Java Code Examples for org.apache.nifi.authorization.user.NiFiUser#getIdentity()
The following examples show how to use
org.apache.nifi.authorization.user.NiFiUser#getIdentity() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: RequestLogger.java From nifi with Apache License 2.0 | 6 votes |
@Override public void doFilter(final ServletRequest req, final ServletResponse resp, final FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest request = (HttpServletRequest) req; // only log http requests has https requests are logged elsewhere if ("http".equalsIgnoreCase(request.getScheme())) { final NiFiUser user = NiFiUserUtils.getNiFiUser(); // get the user details for the log message String identity = "<no user found>"; if (user != null) { identity = user.getIdentity(); } // log the request attempt - response details will be logged later logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", identity, request.getMethod(), request.getRequestURL().toString(), request.getRemoteAddr())); } // continue the filter chain filterChain.doFilter(req, resp); }
Example 2
Source File: PersistentProvenanceRepository.java From nifi with Apache License 2.0 | 6 votes |
@Override public AsyncLineageSubmission retrieveLineageSubmission(final String lineageIdentifier, final NiFiUser user) { final AsyncLineageSubmission submission = lineageSubmissionMap.get(lineageIdentifier); final String userId = submission.getSubmitterIdentity(); if (user == null && userId == null) { return submission; } if (user == null) { throw new AccessDeniedException("Cannot retrieve Provenance Lineage Submission because no user id was provided in the lineage request."); } if (userId == null || userId.equals(user.getIdentity())) { return submission; } throw new AccessDeniedException("Cannot retrieve Provenance Lineage Submission because " + user.getIdentity() + " is not the user who submitted the request."); }
Example 3
Source File: RequestLogger.java From localization_nifi with Apache License 2.0 | 6 votes |
@Override public void doFilter(final ServletRequest req, final ServletResponse resp, final FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest request = (HttpServletRequest) req; // only log http requests has https requests are logged elsewhere if ("http".equalsIgnoreCase(request.getScheme())) { final NiFiUser user = NiFiUserUtils.getNiFiUser(); // get the user details for the log message String identity = "<no user found>"; if (user != null) { identity = user.getIdentity(); } // log the request attempt - response details will be logged later logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", identity, request.getMethod(), request.getRequestURL().toString(), request.getRemoteAddr())); } // continue the filter chain filterChain.doFilter(req, resp); }
Example 4
Source File: PersistentProvenanceRepository.java From nifi with Apache License 2.0 | 6 votes |
@Override public QuerySubmission retrieveQuerySubmission(final String queryIdentifier, final NiFiUser user) { final QuerySubmission submission = querySubmissionMap.get(queryIdentifier); final String userId = submission.getSubmitterIdentity(); if (user == null && userId == null) { return submission; } if (user == null) { throw new AccessDeniedException("Cannot retrieve Provenance Query Submission because no user id was provided in the provenance request."); } if (userId == null || userId.equals(user.getIdentity())) { return submission; } throw new AccessDeniedException("Cannot retrieve Provenance Query Submission because " + user.getIdentity() + " is not the user who submitted the request."); }
Example 5
Source File: StandardNiFiServiceFacade.java From localization_nifi with Apache License 2.0 | 6 votes |
@Override public void deleteNode(final String nodeId) { final NiFiUser user = NiFiUserUtils.getNiFiUser(); if (user == null) { throw new WebApplicationException(new Throwable("Unable to access details for current user.")); } final String userDn = user.getIdentity(); final NodeIdentifier nodeIdentifier = clusterCoordinator.getNodeIdentifier(nodeId); if (nodeIdentifier == null) { throw new UnknownNodeException("Cannot remove Node with ID " + nodeId + " because it is not part of the cluster"); } final NodeConnectionStatus nodeConnectionStatus = clusterCoordinator.getConnectionStatus(nodeIdentifier); if (!nodeConnectionStatus.getState().equals(NodeConnectionState.DISCONNECTED)) { throw new IllegalNodeDeletionException("Cannot remove Node with ID " + nodeId + " because it is not disconnected, current state = " + nodeConnectionStatus.getState()); } clusterCoordinator.removeNode(nodeIdentifier, userDn); heartbeatMonitor.removeHeartbeat(nodeIdentifier); }
Example 6
Source File: VolatileProvenanceRepository.java From localization_nifi with Apache License 2.0 | 6 votes |
@Override public ComputeLineageSubmission retrieveLineageSubmission(String lineageIdentifier, final NiFiUser user) { final ComputeLineageSubmission submission = lineageSubmissionMap.get(lineageIdentifier); final String userId = submission.getSubmitterIdentity(); if (user == null && userId == null) { return submission; } if (user == null) { throw new AccessDeniedException("Cannot retrieve Provenance Lineage Submission because no user id was provided in the lineage request."); } if (userId == null || userId.equals(user.getIdentity())) { return submission; } throw new AccessDeniedException("Cannot retrieve Provenance Lineage Submission because " + user.getIdentity() + " is not the user who submitted the request."); }
Example 7
Source File: VolatileProvenanceRepository.java From localization_nifi with Apache License 2.0 | 6 votes |
@Override public QuerySubmission retrieveQuerySubmission(final String queryIdentifier, final NiFiUser user) { final QuerySubmission submission = querySubmissionMap.get(queryIdentifier); final String userId = submission.getSubmitterIdentity(); if (user == null && userId == null) { return submission; } if (user == null) { throw new AccessDeniedException("Cannot retrieve Provenance Query Submission because no user id was provided in the provenance request."); } if (userId == null || userId.equals(user.getIdentity())) { return submission; } throw new AccessDeniedException("Cannot retrieve Provenance Query Submission because " + user.getIdentity() + " is not the user who submitted the request."); }
Example 8
Source File: LuceneEventIndex.java From nifi with Apache License 2.0 | 6 votes |
@Override public AsyncLineageSubmission retrieveLineageSubmission(final String lineageIdentifier, final NiFiUser user) { final AsyncLineageSubmission submission = lineageSubmissionMap.get(lineageIdentifier); final String userId = submission.getSubmitterIdentity(); if (user == null && userId == null) { return submission; } if (user == null) { throw new AccessDeniedException("Cannot retrieve Provenance Lineage Submission because no user id was provided"); } if (userId == null || userId.equals(user.getIdentity())) { return submission; } throw new AccessDeniedException("Cannot retrieve Provenance Lineage Submission because " + user.getIdentity() + " is not the user who submitted the request"); }
Example 9
Source File: LuceneEventIndex.java From nifi with Apache License 2.0 | 6 votes |
@Override public QuerySubmission retrieveQuerySubmission(final String queryIdentifier, final NiFiUser user) { final QuerySubmission submission = querySubmissionMap.get(queryIdentifier); final String userId = submission.getSubmitterIdentity(); if (user == null && userId == null) { return submission; } if (user == null) { throw new AccessDeniedException("Cannot retrieve Provenance Query Submission because no user id was provided"); } if (userId == null || userId.equals(user.getIdentity())) { return submission; } throw new AccessDeniedException("Cannot retrieve Provenance Query Submission because " + user.getIdentity() + " is not the user who submitted the request"); }
Example 10
Source File: VolatileProvenanceRepository.java From nifi with Apache License 2.0 | 6 votes |
@Override public ComputeLineageSubmission retrieveLineageSubmission(String lineageIdentifier, final NiFiUser user) { final ComputeLineageSubmission submission = lineageSubmissionMap.get(lineageIdentifier); final String userId = submission.getSubmitterIdentity(); if (user == null && userId == null) { return submission; } if (user == null) { throw new AccessDeniedException("Cannot retrieve Provenance Lineage Submission because no user id was provided in the lineage request."); } if (userId == null || userId.equals(user.getIdentity())) { return submission; } throw new AccessDeniedException("Cannot retrieve Provenance Lineage Submission because " + user.getIdentity() + " is not the user who submitted the request."); }
Example 11
Source File: PersistentProvenanceRepository.java From localization_nifi with Apache License 2.0 | 6 votes |
@Override public QuerySubmission retrieveQuerySubmission(final String queryIdentifier, final NiFiUser user) { final QuerySubmission submission = querySubmissionMap.get(queryIdentifier); final String userId = submission.getSubmitterIdentity(); if (user == null && userId == null) { return submission; } if (user == null) { throw new AccessDeniedException("Cannot retrieve Provenance Query Submission because no user id was provided in the provenance request."); } if (userId == null || userId.equals(user.getIdentity())) { return submission; } throw new AccessDeniedException("Cannot retrieve Provenance Query Submission because " + user.getIdentity() + " is not the user who submitted the request."); }
Example 12
Source File: PersistentProvenanceRepository.java From localization_nifi with Apache License 2.0 | 6 votes |
@Override public AsyncLineageSubmission retrieveLineageSubmission(final String lineageIdentifier, final NiFiUser user) { final AsyncLineageSubmission submission = lineageSubmissionMap.get(lineageIdentifier); final String userId = submission.getSubmitterIdentity(); if (user == null && userId == null) { return submission; } if (user == null) { throw new AccessDeniedException("Cannot retrieve Provenance Lineage Submission because no user id was provided in the lineage request."); } if (userId == null || userId.equals(user.getIdentity())) { return submission; } throw new AccessDeniedException("Cannot retrieve Provenance Lineage Submission because " + user.getIdentity() + " is not the user who submitted the request."); }
Example 13
Source File: VolatileProvenanceRepository.java From nifi with Apache License 2.0 | 5 votes |
private AsyncLineageSubmission submitLineageComputation(final Collection<String> flowFileUuids, final NiFiUser user, final LineageComputationType computationType, final Long eventId) { final String userId = user == null ? null : user.getIdentity(); final AsyncLineageSubmission result = new AsyncLineageSubmission(computationType, eventId, flowFileUuids, 1, userId); lineageSubmissionMap.put(result.getLineageIdentifier(), result); final Filter<ProvenanceEventRecord> filter = new Filter<ProvenanceEventRecord>() { @Override public boolean select(final ProvenanceEventRecord event) { if (!isAuthorized(event, user)) { return false; } if (flowFileUuids.contains(event.getFlowFileUuid())) { return true; } for (final String parentId : event.getParentUuids()) { if (flowFileUuids.contains(parentId)) { return true; } } for (final String childId : event.getChildUuids()) { if (flowFileUuids.contains(childId)) { return true; } } return false; } }; queryExecService.submit(new ComputeLineageRunnable(ringBuffer, filter, result)); return result; }
Example 14
Source File: AccessResource.java From nifi with Apache License 2.0 | 5 votes |
/** * Creates a single use access token for accessing a NiFi UI extension. * * @param httpServletRequest the servlet request * @return A token (string) */ @POST @Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Produces(MediaType.TEXT_PLAIN) @Path("/ui-extension-token") @ApiOperation( value = "Creates a single use access token for accessing a NiFi UI extension.", notes = "The token returned is a base64 encoded string. It is valid for a single request up to five minutes from being issued. " + "It is used as a query parameter name 'access_token'.", response = String.class ) @ApiResponses( value = { @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "Unable to create the download token because NiFi is not in the appropriate state. " + "(i.e. may not have any tokens to grant or be configured to support username/password login)"), @ApiResponse(code = 500, message = "Unable to create download token because an unexpected error occurred.") } ) public Response createUiExtensionToken(@Context HttpServletRequest httpServletRequest) { // only support access tokens when communicating over HTTPS if (!httpServletRequest.isSecure()) { throw new IllegalStateException("UI extension access tokens are only issued over HTTPS."); } final NiFiUser user = NiFiUserUtils.getNiFiUser(); if (user == null) { throw new AccessDeniedException("No user authenticated in the request."); } final OtpAuthenticationToken authenticationToken = new OtpAuthenticationToken(user.getIdentity()); // generate otp for response final String token = otpService.generateUiExtensionToken(authenticationToken); // build the response final URI uri = URI.create(generateResourceUri("access", "ui-extension-token")); return generateCreatedResponse(uri, token).build(); }
Example 15
Source File: PersistentProvenanceRepository.java From localization_nifi with Apache License 2.0 | 5 votes |
private AsyncLineageSubmission submitLineageComputation(final Collection<String> flowFileUuids, final NiFiUser user, final LineageComputationType computationType, final Long eventId, final long startTimestamp, final long endTimestamp) { final List<File> indexDirs = indexConfig.getIndexDirectories(startTimestamp, endTimestamp); final AsyncLineageSubmission result = new AsyncLineageSubmission(computationType, eventId, flowFileUuids, indexDirs.size(), user.getIdentity()); lineageSubmissionMap.put(result.getLineageIdentifier(), result); for (final File indexDir : indexDirs) { queryExecService.submit(new ComputeLineageRunnable(flowFileUuids, user, result, indexDir)); } return result; }
Example 16
Source File: AccessResource.java From localization_nifi with Apache License 2.0 | 5 votes |
/** * Creates a single use access token for downloading FlowFile content. * * @param httpServletRequest the servlet request * @return A token (string) */ @POST @Consumes(MediaType.APPLICATION_FORM_URLENCODED) @Produces(MediaType.TEXT_PLAIN) @Path("/download-token") @ApiOperation( value = "Creates a single use access token for downloading FlowFile content.", notes = "The token returned is a base64 encoded string. It is valid for a single request up to five minutes from being issued. " + "It is used as a query parameter name 'access_token'.", response = String.class ) @ApiResponses( value = { @ApiResponse(code = 403, message = "Client is not authorized to make this request."), @ApiResponse(code = 409, message = "Unable to create the download token because NiFi is not in the appropriate state. " + "(i.e. may not have any tokens to grant or be configured to support username/password login)"), @ApiResponse(code = 500, message = "Unable to create download token because an unexpected error occurred.") } ) public Response createDownloadToken(@Context HttpServletRequest httpServletRequest) { // only support access tokens when communicating over HTTPS if (!httpServletRequest.isSecure()) { throw new IllegalStateException("Download tokens are only issued over HTTPS."); } final NiFiUser user = NiFiUserUtils.getNiFiUser(); if (user == null) { throw new AccessDeniedException("No user authenticated in the request."); } final OtpAuthenticationToken authenticationToken = new OtpAuthenticationToken(user.getIdentity()); // generate otp for response final String token = otpService.generateDownloadToken(authenticationToken); // build the response final URI uri = URI.create(generateResourceUri("access", "download-token")); return generateCreatedResponse(uri, token).build(); }
Example 17
Source File: VolatileProvenanceRepository.java From nifi with Apache License 2.0 | 5 votes |
@Override public ComputeLineageSubmission submitLineageComputation(final long eventId, final NiFiUser user) { final ProvenanceEventRecord event = getEvent(eventId); if (event == null) { final String userId = user == null ? null : user.getIdentity(); final AsyncLineageSubmission result = new AsyncLineageSubmission(LineageComputationType.FLOWFILE_LINEAGE, eventId, Collections.emptySet(), 1, userId); result.getResult().setError("Could not find event with ID " + eventId); lineageSubmissionMap.put(result.getLineageIdentifier(), result); return result; } return submitLineageComputation(Collections.singleton(event.getFlowFileUuid()), user, LineageComputationType.FLOWFILE_LINEAGE, eventId); }
Example 18
Source File: PersistentProvenanceRepository.java From nifi with Apache License 2.0 | 5 votes |
private AsyncLineageSubmission submitLineageComputation(final Collection<String> flowFileUuids, final NiFiUser user, final LineageComputationType computationType, final Long eventId, final long startTimestamp, final long endTimestamp) { final List<File> indexDirs = indexConfig.getIndexDirectories(startTimestamp, endTimestamp); final AsyncLineageSubmission result = new AsyncLineageSubmission(computationType, eventId, flowFileUuids, indexDirs.size(), user == null ? null : user.getIdentity()); lineageSubmissionMap.put(result.getLineageIdentifier(), result); for (final File indexDir : indexDirs) { queryExecService.submit(new ComputeLineageRunnable(flowFileUuids, user, result, indexDir)); } return result; }
Example 19
Source File: DataTransferResource.java From localization_nifi with Apache License 2.0 | 4 votes |
private Peer constructPeer(final HttpServletRequest req, final InputStream inputStream, final OutputStream outputStream, final String portId, final String transactionId) { String clientHostName = req.getRemoteHost(); try { // req.getRemoteHost returns IP address, try to resolve hostname to be consistent with RAW protocol. final InetAddress clientAddress = InetAddress.getByName(clientHostName); clientHostName = clientAddress.getHostName(); } catch (UnknownHostException e) { logger.info("Failed to resolve client hostname {}, due to {}", clientHostName, e.getMessage()); } final int clientPort = req.getRemotePort(); final PeerDescription peerDescription = new PeerDescription(clientHostName, clientPort, req.isSecure()); final NiFiUser user = NiFiUserUtils.getNiFiUser(); final String userDn = user == null ? null : user.getIdentity(); final HttpServerCommunicationsSession commSession = new HttpServerCommunicationsSession(inputStream, outputStream, transactionId, userDn); boolean useCompression = false; final String useCompressionStr = req.getHeader(HANDSHAKE_PROPERTY_USE_COMPRESSION); if (!isEmpty(useCompressionStr) && Boolean.valueOf(useCompressionStr)) { useCompression = true; } final String requestExpiration = req.getHeader(HANDSHAKE_PROPERTY_REQUEST_EXPIRATION); final String batchCount = req.getHeader(HANDSHAKE_PROPERTY_BATCH_COUNT); final String batchSize = req.getHeader(HANDSHAKE_PROPERTY_BATCH_SIZE); final String batchDuration = req.getHeader(HANDSHAKE_PROPERTY_BATCH_DURATION); commSession.putHandshakeParam(HandshakeProperty.PORT_IDENTIFIER, portId); commSession.putHandshakeParam(HandshakeProperty.GZIP, String.valueOf(useCompression)); if (!isEmpty(requestExpiration)) { commSession.putHandshakeParam(REQUEST_EXPIRATION_MILLIS, requestExpiration); } if (!isEmpty(batchCount)) { commSession.putHandshakeParam(BATCH_COUNT, batchCount); } if (!isEmpty(batchSize)) { commSession.putHandshakeParam(BATCH_SIZE, batchSize); } if (!isEmpty(batchDuration)) { commSession.putHandshakeParam(BATCH_DURATION, batchDuration); } if (peerDescription.isSecure()) { final NiFiUser nifiUser = NiFiUserUtils.getNiFiUser(); logger.debug("initiating peer, nifiUser={}", nifiUser); commSession.setUserDn(nifiUser.getIdentity()); } // TODO: Followed how SocketRemoteSiteListener define peerUrl and clusterUrl, but it can be more meaningful values, especially for clusterUrl. final String peerUrl = "nifi://" + clientHostName + ":" + clientPort; final String clusterUrl = "nifi://localhost:" + req.getLocalPort(); return new Peer(peerDescription, commSession, peerUrl, clusterUrl); }
Example 20
Source File: StandardNiFiWebConfigurationContext.java From localization_nifi with Apache License 2.0 | 4 votes |
@Override public String getCurrentUserIdentity() { final NiFiUser user = NiFiUserUtils.getNiFiUser(); authorizeFlowAccess(user); return user.getIdentity(); }