Java Code Examples for org.apache.nifi.authorization.resource.Authorizable#checkAuthorization()
The following examples show how to use
org.apache.nifi.authorization.resource.Authorizable#checkAuthorization() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: UserEventAuthorizer.java From localization_nifi with Apache License 2.0 | 6 votes |
|
@Override
public boolean isAuthorized(final ProvenanceEventRecord event) {
if (authorizer == null || user == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
if (event.isRemotePortType()) {
eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId());
} else {
eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId());
}
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, event.getAttributes());
return Result.Approved.equals(result.getResult());
}
Example 2
| Source File: PersistentProvenanceRepository.java From localization_nifi with Apache License 2.0 | 6 votes |
|
public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
if (authorizer == null || user == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
if (event.isRemotePortType()) {
eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId());
} else {
eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId());
}
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, event.getAttributes());
return Result.Approved.equals(result.getResult());
}
Example 3
| Source File: VolatileProvenanceRepository.java From localization_nifi with Apache License 2.0 | 6 votes |
|
public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
if (authorizer == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
if (event.isRemotePortType()) {
eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId());
} else {
eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId());
}
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, event.getAttributes());
return Result.Approved.equals(result.getResult());
}
Example 4
| Source File: ControllerFacade.java From localization_nifi with Apache License 2.0 | 6 votes |
|
/**
* Authorizes access to replay a specified provenance event.
*
* @param event event
*/
private AuthorizationResult checkAuthorizationForReplay(final ProvenanceEventRecord event) {
// if the connection id isn't specified, then the replay wouldn't be available anyways and we have nothing to authorize against so deny it`
if (event.getSourceQueueIdentifier() == null) {
return AuthorizationResult.denied("The connection id in the provenance event is unknown.");
}
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final Authorizable dataAuthorizable;
if (event.isRemotePortType()) {
dataAuthorizable = flowController.createRemoteDataAuthorizable(event.getComponentId());
} else {
dataAuthorizable = flowController.createLocalDataAuthorizable(event.getComponentId());
}
final Map<String, String> eventAttributes = event.getAttributes();
// ensure we can read the data
final AuthorizationResult result = dataAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, eventAttributes);
if (!Result.Approved.equals(result.getResult())) {
return result;
}
// ensure we can write the data
return dataAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user, eventAttributes);
}
Example 5
| Source File: MiNiFiPersistentProvenanceRepository.java From nifi-minifi with Apache License 2.0 | 6 votes |
|
public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
if (authorizer == null || user == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
if (event.isRemotePortType()) {
eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId());
} else {
eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId());
}
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, event.getAttributes());
return Result.Approved.equals(result.getResult());
}
Example 6
| Source File: UserEventAuthorizer.java From nifi with Apache License 2.0 | 6 votes |
|
@Override
public boolean isAuthorized(final ProvenanceEventRecord event) {
if (authorizer == null || user == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
eventAuthorizable = resourceFactory.createProvenanceDataAuthorizable(event.getComponentId());
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user);
return Result.Approved.equals(result.getResult());
}
Example 7
| Source File: ComponentNode.java From nifi with Apache License 2.0 | 6 votes |
|
@Override
default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) {
// if this is a modification request and the reporting task is restricted ensure the user has elevated privileges. if this
// is not a modification request, we just want to use the normal rules
if (RequestAction.WRITE.equals(action) && isRestricted()) {
final Set<Authorizable> restrictedComponentsAuthorizables = RestrictedComponentsAuthorizableFactory.getRestrictedComponentsAuthorizable(getComponentClass());
for (final Authorizable restrictedComponentsAuthorizable : restrictedComponentsAuthorizables) {
final AuthorizationResult result = restrictedComponentsAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user, resourceContext);
if (Result.Denied.equals(result.getResult())) {
return result;
}
}
}
// defer to the base authorization check
return ComponentAuthorizable.super.checkAuthorization(authorizer, action, user, resourceContext);
}
Example 8
| Source File: ControllerFacade.java From nifi with Apache License 2.0 | 6 votes |
|
/**
* Authorizes access to replay a specified provenance event. Whether to check read data permission can be specified. The context this
* method is invoked may have already verified these permissions. Using a flag here as it forces the caller to acknowledge this fact
* limiting the possibility of overlooking it.
*
* @param event event
* @param checkReadDataPermissions whether to verify read data permissions
*/
private AuthorizationResult checkAuthorizationForReplay(final ProvenanceEventRecord event, final boolean checkReadDataPermissions) {
// if the connection id isn't specified, then the replay wouldn't be available anyways and we have nothing to authorize against so deny it`
if (event.getSourceQueueIdentifier() == null) {
return AuthorizationResult.denied("The connection id in the provenance event is unknown.");
}
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final Authorizable dataAuthorizable = getDataAuthorizable(event);
final Map<String, String> eventAttributes = event.getAttributes();
if (checkReadDataPermissions) {
// ensure we can read the data
final AuthorizationResult result = dataAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, eventAttributes);
if (!Result.Approved.equals(result.getResult())) {
return result;
}
}
// ensure we can write the data; read the data should have been checked already
return dataAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user, eventAttributes);
}
Example 9
| Source File: StandardNiFiServiceFacade.java From localization_nifi with Apache License 2.0 | 5 votes |
|
private boolean authorizeBulletin(final Bulletin bulletin) {
final String sourceId = bulletin.getSourceId();
final ComponentType type = bulletin.getSourceType();
final Authorizable authorizable;
try {
switch (type) {
case PROCESSOR:
authorizable = authorizableLookup.getProcessor(sourceId).getAuthorizable();
break;
case REPORTING_TASK:
authorizable = authorizableLookup.getReportingTask(sourceId).getAuthorizable();
break;
case CONTROLLER_SERVICE:
authorizable = authorizableLookup.getControllerService(sourceId).getAuthorizable();
break;
case FLOW_CONTROLLER:
authorizable = controllerFacade;
break;
case INPUT_PORT:
authorizable = authorizableLookup.getInputPort(sourceId);
break;
case OUTPUT_PORT:
authorizable = authorizableLookup.getOutputPort(sourceId);
break;
case REMOTE_PROCESS_GROUP:
authorizable = authorizableLookup.getRemoteProcessGroup(sourceId);
break;
default:
throw new WebApplicationException(Response.serverError().entity("An unexpected type of component is the source of this bulletin.").build());
}
} catch (final ResourceNotFoundException e) {
// if the underlying component is gone, disallow
return false;
}
// perform the authorization
final AuthorizationResult result = authorizable.checkAuthorization(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
return Result.Approved.equals(result.getResult());
}
Example 10
| Source File: PersistentProvenanceRepository.java From nifi with Apache License 2.0 | 5 votes |
|
public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
if (authorizer == null || user == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
eventAuthorizable = resourceFactory.createProvenanceDataAuthorizable(event.getComponentId());
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user);
return Result.Approved.equals(result.getResult());
}
Example 11
| Source File: VolatileProvenanceRepository.java From nifi with Apache License 2.0 | 5 votes |
|
public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
if (authorizer == null || user == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
eventAuthorizable = resourceFactory.createProvenanceDataAuthorizable(event.getComponentId());
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user);
return Result.Approved.equals(result.getResult());
}
Example 12
| Source File: ControllerFacade.java From nifi with Apache License 2.0 | 5 votes |
|
/**
* Authorizes access to data for a specified provenance event.
*
* @param event event
*/
private AuthorizationResult checkAuthorizationForData(ProvenanceEventRecord event) {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final Authorizable dataAuthorizable = getDataAuthorizable(event);
final Map<String, String> eventAttributes = event.getAttributes();
// ensure we can read the data
return dataAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, eventAttributes);
}
Example 13
| Source File: StandardNiFiServiceFacade.java From localization_nifi with Apache License 2.0 | 4 votes |
|
private AuthorizationResult authorizeAction(final Action action) {
final String sourceId = action.getSourceId();
final Component type = action.getSourceType();
final Authorizable authorizable;
try {
switch (type) {
case Processor:
authorizable = authorizableLookup.getProcessor(sourceId).getAuthorizable();
break;
case ReportingTask:
authorizable = authorizableLookup.getReportingTask(sourceId).getAuthorizable();
break;
case ControllerService:
authorizable = authorizableLookup.getControllerService(sourceId).getAuthorizable();
break;
case Controller:
authorizable = controllerFacade;
break;
case InputPort:
authorizable = authorizableLookup.getInputPort(sourceId);
break;
case OutputPort:
authorizable = authorizableLookup.getOutputPort(sourceId);
break;
case ProcessGroup:
authorizable = authorizableLookup.getProcessGroup(sourceId).getAuthorizable();
break;
case RemoteProcessGroup:
authorizable = authorizableLookup.getRemoteProcessGroup(sourceId);
break;
case Funnel:
authorizable = authorizableLookup.getFunnel(sourceId);
break;
case Connection:
authorizable = authorizableLookup.getConnection(sourceId).getAuthorizable();
break;
case AccessPolicy:
authorizable = authorizableLookup.getAccessPolicyById(sourceId);
break;
case User:
case UserGroup:
authorizable = authorizableLookup.getTenant();
break;
default:
throw new WebApplicationException(Response.serverError().entity("An unexpected type of component is the source of this action.").build());
}
} catch (final ResourceNotFoundException e) {
// if the underlying component is gone, disallow
return AuthorizationResult.denied("The component of this action is no longer in the data flow.");
}
// perform the authorization
return authorizable.checkAuthorization(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
}
