.util.Arrays;
-import org.apache.nifi.admin.service.AccountDisabledException;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AccountPendingException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.security.UntrustedProxyException;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
-import org.apache.nifi.web.security.user.NiFiUserDetails;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-import org.springframework.security.authentication.AccountStatusException;
-import org.springframework.security.authentication.AuthenticationServiceException;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-
-/**
- * Test case for NiFiAuthorizationService.
- */
-public class NiFiAuthorizationServiceTest {
-
- private static final String USER = "user";
- private static final String PROXY = "proxy";
- private static final String PROXY_PROXY = "proxy-proxy";
- private static final String USER_NOT_FOUND = "user-not-found";
- private static final String USER_DISABLED = "user-disabled";
- private static final String USER_PENDING = "user-pending";
- private static final String USER_ADMIN_EXCEPTION = "user-admin-exception";
- private static final String PROXY_NOT_FOUND = "proxy-not-found";
-
- private NiFiAuthorizationService authorizationService;
- private UserService userService;
-
- @Before
- public void setup() throws Exception {
- // mock the web security properties
- final NiFiProperties properties = Mockito.mock(NiFiProperties.class);
- Mockito.when(properties.getSupportNewAccountRequests()).thenReturn(Boolean.TRUE);
-
- userService = Mockito.mock(UserService.class);
- Mockito.doReturn(null).when(userService).createPendingUserAccount(Mockito.anyString(), Mockito.anyString());
- Mockito.doAnswer(new Answer() {
- @Override
- public Object answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String identity = (String) args[0];
-
- if (null != identity) {
- switch (identity) {
- case USER_NOT_FOUND:
- case PROXY_NOT_FOUND:
- throw new AccountNotFoundException("");
- case USER_DISABLED:
- throw new AccountDisabledException("");
- case USER_PENDING:
- throw new AccountPendingException("");
- case USER_ADMIN_EXCEPTION:
- throw new AdministrationException();
- case USER:
- final NiFiUser monitor = new NiFiUser();
- monitor.setIdentity(identity);
- monitor.getAuthorities().add(Authority.ROLE_MONITOR);
- return monitor;
- case PROXY:
- case PROXY_PROXY:
- final NiFiUser proxy = new NiFiUser();
- proxy.setIdentity(identity);
- proxy.getAuthorities().add(Authority.ROLE_PROXY);
- return proxy;
- }
- }
-
- return null;
- }
- }).when(userService).checkAuthorization(Mockito.anyString());
-
- // create the authorization service
- authorizationService = new NiFiAuthorizationService();
- authorizationService.setProperties(properties);
- authorizationService.setUserService(userService);
- }
-
- private NiFiAuthorizationRequestToken createRequestAuthentication(final String... identities) {
- return new NiFiAuthorizationRequestToken(Arrays.asList(identities));
- }
-
- /**
- * Ensures the authorization service correctly handles users invalid identity chain.
- *
- * @throws Exception ex
- */
- @Test(expected = UntrustedProxyException.class)
- public void testInvalidDnChain() throws Exception {
- authorizationService.loadUserDetails(createRequestAuthentication());
- }
-
- /**
- * Ensures the authorization service correctly handles account not found.
- *
- * @throws Exception ex
- */
- @Test(expected = UsernameNotFoundException.class)
- public void testAccountNotFound() throws Exception {
- authorizationService.loadUserDetails(createRequestAuthentication(USER_NOT_FOUND));
- }
-
- /**
- * Ensures the authorization service correctly handles account disabled.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountStatusException.class)
- public void testAccountDisabled() throws Exception {
- authorizationService.loadUserDetails(createRequestAuthentication(USER_DISABLED));
- }
-
- /**
- * Ensures the authorization service correctly handles account pending.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountStatusException.class)
- public void testAccountPending() throws Exception {
- authorizationService.loadUserDetails(createRequestAuthentication(USER_PENDING));
- }
-
- /**
- * Ensures the authorization service correctly handles account administration exception.
- *
- * @throws Exception ex
- */
- @Test(expected = AuthenticationServiceException.class)
- public void testAccountAdminException() throws Exception {
- authorizationService.loadUserDetails(createRequestAuthentication(USER_ADMIN_EXCEPTION));
- }
-
- /**
- * Tests the case when there is no proxy.
- *
- * @throws Exception ex
- */
- @Test
- public void testNoProxy() throws Exception {
- final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserDetails(createRequestAuthentication(USER));
- final NiFiUser user = details.getNiFiUser();
-
- Assert.assertEquals(USER, user.getIdentity());
- Assert.assertNull(user.getChain());
- }
-
- /**
- * Tests the case when the proxy does not have ROLE_PROXY.
- *
- * @throws Exception ex
- */
- @Test(expected = UntrustedProxyException.class)
- public void testInvalidProxy() throws Exception {
- authorizationService.loadUserDetails(createRequestAuthentication(USER, USER));
- }
-
- /**
- * Ensures the authorization service correctly handles proxy not found by attempting to create an account request for the proxy.
- *
- * @throws Exception ex
- */
- @Test(expected = UntrustedProxyException.class)
- public void testProxyNotFound() throws Exception {
- try {
- authorizationService.loadUserDetails(createRequestAuthentication(USER, PROXY_NOT_FOUND));
- } finally {
- Mockito.verify(userService).createPendingUserAccount(Mockito.eq(PROXY_NOT_FOUND), Mockito.anyString());
- }
- }
-
- /**
- * Tests the case when there is a proxy.
- *
- * @throws Exception ex
- */
- @Test
- public void testProxy() throws Exception {
- final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserDetails(createRequestAuthentication(USER, PROXY));
- final NiFiUser user = details.getNiFiUser();
-
- // verify the user
- Assert.assertEquals(USER, user.getIdentity());
- Assert.assertNotNull(user.getChain());
-
- // get the proxy
- final NiFiUser proxy = user.getChain();
-
- // verify the proxy
- Assert.assertEquals(PROXY, proxy.getIdentity());
- Assert.assertNull(proxy.getChain());
- }
-
- /**
- * Tests the case when there is are multiple proxies.
- *
- * @throws Exception ex
- */
- @Test
- public void testProxyProxy() throws Exception {
- final NiFiUserDetails details = (NiFiUserDetails) authorizationService.loadUserDetails(createRequestAuthentication(USER, PROXY, PROXY_PROXY));
- final NiFiUser user = details.getNiFiUser();
-
- // verify the user
- Assert.assertEquals(USER, user.getIdentity());
- Assert.assertNotNull(user.getChain());
-
- // get the proxy
- NiFiUser proxy = user.getChain();
-
- // verify the proxy
- Assert.assertEquals(PROXY, proxy.getIdentity());
- Assert.assertNotNull(proxy.getChain());
-
- // get the proxies proxy
- proxy = proxy.getChain();
-
- // verify the proxies proxy
- Assert.assertEquals(PROXY_PROXY, proxy.getIdentity());
- Assert.assertNull(proxy.getChain());
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilterTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilterTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilterTest.java
index ad6f722..791ca54 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilterTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilterTest.java
@@ -16,24 +16,17 @@
*/
package org.apache.nifi.web.security.otp;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
import org.junit.Before;
import org.junit.Test;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
import javax.servlet.http.HttpServletRequest;
-import java.util.List;
import java.util.UUID;
import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
-import static org.mockito.Matchers.anyString;
-import static org.mockito.Mockito.doAnswer;
+import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.never;
-import static org.mockito.Mockito.times;
-import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
public class OtpAuthenticationFilterTest {
@@ -44,41 +37,11 @@ public class OtpAuthenticationFilterTest {
private final static String DOWNLOAD_AUTHENTICATED_USER = "download-token-authenticated-user";
private final static String DOWNLOAD_TOKEN = "download-token";
- private OtpService otpService;
private OtpAuthenticationFilter otpAuthenticationFilter;
@Before
public void setUp() throws Exception {
- otpService = mock(OtpService.class);
- doAnswer(new Answer<String>() {
- @Override
- public String answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String downloadToken = (String) args[0];
-
- if (DOWNLOAD_TOKEN.equals(downloadToken)) {
- return DOWNLOAD_AUTHENTICATED_USER;
- }
-
- throw new OtpAuthenticationException("Invalid token");
- }
- }).when(otpService).getAuthenticationFromDownloadToken(anyString());
- doAnswer(new Answer<String>() {
- @Override
- public String answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String uiExtensionToken = (String) args[0];
-
- if (UI_EXTENSION_TOKEN.equals(uiExtensionToken)) {
- return UI_EXTENSION_AUTHENTICATED_USER;
- }
-
- throw new OtpAuthenticationException("Invalid token");
- }
- }).when(otpService).getAuthenticationFromUiExtensionToken(anyString());
-
otpAuthenticationFilter = new OtpAuthenticationFilter();
- otpAuthenticationFilter.setOtpService(otpService);
}
@Test
@@ -114,13 +77,9 @@ public class OtpAuthenticationFilterTest {
when(request.getParameter(OtpAuthenticationFilter.ACCESS_TOKEN)).thenReturn(UI_EXTENSION_TOKEN);
when(request.getContextPath()).thenReturn("/nifi-update-attribute-ui");
- final NiFiAuthorizationRequestToken result = otpAuthenticationFilter.attemptAuthentication(request);
- final List<String> chain = result.getChain();
- assertEquals(1, chain.size());
- assertEquals(UI_EXTENSION_AUTHENTICATED_USER, chain.get(0));
-
- verify(otpService, times(1)).getAuthenticationFromUiExtensionToken(UI_EXTENSION_TOKEN);
- verify(otpService, never()).getAuthenticationFromDownloadToken(anyString());
+ final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
+ assertEquals(UI_EXTENSION_TOKEN, result.getToken());
+ assertFalse(result.isDownloadToken());
}
@Test
@@ -131,13 +90,9 @@ public class OtpAuthenticationFilterTest {
when(request.getContextPath()).thenReturn("/nifi-api");
when(request.getPathInfo()).thenReturn("/controller/provenance/events/0/content/input");
- final NiFiAuthorizationRequestToken result = otpAuthenticationFilter.attemptAuthentication(request);
- final List<String> chain = result.getChain();
- assertEquals(1, chain.size());
- assertEquals(DOWNLOAD_AUTHENTICATED_USER, chain.get(0));
-
- verify(otpService, never()).getAuthenticationFromUiExtensionToken(anyString());
- verify(otpService, times(1)).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
+ final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
+ assertEquals(DOWNLOAD_TOKEN, result.getToken());
+ assertTrue(result.isDownloadToken());
}
@Test
@@ -148,13 +103,9 @@ public class OtpAuthenticationFilterTest {
when(request.getContextPath()).thenReturn("/nifi-api");
when(request.getPathInfo()).thenReturn("/controller/provenance/events/0/content/output");
- final NiFiAuthorizationRequestToken result = otpAuthenticationFilter.attemptAuthentication(request);
- final List<String> chain = result.getChain();
- assertEquals(1, chain.size());
- assertEquals(DOWNLOAD_AUTHENTICATED_USER, chain.get(0));
-
- verify(otpService, never()).getAuthenticationFromUiExtensionToken(anyString());
- verify(otpService, times(1)).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
+ final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
+ assertEquals(DOWNLOAD_TOKEN, result.getToken());
+ assertTrue(result.isDownloadToken());
}
@Test
@@ -167,13 +118,9 @@ public class OtpAuthenticationFilterTest {
when(request.getContextPath()).thenReturn("/nifi-api");
when(request.getPathInfo()).thenReturn(String.format("/controller/process-groups/root/connections/%s/flowfiles/%s/content", uuid, uuid));
- final NiFiAuthorizationRequestToken result = otpAuthenticationFilter.attemptAuthentication(request);
- final List<String> chain = result.getChain();
- assertEquals(1, chain.size());
- assertEquals(DOWNLOAD_AUTHENTICATED_USER, chain.get(0));
-
- verify(otpService, never()).getAuthenticationFromUiExtensionToken(anyString());
- verify(otpService, times(1)).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
+ final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
+ assertEquals(DOWNLOAD_TOKEN, result.getToken());
+ assertTrue(result.isDownloadToken());
}
@Test
@@ -186,13 +133,9 @@ public class OtpAuthenticationFilterTest {
when(request.getContextPath()).thenReturn("/nifi-api");
when(request.getPathInfo()).thenReturn(String.format("/controller/templates/%s", uuid));
- final NiFiAuthorizationRequestToken result = otpAuthenticationFilter.attemptAuthentication(request);
- final List<String> chain = result.getChain();
- assertEquals(1, chain.size());
- assertEquals(DOWNLOAD_AUTHENTICATED_USER, chain.get(0));
-
- verify(otpService, never()).getAuthenticationFromUiExtensionToken(anyString());
- verify(otpService, times(1)).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
+ final OtpAuthenticationRequestToken result = (OtpAuthenticationRequestToken) otpAuthenticationFilter.attemptAuthentication(request);
+ assertEquals(DOWNLOAD_TOKEN, result.getToken());
+ assertTrue(result.isDownloadToken());
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationProviderTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationProviderTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationProviderTest.java
new file mode 100644
index 0000000..a95c1a0
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/test/java/org/apache/nifi/web/security/otp/OtpAuthenticationProviderTest.java
@@ -0,0 +1,102 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.otp;
+
+import org.apache.nifi.web.security.token.NiFiAuthenticationToken;
+import org.apache.nifi.web.security.user.NiFiUserDetails;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.invocation.InvocationOnMock;
+import org.mockito.stubbing.Answer;
+
+import static org.junit.Assert.assertEquals;
+import static org.mockito.Matchers.anyString;
+import static org.mockito.Mockito.doAnswer;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.never;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+
+public class OtpAuthenticationProviderTest {
+
+ private final static String UI_EXTENSION_AUTHENTICATED_USER = "ui-extension-token-authenticated-user";
+ private final static String UI_EXTENSION_TOKEN = "ui-extension-token";
+
+ private final static String DOWNLOAD_AUTHENTICATED_USER = "download-token-authenticated-user";
+ private final static String DOWNLOAD_TOKEN = "download-token";
+
+ private OtpService otpService;
+ private OtpAuthenticationProvider otpAuthenticationProvider;
+
+ @Before
+ public void setUp() throws Exception {
+ otpService = mock(OtpService.class);
+ doAnswer(new Answer<String>() {
+ @Override
+ public String answer(InvocationOnMock invocation) throws Throwable {
+ Object[] args = invocation.getArguments();
+ String downloadToken = (String) args[0];
+
+ if (DOWNLOAD_TOKEN.equals(downloadToken)) {
+ return DOWNLOAD_AUTHENTICATED_USER;
+ }
+
+ throw new OtpAuthenticationException("Invalid token");
+ }
+ }).when(otpService).getAuthenticationFromDownloadToken(anyString());
+ doAnswer(new Answer<String>() {
+ @Override
+ public String answer(InvocationOnMock invocation) throws Throwable {
+ Object[] args = invocation.getArguments();
+ String uiExtensionToken = (String) args[0];
+
+ if (UI_EXTENSION_TOKEN.equals(uiExtensionToken)) {
+ return UI_EXTENSION_AUTHENTICATED_USER;
+ }
+
+ throw new OtpAuthenticationException("Invalid token");
+ }
+ }).when(otpService).getAuthenticationFromUiExtensionToken(anyString());
+
+ otpAuthenticationProvider = new OtpAuthenticationProvider(otpService);
+ }
+
+ @Test
+ public void testUiExtensionPath() throws Exception {
+ final OtpAuthenticationRequestToken request = new OtpAuthenticationRequestToken(UI_EXTENSION_TOKEN, false);
+
+ final NiFiAuthenticationToken result = (NiFiAuthenticationToken) otpAuthenticationProvider.authenticate(request);
+ final NiFiUserDetails details = (NiFiUserDetails) result.getPrincipal();
+ assertEquals(UI_EXTENSION_AUTHENTICATED_USER, details.getUsername());
+
+ verify(otpService, times(1)).getAuthenticationFromUiExtensionToken(UI_EXTENSION_TOKEN);
+ verify(otpService, never()).getAuthenticationFromDownloadToken(anyString());
+ }
+
+ @Test
+ public void testDownload() throws Exception {
+ final OtpAuthenticationRequestToken request = new OtpAuthenticationRequestToken(DOWNLOAD_TOKEN, true);
+
+ final NiFiAuthenticationToken result = (NiFiAuthenticationToken) otpAuthenticationProvider.authenticate(request);
+ final NiFiUserDetails details = (NiFiUserDetails) result.getPrincipal();
+ assertEquals(DOWNLOAD_AUTHENTICATED_USER, details.getUsername());
+
+ verify(otpService, never()).getAuthenticationFromUiExtensionToken(anyString());
+ verify(otpService, times(1)).getAuthenticationFromDownloadToken(DOWNLOAD_TOKEN);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/pom.xml
index 7faf517..40d7d8c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/pom.xml
@@ -33,8 +33,6 @@
<module>nifi-framework-cluster-protocol</module>
<module>nifi-framework-cluster-web</module>
<module>nifi-framework-cluster</module>
- <module>nifi-file-authorization-provider</module>
- <module>nifi-cluster-authorization-provider</module>
<module>nifi-user-actions</module>
<module>nifi-framework-authorization</module>
<module>nifi-administration</module>
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java b/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java
index d0636c5..f985602 100644
--- a/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java
+++ b/nifi-nar-bundles/nifi-kerberos-iaa-providers-bundle/nifi-kerberos-iaa-providers/src/main/java/org/apache/nifi/kerberos/KerberosProvider.java
@@ -24,8 +24,8 @@ import org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
import org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderDestructionException;
import org.apache.nifi.util.FormatUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
index ce626d1..3557383 100644
--- a/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
+++ b/nifi-nar-bundles/nifi-ldap-iaa-providers-bundle/nifi-ldap-iaa-providers/src/main/java/org/apache/nifi/ldap/LdapProvider.java
@@ -24,8 +24,8 @@ import org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
import org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderDestructionException;
import org.apache.nifi.security.util.SslContextFactory;
import org.apache.nifi.security.util.SslContextFactory.ClientAuth;
import org.apache.nifi.util.FormatUtils;
[6/9] nifi git commit: NIFI-1551: - Starting to remove the
AuthorityProvider. - This closes #330
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorityProviderFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorityProviderFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorityProviderFactoryBean.java
deleted file mode 100644
index e1a02b8..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorityProviderFactoryBean.java
+++ /dev/null
@@ -1,491 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.annotation.AuthorityProviderContext;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.authorization.generated.AuthorityProviderProperty;
-import org.apache.nifi.authorization.generated.AuthorityProviders;
-import org.apache.nifi.authorization.generated.Provider;
-import org.apache.nifi.nar.ExtensionManager;
-import org.apache.nifi.nar.NarCloseable;
-import org.apache.nifi.util.NiFiProperties;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.BeansException;
-import org.springframework.beans.factory.DisposableBean;
-import org.springframework.beans.factory.FactoryBean;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
-import org.xml.sax.SAXException;
-
-import javax.xml.XMLConstants;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.transform.stream.StreamSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.SchemaFactory;
-import java.io.File;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Field;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.util.EnumSet;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-
-/**
- * Factory bean for loading the configured authority provider.
- */
-public class AuthorityProviderFactoryBean implements FactoryBean, ApplicationContextAware, DisposableBean, AuthorityProviderLookup {
-
- private static final Logger logger = LoggerFactory.getLogger(AuthorityProviderFactoryBean.class);
- private static final String AUTHORITY_PROVIDERS_XSD = "/authority-providers.xsd";
- private static final String JAXB_GENERATED_PATH = "org.apache.nifi.authorization.generated";
- private static final JAXBContext JAXB_CONTEXT = initializeJaxbContext();
-
- /**
- * Load the JAXBContext.
- */
- private static JAXBContext initializeJaxbContext() {
- try {
- return JAXBContext.newInstance(JAXB_GENERATED_PATH, AuthorityProviderFactoryBean.class.getClassLoader());
- } catch (JAXBException e) {
- throw new RuntimeException("Unable to create JAXBContext.");
- }
- }
-
- private ApplicationContext applicationContext;
- private AuthorityProvider authorityProvider;
- private NiFiProperties properties;
- private final Map<String, AuthorityProvider> authorityProviders = new HashMap<>();
-
- @Override
- public AuthorityProvider getAuthorityProvider(String identifier) {
- return authorityProviders.get(identifier);
- }
-
- @Override
- public Object getObject() throws Exception {
- if (authorityProvider == null) {
- // look up the authority provider to use
- final String authorityProviderIdentifier = properties.getProperty(NiFiProperties.SECURITY_USER_AUTHORITY_PROVIDER);
-
- // ensure the authority provider class name was specified
- if (StringUtils.isBlank(authorityProviderIdentifier)) {
- // if configured for ssl, the authority provider must be specified
- if (properties.getSslPort() != null) {
- throw new Exception("When running securely, the authority provider identifier must be specified in the nifi properties file.");
- }
-
- // use a default provider... only allowable when running not securely
- authorityProvider = createDefaultProvider();
- } else {
- final AuthorityProviders authorityProviderConfiguration = loadAuthorityProvidersConfiguration();
-
- // create each authority provider
- for (final Provider provider : authorityProviderConfiguration.getProvider()) {
- authorityProviders.put(provider.getIdentifier(), createAuthorityProvider(provider.getIdentifier(), provider.getClazz()));
- }
-
- // configure each authority provider
- for (final Provider provider : authorityProviderConfiguration.getProvider()) {
- final AuthorityProvider instance = authorityProviders.get(provider.getIdentifier());
- instance.onConfigured(loadAuthorityProviderConfiguration(provider));
- }
-
- // get the authority provider instance
- authorityProvider = getAuthorityProvider(authorityProviderIdentifier);
-
- // ensure it was found
- if (authorityProvider == null) {
- throw new Exception(String.format("The specified authority provider '%s' could not be found.", authorityProviderIdentifier));
- }
- }
- }
-
- return authorityProvider;
- }
-
- private AuthorityProviders loadAuthorityProvidersConfiguration() throws Exception {
- final File authorityProvidersConfigurationFile = properties.getAuthorityProviderConfiguraitonFile();
-
- // load the users from the specified file
- if (authorityProvidersConfigurationFile.exists()) {
- try {
- // find the schema
- final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
- final Schema schema = schemaFactory.newSchema(AuthorityProviders.class.getResource(AUTHORITY_PROVIDERS_XSD));
-
- // attempt to unmarshal
- final Unmarshaller unmarshaller = JAXB_CONTEXT.createUnmarshaller();
- unmarshaller.setSchema(schema);
- final JAXBElement<AuthorityProviders> element = unmarshaller.unmarshal(new StreamSource(authorityProvidersConfigurationFile), AuthorityProviders.class);
- return element.getValue();
- } catch (SAXException | JAXBException e) {
- throw new Exception("Unable to load the authority provider configuration file at: " + authorityProvidersConfigurationFile.getAbsolutePath());
- }
- } else {
- throw new Exception("Unable to find the authority provider configuration file at " + authorityProvidersConfigurationFile.getAbsolutePath());
- }
- }
-
- private AuthorityProvider createAuthorityProvider(final String identifier, final String authorityProviderClassName) throws Exception {
- // get the classloader for the specified authority provider
- final ClassLoader authorityProviderClassLoader = ExtensionManager.getClassLoader(authorityProviderClassName);
- if (authorityProviderClassLoader == null) {
- throw new Exception(String.format("The specified authority provider class '%s' is not known to this nifi.", authorityProviderClassName));
- }
-
- // get the current context classloader
- final ClassLoader currentClassLoader = Thread.currentThread().getContextClassLoader();
-
- final AuthorityProvider instance;
- try {
- // set the appropriate class loader
- Thread.currentThread().setContextClassLoader(authorityProviderClassLoader);
-
- // attempt to load the class
- Class<?> rawAuthorityProviderClass = Class.forName(authorityProviderClassName, true, authorityProviderClassLoader);
- Class<? extends AuthorityProvider> authorityProviderClass = rawAuthorityProviderClass.asSubclass(AuthorityProvider.class);
-
- // otherwise create a new instance
- Constructor constructor = authorityProviderClass.getConstructor();
- instance = (AuthorityProvider) constructor.newInstance();
-
- // method injection
- performMethodInjection(instance, authorityProviderClass);
-
- // field injection
- performFieldInjection(instance, authorityProviderClass);
-
- // call post construction lifecycle event
- instance.initialize(new StandardAuthorityProviderInitializationContext(identifier, this));
- } finally {
- if (currentClassLoader != null) {
- Thread.currentThread().setContextClassLoader(currentClassLoader);
- }
- }
-
- return withNarLoader(instance);
- }
-
- private AuthorityProviderConfigurationContext loadAuthorityProviderConfiguration(final Provider provider) {
- final Map<String, String> providerProperties = new HashMap<>();
-
- for (final AuthorityProviderProperty property : provider.getProperty()) {
- providerProperties.put(property.getName(), property.getValue());
- }
-
- return new StandardAuthorityProviderConfigurationContext(provider.getIdentifier(), providerProperties);
- }
-
- private void performMethodInjection(final AuthorityProvider instance, final Class authorityProviderClass) throws IllegalAccessException, IllegalArgumentException, InvocationTargetException {
- for (final Method method : authorityProviderClass.getMethods()) {
- if (method.isAnnotationPresent(AuthorityProviderContext.class)) {
- // make the method accessible
- final boolean isAccessible = method.isAccessible();
- method.setAccessible(true);
-
- try {
- final Class<?>[] argumentTypes = method.getParameterTypes();
-
- // look for setters (single argument)
- if (argumentTypes.length == 1) {
- final Class<?> argumentType = argumentTypes[0];
-
- // look for well known types
- if (NiFiProperties.class.isAssignableFrom(argumentType)) {
- // nifi properties injection
- method.invoke(instance, properties);
- } else if (ApplicationContext.class.isAssignableFrom(argumentType)) {
- // spring application context injection
- method.invoke(instance, applicationContext);
- }
- }
- } finally {
- method.setAccessible(isAccessible);
- }
- }
- }
-
- final Class parentClass = authorityProviderClass.getSuperclass();
- if (parentClass != null && AuthorityProvider.class.isAssignableFrom(parentClass)) {
- performMethodInjection(instance, parentClass);
- }
- }
-
- private void performFieldInjection(final AuthorityProvider instance, final Class authorityProviderClass) throws IllegalArgumentException, IllegalAccessException {
- for (final Field field : authorityProviderClass.getDeclaredFields()) {
- if (field.isAnnotationPresent(AuthorityProviderContext.class)) {
- // make the method accessible
- final boolean isAccessible = field.isAccessible();
- field.setAccessible(true);
-
- try {
- // get the type
- final Class<?> fieldType = field.getType();
-
- // only consider this field if it isn't set yet
- if (field.get(instance) == null) {
- // look for well known types
- if (NiFiProperties.class.isAssignableFrom(fieldType)) {
- // nifi properties injection
- field.set(instance, properties);
- } else if (ApplicationContext.class.isAssignableFrom(fieldType)) {
- // spring application context injection
- field.set(instance, applicationContext);
- }
- }
-
- } finally {
- field.setAccessible(isAccessible);
- }
- }
- }
-
- final Class parentClass = authorityProviderClass.getSuperclass();
- if (parentClass != null && AuthorityProvider.class.isAssignableFrom(parentClass)) {
- performFieldInjection(instance, parentClass);
- }
- }
-
- /**
- * @return a default provider to use when running unsecurely with no
- * provider configured
- */
- private AuthorityProvider createDefaultProvider() {
- return new AuthorityProvider() {
- @Override
- public boolean doesDnExist(String dn) throws AuthorityAccessException {
- return false;
- }
-
- @Override
- public Set<Authority> getAuthorities(String dn) throws UnknownIdentityException, AuthorityAccessException {
- return EnumSet.noneOf(Authority.class);
- }
-
- @Override
- public void setAuthorities(String dn, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public Set<String> getUsers(Authority authority) throws AuthorityAccessException {
- return new HashSet<>();
- }
-
- @Override
- public void revokeUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public void addUser(String dn, String group) throws IdentityAlreadyExistsException, AuthorityAccessException {
- }
-
- @Override
- public String getGroupForUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- return null;
- }
-
- @Override
- public void revokeGroup(String group) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public void setUsersGroup(Set<String> dn, String group) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public void ungroupUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public void ungroup(String group) throws AuthorityAccessException {
- }
-
- @Override
- public DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException {
- return DownloadAuthorization.approved();
- }
-
- @Override
- public void initialize(AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException {
- }
-
- @Override
- public void onConfigured(AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException {
- }
-
- @Override
- public void preDestruction() throws ProviderDestructionException {
- }
- };
- }
-
- /**
- * Decorates the base provider to ensure the nar context classloader is used
- * when invoking the underlying methods.
- *
- * @param baseProvider base provider
- * @return provider
- */
- public AuthorityProvider withNarLoader(final AuthorityProvider baseProvider) {
- return new AuthorityProvider() {
- @Override
- public boolean doesDnExist(String dn) throws AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- return baseProvider.doesDnExist(dn);
- }
- }
-
- @Override
- public Set<Authority> getAuthorities(String dn) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- return baseProvider.getAuthorities(dn);
- }
- }
-
- @Override
- public void setAuthorities(String dn, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.setAuthorities(dn, authorities);
- }
- }
-
- @Override
- public Set<String> getUsers(Authority authority) throws AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- return baseProvider.getUsers(authority);
- }
- }
-
- @Override
- public void revokeUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.revokeUser(dn);
- }
- }
-
- @Override
- public void addUser(String dn, String group) throws IdentityAlreadyExistsException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.addUser(dn, group);
- }
- }
-
- @Override
- public String getGroupForUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- return baseProvider.getGroupForUser(dn);
- }
- }
-
- @Override
- public void revokeGroup(String group) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.revokeGroup(group);
- }
- }
-
- @Override
- public void setUsersGroup(Set<String> dns, String group) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.setUsersGroup(dns, group);
- }
- }
-
- @Override
- public void ungroupUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.ungroupUser(dn);
- }
- }
-
- @Override
- public void ungroup(String group) throws AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.ungroup(group);
- }
- }
-
- @Override
- public DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- return baseProvider.authorizeDownload(dnChain, attributes);
- }
- }
-
- @Override
- public void initialize(AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.initialize(initializationContext);
- }
- }
-
- @Override
- public void onConfigured(AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.onConfigured(configurationContext);
- }
- }
-
- @Override
- public void preDestruction() throws ProviderDestructionException {
- try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) {
- baseProvider.preDestruction();
- }
- }
- };
- }
-
- @Override
- public Class getObjectType() {
- return AuthorityProvider.class;
- }
-
- @Override
- public boolean isSingleton() {
- return true;
- }
-
- @Override
- public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
- this.applicationContext = applicationContext;
- }
-
- @Override
- public void destroy() throws Exception {
- if (authorityProvider != null) {
- authorityProvider.preDestruction();
- }
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorizerFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorizerFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorizerFactoryBean.java
index 58caea9..cf35c15 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorizerFactoryBean.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/AuthorizerFactoryBean.java
@@ -21,7 +21,6 @@ import org.apache.nifi.authorization.annotation.AuthorizerContext;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.exception.AuthorizerDestructionException;
-import org.apache.nifi.authorization.generated.AuthorityProviders;
import org.apache.nifi.authorization.generated.Authorizers;
import org.apache.nifi.authorization.generated.Property;
import org.apache.nifi.nar.ExtensionManager;
@@ -83,7 +82,7 @@ public class AuthorizerFactoryBean implements FactoryBean, DisposableBean, Autho
public Object getObject() throws Exception {
if (authorizer == null) {
// look up the authorizer to use
- final String authorizerIdentifier = properties.getProperty(NiFiProperties.SECURITY_USER_AUTHORITY_PROVIDER);
+ final String authorizerIdentifier = properties.getProperty(NiFiProperties.SECURITY_USER_AUTHORIZER);
// ensure the authorizer class name was specified
if (StringUtils.isBlank(authorizerIdentifier)) {
@@ -122,14 +121,14 @@ public class AuthorizerFactoryBean implements FactoryBean, DisposableBean, Autho
}
private Authorizers loadAuthorizersConfiguration() throws Exception {
- final File authorizersConfigurationFile = properties.getAuthorityProviderConfiguraitonFile();
+ final File authorizersConfigurationFile = properties.getAuthorizerConfiguraitonFile();
// load the authorizers from the specified file
if (authorizersConfigurationFile.exists()) {
try {
// find the schema
final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
- final Schema schema = schemaFactory.newSchema(AuthorityProviders.class.getResource(AUTHORIZERS_XSD));
+ final Schema schema = schemaFactory.newSchema(Authorizers.class.getResource(AUTHORIZERS_XSD));
// attempt to unmarshal
final Unmarshaller unmarshaller = JAXB_CONTEXT.createUnmarshaller();
@@ -221,7 +220,7 @@ public class AuthorizerFactoryBean implements FactoryBean, DisposableBean, Autho
}
final Class parentClass = authorizerClass.getSuperclass();
- if (parentClass != null && AuthorityProvider.class.isAssignableFrom(parentClass)) {
+ if (parentClass != null && Authorizer.class.isAssignableFrom(parentClass)) {
performMethodInjection(instance, parentClass);
}
}
@@ -253,7 +252,7 @@ public class AuthorizerFactoryBean implements FactoryBean, DisposableBean, Autho
}
final Class parentClass = authorizerClass.getSuperclass();
- if (parentClass != null && AuthorityProvider.class.isAssignableFrom(parentClass)) {
+ if (parentClass != null && Authorizer.class.isAssignableFrom(parentClass)) {
performFieldInjection(instance, parentClass);
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderConfigurationContext.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderConfigurationContext.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderConfigurationContext.java
deleted file mode 100644
index 45b84c8..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderConfigurationContext.java
+++ /dev/null
@@ -1,51 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- *
- */
-public class StandardAuthorityProviderConfigurationContext implements AuthorityProviderConfigurationContext {
-
- private final String identifier;
- private final Map<String, String> properties;
-
- public StandardAuthorityProviderConfigurationContext(String identifier, Map<String, String> properties) {
- this.identifier = identifier;
- this.properties = Collections.unmodifiableMap(new HashMap<String, String>(properties));
- }
-
- @Override
- public String getIdentifier() {
- return identifier;
- }
-
- @Override
- public Map<String, String> getProperties() {
- return properties;
- }
-
- @Override
- public String getProperty(String property) {
- return properties.get(property);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderInitializationContext.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderInitializationContext.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderInitializationContext.java
deleted file mode 100644
index e4b16c4..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/authorization/StandardAuthorityProviderInitializationContext.java
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-/**
- *
- */
-public class StandardAuthorityProviderInitializationContext implements AuthorityProviderInitializationContext {
-
- private final String identifier;
- private final AuthorityProviderLookup authorityProviderLookup;
-
- public StandardAuthorityProviderInitializationContext(String identifier, AuthorityProviderLookup authorityProviderLookup) {
- this.identifier = identifier;
- this.authorityProviderLookup = authorityProviderLookup;
- }
-
- @Override
- public String getIdentifier() {
- return identifier;
- }
-
- @Override
- public AuthorityProviderLookup getAuthorityProviderLookup() {
- return authorityProviderLookup;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/AccountStatus.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/AccountStatus.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/AccountStatus.java
deleted file mode 100644
index d7becf1..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/AccountStatus.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.user;
-
-/**
- * Represents the status of a user's account.
- */
-public enum AccountStatus {
-
- ACTIVE,
- PENDING,
- DISABLED;
-
- /**
- * Returns the matching status or null if the specified status does not
- * match any statuses.
- *
- * @param rawStatus string form of status
- * @return account status object
- */
- public static AccountStatus valueOfStatus(String rawStatus) {
- AccountStatus desiredStatus = null;
-
- for (AccountStatus status : values()) {
- if (status.toString().equals(rawStatus)) {
- desiredStatus = status;
- break;
- }
- }
-
- return desiredStatus;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/NiFiUser.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/NiFiUser.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/NiFiUser.java
index 231b133..3da7b3d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/NiFiUser.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/user/NiFiUser.java
@@ -17,123 +17,52 @@
package org.apache.nifi.user;
import java.io.Serializable;
-import java.util.Date;
-import java.util.EnumSet;
import java.util.Objects;
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-import org.apache.commons.lang3.StringUtils;
/**
* An NiFiUser.
*/
public class NiFiUser implements Serializable {
- public static final String ANONYMOUS_USER_IDENTITY = "anonymous";
+ public static final NiFiUser ANONYMOUS = new NiFiUser("anonymous");
- private String id;
private String identity;
private String userName;
- private String userGroup;
- private String justification;
-
- private Date creation;
- private Date lastVerified;
- private Date lastAccessed;
-
- private AccountStatus status;
- private EnumSet<Authority> authorities;
private NiFiUser chain;
- /* getters / setters */
- public Date getCreation() {
- return creation;
+ public NiFiUser(String identity) {
+ this(identity, null, null);
}
- public void setCreation(Date creation) {
- this.creation = creation;
+ public NiFiUser(String identity, String userName) {
+ this(identity, userName, null);
}
- public String getIdentity() {
- return identity;
+ public NiFiUser(String identity, NiFiUser chain) {
+ this(identity, null, chain);
}
- public void setIdentity(String identity) {
+ public NiFiUser(String identity, String userName, NiFiUser chain) {
this.identity = identity;
- }
-
- public String getUserName() {
- return userName;
- }
-
- public void setUserName(String userName) {
this.userName = userName;
+ this.chain = chain;
}
- public String getUserGroup() {
- return userGroup;
- }
-
- public void setUserGroup(String userGroup) {
- this.userGroup = userGroup;
- }
-
- public String getId() {
- return id;
- }
-
- public void setId(String id) {
- this.id = id;
- }
-
- public String getJustification() {
- return justification;
- }
-
- public void setJustification(String justification) {
- this.justification = justification;
- }
-
- public AccountStatus getStatus() {
- return status;
- }
-
- public void setStatus(AccountStatus status) {
- this.status = status;
- }
-
- public Date getLastVerified() {
- return lastVerified;
- }
-
- public void setLastVerified(Date lastVerified) {
- this.lastVerified = lastVerified;
- }
+ /* getters / setters */
- public Date getLastAccessed() {
- return lastAccessed;
+ public String getIdentity() {
+ return identity;
}
- public void setLastAccessed(Date lastAccessed) {
- this.lastAccessed = lastAccessed;
+ public String getUserName() {
+ return userName;
}
public NiFiUser getChain() {
return chain;
}
- public void setChain(NiFiUser chain) {
- this.chain = chain;
- }
-
- public Set<Authority> getAuthorities() {
- if (authorities == null) {
- authorities = EnumSet.noneOf(Authority.class);
- }
- return authorities;
- }
-
@Override
public boolean equals(Object obj) {
if (obj == null) {
@@ -158,7 +87,7 @@ public class NiFiUser implements Serializable {
@Override
public String toString() {
- return String.format("identity[%s], userName[%s], justification[%s], authorities[%s]", getIdentity(), getUserName(), getJustification(), StringUtils.join(getAuthorities(), ", "));
+ return String.format("identity[%s], userName[%s]", getIdentity(), getUserName(), ", ");
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/resources/nifi-administration-context.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/resources/nifi-administration-context.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/resources/nifi-administration-context.xml
index 3a46314..bc3662c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/resources/nifi-administration-context.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/resources/nifi-administration-context.xml
@@ -18,41 +18,34 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">
- <!-- user authority provider -->
- <bean id="authorityProvider" class="org.apache.nifi.authorization.AuthorityProviderFactoryBean" depends-on="clusterManager">
- <property name="properties" ref="nifiProperties"/>
- </bean>
-
<!-- user/entity authorizer -->
- <bean id="authorizer" class="org.apache.nifi.authorization.AuthorizerFactoryBean" depends-on="clusterManager">
+ <bean id="authorizer" class="org.apache.nifi.authorization.AuthorizerFactoryBean">
<property name="properties" ref="nifiProperties"/>
</bean>
- <!-- initialize the user data source -->
- <bean id="userDataSource" class="org.apache.nifi.admin.UserDataSourceFactoryBean" destroy-method="shutdown">
+ <!-- initialize the user key data source -->
+ <bean id="keyDataSource" class="org.apache.nifi.admin.KeyDataSourceFactoryBean" destroy-method="shutdown">
<property name="properties" ref="nifiProperties"/>
</bean>
- <!-- initialize the data source -->
- <bean id="auditDataSource" class="org.apache.nifi.admin.AuditDataSourceFactoryBean" destroy-method="shutdown" depends-on="userDataSource">
+ <!-- initialize the audit data source -->
+ <bean id="auditDataSource" class="org.apache.nifi.admin.AuditDataSourceFactoryBean" destroy-method="shutdown">
<property name="properties" ref="nifiProperties"/>
</bean>
-
- <!-- initialize the user transaction builder -->
- <bean id="userTransactionBuilder" class="org.apache.nifi.admin.service.transaction.impl.StandardTransactionBuilder">
- <property name="authorityProvider" ref="authorityProvider"/>
- <property name="dataSource" ref="userDataSource"/>
+
+ <!-- initialize the user key transaction builder -->
+ <bean id="keyTransactionBuilder" class="org.apache.nifi.admin.service.transaction.impl.StandardTransactionBuilder">
+ <property name="dataSource" ref="keyDataSource"/>
</bean>
-
+
<!-- initialize the audit transaction builder -->
<bean id="auditTransactionBuilder" class="org.apache.nifi.admin.service.transaction.impl.StandardTransactionBuilder">
- <property name="authorityProvider" ref="authorityProvider"/>
<property name="dataSource" ref="auditDataSource"/>
</bean>
-
+
<!-- administration service -->
- <bean id="userService" class="org.apache.nifi.admin.service.impl.StandardUserService" init-method="seedUserAccounts">
- <property name="transactionBuilder" ref="userTransactionBuilder"/>
+ <bean id="userService" class="org.apache.nifi.admin.service.impl.StandardUserService">
+ <property name="transactionBuilder" ref="keyTransactionBuilder"/>
<property name="properties" ref="nifiProperties"/>
</bean>
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/xsd/authority-providers.xsd
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/xsd/authority-providers.xsd b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/xsd/authority-providers.xsd
deleted file mode 100644
index 1a5fe50..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/xsd/authority-providers.xsd
+++ /dev/null
@@ -1,49 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
- <!-- role -->
- <xs:complexType name="Provider">
- <xs:sequence>
- <xs:element name="identifier" type="AuthorityProviderNonEmptyStringType"/>
- <xs:element name="class" type="AuthorityProviderNonEmptyStringType"/>
- <xs:element name="property" type="AuthorityProviderProperty" minOccurs="0" maxOccurs="unbounded" />
- </xs:sequence>
- </xs:complexType>
-
- <!-- Name/Value properties-->
- <xs:complexType name="AuthorityProviderProperty">
- <xs:simpleContent>
- <xs:extension base="xs:string">
- <xs:attribute name="name" type="AuthorityProviderNonEmptyStringType"></xs:attribute>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
-
- <xs:simpleType name="AuthorityProviderNonEmptyStringType">
- <xs:restriction base="xs:string">
- <xs:minLength value="1"/>
- </xs:restriction>
- </xs:simpleType>
-
- <!-- users -->
- <xs:element name="authorityProviders">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="provider" type="Provider" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-</xs:schema>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java
deleted file mode 100644
index 8d3c15a..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/AuthorizeUserActionTest.java
+++ /dev/null
@@ -1,433 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Date;
-import java.util.EnumSet;
-import java.util.Set;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountDisabledException;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AccountPendingException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.lang3.StringUtils;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.ArgumentCaptor;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-
-/**
- *
- */
-public class AuthorizeUserActionTest {
-
- private static final String USER_ID_6 = "6";
- private static final String USER_ID_7 = "7";
- private static final String USER_ID_8 = "8";
- private static final String USER_ID_9 = "9";
- private static final String USER_ID_10 = "10";
- private static final String USER_ID_11 = "11";
-
- private static final String USER_IDENTITY_1 = "authority access exception while searching for user";
- private static final String USER_IDENTITY_2 = "unknown user";
- private static final String USER_IDENTITY_3 = "user removed after checking existence";
- private static final String USER_IDENTITY_4 = "access exception getting authorities";
- private static final String USER_IDENTITY_5 = "error creating user account";
- private static final String USER_IDENTITY_6 = "create user general sequence";
- private static final String USER_IDENTITY_7 = "existing user requires verification";
- private static final String USER_IDENTITY_8 = "existing user does not require verification";
- private static final String USER_IDENTITY_9 = "existing pending user";
- private static final String USER_IDENTITY_10 = "existing disabled user";
- private static final String USER_IDENTITY_11 = "existing user is now unknown in the authority provider";
-
- private DAOFactory daoFactory;
- private UserDAO userDao;
- private AuthorityDAO authorityDao;
- private AuthorityProvider authorityProvider;
-
- @Before
- public void setup() throws Exception {
- // mock the user dao
- userDao = Mockito.mock(UserDAO.class);
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String id = (String) args[0];
-
- NiFiUser user = null;
- if (USER_ID_7.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_7);
- user.setIdentity(USER_IDENTITY_7);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- } else if (USER_ID_8.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_8);
- user.setIdentity(USER_IDENTITY_8);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setLastVerified(new Date());
- } else if (USER_ID_11.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_11);
- user.setIdentity(USER_IDENTITY_11);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setStatus(AccountStatus.ACTIVE);
- }
-
- return user;
- }
- }).when(userDao).findUserById(Mockito.anyString());
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
-
- NiFiUser user = null;
- switch (dn) {
- case USER_IDENTITY_7:
- user = new NiFiUser();
- user.setId(USER_ID_7);
- user.setIdentity(USER_IDENTITY_7);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- break;
- case USER_IDENTITY_8:
- user = new NiFiUser();
- user.setId(USER_ID_8);
- user.setIdentity(USER_IDENTITY_8);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setLastVerified(new Date());
- break;
- case USER_IDENTITY_9:
- user = new NiFiUser();
- user.setId(USER_ID_9);
- user.setIdentity(USER_IDENTITY_9);
- user.setStatus(AccountStatus.PENDING);
- break;
- case USER_IDENTITY_10:
- user = new NiFiUser();
- user.setId(USER_ID_10);
- user.setIdentity(USER_IDENTITY_10);
- user.setStatus(AccountStatus.DISABLED);
- break;
- case USER_IDENTITY_11:
- user = new NiFiUser();
- user.setId(USER_ID_11);
- user.setIdentity(USER_IDENTITY_11);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setStatus(AccountStatus.ACTIVE);
- break;
- }
-
- return user;
- }
- }).when(userDao).findUserByDn(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
- switch (user.getIdentity()) {
- case USER_IDENTITY_5:
- throw new DataAccessException();
- case USER_IDENTITY_6:
- user.setId(USER_ID_6);
- break;
- }
-
- // do nothing
- return null;
- }
- }).when(userDao).createUser(Mockito.any(NiFiUser.class));
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
-
- // do nothing
- return null;
- }
- }).when(userDao).updateUser(Mockito.any(NiFiUser.class));
-
- // mock the authority dao
- authorityDao = Mockito.mock(AuthorityDAO.class);
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- Set<Authority> authorities = (Set<Authority>) args[0];
- String id = (String) args[1];
-
- // do nothing
- return null;
- }
- }).when(authorityDao).createAuthorities(Mockito.anySetOf(Authority.class), Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- Set<Authority> authorities = (Set<Authority>) args[0];
- String id = (String) args[1];
-
- // do nothing
- return null;
- }
- }).when(authorityDao).deleteAuthorities(Mockito.anySetOf(Authority.class), Mockito.anyString());
-
- // mock the dao factory
- daoFactory = Mockito.mock(DAOFactory.class);
- Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao);
- Mockito.when(daoFactory.getAuthorityDAO()).thenReturn(authorityDao);
-
- // mock the authority provider
- authorityProvider = Mockito.mock(AuthorityProvider.class);
- Mockito.doAnswer(new Answer<Boolean>() {
- @Override
- public Boolean answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
- switch (dn) {
- case USER_IDENTITY_1:
- throw new AuthorityAccessException(StringUtils.EMPTY);
- case USER_IDENTITY_2:
- return false;
- }
-
- return true;
- }
- }).when(authorityProvider).doesDnExist(Mockito.anyString());
- Mockito.doAnswer(new Answer<Set<Authority>>() {
- @Override
- public Set<Authority> answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
- Set<Authority> authorities = EnumSet.noneOf(Authority.class);
- switch (dn) {
- case USER_IDENTITY_3:
- throw new UnknownIdentityException(StringUtils.EMPTY);
- case USER_IDENTITY_4:
- throw new AuthorityAccessException(StringUtils.EMPTY);
- case USER_IDENTITY_6:
- authorities.add(Authority.ROLE_MONITOR);
- break;
- case USER_IDENTITY_7:
- authorities.add(Authority.ROLE_DFM);
- break;
- case USER_IDENTITY_9:
- throw new UnknownIdentityException(StringUtils.EMPTY);
- case USER_IDENTITY_10:
- throw new UnknownIdentityException(StringUtils.EMPTY);
- case USER_IDENTITY_11:
- throw new UnknownIdentityException(StringUtils.EMPTY);
- }
-
- return authorities;
- }
- }).when(authorityProvider).getAuthorities(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
- Set<Authority> authorites = (Set<Authority>) args[1];
-
- // do nothing
- return null;
- }
- }).when(authorityProvider).setAuthorities(Mockito.anyString(), Mockito.anySet());
- }
-
- /**
- * Tests AuthorityAccessException in doesDnExist.
- *
- * @throws Exception ex
- */
- @Test(expected = AdministrationException.class)
- public void testAuthorityAccessExceptionInDoesDnExist() throws Exception {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_1, 0);
- authorizeUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Test unknown user in the authority provider.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountNotFoundException.class)
- public void testUnknownUser() throws Exception {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_2, 0);
- authorizeUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Test a user thats been removed after checking their existence.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountNotFoundException.class)
- public void testUserRemovedAfterCheckingExistence() throws Exception {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_3, 0);
- authorizeUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Testing AuthorityAccessException when getting authorities.
- *
- * @throws Exception ex
- */
- @Test(expected = AdministrationException.class)
- public void testAuthorityAccessException() throws Exception {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_4, 0);
- authorizeUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Testing DataAccessException while creating user accounts.
- *
- * @throws Exception ex
- */
- @Test(expected = DataAccessException.class)
- public void testErrorCreatingUserAccount() throws Exception {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_5, 0);
- authorizeUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Tests the general case when a user account is created.
- *
- * @throws Exception ex
- */
- @Test
- public void testAccountCreation() throws Exception {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_6, 0);
- NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider);
-
- // verify the user
- Assert.assertEquals(USER_IDENTITY_6, user.getIdentity());
- Assert.assertEquals(1, user.getAuthorities().size());
- Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_MONITOR));
-
- // verify interaction with dao and provider
- Mockito.verify(userDao, Mockito.times(1)).createUser(user);
- }
-
- /**
- * Tests the general case when there is an existing user account that
- * requires verification.
- *
- * @throws Exception ex
- */
- @Test
- public void testExistingUserRequiresVerification() throws Exception {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_7, 0);
- NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider);
-
- // verify the user
- Assert.assertEquals(USER_IDENTITY_7, user.getIdentity());
- Assert.assertEquals(1, user.getAuthorities().size());
- Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_DFM));
-
- // verify interaction with dao and provider
- Mockito.verify(userDao, Mockito.times(1)).updateUser(user);
- Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(EnumSet.of(Authority.ROLE_DFM), USER_ID_7);
- }
-
- /**
- * Tests the general case when there is an existing user account that does
- * not require verification.
- *
- * @throws Exception ex
- */
- @Test
- public void testExistingUserNoVerification() throws Exception {
- // disabling verification by passing in a large cache duration
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_8, Integer.MAX_VALUE);
- NiFiUser user = authorizeUser.execute(daoFactory, authorityProvider);
-
- // verify the user
- Assert.assertEquals(USER_IDENTITY_8, user.getIdentity());
- Assert.assertEquals(1, user.getAuthorities().size());
- Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_MONITOR));
-
- // verify interaction with dao and provider
- Mockito.verify(userDao, Mockito.times(1)).updateUser(user);
- Mockito.verify(authorityDao, Mockito.never()).createAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_8));
- Mockito.verify(authorityDao, Mockito.never()).deleteAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_8));
- }
-
- /**
- * Tests existing users whose accounts are in a pending status.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountPendingException.class)
- public void testExistingPendingUser() throws Exception {
- // disabling verification by passing in a large cache duration
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_9, Integer.MAX_VALUE);
- authorizeUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Tests existing users whose accounts are in a disabled status.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountDisabledException.class)
- public void testExistingDisabledUser() throws Exception {
- // disabling verification by passing in a large cache duration
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_10, Integer.MAX_VALUE);
- authorizeUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Tests the general case where there is an active user that has been
- * removed from the authority provider.
- *
- * @throws Exception ex
- */
- @Test
- public void testExistingActiveUserNotFoundInProvider() throws Exception {
- try {
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(USER_IDENTITY_11, 0);
- authorizeUser.execute(daoFactory, authorityProvider);
-
- Assert.fail();
- } catch (AccountDisabledException ade) {
- ArgumentCaptor<NiFiUser> user = ArgumentCaptor.forClass(NiFiUser.class);
-
- // verify interaction with dao
- Mockito.verify(userDao, Mockito.times(1)).updateUser(user.capture());
-
- // verify user
- Assert.assertEquals(AccountStatus.DISABLED, user.getValue().getStatus());
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java
deleted file mode 100644
index e372781..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/CreateUserActionTest.java
+++ /dev/null
@@ -1,144 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.EnumSet;
-import java.util.Set;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.lang3.StringUtils;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-
-/**
- * Test cases for creating a user.
- */
-public class CreateUserActionTest {
-
- private final String USER_ID_2 = "2";
- private final String USER_ID_3 = "3";
-
- private final String USER_IDENTITY_1 = "data access exception when creating user";
- private final String USER_IDENTITY_3 = "general create user case";
-
- private DAOFactory daoFactory;
- private UserDAO userDao;
- private AuthorityDAO authorityDao;
-
- @Before
- public void setup() throws Exception {
- // mock the user dao
- userDao = Mockito.mock(UserDAO.class);
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
-
- if (USER_IDENTITY_1.equals(user.getIdentity())) {
- throw new DataAccessException();
- } else if (USER_IDENTITY_3.equals(user.getIdentity())) {
- user.setId(USER_ID_3);
- }
-
- // do nothing
- return null;
- }
- }).when(userDao).createUser(Mockito.any(NiFiUser.class));
-
- // mock the authority dao
- authorityDao = Mockito.mock(AuthorityDAO.class);
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- Set<Authority> authorities = (Set<Authority>) args[0];
- String id = (String) args[1];
-
- if (USER_ID_2.equals(id)) {
- throw new DataAccessException(StringUtils.EMPTY);
- }
-
- // do nothing
- return null;
- }
- }).when(authorityDao).createAuthorities(Mockito.anySetOf(Authority.class), Mockito.anyString());
-
- // mock the dao factory
- daoFactory = Mockito.mock(DAOFactory.class);
- Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao);
- Mockito.when(daoFactory.getAuthorityDAO()).thenReturn(authorityDao);
- }
-
- /**
- * Tests DataAccessExceptions that occur while creating user accounts.
- *
- * @throws Exception ex
- */
- @Test(expected = DataAccessException.class)
- public void testExceptionCreatingUser() throws Exception {
- NiFiUser user = new NiFiUser();
- user.setIdentity(USER_IDENTITY_1);
-
- CreateUserAction createUser = new CreateUserAction(user);
- createUser.execute(daoFactory, null);
- }
-
- /**
- * Tests DataAccessExceptions that occur while create user authorities.
- *
- * @throws Exception ex
- */
- @Test(expected = DataAccessException.class)
- public void testExceptionCreatingAuthoroties() throws Exception {
- NiFiUser user = new NiFiUser();
- user.setId(USER_ID_2);
-
- CreateUserAction createUser = new CreateUserAction(user);
- createUser.execute(daoFactory, null);
- }
-
- /**
- * General case for creating a user.
- *
- * @throws Exception ex
- */
- @Test
- public void testCreateUserAccount() throws Exception {
- NiFiUser user = new NiFiUser();
- user.setIdentity(USER_IDENTITY_3);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_DFM, Authority.ROLE_ADMIN));
-
- CreateUserAction createUser = new CreateUserAction(user);
- createUser.execute(daoFactory, null);
-
- // verify the user
- Assert.assertEquals(USER_ID_3, user.getId());
-
- // verify interaction with dao
- Mockito.verify(userDao, Mockito.times(1)).createUser(user);
- Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(user.getAuthorities(), USER_ID_3);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java
deleted file mode 100644
index b5f0a7f..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/DisableUserActionTest.java
+++ /dev/null
@@ -1,176 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.admin.dao.KeyDAO;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Matchers;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-
-public class DisableUserActionTest {
-
- private static final String USER_ID_1 = "1";
- private static final String USER_ID_2 = "2";
- private static final String USER_ID_3 = "3";
- private static final String USER_ID_4 = "4";
-
- private static final String USER_IDENTITY_3 = "authority access exception";
- private static final String USER_IDENTITY_4 = "general disable user case";
-
- private DAOFactory daoFactory;
- private UserDAO userDao;
- private KeyDAO keyDao;
- private AuthorityProvider authorityProvider;
-
- @Before
- public void setup() throws Exception {
- // mock the user dao
- userDao = Mockito.mock(UserDAO.class);
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String id = (String) args[0];
-
- NiFiUser user = null;
- if (USER_ID_1.equals(id)) {
- // leave user uninitialized
- } else if (USER_ID_2.equals(id)) {
- user = new NiFiUser();
- user.setId(id);
- } else if (USER_ID_3.equals(id)) {
- user = new NiFiUser();
- user.setId(id);
- user.setIdentity(USER_IDENTITY_3);
- } else if (USER_ID_4.equals(id)) {
- user = new NiFiUser();
- user.setId(id);
- user.setIdentity(USER_IDENTITY_4);
- user.setStatus(AccountStatus.ACTIVE);
- }
- return user;
- }
- }).when(userDao).findUserById(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
-
- if (USER_ID_2.equals(user.getId())) {
- throw new DataAccessException(StringUtils.EMPTY);
- }
-
- // do nothing
- return null;
- }
- }).when(userDao).updateUser(Mockito.any(NiFiUser.class));
-
- // mock the dao factory
- keyDao = Mockito.mock(KeyDAO.class);
- Mockito.doNothing().when(keyDao).deleteKeys(Matchers.anyString());
-
- // mock the dao factory
- daoFactory = Mockito.mock(DAOFactory.class);
- Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao);
- Mockito.when(daoFactory.getKeyDAO()).thenReturn(keyDao);
-
- // mock the authority provider
- authorityProvider = Mockito.mock(AuthorityProvider.class);
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
-
- if (USER_IDENTITY_3.equals(dn)) {
- throw new AuthorityAccessException(StringUtils.EMPTY);
- }
-
- // do nothing
- return null;
- }
- }).when(authorityProvider).revokeUser(Mockito.anyString());
- }
-
- /**
- * Tests the case when the user account is unknown.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountNotFoundException.class)
- public void testUnknownUserAccount() throws Exception {
- DisableUserAction disableUser = new DisableUserAction(USER_ID_1);
- disableUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Tests the case when a DataAccessException is thrown by the userDao.
- *
- * @throws Exception ex
- */
- @Test(expected = DataAccessException.class)
- public void testDataAccessExceptionInUserDao() throws Exception {
- DisableUserAction disableUser = new DisableUserAction(USER_ID_2);
- disableUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Tests the case when a AuthorityAccessException is thrown by the provider.
- *
- * @throws Exception ex
- */
- @Test(expected = AdministrationException.class)
- public void testAuthorityAccessExceptionInProvider() throws Exception {
- DisableUserAction disableUser = new DisableUserAction(USER_ID_3);
- disableUser.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Tests the general case when the user is disabled.
- *
- * @throws Exception ex
- */
- @Test
- public void testDisableUser() throws Exception {
- DisableUserAction disableUser = new DisableUserAction(USER_ID_4);
- NiFiUser user = disableUser.execute(daoFactory, authorityProvider);
-
- // verify the user
- Assert.assertEquals(USER_ID_4, user.getId());
- Assert.assertEquals(USER_IDENTITY_4, user.getIdentity());
- Assert.assertEquals(AccountStatus.DISABLED, user.getStatus());
-
- // verify the interaction with the dao and provider
- Mockito.verify(userDao, Mockito.times(1)).updateUser(user);
- Mockito.verify(authorityProvider, Mockito.times(1)).revokeUser(USER_IDENTITY_4);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/InvalidateUserAccountActionTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/InvalidateUserAccountActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/InvalidateUserAccountActionTest.java
deleted file mode 100644
index cffd280..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/InvalidateUserAccountActionTest.java
+++ /dev/null
@@ -1,126 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Date;
-import org.junit.Assert;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.lang3.StringUtils;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.ArgumentCaptor;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-
-/**
- * Test case for InvalidateUserAccountAction.
- */
-public class InvalidateUserAccountActionTest {
-
- private static final String USER_ID_1 = "1";
- private static final String USER_ID_2 = "2";
- private static final String USER_ID_3 = "3";
-
- private DAOFactory daoFactory;
- private UserDAO userDao;
-
- @Before
- public void setup() throws Exception {
- // mock the user dao
- userDao = Mockito.mock(UserDAO.class);
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String id = (String) args[0];
-
- NiFiUser user = null;
- if (USER_ID_1.equals(id)) {
- // leave uninitialized
- } else if (USER_ID_2.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_2);
- } else if (USER_ID_3.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_3);
- user.setLastVerified(new Date());
- }
- return user;
- }
- }).when(userDao).findUserById(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
-
- if (USER_ID_2.equals(user.getId())) {
- throw new DataAccessException(StringUtils.EMPTY);
- }
-
- // do nothing
- return null;
- }
- }).when(userDao).updateUser(Mockito.any(NiFiUser.class));
-
- // mock the dao factory
- daoFactory = Mockito.mock(DAOFactory.class);
- Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao);
- }
-
- @Test(expected = AccountNotFoundException.class)
- public void testAccountNotFoundException() throws Exception {
- InvalidateUserAccountAction invalidateUserAccount = new InvalidateUserAccountAction(USER_ID_1);
- invalidateUserAccount.execute(daoFactory, null);
- }
-
- /**
- * Tests when a data access exception occurs when updating the user record.
- *
- * @throws Exception ex
- */
- @Test(expected = DataAccessException.class)
- public void testDataAccessException() throws Exception {
- InvalidateUserAccountAction invalidateUserAccount = new InvalidateUserAccountAction(USER_ID_2);
- invalidateUserAccount.execute(daoFactory, null);
- }
-
- /**
- * Tests the general case of invalidating a user.
- *
- * @throws Exception ex
- */
- @Test
- public void testInvalidateUser() throws Exception {
- InvalidateUserAccountAction invalidateUserAccount = new InvalidateUserAccountAction(USER_ID_3);
- invalidateUserAccount.execute(daoFactory, null);
-
- // verify the interaction with the dao
- ArgumentCaptor<NiFiUser> userCaptor = ArgumentCaptor.forClass(NiFiUser.class);
- Mockito.verify(userDao, Mockito.times(1)).updateUser(userCaptor.capture());
-
- // verify the user
- NiFiUser user = userCaptor.getValue();
- Assert.assertEquals(USER_ID_3, user.getId());
- Assert.assertNull(user.getLastVerified());
- }
-}
[4/9] nifi git commit: NIFI-1551: - Starting to remove the
AuthorityProvider. - This closes #330
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/java/org/apache/nifi/authorization/FileAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/java/org/apache/nifi/authorization/FileAuthorizationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/java/org/apache/nifi/authorization/FileAuthorizationProvider.java
deleted file mode 100644
index 9c2cad5..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/java/org/apache/nifi/authorization/FileAuthorizationProvider.java
+++ /dev/null
@@ -1,496 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.io.File;
-import java.io.IOException;
-import java.util.Collection;
-import java.util.EnumSet;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import javax.xml.XMLConstants;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.transform.stream.StreamSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.SchemaFactory;
-import org.apache.nifi.authorization.annotation.AuthorityProviderContext;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.util.file.FileUtils;
-import org.apache.nifi.user.generated.ObjectFactory;
-import org.apache.nifi.user.generated.Role;
-import org.apache.nifi.user.generated.User;
-import org.apache.nifi.user.generated.Users;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.xml.sax.SAXException;
-
-/**
- * Provides identity checks and grants authorities.
- */
-public class FileAuthorizationProvider implements AuthorityProvider {
-
- private static final Logger logger = LoggerFactory.getLogger(FileAuthorizationProvider.class);
- private static final String USERS_XSD = "/users.xsd";
- private static final String JAXB_GENERATED_PATH = "org.apache.nifi.user.generated";
- private static final JAXBContext JAXB_CONTEXT = initializeJaxbContext();
-
- /**
- * Load the JAXBContext.
- */
- private static JAXBContext initializeJaxbContext() {
- try {
- return JAXBContext.newInstance(JAXB_GENERATED_PATH, FileAuthorizationProvider.class.getClassLoader());
- } catch (JAXBException e) {
- throw new RuntimeException("Unable to create JAXBContext.");
- }
- }
-
- private NiFiProperties properties;
- private File usersFile;
- private File restoreUsersFile;
- private Users users;
- private final Set<String> defaultAuthorities = new HashSet<>();
-
- @Override
- public void initialize(final AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException {
- }
-
- @Override
- public void onConfigured(final AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException {
- try {
- final String usersFilePath = configurationContext.getProperty("Authorized Users File");
- if (usersFilePath == null || usersFilePath.trim().isEmpty()) {
- throw new ProviderCreationException("The authorized users file must be specified.");
- }
-
- // the users file instance will never be null because a default is used
- usersFile = new File(usersFilePath);
- final File usersFileDirectory = usersFile.getParentFile();
-
- // the restore directory is optional and may be null
- final File restoreDirectory = properties.getRestoreDirectory();
-
- if (restoreDirectory != null) {
-
- // sanity check that restore directory is a directory, creating it if necessary
- FileUtils.ensureDirectoryExistAndCanAccess(restoreDirectory);
-
- // check that restore directory is not the same as the primary directory
- if (usersFileDirectory.getAbsolutePath().equals(restoreDirectory.getAbsolutePath())) {
- throw new ProviderCreationException(String.format("Authorized User's directory '%s' is the same as restore directory '%s' ",
- usersFileDirectory.getAbsolutePath(), restoreDirectory.getAbsolutePath()));
- }
-
- // the restore copy will have same file name, but reside in a different directory
- restoreUsersFile = new File(restoreDirectory, usersFile.getName());
-
- // sync the primary copy with the restore copy
- try {
- FileUtils.syncWithRestore(usersFile, restoreUsersFile, logger);
- } catch (final IOException | IllegalStateException ioe) {
- throw new ProviderCreationException(ioe);
- }
-
- }
-
- // load the users from the specified file
- if (usersFile.exists()) {
- // find the schema
- final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
- final Schema schema = schemaFactory.newSchema(FileAuthorizationProvider.class.getResource(USERS_XSD));
-
- // attempt to unmarshal
- final Unmarshaller unmarshaller = JAXB_CONTEXT.createUnmarshaller();
- unmarshaller.setSchema(schema);
- final JAXBElement<Users> element = unmarshaller.unmarshal(new StreamSource(usersFile), Users.class);
- users = element.getValue();
- } else {
- final ObjectFactory objFactory = new ObjectFactory();
- users = objFactory.createUsers();
- }
-
- // attempt to load a default roles
- final String rawDefaultAuthorities = configurationContext.getProperty("Default User Roles");
- if (StringUtils.isNotBlank(rawDefaultAuthorities)) {
- final Set<String> invalidDefaultAuthorities = new HashSet<>();
-
- // validate the specified authorities
- final String[] rawDefaultAuthorityList = rawDefaultAuthorities.split(",");
- for (String rawAuthority : rawDefaultAuthorityList) {
- rawAuthority = rawAuthority.trim();
- final Authority authority = Authority.valueOfAuthority(rawAuthority);
- if (authority == null) {
- invalidDefaultAuthorities.add(rawAuthority);
- } else {
- defaultAuthorities.add(rawAuthority);
- }
- }
-
- // report any unrecognized authorities
- if (!invalidDefaultAuthorities.isEmpty()) {
- logger.warn(String.format("The following default role(s) '%s' were not recognized. Possible values: %s.",
- StringUtils.join(invalidDefaultAuthorities, ", "), StringUtils.join(Authority.getRawAuthorities(), ", ")));
- }
- }
- } catch (IOException | ProviderCreationException | SAXException | JAXBException e) {
- throw new ProviderCreationException(e);
- }
-
- }
-
- @Override
- public void preDestruction() {
- }
-
- private boolean hasDefaultRoles() {
- return !defaultAuthorities.isEmpty();
- }
-
- @Override
- public boolean doesDnExist(String dn) throws AuthorityAccessException {
- if (hasDefaultRoles()) {
- return true;
- }
-
- final User user = getUser(dn);
- return user != null;
- }
-
- @Override
- public synchronized Set<Authority> getAuthorities(String dn) throws UnknownIdentityException, AuthorityAccessException {
- final Set<Authority> authorities = EnumSet.noneOf(Authority.class);
-
- // get the user
- final User user = getUser(dn);
-
- // ensure the user was located
- if (user == null) {
- if (hasDefaultRoles()) {
- logger.debug(String.format("User DN not found: %s. Creating new user with default roles.", dn));
-
- // create the user (which will automatically add any default authorities)
- addUser(dn, null);
-
- // get the authorities for the newly created user
- authorities.addAll(getAuthorities(dn));
- } else {
- throw new UnknownIdentityException(String.format("User DN not found: %s.", dn));
- }
- } else {
- // create the authorities that this user has
- for (final Role role : user.getRole()) {
- authorities.add(Authority.valueOfAuthority(role.getName()));
- }
- }
-
- return authorities;
- }
-
- @Override
- public synchronized void setAuthorities(String dn, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException {
- // get the user
- final User user = getUser(dn);
-
- // ensure the user was located
- if (user == null) {
- throw new UnknownIdentityException(String.format("User DN not found: %s.", dn));
- }
-
- // add the user authorities
- setUserAuthorities(user, authorities);
-
- try {
- // save the file
- save();
- } catch (Exception e) {
- throw new AuthorityAccessException(e.getMessage(), e);
- }
- }
-
- private void setUserAuthorities(final User user, final Set<Authority> authorities) {
- // clear the existing rules
- user.getRole().clear();
-
- // set the new roles
- final ObjectFactory objFactory = new ObjectFactory();
- for (final Authority authority : authorities) {
- final Role role = objFactory.createRole();
- role.setName(authority.toString());
-
- // add the new role
- user.getRole().add(role);
- }
- }
-
- @Override
- public synchronized void addUser(String dn, String group) throws IdentityAlreadyExistsException, AuthorityAccessException {
- final User user = getUser(dn);
-
- // ensure the user doesn't already exist
- if (user != null) {
- throw new IdentityAlreadyExistsException(String.format("User DN already exists: %s", dn));
- }
-
- // create the new user
- final ObjectFactory objFactory = new ObjectFactory();
- final User newUser = objFactory.createUser();
-
- // set the user properties
- newUser.setDn(dn);
- newUser.setGroup(group);
-
- // add default roles if appropriate
- if (hasDefaultRoles()) {
- for (final String authority : defaultAuthorities) {
- Role role = objFactory.createRole();
- role.setName(authority);
-
- // add the role
- newUser.getRole().add(role);
- }
- }
-
- // add the user
- users.getUser().add(newUser);
-
- try {
- // save the file
- save();
- } catch (Exception e) {
- throw new AuthorityAccessException(e.getMessage(), e);
- }
- }
-
- @Override
- public synchronized Set<String> getUsers(Authority authority) throws AuthorityAccessException {
- final Set<String> userSet = new HashSet<>();
- for (final User user : users.getUser()) {
- for (final Role role : user.getRole()) {
- if (role.getName().equals(authority.toString())) {
- userSet.add(user.getDn());
- }
- }
- }
- return userSet;
- }
-
- @Override
- public synchronized void revokeUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- // get the user
- final User user = getUser(dn);
-
- // ensure the user was located
- if (user == null) {
- throw new UnknownIdentityException(String.format("User DN not found: %s.", dn));
- }
-
- // remove the specified user
- users.getUser().remove(user);
-
- try {
- // save the file
- save();
- } catch (Exception e) {
- throw new AuthorityAccessException(e.getMessage(), e);
- }
- }
-
- @Override
- public void setUsersGroup(Set<String> dns, String group) throws UnknownIdentityException, AuthorityAccessException {
- final Collection<User> groupedUsers = new HashSet<>();
-
- // get the specified users
- for (final String dn : dns) {
- // get the user
- final User user = getUser(dn);
-
- // ensure the user was located
- if (user == null) {
- throw new UnknownIdentityException(String.format("User DN not found: %s.", dn));
- }
-
- groupedUsers.add(user);
- }
-
- // update each user group
- for (final User user : groupedUsers) {
- user.setGroup(group);
- }
-
- try {
- // save the file
- save();
- } catch (Exception e) {
- throw new AuthorityAccessException(e.getMessage(), e);
- }
- }
-
- @Override
- public void ungroupUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- // get the user
- final User user = getUser(dn);
-
- // ensure the user was located
- if (user == null) {
- throw new UnknownIdentityException(String.format("User DN not found: %s.", dn));
- }
-
- // remove the users group
- user.setGroup(null);
-
- try {
- // save the file
- save();
- } catch (Exception e) {
- throw new AuthorityAccessException(e.getMessage(), e);
- }
- }
-
- @Override
- public void ungroup(String group) throws AuthorityAccessException {
- // get the user group
- final Collection<User> userGroup = getUserGroup(group);
-
- // ensure the user group was located
- if (userGroup == null) {
- return;
- }
-
- // update each user group
- for (final User user : userGroup) {
- user.setGroup(null);
- }
-
- try {
- // save the file
- save();
- } catch (Exception e) {
- throw new AuthorityAccessException(e.getMessage(), e);
- }
- }
-
- @Override
- public String getGroupForUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- // get the user
- final User user = getUser(dn);
-
- // ensure the user was located
- if (user == null) {
- throw new UnknownIdentityException(String.format("User DN not found: %s.", dn));
- }
-
- return user.getGroup();
- }
-
- @Override
- public void revokeGroup(String group) throws UnknownIdentityException, AuthorityAccessException {
- // get the user group
- final Collection<User> userGroup = getUserGroup(group);
-
- // ensure the user group was located
- if (userGroup == null) {
- throw new UnknownIdentityException(String.format("User group not found: %s.", group));
- }
-
- // remove each user in the group
- for (final User user : userGroup) {
- users.getUser().remove(user);
- }
-
- try {
- // save the file
- save();
- } catch (Exception e) {
- throw new AuthorityAccessException(e.getMessage(), e);
- }
- }
-
- /**
- * Grants access to download content regardless of FlowFile attributes.
- */
- @Override
- public DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException {
- return DownloadAuthorization.approved();
- }
-
- private User getUser(String dn) throws UnknownIdentityException {
- // ensure the DN was specified
- if (dn == null) {
- throw new UnknownIdentityException("User DN not specified.");
- }
-
- // attempt to get the user and ensure it was located
- User desiredUser = null;
- for (final User user : users.getUser()) {
- if (dn.equalsIgnoreCase(user.getDn())) {
- desiredUser = user;
- break;
- }
- }
-
- return desiredUser;
- }
-
- private Collection<User> getUserGroup(String group) throws UnknownIdentityException {
- // ensure the DN was specified
- if (group == null) {
- throw new UnknownIdentityException("User group not specified.");
- }
-
- // get all users with this group
- Collection<User> userGroup = null;
- for (final User user : users.getUser()) {
- if (group.equals(user.getGroup())) {
- if (userGroup == null) {
- userGroup = new HashSet<>();
- }
- userGroup.add(user);
- }
- }
-
- return userGroup;
- }
-
- private void save() throws Exception {
- final Marshaller marshaller = JAXB_CONTEXT.createMarshaller();
- marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
-
- // save users to restore directory before primary directory
- if (restoreUsersFile != null) {
- marshaller.marshal(users, restoreUsersFile);
- }
-
- // save users to primary directory
- marshaller.marshal(users, usersFile);
- }
-
- @AuthorityProviderContext
- public void setNiFiProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
deleted file mode 100755
index 93d2941..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
+++ /dev/null
@@ -1,15 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-org.apache.nifi.authorization.FileAuthorizationProvider
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/xsd/users.xsd
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/xsd/users.xsd b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/xsd/users.xsd
deleted file mode 100644
index 4ee1e17..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/main/xsd/users.xsd
+++ /dev/null
@@ -1,64 +0,0 @@
-<?xml version="1.0"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
- <!-- role -->
- <xs:complexType name="Role">
- <xs:attribute name="name">
- <xs:simpleType>
- <xs:restriction base="xs:string">
- <xs:enumeration value="ROLE_MONITOR"/>
- <xs:enumeration value="ROLE_PROVENANCE"/>
- <xs:enumeration value="ROLE_DFM"/>
- <xs:enumeration value="ROLE_ADMIN"/>
- <xs:enumeration value="ROLE_PROXY"/>
- <xs:enumeration value="ROLE_NIFI"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- </xs:complexType>
-
- <!-- user -->
- <xs:complexType name="User">
- <xs:sequence>
- <xs:element name="role" type="Role" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- <xs:attribute name="dn">
- <xs:simpleType>
- <xs:restriction base="xs:string">
- <xs:minLength value="1"/>
- <xs:pattern value=".*[^\s].*"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- <xs:attribute name="group">
- <xs:simpleType>
- <xs:restriction base="xs:string">
- <xs:minLength value="1"/>
- <xs:pattern value=".*[^\s].*"/>
- </xs:restriction>
- </xs:simpleType>
- </xs:attribute>
- </xs:complexType>
-
- <!-- users -->
- <xs:element name="users">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="user" type="User" minOccurs="0" maxOccurs="unbounded"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
-</xs:schema>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/test/java/org/apache/nifi/authorization/FileAuthorizationProviderTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/test/java/org/apache/nifi/authorization/FileAuthorizationProviderTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/test/java/org/apache/nifi/authorization/FileAuthorizationProviderTest.java
deleted file mode 100644
index 7428500..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/src/test/java/org/apache/nifi/authorization/FileAuthorizationProviderTest.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.io.File;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.util.file.FileUtils;
-import org.apache.nifi.util.NiFiProperties;
-import org.junit.After;
-import static org.junit.Assert.assertEquals;
-import org.junit.Before;
-import org.junit.Test;
-import org.junit.Ignore;
-import org.mockito.Mockito;
-import static org.mockito.Mockito.mock;
-import static org.mockito.Mockito.when;
-
-@Ignore
-public class FileAuthorizationProviderTest {
-
- private FileAuthorizationProvider provider;
-
- private File primary;
-
- private File restore;
-
- private NiFiProperties mockProperties;
-
- private AuthorityProviderConfigurationContext mockConfigurationContext;
-
- @Before
- public void setup() throws IOException {
-
- primary = new File("target/primary/users.txt");
- restore = new File("target/restore/users.txt");
-
- System.out.println("absolute path: " + primary.getAbsolutePath());
-
- mockProperties = mock(NiFiProperties.class);
- when(mockProperties.getRestoreDirectory()).thenReturn(restore.getParentFile());
-
- mockConfigurationContext = mock(AuthorityProviderConfigurationContext.class);
- when(mockConfigurationContext.getProperty(Mockito.eq("Authorized Users File"))).thenReturn(primary.getPath());
-
- provider = new FileAuthorizationProvider();
- provider.setNiFiProperties(mockProperties);
- provider.initialize(null);
- }
-
- @After
- public void cleanup() throws Exception {
- deleteFile(primary);
- deleteFile(restore);
- }
-
- private boolean deleteFile(final File file) {
- if (file.isDirectory()) {
- FileUtils.deleteFilesInDir(file, null, null, true, true);
- }
- return FileUtils.deleteFile(file, null, 10);
- }
-
- @Test
- public void testPostContructionWhenRestoreDoesNotExist() throws Exception {
-
- byte[] primaryBytes = "<users/>".getBytes();
- FileOutputStream fos = new FileOutputStream(primary);
- fos.write(primaryBytes);
- fos.close();
-
- provider.onConfigured(mockConfigurationContext);
- assertEquals(primary.length(), restore.length());
- }
-
- @Test
- public void testPostContructionWhenPrimaryDoesNotExist() throws Exception {
-
- byte[] restoreBytes = "<users/>".getBytes();
- FileOutputStream fos = new FileOutputStream(restore);
- fos.write(restoreBytes);
- fos.close();
-
- provider.onConfigured(mockConfigurationContext);
- assertEquals(restore.length(), primary.length());
-
- }
-
- @Test(expected = ProviderCreationException.class)
- public void testPostContructionWhenPrimaryDifferentThanRestore() throws Exception {
-
- byte[] primaryBytes = "<users></users>".getBytes();
- FileOutputStream fos = new FileOutputStream(primary);
- fos.write(primaryBytes);
- fos.close();
-
- byte[] restoreBytes = "<users/>".getBytes();
- fos = new FileOutputStream(restore);
- fos.write(restoreBytes);
- fos.close();
-
- provider.onConfigured(mockConfigurationContext);
- }
-
- @Test
- public void testPostContructionWhenPrimaryAndBackupDoNotExist() throws Exception {
-
- provider.onConfigured(mockConfigurationContext);
- assertEquals(0, restore.length());
- assertEquals(restore.length(), primary.length());
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java
index db0b35e..f06012c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/ExtensionManager.java
@@ -16,15 +16,8 @@
*/
package org.apache.nifi.nar;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.ServiceLoader;
-import java.util.Set;
import org.apache.nifi.authentication.LoginIdentityProvider;
-
-import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.repository.ContentRepository;
import org.apache.nifi.controller.repository.FlowFileRepository;
@@ -34,10 +27,16 @@ import org.apache.nifi.flowfile.FlowFilePrioritizer;
import org.apache.nifi.processor.Processor;
import org.apache.nifi.provenance.ProvenanceEventRepository;
import org.apache.nifi.reporting.ReportingTask;
-
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.ServiceLoader;
+import java.util.Set;
+
/**
* Scans through the classpath to load all FlowFileProcessors, FlowFileComparators, and ReportingTasks using the service provider API and running through all classloaders (root, NARs).
*
@@ -58,7 +57,7 @@ public class ExtensionManager {
definitionMap.put(FlowFilePrioritizer.class, new HashSet<Class>());
definitionMap.put(ReportingTask.class, new HashSet<Class>());
definitionMap.put(ControllerService.class, new HashSet<Class>());
- definitionMap.put(AuthorityProvider.class, new HashSet<Class>());
+ definitionMap.put(Authorizer.class, new HashSet<Class>());
definitionMap.put(LoginIdentityProvider.class, new HashSet<Class>());
definitionMap.put(ProvenanceEventRepository.class, new HashSet<Class>());
definitionMap.put(ComponentStatusRepository.class, new HashSet<Class>());
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java
index 9e9bd03..93f73eb 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-nar-utils/src/main/java/org/apache/nifi/nar/NarThreadContextClassLoader.java
@@ -16,16 +16,8 @@
*/
package org.apache.nifi.nar;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.net.URLClassLoader;
-import java.util.ArrayList;
-import java.util.Enumeration;
-import java.util.List;
import org.apache.nifi.authentication.LoginIdentityProvider;
-
-import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.authorization.Authorizer;
import org.apache.nifi.components.Validator;
import org.apache.nifi.controller.ControllerService;
import org.apache.nifi.controller.repository.ContentRepository;
@@ -40,6 +32,14 @@ import org.apache.nifi.processor.io.StreamCallback;
import org.apache.nifi.provenance.ProvenanceEventRepository;
import org.apache.nifi.reporting.ReportingTask;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.net.URLClassLoader;
+import java.util.ArrayList;
+import java.util.Enumeration;
+import java.util.List;
+
/**
* THREAD SAFE
*/
@@ -58,7 +58,7 @@ public class NarThreadContextClassLoader extends URLClassLoader {
narSpecificClasses.add(OutputStreamCallback.class);
narSpecificClasses.add(StreamCallback.class);
narSpecificClasses.add(ControllerService.class);
- narSpecificClasses.add(AuthorityProvider.class);
+ narSpecificClasses.add(Authorizer.class);
narSpecificClasses.add(LoginIdentityProvider.class);
narSpecificClasses.add(ProvenanceEventRepository.class);
narSpecificClasses.add(ComponentStatusRepository.class);
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authority-providers.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authority-providers.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authority-providers.xml
deleted file mode 100644
index cb68e15..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authority-providers.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<!--
- This file lists the authority providers to use when running securely. In order
- to use a specific provider it must be configured here and it's identifier
- must be specified in the nifi.properties file.
--->
-<authorityProviders>
- <provider>
- <identifier>file-provider</identifier>
- <class>org.apache.nifi.authorization.FileAuthorizationProvider</class>
- <property name="Authorized Users File">./conf/authorized-users.xml</property>
- <property name="Default User Roles"></property>
- </provider>
-
- <!--<provider>
- <identifier>cluster-ncm-provider</identifier>
- <class>org.apache.nifi.cluster.authorization.ClusterManagerAuthorizationProvider</class>
- <property name="Authority Provider Port"></property>
- <property name="Authority Provider Threads">10</property>
- <property name="Authorized Users File">./conf/authorized-users.xml</property>
- <property name="Default User Roles"></property>
- </provider>-->
-
- <!--<provider>
- <identifier>cluster-node-provider</identifier>
- <class>org.apache.nifi.cluster.authorization.NodeAuthorizationProvider</class>
- <property name="Cluster Manager Authority Provider Port"></property>
- </provider>-->
-</authorityProviders>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorized-users.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorized-users.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorized-users.xml
index 6b07165..054ddec 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorized-users.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorized-users.xml
@@ -17,7 +17,7 @@
This file lists all authorized users for this NiFi instance when using
the FileAuthorizationProvider or ClusterManagerAuthorizationProvider. If one of
these providers is not in use then this file is not used. Refer to the properties
- file and authority-providers.xml for configuration details.
+ file and authorizers.xml for configuration details.
Available roles:
ROLE_MONITOR - for users - read only access to flow
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml
new file mode 100644
index 0000000..5d7db16
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/authorizers.xml
@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+ http://www.apache.org/licenses/LICENSE-2.0
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<!--
+ This file lists the authority providers to use when running securely. In order
+ to use a specific provider it must be configured here and it's identifier
+ must be specified in the nifi.properties file.
+-->
+<authorizers>
+ <provider>
+ <identifier>file-provider</identifier>
+ <class>org.apache.nifi.authorization.FileAuthorizationProvider</class>
+ <property name="Authorized Users File">./conf/authorized-users.xml</property>
+ <property name="Default User Roles"></property>
+ </provider>
+</authorizers>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
index beb71c1..3724c1c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-resources/src/main/resources/conf/nifi.properties
@@ -24,7 +24,7 @@ nifi.administrative.yield.duration=${nifi.administrative.yield.duration}
# If a component has no work to do (is "bored"), how long should we wait before checking again for work?
nifi.bored.yield.duration=${nifi.bored.yield.duration}
-nifi.authority.provider.configuration.file=${nifi.authority.provider.configuration.file}
+nifi.authorizer.configuration.file=${nifi.authorizer.configuration.file}
nifi.login.identity.provider.configuration.file=${nifi.login.identity.provider.configuration.file}
nifi.templates.directory=${nifi.templates.directory}
nifi.ui.banner.text=${nifi.ui.banner.text}
@@ -138,7 +138,7 @@ nifi.security.truststoreType=${nifi.security.truststoreType}
nifi.security.truststorePasswd=${nifi.security.truststorePasswd}
nifi.security.needClientAuth=${nifi.security.needClientAuth}
nifi.security.user.credential.cache.duration=${nifi.security.user.credential.cache.duration}
-nifi.security.user.authority.provider=${nifi.security.user.authority.provider}
+nifi.security.user.authorizer=${nifi.security.user.authorizer}
nifi.security.user.login.identity.provider=${nifi.security.user.login.identity.provider}
nifi.security.support.new.account.requests=${nifi.security.support.new.account.requests}
# Valid Authorities include: ROLE_MONITOR,ROLE_DFM,ROLE_ADMIN,ROLE_PROVENANCE,ROLE_NIFI
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardRootGroupPort.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardRootGroupPort.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardRootGroupPort.java
index 66fd303..589cf7f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardRootGroupPort.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-site-to-site/src/main/java/org/apache/nifi/remote/StandardRootGroupPort.java
@@ -16,30 +16,7 @@
*/
package org.apache.nifi.remote;
-import static java.util.Objects.requireNonNull;
-
-import java.io.IOException;
-import java.net.SocketTimeoutException;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.ArrayBlockingQueue;
-import java.util.concurrent.BlockingQueue;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicBoolean;
-import java.util.concurrent.atomic.AtomicReference;
-import java.util.concurrent.locks.Lock;
-import java.util.concurrent.locks.ReentrantLock;
-
-import org.apache.nifi.admin.service.AccountDisabledException;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AccountPendingException;
-import org.apache.nifi.admin.service.AdministrationException;
import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.authorization.Authority;
import org.apache.nifi.components.ValidationResult;
import org.apache.nifi.connectable.ConnectableType;
import org.apache.nifi.controller.AbstractPort;
@@ -64,10 +41,27 @@ import org.apache.nifi.reporting.BulletinRepository;
import org.apache.nifi.reporting.ComponentType;
import org.apache.nifi.reporting.Severity;
import org.apache.nifi.scheduling.SchedulingStrategy;
-import org.apache.nifi.user.NiFiUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.IOException;
+import java.net.SocketTimeoutException;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.concurrent.ArrayBlockingQueue;
+import java.util.concurrent.BlockingQueue;
+import java.util.concurrent.TimeUnit;
+import java.util.concurrent.atomic.AtomicBoolean;
+import java.util.concurrent.atomic.AtomicReference;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantLock;
+
+import static java.util.Objects.requireNonNull;
+
public class StandardRootGroupPort extends AbstractPort implements RootGroupPort {
private static final String CATEGORY = "Site to Site";
@@ -355,67 +349,8 @@ public class StandardRootGroupPort extends AbstractPort implements RootGroupPort
return new StandardPortAuthorizationResult(false, "User DN is not known");
}
- try {
- final NiFiUser user = userService.checkAuthorization(dn);
-
- final Set<Authority> authorities = user.getAuthorities();
- if (!authorities.contains(Authority.ROLE_NIFI)) {
- final String message = String.format("%s authorization failed for user %s because the user does not have Role NiFi", this, dn);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "User does not contain required Role: NiFi");
- }
-
- final Set<String> allowedUsers = userAccessControl.get();
- if (allowedUsers.contains(dn)) {
- return new StandardPortAuthorizationResult(true, "User is Authorized");
- }
-
- final String userGroup = user.getUserGroup();
- if (userGroup == null) {
- final String message = String.format("%s authorization failed for user %s because the user does not have a group and is not in the set of Allowed Users for this Port", this, dn);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "User is not Authorized to communicate with " + this.toString());
- }
-
- final Set<String> allowedGroups = groupAccessControl.get();
- final boolean allowed = allowedGroups.contains(userGroup);
- if (!allowed) {
- final String message = String.format("%s authorization failed for user %s because the user "
- + "is not in the set of Allowed Users, and the user's group is not in the set of Allowed Groups for this Port", this, dn);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "User is not Authorized to communicate with " + this.toString());
- }
-
- return new StandardPortAuthorizationResult(true, "User is part of group '" + userGroup + "', which is Authorized to communicate with " + this.toString());
- } catch (final AccountNotFoundException anfe) {
- final String message = String.format("%s authorization failed for user %s because the DN is unknown", this, dn);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "User DN is not known");
- } catch (final AccountDisabledException ade) {
- final String message = String.format("%s authorization failed for user %s because the User Status is not 'ACTIVE' but instead is 'DISABLED'", this, dn);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "User Status is 'DISABLED' rather than 'ACTIVE'");
- } catch (final AccountPendingException ape) {
- final String message = String.format("%s authorization failed for user %s because the User Status is not 'ACTIVE' but instead is 'PENDING'", this, dn);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "User Status is 'PENDING' rather than 'ACTIVE'");
- } catch (final AdministrationException ae) {
- final String message = String.format("%s authorization failed for user %s because ", this, dn, ae);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "Authorization failed because " + ae);
- } catch (final Exception e) {
- final String message = String.format("%s authorization failed for user %s because ", this, dn, e);
- logger.warn(message);
- eventReporter.reportEvent(Severity.WARNING, CATEGORY, message);
- return new StandardPortAuthorizationResult(false, "Authorization failed because " + e);
- }
+ // TODO - Replace with call to Authorizer to authorize site to site data transfer
+ return new StandardPortAuthorizationResult(true, "User is Authorized");
}
public static class StandardPortAuthorizationResult implements PortAuthorizationResult {
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java
index cfe18c5..dee219e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiServiceFacade.java
@@ -50,8 +50,6 @@ import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.dto.SnippetDTO;
import org.apache.nifi.web.api.dto.SystemDiagnosticsDTO;
import org.apache.nifi.web.api.dto.TemplateDTO;
-import org.apache.nifi.web.api.dto.UserDTO;
-import org.apache.nifi.web.api.dto.UserGroupDTO;
import org.apache.nifi.web.api.dto.action.ActionDTO;
import org.apache.nifi.web.api.dto.action.HistoryDTO;
import org.apache.nifi.web.api.dto.action.HistoryQueryDTO;
@@ -68,7 +66,6 @@ import org.apache.nifi.web.api.dto.status.ProcessorStatusDTO;
import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO;
import org.apache.nifi.web.api.dto.status.StatusHistoryDTO;
-import java.util.Collection;
import java.util.Date;
import java.util.Set;
@@ -1429,84 +1426,6 @@ public interface NiFiServiceFacade {
ConfigurationSnapshot<Void> deleteSnippet(Revision revision, String snippetId);
// ----------------------------------------
- // User methods
- // ----------------------------------------
- /**
- * Gets the user with the specified id.
- *
- * @param userId The user id
- * @return user
- */
- UserDTO getUser(String userId);
-
- /**
- * Gets all of the users registered with this controller.
- *
- * @param grouped grouped
- * @return user
- */
- Collection<UserDTO> getUsers(Boolean grouped);
-
- /**
- * Creates a new account request.
- *
- * @return user
- */
- UserDTO createUser();
-
- /**
- * Updates the specified user accordingly.
- *
- * @param user The user to update
- * @return user
- */
- UserDTO updateUser(UserDTO user);
-
- /**
- * Invalidates the specified user.
- *
- * @param userId user
- */
- void invalidateUser(String userId);
-
- /**
- * Invalidates the specified user accounts and all accounts associated with this group.
- *
- * @param userGroup group
- * @param userIds id
- */
- void invalidateUserGroup(String userGroup, Set<String> userIds);
-
- /**
- * Deletes the specified user.
- *
- * @param userId user id
- */
- void deleteUser(String userId);
-
- /**
- * Updates a user group with the specified group and comprised of the specified users.
- *
- * @param userGroup group
- * @return group
- */
- UserGroupDTO updateUserGroup(UserGroupDTO userGroup);
-
- /**
- * Ungroups the specified user.
- *
- * @param userId id
- */
- void removeUserFromGroup(String userId);
-
- /**
- * Deletes the specified user group.
- *
- * @param userGroup group
- */
- void removeUserGroup(String userGroup);
-
- // ----------------------------------------
// Cluster methods
// ----------------------------------------
/**
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
index fd44636..c85835b 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/NiFiWebApiSecurityConfiguration.java
@@ -18,15 +18,14 @@ package org.apache.nifi.web;
import org.apache.nifi.admin.service.UserService;
import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.security.NiFiAuthenticationProvider;
import org.apache.nifi.web.security.anonymous.NiFiAnonymousUserFilter;
import org.apache.nifi.web.security.jwt.JwtAuthenticationFilter;
-import org.apache.nifi.web.security.jwt.JwtService;
+import org.apache.nifi.web.security.jwt.JwtAuthenticationProvider;
import org.apache.nifi.web.security.node.NodeAuthorizedUserFilter;
import org.apache.nifi.web.security.otp.OtpAuthenticationFilter;
-import org.apache.nifi.web.security.otp.OtpService;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
+import org.apache.nifi.web.security.otp.OtpAuthenticationProvider;
import org.apache.nifi.web.security.x509.X509AuthenticationFilter;
+import org.apache.nifi.web.security.x509.X509AuthenticationProvider;
import org.apache.nifi.web.security.x509.X509CertificateExtractor;
import org.apache.nifi.web.security.x509.X509IdentityProvider;
import org.slf4j.Logger;
@@ -42,7 +41,6 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
/**
@@ -56,16 +54,20 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
private NiFiProperties properties;
private UserService userService;
- private AuthenticationUserDetailsService authenticationUserDetailsService;
- private JwtService jwtService;
- private OtpService otpService;
+
+ private NodeAuthorizedUserFilter nodeAuthorizedUserFilter;
+
+ private X509AuthenticationFilter x509AuthenticationFilter;
private X509CertificateExtractor certificateExtractor;
private X509IdentityProvider certificateIdentityProvider;
+ private X509AuthenticationProvider x509AuthenticationProvider;
- private NodeAuthorizedUserFilter nodeAuthorizedUserFilter;
private JwtAuthenticationFilter jwtAuthenticationFilter;
+ private JwtAuthenticationProvider jwtAuthenticationProvider;
+
private OtpAuthenticationFilter otpAuthenticationFilter;
- private X509AuthenticationFilter x509AuthenticationFilter;
+ private OtpAuthenticationProvider otpAuthenticationProvider;
+
private NiFiAnonymousUserFilter anonymousAuthenticationFilter;
public NiFiWebApiSecurityConfiguration() {
@@ -95,17 +97,17 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
// cluster authorized user
http.addFilterBefore(nodeAuthorizedUserFilterBean(), AnonymousAuthenticationFilter.class);
- // anonymous
- http.anonymous().authenticationFilter(anonymousFilterBean());
-
// x509
- http.addFilterAfter(x509FilterBean(), AnonymousAuthenticationFilter.class);
+ http.addFilterBefore(x509FilterBean(), AnonymousAuthenticationFilter.class);
// jwt
- http.addFilterAfter(jwtFilterBean(), AnonymousAuthenticationFilter.class);
+ http.addFilterBefore(jwtFilterBean(), AnonymousAuthenticationFilter.class);
// otp
- http.addFilterAfter(otpFilterBean(), AnonymousAuthenticationFilter.class);
+ http.addFilterBefore(otpFilterBean(), AnonymousAuthenticationFilter.class);
+
+ // anonymous
+ http.anonymous().authenticationFilter(anonymousFilterBean());
}
@Bean
@@ -117,7 +119,10 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.authenticationProvider(new NiFiAuthenticationProvider(authenticationUserDetailsService));
+ auth
+ .authenticationProvider(x509AuthenticationProvider)
+ .authenticationProvider(jwtAuthenticationProvider)
+ .authenticationProvider(otpAuthenticationProvider);
}
@Bean
@@ -137,7 +142,6 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
jwtAuthenticationFilter = new JwtAuthenticationFilter();
jwtAuthenticationFilter.setProperties(properties);
jwtAuthenticationFilter.setAuthenticationManager(authenticationManager());
- jwtAuthenticationFilter.setJwtService(jwtService);
}
return jwtAuthenticationFilter;
}
@@ -148,7 +152,6 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
otpAuthenticationFilter = new OtpAuthenticationFilter();
otpAuthenticationFilter.setProperties(properties);
otpAuthenticationFilter.setAuthenticationManager(authenticationManager());
- otpAuthenticationFilter.setOtpService(otpService);
}
return otpAuthenticationFilter;
}
@@ -159,7 +162,6 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
x509AuthenticationFilter = new X509AuthenticationFilter();
x509AuthenticationFilter.setProperties(properties);
x509AuthenticationFilter.setCertificateExtractor(certificateExtractor);
- x509AuthenticationFilter.setCertificateIdentityProvider(certificateIdentityProvider);
x509AuthenticationFilter.setAuthenticationManager(authenticationManager());
}
return x509AuthenticationFilter;
@@ -175,11 +177,6 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
}
@Autowired
- public void setUserDetailsService(AuthenticationUserDetailsService<NiFiAuthorizationRequestToken> userDetailsService) {
- this.authenticationUserDetailsService = userDetailsService;
- }
-
- @Autowired
public void setUserService(UserService userService) {
this.userService = userService;
}
@@ -190,13 +187,18 @@ public class NiFiWebApiSecurityConfiguration extends WebSecurityConfigurerAdapte
}
@Autowired
- public void setJwtService(JwtService jwtService) {
- this.jwtService = jwtService;
+ public void setJwtAuthenticationProvider(JwtAuthenticationProvider jwtAuthenticationProvider) {
+ this.jwtAuthenticationProvider = jwtAuthenticationProvider;
+ }
+
+ @Autowired
+ public void setOtpAuthenticationProvider(OtpAuthenticationProvider otpAuthenticationProvider) {
+ this.otpAuthenticationProvider = otpAuthenticationProvider;
}
@Autowired
- public void setOtpService(OtpService otpService) {
- this.otpService = otpService;
+ public void setX509AuthenticationProvider(X509AuthenticationProvider x509AuthenticationProvider) {
+ this.x509AuthenticationProvider = x509AuthenticationProvider;
}
@Autowired
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiContentAccess.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiContentAccess.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiContentAccess.java
index afaf3ed..a9559a3 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiContentAccess.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiContentAccess.java
@@ -20,7 +20,6 @@ import com.sun.jersey.api.client.ClientResponse;
import com.sun.jersey.api.client.ClientResponse.Status;
import com.sun.jersey.core.util.MultivaluedMapImpl;
import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.Authority;
import org.apache.nifi.cluster.manager.NodeResponse;
import org.apache.nifi.cluster.manager.exception.UnknownNodeException;
import org.apache.nifi.cluster.manager.impl.WebClusterManager;
@@ -29,7 +28,6 @@ import org.apache.nifi.cluster.protocol.NodeIdentifier;
import org.apache.nifi.controller.repository.claim.ContentDirection;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.security.user.NiFiUserDetails;
-import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.apache.nifi.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -180,19 +178,19 @@ public class StandardNiFiContentAccess implements ContentAccess {
}
private DownloadableContent getFlowFileContent(final String groupId, final String connectionId, final String flowfileId, final String dataUri) {
- // ensure the user is authorized as DFM - not checking with @PreAuthorized annotation as aspect not trigger on call within a class
- if (!NiFiUserUtils.getAuthorities().contains(Authority.ROLE_DFM.toString())) {
- throw new AccessDeniedException("Access is denied.");
- }
+ // TODO - ensure the user is authorized - not checking with @PreAuthorized annotation as aspect not trigger on call within a class
+// if (!NiFiUserUtils.getAuthorities().contains(Authority.ROLE_DFM.toString())) {
+// throw new AccessDeniedException("Access is denied.");
+// }
return serviceFacade.getContent(groupId, connectionId, flowfileId, dataUri);
}
private DownloadableContent getProvenanceEventContent(final Long eventId, final String dataUri, final ContentDirection direction) {
- // ensure the user is authorized as Provenance - not checking with @PreAuthorized annotation as aspect not trigger on call within a class
- if (!NiFiUserUtils.getAuthorities().contains(Authority.ROLE_PROVENANCE.toString())) {
- throw new AccessDeniedException("Access is denied.");
- }
+ // TODO - ensure the user is authorized - not checking with @PreAuthorized annotation as aspect not trigger on call within a class
+// if (!NiFiUserUtils.getAuthorities().contains(Authority.ROLE_PROVENANCE.toString())) {
+// throw new AccessDeniedException("Access is denied.");
+// }
return serviceFacade.getContent(eventId, dataUri, direction);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
index 4fdda06..7fe2f06 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java
@@ -16,17 +16,14 @@
*/
package org.apache.nifi.web;
-import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.action.Action;
import org.apache.nifi.action.Component;
import org.apache.nifi.action.FlowChangeAction;
import org.apache.nifi.action.Operation;
import org.apache.nifi.action.details.FlowChangePurgeDetails;
-import org.apache.nifi.admin.service.AccountNotFoundException;
import org.apache.nifi.admin.service.AuditService;
import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.authorization.Authority;
import org.apache.nifi.cluster.context.ClusterContext;
import org.apache.nifi.cluster.context.ClusterContextThreadLocal;
import org.apache.nifi.cluster.manager.exception.UnknownNodeException;
@@ -64,9 +61,7 @@ import org.apache.nifi.remote.RootGroupPort;
import org.apache.nifi.reporting.Bulletin;
import org.apache.nifi.reporting.BulletinQuery;
import org.apache.nifi.reporting.BulletinRepository;
-import org.apache.nifi.user.AccountStatus;
import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.user.NiFiUserGroup;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.api.dto.BulletinBoardDTO;
@@ -106,8 +101,6 @@ import org.apache.nifi.web.api.dto.RevisionDTO;
import org.apache.nifi.web.api.dto.SnippetDTO;
import org.apache.nifi.web.api.dto.SystemDiagnosticsDTO;
import org.apache.nifi.web.api.dto.TemplateDTO;
-import org.apache.nifi.web.api.dto.UserDTO;
-import org.apache.nifi.web.api.dto.UserGroupDTO;
import org.apache.nifi.web.api.dto.action.ActionDTO;
import org.apache.nifi.web.api.dto.action.HistoryDTO;
import org.apache.nifi.web.api.dto.action.HistoryQueryDTO;
@@ -135,12 +128,10 @@ import org.apache.nifi.web.dao.RemoteProcessGroupDAO;
import org.apache.nifi.web.dao.ReportingTaskDAO;
import org.apache.nifi.web.dao.SnippetDAO;
import org.apache.nifi.web.dao.TemplateDAO;
-import org.apache.nifi.web.security.user.NewAccountRequest;
import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.apache.nifi.web.util.SnippetUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.access.AccessDeniedException;
import javax.ws.rs.WebApplicationException;
import java.nio.charset.StandardCharsets;
@@ -148,8 +139,6 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.List;
@@ -1898,120 +1887,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public void invalidateUser(String userId) {
- try {
- userService.invalidateUserAccount(userId);
- } catch (final AccountNotFoundException anfe) {
- // ignore
- }
- }
-
- @Override
- public void invalidateUserGroup(String userGroup, Set<String> userIds) {
- // invalidates any user currently associated with this group
- if (userGroup != null) {
- userService.invalidateUserGroupAccount(userGroup);
- }
-
- // invalidates any user that will be associated with this group
- if (userIds != null) {
- for (final String userId : userIds) {
- invalidateUser(userId);
- }
- }
- }
-
- @Override
- public UserDTO createUser() {
- NewAccountRequest newAccountRequest = NiFiUserUtils.getNewAccountRequest();
-
- // log the new user account request
- logger.info("Requesting new user account for " + newAccountRequest.getUsername());
-
- // get the justification
- String justification = newAccountRequest.getJustification();
- if (justification == null) {
- justification = StringUtils.EMPTY;
- }
-
- // create the pending user account
- return dtoFactory.createUserDTO(userService.createPendingUserAccount(newAccountRequest.getUsername(), justification));
- }
-
- @Override
- public UserDTO updateUser(UserDTO userDto) {
- NiFiUser user;
-
- // attempt to parse the user id
- final String id = userDto.getId();
-
- // determine the authorities that have been specified in the request
- Set<Authority> authorities = null;
- if (userDto.getAuthorities() != null) {
- authorities = Authority.convertRawAuthorities(userDto.getAuthorities());
- }
-
- // if the account status isn't specified or isn't changing
- final AccountStatus accountStatus = AccountStatus.valueOfStatus(userDto.getStatus());
- if (accountStatus == null || AccountStatus.ACTIVE.equals(accountStatus)) {
- // ensure that authorities have been specified (may be empty, but not null)
- if (authorities == null) {
- throw new IllegalArgumentException("Authorities must be specified when updating an account.");
- }
-
- // update the user account
- user = userService.update(id, authorities);
- } else if (AccountStatus.DISABLED.equals(accountStatus)) {
- // disable the account
- user = userService.disable(id);
- } else {
- throw new IllegalArgumentException("Accounts cannot be marked pending.");
- }
-
- return dtoFactory.createUserDTO(user);
- }
-
- @Override
- public void deleteUser(String userId) {
- userService.deleteUser(userId);
- }
-
- @Override
- public UserGroupDTO updateUserGroup(final UserGroupDTO userGroupDTO) {
- NiFiUserGroup userGroup;
-
- // convert the authorities
- Set<Authority> authorities = null;
- if (userGroupDTO.getAuthorities() != null) {
- authorities = Authority.convertRawAuthorities(userGroupDTO.getAuthorities());
- }
-
- final AccountStatus accountStatus = AccountStatus.valueOfStatus(userGroupDTO.getStatus());
- if (accountStatus == null || AccountStatus.ACTIVE.equals(accountStatus)) {
- // update the user group
- userGroup = userService.updateGroup(userGroupDTO.getGroup(), userGroupDTO.getUserIds(), authorities);
- } else if (AccountStatus.DISABLED.equals(accountStatus)) {
- // disable the accounts
- userGroup = userService.disableGroup(userGroupDTO.getGroup());
- } else {
- throw new IllegalArgumentException("Accounts cannot be marked pending.");
- }
-
- // generate the user group dto
- return dtoFactory.createUserGroupDTO(userGroup);
- }
-
- @Override
- public void removeUserFromGroup(String userId) {
- userService.ungroupUser(userId);
- }
-
- @Override
- public void removeUserGroup(String userGroup) {
- userService.ungroup(userGroup);
- }
-
- @Override
public ProvenanceDTO submitProvenance(ProvenanceDTO query) {
return controllerFacade.submitProvenance(query);
}
@@ -2086,15 +1961,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
@Override
public ControllerStatusDTO getControllerStatus() {
- // get the controller status
- final ControllerStatusDTO controllerStatus = controllerFacade.getControllerStatus();
-
- // determine if there are any pending user accounts - only include if appropriate
- if (NiFiUserUtils.getAuthorities().contains(Authority.ROLE_ADMIN.toString())) {
- controllerStatus.setHasPendingAccounts(userService.hasPendingUserAccount());
- }
-
- return controllerStatus;
+ return controllerFacade.getControllerStatus();
}
@Override
@@ -2329,18 +2196,8 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
return true;
}
- final Set<String> allowedUsers = port.getUserAccessControl();
- if (allowedUsers.contains(user.getIdentity())) {
- return true;
- }
-
- final String userGroup = user.getUserGroup();
- if (userGroup == null) {
- return false;
- }
-
- final Set<String> allowedGroups = port.getGroupAccessControl();
- return allowedGroups.contains(userGroup);
+ // TODO - defer to authorizer to see if user is able to retrieve site-to-site details for the specified port
+ return true;
}
@Override
@@ -2350,12 +2207,9 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
throw new WebApplicationException(new Throwable("Unable to access details for current user."));
}
- // at this point we know that the user must have ROLE_NIFI because it's required
- // get to the endpoint that calls this method but we'll check again anyways
- final Set<Authority> authorities = user.getAuthorities();
- if (!authorities.contains(Authority.ROLE_NIFI)) {
- throw new AccessDeniedException("User must have the NiFi role in order to access these details.");
- }
+ // TODO - defer to authorizer to see if user is able to retrieve site-to-site details
+
+ // TODO - filter response for access to specific ports
// serialize the input ports this NiFi has access to
final Set<PortDTO> inputPorts = new LinkedHashSet<>();
@@ -2693,82 +2547,6 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade {
}
@Override
- public UserDTO getUser(String userId) {
- // get the user
- NiFiUser user = userService.getUserById(userId);
-
- // ensure the user was found
- if (user == null) {
- throw new ResourceNotFoundException(String.format("Unable to find user with id '%s'.", userId));
- }
-
- return dtoFactory.createUserDTO(user);
- }
-
- @Override
- public Collection<UserDTO> getUsers(Boolean grouped) {
- // get the users
- final Collection<NiFiUser> users = userService.getUsers();
- final Collection<UserDTO> userDTOs = new HashSet<>();
-
- if (grouped) {
- final Map<String, UserDTO> groupedUserDTOs = new HashMap<>();
-
- // group the users
- for (final NiFiUser user : users) {
- if (StringUtils.isNotBlank(user.getUserGroup())) {
- if (groupedUserDTOs.containsKey(user.getUserGroup())) {
- final UserDTO groupedUser = groupedUserDTOs.get(user.getUserGroup());
- groupedUser.setId(groupedUser.getId() + "," + String.valueOf(user.getId()));
- groupedUser.setUserName(groupedUser.getUserName() + ", " + user.getUserName());
- groupedUser.setDn(groupedUser.getDn() + ", " + user.getIdentity());
- groupedUser.setCreation(getOldestDate(groupedUser.getCreation(), user.getCreation()));
- groupedUser.setLastAccessed(getNewestDate(groupedUser.getLastAccessed(), user.getLastAccessed()));
- groupedUser.setLastVerified(getNewestDate(groupedUser.getLastVerified(), user.getLastVerified()));
-
- // only retain the justification if al users have the same justification
- if (groupedUser.getJustification() != null) {
- if (!groupedUser.getStatus().equals(user.getJustification())) {
- groupedUser.setJustification(null);
- }
- }
-
- // only retain the status if all users have the same status
- if (groupedUser.getStatus() != null) {
- if (!groupedUser.getStatus().equals(user.getStatus().toString())) {
- groupedUser.setStatus(null);
- }
- }
-
- // only retain the authorities if all users have the same authorities
- if (groupedUser.getAuthorities() != null) {
- final Set<String> groupAuthorities = new HashSet<>(groupedUser.getAuthorities());
- final Set<String> userAuthorities = Authority.convertAuthorities(user.getAuthorities());
- if (!CollectionUtils.isEqualCollection(groupAuthorities, userAuthorities)) {
- groupedUser.setAuthorities(null);
- }
- }
- } else {
- groupedUserDTOs.put(user.getUserGroup(), dtoFactory.createUserDTO(user));
- }
- } else {
- userDTOs.add(dtoFactory.createUserDTO(user));
- }
- }
-
- // add the grouped users
- userDTOs.addAll(groupedUserDTOs.values());
- } else {
- // convert each into a DTOs
- for (final NiFiUser user : users) {
- userDTOs.add(dtoFactory.createUserDTO(user));
- }
- }
-
- return userDTOs;
- }
-
- @Override
public boolean isClustered() {
return controllerFacade.isClustered();
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java
index cae1175..3a57d1d 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java
@@ -160,7 +160,7 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration
@Override
@PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
public String getCurrentUserDn() {
- String userIdentity = NiFiUser.ANONYMOUS_USER_IDENTITY;
+ String userIdentity = NiFiUser.ANONYMOUS.getIdentity();
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user != null) {
@@ -173,7 +173,7 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration
@Override
@PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
public String getCurrentUserName() {
- String userName = NiFiUser.ANONYMOUS_USER_IDENTITY;
+ String userName = NiFiUser.ANONYMOUS.getIdentity();
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user != null) {
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebContext.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebContext.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebContext.java
index 9667ad6..cd8d0c7 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebContext.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebContext.java
@@ -131,7 +131,7 @@ public class StandardNiFiWebContext implements NiFiWebContext {
@Override
@PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
public String getCurrentUserDn() {
- String userIdentity = NiFiUser.ANONYMOUS_USER_IDENTITY;
+ String userIdentity = NiFiUser.ANONYMOUS.getIdentity();
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user != null) {
@@ -144,7 +144,7 @@ public class StandardNiFiWebContext implements NiFiWebContext {
@Override
@PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
public String getCurrentUserName() {
- String userName = NiFiUser.ANONYMOUS_USER_IDENTITY;
+ String userName = NiFiUser.ANONYMOUS.getIdentity();
final NiFiUser user = NiFiUserUtils.getNiFiUser();
if (user != null) {
[7/9] nifi git commit: NIFI-1551: - Starting to remove the
AuthorityProvider. - This closes #330
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetOrCreateKeyAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetOrCreateKeyAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetOrCreateKeyAction.java
index bb85b6f..8c86226 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetOrCreateKeyAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetOrCreateKeyAction.java
@@ -17,8 +17,6 @@
package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
-
import org.apache.nifi.admin.dao.KeyDAO;
import org.apache.nifi.key.Key;
@@ -34,7 +32,7 @@ public class GetOrCreateKeyAction implements AdministrationAction<Key> {
}
@Override
- public Key execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Key execute(DAOFactory daoFactory) {
final KeyDAO keyDao = daoFactory.getKeyDAO();
Key key = keyDao.findLatestKeyByIdentity(identity);
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetPreviousValues.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetPreviousValues.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetPreviousValues.java
index 569439b..337643f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetPreviousValues.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetPreviousValues.java
@@ -16,13 +16,13 @@
*/
package org.apache.nifi.admin.service.action;
-import java.util.List;
-import java.util.Map;
import org.apache.nifi.admin.dao.ActionDAO;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
import org.apache.nifi.history.PreviousValue;
+import java.util.List;
+import java.util.Map;
+
/**
* Gets the action with the specified id.
*/
@@ -35,7 +35,7 @@ public class GetPreviousValues implements AdministrationAction<Map<String, List<
}
@Override
- public Map<String, List<PreviousValue>> execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Map<String, List<PreviousValue>> execute(DAOFactory daoFactory) {
ActionDAO actionDao = daoFactory.getActionDAO();
return actionDao.getPreviousValues(componentId);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUserGroupAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUserGroupAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUserGroupAction.java
deleted file mode 100644
index 5377c46..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUserGroupAction.java
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUserGroup;
-
-/**
- *
- */
-public class GetUserGroupAction implements AdministrationAction<NiFiUserGroup> {
-
- private final String group;
-
- public GetUserGroupAction(String group) {
- this.group = group;
- }
-
- @Override
- public NiFiUserGroup execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- final UserDAO userDAO = daoFactory.getUserDAO();
- final NiFiUserGroup userGroup = new NiFiUserGroup();
-
- // set the group
- userGroup.setGroup(group);
-
- // get the users in this group
- userGroup.setUsers(userDAO.findUsersForGroup(group));
-
- // return the group
- return userGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUsersAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUsersAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUsersAction.java
deleted file mode 100644
index 42d180e..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetUsersAction.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Collection;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- */
-public class GetUsersAction implements AdministrationAction<Collection<NiFiUser>> {
-
- @Override
- public Collection<NiFiUser> execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- // get a UserDAO
- UserDAO userDAO = daoFactory.getUserDAO();
-
- // return the desired user
- return userDAO.findUsers();
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/HasPendingUserAccounts.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/HasPendingUserAccounts.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/HasPendingUserAccounts.java
deleted file mode 100644
index 3325642..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/HasPendingUserAccounts.java
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-
-/**
- * Action for creating a NiFiUser account.
- */
-public class HasPendingUserAccounts extends AbstractUserAction<Boolean> {
-
- @Override
- public Boolean execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
- return userDao.hasPendingUserAccounts();
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserAccountAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserAccountAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserAccountAction.java
deleted file mode 100644
index 14596b2..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserAccountAction.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- * Invalidates a user account.
- */
-public class InvalidateUserAccountAction implements AdministrationAction<Void> {
-
- private final String id;
-
- public InvalidateUserAccountAction(String id) {
- this.id = id;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
-
- // get the current user details
- NiFiUser user = userDao.findUserById(id);
-
- // ensure the user exists
- if (user == null) {
- throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", id));
- }
-
- // invalidate the user account
- user.setLastVerified(null);
-
- // create the user entry
- userDao.updateUser(user);
-
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserGroupAccountsAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserGroupAccountsAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserGroupAccountsAction.java
deleted file mode 100644
index 0cb7e14..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserGroupAccountsAction.java
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-
-/**
- * Invalidates a user account.
- */
-public class InvalidateUserGroupAccountsAction implements AdministrationAction<Void> {
-
- private final String group;
-
- public InvalidateUserGroupAccountsAction(String group) {
- this.group = group;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
-
- // create the user entry
- userDao.updateGroupVerification(group, null);
-
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/PurgeActionsAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/PurgeActionsAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/PurgeActionsAction.java
index 6928e0d..9d970dc 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/PurgeActionsAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/PurgeActionsAction.java
@@ -19,7 +19,6 @@ package org.apache.nifi.admin.service.action;
import org.apache.nifi.action.Action;
import org.apache.nifi.admin.dao.ActionDAO;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
import java.util.Date;
@@ -37,7 +36,7 @@ public class PurgeActionsAction implements AdministrationAction<Void> {
}
@Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Void execute(DAOFactory daoFactory) {
ActionDAO actionDao = daoFactory.getActionDAO();
// remove the corresponding actions
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java
deleted file mode 100644
index 198a32d..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Date;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.security.util.CertificateUtils;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- */
-public class RequestUserAccountAction implements AdministrationAction<NiFiUser> {
-
- private final String identity;
- private final String justification;
-
- public RequestUserAccountAction(String identity, String justification) {
- this.identity = identity;
- this.justification = justification;
- }
-
- @Override
- public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
-
- // determine if this user already exists
- NiFiUser user = userDao.findUserByDn(identity);
- if (user != null) {
- throw new IllegalArgumentException(String.format("User account for %s already exists.", identity));
- }
-
- // create the user
- user = new NiFiUser();
- user.setIdentity(identity);
- user.setUserName(CertificateUtils.extractUsername(identity));
- user.setJustification(justification);
- user.setStatus(AccountStatus.PENDING);
-
- // update user timestamps
- Date now = new Date();
- user.setCreation(now);
-
- // create the new user account
- userDao.createUser(user);
-
- return user;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java
deleted file mode 100644
index c16cc71..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java
+++ /dev/null
@@ -1,164 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.HashSet;
-import java.util.Set;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.security.util.CertificateUtils;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Seeds the user accounts. This action is performed at start up because it
- * takes the users specified in the authority provider and makes them available
- * to be seen in the UI. This happens because the UI loads the users from the
- * cache. Without pre loading the users, the table in the UI would only show a
- * given user once they have visited the application.
- */
-public class SeedUserAccountsAction extends AbstractUserAction<Void> {
-
- private static final Logger logger = LoggerFactory.getLogger(SeedUserAccountsAction.class);
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
- Set<String> authorizedIdentities = new HashSet<>();
-
- // get the current user cache
- final Set<NiFiUser> existingUsers;
- try {
- existingUsers = userDao.findUsers();
- } catch (Exception e) {
- // unable to access local cache... start up failure
- logger.error(String.format("Unable to get existing user base. Cannot proceed until these users can be "
- + "verified against the current authority provider: %s", e));
- throw new AdministrationException(e);
- }
-
- try {
- // all users for all roles
- for (final Authority authority : Authority.values()) {
- authorizedIdentities.addAll(authorityProvider.getUsers(authority));
- }
- } catch (AuthorityAccessException aae) {
- // unable to access the authority provider... honor the cache
- logger.warn("Unable to access authority provider due to " + aae);
- return null;
- }
-
- final Set<NiFiUser> accountsToRevoke = new HashSet<>(existingUsers);
-
- // persist the users
- for (String identity : authorizedIdentities) {
- NiFiUser user = null;
- try {
- // locate the user for this dn
- user = userDao.findUserByDn(identity);
- boolean newAccount = false;
-
- // if the user does not exist, create a new account
- if (user == null) {
- logger.info(String.format("Creating user account: %s", identity));
- newAccount = true;
-
- // create the user
- user = new NiFiUser();
- user.setIdentity(identity);
- user.setUserName(CertificateUtils.extractUsername(identity));
- user.setJustification("User details specified by authority provider.");
- } else {
- logger.info(String.format("User account already created: %s. Updating authorities...", identity));
- }
-
- // verify the account
- verifyAccount(authorityProvider, user);
-
- // persist the account accordingly
- if (newAccount) {
- CreateUserAction createUser = new CreateUserAction(user);
- createUser.execute(daoFactory, authorityProvider);
- } else {
- // this is not a new user and we have just verified their
- // account, do not revoke...
- accountsToRevoke.remove(user);
-
- // persist the user
- UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user);
- updateUser.execute(daoFactory, authorityProvider);
-
- // persist the user's authorities
- UpdateUserAuthoritiesCacheAction updateUserAuthorities = new UpdateUserAuthoritiesCacheAction(user);
- updateUserAuthorities.execute(daoFactory, authorityProvider);
- }
- } catch (DataAccessException dae) {
- if (user != null) {
- logger.warn(String.format("Unable to access account details in local cache for user %s: %s", user, dae.getMessage()));
- } else {
- logger.warn(String.format("Unable to access account details in local cache: %s", dae.getMessage()));
- }
- } catch (UnknownIdentityException uie) {
- if (user != null) {
- logger.warn(String.format("Unable to find account details in authority provider for user %s: %s", user, uie.getMessage()));
- } else {
- logger.warn(String.format("Unable to find account details in authority provider: %s", uie.getMessage()));
- }
- } catch (AuthorityAccessException aae) {
- logger.warn("Unable to access authority provider due to " + aae);
-
- // unable to access authority provider for this user, honor the cache for now
- accountsToRevoke.remove(user);
- }
- }
-
- // remove all users that are no longer in the provider
- for (final NiFiUser user : accountsToRevoke) {
- // allow pending requests to remain...
- if (AccountStatus.PENDING.equals(user.getStatus())) {
- continue;
- }
-
- try {
- logger.info(String.format("User not authorized with configured provider: %s. Disabling account...", user.getIdentity()));
-
- // disable the account and reset its last verified timestamp since it was not found
- // in the current configured authority provider
- user.setStatus(AccountStatus.DISABLED);
- user.setLastVerified(null);
-
- // update the user record
- UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user);
- updateUser.execute(daoFactory, authorityProvider);
- } catch (final Exception e) {
- // unable to revoke access for someone we know is not authorized... fail start up
- logger.error(String.format("Unable to revoke access for user %s that is no longer authorized: %s", user, e));
- throw new AdministrationException(e);
- }
- }
-
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java
deleted file mode 100644
index 2604a47..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- */
-public class UngroupUserAction extends AbstractUserAction<Void> {
-
- private final String userId;
-
- public UngroupUserAction(String userId) {
- this.userId = userId;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
- final UserDAO userDao = daoFactory.getUserDAO();
-
- // get the user in question
- final NiFiUser user = userDao.findUserById(userId);
-
- // ensure the user exists
- if (user == null) {
- throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", userId));
- }
-
- // set the user group
- user.setUserGroup(null);
-
- // update the user locally
- userDao.updateUser(user);
-
- try {
- // update the authority provider
- authorityProvider.ungroupUser(user.getIdentity());
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to ungroup user '%s': %s", user.getIdentity(), uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to ungroup user '%s': %s", user.getIdentity(), aae.getMessage()), aae);
- }
-
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserGroupAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserGroupAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserGroupAction.java
deleted file mode 100644
index fa24fbe..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserGroupAction.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-
-/**
- *
- */
-public class UngroupUserGroupAction extends AbstractUserAction<Void> {
-
- private final String group;
-
- public UngroupUserGroupAction(String group) {
- this.group = group;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
- final UserDAO userDao = daoFactory.getUserDAO();
-
- // update the user locally
- userDao.ungroup(group);
-
- try {
- // update the authority provider
- authorityProvider.ungroup(group);
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to ungroup '%s': %s", group, uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to ungroup '%s': %s", group, aae.getMessage()), aae);
- }
-
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java
deleted file mode 100644
index ecb91e6..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Date;
-import java.util.Set;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Sets user authorities.
- */
-public class UpdateUserAction extends AbstractUserAction<NiFiUser> {
-
- private static final Logger logger = LoggerFactory.getLogger(UpdateUserAction.class);
-
- private final String id;
- private final Set<Authority> authorities;
-
- public UpdateUserAction(String id, Set<Authority> authorities) {
- this.id = id;
- this.authorities = authorities;
- }
-
- @Override
- public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException, AdministrationException {
- UserDAO userDao = daoFactory.getUserDAO();
-
- // get the user
- NiFiUser user = userDao.findUserById(id);
-
- // ensure the user exists
- if (user == null) {
- throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", id));
- }
-
- // determine whether this users exists
- boolean doesIdentityExist = false;
- try {
- doesIdentityExist = authorityProvider.doesDnExist(user.getIdentity());
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
- }
-
- // if the user already doesn't exist, add them
- if (!doesIdentityExist) {
- try {
- // add the account account and group if necessary
- authorityProvider.addUser(user.getIdentity(), user.getUserGroup());
- } catch (final IdentityAlreadyExistsException iaee) {
- logger.warn(String.format("User '%s' already exists in the authority provider. Continuing with user update.", user.getIdentity()));
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authorities for '%s': %s", user.getIdentity(), aae.getMessage()), aae);
- }
- }
-
- try {
- // update the authority provider as approprivate
- authorityProvider.setAuthorities(user.getIdentity(), authorities);
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
- }
-
- try {
- // get the user group
- user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity()));
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
- }
-
- // since all the authorities were updated accordingly, set the authorities
- user.getAuthorities().clear();
- user.getAuthorities().addAll(authorities);
-
- // update the users status in case they were previously pending or disabled
- user.setStatus(AccountStatus.ACTIVE);
-
- // update the users last verified time - this timestamp shouldn't be recorded
- // until the both the user's authorities and group have been synced
- Date now = new Date();
- user.setLastVerified(now);
-
- // persist the user's updates
- UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user);
- updateUser.execute(daoFactory, authorityProvider);
-
- // persist the user's authorities
- UpdateUserAuthoritiesCacheAction updateUserAuthorities = new UpdateUserAuthoritiesCacheAction(user);
- updateUserAuthorities.execute(daoFactory, authorityProvider);
-
- // return the user
- return user;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAuthoritiesCacheAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAuthoritiesCacheAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAuthoritiesCacheAction.java
deleted file mode 100644
index 89661b2..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAuthoritiesCacheAction.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Set;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.collections4.CollectionUtils;
-
-/**
- * Updates a NiFiUser's authorities. Prior to invoking this action, the user's
- * authorities should be set according to the business logic of the service in
- * question. This should not be invoked directly when attempting to set user
- * authorities as the authorityProvider is not called from this action.
- */
-public class UpdateUserAuthoritiesCacheAction extends AbstractUserAction<Void> {
-
- private final NiFiUser user;
-
- public UpdateUserAuthoritiesCacheAction(NiFiUser user) {
- this.user = user;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
- AuthorityDAO authorityDao = daoFactory.getAuthorityDAO();
-
- // get the user
- NiFiUser currentUser = userDao.findUserById(user.getId());
-
- // ensure the user exists
- if (currentUser == null) {
- throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", user.getId()));
- }
-
- // determine what authorities need to be added/removed
- Set<Authority> authorities = user.getAuthorities();
- Set<Authority> authoritiesToAdd = determineAuthoritiesToAdd(currentUser, authorities);
- Set<Authority> authoritiesToRemove = determineAuthoritiesToRemove(currentUser, authorities);
-
- // update the user authorities locally
- if (CollectionUtils.isNotEmpty(authoritiesToAdd)) {
- authorityDao.createAuthorities(authoritiesToAdd, user.getId());
- }
- if (CollectionUtils.isNotEmpty(authoritiesToRemove)) {
- authorityDao.deleteAuthorities(authoritiesToRemove, user.getId());
- }
-
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserCacheAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserCacheAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserCacheAction.java
deleted file mode 100644
index 288e297..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserCacheAction.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- * Updates a NiFiUser. This will not update the user authorities, they must be
- * updated with the UpdateUserAuthoritiesAction.
- */
-public class UpdateUserCacheAction extends AbstractUserAction<Void> {
-
- private final NiFiUser user;
-
- public UpdateUserCacheAction(NiFiUser user) {
- this.user = user;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
-
- // update the user
- userDao.updateUser(user);
-
- return null;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java
deleted file mode 100644
index 1d7941f..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Updates all NiFiUser authorities in a specified group.
- */
-public class UpdateUserGroupAction extends AbstractUserAction<Void> {
-
- private static final Logger logger = LoggerFactory.getLogger(UpdateUserGroupAction.class);
-
- private final String group;
- private final Set<String> userIds;
- private final Set<Authority> authorities;
-
- public UpdateUserGroupAction(String group, Set<String> userIds, Set<Authority> authorities) {
- this.group = group;
- this.userIds = userIds;
- this.authorities = authorities;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- if (userIds == null && authorities == null) {
- throw new IllegalArgumentException("Must specify user Ids or authorities.");
- }
-
- UserDAO userDao = daoFactory.getUserDAO();
-
- // record the new users being added to this group
- final Set<NiFiUser> newUsers = new HashSet<>();
- final Set<String> newUserIdentities = new HashSet<>();
-
- // if the user ids have been specified we need to create/update a group using the specified group name
- if (userIds != null) {
- if (userIds.isEmpty()) {
- throw new IllegalArgumentException("When creating a group, at least one user id must be specified.");
- }
-
- // going to create a group using the specified user ids
- for (final String userId : userIds) {
- // get the user in question
- final NiFiUser user = userDao.findUserById(userId);
-
- // ensure the user exists
- if (user == null) {
- throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", userId));
- }
-
- try {
- // if the user is unknown to the authority provider we cannot continue
- if (!authorityProvider.doesDnExist(user.getIdentity()) || AccountStatus.DISABLED.equals(user.getStatus())) {
- throw new IllegalStateException(String.format("Unable to group these users because access for '%s' is not %s.", user.getIdentity(), AccountStatus.ACTIVE.toString()));
- }
-
- // record the user being added to this group
- newUsers.add(user);
- newUserIdentities.add(user.getIdentity());
- } catch (final AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
- }
- }
-
- try {
- // update the authority provider
- authorityProvider.setUsersGroup(newUserIdentities, group);
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserIdentities, ", "), uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserIdentities, ", "), aae.getMessage()), aae);
- }
- }
-
- // get all the users that need to be updated
- final Set<NiFiUser> users = new HashSet<>(userDao.findUsersForGroup(group));
- users.addAll(newUsers);
-
- // ensure the user exists
- if (users.isEmpty()) {
- throw new AccountNotFoundException(String.format("Unable to find user accounts with group id %s.", group));
- }
-
- // update each user in this group
- for (final NiFiUser user : users) {
- // if there are new authorities set them, otherwise refresh them according to the provider
- if (authorities != null) {
- try {
- // update the authority provider as approprivate
- authorityProvider.setAuthorities(user.getIdentity(), authorities);
-
- // since all the authorities were updated accordingly, set the authorities
- user.getAuthorities().clear();
- user.getAuthorities().addAll(authorities);
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
- }
- } else {
- try {
- // refresh the authorities according to the provider
- user.getAuthorities().clear();
- user.getAuthorities().addAll(authorityProvider.getAuthorities(user.getIdentity()));
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to determine the authorities for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
- }
- }
-
- try {
- // get the user group
- user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity()));
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getIdentity(), uie.getMessage()), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getIdentity(), aae.getMessage()), aae);
- }
-
- // update the users status in case they were previously pending or disabled
- user.setStatus(AccountStatus.ACTIVE);
-
- // update the users last verified time - this timestamp shouldn't be recorded
- // until the both the user's authorities and group have been synced
- Date now = new Date();
- user.setLastVerified(now);
-
- // persist the user's updates
- UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user);
- updateUser.execute(daoFactory, authorityProvider);
-
- // persist the user's authorities
- UpdateUserAuthoritiesCacheAction updateUserAuthorities = new UpdateUserAuthoritiesCacheAction(user);
- updateUserAuthorities.execute(daoFactory, authorityProvider);
- }
-
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardUserService.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardUserService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardUserService.java
index c37a562..b3f749c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardUserService.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/impl/StandardUserService.java
@@ -16,53 +16,24 @@
*/
package org.apache.nifi.admin.service.impl;
-import java.io.IOException;
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.locks.ReentrantReadWriteLock;
-
import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.service.AccountDisabledException;
-import org.apache.nifi.admin.service.AccountPendingException;
import org.apache.nifi.admin.service.AdministrationException;
import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.admin.service.action.AuthorizeDownloadAction;
-import org.apache.nifi.admin.service.action.AuthorizeUserAction;
import org.apache.nifi.admin.service.action.DeleteKeysAction;
-import org.apache.nifi.admin.service.action.DeleteUserAction;
-import org.apache.nifi.admin.service.action.DisableUserAction;
-import org.apache.nifi.admin.service.action.DisableUserGroupAction;
-import org.apache.nifi.admin.service.action.FindUserByDnAction;
-import org.apache.nifi.admin.service.action.FindUserByIdAction;
import org.apache.nifi.admin.service.action.GetKeyByIdAction;
import org.apache.nifi.admin.service.action.GetOrCreateKeyAction;
-import org.apache.nifi.admin.service.action.GetUserGroupAction;
-import org.apache.nifi.admin.service.action.GetUsersAction;
-import org.apache.nifi.admin.service.action.HasPendingUserAccounts;
-import org.apache.nifi.admin.service.action.InvalidateUserAccountAction;
-import org.apache.nifi.admin.service.action.InvalidateUserGroupAccountsAction;
-import org.apache.nifi.admin.service.action.RequestUserAccountAction;
-import org.apache.nifi.admin.service.action.SeedUserAccountsAction;
-import org.apache.nifi.admin.service.action.UpdateUserAction;
-import org.apache.nifi.admin.service.action.UpdateUserGroupAction;
-import org.apache.nifi.admin.service.action.UngroupUserAction;
-import org.apache.nifi.admin.service.action.UngroupUserGroupAction;
import org.apache.nifi.admin.service.transaction.Transaction;
import org.apache.nifi.admin.service.transaction.TransactionBuilder;
import org.apache.nifi.admin.service.transaction.TransactionException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.DownloadAuthorization;
import org.apache.nifi.key.Key;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.user.NiFiUserGroup;
-import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.util.NiFiProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.IOException;
+import java.util.concurrent.locks.Lock;
+import java.util.concurrent.locks.ReentrantReadWriteLock;
+
/**
*
*/
@@ -71,553 +42,12 @@ public class StandardUserService implements UserService {
private static final Logger logger = LoggerFactory.getLogger(StandardUserService.class);
private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock();
- private final ReentrantReadWriteLock.ReadLock readLock = lock.readLock();
- private final ReentrantReadWriteLock.WriteLock writeLock = lock.writeLock();
+ private final Lock readLock = lock.readLock();
+ private final Lock writeLock = lock.writeLock();
private TransactionBuilder transactionBuilder;
private NiFiProperties properties;
- /**
- * Seed any users from the authority provider that are not already present.
- */
- public void seedUserAccounts() {
- // do not seed node's user cache. when/if the node disconnects its
- // cache will be populated lazily (as needed)
- if (properties.isNode()) {
- return;
- }
-
- Transaction transaction = null;
- writeLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // seed the accounts
- SeedUserAccountsAction seedUserAccounts = new SeedUserAccountsAction();
- transaction.execute(seedUserAccounts);
-
- // commit the transaction
- transaction.commit();
- } catch (AdministrationException ae) {
- rollback(transaction);
- throw ae;
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public NiFiUser createPendingUserAccount(String dn, String justification) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // create the account request
- RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(dn, justification);
- NiFiUser user = transaction.execute(requestUserAccount);
-
- // commit the transaction
- transaction.commit();
-
- // return the nifi user
- return user;
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public NiFiUserGroup updateGroup(final String group, final Set<String> userIds, final Set<Authority> authorities) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // if user ids have been specified, invalidate the user accounts before performing
- // the desired updates. if case of an error, this will ensure that these users are
- // authorized the next time the access the application
- if (userIds != null) {
- for (final String userId : userIds) {
- invalidateUserAccount(userId);
- }
- }
-
- // start the transaction
- transaction = transactionBuilder.start();
-
- // set the authorities for each user in this group if specified
- final UpdateUserGroupAction updateUserGroup = new UpdateUserGroupAction(group, userIds, authorities);
- transaction.execute(updateUserGroup);
-
- // get all the users that are now in this group
- final GetUserGroupAction getUserGroup = new GetUserGroupAction(group);
- final NiFiUserGroup userGroup = transaction.execute(getUserGroup);
-
- // commit the transaction
- transaction.commit();
-
- return userGroup;
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public void ungroupUser(String id) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // ungroup the specified user
- final UngroupUserAction ungroupUser = new UngroupUserAction(id);
- transaction.execute(ungroupUser);
-
- // commit the transaction
- transaction.commit();
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public void ungroup(String group) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // ungroup the specified user
- final UngroupUserGroupAction ungroupUserGroup = new UngroupUserGroupAction(group);
- transaction.execute(ungroupUserGroup);
-
- // commit the transaction
- transaction.commit();
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public NiFiUser checkAuthorization(String dn) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // create the connection
- transaction = transactionBuilder.start();
-
- // determine how long the cache is valid for
- final int cacheSeconds;
- try {
- cacheSeconds = (int) FormatUtils.getTimeDuration(properties.getUserCredentialCacheDuration(), TimeUnit.SECONDS);
- } catch (IllegalArgumentException iae) {
- throw new AdministrationException("User credential cache duration is not configured correctly.");
- }
-
- // attempt to authorize the user
- AuthorizeUserAction authorizeUser = new AuthorizeUserAction(dn, cacheSeconds);
- NiFiUser user = transaction.execute(authorizeUser);
-
- // commit the transaction
- transaction.commit();
-
- // return the nifi user
- return user;
- } catch (DataAccessException | TransactionException dae) {
- rollback(transaction);
- throw new AdministrationException(dae);
- } catch (AccountDisabledException | AccountPendingException ade) {
- rollback(transaction);
- throw ade;
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public void deleteUser(String id) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // create the connection
- transaction = transactionBuilder.start();
-
- // delete the user
- DeleteUserAction deleteUser = new DeleteUserAction(id);
- transaction.execute(deleteUser);
-
- // commit the transaction
- transaction.commit();
- } catch (DataAccessException | TransactionException dae) {
- rollback(transaction);
- throw new AdministrationException(dae);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public NiFiUser disable(String id) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // create the connection
- transaction = transactionBuilder.start();
-
- // disable the user
- DisableUserAction disableUser = new DisableUserAction(id);
- NiFiUser user = transaction.execute(disableUser);
-
- // commit the transaction
- transaction.commit();
-
- // return the user
- return user;
- } catch (DataAccessException | TransactionException dae) {
- rollback(transaction);
- throw new AdministrationException(dae);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public NiFiUserGroup disableGroup(String group) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // create the connection
- transaction = transactionBuilder.start();
-
- // disable the user
- DisableUserGroupAction disableUser = new DisableUserGroupAction(group);
- NiFiUserGroup userGroup = transaction.execute(disableUser);
-
- // commit the transaction
- transaction.commit();
-
- // return the user
- return userGroup;
- } catch (DataAccessException | TransactionException dae) {
- rollback(transaction);
- throw new AdministrationException(dae);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public NiFiUser update(String id, Set<Authority> authorities) {
- Transaction transaction = null;
-
- // may be empty but not null
- if (authorities == null) {
- throw new IllegalArgumentException("The specified authorities cannot be null.");
- }
-
- writeLock.lock();
- try {
- // invalidate the user account in preparation for potential subsequent errors
- invalidateUserAccount(id);
-
- // at this point the current user account has been invalidated so we will
- // attempt to update the account. if any part fails we are assured the
- // user will be need to be given approval before they access the system at
- // a later time
- // start the transaction
- transaction = transactionBuilder.start();
-
- // update the user authorities
- UpdateUserAction setUserAuthorities = new UpdateUserAction(id, authorities);
- NiFiUser user = transaction.execute(setUserAuthorities);
-
- // commit the transaction
- transaction.commit();
-
- // return the user
- return user;
- } catch (TransactionException | DataAccessException e) {
- rollback(transaction);
- throw new AdministrationException(e);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- /**
- * Invalidates the user with the specified id. This is done to ensure a user account will need to be re-validated in case an error occurs while modifying a user account. This method should only be
- * invoked from within a write lock.
- *
- * @param id user account identifier
- */
- @Override
- public void invalidateUserAccount(String id) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // invalidate the user account
- InvalidateUserAccountAction invalidateUserAccount = new InvalidateUserAccountAction(id);
- transaction.execute(invalidateUserAccount);
-
- // commit the transaction
- transaction.commit();
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- @Override
- public void invalidateUserGroupAccount(String group) {
- Transaction transaction = null;
-
- writeLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // invalidate the user account
- InvalidateUserGroupAccountsAction invalidateUserGroupAccounts = new InvalidateUserGroupAccountsAction(group);
- transaction.execute(invalidateUserGroupAccounts);
-
- // commit the transaction
- transaction.commit();
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- writeLock.unlock();
- }
- }
-
- // -----------------
- // read only methods
- // -----------------
- @Override
- public Boolean hasPendingUserAccount() {
- Transaction transaction = null;
-
- readLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- final HasPendingUserAccounts hasPendingAccounts = new HasPendingUserAccounts();
- final Boolean hasPendingUserAccounts = transaction.execute(hasPendingAccounts);
-
- // commit the transaction
- transaction.commit();
-
- return hasPendingUserAccounts;
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- readLock.unlock();
- }
- }
-
- @Override
- public DownloadAuthorization authorizeDownload(final List<String> dnChain, final Map<String, String> attributes) {
- Transaction transaction = null;
-
- readLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // authorize the download
- AuthorizeDownloadAction authorizeDownload = new AuthorizeDownloadAction(dnChain, attributes);
- DownloadAuthorization downloadAuthorization = transaction.execute(authorizeDownload);
-
- // commit the transaction
- transaction.commit();
-
- // return the authorization
- return downloadAuthorization;
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- readLock.unlock();
- }
- }
-
- @Override
- public Collection<NiFiUser> getUsers() {
- Transaction transaction = null;
-
- readLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // get all users
- GetUsersAction getUsers = new GetUsersAction();
- Collection<NiFiUser> users = transaction.execute(getUsers);
-
- // commit the transaction
- transaction.commit();
-
- // return the users
- return users;
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- readLock.unlock();
- }
- }
-
- @Override
- public NiFiUser getUserById(String id) {
- Transaction transaction = null;
-
- readLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // return the desired user
- FindUserByIdAction findUserById = new FindUserByIdAction(id);
- NiFiUser user = transaction.execute(findUserById);
-
- // commit the transaction
- transaction.commit();
-
- // return the user
- return user;
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- readLock.unlock();
- }
- }
-
- @Override
- public NiFiUser getUserByDn(String dn) {
- Transaction transaction = null;
-
- readLock.lock();
- try {
- // start the transaction
- transaction = transactionBuilder.start();
-
- // return the desired user
- FindUserByDnAction findUserByDn = new FindUserByDnAction(dn);
- NiFiUser user = transaction.execute(findUserByDn);
-
- // commit the transaction
- transaction.commit();
-
- // return the user
- return user;
- } catch (TransactionException | DataAccessException te) {
- rollback(transaction);
- throw new AdministrationException(te);
- } catch (Throwable t) {
- rollback(transaction);
- throw t;
- } finally {
- closeQuietly(transaction);
- readLock.unlock();
- }
- }
-
@Override
public Key getKey(int id) {
Transaction transaction = null;
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransaction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransaction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransaction.java
index a3cfb5e..1390768 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransaction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransaction.java
@@ -16,19 +16,19 @@
*/
package org.apache.nifi.admin.service.transaction.impl;
-import java.io.IOException;
-import java.sql.Connection;
-import java.sql.SQLException;
import org.apache.nifi.admin.RepositoryUtils;
import org.apache.nifi.admin.dao.DAOFactory;
import org.apache.nifi.admin.dao.impl.DAOFactoryImpl;
import org.apache.nifi.admin.service.action.AdministrationAction;
-import org.apache.nifi.admin.service.transaction.TransactionException;
import org.apache.nifi.admin.service.transaction.Transaction;
-import org.apache.nifi.authorization.AuthorityProvider;
+import org.apache.nifi.admin.service.transaction.TransactionException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.IOException;
+import java.sql.Connection;
+import java.sql.SQLException;
+
/**
* Transaction implementation that uses the specified SQL Connection and
* AuthorityProvider.
@@ -37,11 +37,9 @@ public class StandardTransaction implements Transaction {
private static final Logger logger = LoggerFactory.getLogger(StandardTransaction.class);
- private final AuthorityProvider authorityProvider;
private Connection connection;
- public StandardTransaction(AuthorityProvider authorityProvider, Connection connection) {
- this.authorityProvider = authorityProvider;
+ public StandardTransaction(Connection connection) {
this.connection = connection;
}
@@ -56,7 +54,7 @@ public class StandardTransaction implements Transaction {
DAOFactory daoFactory = new DAOFactoryImpl(connection);
// execute the specified action
- return action.execute(daoFactory, authorityProvider);
+ return action.execute(daoFactory);
}
@Override
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransactionBuilder.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransactionBuilder.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransactionBuilder.java
index b6e5a30..7d4a1fc 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransactionBuilder.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/transaction/impl/StandardTransactionBuilder.java
@@ -22,7 +22,6 @@ import javax.sql.DataSource;
import org.apache.nifi.admin.service.transaction.Transaction;
import org.apache.nifi.admin.service.transaction.TransactionBuilder;
import org.apache.nifi.admin.service.transaction.TransactionException;
-import org.apache.nifi.authorization.AuthorityProvider;
/**
*
@@ -30,7 +29,6 @@ import org.apache.nifi.authorization.AuthorityProvider;
public class StandardTransactionBuilder implements TransactionBuilder {
private DataSource dataSource;
- private AuthorityProvider authorityProvider;
@Override
public Transaction start() throws TransactionException {
@@ -40,7 +38,7 @@ public class StandardTransactionBuilder implements TransactionBuilder {
connection.setAutoCommit(false);
// create a new transaction
- return new StandardTransaction(authorityProvider, connection);
+ return new StandardTransaction(connection);
} catch (SQLException sqle) {
throw new TransactionException(sqle.getMessage());
}
@@ -50,8 +48,4 @@ public class StandardTransactionBuilder implements TransactionBuilder {
public void setDataSource(DataSource dataSource) {
this.dataSource = dataSource;
}
-
- public void setAuthorityProvider(AuthorityProvider authorityProvider) {
- this.authorityProvider = authorityProvider;
- }
}
[8/9] nifi git commit: NIFI-1551: - Starting to remove the
AuthorityProvider. - This closes #330
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java
deleted file mode 100644
index 4e2cc26..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.dao.impl;
-
-import java.sql.Connection;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.util.EnumSet;
-import java.util.Set;
-import org.apache.nifi.admin.RepositoryUtils;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.authorization.Authority;
-
-/**
- *
- */
-public class StandardAuthorityDAO implements AuthorityDAO {
-
- private static final String SELECT_AUTHORITIES_FOR_USER = "SELECT ID, ROLE "
- + "FROM AUTHORITY "
- + "WHERE USER_ID = ?";
-
- private static final String INSERT_AUTHORITY = "INSERT INTO AUTHORITY ("
- + "USER_ID, ROLE"
- + ") VALUES ("
- + "?, ?"
- + ")";
-
- private static final String DELETE_AUTHORITY = "DELETE FROM AUTHORITY "
- + "WHERE USER_ID = ? AND ROLE = ?";
-
- private static final String DELETE_AUTHORITIES_FOR_USER = "DELETE FROM AUTHORITY "
- + "WHERE USER_ID = ?";
-
- private final Connection connection;
-
- public StandardAuthorityDAO(Connection connection) {
- this.connection = connection;
- }
-
- @Override
- public void createAuthorities(Set<Authority> authorities, String userId) throws DataAccessException {
- if (authorities == null) {
- throw new IllegalArgumentException("Specified authorities cannot be null.");
- }
-
- // ensure there are some authorities to create
- if (!authorities.isEmpty()) {
- PreparedStatement statement = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(INSERT_AUTHORITY);
- statement.setString(1, userId);
- for (Authority authority : authorities) {
- statement.setString(2, authority.toString());
- statement.addBatch();
- }
-
- // insert the authorities
- int[] updateCounts = statement.executeBatch();
- for (int updateCount : updateCounts) {
- if (updateCount != 1) {
- throw new DataAccessException("Unable to insert user authorities.");
- }
- }
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
- }
-
- @Override
- public void deleteAuthorities(String userId) throws DataAccessException {
- // ensure there are some authorities to create
- PreparedStatement statement = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(DELETE_AUTHORITIES_FOR_USER);
- statement.setString(1, userId);
-
- // insert the authorities
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void deleteAuthorities(Set<Authority> authorities, String userId) throws DataAccessException {
- if (authorities == null) {
- throw new IllegalArgumentException("Specified authorities cannot be null.");
- }
-
- // ensure there are some authorities to create
- if (!authorities.isEmpty()) {
- PreparedStatement statement = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(DELETE_AUTHORITY);
- statement.setString(1, userId);
- for (Authority authority : authorities) {
- statement.setString(2, authority.toString());
- statement.addBatch();
- }
-
- // insert the authorities
- int[] updateCounts = statement.executeBatch();
- for (int updateCount : updateCounts) {
- if (updateCount != 1) {
- throw new DataAccessException("Unable to remove user authorities.");
- }
- }
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
- }
-
- @Override
- public Set<Authority> findAuthoritiesByUserId(String userId) throws DataAccessException {
- Set<Authority> authorities = EnumSet.noneOf(Authority.class);
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(SELECT_AUTHORITIES_FOR_USER);
- statement.setString(1, userId);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create each corresponding authority
- while (rs.next()) {
- authorities.add(Authority.valueOfAuthority(rs.getString("ROLE")));
- }
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
-
- return authorities;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java
deleted file mode 100644
index 20356e3..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java
+++ /dev/null
@@ -1,641 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.dao.impl;
-
-import java.nio.charset.StandardCharsets;
-import java.sql.Connection;
-import org.apache.nifi.admin.dao.UserDAO;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.sql.Types;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.UUID;
-import org.apache.nifi.admin.RepositoryUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- * Responsible for loading and persisting NiFiUsers.
- */
-public class StandardUserDAO implements UserDAO {
-
- private static final String SELECT_PENDING_ACCOUNTS_COUNT = "SELECT "
- + "COUNT(*) as PENDING_ACCOUNTS "
- + "FROM USER U "
- + "WHERE U.STATUS = 'PENDING'";
-
- private static final String SELECT_USER_BY_USER = "SELECT "
- + "U.ID, "
- + "U.IDENTITY, "
- + "U.USER_NAME, "
- + "U.USER_GROUP, "
- + "U.CREATION, "
- + "U.LAST_ACCESSED, "
- + "U.LAST_VERIFIED, "
- + "U.JUSTIFICATION, "
- + "U.STATUS, "
- + "A.ROLE "
- + "FROM USER U "
- + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
- + "ON U.ID = A.USER_ID "
- + "WHERE U.IDENTITY = ?";
-
- private static final String SELECT_USER_BY_ID = "SELECT "
- + "U.ID, "
- + "U.IDENTITY, "
- + "U.USER_NAME, "
- + "U.USER_GROUP, "
- + "U.CREATION, "
- + "U.LAST_ACCESSED, "
- + "U.LAST_VERIFIED, "
- + "U.JUSTIFICATION, "
- + "U.STATUS, "
- + "A.ROLE "
- + "FROM USER U "
- + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
- + "ON U.ID = A.USER_ID "
- + "WHERE U.ID = ?";
-
- private static final String SELECT_USERS = "SELECT "
- + "U.ID, "
- + "U.IDENTITY, "
- + "U.USER_NAME, "
- + "U.USER_GROUP, "
- + "U.CREATION, "
- + "U.LAST_ACCESSED, "
- + "U.LAST_VERIFIED, "
- + "U.JUSTIFICATION, "
- + "U.STATUS, "
- + "A.ROLE "
- + "FROM USER U "
- + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
- + "ON U.ID = A.USER_ID "
- + "WHERE U.IDENTITY <> ?";
-
- private static final String SELECT_USER_GROUPS = "SELECT DISTINCT "
- + "U.USER_GROUP "
- + "FROM USER U";
-
- private static final String SELECT_USER_GROUP = "SELECT "
- + "U.ID, "
- + "U.IDENTITY, "
- + "U.USER_NAME, "
- + "U.USER_GROUP, "
- + "U.CREATION, "
- + "U.LAST_ACCESSED, "
- + "U.LAST_VERIFIED, "
- + "U.JUSTIFICATION, "
- + "U.STATUS, "
- + "A.ROLE "
- + "FROM USER U "
- + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
- + "ON U.ID = A.USER_ID "
- + "WHERE U.IDENTITY <> ? AND U.USER_GROUP = ?";
-
- private static final String INSERT_USER = "INSERT INTO USER ("
- + "ID, IDENTITY, USER_NAME, USER_GROUP, CREATION, LAST_VERIFIED, JUSTIFICATION, STATUS"
- + ") VALUES ("
- + "?, "
- + "?, "
- + "?, "
- + "?, "
- + "NOW(), "
- + "?, "
- + "?, "
- + "?"
- + ")";
-
- private static final String UPDATE_USER = "UPDATE USER SET "
- + "IDENTITY = ?, "
- + "USER_NAME = ?, "
- + "USER_GROUP = ?, "
- + "LAST_ACCESSED = ?, "
- + "LAST_VERIFIED = ?, "
- + "JUSTIFICATION = ?, "
- + "STATUS = ? "
- + "WHERE ID = ?";
-
- private static final String UPDATE_USER_GROUP_STATUS = "UPDATE USER SET "
- + "STATUS = ?,"
- + "USER_GROUP = NULL "
- + "WHERE USER_GROUP = ?";
-
- private static final String UPDATE_USER_GROUP_VERIFICATION = "UPDATE USER SET "
- + "LAST_VERIFIED = ? "
- + "WHERE USER_GROUP = ?";
-
- private static final String UNGROUP_GROUP = "UPDATE USER SET "
- + "USER_GROUP = NULL "
- + "WHERE USER_GROUP = ?";
-
- private static final String DELETE_USER = "DELETE FROM USER "
- + "WHERE ID = ?";
-
- private final Connection connection;
-
- public StandardUserDAO(Connection connection) {
- this.connection = connection;
- }
-
- @Override
- public Boolean hasPendingUserAccounts() throws DataAccessException {
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_PENDING_ACCOUNTS_COUNT);
-
- // execute the query
- rs = statement.executeQuery();
-
- // get the first row which will contain the number of pending accounts
- if (rs.next()) {
- int pendingAccounts = rs.getInt("PENDING_ACCOUNTS");
- return pendingAccounts > 0;
- }
-
- // query returned no results?
- return false;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public Set<NiFiUser> findUsers() throws DataAccessException {
- Set<NiFiUser> users = new HashSet<>();
-
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USERS);
- statement.setString(1, NiFiUser.ANONYMOUS_USER_IDENTITY);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create the user
- NiFiUser user = null;
-
- // go through the user and its roles
- while (rs.next()) {
- // get the user id for the current record
- String userId = rs.getString("ID");
-
- // create the user during the first iteration
- if (user == null || !userId.equals(user.getId())) {
- user = new NiFiUser();
- user.setId(userId);
- user.setIdentity(rs.getString("IDENTITY"));
- user.setUserName(rs.getString("USER_NAME"));
- user.setUserGroup(rs.getString("USER_GROUP"));
- user.setJustification(rs.getString("JUSTIFICATION"));
- user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
-
- // set the creation date
- user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
-
- // get the last accessed date
- if (rs.getTimestamp("LAST_ACCESSED") != null) {
- user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
- }
-
- // get the last verified date
- if (rs.getTimestamp("LAST_VERIFIED") != null) {
- user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
- }
-
- // add the user
- users.add(user);
- }
-
- // the select statement performs a left join since the desired
- // user may not have any authorities
- String authority = rs.getString("ROLE");
- if (StringUtils.isNotBlank(authority)) {
- user.getAuthorities().add(Authority.valueOfAuthority(authority));
- }
- }
-
- return users;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public Set<String> findUserGroups() throws DataAccessException {
- Set<String> userGroups = new HashSet<>();
-
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USER_GROUPS);
-
- // execute the query
- rs = statement.executeQuery();
-
- // get each user group
- while (rs.next()) {
- userGroups.add(rs.getString("USER_GROUP"));
- }
-
- return userGroups;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public Set<NiFiUser> findUsersForGroup(String group) throws DataAccessException {
- Set<NiFiUser> users = new HashSet<>();
-
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USER_GROUP);
- statement.setString(1, NiFiUser.ANONYMOUS_USER_IDENTITY);
- statement.setString(2, group);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create the user
- NiFiUser user = null;
-
- // go through the user and its roles
- while (rs.next()) {
- // get the user id for the current record
- String userId = rs.getString("ID");
-
- // create the user during the first iteration
- if (user == null || !userId.equals(user.getId())) {
- user = new NiFiUser();
- user.setId(userId);
- user.setIdentity(rs.getString("IDENTITY"));
- user.setUserName(rs.getString("USER_NAME"));
- user.setUserGroup(rs.getString("USER_GROUP"));
- user.setJustification(rs.getString("JUSTIFICATION"));
- user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
-
- // set the creation date
- user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
-
- // get the last accessed date
- if (rs.getTimestamp("LAST_ACCESSED") != null) {
- user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
- }
-
- // get the last verified date
- if (rs.getTimestamp("LAST_VERIFIED") != null) {
- user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
- }
-
- // add the user
- users.add(user);
- }
-
- // the select statement performs a left join since the desired
- // user may not have any authorities
- String authority = rs.getString("ROLE");
- if (StringUtils.isNotBlank(authority)) {
- user.getAuthorities().add(Authority.valueOfAuthority(authority));
- }
- }
-
- return users;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public NiFiUser findUserById(String id) throws DataAccessException {
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USER_BY_ID);
- statement.setString(1, id);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create the user
- NiFiUser user = null;
-
- // go through the user and its roles
- while (rs.next()) {
- // create the user during the first iteration
- if (user == null) {
- user = new NiFiUser();
- user.setId(rs.getString("ID"));
- user.setIdentity(rs.getString("IDENTITY"));
- user.setUserName(rs.getString("USER_NAME"));
- user.setUserGroup(rs.getString("USER_GROUP"));
- user.setJustification(rs.getString("JUSTIFICATION"));
- user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
-
- // set the creation date
- user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
-
- // get the last accessed date
- if (rs.getTimestamp("LAST_ACCESSED") != null) {
- user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
- }
-
- // get the last verified date
- if (rs.getTimestamp("LAST_VERIFIED") != null) {
- user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
- }
- }
-
- // the select statement performs a left join since the desired
- // user may not have any authorities
- String authority = rs.getString("ROLE");
- if (StringUtils.isNotBlank(authority)) {
- user.getAuthorities().add(Authority.valueOfAuthority(authority));
- }
- }
-
- return user;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public NiFiUser findUserByDn(String dn) throws DataAccessException {
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USER_BY_USER);
- statement.setString(1, dn);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create the user
- NiFiUser user = null;
-
- // go through the user and its roles
- while (rs.next()) {
- // create the user during the first iteration
- if (user == null) {
- user = new NiFiUser();
- user.setId(rs.getString("ID"));
- user.setIdentity(rs.getString("IDENTITY"));
- user.setUserName(rs.getString("USER_NAME"));
- user.setUserGroup(rs.getString("USER_GROUP"));
- user.setJustification(rs.getString("JUSTIFICATION"));
- user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
-
- // set the creation date
- user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
-
- // get the last accessed date
- if (rs.getTimestamp("LAST_ACCESSED") != null) {
- user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
- }
-
- // get the last verified date
- if (rs.getTimestamp("LAST_VERIFIED") != null) {
- user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
- }
- }
-
- // the select statement performs a left join since the desired
- // user may not have any authorities
- String authority = rs.getString("ROLE");
- if (StringUtils.isNotBlank(authority)) {
- user.getAuthorities().add(Authority.valueOfAuthority(authority));
- }
- }
-
- return user;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public NiFiUser createUser(NiFiUser user) throws DataAccessException {
- if (user.getIdentity() == null) {
- throw new IllegalArgumentException("User identity must be specified.");
- }
-
- // ensure the user identity is not too lengthy
- if (user.getIdentity().length() > 4096) {
- throw new IllegalArgumentException("User identity must be less than 4096 characters.");
- }
-
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- final String id = UUID.nameUUIDFromBytes(user.getIdentity().getBytes(StandardCharsets.UTF_8)).toString();
-
- // create a statement
- statement = connection.prepareStatement(INSERT_USER, Statement.RETURN_GENERATED_KEYS);
- statement.setString(1, id);
- statement.setString(2, StringUtils.left(user.getIdentity(), 4096));
- statement.setString(3, StringUtils.left(user.getUserName(), 4096));
- statement.setString(4, StringUtils.left(user.getUserGroup(), 100));
- if (user.getLastVerified() != null) {
- statement.setTimestamp(5, new java.sql.Timestamp(user.getLastVerified().getTime()));
- } else {
- statement.setTimestamp(5, null);
- }
- statement.setString(6, StringUtils.left(user.getJustification(), 500));
- statement.setString(7, user.getStatus().toString());
-
- // insert the user
- int updateCount = statement.executeUpdate();
- if (updateCount == 1) {
- user.setId(id);
- } else {
- throw new DataAccessException("Unable to insert user.");
- }
-
- return user;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void deleteUser(String id) throws DataAccessException {
- // ensure there are some authorities to create
- PreparedStatement statement = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(DELETE_USER);
- statement.setString(1, id);
-
- // insert the authorities
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void updateUser(NiFiUser user) throws DataAccessException {
- PreparedStatement statement = null;
- try {
- // create a statement
- statement = connection.prepareStatement(UPDATE_USER);
- statement.setString(1, StringUtils.left(user.getIdentity(), 4096));
- statement.setString(2, StringUtils.left(user.getUserName(), 4096));
- statement.setString(3, StringUtils.left(user.getUserGroup(), 100));
- statement.setString(6, StringUtils.left(user.getJustification(), 500));
- statement.setString(7, user.getStatus().toString());
- statement.setString(8, user.getId());
-
- // set the last accessed time accordingly
- if (user.getLastAccessed() == null) {
- statement.setNull(4, Types.TIMESTAMP);
- } else {
- statement.setTimestamp(4, new java.sql.Timestamp(user.getLastAccessed().getTime()));
- }
-
- // set the last verified time accordingly
- if (user.getLastVerified() == null) {
- statement.setNull(5, Types.TIMESTAMP);
- } else {
- statement.setTimestamp(5, new java.sql.Timestamp(user.getLastVerified().getTime()));
- }
-
- // perform the update
- int updateCount = statement.executeUpdate();
- if (updateCount != 1) {
- throw new DataAccessException("Unable to update user.");
- }
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void updateGroupStatus(String group, AccountStatus status) throws DataAccessException {
- PreparedStatement statement = null;
- try {
- // create a statement
- statement = connection.prepareStatement(UPDATE_USER_GROUP_STATUS);
- statement.setString(1, status.toString());
- statement.setString(2, group);
-
- // perform the update
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void updateGroupVerification(String group, Date lastVerified) throws DataAccessException {
- PreparedStatement statement = null;
- try {
- // create a statement
- statement = connection.prepareStatement(UPDATE_USER_GROUP_VERIFICATION);
-
- // set the last verified time accordingly
- if (lastVerified == null) {
- statement.setNull(1, Types.TIMESTAMP);
- } else {
- statement.setTimestamp(1, new java.sql.Timestamp(lastVerified.getTime()));
- }
-
- // set the group
- statement.setString(2, group);
-
- // perform the update
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void ungroup(String group) throws DataAccessException {
- PreparedStatement statement = null;
- try {
- // create a statement
- statement = connection.prepareStatement(UNGROUP_GROUP);
- statement.setString(1, group);
-
- // perform the update
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java
deleted file mode 100644
index e8b3d10..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service;
-
-/**
- * Exception to indicate that the user account is disabled.
- */
-public class AccountDisabledException extends RuntimeException {
-
- public AccountDisabledException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
- super(message, cause, enableSuppression, writableStackTrace);
- }
-
- public AccountDisabledException(Throwable cause) {
- super(cause);
- }
-
- public AccountDisabledException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public AccountDisabledException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java
deleted file mode 100644
index dacc483..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service;
-
-/**
- * Exception to indicate that the user has already submitting an account request
- * and that request is still pending.
- */
-public class AccountPendingException extends RuntimeException {
-
- public AccountPendingException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
- super(message, cause, enableSuppression, writableStackTrace);
- }
-
- public AccountPendingException(Throwable cause) {
- super(cause);
- }
-
- public AccountPendingException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public AccountPendingException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java
index 4ea71af..3759b14 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java
@@ -16,145 +16,14 @@
*/
package org.apache.nifi.admin.service;
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.DownloadAuthorization;
import org.apache.nifi.key.Key;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.user.NiFiUserGroup;
/**
- * Manages NiFi user accounts.
+ * Manages NiFi user keys.
*/
public interface UserService {
/**
- * Creates a new user account using the specified dn and justification.
- *
- * @param dn user dn
- * @param justification why the account is necessary
- * @return the created NiFiUser
- */
- NiFiUser createPendingUserAccount(String dn, String justification);
-
- /**
- * @return Determines if there are any PENDING user accounts present
- */
- Boolean hasPendingUserAccount();
-
- /**
- * @param dnChain user dn chain
- * @param attributes attributes for authorization request
- * @return Determines if the users in the dnChain are authorized to download content with the specified attributes
- */
- DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes);
-
- /**
- * Updates a user group using the specified group comprised of the specified users. Returns all the users that are currently in the specified group.
- *
- * @param group group
- * @param userIds users
- * @param authorities auths
- * @return a user group
- */
- NiFiUserGroup updateGroup(String group, Set<String> userIds, Set<Authority> authorities);
-
- /**
- * Authorizes the user specified.
- *
- * @param dn user dn
- * @return the user for the given dn if found
- */
- NiFiUser checkAuthorization(String dn);
-
- /**
- * Deletes the user with the specified id.
- *
- * @param id user identifier
- */
- void deleteUser(String id);
-
- /**
- * Disables the specified users account.
- *
- * @param id user identifier
- * @return user for the given identifier
- */
- NiFiUser disable(String id);
-
- /**
- * Disables the specified user group.
- *
- * @param group to disable
- * @return user group
- */
- NiFiUserGroup disableGroup(String group);
-
- /**
- * Updates the specified user with the specified authorities.
- *
- * @param id identifier of user
- * @param authorities auths to set
- * @return the updated user
- */
- NiFiUser update(String id, Set<Authority> authorities);
-
- /**
- * Invalidates the specified user account.
- *
- * @param id identifier of user account to invalidate
- */
- void invalidateUserAccount(String id);
-
- /**
- * Invalidates the user accounts associated with the specified user group.
- *
- * @param group to invalidate user accounts on
- */
- void invalidateUserGroupAccount(String group);
-
- /**
- * Ungroups the specified group.
- *
- * @param group to split up
- */
- void ungroup(String group);
-
- /**
- * Ungroups the specified user.
- *
- * @param id user to ungroup
- */
- void ungroupUser(String id);
-
- /**
- * Returns a collection of all NiFiUsers.
- *
- * @return Collection of users
- */
- Collection<NiFiUser> getUsers();
-
- /**
- * Finds the specified user by id.
- *
- * @param id of the user
- * @return the user object
- */
- NiFiUser getUserById(String id);
-
- /**
- * Finds the specified user by dn.
- *
- * @param dn the user dn
- * @return the newly created user
- * @throws AdministrationException ae
- */
- NiFiUser getUserByDn(String dn);
-
- /**
* Gets a key for the specified user identity. Returns null if the user has not had a key issued
*
* @param id The key id
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java
deleted file mode 100644
index 69c6c1f..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Date;
-import java.util.EnumSet;
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- * @param <T> type of user action
- */
-public abstract class AbstractUserAction<T> implements AdministrationAction<T> {
-
- /**
- * Determines the authorities that need to be added to the specified user.
- *
- * @param user user
- * @param authorities auths
- * @return authorities to add
- */
- protected Set<Authority> determineAuthoritiesToAdd(NiFiUser user, Set<Authority> authorities) {
- // not using copyOf since authorities may be empty and copyOf can throw an IllegalArgumentException when empty
- Set<Authority> authoritiesToAdd = EnumSet.noneOf(Authority.class);
- authoritiesToAdd.addAll(authorities);
-
- // identify the authorities that need to be inserted
- authoritiesToAdd.removeAll(user.getAuthorities());
-
- // return the desired authorities
- return authoritiesToAdd;
- }
-
- /**
- * Determines the authorities that need to be removed from the specified
- * user.
- *
- * @param user user
- * @param authorities auths
- * @return auths to remove
- */
- protected Set<Authority> determineAuthoritiesToRemove(NiFiUser user, Set<Authority> authorities) {
- Set<Authority> authoritiesToRemove = EnumSet.copyOf(user.getAuthorities());
-
- // identify the authorities that need to be removed
- authoritiesToRemove.removeAll(authorities);
-
- // return the desired authorities
- return authoritiesToRemove;
- }
-
- /**
- * Verifies the specified users account. Includes obtaining the authorities
- * and group according to the specified authority provider.
- *
- * @param authorityProvider provider
- * @param user user to verify
- */
- protected void verifyAccount(AuthorityProvider authorityProvider, NiFiUser user) {
- // load the roles for the user
- Set<Authority> authorities = authorityProvider.getAuthorities(user.getIdentity());
-
- // update the user's authorities
- user.getAuthorities().clear();
- user.getAuthorities().addAll(authorities);
-
- // get the user group
- user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity()));
-
- // update the users status in case they were previously pending or disabled
- user.setStatus(AccountStatus.ACTIVE);
-
- // update the users last verified time - this timestampt shouldn't be record
- // until the both the user's authorities and group have been synced
- Date now = new Date();
- user.setLastVerified(now);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
index db1d8a2..937603e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
@@ -19,7 +19,6 @@ package org.apache.nifi.admin.service.action;
import org.apache.nifi.action.Action;
import org.apache.nifi.admin.dao.ActionDAO;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
import java.util.Collection;
@@ -35,7 +34,7 @@ public class AddActionsAction implements AdministrationAction<Void> {
}
@Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Void execute(DAOFactory daoFactory) {
ActionDAO actionDao = daoFactory.getActionDAO();
// add each action
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
index f1795a9..141aa84 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
@@ -17,7 +17,6 @@
package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
/**
* Defines the administration action. Actions are provided a DAO factory and
@@ -31,8 +30,7 @@ public interface AdministrationAction<T> {
* Performs an action using the specified DAOFactory and AuthorityProvider.
*
* @param daoFactory factory
- * @param authorityProvider provider
* @return action result
*/
- T execute(DAOFactory daoFactory, AuthorityProvider authorityProvider);
+ T execute(DAOFactory daoFactory);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java
deleted file mode 100644
index d1b994c..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.List;
-import java.util.Map;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.DownloadAuthorization;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-
-/**
- * Attempts to obtain authorization to download the content with the specified
- * attributes for the specified user.
- */
-public class AuthorizeDownloadAction implements AdministrationAction<DownloadAuthorization> {
-
- private final List<String> dnChain;
- private final Map<String, String> attributes;
-
- public AuthorizeDownloadAction(List<String> dnChain, Map<String, String> attributes) {
- this.dnChain = dnChain;
- this.attributes = attributes;
- }
-
- @Override
- public DownloadAuthorization execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
- try {
- return authorityProvider.authorizeDownload(dnChain, attributes);
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(uie.getMessage(), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(aae.getMessage(), aae);
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java
deleted file mode 100644
index ed4dfa1..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeUserAction.java
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Calendar;
-import java.util.Date;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountDisabledException;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AccountPendingException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.security.util.CertificateUtils;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- */
-public class AuthorizeUserAction extends AbstractUserAction<NiFiUser> {
-
- private final String identity;
- private final int cacheDurationSeconds;
-
- public AuthorizeUserAction(String identity, int cacheDurationSeconds) {
- this.identity = identity;
- this.cacheDurationSeconds = cacheDurationSeconds;
- }
-
- @Override
- public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
-
- // get the user
- NiFiUser user = userDao.findUserByDn(identity);
-
- // verify the user was found
- if (user == null) {
- // determine whether this users exists
- boolean doesDnExist = false;
- try {
- doesDnExist = authorityProvider.doesDnExist(identity);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
- }
-
- // if the authority provider has the details for this user, create the account
- if (doesDnExist) {
- // create the user
- user = new NiFiUser();
- user.setIdentity(identity);
- user.setUserName(CertificateUtils.extractUsername(identity));
- user.setJustification("User details specified by authority provider.");
-
- try {
- // verify the users account
- verifyAccount(authorityProvider, user);
-
- // get the date used for verification
- Date now = user.getLastVerified();
-
- // update the last accessed field
- user.setLastAccessed(now);
- user.setCreation(now);
-
- // create the new user account
- CreateUserAction createUser = new CreateUserAction(user);
- createUser.execute(daoFactory, authorityProvider);
- } catch (UnknownIdentityException uie) {
- // strange since the provider just reported this dn existed but handleing anyways...
- throw new AccountNotFoundException(String.format("Unable to verify access for %s.", identity));
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
- }
- } else {
- throw new AccountNotFoundException(String.format("Unable to verify access for %s.", identity));
- }
- } else {
- Throwable providerError = null;
-
- // verify the users account if necessary
- if (isAccountVerificationRequired(user)) {
- try {
- // verify the users account
- verifyAccount(authorityProvider, user);
-
- // update the last accessed field
- user.setLastAccessed(user.getLastVerified());
- } catch (UnknownIdentityException uie) {
- // check the account status before attempting to update the account - depending on the account
- // status we might not need to update the account
- checkAccountStatus(user);
-
- // the user is currently active and they were not found in the providers - disable the account...
- user.setStatus(AccountStatus.DISABLED);
-
- // record the exception
- providerError = uie;
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae);
- }
- } else {
- // verfiy the users account status before allowing access.
- checkAccountStatus(user);
-
- // update the users last accessed time
- user.setLastAccessed(new Date());
- }
-
- // persist the user's updates
- UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user);
- updateUser.execute(daoFactory, authorityProvider);
-
- // persist the user's authorities
- UpdateUserAuthoritiesCacheAction updateUserAuthorities = new UpdateUserAuthoritiesCacheAction(user);
- updateUserAuthorities.execute(daoFactory, authorityProvider);
-
- if (providerError != null) {
- throw new AccountDisabledException(String.format("User credentials for %s were not found. This account has been disabled.", user.getIdentity()), providerError);
- }
- }
-
- return user;
- }
-
- /**
- * @return Determines if account verification is required
- */
- private boolean isAccountVerificationRequired(NiFiUser user) {
- // accounts that have never been verified obviously needs to be re-verified
- if (user.getLastVerified() == null) {
- return true;
- }
-
- // create a calendar and substract the threshold - anything
- // before this time will need to be re-verified
- Calendar calendar = Calendar.getInstance();
- calendar.add(Calendar.SECOND, -cacheDurationSeconds);
-
- return user.getLastVerified().before(calendar.getTime());
- }
-
- /**
- * Checks the account status of the specified user.
- *
- * @param user to check
- */
- private void checkAccountStatus(NiFiUser user) {
- if (AccountStatus.DISABLED.equals(user.getStatus())) {
- throw new AccountDisabledException(String.format("The account for %s has been disabled.", user.getIdentity()));
- } else if (AccountStatus.PENDING.equals(user.getStatus())) {
- throw new AccountPendingException(String.format("The account for %s is currently pending approval.", user.getIdentity()));
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/CreateUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/CreateUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/CreateUserAction.java
deleted file mode 100644
index 3833abb..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/CreateUserAction.java
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Set;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- * Action for creating a NiFiUser account.
- */
-public class CreateUserAction extends AbstractUserAction<Void> {
-
- private final NiFiUser user;
-
- public CreateUserAction(NiFiUser user) {
- this.user = user;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
- AuthorityDAO authorityDao = daoFactory.getAuthorityDAO();
-
- // create the user entry
- userDao.createUser(user);
-
- // create the authorities
- Set<Authority> authorities = user.getAuthorities();
- authorityDao.createAuthorities(authorities, user.getId());
-
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java
index cd13fa5..6b8a2d5 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteKeysAction.java
@@ -19,7 +19,6 @@ package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
import org.apache.nifi.admin.dao.DataAccessException;
import org.apache.nifi.admin.dao.KeyDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
/**
*
@@ -38,7 +37,7 @@ public class DeleteKeysAction implements AdministrationAction<Void> {
}
@Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
+ public Void execute(DAOFactory daoFactory) throws DataAccessException {
final KeyDAO keyDao = daoFactory.getKeyDAO();
keyDao.deleteKeys(identity);
return null;
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteUserAction.java
deleted file mode 100644
index c2695d0..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DeleteUserAction.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.KeyDAO;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- */
-public class DeleteUserAction implements AdministrationAction<Void> {
-
- private final String userId;
-
- /**
- * Creates a new transactions for deleting the specified user.
- *
- * @param userId user identifier
- */
- public DeleteUserAction(String userId) {
- this.userId = userId;
- }
-
- @Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- final AuthorityDAO authorityDAO = daoFactory.getAuthorityDAO();
- final UserDAO userDAO = daoFactory.getUserDAO();
-
- // find the user and ensure they are currently revoked
- final NiFiUser user = userDAO.findUserById(userId);
-
- // ensure the user was found
- if (user == null) {
- throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", userId));
- }
-
- // ensure the user is in the appropriate state
- if (AccountStatus.ACTIVE.equals(user.getStatus())) {
- throw new IllegalStateException(String.format("An active user cannot be removed. Revoke user access before attempting to remove."));
- }
-
- // remove the user's keys
- final KeyDAO keyDao = daoFactory.getKeyDAO();
- keyDao.deleteKeys(user.getIdentity());
-
- // remove the user and their authorities
- authorityDAO.deleteAuthorities(userId);
- userDAO.deleteUser(userId);
-
- return null;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java
deleted file mode 100644
index bf7eae3..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserAction.java
+++ /dev/null
@@ -1,81 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.KeyDAO;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- *
- */
-public class DisableUserAction implements AdministrationAction<NiFiUser> {
-
- private static final Logger logger = LoggerFactory.getLogger(DisableUserAction.class);
-
- private final String id;
-
- public DisableUserAction(String id) {
- this.id = id;
- }
-
- @Override
- public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- UserDAO userDao = daoFactory.getUserDAO();
-
- // get the user
- NiFiUser user = userDao.findUserById(id);
-
- // ensure the user exists
- if (user == null) {
- throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", id));
- }
-
- // update the account
- user.setStatus(AccountStatus.DISABLED);
- user.setUserGroup(null);
-
- // update the user locally
- userDao.updateUser(user);
-
- // remove the user's keys
- KeyDAO keyDao = daoFactory.getKeyDAO();
- keyDao.deleteKeys(user.getIdentity());
-
- try {
- // revoke the user in the authority provider
- authorityProvider.revokeUser(user.getIdentity());
- } catch (UnknownIdentityException uie) {
- // user identity is not known
- logger.info(String.format("User %s has already been removed from the authority provider.", user.getIdentity()));
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to revoke user '%s': %s", user.getIdentity(), aae.getMessage()), aae);
- }
-
- return user;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserGroupAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserGroupAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserGroupAction.java
deleted file mode 100644
index c6480ed..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/DisableUserGroupAction.java
+++ /dev/null
@@ -1,78 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Set;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.KeyDAO;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.user.NiFiUserGroup;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- *
- */
-public class DisableUserGroupAction implements AdministrationAction<NiFiUserGroup> {
-
- private static final Logger logger = LoggerFactory.getLogger(DisableUserGroupAction.class);
-
- private final String group;
-
- public DisableUserGroupAction(final String group) {
- this.group = group;
- }
-
- @Override
- public NiFiUserGroup execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- final UserDAO userDao = daoFactory.getUserDAO();
- final Set<NiFiUser> users = userDao.findUsersForGroup(group);
-
- // delete the keys for each user
- final KeyDAO keyDao = daoFactory.getKeyDAO();
- for (final NiFiUser user : users) {
- keyDao.deleteKeys(user.getIdentity());
- }
-
- // update the user group locally
- userDao.updateGroupStatus(group, AccountStatus.DISABLED);
-
- // populate the group details
- final NiFiUserGroup userGroup = new NiFiUserGroup();
- userGroup.setGroup(group);
- userGroup.setUsers(userDao.findUsersForGroup(group));
-
- try {
- // revoke the user in the authority provider
- authorityProvider.revokeGroup(group);
- } catch (UnknownIdentityException uie) {
- // user identity is not known
- logger.info(String.format("User group %s has already been removed from the authority provider.", group));
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(String.format("Unable to revoke user group '%s': %s", group, aae.getMessage()), aae);
- }
-
- return userGroup;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByDnAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByDnAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByDnAction.java
deleted file mode 100644
index 8e5b574..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByDnAction.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- */
-public class FindUserByDnAction implements AdministrationAction<NiFiUser> {
-
- private final String dn;
-
- /**
- * Creates a new transactions for getting a user with the specified DN.
- *
- * @param dn The DN of the user to obtain
- */
- public FindUserByDnAction(String dn) {
- this.dn = dn;
- }
-
- @Override
- public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- // get a UserDAO
- UserDAO userDAO = daoFactory.getUserDAO();
-
- // return the desired user
- return userDAO.findUserByDn(dn);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByIdAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByIdAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByIdAction.java
deleted file mode 100644
index 0a10841..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/FindUserByIdAction.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.NiFiUser;
-
-public class FindUserByIdAction implements AdministrationAction<NiFiUser> {
-
- private final String id;
-
- /**
- * Creates a new transactions for getting a user with the specified id.
- *
- * @param id of user
- */
- public FindUserByIdAction(String id) {
- this.id = id;
- }
-
- @Override
- public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException {
- // get a UserDAO
- UserDAO userDAO = daoFactory.getUserDAO();
-
- // return the desired user
- return userDAO.findUserById(id);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java
index 1dc5588..28bfe22 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionAction.java
@@ -19,7 +19,6 @@ package org.apache.nifi.admin.service.action;
import org.apache.nifi.action.Action;
import org.apache.nifi.admin.dao.ActionDAO;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
/**
* Gets the action with the specified id.
@@ -33,7 +32,7 @@ public class GetActionAction implements AdministrationAction<Action> {
}
@Override
- public Action execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Action execute(DAOFactory daoFactory) {
ActionDAO actionDao = daoFactory.getActionDAO();
return actionDao.getAction(id);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java
index 3b82d79..f975393 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetActionsAction.java
@@ -16,13 +16,13 @@
*/
package org.apache.nifi.admin.service.action;
-import java.util.Date;
import org.apache.nifi.admin.dao.ActionDAO;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
import org.apache.nifi.history.History;
import org.apache.nifi.history.HistoryQuery;
+import java.util.Date;
+
/**
* Get all actions that match the specified query.
*/
@@ -35,7 +35,7 @@ public class GetActionsAction implements AdministrationAction<History> {
}
@Override
- public History execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public History execute(DAOFactory daoFactory) {
ActionDAO actionDao = daoFactory.getActionDAO();
// find all matching history
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java
index 8763b9d..7ef2272 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdAction.java
@@ -17,8 +17,6 @@
package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
-
import org.apache.nifi.admin.dao.KeyDAO;
import org.apache.nifi.key.Key;
@@ -34,7 +32,7 @@ public class GetKeyByIdAction implements AdministrationAction<Key> {
}
@Override
- public Key execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Key execute(DAOFactory daoFactory) {
final KeyDAO keyDao = daoFactory.getKeyDAO();
return keyDao.findKeyById(id);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java
index 9bcb0b3..3dd3794 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/GetKeyByIdentityAction.java
@@ -17,8 +17,6 @@
package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
-
import org.apache.nifi.admin.dao.KeyDAO;
import org.apache.nifi.key.Key;
@@ -34,7 +32,7 @@ public class GetKeyByIdentityAction implements AdministrationAction<Key> {
}
@Override
- public Key execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Key execute(DAOFactory daoFactory) {
final KeyDAO keyDao = daoFactory.getKeyDAO();
return keyDao.findLatestKeyByIdentity(identity);
}
[2/9] nifi git commit: NIFI-1551: - Starting to remove the
AuthorityProvider. - This closes #330
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizationProvider.java
deleted file mode 100644
index aa8a518..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizationProvider.java
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.integration.util;
-
-import java.util.EnumSet;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.AuthorityProviderConfigurationContext;
-import org.apache.nifi.authorization.AuthorityProviderInitializationContext;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.DownloadAuthorization;
-
-/**
- *
- */
-public class NiFiTestAuthorizationProvider implements AuthorityProvider {
-
- private final Map<String, Set<Authority>> users;
-
- /**
- * Creates a new FileAuthorizationProvider.
- */
- public NiFiTestAuthorizationProvider() {
- users = new HashMap<>();
- users.put("CN=localhost, OU=Apache NiFi, O=Apache, L=Santa Monica, ST=CA, C=US", EnumSet.of(Authority.ROLE_PROXY));
- users.put("CN=Lastname Firstname Middlename monitor, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown", EnumSet.of(Authority.ROLE_MONITOR));
- users.put("CN=Lastname Firstname Middlename dfm, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown", EnumSet.of(Authority.ROLE_DFM));
- users.put("CN=Lastname Firstname Middlename admin, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown", EnumSet.of(Authority.ROLE_ADMIN));
- users.put("user@nifi", EnumSet.of(Authority.ROLE_DFM));
- }
-
- @Override
- public void initialize(AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException {
- }
-
- @Override
- public void onConfigured(AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException {
- }
-
- @Override
- public void preDestruction() {
- }
-
- private void checkDn(String dn) throws UnknownIdentityException {
- if (!users.containsKey(dn)) {
- throw new UnknownIdentityException("Unknown user: " + dn);
- }
- }
-
- /**
- * Determines if the specified dn is known to this authority provider.
- *
- * @param dn dn
- * @return True if he dn is known, false otherwise
- */
- @Override
- public boolean doesDnExist(String dn) throws AuthorityAccessException {
- try {
- checkDn(dn);
- return true;
- } catch (UnknownIdentityException uie) {
- return false;
- }
- }
-
- /**
- * Loads the authorities for the specified user.
- *
- * @param dn dn
- * @return authorities
- * @throws UnknownIdentityException ex
- * @throws AuthorityAccessException ex
- */
- @Override
- public Set<Authority> getAuthorities(String dn) throws UnknownIdentityException, AuthorityAccessException {
- checkDn(dn);
- return new HashSet<>(users.get(dn));
- }
-
- /**
- * Sets the specified authorities to the specified user.
- *
- * @param dn dn
- * @param authorities authorities
- * @throws AuthorityAccessException ex
- */
- @Override
- public void setAuthorities(String dn, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- /**
- * Adds the specified user.
- *
- * @param dn dn
- * @param group group
- * @throws UnknownIdentityException ex
- * @throws AuthorityAccessException ex
- */
- @Override
- public void addUser(String dn, String group) throws AuthorityAccessException {
- }
-
- /**
- * Gets the users for the specified authority.
- *
- * @param authority authority
- * @return users
- * @throws AuthorityAccessException ex
- */
- @Override
- public Set<String> getUsers(Authority authority) throws AuthorityAccessException {
- Set<String> usersForAuthority = new HashSet<>();
- for (String dn : users.keySet()) {
- if (users.get(dn).contains(authority)) {
- usersForAuthority.add(dn);
- }
- }
- return usersForAuthority;
- }
-
- /**
- * Removes the specified user.
- *
- * @param dn dn
- * @throws UnknownIdentityException ex
- * @throws AuthorityAccessException ex
- */
- @Override
- public void revokeUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public String getGroupForUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- return StringUtils.EMPTY;
- }
-
- @Override
- public void revokeGroup(String group) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public void setUsersGroup(Set<String> dn, String group) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public void ungroupUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public void ungroup(String group) throws UnknownIdentityException, AuthorityAccessException {
- }
-
- @Override
- public DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException {
- return DownloadAuthorization.approved();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizer.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizer.java
new file mode 100644
index 0000000..5795b69
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestAuthorizer.java
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.integration.util;
+
+import org.apache.nifi.authorization.AuthorizationRequest;
+import org.apache.nifi.authorization.AuthorizationResult;
+import org.apache.nifi.authorization.Authorizer;
+import org.apache.nifi.authorization.AuthorizerConfigurationContext;
+import org.apache.nifi.authorization.AuthorizerInitializationContext;
+import org.apache.nifi.authorization.exception.AuthorizationAccessException;
+import org.apache.nifi.authorization.exception.AuthorizerCreationException;
+
+/**
+ *
+ */
+public class NiFiTestAuthorizer implements Authorizer {
+
+
+ /**
+ * Creates a new FileAuthorizationProvider.
+ */
+ public NiFiTestAuthorizer() {
+ }
+
+ @Override
+ public void initialize(AuthorizerInitializationContext initializationContext) throws AuthorizerCreationException {
+ }
+
+ @Override
+ public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
+ }
+
+ @Override
+ public AuthorizationResult authorize(AuthorizationRequest request) throws AuthorizationAccessException {
+ return AuthorizationResult.approved();
+ }
+
+ @Override
+ public void preDestruction() {
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java
index c023ce1..967f652 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/util/NiFiTestLoginIdentityProvider.java
@@ -16,10 +16,6 @@
*/
package org.apache.nifi.integration.util;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.concurrent.TimeUnit;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
import org.apache.nifi.authentication.AuthenticationResponse;
import org.apache.nifi.authentication.LoginCredentials;
import org.apache.nifi.authentication.LoginIdentityProvider;
@@ -27,6 +23,11 @@ import org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
import org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
/**
*
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
deleted file mode 100644
index dcdc53e..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
+++ /dev/null
@@ -1,15 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-org.apache.nifi.integration.util.NiFiTestAuthorizationProvider
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.Authorizer
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.Authorizer b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.Authorizer
new file mode 100644
index 0000000..e7d65f4
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/META-INF/services/org.apache.nifi.authorization.Authorizer
@@ -0,0 +1,15 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+org.apache.nifi.integration.util.NiFiTestAuthorizer
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/authority-providers.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/authority-providers.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/authority-providers.xml
index 418f717..a3fb088 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/authority-providers.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/resources/access-control/authority-providers.xml
@@ -19,6 +19,6 @@
<authorityProviders>
<provider>
<identifier>test-provider</identifier>
- <class>org.apache.nifi.integration.util.NiFiTestAuthorizationProvider</class>
+ <class>org.apache.nifi.integration.util.NiFiTestAuthorizer</class>
</provider>
</authorityProviders>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
index 0520ac8..7108edb 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationFilter.java
@@ -25,19 +25,15 @@ import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.user.NiFiUser;
import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.authentication.AccountStatusException;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.web.filter.GenericFilterBean;
/**
@@ -65,72 +61,41 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
}
private boolean requiresAuthentication(final HttpServletRequest request) {
- // continue attempting authorization if the user is anonymous
- if (isAnonymousUser()) {
- return true;
- }
-
- // or there is no user yet
- return NiFiUserUtils.getNiFiUser() == null && NiFiUserUtils.getNewAccountRequest() == null;
- }
-
- private boolean isAnonymousUser() {
- final NiFiUser user = NiFiUserUtils.getNiFiUser();
- return user != null && NiFiUser.ANONYMOUS_USER_IDENTITY.equals(user.getIdentity());
+ return NiFiUserUtils.getNiFiUser() == null;
}
private void authenticate(final HttpServletRequest request, final HttpServletResponse response, final FilterChain chain) throws IOException, ServletException {
String dnChain = null;
try {
- final NiFiAuthorizationRequestToken authenticated = attemptAuthentication(request);
- if (authenticated != null) {
- dnChain = ProxiedEntitiesUtils.formatProxyDn(StringUtils.join(authenticated.getChain(), "><"));
-
+ final Authentication authenticationRequest = attemptAuthentication(request);
+ if (authenticationRequest != null) {
// log the request attempt - response details will be logged later
- log.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", dnChain, request.getMethod(),
+ log.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", authenticationRequest.toString(), request.getMethod(),
request.getRequestURL().toString(), request.getRemoteAddr()));
// attempt to authorize the user
- final Authentication authorized = authenticationManager.authenticate(authenticated);
- successfulAuthorization(request, response, authorized);
+ final Authentication authenticated = authenticationManager.authenticate(authenticationRequest);
+ successfulAuthorization(request, response, authenticated);
}
// continue
chain.doFilter(request, response);
- } catch (final InvalidAuthenticationException iae) {
- // invalid authentication - always error out
- unsuccessfulAuthorization(request, response, iae);
} catch (final AuthenticationException ae) {
- // other authentication exceptions... if we are already the anonymous user, allow through otherwise error out
- if (isAnonymousUser()) {
- if (dnChain == null) {
- log.info(String.format("Continuing as anonymous user. Unable to authenticate %s: %s", dnChain, ae));
- } else {
- log.info(String.format("Continuing as anonymous user. Unable to authenticate: %s", ae));
- }
-
- chain.doFilter(request, response);
- } else {
- unsuccessfulAuthorization(request, response, ae);
- }
+ // invalid authentication - always error out
+ unsuccessfulAuthorization(request, response, ae);
}
}
/**
- * Attempt to authenticate the client making the request. If the request does not contain an authentication attempt, this method should return null. If the request contains an authentication
- * request, the implementation should convert it to a NiFiAuthorizationRequestToken (which is used when authorizing the client). Implementations should throw InvalidAuthenticationException when
- * the request contains an authentication request but it could not be authenticated.
+ * Attempt to extract an authentication attempt from the specified request.
*
* @param request The request
- * @return The NiFiAutorizationRequestToken used to later authorized the client
- * @throws InvalidAuthenticationException If the request contained an authentication attempt, but could not authenticate
+ * @return The authentication attempt or null if none is found int he request
*/
- public abstract NiFiAuthorizationRequestToken attemptAuthentication(HttpServletRequest request);
+ public abstract Authentication attemptAuthentication(HttpServletRequest request);
protected void successfulAuthorization(HttpServletRequest request, HttpServletResponse response, Authentication authResult) {
- if (log.isDebugEnabled()) {
- log.debug("Authentication success: " + authResult);
- }
+ log.info("Authentication success for " + authResult);
SecurityContextHolder.getContext().setAuthentication(authResult);
ProxiedEntitiesUtils.successfulAuthorization(request, response, authResult);
@@ -147,20 +112,9 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
PrintWriter out = response.getWriter();
// use the type of authentication exception to determine the response code
- if (ae instanceof UsernameNotFoundException) {
- if (properties.getSupportNewAccountRequests()) {
- response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
- out.println("Not authorized.");
- } else {
- response.setStatus(HttpServletResponse.SC_FORBIDDEN);
- out.println("Access is denied.");
- }
- } else if (ae instanceof InvalidAuthenticationException) {
+ if (ae instanceof InvalidAuthenticationException) {
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
out.println(ae.getMessage());
- } else if (ae instanceof AccountStatusException) {
- response.setStatus(HttpServletResponse.SC_FORBIDDEN);
- out.println(ae.getMessage());
} else if (ae instanceof UntrustedProxyException) {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
out.println(ae.getMessage());
@@ -183,39 +137,6 @@ public abstract class NiFiAuthenticationFilter extends GenericFilterBean {
}
}
- /**
- * Determines if the specified request is attempting to register a new user account.
- *
- * @param request http request
- * @return true if new user
- */
- protected final boolean isNewAccountRequest(HttpServletRequest request) {
- if ("POST".equalsIgnoreCase(request.getMethod())) {
- String path = request.getPathInfo();
- if (StringUtils.isNotBlank(path)) {
- if ("/controller/users".equals(path)) {
- return true;
- }
- }
- }
- return false;
- }
-
- /**
- * Extracts the justification from the specified request.
- *
- * @param request The request
- * @return The justification
- */
- protected final String getJustification(HttpServletRequest request) {
- // get the justification
- String justification = request.getParameter("justification");
- if (justification == null) {
- justification = StringUtils.EMPTY;
- }
- return justification;
- }
-
@Override
public void destroy() {
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java
deleted file mode 100644
index e51a26e..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/NiFiAuthenticationProvider.java
+++ /dev/null
@@ -1,73 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security;
-
-import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken;
-import org.apache.nifi.web.security.token.NewAccountAuthorizationToken;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
-import org.apache.nifi.web.security.token.NiFiAuthorizationToken;
-import org.springframework.security.authentication.AuthenticationProvider;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-
-/**
- *
- */
-public class NiFiAuthenticationProvider implements AuthenticationProvider {
-
- private final AuthenticationUserDetailsService<NiFiAuthorizationRequestToken> userDetailsService;
-
- public NiFiAuthenticationProvider(final AuthenticationUserDetailsService<NiFiAuthorizationRequestToken> userDetailsService) {
- this.userDetailsService = userDetailsService;
- }
-
- @Override
- public Authentication authenticate(Authentication authentication) throws AuthenticationException {
- final NiFiAuthorizationRequestToken request = (NiFiAuthorizationRequestToken) authentication;
-
- try {
- // defer to the nifi user details service to authorize the user
- final UserDetails userDetails = userDetailsService.loadUserDetails(request);
-
- // build a token for accesing nifi
- final NiFiAuthorizationToken result = new NiFiAuthorizationToken(userDetails);
- result.setDetails(request.getDetails());
- return result;
- } catch (final UsernameNotFoundException unfe) {
- // if the authorization request is for a new account and it could not be authorized because the user was not found,
- // return the token so the new account could be created. this must go here to ensure that any proxies have been authorized
- if (isNewAccountAuthenticationToken(request)) {
- return new NewAccountAuthorizationToken(((NewAccountAuthorizationRequestToken) authentication).getNewAccountRequest());
- } else {
- throw unfe;
- }
- }
- }
-
- private boolean isNewAccountAuthenticationToken(final Authentication authentication) {
- return NewAccountAuthorizationRequestToken.class.isAssignableFrom(authentication.getClass());
- }
-
- @Override
- public boolean supports(Class<?> authentication) {
- return NiFiAuthorizationRequestToken.class.isAssignableFrom(authentication);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java
index 05c5fb8..19ae0bb 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/anonymous/NiFiAnonymousUserFilter.java
@@ -16,20 +16,17 @@
*/
package org.apache.nifi.web.security.anonymous;
-import java.util.EnumSet;
-import javax.servlet.http.HttpServletRequest;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.admin.service.AdministrationException;
import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.authorization.Authority;
import org.apache.nifi.user.NiFiUser;
+import org.apache.nifi.web.security.token.NiFiAuthenticationToken;
import org.apache.nifi.web.security.user.NiFiUserDetails;
-import org.apache.nifi.web.security.token.NiFiAuthorizationToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
+import javax.servlet.http.HttpServletRequest;
+
/**
* Custom AnonymouseAuthenticationFilter used to grant additional authorities depending on the current operating mode.
*/
@@ -47,35 +44,7 @@ public class NiFiAnonymousUserFilter extends AnonymousAuthenticationFilter {
@Override
protected Authentication createAuthentication(HttpServletRequest request) {
- Authentication authentication = null;
-
- try {
- // load the anonymous user from the database
- NiFiUser user = userService.getUserByDn(NiFiUser.ANONYMOUS_USER_IDENTITY);
-
- // if this is an unsecure request allow full access
- if (!request.isSecure()) {
- user.getAuthorities().addAll(EnumSet.allOf(Authority.class));
- }
-
- // only create an authentication token if the anonymous user has some authorities or they are accessing a ui
- // extension. ui extensions have run this security filter but we shouldn't require authentication/authorization
- // when accessing static resources like images, js, and css. authentication/authorization is required when
- // interacting with nifi however and that will be verified in the NiFiWebContext or NiFiWebConfigurationContext
- if (!user.getAuthorities().isEmpty() || !request.getContextPath().startsWith("/nifi-api")) {
- NiFiUserDetails userDetails = new NiFiUserDetails(user);
-
- // get the granted authorities
- authentication = new NiFiAuthorizationToken(userDetails);
- }
- } catch (AdministrationException ase) {
- // record the issue
- anonymousUserFilterLogger.warn("Unable to load anonymous user from accounts database: " + ase.getMessage());
- if (anonymousUserFilterLogger.isDebugEnabled()) {
- anonymousUserFilterLogger.warn(StringUtils.EMPTY, ase);
- }
- }
- return authentication;
+ return new NiFiAuthenticationToken(new NiFiUserDetails(NiFiUser.ANONYMOUS));
}
/* setters */
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
deleted file mode 100644
index dd87cfa..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/authorization/NiFiAuthorizationService.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.authorization;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.ListIterator;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.admin.service.AccountDisabledException;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AccountPendingException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.security.UntrustedProxyException;
-import org.apache.nifi.web.security.user.NiFiUserDetails;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.dao.DataAccessException;
-import org.springframework.security.authentication.AccountStatusException;
-import org.springframework.security.authentication.AuthenticationServiceException;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-
-/**
- * UserDetailsService that will verify user identity and grant user authorities.
- */
-public class NiFiAuthorizationService implements AuthenticationUserDetailsService<NiFiAuthorizationRequestToken> {
-
- private static final Logger logger = LoggerFactory.getLogger(NiFiAuthorizationService.class);
-
- private UserService userService;
- private NiFiProperties properties;
-
- /**
- * Loads the user details for the specified dn.
- *
- * Synchronizing because we want each request to be authorized atomically since each may contain any number of DNs. We wanted an access decision made for each individual request as a whole
- * (without other request potentially impacting it).
- *
- * @param request request
- * @return user details
- * @throws UsernameNotFoundException ex
- * @throws org.springframework.dao.DataAccessException ex
- */
- @Override
- public synchronized UserDetails loadUserDetails(NiFiAuthorizationRequestToken request) throws UsernameNotFoundException, DataAccessException {
- NiFiUserDetails userDetails = null;
- final List<String> chain = new ArrayList<>(request.getChain());
-
- // ensure valid input
- if (chain.isEmpty()) {
- logger.warn("Malformed proxy chain: " + StringUtils.join(request.getChain()));
- throw new UntrustedProxyException("Malformed proxy chain.");
- }
-
- NiFiUser proxy = null;
-
- // process each part of the proxy chain
- for (final ListIterator<String> chainIter = request.getChain().listIterator(chain.size()); chainIter.hasPrevious();) {
- final String dn = chainIter.previous();
-
- // if there is another dn after this one, this dn is a proxy for the request
- if (chainIter.hasPrevious()) {
- try {
- // get the user details for the proxy
- final NiFiUserDetails proxyDetails = getNiFiUserDetails(dn);
- final NiFiUser user = proxyDetails.getNiFiUser();
-
- // verify the proxy has the appropriate role
- if (!user.getAuthorities().contains(Authority.ROLE_PROXY)) {
- logger.warn(String.format("Proxy '%s' must have '%s' authority. Current authorities: %s", dn, Authority.ROLE_PROXY.toString(), StringUtils.join(user.getAuthorities(), ", ")));
- throw new UntrustedProxyException(String.format("Untrusted proxy '%s' must be authorized with '%s'.", dn, Authority.ROLE_PROXY.toString()));
- }
-
- // if we've already encountered a proxy, update the chain
- if (proxy != null) {
- user.setChain(proxy);
- }
-
- // record this user as the proxy for the next user in the chain
- proxy = user;
- } catch (UsernameNotFoundException unfe) {
- // if this proxy is a new user, conditionally create a new account automatically
- if (properties.getSupportNewAccountRequests()) {
- try {
- logger.warn(String.format("Automatic account request generated for unknown proxy: %s", dn));
-
- // attempt to create a new user account for the proxying client
- userService.createPendingUserAccount(dn, "Automatic account request generated for unknown proxy.");
- } catch (AdministrationException ae) {
- throw new AuthenticationServiceException(String.format("Unable to create an account request for '%s': %s", dn, ae.getMessage()), ae);
- } catch (IllegalArgumentException iae) {
- // check then modified... account didn't exist when getting the user details but did when
- // attempting to auto create the user account request
- final String message = String.format("Account request was already submitted for '%s'", dn);
- logger.warn(message);
- throw new AccountStatusException(message) {
- };
- }
- }
-
- logger.warn(String.format("Untrusted proxy '%s' must be authorized with '%s' authority: %s", dn, Authority.ROLE_PROXY.toString(), unfe.getMessage()));
- throw new UntrustedProxyException(String.format("Untrusted proxy '%s' must be authorized with '%s'.", dn, Authority.ROLE_PROXY.toString()));
- } catch (AuthenticationException ae) {
- logger.warn(String.format("Untrusted proxy '%s' must be authorized with '%s' authority: %s", dn, Authority.ROLE_PROXY.toString(), ae.getMessage()));
- throw new UntrustedProxyException(String.format("Untrusted proxy '%s' must be authorized with '%s'.", dn, Authority.ROLE_PROXY.toString()));
- }
- } else {
- userDetails = getNiFiUserDetails(dn);
-
- // if we've already encountered a proxy, update the chain
- if (proxy != null) {
- final NiFiUser user = userDetails.getNiFiUser();
- user.setChain(proxy);
- }
- }
- }
-
- return userDetails;
- }
-
- /**
- * Loads the user details for the specified dn.
- *
- * @param dn user dn
- * @return user detail
- */
- private NiFiUserDetails getNiFiUserDetails(String dn) {
- try {
- NiFiUser user = userService.checkAuthorization(dn);
- return new NiFiUserDetails(user);
- } catch (AdministrationException ase) {
- throw new AuthenticationServiceException(String.format("An error occurred while accessing the user credentials for '%s': %s", dn, ase.getMessage()), ase);
- } catch (AccountDisabledException | AccountPendingException e) {
- throw new AccountStatusException(e.getMessage(), e) {
- };
- } catch (AccountNotFoundException anfe) {
- throw new UsernameNotFoundException(anfe.getMessage());
- }
- }
-
- /* setters */
- public void setUserService(UserService userService) {
- this.userService = userService;
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
index bd468e4..4f7383e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationFilter.java
@@ -16,18 +16,13 @@
*/
package org.apache.nifi.web.security.jwt;
-import io.jsonwebtoken.JwtException;
import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.web.security.InvalidAuthenticationException;
import org.apache.nifi.web.security.NiFiAuthenticationFilter;
-import org.apache.nifi.web.security.token.NewAccountAuthorizationRequestToken;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
-import org.apache.nifi.web.security.user.NewAccountRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
import javax.servlet.http.HttpServletRequest;
-import java.util.Arrays;
/**
*/
@@ -36,12 +31,11 @@ public class JwtAuthenticationFilter extends NiFiAuthenticationFilter {
private static final Logger logger = LoggerFactory.getLogger(JwtAuthenticationFilter.class);
public static final String AUTHORIZATION = "Authorization";
-
- private JwtService jwtService;
+ public static final String BEARER = "Bearer ";
@Override
- public NiFiAuthorizationRequestToken attemptAuthentication(final HttpServletRequest request) {
- // only suppport jwt login when running securely
+ public Authentication attemptAuthentication(final HttpServletRequest request) {
+ // only support jwt login when running securely
if (!request.isSecure()) {
return null;
}
@@ -52,28 +46,12 @@ public class JwtAuthenticationFilter extends NiFiAuthenticationFilter {
final String authorization = request.getHeader(AUTHORIZATION);
// if there is no authorization header, we don't know the user
- if (authorization == null || !StringUtils.startsWith(authorization, "Bearer ")) {
+ if (authorization == null || !StringUtils.startsWith(authorization, BEARER)) {
return null;
} else {
// Extract the Base64 encoded token from the Authorization header
final String token = StringUtils.substringAfterLast(authorization, " ");
-
- try {
- final String jwtPrincipal = jwtService.getAuthenticationFromToken(token);
-
- if (isNewAccountRequest(request)) {
- return new NewAccountAuthorizationRequestToken(new NewAccountRequest(Arrays.asList(jwtPrincipal), getJustification(request)));
- } else {
- return new NiFiAuthorizationRequestToken(Arrays.asList(jwtPrincipal));
- }
- } catch (JwtException e) {
- throw new InvalidAuthenticationException(e.getMessage(), e);
- }
+ return new JwtAuthenticationRequestToken(token);
}
}
-
- public void setJwtService(JwtService jwtService) {
- this.jwtService = jwtService;
- }
-
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java
new file mode 100644
index 0000000..289cc87
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationProvider.java
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.jwt;
+
+import io.jsonwebtoken.JwtException;
+import org.apache.nifi.user.NiFiUser;
+import org.apache.nifi.web.security.InvalidAuthenticationException;
+import org.apache.nifi.web.security.token.NiFiAuthenticationToken;
+import org.apache.nifi.web.security.user.NiFiUserDetails;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+
+/**
+ *
+ */
+public class JwtAuthenticationProvider implements AuthenticationProvider {
+
+ private final JwtService jwtService;
+
+ public JwtAuthenticationProvider(JwtService jwtService) {
+ this.jwtService = jwtService;
+ }
+
+ @Override
+ public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+ final JwtAuthenticationRequestToken request = (JwtAuthenticationRequestToken) authentication;
+
+ try {
+ final String jwtPrincipal = jwtService.getAuthenticationFromToken(request.getToken());
+ final NiFiUser user = new NiFiUser(jwtPrincipal);
+ return new NiFiAuthenticationToken(new NiFiUserDetails(user));
+ } catch (JwtException e) {
+ throw new InvalidAuthenticationException(e.getMessage(), e);
+ }
+ }
+
+ @Override
+ public boolean supports(Class<?> authentication) {
+ return JwtAuthenticationRequestToken.class.isAssignableFrom(authentication);
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationRequestToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationRequestToken.java
new file mode 100644
index 0000000..0be30bf
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/jwt/JwtAuthenticationRequestToken.java
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.jwt;
+
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+
+/**
+ * This is an authentication request with a given JWT token.
+ */
+public class JwtAuthenticationRequestToken extends AbstractAuthenticationToken {
+
+ private final String token;
+
+ /**
+ * Creates a representation of the jwt authentication request for a user.
+ *
+ * @param token The unique token for this user
+ */
+ public JwtAuthenticationRequestToken(final String token) {
+ super(null);
+ setAuthenticated(false);
+ this.token = token;
+ }
+
+ @Override
+ public Object getCredentials() {
+ return null;
+ }
+
+ @Override
+ public Object getPrincipal() {
+ return token;
+ }
+
+ public String getToken() {
+ return token;
+ }
+
+ @Override
+ public String toString() {
+ return getName();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosServiceFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosServiceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosServiceFactoryBean.java
deleted file mode 100644
index 8b834a1..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/kerberos/KerberosServiceFactoryBean.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.kerberos;
-
-import org.apache.nifi.util.NiFiProperties;
-import org.springframework.beans.factory.FactoryBean;
-import org.springframework.core.io.FileSystemResource;
-import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
-import org.springframework.security.kerberos.authentication.KerberosTicketValidator;
-import org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator;
-
-public class KerberosServiceFactoryBean implements FactoryBean<KerberosService> {
-
- private KerberosService kerberosService = null;
- private NiFiProperties properties = null;
-
- @Override
- public KerberosService getObject() throws Exception {
- if (kerberosService == null && properties.isKerberosServiceSupportEnabled()) {
- kerberosService = new KerberosService();
- kerberosService.setKerberosServiceAuthenticationProvider(createKerberosServiceAuthenticationProvider());
- }
-
- return kerberosService;
- }
-
- @Override
- public Class<?> getObjectType() {
- return KerberosService.class;
- }
-
- @Override
- public boolean isSingleton() {
- return true;
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
- private KerberosServiceAuthenticationProvider createKerberosServiceAuthenticationProvider() throws Exception {
- KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider = new KerberosServiceAuthenticationProvider();
- kerberosServiceAuthenticationProvider.setTicketValidator(createTicketValidator());
- kerberosServiceAuthenticationProvider.setUserDetailsService(createAlternateKerberosUserDetailsService());
- kerberosServiceAuthenticationProvider.afterPropertiesSet();
- return kerberosServiceAuthenticationProvider;
- }
-
- private AlternateKerberosUserDetailsService createAlternateKerberosUserDetailsService() {
- return new AlternateKerberosUserDetailsService();
- }
-
- private KerberosTicketValidator createTicketValidator() throws Exception {
- SunJaasKerberosTicketValidator ticketValidator = new SunJaasKerberosTicketValidator();
- ticketValidator.setServicePrincipal(properties.getKerberosServicePrincipal());
- ticketValidator.setKeyTabLocation(new FileSystemResource(properties.getKerberosKeytabLocation()));
- ticketValidator.afterPropertiesSet();
- return ticketValidator;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/node/NodeAuthorizedUserFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/node/NodeAuthorizedUserFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/node/NodeAuthorizedUserFilter.java
index a3e6c3c..03e1400 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/node/NodeAuthorizedUserFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/node/NodeAuthorizedUserFilter.java
@@ -30,7 +30,7 @@ import org.apache.nifi.authentication.AuthenticationResponse;
import org.apache.nifi.web.security.user.NiFiUserDetails;
import org.apache.nifi.user.NiFiUser;
import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.security.token.NiFiAuthorizationToken;
+import org.apache.nifi.web.security.token.NiFiAuthenticationToken;
import org.apache.nifi.web.security.x509.X509CertificateExtractor;
import org.apache.nifi.web.security.x509.X509IdentityProvider;
import org.apache.nifi.web.util.WebUtils;
@@ -96,7 +96,7 @@ public class NodeAuthorizedUserFilter extends GenericFilterBean {
httpServletRequest.getRequestURL().toString(), request.getRemoteAddr()));
// create the authorized nifi token
- final NiFiAuthorizationToken token = new NiFiAuthorizationToken(userDetails);
+ final NiFiAuthenticationToken token = new NiFiAuthenticationToken(userDetails);
SecurityContextHolder.getContext().setAuthentication(token);
}
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java
index 7cf3eeb..5f5a3cd 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationFilter.java
@@ -16,14 +16,12 @@
*/
package org.apache.nifi.web.security.otp;
-import org.apache.nifi.web.security.InvalidAuthenticationException;
import org.apache.nifi.web.security.NiFiAuthenticationFilter;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
import javax.servlet.http.HttpServletRequest;
-import java.util.Arrays;
import java.util.regex.Pattern;
/**
@@ -41,10 +39,8 @@ public class OtpAuthenticationFilter extends NiFiAuthenticationFilter {
protected static final String ACCESS_TOKEN = "access_token";
- private OtpService otpService;
-
@Override
- public NiFiAuthorizationRequestToken attemptAuthentication(final HttpServletRequest request) {
+ public Authentication attemptAuthentication(final HttpServletRequest request) {
// only support otp login when running securely
if (!request.isSecure()) {
return null;
@@ -57,27 +53,18 @@ public class OtpAuthenticationFilter extends NiFiAuthenticationFilter {
if (accessToken == null) {
return null;
} else {
- try {
- String identity = null;
- if (request.getContextPath().equals("/nifi-api")) {
- if (isDownloadRequest(request.getPathInfo())) {
- // handle download requests
- identity = otpService.getAuthenticationFromDownloadToken(accessToken);
- }
- } else {
- // handle requests to other context paths (other UI extensions)
- identity = otpService.getAuthenticationFromUiExtensionToken(accessToken);
- }
-
- // the path is a support path for otp tokens
- if (identity == null) {
- return null;
+ if (request.getContextPath().equals("/nifi-api")) {
+ if (isDownloadRequest(request.getPathInfo())) {
+ // handle download requests
+ return new OtpAuthenticationRequestToken(accessToken, true);
}
-
- return new NiFiAuthorizationRequestToken(Arrays.asList(identity));
- } catch (final OtpAuthenticationException oae) {
- throw new InvalidAuthenticationException(oae.getMessage(), oae);
+ } else {
+ // handle requests to other context paths (other UI extensions)
+ return new OtpAuthenticationRequestToken(accessToken, false);
}
+
+ // the path is a support path for otp tokens
+ return null;
}
}
@@ -85,8 +72,4 @@ public class OtpAuthenticationFilter extends NiFiAuthenticationFilter {
return PROVENANCE_DOWNLOAD_PATTERN.matcher(pathInfo).matches() || QUEUE_DOWNLOAD_PATTERN.matcher(pathInfo).matches() || TEMPLATE_DOWNLOAD_PATTERN.matcher(pathInfo).matches();
}
- public void setOtpService(OtpService otpService) {
- this.otpService = otpService;
- }
-
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java
new file mode 100644
index 0000000..411efc1
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationProvider.java
@@ -0,0 +1,60 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.otp;
+
+import org.apache.nifi.user.NiFiUser;
+import org.apache.nifi.web.security.InvalidAuthenticationException;
+import org.apache.nifi.web.security.token.NiFiAuthenticationToken;
+import org.apache.nifi.web.security.user.NiFiUserDetails;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+
+/**
+ *
+ */
+public class OtpAuthenticationProvider implements AuthenticationProvider {
+
+ private OtpService otpService;
+
+ public OtpAuthenticationProvider(OtpService otpService) {
+ this.otpService = otpService;
+ }
+
+ @Override
+ public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+ final OtpAuthenticationRequestToken request = (OtpAuthenticationRequestToken) authentication;
+
+ try {
+ final String otpPrincipal;
+ if (request.isDownloadToken()) {
+ otpPrincipal = otpService.getAuthenticationFromDownloadToken(request.getToken());
+ } else {
+ otpPrincipal = otpService.getAuthenticationFromUiExtensionToken(request.getToken());
+ }
+ final NiFiUser user = new NiFiUser(otpPrincipal);
+ return new NiFiAuthenticationToken(new NiFiUserDetails(user));
+ } catch (OtpAuthenticationException e) {
+ throw new InvalidAuthenticationException(e.getMessage(), e);
+ }
+ }
+
+ @Override
+ public boolean supports(Class<?> authentication) {
+ return OtpAuthenticationRequestToken.class.isAssignableFrom(authentication);
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationRequestToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationRequestToken.java
new file mode 100644
index 0000000..e5dd6ee
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/otp/OtpAuthenticationRequestToken.java
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.otp;
+
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+
+/**
+ * This is an authentication request with a given OTP token.
+ */
+public class OtpAuthenticationRequestToken extends AbstractAuthenticationToken {
+
+ private final String token;
+ private final boolean isDownloadToken;
+
+ /**
+ * Creates a representation of the otp authentication request for a user.
+ *
+ * @param token The unique token for this user
+ */
+ public OtpAuthenticationRequestToken(final String token, final boolean isDownloadToken) {
+ super(null);
+ setAuthenticated(false);
+ this.token = token;
+ this.isDownloadToken = isDownloadToken;
+ }
+
+ @Override
+ public Object getCredentials() {
+ return null;
+ }
+
+ @Override
+ public Object getPrincipal() {
+ return token;
+ }
+
+ public String getToken() {
+ return token;
+ }
+
+ public boolean isDownloadToken() {
+ return isDownloadToken;
+ }
+
+ @Override
+ public String toString() {
+ return getName();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/KerberosServiceFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/KerberosServiceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/KerberosServiceFactoryBean.java
new file mode 100644
index 0000000..bbe15d1
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/KerberosServiceFactoryBean.java
@@ -0,0 +1,76 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.spring;
+
+import org.apache.nifi.util.NiFiProperties;
+import org.apache.nifi.web.security.kerberos.AlternateKerberosUserDetailsService;
+import org.apache.nifi.web.security.kerberos.KerberosService;
+import org.springframework.beans.factory.FactoryBean;
+import org.springframework.core.io.FileSystemResource;
+import org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider;
+import org.springframework.security.kerberos.authentication.KerberosTicketValidator;
+import org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator;
+
+public class KerberosServiceFactoryBean implements FactoryBean<KerberosService> {
+
+ private KerberosService kerberosService = null;
+ private NiFiProperties properties = null;
+
+ @Override
+ public KerberosService getObject() throws Exception {
+ if (kerberosService == null && properties.isKerberosServiceSupportEnabled()) {
+ kerberosService = new KerberosService();
+ kerberosService.setKerberosServiceAuthenticationProvider(createKerberosServiceAuthenticationProvider());
+ }
+
+ return kerberosService;
+ }
+
+ @Override
+ public Class<?> getObjectType() {
+ return KerberosService.class;
+ }
+
+ @Override
+ public boolean isSingleton() {
+ return true;
+ }
+
+ public void setProperties(NiFiProperties properties) {
+ this.properties = properties;
+ }
+
+ private KerberosServiceAuthenticationProvider createKerberosServiceAuthenticationProvider() throws Exception {
+ KerberosServiceAuthenticationProvider kerberosServiceAuthenticationProvider = new KerberosServiceAuthenticationProvider();
+ kerberosServiceAuthenticationProvider.setTicketValidator(createTicketValidator());
+ kerberosServiceAuthenticationProvider.setUserDetailsService(createAlternateKerberosUserDetailsService());
+ kerberosServiceAuthenticationProvider.afterPropertiesSet();
+ return kerberosServiceAuthenticationProvider;
+ }
+
+ private AlternateKerberosUserDetailsService createAlternateKerberosUserDetailsService() {
+ return new AlternateKerberosUserDetailsService();
+ }
+
+ private KerberosTicketValidator createTicketValidator() throws Exception {
+ SunJaasKerberosTicketValidator ticketValidator = new SunJaasKerberosTicketValidator();
+ ticketValidator.setServicePrincipal(properties.getKerberosServicePrincipal());
+ ticketValidator.setKeyTabLocation(new FileSystemResource(properties.getKerberosKeytabLocation()));
+ ticketValidator.afterPropertiesSet();
+ return ticketValidator;
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/LoginIdentityProviderFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/LoginIdentityProviderFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/LoginIdentityProviderFactoryBean.java
index 92a27ae..2ee187a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/LoginIdentityProviderFactoryBean.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/spring/LoginIdentityProviderFactoryBean.java
@@ -16,21 +16,6 @@
*/
package org.apache.nifi.web.security.spring;
-import java.io.File;
-import java.lang.reflect.Constructor;
-import java.lang.reflect.Field;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.util.HashMap;
-import java.util.Map;
-import javax.xml.XMLConstants;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.transform.stream.StreamSource;
-import javax.xml.validation.Schema;
-import javax.xml.validation.SchemaFactory;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.authentication.AuthenticationResponse;
import org.apache.nifi.authentication.LoginCredentials;
@@ -39,11 +24,11 @@ import org.apache.nifi.authentication.LoginIdentityProviderConfigurationContext;
import org.apache.nifi.authentication.LoginIdentityProviderInitializationContext;
import org.apache.nifi.authentication.LoginIdentityProviderLookup;
import org.apache.nifi.authentication.annotation.LoginIdentityProviderContext;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderDestructionException;
import org.apache.nifi.authentication.generated.LoginIdentityProviders;
import org.apache.nifi.authentication.generated.Property;
import org.apache.nifi.authentication.generated.Provider;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
import org.apache.nifi.nar.ExtensionManager;
import org.apache.nifi.nar.NarCloseable;
import org.apache.nifi.util.NiFiProperties;
@@ -53,6 +38,22 @@ import org.springframework.beans.factory.DisposableBean;
import org.springframework.beans.factory.FactoryBean;
import org.xml.sax.SAXException;
+import javax.xml.XMLConstants;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Schema;
+import javax.xml.validation.SchemaFactory;
+import java.io.File;
+import java.lang.reflect.Constructor;
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.util.HashMap;
+import java.util.Map;
+
/**
*
*/
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java
deleted file mode 100644
index 693d420..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationRequestToken.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.token;
-
-import org.apache.nifi.web.security.user.NewAccountRequest;
-
-/**
- * An authentication token that is used as an authorization request when submitting a new account.
- */
-public class NewAccountAuthorizationRequestToken extends NiFiAuthorizationRequestToken {
-
- final NewAccountRequest newAccountRequest;
-
- public NewAccountAuthorizationRequestToken(final NewAccountRequest newAccountRequest) {
- super(newAccountRequest.getChain());
- this.newAccountRequest = newAccountRequest;
- }
-
- public String getJustification() {
- return newAccountRequest.getJustification();
- }
-
- public NewAccountRequest getNewAccountRequest() {
- return newAccountRequest;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java
deleted file mode 100644
index de0fde6..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NewAccountAuthorizationToken.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.token;
-
-import org.apache.nifi.web.security.user.NewAccountRequest;
-import org.springframework.security.authentication.AbstractAuthenticationToken;
-
-/**
- * This is an Authentication Token for a user that has been authenticated but is not authorized to access the NiFi APIs. Typically, this authentication token is used successfully when requesting a
- * NiFi account. Requesting any other endpoint would be rejected due to lack of roles.
- */
-public class NewAccountAuthorizationToken extends AbstractAuthenticationToken {
-
- final NewAccountRequest newAccountRequest;
-
- public NewAccountAuthorizationToken(final NewAccountRequest newAccountRequest) {
- super(null);
- super.setAuthenticated(true);
- this.newAccountRequest = newAccountRequest;
- }
-
- @Override
- public Object getCredentials() {
- return null;
- }
-
- @Override
- public Object getPrincipal() {
- return newAccountRequest;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationToken.java
new file mode 100644
index 0000000..f7964f5
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthenticationToken.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.web.security.token;
+
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.userdetails.UserDetails;
+
+/**
+ * An authentication token that represents an Authenticated and Authorized user of the NiFi Apis. The authorities are based off the specified UserDetails.
+ */
+public class NiFiAuthenticationToken extends AbstractAuthenticationToken {
+
+ final UserDetails nifiUserDetails;
+
+ public NiFiAuthenticationToken(final UserDetails nifiUserDetails) {
+ super(nifiUserDetails.getAuthorities());
+ super.setAuthenticated(true);
+ setDetails(nifiUserDetails);
+ this.nifiUserDetails = nifiUserDetails;
+ }
+
+ @Override
+ public Object getCredentials() {
+ return nifiUserDetails.getPassword();
+ }
+
+ @Override
+ public Object getPrincipal() {
+ return nifiUserDetails;
+ }
+
+ @Override
+ public final void setAuthenticated(boolean authenticated) {
+ throw new IllegalArgumentException("Cannot change the authenticated state.");
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationRequestToken.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationRequestToken.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationRequestToken.java
deleted file mode 100644
index c20aaf3..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-security/src/main/java/org/apache/nifi/web/security/token/NiFiAuthorizationRequestToken.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.security.token;
-
-import java.util.Collections;
-import java.util.List;
-import org.springframework.security.authentication.AbstractAuthenticationToken;
-
-/**
- * An authentication token that is used as an authorization request. The request has already been authenticated and is now going to be authorized.
- * The request chain is specified during creation and is used authorize the user(s).
- */
-public class NiFiAuthorizationRequestToken extends AbstractAuthenticationToken {
-
- private final List<String> chain;
-
- public NiFiAuthorizationRequestToken(final List<String> chain) {
- super(null);
- this.chain = chain;
- }
-
- @Override
- public Object getCredentials() {
- return null;
- }
-
- @Override
- public Object getPrincipal() {
- return chain;
- }
-
- public List<String> getChain() {
- return Collections.unmodifiableList(chain);
- }
-
- @Override
- public final void setAuthenticated(boolean authenticated) {
- throw new IllegalArgumentException("Cannot change the authenticated state.");
- }
-}
[5/9] nifi git commit: NIFI-1551: - Starting to remove the
AuthorityProvider. - This closes #330
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java
deleted file mode 100644
index 7bc863b..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/RequestUserAccountActionTest.java
+++ /dev/null
@@ -1,127 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.lang3.StringUtils;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-
-/**
- * Test case for RequestUserAccountAction.
- */
-public class RequestUserAccountActionTest {
-
- private static final String USER_ID_3 = "3";
-
- private static final String USER_IDENTITY_1 = "existing user account";
- private static final String USER_IDENTITY_2 = "data access exception";
- private static final String USER_IDENTITY_3 = "new account request";
-
- private DAOFactory daoFactory;
- private UserDAO userDao;
-
- @Before
- public void setup() throws Exception {
- // mock the user dao
- userDao = Mockito.mock(UserDAO.class);
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
-
- NiFiUser user = null;
- if (USER_IDENTITY_1.equals(dn)) {
- user = new NiFiUser();
- }
- return user;
- }
- }).when(userDao).findUserByDn(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
- switch (user.getIdentity()) {
- case USER_IDENTITY_2:
- throw new DataAccessException();
- case USER_IDENTITY_3:
- user.setId(USER_ID_3);
- break;
- }
-
- // do nothing
- return null;
- }
- }).when(userDao).createUser(Mockito.any(NiFiUser.class));
-
- // mock the dao factory
- daoFactory = Mockito.mock(DAOFactory.class);
- Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao);
- }
-
- /**
- * Tests when a user account already exists.
- *
- * @throws Exception ex
- */
- @Test(expected = IllegalArgumentException.class)
- public void testExistingAccount() throws Exception {
- RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_1, StringUtils.EMPTY);
- requestUserAccount.execute(daoFactory, null);
- }
-
- /**
- * Tests when a DataAccessException occurs while saving the new account
- * request.
- *
- * @throws Exception ex
- */
- @Test(expected = DataAccessException.class)
- public void testDataAccessException() throws Exception {
- RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_2, StringUtils.EMPTY);
- requestUserAccount.execute(daoFactory, null);
- }
-
- /**
- * Tests the general case for requesting a new user account.
- *
- * @throws Exception ex
- */
- @Test
- public void testRequestUserAccountAction() throws Exception {
- RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(USER_IDENTITY_3, StringUtils.EMPTY);
- NiFiUser user = requestUserAccount.execute(daoFactory, null);
-
- // verfiy the user
- Assert.assertEquals(USER_ID_3, user.getId());
- Assert.assertEquals(USER_IDENTITY_3, user.getIdentity());
- Assert.assertEquals(AccountStatus.PENDING, user.getStatus());
-
- // verify interaction with dao
- Mockito.verify(userDao, Mockito.times(1)).createUser(user);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java
deleted file mode 100644
index 58db56a..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SeedUserAccountsActionTest.java
+++ /dev/null
@@ -1,262 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.EnumSet;
-import java.util.HashSet;
-import java.util.Set;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.hamcrest.Matcher;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.ArgumentMatcher;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-
-/**
- *
- */
-public class SeedUserAccountsActionTest {
-
- private static final String USER_ID_1 = "1";
- private static final String USER_ID_2 = "2";
- private static final String USER_ID_3 = "3";
- private static final String USER_ID_4 = "4";
-
- private static final String USER_IDENTITY_1 = "user 1 - active user - remove monitor and operator, add dfm";
- private static final String USER_IDENTITY_2 = "user 2 - active user - no action";
- private static final String USER_IDENTITY_3 = "user 3 - pending user - add operator";
- private static final String USER_IDENTITY_4 = "user 4 - new user - add monitor";
-
- private DAOFactory daoFactory;
- private UserDAO userDao;
- private AuthorityDAO authorityDao;
- private AuthorityProvider authorityProvider;
-
- @Before
- public void setup() throws Exception {
- // mock the user dao
- userDao = Mockito.mock(UserDAO.class);
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String id = (String) args[0];
-
- NiFiUser user = null;
- if (USER_ID_1.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_1);
- user.setIdentity(USER_IDENTITY_1);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setStatus(AccountStatus.ACTIVE);
- } else if (USER_ID_2.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_2);
- user.setIdentity(USER_IDENTITY_2);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_ADMIN));
- user.setStatus(AccountStatus.ACTIVE);
- } else if (USER_ID_3.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_3);
- user.setIdentity(USER_IDENTITY_3);
- user.setStatus(AccountStatus.PENDING);
- }
- return user;
- }
- }).when(userDao).findUserById(Mockito.anyString());
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
-
- NiFiUser user = null;
- if (USER_IDENTITY_1.equals(dn)) {
- user = new NiFiUser();
- user.setId(USER_ID_1);
- user.setIdentity(USER_IDENTITY_1);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setStatus(AccountStatus.ACTIVE);
- } else if (USER_IDENTITY_2.equals(dn)) {
- user = new NiFiUser();
- user.setId(USER_ID_2);
- user.setIdentity(USER_IDENTITY_2);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_ADMIN));
- user.setStatus(AccountStatus.ACTIVE);
- } else if (USER_IDENTITY_3.equals(dn)) {
- user = new NiFiUser();
- user.setId(USER_ID_3);
- user.setIdentity(USER_IDENTITY_3);
- user.setStatus(AccountStatus.PENDING);
- }
- return user;
- }
- }).when(userDao).findUserByDn(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
-
- if (USER_IDENTITY_4.equals(user.getIdentity())) {
- user.setId(USER_ID_4);
- }
-
- return null;
- }
- }).when(userDao).createUser(Mockito.any(NiFiUser.class));
-
- // mock the authority dao
- authorityDao = Mockito.mock(AuthorityDAO.class);
-
- // mock the authority provider
- authorityProvider = Mockito.mock(AuthorityProvider.class);
- Mockito.doAnswer(new Answer<Set<String>>() {
- @Override
- public Set<String> answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- Authority role = (Authority) args[0];
-
- Set<String> users = new HashSet<>();
- if (Authority.ROLE_DFM.equals(role)) {
- users.add(USER_IDENTITY_1);
- } else if (Authority.ROLE_ADMIN.equals(role)) {
- users.add(USER_IDENTITY_2);
- } else if (Authority.ROLE_PROXY.equals(role)) {
- users.add(USER_IDENTITY_3);
- } else if (Authority.ROLE_MONITOR.equals(role)) {
- users.add(USER_IDENTITY_4);
- }
- return users;
- }
- }).when(authorityProvider).getUsers(Mockito.any(Authority.class));
- Mockito.doAnswer(new Answer<Set<Authority>>() {
- @Override
- public Set<Authority> answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
-
- Set<Authority> authorities = EnumSet.noneOf(Authority.class);
- switch (dn) {
- case USER_IDENTITY_1:
- authorities.add(Authority.ROLE_DFM);
- break;
- case USER_IDENTITY_2:
- authorities.add(Authority.ROLE_ADMIN);
- break;
- case USER_IDENTITY_3:
- authorities.add(Authority.ROLE_PROXY);
- break;
- case USER_IDENTITY_4:
- authorities.add(Authority.ROLE_MONITOR);
- break;
- }
- return authorities;
- }
- }).when(authorityProvider).getAuthorities(Mockito.anyString());
-
- // mock the dao factory
- daoFactory = Mockito.mock(DAOFactory.class);
- Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao);
- Mockito.when(daoFactory.getAuthorityDAO()).thenReturn(authorityDao);
- }
-
- /**
- * Tests seeding the user accounts.
- *
- * @throws Exception ex
- */
- @Test
- public void testSeedUsers() throws Exception {
- SeedUserAccountsAction seedUserAccounts = new SeedUserAccountsAction();
- seedUserAccounts.execute(daoFactory, authorityProvider);
-
- // matcher for user 1
- Matcher<NiFiUser> matchesUser1 = new ArgumentMatcher<NiFiUser>() {
- @Override
- public boolean matches(Object argument) {
- NiFiUser user = (NiFiUser) argument;
- return USER_ID_1.equals(user.getId());
- }
- };
-
- // verify user 1 - active existing user - remove monitor, operator, add dfm
- Mockito.verify(userDao, Mockito.times(1)).updateUser(Mockito.argThat(matchesUser1));
- Mockito.verify(userDao, Mockito.never()).createUser(Mockito.argThat(matchesUser1));
- Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(EnumSet.of(Authority.ROLE_DFM), USER_ID_1);
-
- // matcher for user 2
- Matcher<NiFiUser> matchesUser2 = new ArgumentMatcher<NiFiUser>() {
- @Override
- public boolean matches(Object argument) {
- NiFiUser user = (NiFiUser) argument;
- return USER_ID_2.equals(user.getId());
- }
- };
-
- // verify user 2 - active existing user - no actions
- Mockito.verify(userDao, Mockito.times(1)).updateUser(Mockito.argThat(matchesUser2));
- Mockito.verify(userDao, Mockito.never()).createUser(Mockito.argThat(matchesUser2));
- Mockito.verify(authorityDao, Mockito.never()).createAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_2));
- Mockito.verify(authorityDao, Mockito.never()).deleteAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_2));
-
- // matchers for user 3
- Matcher<NiFiUser> matchesPendingUser3 = new ArgumentMatcher<NiFiUser>() {
- @Override
- public boolean matches(Object argument) {
- NiFiUser user = (NiFiUser) argument;
- return USER_ID_3.equals(user.getId()) && AccountStatus.ACTIVE.equals(user.getStatus());
- }
- };
- Matcher<NiFiUser> matchesUser3 = new ArgumentMatcher<NiFiUser>() {
- @Override
- public boolean matches(Object argument) {
- NiFiUser user = (NiFiUser) argument;
- return USER_ID_3.equals(user.getId());
- }
- };
-
- // verify user 3 - pending user - add operator
- Mockito.verify(userDao, Mockito.times(1)).updateUser(Mockito.argThat(matchesPendingUser3));
- Mockito.verify(userDao, Mockito.never()).createUser(Mockito.argThat(matchesUser3));
- Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(EnumSet.of(Authority.ROLE_PROXY), USER_ID_3);
- Mockito.verify(authorityDao, Mockito.never()).deleteAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_3));
-
- // matcher for user 4
- Matcher<NiFiUser> matchesUser4 = new ArgumentMatcher<NiFiUser>() {
- @Override
- public boolean matches(Object argument) {
- NiFiUser user = (NiFiUser) argument;
- return USER_ID_4.equals(user.getId());
- }
- };
-
- // verify user 4 - new user - add monitor
- Mockito.verify(userDao, Mockito.never()).updateUser(Mockito.argThat(matchesUser4));
- Mockito.verify(userDao, Mockito.times(1)).createUser(Mockito.argThat(matchesUser4));
- Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(EnumSet.of(Authority.ROLE_MONITOR), USER_ID_4);
- Mockito.verify(authorityDao, Mockito.never()).deleteAuthorities(Mockito.anySet(), Mockito.eq(USER_ID_4));
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java
deleted file mode 100644
index 5effdbb..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/test/java/org/apache/nifi/admin/service/action/SetUserAuthoritiesActionTest.java
+++ /dev/null
@@ -1,223 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Collections;
-import java.util.EnumSet;
-import java.util.Set;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.dao.UserDAO;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.commons.lang3.StringUtils;
-import org.junit.Assert;
-import org.junit.Before;
-import org.junit.Test;
-import org.mockito.Mockito;
-import org.mockito.invocation.InvocationOnMock;
-import org.mockito.stubbing.Answer;
-
-/**
- * Test case for SetUserAuthoritiesAction.
- */
-public class SetUserAuthoritiesActionTest {
-
- private static final String USER_ID_1 = "1";
- private static final String USER_ID_2 = "2";
- private static final String USER_ID_3 = "3";
-
- private static final String USER_IDENTITY_2 = "user 2";
- private static final String USER_IDENTITY_3 = "user 3";
-
- private DAOFactory daoFactory;
- private UserDAO userDao;
- private AuthorityDAO authorityDao;
- private AuthorityProvider authorityProvider;
-
- @Before
- public void setup() throws Exception {
- // mock the user dao
- userDao = Mockito.mock(UserDAO.class);
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String id = (String) args[0];
-
- NiFiUser user = null;
- if (USER_ID_1.equals(id)) {
- // leave user uninitialized
- } else if (USER_ID_2.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_2);
- user.setIdentity(USER_IDENTITY_2);
- } else if (USER_ID_3.equals(id)) {
- user = new NiFiUser();
- user.setId(USER_ID_3);
- user.setIdentity(USER_IDENTITY_3);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setStatus(AccountStatus.ACTIVE);
- }
- return user;
- }
- }).when(userDao).findUserById(Mockito.anyString());
- Mockito.doAnswer(new Answer<NiFiUser>() {
- @Override
- public NiFiUser answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
-
- NiFiUser user = null;
- if (USER_IDENTITY_3.equals(dn)) {
- user = new NiFiUser();
- user.setId(USER_ID_3);
- user.setIdentity(USER_IDENTITY_3);
- user.getAuthorities().addAll(EnumSet.of(Authority.ROLE_MONITOR));
- user.setStatus(AccountStatus.ACTIVE);
- }
- return user;
- }
- }).when(userDao).findUserByDn(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- NiFiUser user = (NiFiUser) args[0];
-
- // do nothing
- return null;
- }
- }).when(userDao).updateUser(Mockito.any(NiFiUser.class));
-
- // mock the authority dao
- authorityDao = Mockito.mock(AuthorityDAO.class);
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- Set<Authority> authorities = (Set<Authority>) args[0];
- String id = (String) args[1];
-
- // do nothing
- return null;
- }
- }).when(authorityDao).createAuthorities(Mockito.anySetOf(Authority.class), Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- Set<Authority> authorities = (Set<Authority>) args[0];
- String id = (String) args[1];
-
- // do nothing
- return null;
- }
- }).when(authorityDao).deleteAuthorities(Mockito.anySetOf(Authority.class), Mockito.anyString());
-
- // mock the dao factory
- daoFactory = Mockito.mock(DAOFactory.class);
- Mockito.when(daoFactory.getUserDAO()).thenReturn(userDao);
- Mockito.when(daoFactory.getAuthorityDAO()).thenReturn(authorityDao);
-
- // mock the authority provider
- authorityProvider = Mockito.mock(AuthorityProvider.class);
- Mockito.doAnswer(new Answer<Set<Authority>>() {
- @Override
- public Set<Authority> answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
-
- Set<Authority> authorities = EnumSet.noneOf(Authority.class);
- if (USER_IDENTITY_3.equals(dn)) {
- authorities.add(Authority.ROLE_DFM);
- }
-
- return authorities;
- }
- }).when(authorityProvider).getAuthorities(Mockito.anyString());
- Mockito.doAnswer(new Answer<Void>() {
- @Override
- public Void answer(InvocationOnMock invocation) throws Throwable {
- Object[] args = invocation.getArguments();
- String dn = (String) args[0];
- Set<Authority> authorites = (Set<Authority>) args[1];
-
- if (USER_IDENTITY_2.equals(dn)) {
- throw new AuthorityAccessException(StringUtils.EMPTY);
- }
-
- // do nothing
- return null;
- }
- }).when(authorityProvider).setAuthorities(Mockito.anyString(), Mockito.anySet());
- }
-
- /**
- * Test activating an unknown user account. User accounts are unknown then
- * there is no pending account for the user.
- *
- * @throws Exception ex
- */
- @Test(expected = AccountNotFoundException.class)
- public void testUnknownUser() throws Exception {
- UpdateUserAction setUserAuthorities = new UpdateUserAction(USER_ID_1, Collections.EMPTY_SET);
- setUserAuthorities.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Testing case then an AuthorityAccessException occurs while setting a
- * users authorities.
- *
- * @throws Exception ex
- */
- @Test(expected = AdministrationException.class)
- public void testAuthorityAccessException() throws Exception {
- UpdateUserAction setUserAuthorities = new UpdateUserAction(USER_ID_2, Collections.EMPTY_SET);
- setUserAuthorities.execute(daoFactory, authorityProvider);
- }
-
- /**
- * Tests general case of setting user authorities.
- *
- * @throws Exception ex
- */
- @Test
- public void testSetAuthorities() throws Exception {
- UpdateUserAction setUserAuthorities = new UpdateUserAction(USER_ID_3, EnumSet.of(Authority.ROLE_ADMIN));
- NiFiUser user = setUserAuthorities.execute(daoFactory, authorityProvider);
-
- // verify user
- Assert.assertEquals(USER_ID_3, user.getId());
- Assert.assertEquals(1, user.getAuthorities().size());
- Assert.assertTrue(user.getAuthorities().contains(Authority.ROLE_ADMIN));
-
- // verify interaction with dao
- Mockito.verify(userDao, Mockito.times(1)).updateUser(user);
- Mockito.verify(authorityDao, Mockito.times(1)).createAuthorities(EnumSet.of(Authority.ROLE_ADMIN), USER_ID_3);
-
- Set<Authority> authoritiesAddedToProvider = EnumSet.of(Authority.ROLE_ADMIN);
-
- // verify interaction with provider
- Mockito.verify(authorityProvider, Mockito.times(1)).setAuthorities(USER_IDENTITY_3, authoritiesAddedToProvider);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/status/ControllerStatusDTO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/status/ControllerStatusDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/status/ControllerStatusDTO.java
index 03e2124..cec51e5 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/status/ControllerStatusDTO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/status/ControllerStatusDTO.java
@@ -38,8 +38,6 @@ public class ControllerStatusDTO implements Cloneable {
private Integer connectedNodeCount = 0;
private Integer totalNodeCount = 0;
- private Boolean hasPendingAccounts;
-
private Integer runningCount = 0;
private Integer stoppedCount = 0;
private Integer invalidCount = 0;
@@ -127,18 +125,6 @@ public class ControllerStatusDTO implements Cloneable {
}
/**
- * @return whether or not there are pending user requests
- */
- @ApiModelProperty("Whether there are any pending user account requests.")
- public Boolean getHasPendingAccounts() {
- return hasPendingAccounts;
- }
-
- public void setHasPendingAccounts(Boolean hasPendingAccounts) {
- this.hasPendingAccounts = hasPendingAccounts;
- }
-
- /**
* @return number of running components in this controller
*/
@ApiModelProperty("The number of running components in the NiFi.")
@@ -256,7 +242,6 @@ public class ControllerStatusDTO implements Cloneable {
other.setConnectedNodes(getConnectedNodes());
other.setConnectedNodeCount(getConnectedNodeCount());
other.setTotalNodeCount(getTotalNodeCount());
- other.setHasPendingAccounts(getHasPendingAccounts());
other.setRunningCount(getRunningCount());
other.setStoppedCount(getStoppedCount());
other.setInvalidCount(getInvalidCount());
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/.gitignore
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/.gitignore b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/.gitignore
deleted file mode 100755
index ea8c4bf..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/target
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/pom.xml
deleted file mode 100644
index 2f0147b..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/pom.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-framework</artifactId>
- <version>1.0.0-SNAPSHOT</version>
- </parent>
- <artifactId>nifi-cluster-authorization-provider</artifactId>
- <dependencies>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-file-authorization-provider</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-framework-cluster-protocol</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-framework-cluster</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-socket-utils</artifactId>
- </dependency>
- </dependencies>
-</project>
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/ClusterManagerAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/ClusterManagerAuthorizationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/ClusterManagerAuthorizationProvider.java
deleted file mode 100644
index 2b3b38c..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/ClusterManagerAuthorizationProvider.java
+++ /dev/null
@@ -1,225 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization;
-
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.net.Socket;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.AuthorityProviderConfigurationContext;
-import org.apache.nifi.authorization.AuthorityProviderInitializationContext;
-import org.apache.nifi.authorization.FileAuthorizationProvider;
-import org.apache.nifi.authorization.annotation.AuthorityProviderContext;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
-import org.apache.nifi.cluster.authorization.protocol.message.DoesDnExistMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.GetAuthoritiesMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.GetGroupForUserMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.ProtocolMessage;
-import static org.apache.nifi.cluster.authorization.protocol.message.ProtocolMessage.MessageType.DOES_DN_EXIST;
-import static org.apache.nifi.cluster.authorization.protocol.message.ProtocolMessage.MessageType.GET_AUTHORITIES;
-import static org.apache.nifi.cluster.authorization.protocol.message.ProtocolMessage.MessageType.GET_GROUP_FOR_USER;
-import org.apache.nifi.cluster.authorization.protocol.message.jaxb.JaxbProtocolUtils;
-import org.apache.nifi.cluster.manager.impl.WebClusterManager;
-import org.apache.nifi.cluster.protocol.ProtocolContext;
-import org.apache.nifi.cluster.protocol.ProtocolMessageMarshaller;
-import org.apache.nifi.cluster.protocol.ProtocolMessageUnmarshaller;
-import org.apache.nifi.cluster.protocol.jaxb.JaxbProtocolContext;
-import org.apache.nifi.io.socket.ServerSocketConfiguration;
-import org.apache.nifi.io.socket.SocketListener;
-import org.apache.nifi.io.socket.SocketUtils;
-import org.apache.nifi.io.socket.multicast.DiscoverableService;
-import org.apache.nifi.io.socket.multicast.DiscoverableServiceImpl;
-import org.apache.nifi.logging.NiFiLog;
-import org.apache.nifi.util.NiFiProperties;
-import static org.apache.nifi.util.NiFiProperties.CLUSTER_MANAGER_ADDRESS;
-import org.apache.nifi.util.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.BeansException;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
-
-/**
- * Provides authorities for the NCM in clustered environments. Communication
- * occurs over TCP/IP sockets. All method calls are deferred to the
- * FileAuthorizationProvider.
- */
-public class ClusterManagerAuthorizationProvider extends FileAuthorizationProvider implements AuthorityProvider, ApplicationContextAware {
-
- public static final String AUTHORITY_PROVIDER_SERVIVE_NAME = "cluster-authority-provider";
-
- private static final Logger logger = new NiFiLog(LoggerFactory.getLogger(ClusterManagerAuthorizationProvider.class));
- private static final String CLUSTER_MANAGER_AUTHORITY_PROVIDER_PORT = "Authority Provider Port";
- private static final String CLUSTER_MANAGER_AUTHORITY_PROVIDER_THREADS = "Authority Provider Threads";
- private static final int DEFAULT_CLUSTER_MANAGER_AUTHORITY_PROVIDER_THREADS = 10;
-
- private WebClusterManager clusterManager;
- private ProtocolContext<ProtocolMessage> authorityProviderProtocolContext;
- private SocketListener socketListener;
- private NiFiProperties properties;
- private ApplicationContext applicationContext;
-
- @Override
- public void initialize(final AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException {
- super.initialize(initializationContext);
- }
-
- @Override
- public void onConfigured(final AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException {
- super.onConfigured(configurationContext);
-
- // get the socket address of the cluster authority provider
- final InetSocketAddress clusterAuthorityProviderAddress = getClusterManagerAuthorityProviderAddress(configurationContext);
-
- // get the cluster manager
- clusterManager = applicationContext.getBean("clusterManager", WebClusterManager.class);
-
- // if using multicast, then the authority provider's service is broadcasted
- if (properties.getClusterProtocolUseMulticast()) {
-
- // create the authority provider service for discovery
- final DiscoverableService clusterAuthorityProviderService = new DiscoverableServiceImpl(AUTHORITY_PROVIDER_SERVIVE_NAME, clusterAuthorityProviderAddress);
-
- // register the authority provider service with the cluster manager
- clusterManager.addBroadcastedService(clusterAuthorityProviderService);
- }
-
- // get the number of protocol listening thread
- final int numThreads = getClusterManagerAuthorityProviderThreads(configurationContext);
-
- // the server socket configuration
- final ServerSocketConfiguration configuration = applicationContext.getBean("protocolServerSocketConfiguration", ServerSocketConfiguration.class);
-
- // the authority provider listens for node messages
- socketListener = new SocketListener(numThreads, clusterAuthorityProviderAddress.getPort(), configuration) {
- @Override
- public void dispatchRequest(final Socket socket) {
- ClusterManagerAuthorizationProvider.this.dispatchRequest(socket);
- }
- };
-
- // start the socket listener
- if (socketListener != null && !socketListener.isRunning()) {
- try {
- socketListener.start();
- } catch (final IOException ioe) {
- throw new ProviderCreationException("Failed to start Cluster Manager Authorization Provider due to: " + ioe, ioe);
- }
- }
-
- // initialize the protocol context
- authorityProviderProtocolContext = new JaxbProtocolContext<ProtocolMessage>(JaxbProtocolUtils.JAXB_CONTEXT);
- }
-
- @Override
- public void preDestruction() throws ProviderDestructionException {
- if (socketListener != null && socketListener.isRunning()) {
- try {
- socketListener.stop();
- } catch (final IOException ioe) {
- throw new ProviderDestructionException("Failed to stop Cluster Manager Authorization Provider due to: " + ioe, ioe);
- }
- }
- super.preDestruction();
- }
-
- private int getClusterManagerAuthorityProviderThreads(final AuthorityProviderConfigurationContext configurationContext) {
- try {
- return Integer.parseInt(configurationContext.getProperty(CLUSTER_MANAGER_AUTHORITY_PROVIDER_THREADS));
- } catch (NumberFormatException nfe) {
- return DEFAULT_CLUSTER_MANAGER_AUTHORITY_PROVIDER_THREADS;
- }
- }
-
- private InetSocketAddress getClusterManagerAuthorityProviderAddress(final AuthorityProviderConfigurationContext configurationContext) {
- try {
- String socketAddress = properties.getProperty(CLUSTER_MANAGER_ADDRESS);
- if (StringUtils.isBlank(socketAddress)) {
- socketAddress = "localhost";
- }
- return InetSocketAddress.createUnresolved(socketAddress, getClusterManagerAuthorityProviderPort(configurationContext));
- } catch (Exception ex) {
- throw new RuntimeException("Invalid manager authority provider address/port due to: " + ex, ex);
- }
- }
-
- private Integer getClusterManagerAuthorityProviderPort(final AuthorityProviderConfigurationContext configurationContext) {
- final String authorityProviderPort = configurationContext.getProperty(CLUSTER_MANAGER_AUTHORITY_PROVIDER_PORT);
- if (authorityProviderPort == null || authorityProviderPort.trim().isEmpty()) {
- throw new ProviderCreationException("The authority provider port must be specified.");
- }
-
- return Integer.parseInt(authorityProviderPort);
- }
-
- private void dispatchRequest(final Socket socket) {
- try {
- // unmarshall message
- final ProtocolMessageUnmarshaller<ProtocolMessage> unmarshaller = authorityProviderProtocolContext.createUnmarshaller();
- final ProtocolMessage request = unmarshaller.unmarshal(socket.getInputStream());
- final ProtocolMessage response = request;
-
- try {
- switch (request.getType()) {
- case DOES_DN_EXIST: {
- final DoesDnExistMessage castedMsg = (DoesDnExistMessage) request;
- castedMsg.setResponse(doesDnExist(castedMsg.getDn()));
- break;
- }
- case GET_AUTHORITIES: {
- final GetAuthoritiesMessage castedMsg = (GetAuthoritiesMessage) request;
- castedMsg.setResponse(getAuthorities(castedMsg.getDn()));
- break;
- }
- case GET_GROUP_FOR_USER: {
- final GetGroupForUserMessage castedMsg = (GetGroupForUserMessage) request;
- castedMsg.setResponse(getGroupForUser(castedMsg.getDn()));
- break;
- }
- default: {
- throw new Exception("Unsupported Message Type: " + request.getType());
- }
- }
- } catch (final Exception ex) {
- response.setExceptionClass(ex.getClass().getName());
- response.setExceptionMessage(ex.getMessage());
- }
-
- final ProtocolMessageMarshaller<ProtocolMessage> marshaller = authorityProviderProtocolContext.createMarshaller();
- marshaller.marshal(response, socket.getOutputStream());
-
- } catch (final Exception e) {
- logger.warn("Failed processing Socket Authorization Provider protocol message due to " + e, e);
- } finally {
- SocketUtils.closeQuietly(socket);
- }
- }
-
- @Override
- @AuthorityProviderContext
- public void setApplicationContext(final ApplicationContext applicationContext) throws BeansException {
- this.applicationContext = applicationContext;
- }
-
- @Override
- @AuthorityProviderContext
- public void setNiFiProperties(NiFiProperties properties) {
- super.setNiFiProperties(properties);
- this.properties = properties;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/NodeAuthorizationProvider.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/NodeAuthorizationProvider.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/NodeAuthorizationProvider.java
deleted file mode 100644
index 840422f..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/NodeAuthorizationProvider.java
+++ /dev/null
@@ -1,389 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization;
-
-import org.apache.nifi.cluster.authorization.protocol.message.DoesDnExistMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.GetAuthoritiesMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.ProtocolMessage;
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.net.Socket;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.concurrent.TimeUnit;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.AuthorityProviderConfigurationContext;
-import org.apache.nifi.authorization.AuthorityProviderInitializationContext;
-import org.apache.nifi.authorization.DownloadAuthorization;
-import org.apache.nifi.authorization.annotation.AuthorityProviderContext;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-import org.apache.nifi.cluster.authorization.protocol.message.GetGroupForUserMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.jaxb.JaxbProtocolUtils;
-import org.apache.nifi.io.socket.SocketConfiguration;
-import org.apache.nifi.io.socket.SocketUtils;
-import org.apache.nifi.io.socket.multicast.DiscoverableService;
-import org.apache.nifi.cluster.protocol.ProtocolContext;
-import org.apache.nifi.cluster.protocol.ProtocolMessageMarshaller;
-import org.apache.nifi.cluster.protocol.ProtocolMessageUnmarshaller;
-import org.apache.nifi.cluster.protocol.impl.ClusterServiceDiscovery;
-import org.apache.nifi.cluster.protocol.impl.ClusterServiceLocator;
-import org.apache.nifi.cluster.protocol.jaxb.JaxbProtocolContext;
-import org.apache.nifi.io.socket.multicast.DiscoverableServiceImpl;
-import org.apache.nifi.io.socket.multicast.MulticastConfiguration;
-import org.apache.nifi.logging.NiFiLog;
-import org.apache.nifi.util.NiFiProperties;
-import static org.apache.nifi.util.NiFiProperties.CLUSTER_NODE_UNICAST_MANAGER_ADDRESS;
-import org.apache.nifi.util.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.BeansException;
-import org.springframework.context.ApplicationContext;
-import org.springframework.context.ApplicationContextAware;
-
-/**
- * Provides authorities for nodes in clustered environments. Communication
- * occurs over TCP/IP sockets. All method calls are communicated to the cluster
- * manager provider via socket.
- */
-public class NodeAuthorizationProvider implements AuthorityProvider, ApplicationContextAware {
-
- private static final Logger logger = new NiFiLog(LoggerFactory.getLogger(NodeAuthorizationProvider.class));
- private static final String CLUSTER_NODE_MANAGER_AUTHORITY_PROVIDER_PORT = "Cluster Manager Authority Provider Port";
-
- private ProtocolContext<ProtocolMessage> authorityProviderProtocolContext;
- private SocketConfiguration socketConfiguration;
- private ClusterServiceLocator serviceLocator;
- private ApplicationContext applicationContext;
- private NiFiProperties properties;
-
- @Override
- public void initialize(AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException {
- }
-
- @Override
- public void onConfigured(final AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException {
- // TODO clear user cache?
-
- // if using multicast, then the authority provider's service is broadcasted
- if (properties.getClusterProtocolUseMulticast()) {
- // create the service discovery
- final ClusterServiceDiscovery serviceDiscovery = new ClusterServiceDiscovery(
- ClusterManagerAuthorizationProvider.AUTHORITY_PROVIDER_SERVIVE_NAME,
- properties.getClusterProtocolMulticastAddress(),
- applicationContext.getBean("protocolMulticastConfiguration", MulticastConfiguration.class),
- applicationContext.getBean("protocolContext", ProtocolContext.class));
-
- // create service location configuration
- final ClusterServiceLocator.AttemptsConfig config = new ClusterServiceLocator.AttemptsConfig();
- config.setNumAttempts(3);
- config.setTimeBetweenAttempts(1);
- config.setTimeBetweenAttempsUnit(TimeUnit.SECONDS);
-
- serviceLocator = new ClusterServiceLocator(serviceDiscovery);
- serviceLocator.setAttemptsConfig(config);
- } else {
- final InetSocketAddress serviceAddress = getClusterNodeManagerAuthorityProviderAddress(configurationContext);
- final DiscoverableService service = new DiscoverableServiceImpl(ClusterManagerAuthorizationProvider.AUTHORITY_PROVIDER_SERVIVE_NAME, serviceAddress);
- serviceLocator = new ClusterServiceLocator(service);
- }
-
- try {
- // start the service locator
- serviceLocator.start();
- } catch (final IOException ioe) {
- throw new ProviderCreationException(ioe);
- }
-
- // the socket configuration
- socketConfiguration = applicationContext.getBean("protocolSocketConfiguration", SocketConfiguration.class);
-
- // initialize the protocol context
- authorityProviderProtocolContext = new JaxbProtocolContext<ProtocolMessage>(JaxbProtocolUtils.JAXB_CONTEXT);
- }
-
- private InetSocketAddress getClusterNodeManagerAuthorityProviderAddress(final AuthorityProviderConfigurationContext configurationContext) {
- try {
- String socketAddress = properties.getProperty(CLUSTER_NODE_UNICAST_MANAGER_ADDRESS);
- if (StringUtils.isBlank(socketAddress)) {
- socketAddress = "localhost";
- }
- return InetSocketAddress.createUnresolved(socketAddress, getClusterNodeManagerAuthorityProviderPort(configurationContext));
- } catch (Exception ex) {
- throw new ProviderCreationException("Invalid cluster manager authority provider address/port due to: " + ex, ex);
- }
- }
-
- private Integer getClusterNodeManagerAuthorityProviderPort(final AuthorityProviderConfigurationContext configurationContext) {
- final String nodeAuthorityProviderPort = configurationContext.getProperty(CLUSTER_NODE_MANAGER_AUTHORITY_PROVIDER_PORT);
- if (nodeAuthorityProviderPort == null || nodeAuthorityProviderPort.trim().isEmpty()) {
- throw new ProviderCreationException("The cluster manager authority provider port must be specified.");
- }
-
- return Integer.parseInt(nodeAuthorityProviderPort);
- }
-
- @Override
- public void setAuthorities(String dn, Set<Authority> authorities) throws AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to set user authorities.");
- }
-
- @Override
- public void addUser(String dn, String group) throws IdentityAlreadyExistsException, AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to add users.");
- }
-
- @Override
- public boolean doesDnExist(String dn) throws AuthorityAccessException {
- // create message
- final DoesDnExistMessage msg = new DoesDnExistMessage();
- msg.setDn(dn);
-
- Socket socket = null;
- try {
-
- final InetSocketAddress socketAddress = getServiceAddress();
- if (socketAddress == null) {
- throw new AuthorityAccessException("Cluster Authority Provider's address is not known.");
- }
-
- try {
- // create a socket
- socket = SocketUtils.createSocket(socketAddress, socketConfiguration);
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed to create socket due to: " + ioe, ioe);
- }
-
- try {
- // marshal message to output stream
- final ProtocolMessageMarshaller marshaller = authorityProviderProtocolContext.createMarshaller();
- marshaller.marshal(msg, socket.getOutputStream());
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed marshalling '" + msg.getType() + "' protocol message due to: " + ioe, ioe);
- }
-
- try {
-
- // unmarshall response and return
- final ProtocolMessageUnmarshaller<ProtocolMessage> unmarshaller = authorityProviderProtocolContext.createUnmarshaller();
- final DoesDnExistMessage response = (DoesDnExistMessage) unmarshaller.unmarshal(socket.getInputStream());
-
- // check if there was an exception
- if (response.wasException()) {
- throw new AuthorityAccessException(response.getExceptionMessage());
- }
-
- // return provider's response
- return response.getResponse();
-
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed unmarshalling '" + msg.getType() + "' response protocol message due to: " + ioe, ioe);
- }
-
- } finally {
- SocketUtils.closeQuietly(socket);
- }
- }
-
- @Override
- public Set<Authority> getAuthorities(String dn) throws UnknownIdentityException, AuthorityAccessException {
- // create message
- final GetAuthoritiesMessage msg = new GetAuthoritiesMessage();
- msg.setDn(dn);
-
- Socket socket = null;
- try {
-
- final InetSocketAddress socketAddress = getServiceAddress();
- if (socketAddress == null) {
- throw new AuthorityAccessException("Cluster Authority Provider's address is not known.");
- }
-
- try {
- // create a socket
- socket = SocketUtils.createSocket(socketAddress, socketConfiguration);
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed to create socket due to: " + ioe, ioe);
- }
-
- try {
- // marshal message to output stream
- final ProtocolMessageMarshaller marshaller = authorityProviderProtocolContext.createMarshaller();
- marshaller.marshal(msg, socket.getOutputStream());
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed marshalling '" + msg.getType() + "' protocol message due to: " + ioe, ioe);
- }
-
- try {
-
- // unmarshall response and return
- final ProtocolMessageUnmarshaller<ProtocolMessage> unmarshaller = authorityProviderProtocolContext.createUnmarshaller();
- final GetAuthoritiesMessage response = (GetAuthoritiesMessage) unmarshaller.unmarshal(socket.getInputStream());
-
- // check if there was an exception
- if (response.wasException()) {
- if (isException(UnknownIdentityException.class, response)) {
- throw new UnknownIdentityException(response.getExceptionMessage());
- } else {
- throw new AuthorityAccessException(response.getExceptionMessage());
- }
- }
-
- // return provider's response
- return response.getResponse();
-
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed unmarshalling '" + msg.getType() + "' response protocol message due to: " + ioe, ioe);
- }
-
- } finally {
- SocketUtils.closeQuietly(socket);
- }
- }
-
- @Override
- public Set<String> getUsers(Authority authority) throws AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to get users for a given authority.");
- }
-
- @Override
- public void revokeUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to revoke users.");
- }
-
- @Override
- public void setUsersGroup(Set<String> dns, String group) throws UnknownIdentityException, AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to set user groups.");
- }
-
- @Override
- public void ungroupUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to ungroup users.");
- }
-
- @Override
- public void ungroup(String group) throws AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to ungroup.");
- }
-
- @Override
- public DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException {
- return DownloadAuthorization.approved();
- }
-
- @Override
- public String getGroupForUser(String dn) throws UnknownIdentityException, AuthorityAccessException {
- // create message
- final GetGroupForUserMessage msg = new GetGroupForUserMessage();
- msg.setDn(dn);
-
- Socket socket = null;
- try {
-
- final InetSocketAddress socketAddress = getServiceAddress();
- if (socketAddress == null) {
- throw new AuthorityAccessException("Cluster Authority Provider's address is not known.");
- }
-
- try {
- // create a socket
- socket = SocketUtils.createSocket(socketAddress, socketConfiguration);
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed to create socket due to: " + ioe, ioe);
- }
-
- try {
- // marshal message to output stream
- final ProtocolMessageMarshaller marshaller = authorityProviderProtocolContext.createMarshaller();
- marshaller.marshal(msg, socket.getOutputStream());
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed marshalling '" + msg.getType() + "' protocol message due to: " + ioe, ioe);
- }
-
- try {
-
- // unmarshall response and return
- final ProtocolMessageUnmarshaller<ProtocolMessage> unmarshaller = authorityProviderProtocolContext.createUnmarshaller();
- final GetGroupForUserMessage response = (GetGroupForUserMessage) unmarshaller.unmarshal(socket.getInputStream());
-
- // check if there was an exception
- if (response.wasException()) {
- if (isException(UnknownIdentityException.class, response)) {
- throw new UnknownIdentityException(response.getExceptionMessage());
- } else {
- throw new AuthorityAccessException(response.getExceptionMessage());
- }
- }
-
- return response.getResponse();
- } catch (final IOException ioe) {
- throw new AuthorityAccessException("Failed unmarshalling '" + msg.getType() + "' response protocol message due to: " + ioe, ioe);
- }
-
- } finally {
- SocketUtils.closeQuietly(socket);
- }
- }
-
- @Override
- public void revokeGroup(String group) throws UnknownIdentityException, AuthorityAccessException {
- throw new AuthorityAccessException("Nodes are not allowed to revoke groups.");
- }
-
- @Override
- public void preDestruction() throws ProviderDestructionException {
- try {
- if (serviceLocator != null && serviceLocator.isRunning()) {
- serviceLocator.stop();
- }
- } catch (final IOException ioe) {
- throw new ProviderDestructionException(ioe);
- }
- }
-
- @Override
- @AuthorityProviderContext
- public void setApplicationContext(final ApplicationContext applicationContext) throws BeansException {
- this.applicationContext = applicationContext;
- }
-
- @AuthorityProviderContext
- public void setNiFiProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
- private InetSocketAddress getServiceAddress() {
- final DiscoverableService service = serviceLocator.getService();
- if (service != null) {
- return service.getServiceAddress();
- }
- return null;
- }
-
- private boolean isException(final Class<? extends Exception> exception, final ProtocolMessage protocolMessage) {
- if (protocolMessage.wasException()) {
- return exception.getName().equals(protocolMessage.getExceptionClass());
- } else {
- return false;
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/DoesDnExistMessage.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/DoesDnExistMessage.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/DoesDnExistMessage.java
deleted file mode 100644
index 5436140..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/DoesDnExistMessage.java
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization.protocol.message;
-
-import javax.xml.bind.annotation.XmlRootElement;
-import org.apache.nifi.cluster.authorization.protocol.message.ProtocolMessage.MessageType;
-
-/**
- */
-@XmlRootElement(name = "doesDnExistMessage")
-public class DoesDnExistMessage extends ProtocolMessage {
-
- private String dn;
-
- private boolean response;
-
- public DoesDnExistMessage() {
- }
-
- @Override
- public MessageType getType() {
- return MessageType.DOES_DN_EXIST;
- }
-
- public String getDn() {
- return dn;
- }
-
- public void setDn(String dn) {
- this.dn = dn;
- }
-
- public boolean getResponse() {
- return response;
- }
-
- public void setResponse(boolean response) {
- this.response = response;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetAuthoritiesMessage.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetAuthoritiesMessage.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetAuthoritiesMessage.java
deleted file mode 100644
index 50d371d..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetAuthoritiesMessage.java
+++ /dev/null
@@ -1,57 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization.protocol.message;
-
-import java.util.HashSet;
-import java.util.Set;
-import javax.xml.bind.annotation.XmlRootElement;
-import org.apache.nifi.authorization.Authority;
-
-/**
- */
-@XmlRootElement(name = "getAuthoritiesMessage")
-public class GetAuthoritiesMessage extends ProtocolMessage {
-
- private String dn;
-
- private Set<Authority> response = new HashSet<>();
-
- public GetAuthoritiesMessage() {
- }
-
- @Override
- public MessageType getType() {
- return MessageType.GET_AUTHORITIES;
- }
-
- public String getDn() {
- return dn;
- }
-
- public void setDn(String dn) {
- this.dn = dn;
- }
-
- public Set<Authority> getResponse() {
- return response;
- }
-
- public void setResponse(Set<Authority> response) {
- this.response = response;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetGroupForUserMessage.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetGroupForUserMessage.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetGroupForUserMessage.java
deleted file mode 100644
index 72a6af5..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/GetGroupForUserMessage.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization.protocol.message;
-
-import javax.xml.bind.annotation.XmlRootElement;
-
-/**
- */
-@XmlRootElement(name = "getGroupForUserMessage")
-public class GetGroupForUserMessage extends ProtocolMessage {
-
- private String dn;
-
- private String response;
-
- public GetGroupForUserMessage() {
- }
-
- @Override
- public MessageType getType() {
- return MessageType.GET_GROUP_FOR_USER;
- }
-
- public String getDn() {
- return dn;
- }
-
- public void setDn(String dn) {
- this.dn = dn;
- }
-
- public String getResponse() {
- return response;
- }
-
- public void setResponse(String response) {
- this.response = response;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/ProtocolMessage.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/ProtocolMessage.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/ProtocolMessage.java
deleted file mode 100644
index ddeb69e..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/ProtocolMessage.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization.protocol.message;
-
-/**
- */
-public abstract class ProtocolMessage {
-
- private String exceptionClass;
- private String exceptionMessage;
-
- public static enum MessageType {
-
- DOES_DN_EXIST,
- GET_AUTHORITIES,
- GET_USERS,
- GET_GROUP_FOR_USER
- }
-
- public abstract MessageType getType();
-
- public boolean wasException() {
- return exceptionClass != null;
- }
-
- public String getExceptionMessage() {
- return exceptionMessage;
- }
-
- public void setExceptionMessage(final String exceptionMessage) {
- this.exceptionMessage = exceptionMessage;
- }
-
- public String getExceptionClass() {
- return exceptionClass;
- }
-
- public void setExceptionClass(String exceptionClass) {
- this.exceptionClass = exceptionClass;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/JaxbProtocolUtils.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/JaxbProtocolUtils.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/JaxbProtocolUtils.java
deleted file mode 100644
index 2a32d84..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/JaxbProtocolUtils.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization.protocol.message.jaxb;
-
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBException;
-
-/**
- */
-public final class JaxbProtocolUtils {
-
- public static final String JAXB_CONTEXT_PATH = ObjectFactory.class.getPackage().getName();
-
- public static final JAXBContext JAXB_CONTEXT = initializeJaxbContext();
-
- /**
- * Load the JAXBContext version.
- */
- private static JAXBContext initializeJaxbContext() {
- try {
- return JAXBContext.newInstance(JAXB_CONTEXT_PATH);
- } catch (JAXBException e) {
- throw new RuntimeException("Unable to create JAXBContext.");
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/ObjectFactory.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/ObjectFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/ObjectFactory.java
deleted file mode 100644
index 2e70a19..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/java/org/apache/nifi/cluster/authorization/protocol/message/jaxb/ObjectFactory.java
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.cluster.authorization.protocol.message.jaxb;
-
-import javax.xml.bind.annotation.XmlRegistry;
-import org.apache.nifi.cluster.authorization.protocol.message.DoesDnExistMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.GetAuthoritiesMessage;
-import org.apache.nifi.cluster.authorization.protocol.message.GetGroupForUserMessage;
-
-/**
- */
-@XmlRegistry
-public class ObjectFactory {
-
- public ObjectFactory() {
- }
-
- public DoesDnExistMessage createDoesDnExistMessage() {
- return new DoesDnExistMessage();
- }
-
- public GetAuthoritiesMessage createGetAuthoritiesMessage() {
- return new GetAuthoritiesMessage();
- }
-
- public GetGroupForUserMessage createGetGroupForUserMessage() {
- return new GetGroupForUserMessage();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
deleted file mode 100644
index 56f4c3e..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-cluster-authorization-provider/src/main/resources/META-INF/services/org.apache.nifi.authorization.AuthorityProvider
+++ /dev/null
@@ -1,16 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements. See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to You under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-org.apache.nifi.cluster.authorization.ClusterManagerAuthorizationProvider
-org.apache.nifi.cluster.authorization.NodeAuthorizationProvider
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/pom.xml
deleted file mode 100644
index caa75de..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorization-provider/pom.xml
+++ /dev/null
@@ -1,85 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.apache.org/licenses/LICENSE-2.0
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <parent>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-framework</artifactId>
- <version>1.0.0-SNAPSHOT</version>
- </parent>
- <artifactId>nifi-file-authorization-provider</artifactId>
- <build>
- <resources>
- <resource>
- <directory>src/main/resources</directory>
- </resource>
- <resource>
- <directory>src/main/xsd</directory>
- </resource>
- </resources>
- <plugins>
- <plugin>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>jaxb2-maven-plugin</artifactId>
- <executions>
- <execution>
- <id>xjc</id>
- <goals>
- <goal>xjc</goal>
- </goals>
- <configuration>
- <packageName>org.apache.nifi.user.generated</packageName>
- </configuration>
- </execution>
- </executions>
- <configuration>
- <generateDirectory>${project.build.directory}/generated-sources/jaxb</generateDirectory>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-checkstyle-plugin</artifactId>
- <configuration>
- <excludes>**/user/generated/*.java</excludes>
- </configuration>
- </plugin>
-
- </plugins>
- </build>
- <dependencies>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-api</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-utils</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-properties</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.commons</groupId>
- <artifactId>commons-lang3</artifactId>
- </dependency>
- <dependency>
- <groupId>commons-codec</groupId>
- <artifactId>commons-codec</artifactId>
- <scope>test</scope>
- </dependency>
- </dependencies>
-</project>
[3/9] nifi git commit: NIFI-1551: - Starting to remove the
AuthorityProvider. - This closes #330
Posted by mc...@apache.org.
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
index 5ec8d01..9742011 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessResource.java
@@ -47,7 +47,6 @@ import org.apache.nifi.web.security.jwt.JwtService;
import org.apache.nifi.web.security.kerberos.KerberosService;
import org.apache.nifi.web.security.otp.OtpService;
import org.apache.nifi.web.security.token.LoginAuthenticationToken;
-import org.apache.nifi.web.security.token.NiFiAuthorizationRequestToken;
import org.apache.nifi.web.security.token.OtpAuthenticationToken;
import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.apache.nifi.web.security.x509.X509CertificateExtractor;
@@ -59,8 +58,6 @@ import org.springframework.security.authentication.AccountStatusException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
-import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import javax.servlet.http.HttpServletRequest;
@@ -103,8 +100,6 @@ public class AccessResource extends ApplicationResource {
private KerberosService kerberosService;
- private AuthenticationUserDetailsService<NiFiAuthorizationRequestToken> userDetailsService;
-
/**
* Retrieves the access configuration for this NiFi.
*
@@ -211,16 +206,12 @@ public class AccessResource extends ApplicationResource {
// without a certificate, this is not a proxied request
final List<String> chain = Arrays.asList(principal);
- // ensure the proxy chain is authorized
- final UserDetails userDetails = checkAuthorization(chain);
+ // TODO - ensure the proxy chain is authorized
+// final UserDetails userDetails = checkAuthorization(chain);
// no issues with authorization... verify authorities
accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name());
- if (userDetails.getAuthorities().isEmpty()) {
- accessStatus.setMessage("Your account is active but currently does not have any level of access.");
- } else {
- accessStatus.setMessage("Your account is active and you are already logged in.");
- }
+ accessStatus.setMessage("Your account is active and you are already logged in.");
} catch (JwtException e) {
throw new InvalidAuthenticationException(e.getMessage(), e);
}
@@ -240,16 +231,12 @@ public class AccessResource extends ApplicationResource {
accessStatus.setIdentity(proxyChain.get(0));
accessStatus.setUsername(CertificateUtils.extractUsername(proxyChain.get(0)));
- // ensure the proxy chain is authorized
- final UserDetails userDetails = checkAuthorization(proxyChain);
+ // TODO - ensure the proxy chain is authorized
+// final UserDetails userDetails = checkAuthorization(proxyChain);
// no issues with authorization... verify authorities
accessStatus.setStatus(AccessStatusDTO.Status.ACTIVE.name());
- if (userDetails.getAuthorities().isEmpty()) {
- accessStatus.setMessage("Your account is active but currently does not have any level of access.");
- } else {
- accessStatus.setMessage("Your account is active and you are already logged in.");
- }
+ accessStatus.setMessage("Your account is active and you are already logged in.");
} catch (final IllegalArgumentException iae) {
throw new InvalidAuthenticationException(iae.getMessage(), iae);
}
@@ -284,16 +271,6 @@ public class AccessResource extends ApplicationResource {
}
/**
- * Checks the status of the proxy.
- *
- * @param proxyChain the proxy chain
- * @throws AuthenticationException if the proxy chain is not authorized
- */
- private UserDetails checkAuthorization(final List<String> proxyChain) throws AuthenticationException {
- return userDetailsService.loadUserDetails(new NiFiAuthorizationRequestToken(proxyChain));
- }
-
- /**
* Creates a single use access token for downloading FlowFile content.
*
* @param httpServletRequest the servlet request
@@ -535,8 +512,8 @@ public class AccessResource extends ApplicationResource {
throw new IllegalArgumentException("Unable to determine the user from the incoming request.");
}
- // authorize the proxy if necessary
- authorizeProxyIfNecessary(proxyChain);
+ // TODO - authorize the proxy if necessary
+// authorizeProxyIfNecessary(proxyChain);
// create the authentication token
loginAuthenticationToken = new LoginAuthenticationToken(proxyChain.get(0), authenticationResponse.getExpiration(), authenticationResponse.getIssuer());
@@ -550,30 +527,6 @@ public class AccessResource extends ApplicationResource {
return generateCreatedResponse(uri, token).build();
}
- /**
- * Ensures the proxyChain is authorized before allowing the user to be authenticated.
- *
- * @param proxyChain the proxy chain
- * @throws AuthenticationException if the proxy chain is not authorized
- */
- private void authorizeProxyIfNecessary(final List<String> proxyChain) throws AuthenticationException {
- if (proxyChain.size() > 1) {
- try {
- userDetailsService.loadUserDetails(new NiFiAuthorizationRequestToken(proxyChain));
- } catch (final UsernameNotFoundException unfe) {
- // if a username not found exception was thrown, the proxies were authorized and now
- // we can issue a new token to the end user which they will use to identify themselves
- // when they enter a new account request
- } catch (final AuthenticationServiceException ase) {
- // throw an administration exception which will return a 500
- throw new AdministrationException(ase.getMessage(), ase);
- } catch (final Exception e) {
- // any other issue we're going to treat as access denied exception which will return 403
- throw new AccessDeniedException(e.getMessage(), e);
- }
- }
- }
-
private long validateTokenExpiration(long proposedTokenExpiration, String identity) {
final long maxExpiration = TimeUnit.MILLISECONDS.convert(12, TimeUnit.HOURS);
final long minExpiration = TimeUnit.MILLISECONDS.convert(1, TimeUnit.MINUTES);
@@ -619,9 +572,4 @@ public class AccessResource extends ApplicationResource {
public void setCertificateIdentityProvider(X509IdentityProvider certificateIdentityProvider) {
this.certificateIdentityProvider = certificateIdentityProvider;
}
-
- public void setUserDetailsService(AuthenticationUserDetailsService<NiFiAuthorizationRequestToken> userDetailsService) {
- this.userDetailsService = userDetailsService;
- }
-
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java
index a3d0dc1..4fa0b3c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerResource.java
@@ -84,6 +84,7 @@ import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.net.URI;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -121,34 +122,6 @@ public class ControllerResource extends ApplicationResource {
}
/**
- * Locates the User sub-resource.
- *
- * @return the User sub-resource
- */
- @Path("/users")
- @ApiOperation(
- value = "Gets the user resource",
- response = UserResource.class
- )
- public UserResource getUserResource() {
- return resourceContext.getResource(UserResource.class);
- }
-
- /**
- * Locates the User sub-resource.
- *
- * @return the User sub-resource
- */
- @Path("/user-groups")
- @ApiOperation(
- value = "Gets the user group resource",
- response = UserGroupResource.class
- )
- public UserGroupResource getUserGroupResource() {
- return resourceContext.getResource(UserGroupResource.class);
- }
-
- /**
* Locates the History sub-resource.
*
* @return the History sub-resource
@@ -932,7 +905,7 @@ public class ControllerResource extends ApplicationResource {
// create the response entity
IdentityEntity entity = new IdentityEntity();
entity.setRevision(revision);
- entity.setUserId(user.getId());
+ entity.setUserId(user.getIdentity());
entity.setIdentity(user.getUserName());
// generate the response
@@ -990,8 +963,8 @@ public class ControllerResource extends ApplicationResource {
// create the response entity
AuthorityEntity entity = new AuthorityEntity();
entity.setRevision(revision);
- entity.setUserId(user.getId());
- entity.setAuthorities(NiFiUserUtils.getAuthorities());
+ entity.setUserId(user.getIdentity());
+ entity.setAuthorities(new HashSet<>(Arrays.asList("ROLE_MONITOR", "ROLE_DFM", "ROLE_ADMIN", "ROLE_PROXY", "ROLE_NIFI", "ROLE_PROVENANCE")));
// generate the response
return clusterContext(generateOkResponse(entity)).build();
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserGroupResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserGroupResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserGroupResource.java
deleted file mode 100644
index 3a0b596..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserGroupResource.java
+++ /dev/null
@@ -1,465 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api;
-
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiParam;
-import com.wordnik.swagger.annotations.ApiResponse;
-import com.wordnik.swagger.annotations.ApiResponses;
-import com.wordnik.swagger.annotations.Authorization;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.FormParam;
-import javax.ws.rs.HttpMethod;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import org.apache.nifi.cluster.manager.NodeResponse;
-import org.apache.nifi.cluster.manager.impl.WebClusterManager;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.api.entity.UserGroupEntity;
-import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.web.NiFiServiceFacade;
-import org.apache.nifi.web.api.dto.RevisionDTO;
-import org.apache.nifi.web.api.dto.UserGroupDTO;
-import org.springframework.security.access.prepost.PreAuthorize;
-
-/**
- * RESTful endpoint for managing this Controller's user groups.
- */
-@Api(hidden = true)
-public class UserGroupResource extends ApplicationResource {
-
- /*
- * Developer Note: Clustering assumes a centralized security provider. The
- * cluster manager will manage user accounts when in clustered mode and
- * interface with the authorization provider. However, when nodes perform
- * Site-to-Site, the authorization details of the remote NiFi will be cached
- * locally. These details need to be invalidated when certain actions are
- * performed (revoking/deleting accounts, changing user authorities, user
- * group, etc).
- */
- private WebClusterManager clusterManager;
- private NiFiProperties properties;
- private NiFiServiceFacade serviceFacade;
-
- /**
- * Updates a new user group.
- *
- * @param httpServletRequest request
- * @param clientId Optional client id. If the client id is not specified, a
- * new one will be generated. This value (whether specified or generated) is
- * included in the response.
- * @param userIds A collection of user ids to include in this group. If a
- * user already belongs to another group, they will be placed in this group
- * instead. Existing users in this group will remain in this group.
- * @param group The name of the group.
- * @param rawAuthorities Array of authorities to assign to the specified
- * user.
- * @param status The status of the specified users account.
- * @param formParams form params
- * @return A userGroupEntity.
- */
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{group}")
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- public Response updateUserGroup(
- @Context HttpServletRequest httpServletRequest,
- @PathParam("group") String group,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @FormParam("userIds[]") Set<String> userIds,
- @FormParam("authorities[]") Set<String> rawAuthorities,
- @FormParam("status") String status,
- MultivaluedMap<String, String> formParams) {
-
- // get the collection of specified authorities
- final Set<String> authorities = new HashSet<>();
- for (String authority : rawAuthorities) {
- if (StringUtils.isNotBlank(authority)) {
- authorities.add(authority);
- }
- }
-
- // create the user group dto
- final UserGroupDTO userGroup = new UserGroupDTO();
- userGroup.setGroup(group);
- userGroup.setUserIds(userIds);
- userGroup.setStatus(status);
-
- // set the authorities
- if (!authorities.isEmpty() || formParams.containsKey("authorities")) {
- userGroup.setAuthorities(authorities);
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the user group entity
- final UserGroupEntity entity = new UserGroupEntity();
- entity.setRevision(revision);
- entity.setUserGroup(userGroup);
-
- // create the user group
- return updateUserGroup(httpServletRequest, group, entity);
- }
-
- /**
- * Creates a new user group with the specified users.
- *
- * @param httpServletRequest request
- * @param group The user group.
- * @param userGroupEntity A userGroupEntity.
- * @return A userGroupEntity.
- */
- @PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{group}")
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @ApiOperation(
- value = "Updates a user group",
- response = UserGroupEntity.class,
- authorizations = {
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response updateUserGroup(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The name of the user group.",
- required = true
- )
- @PathParam("group") String group,
- @ApiParam(
- value = "The user group configuration details.",
- required = true
- )
- UserGroupEntity userGroupEntity) {
-
- if (userGroupEntity == null || userGroupEntity.getUserGroup() == null) {
- throw new IllegalArgumentException("User group details must be specified.");
- }
-
- // get the user group
- UserGroupDTO userGroup = userGroupEntity.getUserGroup();
-
- // ensure the same id is being used
- if (!group.equals(userGroup.getGroup())) {
- throw new IllegalArgumentException(String.format("The user group (%s) in the request body does "
- + "not equal the user group of the requested resource (%s).", userGroup.getGroup(), group));
- }
-
- // the user group must be specified and cannot be blank
- if (StringUtils.isBlank(userGroup.getGroup())) {
- throw new IllegalArgumentException("User group must be specified and cannot be blank.");
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- if (userGroupEntity.getRevision() == null) {
- revision.setClientId(new ClientIdParameter().getClientId());
- } else {
- revision.setClientId(userGroupEntity.getRevision().getClientId());
- }
-
- // this user is being modified, replicate to the nodes to invalidate this account
- // so that it will be re-authorized during the next attempted access - if this wasn't
- // done the account would remain stale for up to the configured cache duration. this
- // is acceptable sometimes but when updating a users authorities or groups via the UI
- // they shouldn't have to wait for the changes to take effect`
- if (properties.isClusterManager()) {
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // identify yourself as the NCM attempting to invalidate the user
- final Map<String, String> headers = getHeaders(headersToOverride);
- headers.put(WebClusterManager.CLUSTER_INVALIDATE_USER_GROUP_HEADER, Boolean.TRUE.toString());
-
- final RevisionDTO invalidateUserRevision = new RevisionDTO();
- revision.setClientId(revision.getClientId());
-
- final UserGroupDTO invalidateUserGroup = new UserGroupDTO();
- invalidateUserGroup.setGroup(group);
- invalidateUserGroup.setUserIds(userGroup.getUserIds());
-
- final UserGroupEntity invalidateUserGroupEntity = new UserGroupEntity();
- invalidateUserGroupEntity.setRevision(invalidateUserRevision);
- invalidateUserGroupEntity.setUserGroup(invalidateUserGroup);
-
- // replicate the invalidate request to each node - if this request is not successful return that fact,
- // otherwise continue with the desired user modification
- final NodeResponse response = clusterManager.applyRequest(HttpMethod.PUT, getAbsolutePath(), invalidateUserGroupEntity, headers);
- if (!response.is2xx()) {
- return response.getResponse();
- }
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // handle an invalidate request from the NCM
- final String invalidateRequest = httpServletRequest.getHeader(WebClusterManager.CLUSTER_INVALIDATE_USER_GROUP_HEADER);
- if (invalidateRequest != null) {
- serviceFacade.invalidateUserGroup(userGroup.getGroup(), userGroup.getUserIds());
- return generateOkResponse().build();
- }
-
- // create the user group
- userGroup = serviceFacade.updateUserGroup(userGroup);
-
- // create the response entity
- final UserGroupEntity entity = new UserGroupEntity();
- entity.setRevision(revision);
- entity.setUserGroup(userGroup);
-
- // generate the URI for this group and return
- return generateOkResponse(entity).build();
- }
-
- /**
- * Deletes the user from the specified group. The user will not be removed,
- * just the fact that they were in this group.
- *
- * @param httpServletRequest request
- * @param group The user group.
- * @param userId The user id to remove.
- * @param clientId Optional client id. If the client id is not specified, a
- * new one will be generated. This value (whether specified or generated) is
- * included in the response.
- * @return A userGroupEntity.
- */
- @DELETE
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{group}/users/{userId}")
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @ApiOperation(
- value = "Removes a user from a user group",
- notes = "Removes a user from a user group. The will not be deleted, jsut the fact that they were in this group.",
- response = UserGroupEntity.class,
- authorizations = {
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response removeUserFromGroup(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The name of the user group.",
- required = true
- )
- @PathParam("group") String group,
- @ApiParam(
- value = "The id of the user to remove from the user group.",
- required = true
- )
- @PathParam("userId") String userId,
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId) {
-
- // this user is being modified, replicate to the nodes to invalidate this account
- // so that it will be re-authorized during the next attempted access - if this wasn't
- // done the account would remain stale for up to the configured cache duration. this
- // is acceptable sometimes but when removing a user via the UI they shouldn't have to
- // wait for the changes to take effect
- if (properties.isClusterManager()) {
- // identify yourself as the NCM attempting to invalidate the user
- final Map<String, String> headers = getHeaders();
- headers.put(WebClusterManager.CLUSTER_INVALIDATE_USER_HEADER, Boolean.TRUE.toString());
-
- // replicate the invalidate request to each node - if this request is not successful return that fact,
- // otherwise continue with the desired user modification
- final NodeResponse response = clusterManager.applyRequest(HttpMethod.DELETE, getAbsolutePath(), getRequestParameters(true), headers);
- if (!response.is2xx()) {
- return response.getResponse();
- }
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // handle an invalidate request from the NCM
- final String invalidateRequest = httpServletRequest.getHeader(WebClusterManager.CLUSTER_INVALIDATE_USER_HEADER);
- if (invalidateRequest != null) {
- serviceFacade.invalidateUser(userId);
- return generateOkResponse().build();
- }
-
- // ungroup the specified user
- serviceFacade.removeUserFromGroup(userId);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final UserGroupEntity entity = new UserGroupEntity();
- entity.setRevision(revision);
-
- // generate ok response
- return generateOkResponse(entity).build();
- }
-
- /**
- * Deletes the user group. The users will not be removed, just the fact that
- * they were grouped.
- *
- * @param httpServletRequest request
- * @param group The user group.
- * @param clientId Optional client id. If the client id is not specified, a
- * new one will be generated. This value (whether specified or generated) is
- * included in the response.
- * @return A userGroupEntity.
- */
- @DELETE
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{group}")
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @ApiOperation(
- value = "Deletes a user group",
- notes = "Deletes a user group. The users will not be removed, just the fact that they were grouped.",
- response = UserGroupEntity.class,
- authorizations = {
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response ungroup(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The name of the user group.",
- required = true
- )
- @PathParam("group") String group,
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId) {
-
- // this user is being modified, replicate to the nodes to invalidate this account
- // so that it will be re-authorized during the next attempted access - if this wasn't
- // done the account would remain stale for up to the configured cache duration. this
- // is acceptable sometimes but when removing a user via the UI they shouldn't have to
- // wait for the changes to take effect
- if (properties.isClusterManager()) {
- // identify yourself as the NCM attempting to invalidate the user
- final Map<String, String> headers = getHeaders();
- headers.put(WebClusterManager.CLUSTER_INVALIDATE_USER_GROUP_HEADER, Boolean.TRUE.toString());
-
- // replicate the invalidate request to each node - if this request is not successful return that fact,
- // otherwise continue with the desired user modification
- final NodeResponse response = clusterManager.applyRequest(HttpMethod.DELETE, getAbsolutePath(), getRequestParameters(true), headers);
- if (!response.is2xx()) {
- return response.getResponse();
- }
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // handle an invalidate request from the NCM
- final String invalidateRequest = httpServletRequest.getHeader(WebClusterManager.CLUSTER_INVALIDATE_USER_GROUP_HEADER);
- if (invalidateRequest != null) {
- serviceFacade.invalidateUserGroup(group, null);
- return generateOkResponse().build();
- }
-
- // delete the user group
- serviceFacade.removeUserGroup(group);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final UserGroupEntity entity = new UserGroupEntity();
- entity.setRevision(revision);
-
- // generate ok response
- return generateOkResponse(entity).build();
- }
-
- /* setters */
- public void setServiceFacade(NiFiServiceFacade serviceFacade) {
- this.serviceFacade = serviceFacade;
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
- public void setClusterManager(WebClusterManager clusterManager) {
- this.clusterManager = clusterManager;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserResource.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserResource.java
deleted file mode 100644
index 1426999..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/UserResource.java
+++ /dev/null
@@ -1,617 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api;
-
-import com.sun.jersey.api.Responses;
-import com.wordnik.swagger.annotations.Api;
-import com.wordnik.swagger.annotations.ApiOperation;
-import com.wordnik.swagger.annotations.ApiParam;
-import com.wordnik.swagger.annotations.ApiResponse;
-import com.wordnik.swagger.annotations.ApiResponses;
-import com.wordnik.swagger.annotations.Authorization;
-import java.net.URI;
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.Consumes;
-import javax.ws.rs.DELETE;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.FormParam;
-import javax.ws.rs.GET;
-import javax.ws.rs.HttpMethod;
-import javax.ws.rs.POST;
-import javax.ws.rs.PUT;
-import javax.ws.rs.Path;
-import javax.ws.rs.PathParam;
-import javax.ws.rs.Produces;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.MultivaluedMap;
-import javax.ws.rs.core.Response;
-import org.apache.nifi.cluster.manager.NodeResponse;
-import org.apache.nifi.cluster.manager.impl.WebClusterManager;
-import org.apache.nifi.util.NiFiProperties;
-import org.apache.nifi.web.api.dto.UserDTO;
-import org.apache.nifi.web.api.dto.search.UserGroupSearchResultDTO;
-import org.apache.nifi.web.api.dto.search.UserSearchResultDTO;
-import org.apache.nifi.web.api.entity.UserEntity;
-import org.apache.nifi.web.api.entity.UserSearchResultsEntity;
-import org.apache.nifi.web.api.entity.UsersEntity;
-import org.apache.nifi.web.api.request.ClientIdParameter;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.web.NiFiServiceFacade;
-import static org.apache.nifi.web.api.ApplicationResource.CLIENT_ID;
-import org.apache.nifi.web.api.dto.RevisionDTO;
-import org.apache.nifi.web.security.user.NiFiUserUtils;
-import org.springframework.security.access.prepost.PreAuthorize;
-
-/**
- * RESTful endpoint for managing this Controller's users.
- */
-@Api(hidden = true)
-public class UserResource extends ApplicationResource {
-
- /*
- * Developer Note: Clustering assumes a centralized security provider. The
- * cluster manager will manage user accounts when in clustered mode and
- * interface with the authorization provider. However, when nodes perform
- * Site-to-Site, the authorization details of the remote NiFi will be cached
- * locally. These details need to be invalidated when certain actions are
- * performed (revoking/deleting accounts, changing user authorities, user
- * group, etc).
- */
- private WebClusterManager clusterManager;
- private NiFiProperties properties;
- private NiFiServiceFacade serviceFacade;
-
- /**
- * Creates a new user account request.
- *
- * @return A string
- */
- @POST
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces(MediaType.TEXT_PLAIN)
- @Path("") // necessary due to a bug in swagger
- @ApiOperation(
- value = "Creates a user",
- response = String.class
- )
- public Response createUser() {
- if (!properties.getSupportNewAccountRequests()) {
- return Responses.notFound().entity("This NiFi does not support new account requests.").build();
- }
-
- final NiFiUser nifiUser = NiFiUserUtils.getNiFiUser();
- if (nifiUser != null) {
- throw new IllegalArgumentException("User account already created " + nifiUser.getIdentity());
- }
-
- // create an account request for the current user
- final UserDTO user = serviceFacade.createUser();
-
- final String uri = generateResourceUri("controller", "users", user.getId());
- return generateCreatedResponse(URI.create(uri), "Not authorized. User account created. Authorization pending.").build();
- }
-
- /**
- * Gets all users that are registered within this Controller.
- *
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param grouped Whether to return the users in their groups.
- * @return A usersEntity.
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("") // necessary due to a bug in swagger
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @ApiOperation(
- value = "Gets all users",
- response = UsersEntity.class,
- authorizations = {
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response getUsers(
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @ApiParam(
- value = "Whether to return the users in their respective groups.",
- required = false
- )
- @QueryParam("grouped") @DefaultValue("false") Boolean grouped) {
-
- // get the users
- final Collection<UserDTO> users = serviceFacade.getUsers(grouped);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final UsersEntity usersEntity = new UsersEntity();
- usersEntity.setRevision(revision);
- usersEntity.setUsers(users);
- usersEntity.setGenerated(new Date());
-
- // build the response
- return generateOkResponse(usersEntity).build();
- }
-
- /**
- * Gets the details for the specified user.
- *
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param id The user id.
- * @return A userEntity.
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @Path("/{id}")
- @ApiOperation(
- value = "Gets a user",
- response = UserEntity.class,
- authorizations = {
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response getUser(
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @ApiParam(
- value = "The user id.",
- required = true
- )
- @PathParam("id") String id) {
-
- // get the specified user
- final UserDTO userDTO = serviceFacade.getUser(id);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final UserEntity userEntity = new UserEntity();
- userEntity.setRevision(revision);
- userEntity.setUser(userDTO);
-
- // build the response
- return generateOkResponse(userEntity).build();
- }
-
- /**
- * Searches for users with match the specified query.
- *
- * @param value Search value that will be matched against users
- * @return A userSearchResultsEntity
- */
- @GET
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/search-results")
- @PreAuthorize("hasAnyRole('ROLE_DFM', 'ROLE_ADMIN')")
- @ApiOperation(
- value = "Searches for users",
- response = UserSearchResultsEntity.class,
- authorizations = {
- @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response searchUsers(
- @ApiParam(
- value = "The search terms.",
- required = true
- )
- @QueryParam("q") @DefaultValue(StringUtils.EMPTY) String value) {
-
- final List<UserSearchResultDTO> userMatches = new ArrayList<>();
- final List<UserGroupSearchResultDTO> userGroupMatches = new ArrayList<>();
-
- // get the users
- final Collection<UserDTO> users = serviceFacade.getUsers(Boolean.FALSE);
- final Collection<String> matchedGroups = new HashSet<>();
-
- // check each to see if it matches the search term
- for (UserDTO user : users) {
- // count the user if there is no search or it matches the address
- if (StringUtils.isBlank(value)) {
- // record the group match if there is one and it hasn't already been encountered
- if (user.getUserGroup() != null && !matchedGroups.contains(user.getUserGroup())) {
- // add the matched group
- matchedGroups.add(user.getUserGroup());
-
- // record the group match
- final UserGroupSearchResultDTO userGroupMatch = new UserGroupSearchResultDTO();
- userGroupMatch.setGroup(user.getUserGroup());
- userGroupMatches.add(userGroupMatch);
- }
-
- // record the user match
- final UserSearchResultDTO userMatch = new UserSearchResultDTO();
- userMatch.setUserDn(user.getDn());
- userMatch.setUserName(user.getUserName());
- userMatches.add(userMatch);
- } else {
- // look for a user match
- if (StringUtils.containsIgnoreCase(user.getDn(), value) || StringUtils.containsIgnoreCase(user.getUserName(), value)) {
- // record the user match
- final UserSearchResultDTO userMatch = new UserSearchResultDTO();
- userMatch.setUserDn(user.getDn());
- userMatch.setUserName(user.getUserName());
- userMatches.add(userMatch);
- }
-
- // look for a dn match
- if (StringUtils.containsIgnoreCase(user.getUserGroup(), value)) {
- // record the group match if it hasn't already been encountered
- if (!matchedGroups.contains(user.getUserGroup())) {
- // add the matched group
- matchedGroups.add(user.getUserGroup());
-
- // record the group match
- final UserGroupSearchResultDTO userGroupMatch = new UserGroupSearchResultDTO();
- userGroupMatch.setGroup(user.getUserGroup());
- userGroupMatches.add(userGroupMatch);
- }
- }
- }
- }
-
- // sort the user matches
- Collections.sort(userMatches, new Comparator<UserSearchResultDTO>() {
- @Override
- public int compare(UserSearchResultDTO user1, UserSearchResultDTO user2) {
- return user1.getUserName().compareTo(user2.getUserName());
- }
- });
-
- // sort the user group matches
- Collections.sort(userGroupMatches, new Comparator<UserGroupSearchResultDTO>() {
- @Override
- public int compare(UserGroupSearchResultDTO userGroup1, UserGroupSearchResultDTO userGroup2) {
- return userGroup1.getGroup().compareTo(userGroup2.getGroup());
- }
- });
-
- // build the response
- final UserSearchResultsEntity results = new UserSearchResultsEntity();
- results.setUserResults(userMatches);
- results.setUserGroupResults(userGroupMatches);
-
- // generate an 200 - OK response
- return noCache(Response.ok(results)).build();
- }
-
- /**
- * Updates the specified user.
- *
- * @param httpServletRequest request
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @param id The id of the user to update.
- * @param rawAuthorities Array of authorities to assign to the specified user.
- * @param status The status of the specified users account.
- * @param formParams form params
- * @return A userEntity
- */
- @PUT
- @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @Path("/{id}")
- public Response updateUser(
- @Context HttpServletRequest httpServletRequest,
- @FormParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId,
- @PathParam("id") String id,
- @FormParam("authorities[]") Set<String> rawAuthorities,
- @FormParam("status") String status,
- MultivaluedMap<String, String> formParams) {
-
- // create the user
- final UserDTO userDTO = new UserDTO();
- userDTO.setId(id);
- userDTO.setStatus(status);
-
- // get the collection of specified authorities
- final Set<String> authorities = new HashSet<>();
- for (String authority : rawAuthorities) {
- if (StringUtils.isNotBlank(authority)) {
- authorities.add(authority);
- }
- }
-
- // set the authorities
- if (!authorities.isEmpty() || formParams.containsKey("authorities")) {
- userDTO.setAuthorities(authorities);
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the user entity
- UserEntity userEntity = new UserEntity();
- userEntity.setRevision(revision);
- userEntity.setUser(userDTO);
-
- // update the user
- return updateUser(httpServletRequest, id, userEntity);
- }
-
- /**
- * Updates the specified user.
- *
- * @param httpServletRequest request
- * @param id The id of the user to update.
- * @param userEntity A userEntity
- * @return A userEntity
- */
- @PUT
- @Consumes({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @Path("/{id}")
- @ApiOperation(
- value = "Updates a user",
- response = UserEntity.class,
- authorizations = {
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response updateUser(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The user id.",
- required = true
- )
- @PathParam("id") String id,
- @ApiParam(
- value = "The user configuration details.",
- required = true
- ) UserEntity userEntity) {
-
- if (userEntity == null || userEntity.getUser() == null) {
- throw new IllegalArgumentException("User details must be specified.");
- }
-
- // ensure the same user id is being used
- final UserDTO userDTO = userEntity.getUser();
- if (!id.equals(userDTO.getId())) {
- throw new IllegalArgumentException(String.format("The user id (%s) in the request body does "
- + "not equal the user id of the requested resource (%s).", userDTO.getId(), id));
- }
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- if (userEntity.getRevision() == null) {
- revision.setClientId(new ClientIdParameter().getClientId());
- } else {
- revision.setClientId(userEntity.getRevision().getClientId());
- }
-
- // this user is being modified, replicate to the nodes to invalidate this account
- // so that it will be re-authorized during the next attempted access - if this wasn't
- // done the account would remain stale for up to the configured cache duration. this
- // is acceptable sometimes but when updating a users authorities or groups via the UI
- // they shouldn't have to wait for the changes to take effect`
- if (properties.isClusterManager()) {
- // change content type to JSON for serializing entity
- final Map<String, String> headersToOverride = new HashMap<>();
- headersToOverride.put("content-type", MediaType.APPLICATION_JSON);
-
- // identify yourself as the NCM attempting to invalidate the user
- final Map<String, String> headers = getHeaders(headersToOverride);
- headers.put(WebClusterManager.CLUSTER_INVALIDATE_USER_HEADER, Boolean.TRUE.toString());
-
- final RevisionDTO invalidateUserRevision = new RevisionDTO();
- revision.setClientId(revision.getClientId());
-
- final UserDTO invalidateUser = new UserDTO();
- invalidateUser.setId(userDTO.getId());
-
- final UserEntity invalidateUserEntity = new UserEntity();
- invalidateUserEntity.setRevision(invalidateUserRevision);
- invalidateUserEntity.setUser(userDTO);
-
- // replicate the invalidate request to each node - if this request is not successful return that fact,
- // otherwise continue with the desired user modification
- final NodeResponse response = clusterManager.applyRequest(HttpMethod.PUT, getAbsolutePath(), invalidateUserEntity, headers);
- if (!response.is2xx()) {
- return response.getResponse();
- }
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // handle an invalidate request from the NCM
- final String invalidateRequest = httpServletRequest.getHeader(WebClusterManager.CLUSTER_INVALIDATE_USER_HEADER);
- if (invalidateRequest != null) {
- serviceFacade.invalidateUser(id);
- return generateOkResponse().build();
- }
-
- // update the user
- final UserDTO reponseUserDTO = serviceFacade.updateUser(userDTO);
-
- // create the response entity
- UserEntity responseUserEntity = new UserEntity();
- responseUserEntity.setRevision(revision);
- responseUserEntity.setUser(reponseUserDTO);
-
- // build the response
- return generateOkResponse(responseUserEntity).build();
- }
-
- /**
- * Deletes the specified user.
- *
- * @param httpServletRequest request
- * @param id The user id
- * @param clientId Optional client id. If the client id is not specified, a new one will be generated. This value (whether specified or generated) is included in the response.
- * @return A userEntity.
- */
- @DELETE
- @Consumes(MediaType.WILDCARD)
- @Produces({MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML})
- @Path("/{id}")
- @PreAuthorize("hasRole('ROLE_ADMIN')")
- @ApiOperation(
- value = "Deletes a user",
- response = UserEntity.class,
- authorizations = {
- @Authorization(value = "Administrator", type = "ROLE_ADMIN")
- }
- )
- @ApiResponses(
- value = {
- @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
- @ApiResponse(code = 401, message = "Client could not be authenticated."),
- @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
- @ApiResponse(code = 404, message = "The specified resource could not be found."),
- @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
- }
- )
- public Response deleteUser(
- @Context HttpServletRequest httpServletRequest,
- @ApiParam(
- value = "The user id.",
- required = true
- )
- @PathParam("id") String id,
- @ApiParam(
- value = "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
- required = false
- )
- @QueryParam(CLIENT_ID) @DefaultValue(StringUtils.EMPTY) ClientIdParameter clientId) {
-
- // this user is being modified, replicate to the nodes to invalidate this account
- // so that it will be re-authorized during the next attempted access - if this wasn't
- // done the account would remain stale for up to the configured cache duration. this
- // is acceptable sometimes but when removing a user via the UI they shouldn't have to
- // wait for the changes to take effect
- if (properties.isClusterManager()) {
- // identify yourself as the NCM attempting to invalidate the user
- final Map<String, String> headers = getHeaders();
- headers.put(WebClusterManager.CLUSTER_INVALIDATE_USER_HEADER, Boolean.TRUE.toString());
-
- // replicate the invalidate request to each node - if this request is not successful return that fact,
- // otherwise continue with the desired user modification
- final NodeResponse response = clusterManager.applyRequest(HttpMethod.DELETE, getAbsolutePath(), getRequestParameters(true), headers);
- if (!response.is2xx()) {
- return response.getResponse();
- }
- }
-
- // handle expects request (usually from the cluster manager)
- final String expects = httpServletRequest.getHeader(WebClusterManager.NCM_EXPECTS_HTTP_HEADER);
- if (expects != null) {
- return generateContinueResponse().build();
- }
-
- // handle an invalidate request from the NCM
- final String invalidateRequest = httpServletRequest.getHeader(WebClusterManager.CLUSTER_INVALIDATE_USER_HEADER);
- if (invalidateRequest != null) {
- serviceFacade.invalidateUser(id);
- return generateOkResponse().build();
- }
-
- // ungroup the specified user
- serviceFacade.deleteUser(id);
-
- // create the revision
- final RevisionDTO revision = new RevisionDTO();
- revision.setClientId(clientId.getClientId());
-
- // create the response entity
- final UserEntity entity = new UserEntity();
- entity.setRevision(revision);
-
- // generate ok response
- return generateOkResponse(entity).build();
- }
-
- /* setters */
- public void setServiceFacade(NiFiServiceFacade serviceFacade) {
- this.serviceFacade = serviceFacade;
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
- public void setClusterManager(WebClusterManager clusterManager) {
- this.clusterManager = clusterManager;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccountNotFoundExceptionMapper.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccountNotFoundExceptionMapper.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccountNotFoundExceptionMapper.java
deleted file mode 100644
index 8fed1a2..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccountNotFoundExceptionMapper.java
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.web.api.config;
-
-import com.sun.jersey.api.Responses;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.ext.ExceptionMapper;
-import javax.ws.rs.ext.Provider;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.commons.lang3.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Maps resource not found exceptions into client responses.
- */
-@Provider
-public class AccountNotFoundExceptionMapper implements ExceptionMapper<AccountNotFoundException> {
-
- private static final Logger logger = LoggerFactory.getLogger(AccountNotFoundExceptionMapper.class);
-
- @Override
- public Response toResponse(AccountNotFoundException exception) {
- logger.info(String.format("%s. Returning %s response.", exception, Response.Status.NOT_FOUND));
-
- if (logger.isDebugEnabled()) {
- logger.debug(StringUtils.EMPTY, exception);
- }
-
- return Responses.notFound().entity(exception.getMessage()).type("text/plain").build();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
index 5e7a902..0ae7649 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java
@@ -16,29 +16,6 @@
*/
package org.apache.nifi.web.api.dto;
-import java.text.Collator;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Comparator;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Iterator;
-import java.util.LinkedHashMap;
-import java.util.LinkedHashSet;
-import java.util.List;
-import java.util.Locale;
-import java.util.Map;
-import java.util.Map.Entry;
-import java.util.Set;
-import java.util.TreeMap;
-import java.util.TreeSet;
-import java.util.concurrent.TimeUnit;
-
-import javax.ws.rs.WebApplicationException;
-
import org.apache.nifi.action.Action;
import org.apache.nifi.action.component.details.ComponentDetails;
import org.apache.nifi.action.component.details.ExtensionDetails;
@@ -57,7 +34,6 @@ import org.apache.nifi.action.details.PurgeDetails;
import org.apache.nifi.annotation.behavior.Stateful;
import org.apache.nifi.annotation.documentation.CapabilityDescription;
import org.apache.nifi.annotation.documentation.Tags;
-import org.apache.nifi.authorization.Authority;
import org.apache.nifi.cluster.HeartbeatPayload;
import org.apache.nifi.cluster.event.Event;
import org.apache.nifi.cluster.manager.StatusMerger;
@@ -122,8 +98,6 @@ import org.apache.nifi.reporting.Bulletin;
import org.apache.nifi.reporting.BulletinRepository;
import org.apache.nifi.reporting.ReportingTask;
import org.apache.nifi.scheduling.SchedulingStrategy;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.user.NiFiUserGroup;
import org.apache.nifi.util.FormatUtils;
import org.apache.nifi.web.FlowModification;
import org.apache.nifi.web.Revision;
@@ -155,6 +129,28 @@ import org.apache.nifi.web.api.dto.status.ProcessorStatusSnapshotDTO;
import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusDTO;
import org.apache.nifi.web.api.dto.status.RemoteProcessGroupStatusSnapshotDTO;
+import javax.ws.rs.WebApplicationException;
+import java.text.Collator;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.Collections;
+import java.util.Comparator;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.LinkedHashMap;
+import java.util.LinkedHashSet;
+import java.util.List;
+import java.util.Locale;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Set;
+import java.util.TreeMap;
+import java.util.TreeSet;
+import java.util.concurrent.TimeUnit;
+
public final class DtoFactory {
@SuppressWarnings("rawtypes")
@@ -2534,57 +2530,6 @@ public final class DtoFactory {
return revisionDTO;
}
- /**
- * Factory method for creating a new user transfer object.
- *
- * @param user user
- * @return dto
- */
- public UserDTO createUserDTO(NiFiUser user) {
- // convert the users authorities
- Set<String> authorities = Authority.convertAuthorities(user.getAuthorities());
-
- // create the user
- UserDTO userDTO = new UserDTO();
- userDTO.setId(String.valueOf(user.getId()));
- userDTO.setDn(user.getIdentity());
- userDTO.setUserName(user.getUserName());
- userDTO.setUserGroup(user.getUserGroup());
- userDTO.setJustification(user.getJustification());
- userDTO.setAuthorities(authorities);
-
- // ensure the date fields are not null
- if (user.getCreation() != null) {
- userDTO.setCreation(user.getCreation());
- }
- if (user.getLastAccessed() != null) {
- userDTO.setLastAccessed(user.getLastAccessed());
- }
- if (user.getLastVerified() != null) {
- userDTO.setLastVerified(user.getLastVerified());
- }
- if (user.getStatus() != null) {
- userDTO.setStatus(user.getStatus().toString());
- }
-
- return userDTO;
- }
-
- public UserGroupDTO createUserGroupDTO(NiFiUserGroup userGroup) {
- UserGroupDTO userGroupDto = new UserGroupDTO();
- userGroupDto.setGroup(userGroup.getGroup());
- userGroupDto.setUserIds(new HashSet<String>());
-
- // set the users if they have been specified
- if (userGroup.getUsers() != null) {
- for (NiFiUser user : userGroup.getUsers()) {
- userGroupDto.getUserIds().add(String.valueOf(user.getId()));
- }
- }
-
- return userGroupDto;
- }
-
public NodeDTO createNodeDTO(Node node, List<Event> events, boolean primary) {
final NodeDTO nodeDto = new NodeDTO();
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
index 68d0dbe..1f2beaf 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java
@@ -20,7 +20,6 @@ import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ClassUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.authorization.DownloadAuthorization;
import org.apache.nifi.cluster.protocol.NodeIdentifier;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.connectable.Connectable;
@@ -104,7 +103,6 @@ import org.apache.nifi.web.security.ProxiedEntitiesUtils;
import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.access.AccessDeniedException;
import javax.ws.rs.WebApplicationException;
import java.io.IOException;
@@ -949,11 +947,11 @@ public class ControllerFacade {
// calculate the dn chain
final List<String> dnChain = ProxiedEntitiesUtils.buildProxiedEntitiesChain(user);
- // ensure the users in this chain are allowed to download this content
- final DownloadAuthorization downloadAuthorization = userService.authorizeDownload(dnChain, attributes);
- if (!downloadAuthorization.isApproved()) {
- throw new AccessDeniedException(downloadAuthorization.getExplanation());
- }
+ // TODO - ensure the users in this chain are allowed to download this content
+// final DownloadAuthorization downloadAuthorization = userService.authorizeDownload(dnChain, attributes);
+// if (!downloadAuthorization.isApproved()) {
+// throw new AccessDeniedException(downloadAuthorization.getExplanation());
+// }
// get the filename and fall back to the identifier (should never happen)
String filename = attributes.get(CoreAttributes.FILENAME.key());
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardConnectionDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardConnectionDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardConnectionDAO.java
index e1faa14..5f0a70c 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardConnectionDAO.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardConnectionDAO.java
@@ -17,7 +17,6 @@
package org.apache.nifi.web.dao.impl;
import org.apache.nifi.admin.service.UserService;
-import org.apache.nifi.authorization.DownloadAuthorization;
import org.apache.nifi.connectable.Connectable;
import org.apache.nifi.connectable.ConnectableType;
import org.apache.nifi.connectable.Connection;
@@ -48,7 +47,6 @@ import org.apache.nifi.web.security.ProxiedEntitiesUtils;
import org.apache.nifi.web.security.user.NiFiUserUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.springframework.security.access.AccessDeniedException;
import javax.ws.rs.WebApplicationException;
import java.io.IOException;
@@ -610,12 +608,12 @@ public class StandardConnectionDAO extends ComponentDAO implements ConnectionDAO
// calculate the dn chain
final List<String> dnChain = ProxiedEntitiesUtils.buildProxiedEntitiesChain(user);
- // ensure the users in this chain are allowed to download this content
+ // TODO - ensure the users in this chain are allowed to download this content
final Map<String, String> attributes = flowFile.getAttributes();
- final DownloadAuthorization downloadAuthorization = userService.authorizeDownload(dnChain, attributes);
- if (!downloadAuthorization.isApproved()) {
- throw new AccessDeniedException(downloadAuthorization.getExplanation());
- }
+// final DownloadAuthorization downloadAuthorization = userService.authorizeDownload(dnChain, attributes);
+// if (!downloadAuthorization.isApproved()) {
+// throw new AccessDeniedException(downloadAuthorization.getExplanation());
+// }
// get the filename and fall back to the identifier (should never happen)
String filename = attributes.get(CoreAttributes.FILENAME.key());
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
index 6c2165f..555107f 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/resources/nifi-web-api-context.xml
@@ -234,16 +234,6 @@
<property name="properties" ref="nifiProperties"/>
<property name="clusterManager" ref="clusterManager"/>
</bean>
- <bean id="userResource" class="org.apache.nifi.web.api.UserResource" scope="singleton">
- <property name="serviceFacade" ref="serviceFacade"/>
- <property name="properties" ref="nifiProperties"/>
- <property name="clusterManager" ref="clusterManager"/>
- </bean>
- <bean id="userGroupResource" class="org.apache.nifi.web.api.UserGroupResource" scope="singleton">
- <property name="serviceFacade" ref="serviceFacade"/>
- <property name="properties" ref="nifiProperties"/>
- <property name="clusterManager" ref="clusterManager"/>
- </bean>
<bean id="clusterResource" class="org.apache.nifi.web.api.ClusterResource" scope="singleton">
<property name="serviceFacade" ref="serviceFacade"/>
<property name="properties" ref="nifiProperties"/>
@@ -265,7 +255,6 @@
<property name="jwtService" ref="jwtService"/>
<property name="otpService" ref="otpService"/>
<property name="kerberosService" ref="kerberosService"/>
- <property name="userDetailsService" ref="userDetailsService"/>
</bean>
<!-- configuration for jaxb serialization -->
@@ -275,7 +264,6 @@
<bean class="org.apache.nifi.web.api.config.AccessDeniedExceptionMapper" scope="singleton"/>
<bean class="org.apache.nifi.web.api.config.InvalidAuthenticationExceptionMapper" scope="singleton"/>
<bean class="org.apache.nifi.web.api.config.AuthenticationCredentialsNotFoundExceptionMapper" scope="singleton"/>
- <bean class="org.apache.nifi.web.api.config.AccountNotFoundExceptionMapper" scope="singleton"/>
<bean class="org.apache.nifi.web.api.config.AdministrationExceptionMapper" scope="singleton"/>
<bean class="org.apache.nifi.web.api.config.ClusterExceptionMapper" scope="singleton"/>
<bean class="org.apache.nifi.web.api.config.IllegalArgumentExceptionMapper" scope="singleton"/>
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessTokenEndpointTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessTokenEndpointTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessTokenEndpointTest.java
index fe48490..5b96c6e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessTokenEndpointTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AccessTokenEndpointTest.java
@@ -41,11 +41,13 @@ import org.apache.nifi.web.util.WebUtils;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
+import org.junit.Ignore;
import org.junit.Test;
/**
* Access token endpoint test.
*/
+@Ignore
public class AccessTokenEndpointTest {
private static final String CLIENT_ID = "token-endpoint-id";
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AdminAccessControlTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AdminAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AdminAccessControlTest.java
index 8e0efd1..dd69954 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AdminAccessControlTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/AdminAccessControlTest.java
@@ -53,11 +53,13 @@ import org.apache.commons.collections4.CollectionUtils;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
+import org.junit.Ignore;
import org.junit.Test;
/**
* Access control test for the admin user.
*/
+@Ignore
public class AdminAccessControlTest {
public static final String ADMIN_USER_DN = "CN=Lastname Firstname Middlename admin, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown";
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/DfmAccessControlTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/DfmAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/DfmAccessControlTest.java
index 283a4a9..914cf60 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/DfmAccessControlTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/DfmAccessControlTest.java
@@ -78,6 +78,7 @@ import org.junit.Test;
/**
* Access control test for the dfm user.
*/
+@Ignore
public class DfmAccessControlTest {
public static final String DFM_USER_DN = "CN=Lastname Firstname Middlename dfm, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown";
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ReadOnlyAccessControlTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ReadOnlyAccessControlTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ReadOnlyAccessControlTest.java
index 0ab074f..2ed653a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ReadOnlyAccessControlTest.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/test/java/org/apache/nifi/integration/accesscontrol/ReadOnlyAccessControlTest.java
@@ -49,11 +49,13 @@ import org.apache.nifi.web.api.entity.ProcessorsEntity;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
+import org.junit.Ignore;
import org.junit.Test;
/**
* Access control test for a read only user.
*/
+@Ignore
public class ReadOnlyAccessControlTest {
public static final String READ_ONLY_USER_DN = "CN=Lastname Firstname Middlename monitor, OU=Unknown, OU=Unknown, OU=Unknown, O=Unknown, C=Unknown";
[9/9] nifi git commit: NIFI-1551: - Starting to remove the
AuthorityProvider. - This closes #330
Posted by mc...@apache.org.
NIFI-1551:
- Starting to remove the AuthorityProvider.
- This closes #330
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo
Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/c4d06f20
Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/c4d06f20
Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/c4d06f20
Branch: refs/heads/master
Commit: c4d06f203d204d4a3128e1b997144edcd82e48a5
Parents: 2bcc313
Author: Matt Gilman <ma...@gmail.com>
Authored: Thu Apr 7 15:24:31 2016 -0400
Committer: Matt Gilman <ma...@gmail.com>
Committed: Thu Apr 7 16:18:36 2016 -0400
----------------------------------------------------------------------
.../authentication/LoginIdentityProvider.java | 4 +-
.../exception/ProviderCreationException.java | 39 ++
.../exception/ProviderDestructionException.java | 39 ++
.../apache/nifi/authorization/Authority.java | 93 ---
.../nifi/authorization/AuthorityProvider.java | 182 ------
.../AuthorityProviderConfigurationContext.java | 48 --
.../AuthorityProviderInitializationContext.java | 27 -
.../authorization/AuthorityProviderLookup.java | 25 -
.../authorization/AuthorizationRequest.java | 3 +-
.../apache/nifi/authorization/Authorizer.java | 3 +-
.../authorization/DownloadAuthorization.java | 83 ---
.../annotation/AuthorityProviderContext.java | 35 -
.../exception/AuthorityAccessException.java | 33 -
.../IdentityAlreadyExistsException.java | 32 -
.../exception/ProviderCreationException.java | 39 --
.../exception/ProviderDestructionException.java | 39 --
.../exception/UnknownIdentityException.java | 32 -
nifi-assembly/pom.xml | 5 +-
.../org/apache/nifi/util/NiFiProperties.java | 10 +-
.../cassandra/AbstractCassandraProcessor.java | 2 +-
.../AbstractCassandraProcessorTest.java | 2 +-
.../nifi/admin/KeyDataSourceFactoryBean.java | 147 +++++
.../nifi/admin/UserDataSourceFactoryBean.java | 244 -------
.../org/apache/nifi/admin/dao/AuthorityDAO.java | 59 --
.../org/apache/nifi/admin/dao/DAOFactory.java | 4 -
.../java/org/apache/nifi/admin/dao/UserDAO.java | 128 ----
.../nifi/admin/dao/impl/DAOFactoryImpl.java | 12 -
.../admin/dao/impl/StandardAuthorityDAO.java | 172 -----
.../nifi/admin/dao/impl/StandardUserDAO.java | 641 -------------------
.../admin/service/AccountDisabledException.java | 40 --
.../admin/service/AccountPendingException.java | 41 --
.../apache/nifi/admin/service/UserService.java | 133 +---
.../service/action/AbstractUserAction.java | 97 ---
.../admin/service/action/AddActionsAction.java | 3 +-
.../service/action/AdministrationAction.java | 4 +-
.../service/action/AuthorizeDownloadAction.java | 54 --
.../service/action/AuthorizeUserAction.java | 173 -----
.../admin/service/action/CreateUserAction.java | 53 --
.../admin/service/action/DeleteKeysAction.java | 3 +-
.../admin/service/action/DeleteUserAction.java | 73 ---
.../admin/service/action/DisableUserAction.java | 81 ---
.../service/action/DisableUserGroupAction.java | 78 ---
.../service/action/FindUserByDnAction.java | 49 --
.../service/action/FindUserByIdAction.java | 46 --
.../admin/service/action/GetActionAction.java | 3 +-
.../admin/service/action/GetActionsAction.java | 6 +-
.../admin/service/action/GetKeyByIdAction.java | 4 +-
.../service/action/GetKeyByIdentityAction.java | 4 +-
.../service/action/GetOrCreateKeyAction.java | 4 +-
.../admin/service/action/GetPreviousValues.java | 8 +-
.../service/action/GetUserGroupAction.java | 50 --
.../admin/service/action/GetUsersAction.java | 39 --
.../service/action/HasPendingUserAccounts.java | 34 -
.../action/InvalidateUserAccountAction.java | 58 --
.../InvalidateUserGroupAccountsAction.java | 45 --
.../service/action/PurgeActionsAction.java | 3 +-
.../action/RequestUserAccountAction.java | 67 --
.../service/action/SeedUserAccountsAction.java | 164 -----
.../admin/service/action/UngroupUserAction.java | 69 --
.../service/action/UngroupUserGroupAction.java | 57 --
.../admin/service/action/UpdateUserAction.java | 124 ----
.../UpdateUserAuthoritiesCacheAction.java | 73 ---
.../service/action/UpdateUserCacheAction.java | 47 --
.../service/action/UpdateUserGroupAction.java | 171 -----
.../admin/service/impl/StandardUserService.java | 582 +----------------
.../transaction/impl/StandardTransaction.java | 16 +-
.../impl/StandardTransactionBuilder.java | 8 +-
.../AuthorityProviderFactoryBean.java | 491 --------------
.../authorization/AuthorizerFactoryBean.java | 11 +-
...rdAuthorityProviderConfigurationContext.java | 51 --
...dAuthorityProviderInitializationContext.java | 42 --
.../org/apache/nifi/user/AccountStatus.java | 47 --
.../java/org/apache/nifi/user/NiFiUser.java | 101 +--
.../resources/nifi-administration-context.xml | 33 +-
.../src/main/xsd/authority-providers.xsd | 49 --
.../service/action/AuthorizeUserActionTest.java | 433 -------------
.../service/action/CreateUserActionTest.java | 144 -----
.../service/action/DisableUserActionTest.java | 176 -----
.../action/InvalidateUserAccountActionTest.java | 126 ----
.../action/RequestUserAccountActionTest.java | 127 ----
.../action/SeedUserAccountsActionTest.java | 262 --------
.../action/SetUserAuthoritiesActionTest.java | 223 -------
.../web/api/dto/status/ControllerStatusDTO.java | 15 -
.../.gitignore | 1 -
.../nifi-cluster-authorization-provider/pom.xml | 46 --
.../ClusterManagerAuthorizationProvider.java | 225 -------
.../NodeAuthorizationProvider.java | 389 -----------
.../protocol/message/DoesDnExistMessage.java | 55 --
.../protocol/message/GetAuthoritiesMessage.java | 57 --
.../message/GetGroupForUserMessage.java | 54 --
.../protocol/message/ProtocolMessage.java | 56 --
.../message/jaxb/JaxbProtocolUtils.java | 41 --
.../protocol/message/jaxb/ObjectFactory.java | 44 --
....apache.nifi.authorization.AuthorityProvider | 16 -
.../nifi-file-authorization-provider/pom.xml | 85 ---
.../FileAuthorizationProvider.java | 496 --------------
....apache.nifi.authorization.AuthorityProvider | 15 -
.../src/main/xsd/users.xsd | 64 --
.../FileAuthorizationProviderTest.java | 128 ----
.../org/apache/nifi/nar/ExtensionManager.java | 19 +-
.../nifi/nar/NarThreadContextClassLoader.java | 20 +-
.../main/resources/conf/authority-providers.xml | 43 --
.../main/resources/conf/authorized-users.xml | 2 +-
.../src/main/resources/conf/authorizers.xml | 28 +
.../src/main/resources/conf/nifi.properties | 4 +-
.../nifi/remote/StandardRootGroupPort.java | 105 +--
.../org/apache/nifi/web/NiFiServiceFacade.java | 81 ---
.../web/NiFiWebApiSecurityConfiguration.java | 60 +-
.../nifi/web/StandardNiFiContentAccess.java | 18 +-
.../nifi/web/StandardNiFiServiceFacade.java | 234 +------
.../StandardNiFiWebConfigurationContext.java | 4 +-
.../apache/nifi/web/StandardNiFiWebContext.java | 4 +-
.../org/apache/nifi/web/api/AccessResource.java | 68 +-
.../apache/nifi/web/api/ControllerResource.java | 35 +-
.../apache/nifi/web/api/UserGroupResource.java | 465 --------------
.../org/apache/nifi/web/api/UserResource.java | 617 ------------------
.../config/AccountNotFoundExceptionMapper.java | 47 --
.../org/apache/nifi/web/api/dto/DtoFactory.java | 99 +--
.../nifi/web/controller/ControllerFacade.java | 12 +-
.../web/dao/impl/StandardConnectionDAO.java | 12 +-
.../src/main/resources/nifi-web-api-context.xml | 12 -
.../accesscontrol/AccessTokenEndpointTest.java | 2 +
.../accesscontrol/AdminAccessControlTest.java | 2 +
.../accesscontrol/DfmAccessControlTest.java | 1 +
.../ReadOnlyAccessControlTest.java | 2 +
.../util/NiFiTestAuthorizationProvider.java | 180 ------
.../integration/util/NiFiTestAuthorizer.java | 56 ++
.../util/NiFiTestLoginIdentityProvider.java | 9 +-
....apache.nifi.authorization.AuthorityProvider | 15 -
.../org.apache.nifi.authorization.Authorizer | 15 +
.../access-control/authority-providers.xml | 2 +-
.../web/security/NiFiAuthenticationFilter.java | 105 +--
.../security/NiFiAuthenticationProvider.java | 73 ---
.../anonymous/NiFiAnonymousUserFilter.java | 39 +-
.../authorization/NiFiAuthorizationService.java | 171 -----
.../security/jwt/JwtAuthenticationFilter.java | 34 +-
.../security/jwt/JwtAuthenticationProvider.java | 56 ++
.../jwt/JwtAuthenticationRequestToken.java | 58 ++
.../kerberos/KerberosServiceFactoryBean.java | 74 ---
.../security/node/NodeAuthorizedUserFilter.java | 4 +-
.../security/otp/OtpAuthenticationFilter.java | 41 +-
.../security/otp/OtpAuthenticationProvider.java | 60 ++
.../otp/OtpAuthenticationRequestToken.java | 64 ++
.../spring/KerberosServiceFactoryBean.java | 76 +++
.../LoginIdentityProviderFactoryBean.java | 35 +-
.../NewAccountAuthorizationRequestToken.java | 40 --
.../token/NewAccountAuthorizationToken.java | 46 --
.../security/token/NiFiAuthenticationToken.java | 50 ++
.../token/NiFiAuthorizationRequestToken.java | 54 --
.../security/token/NiFiAuthorizationToken.java | 50 --
.../web/security/user/NewAccountRequest.java | 47 --
.../nifi/web/security/user/NiFiUserDetails.java | 17 +-
.../nifi/web/security/user/NiFiUserUtils.java | 21 -
.../security/x509/X509AuthenticationFilter.java | 36 +-
.../x509/X509AuthenticationProvider.java | 78 +++
.../x509/X509AuthenticationRequestToken.java | 75 +++
.../resources/nifi-web-security-context.xml | 19 +-
.../NiFiAuthorizationServiceTest.java | 249 -------
.../otp/OtpAuthenticationFilterTest.java | 91 +--
.../otp/OtpAuthenticationProviderTest.java | 102 +++
.../nifi-framework/pom.xml | 2 -
.../apache/nifi/kerberos/KerberosProvider.java | 4 +-
.../java/org/apache/nifi/ldap/LdapProvider.java | 4 +-
163 files changed, 1272 insertions(+), 11725 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java b/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
index 54becb3..145bdb4 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authentication/LoginIdentityProvider.java
@@ -18,8 +18,8 @@ package org.apache.nifi.authentication;
import org.apache.nifi.authentication.exception.IdentityAccessException;
import org.apache.nifi.authentication.exception.InvalidLoginCredentialsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderDestructionException;
/**
* Identity provider that is able to authentication a user with username/password credentials.
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderCreationException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderCreationException.java b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderCreationException.java
new file mode 100644
index 0000000..b352787
--- /dev/null
+++ b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderCreationException.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.exception;
+
+/**
+ * Represents the exceptional case when an AuthorityProvider fails instantiated.
+ *
+ */
+public class ProviderCreationException extends RuntimeException {
+
+ public ProviderCreationException() {
+ }
+
+ public ProviderCreationException(String msg) {
+ super(msg);
+ }
+
+ public ProviderCreationException(Throwable cause) {
+ super(cause);
+ }
+
+ public ProviderCreationException(String msg, Throwable cause) {
+ super(msg, cause);
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderDestructionException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderDestructionException.java b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderDestructionException.java
new file mode 100644
index 0000000..1e12146
--- /dev/null
+++ b/nifi-api/src/main/java/org/apache/nifi/authentication/exception/ProviderDestructionException.java
@@ -0,0 +1,39 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.authentication.exception;
+
+/**
+ * Represents the exceptional case when an AuthorityProvider fails destruction.
+ *
+ */
+public class ProviderDestructionException extends RuntimeException {
+
+ public ProviderDestructionException() {
+ }
+
+ public ProviderDestructionException(String msg) {
+ super(msg);
+ }
+
+ public ProviderDestructionException(Throwable cause) {
+ super(cause);
+ }
+
+ public ProviderDestructionException(String msg, Throwable cause) {
+ super(msg, cause);
+ }
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/Authority.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/Authority.java b/nifi-api/src/main/java/org/apache/nifi/authorization/Authority.java
deleted file mode 100644
index 4502c11..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/Authority.java
+++ /dev/null
@@ -1,93 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.util.EnumSet;
-import java.util.HashSet;
-import java.util.LinkedHashSet;
-import java.util.Set;
-
-/**
- * Authorities that can be assigned to NiFi users.
- */
-public enum Authority {
-
- ROLE_MONITOR,
- ROLE_DFM,
- ROLE_ADMIN,
- ROLE_PROVENANCE,
- ROLE_PROXY,
- ROLE_NIFI;
-
- /**
- * @param rawAuthority string form of authority
- * @return the matching role or null if the specified role does not match
- * any roles
- */
- public static Authority valueOfAuthority(String rawAuthority) {
- Authority desiredAuthority = null;
-
- for (Authority authority : values()) {
- if (authority.toString().equals(rawAuthority)) {
- desiredAuthority = authority;
- break;
- }
- }
-
- return desiredAuthority;
- }
-
- /**
- * @return the string value of each authority
- */
- public static Set<String> getRawAuthorities() {
- Set<String> authorities = new LinkedHashSet<>();
- for (Authority authority : values()) {
- authorities.add(authority.toString());
- }
- return authorities;
- }
-
- public static Set<String> convertAuthorities(Set<Authority> authorities) {
- if (authorities == null) {
- throw new IllegalArgumentException("No authorities have been specified.");
- }
-
- // convert the set
- Set<String> rawAuthorities = new HashSet<>(authorities.size());
- for (Authority authority : authorities) {
- rawAuthorities.add(authority.toString());
- }
- return rawAuthorities;
- }
-
- public static EnumSet<Authority> convertRawAuthorities(Set<String> rawAuthorities) {
- if (rawAuthorities == null) {
- throw new IllegalArgumentException("No authorities have been specified.");
- }
-
- // convert the set
- EnumSet<Authority> authorities = EnumSet.noneOf(Authority.class);
- for (String rawAuthority : rawAuthorities) {
- Authority authority = Authority.valueOfAuthority(rawAuthority);
- if (authority != null) {
- authorities.add(authority);
- }
- }
- return authorities;
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java
deleted file mode 100644
index 716216d..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java
+++ /dev/null
@@ -1,182 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
-import org.apache.nifi.authorization.exception.ProviderDestructionException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-
-/**
- * This class allows clients to retrieve the authorities for a given DN.
- */
-public interface AuthorityProvider {
-
- /**
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @return whether the user with the specified identity is known to this authority
- * provider. It is not necessary for the user to have any authorities
- */
- boolean doesDnExist(String identity) throws AuthorityAccessException;
-
- /**
- * Get the authorities for the specified user. If the specified user exists
- * but does not have any authorities, an empty set should be returned.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @return the authorities for the specified user. If the specified user
- * exists but does not have any authorities, an empty set should be returned
- * @throws UnknownIdentityException if identity is not known
- * @throws AuthorityAccessException if unable to access authorities
- */
- Set<Authority> getAuthorities(String identity) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Sets the specified authorities for the specified user.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @param authorities the new authorities for the user
- * @throws UnknownIdentityException if identity is not known
- * @throws AuthorityAccessException if unable to access authorities
- */
- void setAuthorities(String identity, Set<Authority> authorities) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Gets the users for the specified authority.
- *
- * @param authority for which to determine membership of
- * @return all users with the specified authority
- * @throws AuthorityAccessException if unable to access authorities
- */
- Set<String> getUsers(Authority authority) throws AuthorityAccessException;
-
- /**
- * Revokes the specified user. Its up to the implementor to determine the
- * semantics of revocation.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void revokeUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Add the specified user.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @param group Optional
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void addUser(String identity, String group) throws IdentityAlreadyExistsException, AuthorityAccessException;
-
- /**
- * Gets the group for the specified user. Return null if the user does not
- * belong to a group.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @return the group of the given user
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- String getGroupForUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Revokes all users for a specified group. Its up to the implementor to
- * determine the semantics of revocation.
- *
- * @param group to revoke the users of
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void revokeGroup(String group) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Adds the specified users to the specified group.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @param group to add users to
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void setUsersGroup(Set<String> identity, String group) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Ungroups the specified user.
- *
- * @param identity of the user. The identity may be a dn, an email, a username, or any string that identities the user.
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void ungroupUser(String identity) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Ungroups the specified group. Since the semantics of revocation is up to
- * the implementor, this method should do nothing if the specified group
- * does not exist. If an admin revoked this group before calling ungroup, it
- * may or may not exist.
- *
- * @param group to ungroup
- * @throws AuthorityAccessException if unable to access the authorities
- */
- void ungroup(String group) throws AuthorityAccessException;
-
- /**
- * Determines whether the user in the specified dnChain should be able to
- * download the content for the flowfile with the specified attributes.
- *
- * The first identity in the chain is the end user that the request was issued on
- * behalf of. The subsequent identities in the chain represent entities proxying
- * the user's request with the last being the proxy that sent the current
- * request.
- *
- * @param proxyChain proxy chain of user identities that for the download request
- * @param attributes of the flowfile being requested
- * @return the authorization result
- * @throws UnknownIdentityException if the user is not known
- * @throws AuthorityAccessException if unable to access the authorities
- */
- DownloadAuthorization authorizeDownload(List<String> proxyChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException;
-
- /**
- * Called immediately after instance creation for implementers to perform
- * additional setup
- *
- * @param initializationContext in which to initialize
- */
- void initialize(AuthorityProviderInitializationContext initializationContext) throws ProviderCreationException;
-
- /**
- * Called to configure the AuthorityProvider.
- *
- * @param configurationContext at the time of configuration
- * @throws ProviderCreationException for any issues configuring the provider
- */
- void onConfigured(AuthorityProviderConfigurationContext configurationContext) throws ProviderCreationException;
-
- /**
- * Called immediately before instance destruction for implementers to
- * release resources.
- *
- * @throws ProviderDestructionException If pre-destruction fails.
- */
- void preDestruction() throws ProviderDestructionException;
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderConfigurationContext.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderConfigurationContext.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderConfigurationContext.java
deleted file mode 100644
index c1ba5df..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderConfigurationContext.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-import java.util.Map;
-
-/**
- *
- */
-public interface AuthorityProviderConfigurationContext {
-
- /**
- * @return identifier for the authority provider
- */
- String getIdentifier();
-
- /**
- * Retrieves all properties the component currently understands regardless
- * of whether a value has been set for them or not. If no value is present
- * then its value is null and thus any registered default for the property
- * descriptor applies.
- *
- * @return Map of all properties
- */
- Map<String, String> getProperties();
-
- /**
- * @param property to lookup the descriptor and value of
- * @return the value the component currently understands for the given
- * PropertyDescriptor. This method does not substitute default
- * PropertyDescriptor values, so the value returned will be null if not set
- */
- String getProperty(String property);
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderInitializationContext.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderInitializationContext.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderInitializationContext.java
deleted file mode 100644
index 7b2f89f..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderInitializationContext.java
+++ /dev/null
@@ -1,27 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-/**
- *
- */
-public interface AuthorityProviderInitializationContext {
-
- public String getIdentifier();
-
- public AuthorityProviderLookup getAuthorityProviderLookup();
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderLookup.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderLookup.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderLookup.java
deleted file mode 100644
index dc30967..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProviderLookup.java
+++ /dev/null
@@ -1,25 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-/**
- *
- */
-public interface AuthorityProviderLookup {
-
- AuthorityProvider getAuthorityProvider(String identifier);
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
index 38c9e26..1538be0 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java
@@ -34,7 +34,6 @@ public class AuthorizationRequest {
private AuthorizationRequest(final Builder builder) {
Objects.requireNonNull(builder.resource, "The resource is required when creating an authorization request");
- Objects.requireNonNull(builder.identity, "The identity of the user is required when creating an authorization request");
Objects.requireNonNull(builder.action, "The action is required when creating an authorization request");
this.resource = builder.resource;
@@ -54,7 +53,7 @@ public class AuthorizationRequest {
}
/**
- * The identity accessing the Resource. Not null.
+ * The identity accessing the Resource. May be null if the user could not authenticate.
*
* @return The identity
*/
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java b/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
index 01a76e4..5aec6f0 100644
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
+++ b/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java
@@ -16,7 +16,6 @@
*/
package org.apache.nifi.authorization;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
import org.apache.nifi.authorization.exception.AuthorizationAccessException;
import org.apache.nifi.authorization.exception.AuthorizerCreationException;
import org.apache.nifi.authorization.exception.AuthorizerDestructionException;
@@ -31,7 +30,7 @@ public interface Authorizer {
*
* @param request The authorization request
* @return the authorization result
- * @throws AuthorityAccessException if unable to access the authorities
+ * @throws AuthorizationAccessException if unable to access the authorities
*/
AuthorizationResult authorize(AuthorizationRequest request) throws AuthorizationAccessException;
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java b/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java
deleted file mode 100644
index 416f3cf..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization;
-
-/**
- * Represents a decision whether authorization is granted to download content.
- */
-public class DownloadAuthorization {
-
- private static enum Result {
-
- Approved,
- Denied;
- }
-
- private static final DownloadAuthorization APPROVED = new DownloadAuthorization(Result.Approved, null);
-
- private final Result result;
- private final String explanation;
-
- /**
- * Creates a new DownloadAuthorization with the specified result and
- * explanation.
- *
- * @param result of the authorization
- * @param explanation for the authorization attempt
- */
- private DownloadAuthorization(Result result, String explanation) {
- if (Result.Denied.equals(result) && explanation == null) {
- throw new IllegalArgumentException("An explanation is required when the download request is denied.");
- }
-
- this.result = result;
- this.explanation = explanation;
- }
-
- /**
- * @return Whether or not the download request is approved
- */
- public boolean isApproved() {
- return Result.Approved.equals(result);
- }
-
- /**
- * @return If the download request is denied, the reason why. Null otherwise
- */
- public String getExplanation() {
- return explanation;
- }
-
- /**
- * @return a new approved DownloadAuthorization
- */
- public static DownloadAuthorization approved() {
- return APPROVED;
- }
-
- /**
- * Creates a new denied DownloadAuthorization with the specified
- * explanation.
- *
- * @param explanation for why it was denied
- * @return a new denied DownloadAuthorization with the specified explanation
- * @throws IllegalArgumentException if explanation is null
- */
- public static DownloadAuthorization denied(String explanation) {
- return new DownloadAuthorization(Result.Denied, explanation);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/annotation/AuthorityProviderContext.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/annotation/AuthorityProviderContext.java b/nifi-api/src/main/java/org/apache/nifi/authorization/annotation/AuthorityProviderContext.java
deleted file mode 100644
index 5ac2af7..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/annotation/AuthorityProviderContext.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.annotation;
-
-import java.lang.annotation.Documented;
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Inherited;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
-
-/**
- *
- *
- */
-@Documented
-@Target({ElementType.FIELD, ElementType.METHOD})
-@Retention(RetentionPolicy.RUNTIME)
-@Inherited
-public @interface AuthorityProviderContext {
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/exception/AuthorityAccessException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/AuthorityAccessException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/AuthorityAccessException.java
deleted file mode 100644
index be64767..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/AuthorityAccessException.java
+++ /dev/null
@@ -1,33 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the case when the DN could not be confirmed because it was unable
- * to access the data store.
- */
-public class AuthorityAccessException extends RuntimeException {
-
- public AuthorityAccessException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public AuthorityAccessException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/exception/IdentityAlreadyExistsException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/IdentityAlreadyExistsException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/IdentityAlreadyExistsException.java
deleted file mode 100644
index ba80b6e..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/IdentityAlreadyExistsException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the case when the user identity already exists.
- */
-public class IdentityAlreadyExistsException extends RuntimeException {
-
- public IdentityAlreadyExistsException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public IdentityAlreadyExistsException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderCreationException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderCreationException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderCreationException.java
deleted file mode 100644
index 24ac793..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderCreationException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the exceptional case when an AuthorityProvider fails instantiated.
- *
- */
-public class ProviderCreationException extends RuntimeException {
-
- public ProviderCreationException() {
- }
-
- public ProviderCreationException(String msg) {
- super(msg);
- }
-
- public ProviderCreationException(Throwable cause) {
- super(cause);
- }
-
- public ProviderCreationException(String msg, Throwable cause) {
- super(msg, cause);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderDestructionException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderDestructionException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderDestructionException.java
deleted file mode 100644
index 985d3fb..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/ProviderDestructionException.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the exceptional case when an AuthorityProvider fails destruction.
- *
- */
-public class ProviderDestructionException extends RuntimeException {
-
- public ProviderDestructionException() {
- }
-
- public ProviderDestructionException(String msg) {
- super(msg);
- }
-
- public ProviderDestructionException(Throwable cause) {
- super(cause);
- }
-
- public ProviderDestructionException(String msg, Throwable cause) {
- super(msg, cause);
- }
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-api/src/main/java/org/apache/nifi/authorization/exception/UnknownIdentityException.java
----------------------------------------------------------------------
diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/UnknownIdentityException.java b/nifi-api/src/main/java/org/apache/nifi/authorization/exception/UnknownIdentityException.java
deleted file mode 100644
index 2ada1c7..0000000
--- a/nifi-api/src/main/java/org/apache/nifi/authorization/exception/UnknownIdentityException.java
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.authorization.exception;
-
-/**
- * Represents the case when an identity cannot be confirmed.
- */
-public class UnknownIdentityException extends RuntimeException {
-
- public UnknownIdentityException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public UnknownIdentityException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-assembly/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-assembly/pom.xml b/nifi-assembly/pom.xml
index 09a8d50..2d26494 100644
--- a/nifi-assembly/pom.xml
+++ b/nifi-assembly/pom.xml
@@ -325,7 +325,7 @@ language governing permissions and limitations under the License. -->
<nifi.flow.configuration.file>./conf/flow.xml.gz</nifi.flow.configuration.file>
<nifi.flow.configuration.archive.dir>./conf/archive/</nifi.flow.configuration.archive.dir>
<nifi.login.identity.provider.configuration.file>./conf/login-identity-providers.xml</nifi.login.identity.provider.configuration.file>
- <nifi.authority.provider.configuration.file>./conf/authority-providers.xml</nifi.authority.provider.configuration.file>
+ <nifi.authorizer.configuration.file>./conf/authorizers.xml</nifi.authorizer.configuration.file>
<nifi.templates.directory>./conf/templates</nifi.templates.directory>
<nifi.database.directory>./database_repository</nifi.database.directory>
@@ -413,9 +413,8 @@ language governing permissions and limitations under the License. -->
<nifi.security.truststoreType />
<nifi.security.truststorePasswd />
<nifi.security.needClientAuth />
- <nifi.security.authorizedUsers.file>./conf/authorized-users.xml</nifi.security.authorizedUsers.file>
<nifi.security.user.credential.cache.duration>24 hours</nifi.security.user.credential.cache.duration>
- <nifi.security.user.authority.provider>file-provider</nifi.security.user.authority.provider>
+ <nifi.security.user.authorizer>file-provider</nifi.security.user.authorizer>
<nifi.security.user.login.identity.provider />
<nifi.security.x509.principal.extractor />
<nifi.security.support.new.account.requests />
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
----------------------------------------------------------------------
diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
index 517b19a..224c3f6 100644
--- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
+++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java
@@ -48,7 +48,7 @@ public class NiFiProperties extends Properties {
public static final String PROPERTIES_FILE_PATH = "nifi.properties.file.path";
public static final String FLOW_CONFIGURATION_FILE = "nifi.flow.configuration.file";
public static final String FLOW_CONFIGURATION_ARCHIVE_FILE = "nifi.flow.configuration.archive.file";
- public static final String AUTHORITY_PROVIDER_CONFIGURATION_FILE = "nifi.authority.provider.configuration.file";
+ public static final String AUTHORIZER_CONFIGURATION_FILE = "nifi.authorizer.configuration.file";
public static final String LOGIN_IDENTITY_PROVIDER_CONFIGURATION_FILE = "nifi.login.identity.provider.configuration.file";
public static final String REPOSITORY_DATABASE_DIRECTORY = "nifi.database.directory";
public static final String RESTORE_DIRECTORY = "nifi.restore.directory";
@@ -131,7 +131,7 @@ public class NiFiProperties extends Properties {
public static final String SECURITY_TRUSTSTORE_TYPE = "nifi.security.truststoreType";
public static final String SECURITY_TRUSTSTORE_PASSWD = "nifi.security.truststorePasswd";
public static final String SECURITY_NEED_CLIENT_AUTH = "nifi.security.needClientAuth";
- public static final String SECURITY_USER_AUTHORITY_PROVIDER = "nifi.security.user.authority.provider";
+ public static final String SECURITY_USER_AUTHORIZER = "nifi.security.user.authorizer";
public static final String SECURITY_USER_LOGIN_IDENTITY_PROVIDER = "nifi.security.user.login.identity.provider";
public static final String SECURITY_CLUSTER_AUTHORITY_PROVIDER_PORT = "nifi.security.cluster.authority.provider.port";
public static final String SECURITY_CLUSTER_AUTHORITY_PROVIDER_THREADS = "nifi.security.cluster.authority.provider.threads";
@@ -504,10 +504,10 @@ public class NiFiProperties extends Properties {
}
/**
- * @return the user authorities file
+ * @return the user authorizers file
*/
- public File getAuthorityProviderConfiguraitonFile() {
- final String value = getProperty(AUTHORITY_PROVIDER_CONFIGURATION_FILE);
+ public File getAuthorizerConfiguraitonFile() {
+ final String value = getProperty(AUTHORIZER_CONFIGURATION_FILE);
if (StringUtils.isBlank(value)) {
return new File(DEFAULT_AUTHORITY_PROVIDER_CONFIGURATION_FILE);
} else {
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
index 672a3ee..478ffaf 100644
--- a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
+++ b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/main/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessor.java
@@ -26,7 +26,7 @@ import com.datastax.driver.core.Session;
import org.apache.avro.Schema;
import org.apache.avro.SchemaBuilder;
import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.components.PropertyValue;
import org.apache.nifi.components.ValidationContext;
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java
index 1f62997..19e2320 100644
--- a/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java
+++ b/nifi-nar-bundles/nifi-cassandra-bundle/nifi-cassandra-processors/src/test/java/org/apache/nifi/processors/cassandra/AbstractCassandraProcessorTest.java
@@ -22,7 +22,7 @@ import com.datastax.driver.core.DataType;
import com.datastax.driver.core.Metadata;
import com.datastax.driver.core.Row;
import com.google.common.collect.Sets;
-import org.apache.nifi.authorization.exception.ProviderCreationException;
+import org.apache.nifi.authentication.exception.ProviderCreationException;
import org.apache.nifi.components.PropertyDescriptor;
import org.apache.nifi.processor.ProcessContext;
import org.apache.nifi.processor.ProcessSession;
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java
new file mode 100644
index 0000000..8347953
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java
@@ -0,0 +1,147 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.util.NiFiProperties;
+import org.h2.jdbcx.JdbcConnectionPool;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.FactoryBean;
+
+import java.io.File;
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+public class KeyDataSourceFactoryBean implements FactoryBean {
+
+ private static final Logger logger = LoggerFactory.getLogger(KeyDataSourceFactoryBean.class);
+ private static final String NF_USERNAME_PASSWORD = "nf";
+ private static final int MAX_CONNECTIONS = 5;
+
+ // database file name
+ private static final String USER_KEYS_DATABASE_FILE_NAME = "nifi-user-keys";
+
+ // ----------
+ // keys table
+ // ----------
+
+ private static final String CREATE_KEY_TABLE = "CREATE TABLE KEY ("
+ + "ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, "
+ + "IDENTITY VARCHAR2(4096) NOT NULL UNIQUE, "
+ + "KEY VARCHAR2(100) NOT NULL"
+ + ")";
+
+ private JdbcConnectionPool connectionPool;
+
+ private NiFiProperties properties;
+
+ @Override
+ public Object getObject() throws Exception {
+ if (connectionPool == null) {
+
+ // locate the repository directory
+ String repositoryDirectoryPath = properties.getProperty(NiFiProperties.REPOSITORY_DATABASE_DIRECTORY);
+
+ // ensure the repository directory is specified
+ if (repositoryDirectoryPath == null) {
+ throw new NullPointerException("Database directory must be specified.");
+ }
+
+ // create a handle to the repository directory
+ File repositoryDirectory = new File(repositoryDirectoryPath);
+
+ // create a handle to the database directory and file
+ File databaseFile = new File(repositoryDirectory, USER_KEYS_DATABASE_FILE_NAME);
+ String databaseUrl = getDatabaseUrl(databaseFile);
+
+ // create the pool
+ connectionPool = JdbcConnectionPool.create(databaseUrl, NF_USERNAME_PASSWORD, NF_USERNAME_PASSWORD);
+ connectionPool.setMaxConnections(MAX_CONNECTIONS);
+
+ Connection connection = null;
+ ResultSet rs = null;
+ Statement statement = null;
+ try {
+ // get a connection
+ connection = connectionPool.getConnection();
+ connection.setAutoCommit(false);
+
+ // create a statement for creating/updating the database
+ statement = connection.createStatement();
+
+ // determine if the key table need to be created
+ rs = connection.getMetaData().getTables(null, null, "KEY", null);
+ if (!rs.next()) {
+ statement.execute(CREATE_KEY_TABLE);
+ }
+
+ // commit any changes
+ connection.commit();
+ } catch (SQLException sqle) {
+ RepositoryUtils.rollback(connection, logger);
+ throw sqle;
+ } finally {
+ RepositoryUtils.closeQuietly(rs);
+ RepositoryUtils.closeQuietly(statement);
+ RepositoryUtils.closeQuietly(connection);
+ }
+ }
+
+ return connectionPool;
+ }
+
+ private String getDatabaseUrl(File databaseFile) {
+ String databaseUrl = "jdbc:h2:" + databaseFile + ";AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3";
+ String databaseUrlAppend = properties.getProperty(NiFiProperties.H2_URL_APPEND);
+ if (StringUtils.isNotBlank(databaseUrlAppend)) {
+ databaseUrl += databaseUrlAppend;
+ }
+ return databaseUrl;
+ }
+
+ @Override
+ public Class getObjectType() {
+ return JdbcConnectionPool.class;
+ }
+
+ @Override
+ public boolean isSingleton() {
+ return true;
+ }
+
+ public void setProperties(NiFiProperties properties) {
+ this.properties = properties;
+ }
+
+ public void shutdown() {
+ // shutdown the connection pool
+ if (connectionPool != null) {
+ try {
+ connectionPool.dispose();
+ } catch (Exception e) {
+ logger.warn("Unable to dispose of connection pool: " + e.getMessage());
+ if (logger.isDebugEnabled()) {
+ logger.warn(StringUtils.EMPTY, e);
+ }
+ }
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java
deleted file mode 100644
index d45719d..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin;
-
-import java.io.File;
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.UUID;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.Authority;
-import org.h2.jdbcx.JdbcConnectionPool;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.util.NiFiProperties;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.FactoryBean;
-
-public class UserDataSourceFactoryBean implements FactoryBean {
-
- private static final Logger logger = LoggerFactory.getLogger(UserDataSourceFactoryBean.class);
- private static final String NF_USERNAME_PASSWORD = "nf";
- private static final int MAX_CONNECTIONS = 5;
-
- // database file name
- private static final String AUDIT_DATABASE_FILE_NAME = "nifi-users";
-
- private static final String CREATE_USER_TABLE = "CREATE TABLE USER ("
- + "ID VARCHAR2(100) NOT NULL PRIMARY KEY, "
- + "IDENTITY VARCHAR2(4096) NOT NULL UNIQUE, "
- + "USER_NAME VARCHAR2(4096) NOT NULL, "
- + "USER_GROUP VARCHAR2(100), "
- + "CREATION TIMESTAMP NOT NULL, "
- + "LAST_ACCESSED TIMESTAMP, "
- + "LAST_VERIFIED TIMESTAMP, "
- + "JUSTIFICATION VARCHAR2(500) NOT NULL, "
- + "STATUS VARCHAR2(10) NOT NULL"
- + ")";
-
- private static final String CREATE_AUTHORITY_TABLE = "CREATE TABLE AUTHORITY ("
- + "ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, "
- + "USER_ID VARCHAR2(100) NOT NULL, "
- + "ROLE VARCHAR2(50) NOT NULL, "
- + "FOREIGN KEY (USER_ID) REFERENCES USER (ID), "
- + "CONSTRAINT USER_ROLE_UNIQUE_CONSTRAINT UNIQUE (USER_ID, ROLE)"
- + ")";
-
- private static final String INSERT_ANONYMOUS_USER = "INSERT INTO USER ("
- + "ID, IDENTITY, USER_NAME, CREATION, LAST_VERIFIED, JUSTIFICATION, STATUS"
- + ") VALUES ("
- + "'" + UUID.randomUUID().toString() + "', "
- + "'" + NiFiUser.ANONYMOUS_USER_IDENTITY + "', "
- + "'" + NiFiUser.ANONYMOUS_USER_IDENTITY + "', "
- + "NOW(), "
- + "NOW(), "
- + "'Anonymous user needs no justification', "
- + "'ACTIVE'"
- + ")";
-
- private static final String INSERT_ANONYMOUS_AUTHORITY = "INSERT INTO AUTHORITY ("
- + "USER_ID, ROLE"
- + ") VALUES ("
- + "(SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_IDENTITY + "'), "
- + "'%s'"
- + ")";
-
- private static final String DELETE_ANONYMOUS_AUTHORITIES = "DELETE FROM AUTHORITY "
- + "WHERE USER_ID = (SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_IDENTITY + "')";
-
- private static final String RENAME_DN_COLUMN = "ALTER TABLE USER ALTER COLUMN DN RENAME TO IDENTITY";
- private static final String RESIZE_IDENTITY_COLUMN = "ALTER TABLE USER MODIFY IDENTITY VARCHAR(4096)";
- private static final String RESIZE_USER_NAME_COLUMN = "ALTER TABLE USER MODIFY USER_NAME VARCHAR(4096)";
-
- // ----------
- // keys table
- // ----------
- private static final String CREATE_KEY_TABLE = "CREATE TABLE KEY ("
- + "ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, "
- + "IDENTITY VARCHAR2(4096) NOT NULL UNIQUE, "
- + "KEY VARCHAR2(100) NOT NULL"
- + ")";
-
- private JdbcConnectionPool connectionPool;
-
- private NiFiProperties properties;
-
- @Override
- public Object getObject() throws Exception {
- if (connectionPool == null) {
-
- // locate the repository directory
- String repositoryDirectoryPath = properties.getProperty(NiFiProperties.REPOSITORY_DATABASE_DIRECTORY);
-
- // ensure the repository directory is specified
- if (repositoryDirectoryPath == null) {
- throw new NullPointerException("Database directory must be specified.");
- }
-
- // get the roles being granted to anonymous users
- final Set<String> rawAnonymousAuthorities = new HashSet<>(properties.getAnonymousAuthorities());
- final Set<Authority> anonymousAuthorities = Authority.convertRawAuthorities(rawAnonymousAuthorities);
-
- // ensure every authorities was recognized
- if (rawAnonymousAuthorities.size() != anonymousAuthorities.size()) {
- final Set<String> validAuthorities = Authority.convertAuthorities(anonymousAuthorities);
- rawAnonymousAuthorities.removeAll(validAuthorities);
- throw new IllegalStateException(String.format("Invalid authorities specified for anonymous access: [%s]. Valid values are: [%s].",
- StringUtils.join(rawAnonymousAuthorities, ", "), StringUtils.join(Authority.values(), ", ")));
- }
-
- // create a handle to the repository directory
- File repositoryDirectory = new File(repositoryDirectoryPath);
-
- // create a handle to the database directory and file
- File databaseFile = new File(repositoryDirectory, AUDIT_DATABASE_FILE_NAME);
- String databaseUrl = getDatabaseUrl(databaseFile);
-
- // create the pool
- connectionPool = JdbcConnectionPool.create(databaseUrl, NF_USERNAME_PASSWORD, NF_USERNAME_PASSWORD);
- connectionPool.setMaxConnections(MAX_CONNECTIONS);
-
- Connection connection = null;
- ResultSet rs = null;
- Statement statement = null;
- try {
- // get a connection
- connection = connectionPool.getConnection();
- connection.setAutoCommit(false);
-
- // create a statement for creating/updating the database
- statement = connection.createStatement();
-
- // determine if the tables need to be created
- rs = connection.getMetaData().getTables(null, null, "USER", null);
- if (!rs.next()) {
- logger.info("Database not built for repository: " + databaseUrl + ". Building now...");
-
- // create the tables
- statement.execute(CREATE_USER_TABLE);
- statement.execute(CREATE_AUTHORITY_TABLE);
-
- // seed the anonymous user
- statement.execute(INSERT_ANONYMOUS_USER);
- } else {
- logger.info("Existing database found and connected to at: " + databaseUrl);
- RepositoryUtils.closeQuietly(rs);
-
- // if the DN column exists, transform the table
- rs = connection.getMetaData().getColumns(null, null, "USER", "DN");
- if (rs.next()) {
- statement.execute(RENAME_DN_COLUMN);
- statement.execute(RESIZE_IDENTITY_COLUMN);
- statement.execute(RESIZE_USER_NAME_COLUMN);
- }
-
- // remove all authorities for the anonymous user
- statement.execute(DELETE_ANONYMOUS_AUTHORITIES);
- }
-
- // add all authorities for the anonymous user
- for (final Authority authority : anonymousAuthorities) {
- statement.execute(String.format(INSERT_ANONYMOUS_AUTHORITY, authority.name()));
- }
-
- RepositoryUtils.closeQuietly(rs);
-
- // determine if the key table need to be created
- rs = connection.getMetaData().getTables(null, null, "KEY", null);
- if (!rs.next()) {
- statement.execute(CREATE_KEY_TABLE);
- }
-
- // commit any changes
- connection.commit();
- } catch (SQLException sqle) {
- RepositoryUtils.rollback(connection, logger);
- throw sqle;
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- RepositoryUtils.closeQuietly(connection);
- }
- }
-
- return connectionPool;
- }
-
- private String getDatabaseUrl(File databaseFile) {
- String databaseUrl = "jdbc:h2:" + databaseFile + ";AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3";
- String databaseUrlAppend = properties.getProperty(NiFiProperties.H2_URL_APPEND);
- if (StringUtils.isNotBlank(databaseUrlAppend)) {
- databaseUrl += databaseUrlAppend;
- }
- return databaseUrl;
- }
-
- @Override
- public Class getObjectType() {
- return JdbcConnectionPool.class;
- }
-
- @Override
- public boolean isSingleton() {
- return true;
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
- public void shutdown() {
-
- // shutdown the connection pool
- if (connectionPool != null) {
- try {
- connectionPool.dispose();
- } catch (Exception e) {
- logger.warn("Unable to dispose of connection pool: " + e.getMessage());
- if (logger.isDebugEnabled()) {
- logger.warn(StringUtils.EMPTY, e);
- }
- }
- }
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java
deleted file mode 100644
index b80b78e..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.dao;
-
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-
-/**
- * Authority data access.
- */
-public interface AuthorityDAO {
-
- /**
- * Finds all Authority for the specified user.
- *
- * @param userId identifier of user
- * @return authorities
- */
- Set<Authority> findAuthoritiesByUserId(String userId) throws DataAccessException;
-
- /**
- * Creates new Authorities for the specified user in addition to authorities
- * they already have.
- *
- * @param authorities to add to the given user
- * @param userId identifier of user
- */
- void createAuthorities(Set<Authority> authorities, String userId) throws DataAccessException;
-
- /**
- * Removes all Authorities for the specified user.
- *
- * @param userId user identifier
- * @throws DataAccessException if unable to access authorities
- */
- void deleteAuthorities(String userId) throws DataAccessException;
-
- /**
- * Removes the specified Authority.
- *
- * @param authorities to remove
- * @param userId user id
- */
- void deleteAuthorities(Set<Authority> authorities, String userId) throws DataAccessException;
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
index eb7e3ce..3fcc6d8 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
@@ -21,11 +21,7 @@ package org.apache.nifi.admin.dao;
*/
public interface DAOFactory {
- UserDAO getUserDAO();
-
ActionDAO getActionDAO();
- AuthorityDAO getAuthorityDAO();
-
KeyDAO getKeyDAO();
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java
deleted file mode 100644
index 7e91c07..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.dao;
-
-import java.util.Date;
-import java.util.Set;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- * Defines the user data access object.
- */
-public interface UserDAO {
-
- /**
- * Determines whether there are any PENDING user accounts.
- *
- * @return true if pending
- * @throws DataAccessException dae
- */
- Boolean hasPendingUserAccounts() throws DataAccessException;
-
- /**
- * Returns all users.
- *
- * @return all users
- * @throws DataAccessException dae
- */
- Set<NiFiUser> findUsers() throws DataAccessException;
-
- /**
- * Returns all user groups.
- *
- * @return all group names
- * @throws DataAccessException dae
- */
- Set<String> findUserGroups() throws DataAccessException;
-
- /**
- * Returns all users for the specified group.
- *
- * @param group group
- * @return users in group
- * @throws DataAccessException dae
- */
- Set<NiFiUser> findUsersForGroup(String group) throws DataAccessException;
-
- /**
- * Returns the user with the specified id.
- *
- * @param id user id
- * @return user for the given id
- * @throws DataAccessException dae
- */
- NiFiUser findUserById(String id) throws DataAccessException;
-
- /**
- * Returns the user with the specified DN.
- *
- * @param dn user dn
- * @return user
- */
- NiFiUser findUserByDn(String dn) throws DataAccessException;
-
- /**
- * Creates a new user based off the specified NiFiUser.
- *
- * @param user to create
- * @return the created user with it's id
- */
- NiFiUser createUser(NiFiUser user) throws DataAccessException;
-
- /**
- * Updates the specified NiFiUser.
- *
- * @param user to update
- */
- void updateUser(NiFiUser user) throws DataAccessException;
-
- /**
- * Deletes the specified user.
- *
- * @param id user identifier
- * @throws DataAccessException dae
- */
- void deleteUser(String id) throws DataAccessException;
-
- /**
- * Sets the status of the specified group.
- *
- * @param group group
- * @param status status
- * @throws DataAccessException dae
- */
- void updateGroupStatus(String group, AccountStatus status) throws DataAccessException;
-
- /**
- * Sets the last verified time for all users in the specified group.
- *
- * @param group group
- * @param lastVerified date last verified
- * @throws DataAccessException dae
- */
- void updateGroupVerification(String group, Date lastVerified) throws DataAccessException;
-
- /**
- * Ungroups the specified group.
- *
- * @param group to ungroup
- * @throws DataAccessException dae
- */
- void ungroup(String group) throws DataAccessException;
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/c4d06f20/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
index 940e364..09ad103 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
@@ -18,10 +18,8 @@ package org.apache.nifi.admin.dao.impl;
import java.sql.Connection;
import org.apache.nifi.admin.dao.ActionDAO;
-import org.apache.nifi.admin.dao.AuthorityDAO;
import org.apache.nifi.admin.dao.DAOFactory;
import org.apache.nifi.admin.dao.KeyDAO;
-import org.apache.nifi.admin.dao.UserDAO;
/**
*
@@ -40,16 +38,6 @@ public class DAOFactoryImpl implements DAOFactory {
}
@Override
- public AuthorityDAO getAuthorityDAO() {
- return new StandardAuthorityDAO(connection);
- }
-
- @Override
- public UserDAO getUserDAO() {
- return new StandardUserDAO(connection);
- }
-
- @Override
public KeyDAO getKeyDAO() {
return new StandardKeyDAO(connection);
}