You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@nifi.apache.org by ma...@apache.org on 2016/04/15 22:04:13 UTC
[21/22] nifi git commit: NIFI-1551: - Removing the AuthorityProvider.
- Refactoring REST API in preparation for introduction of the Authorizer. -
Updating UI accordingly. - Removing unneeded properties from nifi.properties.
- Addressing comments from PR.
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml
index dca1d97..bd8272a 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework-nar/pom.xml
@@ -31,14 +31,6 @@
<groupId>org.apache.nifi</groupId>
<artifactId>nifi-jetty</artifactId>
</dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-cluster-authorization-provider</artifactId>
- </dependency>
- <dependency>
- <groupId>org.apache.nifi</groupId>
- <artifactId>nifi-file-authorization-provider</artifactId>
- </dependency>
<!-- mark these nifi artifacts as provided since it is included in the lib -->
<dependency>
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java
new file mode 100644
index 0000000..8347953
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/KeyDataSourceFactoryBean.java
@@ -0,0 +1,147 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.nifi.util.NiFiProperties;
+import org.h2.jdbcx.JdbcConnectionPool;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.FactoryBean;
+
+import java.io.File;
+import java.sql.Connection;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.sql.Statement;
+
+public class KeyDataSourceFactoryBean implements FactoryBean {
+
+ private static final Logger logger = LoggerFactory.getLogger(KeyDataSourceFactoryBean.class);
+ private static final String NF_USERNAME_PASSWORD = "nf";
+ private static final int MAX_CONNECTIONS = 5;
+
+ // database file name
+ private static final String USER_KEYS_DATABASE_FILE_NAME = "nifi-user-keys";
+
+ // ----------
+ // keys table
+ // ----------
+
+ private static final String CREATE_KEY_TABLE = "CREATE TABLE KEY ("
+ + "ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, "
+ + "IDENTITY VARCHAR2(4096) NOT NULL UNIQUE, "
+ + "KEY VARCHAR2(100) NOT NULL"
+ + ")";
+
+ private JdbcConnectionPool connectionPool;
+
+ private NiFiProperties properties;
+
+ @Override
+ public Object getObject() throws Exception {
+ if (connectionPool == null) {
+
+ // locate the repository directory
+ String repositoryDirectoryPath = properties.getProperty(NiFiProperties.REPOSITORY_DATABASE_DIRECTORY);
+
+ // ensure the repository directory is specified
+ if (repositoryDirectoryPath == null) {
+ throw new NullPointerException("Database directory must be specified.");
+ }
+
+ // create a handle to the repository directory
+ File repositoryDirectory = new File(repositoryDirectoryPath);
+
+ // create a handle to the database directory and file
+ File databaseFile = new File(repositoryDirectory, USER_KEYS_DATABASE_FILE_NAME);
+ String databaseUrl = getDatabaseUrl(databaseFile);
+
+ // create the pool
+ connectionPool = JdbcConnectionPool.create(databaseUrl, NF_USERNAME_PASSWORD, NF_USERNAME_PASSWORD);
+ connectionPool.setMaxConnections(MAX_CONNECTIONS);
+
+ Connection connection = null;
+ ResultSet rs = null;
+ Statement statement = null;
+ try {
+ // get a connection
+ connection = connectionPool.getConnection();
+ connection.setAutoCommit(false);
+
+ // create a statement for creating/updating the database
+ statement = connection.createStatement();
+
+ // determine if the key table need to be created
+ rs = connection.getMetaData().getTables(null, null, "KEY", null);
+ if (!rs.next()) {
+ statement.execute(CREATE_KEY_TABLE);
+ }
+
+ // commit any changes
+ connection.commit();
+ } catch (SQLException sqle) {
+ RepositoryUtils.rollback(connection, logger);
+ throw sqle;
+ } finally {
+ RepositoryUtils.closeQuietly(rs);
+ RepositoryUtils.closeQuietly(statement);
+ RepositoryUtils.closeQuietly(connection);
+ }
+ }
+
+ return connectionPool;
+ }
+
+ private String getDatabaseUrl(File databaseFile) {
+ String databaseUrl = "jdbc:h2:" + databaseFile + ";AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3";
+ String databaseUrlAppend = properties.getProperty(NiFiProperties.H2_URL_APPEND);
+ if (StringUtils.isNotBlank(databaseUrlAppend)) {
+ databaseUrl += databaseUrlAppend;
+ }
+ return databaseUrl;
+ }
+
+ @Override
+ public Class getObjectType() {
+ return JdbcConnectionPool.class;
+ }
+
+ @Override
+ public boolean isSingleton() {
+ return true;
+ }
+
+ public void setProperties(NiFiProperties properties) {
+ this.properties = properties;
+ }
+
+ public void shutdown() {
+ // shutdown the connection pool
+ if (connectionPool != null) {
+ try {
+ connectionPool.dispose();
+ } catch (Exception e) {
+ logger.warn("Unable to dispose of connection pool: " + e.getMessage());
+ if (logger.isDebugEnabled()) {
+ logger.warn(StringUtils.EMPTY, e);
+ }
+ }
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java
deleted file mode 100644
index d45719d..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/UserDataSourceFactoryBean.java
+++ /dev/null
@@ -1,244 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin;
-
-import java.io.File;
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.UUID;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.authorization.Authority;
-import org.h2.jdbcx.JdbcConnectionPool;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.util.NiFiProperties;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.FactoryBean;
-
-public class UserDataSourceFactoryBean implements FactoryBean {
-
- private static final Logger logger = LoggerFactory.getLogger(UserDataSourceFactoryBean.class);
- private static final String NF_USERNAME_PASSWORD = "nf";
- private static final int MAX_CONNECTIONS = 5;
-
- // database file name
- private static final String AUDIT_DATABASE_FILE_NAME = "nifi-users";
-
- private static final String CREATE_USER_TABLE = "CREATE TABLE USER ("
- + "ID VARCHAR2(100) NOT NULL PRIMARY KEY, "
- + "IDENTITY VARCHAR2(4096) NOT NULL UNIQUE, "
- + "USER_NAME VARCHAR2(4096) NOT NULL, "
- + "USER_GROUP VARCHAR2(100), "
- + "CREATION TIMESTAMP NOT NULL, "
- + "LAST_ACCESSED TIMESTAMP, "
- + "LAST_VERIFIED TIMESTAMP, "
- + "JUSTIFICATION VARCHAR2(500) NOT NULL, "
- + "STATUS VARCHAR2(10) NOT NULL"
- + ")";
-
- private static final String CREATE_AUTHORITY_TABLE = "CREATE TABLE AUTHORITY ("
- + "ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, "
- + "USER_ID VARCHAR2(100) NOT NULL, "
- + "ROLE VARCHAR2(50) NOT NULL, "
- + "FOREIGN KEY (USER_ID) REFERENCES USER (ID), "
- + "CONSTRAINT USER_ROLE_UNIQUE_CONSTRAINT UNIQUE (USER_ID, ROLE)"
- + ")";
-
- private static final String INSERT_ANONYMOUS_USER = "INSERT INTO USER ("
- + "ID, IDENTITY, USER_NAME, CREATION, LAST_VERIFIED, JUSTIFICATION, STATUS"
- + ") VALUES ("
- + "'" + UUID.randomUUID().toString() + "', "
- + "'" + NiFiUser.ANONYMOUS_USER_IDENTITY + "', "
- + "'" + NiFiUser.ANONYMOUS_USER_IDENTITY + "', "
- + "NOW(), "
- + "NOW(), "
- + "'Anonymous user needs no justification', "
- + "'ACTIVE'"
- + ")";
-
- private static final String INSERT_ANONYMOUS_AUTHORITY = "INSERT INTO AUTHORITY ("
- + "USER_ID, ROLE"
- + ") VALUES ("
- + "(SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_IDENTITY + "'), "
- + "'%s'"
- + ")";
-
- private static final String DELETE_ANONYMOUS_AUTHORITIES = "DELETE FROM AUTHORITY "
- + "WHERE USER_ID = (SELECT ID FROM USER WHERE IDENTITY = '" + NiFiUser.ANONYMOUS_USER_IDENTITY + "')";
-
- private static final String RENAME_DN_COLUMN = "ALTER TABLE USER ALTER COLUMN DN RENAME TO IDENTITY";
- private static final String RESIZE_IDENTITY_COLUMN = "ALTER TABLE USER MODIFY IDENTITY VARCHAR(4096)";
- private static final String RESIZE_USER_NAME_COLUMN = "ALTER TABLE USER MODIFY USER_NAME VARCHAR(4096)";
-
- // ----------
- // keys table
- // ----------
- private static final String CREATE_KEY_TABLE = "CREATE TABLE KEY ("
- + "ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, "
- + "IDENTITY VARCHAR2(4096) NOT NULL UNIQUE, "
- + "KEY VARCHAR2(100) NOT NULL"
- + ")";
-
- private JdbcConnectionPool connectionPool;
-
- private NiFiProperties properties;
-
- @Override
- public Object getObject() throws Exception {
- if (connectionPool == null) {
-
- // locate the repository directory
- String repositoryDirectoryPath = properties.getProperty(NiFiProperties.REPOSITORY_DATABASE_DIRECTORY);
-
- // ensure the repository directory is specified
- if (repositoryDirectoryPath == null) {
- throw new NullPointerException("Database directory must be specified.");
- }
-
- // get the roles being granted to anonymous users
- final Set<String> rawAnonymousAuthorities = new HashSet<>(properties.getAnonymousAuthorities());
- final Set<Authority> anonymousAuthorities = Authority.convertRawAuthorities(rawAnonymousAuthorities);
-
- // ensure every authorities was recognized
- if (rawAnonymousAuthorities.size() != anonymousAuthorities.size()) {
- final Set<String> validAuthorities = Authority.convertAuthorities(anonymousAuthorities);
- rawAnonymousAuthorities.removeAll(validAuthorities);
- throw new IllegalStateException(String.format("Invalid authorities specified for anonymous access: [%s]. Valid values are: [%s].",
- StringUtils.join(rawAnonymousAuthorities, ", "), StringUtils.join(Authority.values(), ", ")));
- }
-
- // create a handle to the repository directory
- File repositoryDirectory = new File(repositoryDirectoryPath);
-
- // create a handle to the database directory and file
- File databaseFile = new File(repositoryDirectory, AUDIT_DATABASE_FILE_NAME);
- String databaseUrl = getDatabaseUrl(databaseFile);
-
- // create the pool
- connectionPool = JdbcConnectionPool.create(databaseUrl, NF_USERNAME_PASSWORD, NF_USERNAME_PASSWORD);
- connectionPool.setMaxConnections(MAX_CONNECTIONS);
-
- Connection connection = null;
- ResultSet rs = null;
- Statement statement = null;
- try {
- // get a connection
- connection = connectionPool.getConnection();
- connection.setAutoCommit(false);
-
- // create a statement for creating/updating the database
- statement = connection.createStatement();
-
- // determine if the tables need to be created
- rs = connection.getMetaData().getTables(null, null, "USER", null);
- if (!rs.next()) {
- logger.info("Database not built for repository: " + databaseUrl + ". Building now...");
-
- // create the tables
- statement.execute(CREATE_USER_TABLE);
- statement.execute(CREATE_AUTHORITY_TABLE);
-
- // seed the anonymous user
- statement.execute(INSERT_ANONYMOUS_USER);
- } else {
- logger.info("Existing database found and connected to at: " + databaseUrl);
- RepositoryUtils.closeQuietly(rs);
-
- // if the DN column exists, transform the table
- rs = connection.getMetaData().getColumns(null, null, "USER", "DN");
- if (rs.next()) {
- statement.execute(RENAME_DN_COLUMN);
- statement.execute(RESIZE_IDENTITY_COLUMN);
- statement.execute(RESIZE_USER_NAME_COLUMN);
- }
-
- // remove all authorities for the anonymous user
- statement.execute(DELETE_ANONYMOUS_AUTHORITIES);
- }
-
- // add all authorities for the anonymous user
- for (final Authority authority : anonymousAuthorities) {
- statement.execute(String.format(INSERT_ANONYMOUS_AUTHORITY, authority.name()));
- }
-
- RepositoryUtils.closeQuietly(rs);
-
- // determine if the key table need to be created
- rs = connection.getMetaData().getTables(null, null, "KEY", null);
- if (!rs.next()) {
- statement.execute(CREATE_KEY_TABLE);
- }
-
- // commit any changes
- connection.commit();
- } catch (SQLException sqle) {
- RepositoryUtils.rollback(connection, logger);
- throw sqle;
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- RepositoryUtils.closeQuietly(connection);
- }
- }
-
- return connectionPool;
- }
-
- private String getDatabaseUrl(File databaseFile) {
- String databaseUrl = "jdbc:h2:" + databaseFile + ";AUTOCOMMIT=OFF;DB_CLOSE_ON_EXIT=FALSE;LOCK_MODE=3";
- String databaseUrlAppend = properties.getProperty(NiFiProperties.H2_URL_APPEND);
- if (StringUtils.isNotBlank(databaseUrlAppend)) {
- databaseUrl += databaseUrlAppend;
- }
- return databaseUrl;
- }
-
- @Override
- public Class getObjectType() {
- return JdbcConnectionPool.class;
- }
-
- @Override
- public boolean isSingleton() {
- return true;
- }
-
- public void setProperties(NiFiProperties properties) {
- this.properties = properties;
- }
-
- public void shutdown() {
-
- // shutdown the connection pool
- if (connectionPool != null) {
- try {
- connectionPool.dispose();
- } catch (Exception e) {
- logger.warn("Unable to dispose of connection pool: " + e.getMessage());
- if (logger.isDebugEnabled()) {
- logger.warn(StringUtils.EMPTY, e);
- }
- }
- }
-
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java
deleted file mode 100644
index b80b78e..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/AuthorityDAO.java
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.dao;
-
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-
-/**
- * Authority data access.
- */
-public interface AuthorityDAO {
-
- /**
- * Finds all Authority for the specified user.
- *
- * @param userId identifier of user
- * @return authorities
- */
- Set<Authority> findAuthoritiesByUserId(String userId) throws DataAccessException;
-
- /**
- * Creates new Authorities for the specified user in addition to authorities
- * they already have.
- *
- * @param authorities to add to the given user
- * @param userId identifier of user
- */
- void createAuthorities(Set<Authority> authorities, String userId) throws DataAccessException;
-
- /**
- * Removes all Authorities for the specified user.
- *
- * @param userId user identifier
- * @throws DataAccessException if unable to access authorities
- */
- void deleteAuthorities(String userId) throws DataAccessException;
-
- /**
- * Removes the specified Authority.
- *
- * @param authorities to remove
- * @param userId user id
- */
- void deleteAuthorities(Set<Authority> authorities, String userId) throws DataAccessException;
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
index eb7e3ce..3fcc6d8 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/DAOFactory.java
@@ -21,11 +21,7 @@ package org.apache.nifi.admin.dao;
*/
public interface DAOFactory {
- UserDAO getUserDAO();
-
ActionDAO getActionDAO();
- AuthorityDAO getAuthorityDAO();
-
KeyDAO getKeyDAO();
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java
deleted file mode 100644
index 7e91c07..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/UserDAO.java
+++ /dev/null
@@ -1,128 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.dao;
-
-import java.util.Date;
-import java.util.Set;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- * Defines the user data access object.
- */
-public interface UserDAO {
-
- /**
- * Determines whether there are any PENDING user accounts.
- *
- * @return true if pending
- * @throws DataAccessException dae
- */
- Boolean hasPendingUserAccounts() throws DataAccessException;
-
- /**
- * Returns all users.
- *
- * @return all users
- * @throws DataAccessException dae
- */
- Set<NiFiUser> findUsers() throws DataAccessException;
-
- /**
- * Returns all user groups.
- *
- * @return all group names
- * @throws DataAccessException dae
- */
- Set<String> findUserGroups() throws DataAccessException;
-
- /**
- * Returns all users for the specified group.
- *
- * @param group group
- * @return users in group
- * @throws DataAccessException dae
- */
- Set<NiFiUser> findUsersForGroup(String group) throws DataAccessException;
-
- /**
- * Returns the user with the specified id.
- *
- * @param id user id
- * @return user for the given id
- * @throws DataAccessException dae
- */
- NiFiUser findUserById(String id) throws DataAccessException;
-
- /**
- * Returns the user with the specified DN.
- *
- * @param dn user dn
- * @return user
- */
- NiFiUser findUserByDn(String dn) throws DataAccessException;
-
- /**
- * Creates a new user based off the specified NiFiUser.
- *
- * @param user to create
- * @return the created user with it's id
- */
- NiFiUser createUser(NiFiUser user) throws DataAccessException;
-
- /**
- * Updates the specified NiFiUser.
- *
- * @param user to update
- */
- void updateUser(NiFiUser user) throws DataAccessException;
-
- /**
- * Deletes the specified user.
- *
- * @param id user identifier
- * @throws DataAccessException dae
- */
- void deleteUser(String id) throws DataAccessException;
-
- /**
- * Sets the status of the specified group.
- *
- * @param group group
- * @param status status
- * @throws DataAccessException dae
- */
- void updateGroupStatus(String group, AccountStatus status) throws DataAccessException;
-
- /**
- * Sets the last verified time for all users in the specified group.
- *
- * @param group group
- * @param lastVerified date last verified
- * @throws DataAccessException dae
- */
- void updateGroupVerification(String group, Date lastVerified) throws DataAccessException;
-
- /**
- * Ungroups the specified group.
- *
- * @param group to ungroup
- * @throws DataAccessException dae
- */
- void ungroup(String group) throws DataAccessException;
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
index 940e364..09ad103 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/DAOFactoryImpl.java
@@ -18,10 +18,8 @@ package org.apache.nifi.admin.dao.impl;
import java.sql.Connection;
import org.apache.nifi.admin.dao.ActionDAO;
-import org.apache.nifi.admin.dao.AuthorityDAO;
import org.apache.nifi.admin.dao.DAOFactory;
import org.apache.nifi.admin.dao.KeyDAO;
-import org.apache.nifi.admin.dao.UserDAO;
/**
*
@@ -40,16 +38,6 @@ public class DAOFactoryImpl implements DAOFactory {
}
@Override
- public AuthorityDAO getAuthorityDAO() {
- return new StandardAuthorityDAO(connection);
- }
-
- @Override
- public UserDAO getUserDAO() {
- return new StandardUserDAO(connection);
- }
-
- @Override
public KeyDAO getKeyDAO() {
return new StandardKeyDAO(connection);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java
deleted file mode 100644
index 4e2cc26..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardAuthorityDAO.java
+++ /dev/null
@@ -1,172 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.dao.impl;
-
-import java.sql.Connection;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.util.EnumSet;
-import java.util.Set;
-import org.apache.nifi.admin.RepositoryUtils;
-import org.apache.nifi.admin.dao.AuthorityDAO;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.authorization.Authority;
-
-/**
- *
- */
-public class StandardAuthorityDAO implements AuthorityDAO {
-
- private static final String SELECT_AUTHORITIES_FOR_USER = "SELECT ID, ROLE "
- + "FROM AUTHORITY "
- + "WHERE USER_ID = ?";
-
- private static final String INSERT_AUTHORITY = "INSERT INTO AUTHORITY ("
- + "USER_ID, ROLE"
- + ") VALUES ("
- + "?, ?"
- + ")";
-
- private static final String DELETE_AUTHORITY = "DELETE FROM AUTHORITY "
- + "WHERE USER_ID = ? AND ROLE = ?";
-
- private static final String DELETE_AUTHORITIES_FOR_USER = "DELETE FROM AUTHORITY "
- + "WHERE USER_ID = ?";
-
- private final Connection connection;
-
- public StandardAuthorityDAO(Connection connection) {
- this.connection = connection;
- }
-
- @Override
- public void createAuthorities(Set<Authority> authorities, String userId) throws DataAccessException {
- if (authorities == null) {
- throw new IllegalArgumentException("Specified authorities cannot be null.");
- }
-
- // ensure there are some authorities to create
- if (!authorities.isEmpty()) {
- PreparedStatement statement = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(INSERT_AUTHORITY);
- statement.setString(1, userId);
- for (Authority authority : authorities) {
- statement.setString(2, authority.toString());
- statement.addBatch();
- }
-
- // insert the authorities
- int[] updateCounts = statement.executeBatch();
- for (int updateCount : updateCounts) {
- if (updateCount != 1) {
- throw new DataAccessException("Unable to insert user authorities.");
- }
- }
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
- }
-
- @Override
- public void deleteAuthorities(String userId) throws DataAccessException {
- // ensure there are some authorities to create
- PreparedStatement statement = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(DELETE_AUTHORITIES_FOR_USER);
- statement.setString(1, userId);
-
- // insert the authorities
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void deleteAuthorities(Set<Authority> authorities, String userId) throws DataAccessException {
- if (authorities == null) {
- throw new IllegalArgumentException("Specified authorities cannot be null.");
- }
-
- // ensure there are some authorities to create
- if (!authorities.isEmpty()) {
- PreparedStatement statement = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(DELETE_AUTHORITY);
- statement.setString(1, userId);
- for (Authority authority : authorities) {
- statement.setString(2, authority.toString());
- statement.addBatch();
- }
-
- // insert the authorities
- int[] updateCounts = statement.executeBatch();
- for (int updateCount : updateCounts) {
- if (updateCount != 1) {
- throw new DataAccessException("Unable to remove user authorities.");
- }
- }
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
- }
-
- @Override
- public Set<Authority> findAuthoritiesByUserId(String userId) throws DataAccessException {
- Set<Authority> authorities = EnumSet.noneOf(Authority.class);
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(SELECT_AUTHORITIES_FOR_USER);
- statement.setString(1, userId);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create each corresponding authority
- while (rs.next()) {
- authorities.add(Authority.valueOfAuthority(rs.getString("ROLE")));
- }
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
-
- return authorities;
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java
deleted file mode 100644
index 20356e3..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardUserDAO.java
+++ /dev/null
@@ -1,641 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.dao.impl;
-
-import java.nio.charset.StandardCharsets;
-import java.sql.Connection;
-import org.apache.nifi.admin.dao.UserDAO;
-import java.sql.PreparedStatement;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
-import java.sql.Types;
-import java.util.Date;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.UUID;
-import org.apache.nifi.admin.RepositoryUtils;
-import org.apache.commons.lang3.StringUtils;
-import org.apache.nifi.admin.dao.DataAccessException;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- * Responsible for loading and persisting NiFiUsers.
- */
-public class StandardUserDAO implements UserDAO {
-
- private static final String SELECT_PENDING_ACCOUNTS_COUNT = "SELECT "
- + "COUNT(*) as PENDING_ACCOUNTS "
- + "FROM USER U "
- + "WHERE U.STATUS = 'PENDING'";
-
- private static final String SELECT_USER_BY_USER = "SELECT "
- + "U.ID, "
- + "U.IDENTITY, "
- + "U.USER_NAME, "
- + "U.USER_GROUP, "
- + "U.CREATION, "
- + "U.LAST_ACCESSED, "
- + "U.LAST_VERIFIED, "
- + "U.JUSTIFICATION, "
- + "U.STATUS, "
- + "A.ROLE "
- + "FROM USER U "
- + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
- + "ON U.ID = A.USER_ID "
- + "WHERE U.IDENTITY = ?";
-
- private static final String SELECT_USER_BY_ID = "SELECT "
- + "U.ID, "
- + "U.IDENTITY, "
- + "U.USER_NAME, "
- + "U.USER_GROUP, "
- + "U.CREATION, "
- + "U.LAST_ACCESSED, "
- + "U.LAST_VERIFIED, "
- + "U.JUSTIFICATION, "
- + "U.STATUS, "
- + "A.ROLE "
- + "FROM USER U "
- + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
- + "ON U.ID = A.USER_ID "
- + "WHERE U.ID = ?";
-
- private static final String SELECT_USERS = "SELECT "
- + "U.ID, "
- + "U.IDENTITY, "
- + "U.USER_NAME, "
- + "U.USER_GROUP, "
- + "U.CREATION, "
- + "U.LAST_ACCESSED, "
- + "U.LAST_VERIFIED, "
- + "U.JUSTIFICATION, "
- + "U.STATUS, "
- + "A.ROLE "
- + "FROM USER U "
- + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
- + "ON U.ID = A.USER_ID "
- + "WHERE U.IDENTITY <> ?";
-
- private static final String SELECT_USER_GROUPS = "SELECT DISTINCT "
- + "U.USER_GROUP "
- + "FROM USER U";
-
- private static final String SELECT_USER_GROUP = "SELECT "
- + "U.ID, "
- + "U.IDENTITY, "
- + "U.USER_NAME, "
- + "U.USER_GROUP, "
- + "U.CREATION, "
- + "U.LAST_ACCESSED, "
- + "U.LAST_VERIFIED, "
- + "U.JUSTIFICATION, "
- + "U.STATUS, "
- + "A.ROLE "
- + "FROM USER U "
- + "LEFT JOIN AUTHORITY A " // ensures that users without authorities are still matched
- + "ON U.ID = A.USER_ID "
- + "WHERE U.IDENTITY <> ? AND U.USER_GROUP = ?";
-
- private static final String INSERT_USER = "INSERT INTO USER ("
- + "ID, IDENTITY, USER_NAME, USER_GROUP, CREATION, LAST_VERIFIED, JUSTIFICATION, STATUS"
- + ") VALUES ("
- + "?, "
- + "?, "
- + "?, "
- + "?, "
- + "NOW(), "
- + "?, "
- + "?, "
- + "?"
- + ")";
-
- private static final String UPDATE_USER = "UPDATE USER SET "
- + "IDENTITY = ?, "
- + "USER_NAME = ?, "
- + "USER_GROUP = ?, "
- + "LAST_ACCESSED = ?, "
- + "LAST_VERIFIED = ?, "
- + "JUSTIFICATION = ?, "
- + "STATUS = ? "
- + "WHERE ID = ?";
-
- private static final String UPDATE_USER_GROUP_STATUS = "UPDATE USER SET "
- + "STATUS = ?,"
- + "USER_GROUP = NULL "
- + "WHERE USER_GROUP = ?";
-
- private static final String UPDATE_USER_GROUP_VERIFICATION = "UPDATE USER SET "
- + "LAST_VERIFIED = ? "
- + "WHERE USER_GROUP = ?";
-
- private static final String UNGROUP_GROUP = "UPDATE USER SET "
- + "USER_GROUP = NULL "
- + "WHERE USER_GROUP = ?";
-
- private static final String DELETE_USER = "DELETE FROM USER "
- + "WHERE ID = ?";
-
- private final Connection connection;
-
- public StandardUserDAO(Connection connection) {
- this.connection = connection;
- }
-
- @Override
- public Boolean hasPendingUserAccounts() throws DataAccessException {
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_PENDING_ACCOUNTS_COUNT);
-
- // execute the query
- rs = statement.executeQuery();
-
- // get the first row which will contain the number of pending accounts
- if (rs.next()) {
- int pendingAccounts = rs.getInt("PENDING_ACCOUNTS");
- return pendingAccounts > 0;
- }
-
- // query returned no results?
- return false;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public Set<NiFiUser> findUsers() throws DataAccessException {
- Set<NiFiUser> users = new HashSet<>();
-
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USERS);
- statement.setString(1, NiFiUser.ANONYMOUS_USER_IDENTITY);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create the user
- NiFiUser user = null;
-
- // go through the user and its roles
- while (rs.next()) {
- // get the user id for the current record
- String userId = rs.getString("ID");
-
- // create the user during the first iteration
- if (user == null || !userId.equals(user.getId())) {
- user = new NiFiUser();
- user.setId(userId);
- user.setIdentity(rs.getString("IDENTITY"));
- user.setUserName(rs.getString("USER_NAME"));
- user.setUserGroup(rs.getString("USER_GROUP"));
- user.setJustification(rs.getString("JUSTIFICATION"));
- user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
-
- // set the creation date
- user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
-
- // get the last accessed date
- if (rs.getTimestamp("LAST_ACCESSED") != null) {
- user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
- }
-
- // get the last verified date
- if (rs.getTimestamp("LAST_VERIFIED") != null) {
- user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
- }
-
- // add the user
- users.add(user);
- }
-
- // the select statement performs a left join since the desired
- // user may not have any authorities
- String authority = rs.getString("ROLE");
- if (StringUtils.isNotBlank(authority)) {
- user.getAuthorities().add(Authority.valueOfAuthority(authority));
- }
- }
-
- return users;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public Set<String> findUserGroups() throws DataAccessException {
- Set<String> userGroups = new HashSet<>();
-
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USER_GROUPS);
-
- // execute the query
- rs = statement.executeQuery();
-
- // get each user group
- while (rs.next()) {
- userGroups.add(rs.getString("USER_GROUP"));
- }
-
- return userGroups;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public Set<NiFiUser> findUsersForGroup(String group) throws DataAccessException {
- Set<NiFiUser> users = new HashSet<>();
-
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USER_GROUP);
- statement.setString(1, NiFiUser.ANONYMOUS_USER_IDENTITY);
- statement.setString(2, group);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create the user
- NiFiUser user = null;
-
- // go through the user and its roles
- while (rs.next()) {
- // get the user id for the current record
- String userId = rs.getString("ID");
-
- // create the user during the first iteration
- if (user == null || !userId.equals(user.getId())) {
- user = new NiFiUser();
- user.setId(userId);
- user.setIdentity(rs.getString("IDENTITY"));
- user.setUserName(rs.getString("USER_NAME"));
- user.setUserGroup(rs.getString("USER_GROUP"));
- user.setJustification(rs.getString("JUSTIFICATION"));
- user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
-
- // set the creation date
- user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
-
- // get the last accessed date
- if (rs.getTimestamp("LAST_ACCESSED") != null) {
- user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
- }
-
- // get the last verified date
- if (rs.getTimestamp("LAST_VERIFIED") != null) {
- user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
- }
-
- // add the user
- users.add(user);
- }
-
- // the select statement performs a left join since the desired
- // user may not have any authorities
- String authority = rs.getString("ROLE");
- if (StringUtils.isNotBlank(authority)) {
- user.getAuthorities().add(Authority.valueOfAuthority(authority));
- }
- }
-
- return users;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public NiFiUser findUserById(String id) throws DataAccessException {
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USER_BY_ID);
- statement.setString(1, id);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create the user
- NiFiUser user = null;
-
- // go through the user and its roles
- while (rs.next()) {
- // create the user during the first iteration
- if (user == null) {
- user = new NiFiUser();
- user.setId(rs.getString("ID"));
- user.setIdentity(rs.getString("IDENTITY"));
- user.setUserName(rs.getString("USER_NAME"));
- user.setUserGroup(rs.getString("USER_GROUP"));
- user.setJustification(rs.getString("JUSTIFICATION"));
- user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
-
- // set the creation date
- user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
-
- // get the last accessed date
- if (rs.getTimestamp("LAST_ACCESSED") != null) {
- user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
- }
-
- // get the last verified date
- if (rs.getTimestamp("LAST_VERIFIED") != null) {
- user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
- }
- }
-
- // the select statement performs a left join since the desired
- // user may not have any authorities
- String authority = rs.getString("ROLE");
- if (StringUtils.isNotBlank(authority)) {
- user.getAuthorities().add(Authority.valueOfAuthority(authority));
- }
- }
-
- return user;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public NiFiUser findUserByDn(String dn) throws DataAccessException {
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- // create the connection and obtain a statement
- statement = connection.prepareStatement(SELECT_USER_BY_USER);
- statement.setString(1, dn);
-
- // execute the query
- rs = statement.executeQuery();
-
- // create the user
- NiFiUser user = null;
-
- // go through the user and its roles
- while (rs.next()) {
- // create the user during the first iteration
- if (user == null) {
- user = new NiFiUser();
- user.setId(rs.getString("ID"));
- user.setIdentity(rs.getString("IDENTITY"));
- user.setUserName(rs.getString("USER_NAME"));
- user.setUserGroup(rs.getString("USER_GROUP"));
- user.setJustification(rs.getString("JUSTIFICATION"));
- user.setStatus(AccountStatus.valueOfStatus(rs.getString("STATUS")));
-
- // set the creation date
- user.setCreation(new Date(rs.getTimestamp("CREATION").getTime()));
-
- // get the last accessed date
- if (rs.getTimestamp("LAST_ACCESSED") != null) {
- user.setLastAccessed(new Date(rs.getTimestamp("LAST_ACCESSED").getTime()));
- }
-
- // get the last verified date
- if (rs.getTimestamp("LAST_VERIFIED") != null) {
- user.setLastVerified(new Date(rs.getTimestamp("LAST_VERIFIED").getTime()));
- }
- }
-
- // the select statement performs a left join since the desired
- // user may not have any authorities
- String authority = rs.getString("ROLE");
- if (StringUtils.isNotBlank(authority)) {
- user.getAuthorities().add(Authority.valueOfAuthority(authority));
- }
- }
-
- return user;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public NiFiUser createUser(NiFiUser user) throws DataAccessException {
- if (user.getIdentity() == null) {
- throw new IllegalArgumentException("User identity must be specified.");
- }
-
- // ensure the user identity is not too lengthy
- if (user.getIdentity().length() > 4096) {
- throw new IllegalArgumentException("User identity must be less than 4096 characters.");
- }
-
- PreparedStatement statement = null;
- ResultSet rs = null;
- try {
- final String id = UUID.nameUUIDFromBytes(user.getIdentity().getBytes(StandardCharsets.UTF_8)).toString();
-
- // create a statement
- statement = connection.prepareStatement(INSERT_USER, Statement.RETURN_GENERATED_KEYS);
- statement.setString(1, id);
- statement.setString(2, StringUtils.left(user.getIdentity(), 4096));
- statement.setString(3, StringUtils.left(user.getUserName(), 4096));
- statement.setString(4, StringUtils.left(user.getUserGroup(), 100));
- if (user.getLastVerified() != null) {
- statement.setTimestamp(5, new java.sql.Timestamp(user.getLastVerified().getTime()));
- } else {
- statement.setTimestamp(5, null);
- }
- statement.setString(6, StringUtils.left(user.getJustification(), 500));
- statement.setString(7, user.getStatus().toString());
-
- // insert the user
- int updateCount = statement.executeUpdate();
- if (updateCount == 1) {
- user.setId(id);
- } else {
- throw new DataAccessException("Unable to insert user.");
- }
-
- return user;
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(rs);
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void deleteUser(String id) throws DataAccessException {
- // ensure there are some authorities to create
- PreparedStatement statement = null;
- try {
- // add each authority for the specified user
- statement = connection.prepareStatement(DELETE_USER);
- statement.setString(1, id);
-
- // insert the authorities
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void updateUser(NiFiUser user) throws DataAccessException {
- PreparedStatement statement = null;
- try {
- // create a statement
- statement = connection.prepareStatement(UPDATE_USER);
- statement.setString(1, StringUtils.left(user.getIdentity(), 4096));
- statement.setString(2, StringUtils.left(user.getUserName(), 4096));
- statement.setString(3, StringUtils.left(user.getUserGroup(), 100));
- statement.setString(6, StringUtils.left(user.getJustification(), 500));
- statement.setString(7, user.getStatus().toString());
- statement.setString(8, user.getId());
-
- // set the last accessed time accordingly
- if (user.getLastAccessed() == null) {
- statement.setNull(4, Types.TIMESTAMP);
- } else {
- statement.setTimestamp(4, new java.sql.Timestamp(user.getLastAccessed().getTime()));
- }
-
- // set the last verified time accordingly
- if (user.getLastVerified() == null) {
- statement.setNull(5, Types.TIMESTAMP);
- } else {
- statement.setTimestamp(5, new java.sql.Timestamp(user.getLastVerified().getTime()));
- }
-
- // perform the update
- int updateCount = statement.executeUpdate();
- if (updateCount != 1) {
- throw new DataAccessException("Unable to update user.");
- }
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void updateGroupStatus(String group, AccountStatus status) throws DataAccessException {
- PreparedStatement statement = null;
- try {
- // create a statement
- statement = connection.prepareStatement(UPDATE_USER_GROUP_STATUS);
- statement.setString(1, status.toString());
- statement.setString(2, group);
-
- // perform the update
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void updateGroupVerification(String group, Date lastVerified) throws DataAccessException {
- PreparedStatement statement = null;
- try {
- // create a statement
- statement = connection.prepareStatement(UPDATE_USER_GROUP_VERIFICATION);
-
- // set the last verified time accordingly
- if (lastVerified == null) {
- statement.setNull(1, Types.TIMESTAMP);
- } else {
- statement.setTimestamp(1, new java.sql.Timestamp(lastVerified.getTime()));
- }
-
- // set the group
- statement.setString(2, group);
-
- // perform the update
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
- @Override
- public void ungroup(String group) throws DataAccessException {
- PreparedStatement statement = null;
- try {
- // create a statement
- statement = connection.prepareStatement(UNGROUP_GROUP);
- statement.setString(1, group);
-
- // perform the update
- statement.executeUpdate();
- } catch (SQLException sqle) {
- throw new DataAccessException(sqle);
- } catch (DataAccessException dae) {
- throw dae;
- } finally {
- RepositoryUtils.closeQuietly(statement);
- }
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java
deleted file mode 100644
index e8b3d10..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountDisabledException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service;
-
-/**
- * Exception to indicate that the user account is disabled.
- */
-public class AccountDisabledException extends RuntimeException {
-
- public AccountDisabledException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
- super(message, cause, enableSuppression, writableStackTrace);
- }
-
- public AccountDisabledException(Throwable cause) {
- super(cause);
- }
-
- public AccountDisabledException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public AccountDisabledException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountNotFoundException.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountNotFoundException.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountNotFoundException.java
deleted file mode 100644
index 88287ce..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountNotFoundException.java
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service;
-
-/**
- * Exception to indicate that the user account is disabled.
- */
-public class AccountNotFoundException extends RuntimeException {
-
- public AccountNotFoundException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
- super(message, cause, enableSuppression, writableStackTrace);
- }
-
- public AccountNotFoundException(Throwable cause) {
- super(cause);
- }
-
- public AccountNotFoundException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public AccountNotFoundException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java
deleted file mode 100644
index dacc483..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/AccountPendingException.java
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service;
-
-/**
- * Exception to indicate that the user has already submitting an account request
- * and that request is still pending.
- */
-public class AccountPendingException extends RuntimeException {
-
- public AccountPendingException(String message, Throwable cause, boolean enableSuppression, boolean writableStackTrace) {
- super(message, cause, enableSuppression, writableStackTrace);
- }
-
- public AccountPendingException(Throwable cause) {
- super(cause);
- }
-
- public AccountPendingException(String message, Throwable cause) {
- super(message, cause);
- }
-
- public AccountPendingException(String message) {
- super(message);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/KeyService.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/KeyService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/KeyService.java
new file mode 100644
index 0000000..4543475
--- /dev/null
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/KeyService.java
@@ -0,0 +1,49 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.nifi.admin.service;
+
+import org.apache.nifi.key.Key;
+
+/**
+ * Manages NiFi user keys.
+ */
+public interface KeyService {
+
+ /**
+ * Gets a key for the specified user identity. Returns null if the user has not had a key issued
+ *
+ * @param id The key id
+ * @return The key or null
+ */
+ Key getKey(int id);
+
+ /**
+ * Gets a key for the specified user identity. If a key does not exist, one will be created.
+ *
+ * @param identity The user identity
+ * @return The key
+ * @throws AdministrationException if it failed to get/create the key
+ */
+ Key getOrCreateKey(String identity);
+
+ /**
+ * Deletes keys for the specified identity.
+ *
+ * @param identity The user identity
+ */
+ void deleteKey(String identity);
+}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java
deleted file mode 100644
index 4ea71af..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/UserService.java
+++ /dev/null
@@ -1,180 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service;
-
-import java.util.Collection;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.DownloadAuthorization;
-import org.apache.nifi.key.Key;
-import org.apache.nifi.user.NiFiUser;
-import org.apache.nifi.user.NiFiUserGroup;
-
-/**
- * Manages NiFi user accounts.
- */
-public interface UserService {
-
- /**
- * Creates a new user account using the specified dn and justification.
- *
- * @param dn user dn
- * @param justification why the account is necessary
- * @return the created NiFiUser
- */
- NiFiUser createPendingUserAccount(String dn, String justification);
-
- /**
- * @return Determines if there are any PENDING user accounts present
- */
- Boolean hasPendingUserAccount();
-
- /**
- * @param dnChain user dn chain
- * @param attributes attributes for authorization request
- * @return Determines if the users in the dnChain are authorized to download content with the specified attributes
- */
- DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes);
-
- /**
- * Updates a user group using the specified group comprised of the specified users. Returns all the users that are currently in the specified group.
- *
- * @param group group
- * @param userIds users
- * @param authorities auths
- * @return a user group
- */
- NiFiUserGroup updateGroup(String group, Set<String> userIds, Set<Authority> authorities);
-
- /**
- * Authorizes the user specified.
- *
- * @param dn user dn
- * @return the user for the given dn if found
- */
- NiFiUser checkAuthorization(String dn);
-
- /**
- * Deletes the user with the specified id.
- *
- * @param id user identifier
- */
- void deleteUser(String id);
-
- /**
- * Disables the specified users account.
- *
- * @param id user identifier
- * @return user for the given identifier
- */
- NiFiUser disable(String id);
-
- /**
- * Disables the specified user group.
- *
- * @param group to disable
- * @return user group
- */
- NiFiUserGroup disableGroup(String group);
-
- /**
- * Updates the specified user with the specified authorities.
- *
- * @param id identifier of user
- * @param authorities auths to set
- * @return the updated user
- */
- NiFiUser update(String id, Set<Authority> authorities);
-
- /**
- * Invalidates the specified user account.
- *
- * @param id identifier of user account to invalidate
- */
- void invalidateUserAccount(String id);
-
- /**
- * Invalidates the user accounts associated with the specified user group.
- *
- * @param group to invalidate user accounts on
- */
- void invalidateUserGroupAccount(String group);
-
- /**
- * Ungroups the specified group.
- *
- * @param group to split up
- */
- void ungroup(String group);
-
- /**
- * Ungroups the specified user.
- *
- * @param id user to ungroup
- */
- void ungroupUser(String id);
-
- /**
- * Returns a collection of all NiFiUsers.
- *
- * @return Collection of users
- */
- Collection<NiFiUser> getUsers();
-
- /**
- * Finds the specified user by id.
- *
- * @param id of the user
- * @return the user object
- */
- NiFiUser getUserById(String id);
-
- /**
- * Finds the specified user by dn.
- *
- * @param dn the user dn
- * @return the newly created user
- * @throws AdministrationException ae
- */
- NiFiUser getUserByDn(String dn);
-
- /**
- * Gets a key for the specified user identity. Returns null if the user has not had a key issued
- *
- * @param id The key id
- * @return The key or null
- */
- Key getKey(int id);
-
- /**
- * Gets a key for the specified user identity. If a key does not exist, one will be created.
- *
- * @param identity The user identity
- * @return The key
- * @throws AdministrationException if it failed to get/create the key
- */
- Key getOrCreateKey(String identity);
-
- /**
- * Deletes keys for the specified identity.
- *
- * @param identity The user identity
- */
- void deleteKey(String identity);
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java
deleted file mode 100644
index 69c6c1f..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AbstractUserAction.java
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.Date;
-import java.util.EnumSet;
-import java.util.Set;
-import org.apache.nifi.authorization.Authority;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.user.AccountStatus;
-import org.apache.nifi.user.NiFiUser;
-
-/**
- *
- * @param <T> type of user action
- */
-public abstract class AbstractUserAction<T> implements AdministrationAction<T> {
-
- /**
- * Determines the authorities that need to be added to the specified user.
- *
- * @param user user
- * @param authorities auths
- * @return authorities to add
- */
- protected Set<Authority> determineAuthoritiesToAdd(NiFiUser user, Set<Authority> authorities) {
- // not using copyOf since authorities may be empty and copyOf can throw an IllegalArgumentException when empty
- Set<Authority> authoritiesToAdd = EnumSet.noneOf(Authority.class);
- authoritiesToAdd.addAll(authorities);
-
- // identify the authorities that need to be inserted
- authoritiesToAdd.removeAll(user.getAuthorities());
-
- // return the desired authorities
- return authoritiesToAdd;
- }
-
- /**
- * Determines the authorities that need to be removed from the specified
- * user.
- *
- * @param user user
- * @param authorities auths
- * @return auths to remove
- */
- protected Set<Authority> determineAuthoritiesToRemove(NiFiUser user, Set<Authority> authorities) {
- Set<Authority> authoritiesToRemove = EnumSet.copyOf(user.getAuthorities());
-
- // identify the authorities that need to be removed
- authoritiesToRemove.removeAll(authorities);
-
- // return the desired authorities
- return authoritiesToRemove;
- }
-
- /**
- * Verifies the specified users account. Includes obtaining the authorities
- * and group according to the specified authority provider.
- *
- * @param authorityProvider provider
- * @param user user to verify
- */
- protected void verifyAccount(AuthorityProvider authorityProvider, NiFiUser user) {
- // load the roles for the user
- Set<Authority> authorities = authorityProvider.getAuthorities(user.getIdentity());
-
- // update the user's authorities
- user.getAuthorities().clear();
- user.getAuthorities().addAll(authorities);
-
- // get the user group
- user.setUserGroup(authorityProvider.getGroupForUser(user.getIdentity()));
-
- // update the users status in case they were previously pending or disabled
- user.setStatus(AccountStatus.ACTIVE);
-
- // update the users last verified time - this timestampt shouldn't be record
- // until the both the user's authorities and group have been synced
- Date now = new Date();
- user.setLastVerified(now);
- }
-
-}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
index db1d8a2..937603e 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AddActionsAction.java
@@ -19,7 +19,6 @@ package org.apache.nifi.admin.service.action;
import org.apache.nifi.action.Action;
import org.apache.nifi.admin.dao.ActionDAO;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
import java.util.Collection;
@@ -35,7 +34,7 @@ public class AddActionsAction implements AdministrationAction<Void> {
}
@Override
- public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
+ public Void execute(DAOFactory daoFactory) {
ActionDAO actionDao = daoFactory.getActionDAO();
// add each action
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
index f1795a9..141aa84 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AdministrationAction.java
@@ -17,7 +17,6 @@
package org.apache.nifi.admin.service.action;
import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.authorization.AuthorityProvider;
/**
* Defines the administration action. Actions are provided a DAO factory and
@@ -31,8 +30,7 @@ public interface AdministrationAction<T> {
* Performs an action using the specified DAOFactory and AuthorityProvider.
*
* @param daoFactory factory
- * @param authorityProvider provider
* @return action result
*/
- T execute(DAOFactory daoFactory, AuthorityProvider authorityProvider);
+ T execute(DAOFactory daoFactory);
}
http://git-wip-us.apache.org/repos/asf/nifi/blob/153f63ef/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java
----------------------------------------------------------------------
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java
deleted file mode 100644
index d1b994c..0000000
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/service/action/AuthorizeDownloadAction.java
+++ /dev/null
@@ -1,54 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.apache.nifi.admin.service.action;
-
-import java.util.List;
-import java.util.Map;
-import org.apache.nifi.admin.dao.DAOFactory;
-import org.apache.nifi.admin.service.AccountNotFoundException;
-import org.apache.nifi.admin.service.AdministrationException;
-import org.apache.nifi.authorization.AuthorityProvider;
-import org.apache.nifi.authorization.DownloadAuthorization;
-import org.apache.nifi.authorization.exception.AuthorityAccessException;
-import org.apache.nifi.authorization.exception.UnknownIdentityException;
-
-/**
- * Attempts to obtain authorization to download the content with the specified
- * attributes for the specified user.
- */
-public class AuthorizeDownloadAction implements AdministrationAction<DownloadAuthorization> {
-
- private final List<String> dnChain;
- private final Map<String, String> attributes;
-
- public AuthorizeDownloadAction(List<String> dnChain, Map<String, String> attributes) {
- this.dnChain = dnChain;
- this.attributes = attributes;
- }
-
- @Override
- public DownloadAuthorization execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) {
- try {
- return authorityProvider.authorizeDownload(dnChain, attributes);
- } catch (UnknownIdentityException uie) {
- throw new AccountNotFoundException(uie.getMessage(), uie);
- } catch (AuthorityAccessException aae) {
- throw new AdministrationException(aae.getMessage(), aae);
- }
- }
-
-}