Package org.apache.nifi.authorization

Class FileAccessPolicyProvider

java.lang.Object

org.apache.nifi.authorization.FileAccessPolicyProvider

All Implemented Interfaces:

AccessPolicyProvider, ConfigurableAccessPolicyProvider

public class FileAccessPolicyProvider
extends Object
implements ConfigurableAccessPolicyProvider

Field Summary

Fields

Modifier and Type	Field	Description
private static final String	ACTIONS_ATTR
private static final String	AUTHORIZATIONS_XSD
private File	authorizationsFile
private final AtomicReference<AuthorizationsHolder>	authorizationsHolder
private Schema	authorizationsSchema
private static final String	IDENTIFIER_ATTR
private String	initialAdminIdentity
private static final jakarta.xml.bind.JAXBContext	JAXB_AUTHORIZATIONS_CONTEXT
private static final String	JAXB_AUTHORIZATIONS_PATH
private static final org.slf4j.Logger	logger
(package private) static final Pattern	NODE_IDENTITY_PATTERN
private String	nodeGroupIdentifier
private Set<String>	nodeIdentities
private static final String	POLICY_ELEMENT
private static final String	POLICY_GROUP_ELEMENT
private static final String	POLICY_USER_ELEMENT
(package private) static final String	PROP_AUTHORIZATIONS_FILE
(package private) static final String	PROP_INITIAL_ADMIN_IDENTITY
(package private) static final String	PROP_NODE_GROUP_NAME
(package private) static final String	PROP_NODE_IDENTITY_PREFIX
(package private) static final String	PROP_USER_GROUP_PROVIDER
private NiFiProperties	properties
(package private) static final String	READ_CODE
private static final String	RESOURCE_ATTR
private File	restoreAuthorizationsFile
private String	rootGroupId
private UserGroupProvider	userGroupProvider
private UserGroupProviderLookup	userGroupProviderLookup
(package private) static final String	WRITE_CODE
private static final XMLOutputFactory	XML_OUTPUT_FACTORY

Constructor Summary

Constructors

Constructor	Description
FileAccessPolicyProvider()

Method Summary

Modifier and Type	Method	Description
private void	addAccessPolicies(List<AccessPolicy> accessPolicies)
AccessPolicy	addAccessPolicy(AccessPolicy accessPolicy)
private void	addGroupToAccessPolicy(Authorizations authorizations, String resource, String groupIdentifier, String action)	Creates and adds an access policy for the given resource, group identity, and actions to the specified authorizations.
private void	addUserToAccessPolicy(Authorizations authorizations, String resource, String userIdentifier, String action)	Creates and adds an access policy for the given resource, identity, and actions to the specified authorizations.
void	backupPolicies()
void	checkInheritability(String proposedFingerprint)
private Policy	createJAXBPolicy(AccessPolicy accessPolicy)
AccessPolicy	deleteAccessPolicy(AccessPolicy accessPolicy)
void	forciblyInheritFingerprint(String fingerprint)
Set<AccessPolicy>	getAccessPolicies()
AccessPolicy	getAccessPolicy(String identifier)
AccessPolicy	getAccessPolicy(String resourceIdentifier, RequestAction action)
(package private) AuthorizationsHolder	getAuthorizationsHolder()
String	getFingerprint()
UserGroupProvider	getUserGroupProvider()
private void	inheritAccessPolicies(List<AccessPolicy> accessPolicies)
void	inheritFingerprint(String fingerprint)
void	initialize(AccessPolicyProviderInitializationContext initializationContext)
private static jakarta.xml.bind.JAXBContext	initializeJaxbContext()	Load the JAXBContext.
private boolean	isInheritable()
private void	load()	Loads the authorizations file and populates the AuthorizationsHolder, only called during start-up.
void	onConfigured(AuthorizerConfigurationContext configurationContext)
private void	parseFlow()	Try to parse the flow configuration file to extract the root group id and port information.
private List<AccessPolicy>	parsePolicies(String fingerprint)
private AccessPolicy	parsePolicy(Element element)
private void	populateInitialAdmin(Authorizations authorizations)	Creates the initial admin user and policies for access the flow and managing users and policies.
private void	populateNodes(Authorizations authorizations)	Creates a user for each node and gives the nodes write permission to /proxy.
void	preDestruction()
void	purgePolicies(boolean save)
private void	saveAndRefreshHolder(Authorizations authorizations)	Saves the Authorizations instance by marshalling to a file, then re-populates the in-memory data structures and sets the new holder.
private void	saveAuthorizations(Authorizations authorizations)
private void	saveAuthorizations(Authorizations authorizations, File destinationFile)
void	setNiFiProperties(NiFiProperties properties)
private void	transferUsersAndGroups(AccessPolicy accessPolicy, Policy policy)	Sets the given Policy to the state of the provided AccessPolicy.
private Authorizations	unmarshallAuthorizations()
AccessPolicy	updateAccessPolicy(AccessPolicy accessPolicy)
private void	writePolicy(XMLStreamWriter writer, AccessPolicy policy)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.nifi.authorization.ConfigurableAccessPolicyProvider

isConfigurable

Field Details

logger

private static final org.slf4j.Logger logger

AUTHORIZATIONS_XSD

private static final String AUTHORIZATIONS_XSD

See Also:

• Constant Field Values

JAXB_AUTHORIZATIONS_PATH

private static final String JAXB_AUTHORIZATIONS_PATH

See Also:

• Constant Field Values

JAXB_AUTHORIZATIONS_CONTEXT

private static final jakarta.xml.bind.JAXBContext JAXB_AUTHORIZATIONS_CONTEXT

XML_OUTPUT_FACTORY

private static final XMLOutputFactory XML_OUTPUT_FACTORY

POLICY_ELEMENT

private static final String POLICY_ELEMENT

See Also:

• Constant Field Values

POLICY_USER_ELEMENT

private static final String POLICY_USER_ELEMENT

See Also:

• Constant Field Values

POLICY_GROUP_ELEMENT

private static final String POLICY_GROUP_ELEMENT

See Also:

• Constant Field Values

IDENTIFIER_ATTR

private static final String IDENTIFIER_ATTR

See Also:

• Constant Field Values

RESOURCE_ATTR

private static final String RESOURCE_ATTR

See Also:

• Constant Field Values

ACTIONS_ATTR

private static final String ACTIONS_ATTR

See Also:

• Constant Field Values

READ_CODE

static final String READ_CODE

See Also:

• Constant Field Values

WRITE_CODE

static final String WRITE_CODE

See Also:

• Constant Field Values

PROP_NODE_IDENTITY_PREFIX

static final String PROP_NODE_IDENTITY_PREFIX

See Also:

• Constant Field Values

PROP_NODE_GROUP_NAME

static final String PROP_NODE_GROUP_NAME

See Also:

• Constant Field Values

PROP_USER_GROUP_PROVIDER

static final String PROP_USER_GROUP_PROVIDER

See Also:

• Constant Field Values

PROP_AUTHORIZATIONS_FILE

static final String PROP_AUTHORIZATIONS_FILE

See Also:

• Constant Field Values

PROP_INITIAL_ADMIN_IDENTITY

static final String PROP_INITIAL_ADMIN_IDENTITY

See Also:

• Constant Field Values

NODE_IDENTITY_PATTERN

static final Pattern NODE_IDENTITY_PATTERN

authorizationsSchema

private Schema authorizationsSchema

properties

private NiFiProperties properties

authorizationsFile

private File authorizationsFile

restoreAuthorizationsFile

private File restoreAuthorizationsFile

rootGroupId

private String rootGroupId

initialAdminIdentity

private String initialAdminIdentity

nodeIdentities

private Set<String> nodeIdentities

nodeGroupIdentifier

private String nodeGroupIdentifier

userGroupProvider

private UserGroupProvider userGroupProvider

userGroupProviderLookup

private UserGroupProviderLookup userGroupProviderLookup

authorizationsHolder

private final AtomicReference<AuthorizationsHolder> authorizationsHolder

Constructor Details

FileAccessPolicyProvider

public FileAccessPolicyProvider()

Method Details

initializeJaxbContext

private static jakarta.xml.bind.JAXBContext initializeJaxbContext()

Load the JAXBContext.

initialize

public void initialize(AccessPolicyProviderInitializationContext initializationContext)
                throws AuthorizerCreationException

Specified by:

initialize in interface AccessPolicyProvider

Throws:

AuthorizerCreationException

onConfigured

public void onConfigured(AuthorizerConfigurationContext configurationContext)
                  throws AuthorizerCreationException

Specified by:

onConfigured in interface AccessPolicyProvider

Throws:

AuthorizerCreationException

getUserGroupProvider

public UserGroupProvider getUserGroupProvider()

Specified by:

getUserGroupProvider in interface AccessPolicyProvider

getAccessPolicies

public Set<AccessPolicy> getAccessPolicies()
                                    throws AuthorizationAccessException

Specified by:

getAccessPolicies in interface AccessPolicyProvider

Throws:

AuthorizationAccessException

addAccessPolicy

public AccessPolicy addAccessPolicy(AccessPolicy accessPolicy)
                             throws AuthorizationAccessException

Specified by:

addAccessPolicy in interface ConfigurableAccessPolicyProvider

Throws:

AuthorizationAccessException

addAccessPolicies

private void addAccessPolicies(List<AccessPolicy> accessPolicies)
                        throws AuthorizationAccessException

Throws:

AuthorizationAccessException

purgePolicies

public void purgePolicies(boolean save)

backupPolicies

public void backupPolicies()
                    throws jakarta.xml.bind.JAXBException

Throws:

jakarta.xml.bind.JAXBException

getAccessPolicy

public AccessPolicy getAccessPolicy(String identifier)
                             throws AuthorizationAccessException

Specified by:

getAccessPolicy in interface AccessPolicyProvider

Throws:

AuthorizationAccessException

getAccessPolicy

public AccessPolicy getAccessPolicy(String resourceIdentifier,
 RequestAction action)
                             throws AuthorizationAccessException

Specified by:

getAccessPolicy in interface AccessPolicyProvider

Throws:

AuthorizationAccessException

updateAccessPolicy

public AccessPolicy updateAccessPolicy(AccessPolicy accessPolicy)
                                throws AuthorizationAccessException

Specified by:

updateAccessPolicy in interface ConfigurableAccessPolicyProvider

Throws:

AuthorizationAccessException

deleteAccessPolicy

public AccessPolicy deleteAccessPolicy(AccessPolicy accessPolicy)
                                throws AuthorizationAccessException

Specified by:

deleteAccessPolicy in interface ConfigurableAccessPolicyProvider

Throws:

AuthorizationAccessException

getAuthorizationsHolder

AuthorizationsHolder getAuthorizationsHolder()

setNiFiProperties

@AuthorizerContext
public void setNiFiProperties(NiFiProperties properties)

inheritFingerprint

public void inheritFingerprint(String fingerprint)
                        throws AuthorizationAccessException

Specified by:

inheritFingerprint in interface ConfigurableAccessPolicyProvider

Throws:

AuthorizationAccessException

inheritAccessPolicies

private void inheritAccessPolicies(List<AccessPolicy> accessPolicies)

forciblyInheritFingerprint

public void forciblyInheritFingerprint(String fingerprint)
                                throws AuthorizationAccessException

Specified by:

forciblyInheritFingerprint in interface ConfigurableAccessPolicyProvider

Throws:

AuthorizationAccessException

checkInheritability

public void checkInheritability(String proposedFingerprint)
                         throws AuthorizationAccessException,
UninheritableAuthorizationsException

Specified by:

checkInheritability in interface ConfigurableAccessPolicyProvider

Throws:

AuthorizationAccessException

UninheritableAuthorizationsException

isInheritable

private boolean isInheritable()

getFingerprint

public String getFingerprint()
                      throws AuthorizationAccessException

Specified by:

getFingerprint in interface ConfigurableAccessPolicyProvider

Throws:

AuthorizationAccessException

parsePolicies

private List<AccessPolicy> parsePolicies(String fingerprint)

parsePolicy

private AccessPolicy parsePolicy(Element element)

writePolicy

private void writePolicy(XMLStreamWriter writer,
 AccessPolicy policy)
                  throws XMLStreamException

Throws:

XMLStreamException

load

private void load()
           throws jakarta.xml.bind.JAXBException,
IOException,
IllegalStateException,
SAXException

Loads the authorizations file and populates the AuthorizationsHolder, only called during start-up.

Throws:

jakarta.xml.bind.JAXBException - Unable to reload the authorized users file

IOException - Unable to sync file with restore

IllegalStateException - Unable to sync file with restore

SAXException

saveAuthorizations

private void saveAuthorizations(Authorizations authorizations)
                         throws jakarta.xml.bind.JAXBException

Throws:

jakarta.xml.bind.JAXBException

saveAuthorizations

private void saveAuthorizations(Authorizations authorizations,
 File destinationFile)
                         throws jakarta.xml.bind.JAXBException

Throws:

jakarta.xml.bind.JAXBException

unmarshallAuthorizations

private Authorizations unmarshallAuthorizations()
                                         throws jakarta.xml.bind.JAXBException

Throws:

jakarta.xml.bind.JAXBException

parseFlow

private void parseFlow()

Try to parse the flow configuration file to extract the root group id and port information.

populateInitialAdmin

private void populateInitialAdmin(Authorizations authorizations)

Creates the initial admin user and policies for access the flow and managing users and policies.

populateNodes

private void populateNodes(Authorizations authorizations)

Creates a user for each node and gives the nodes write permission to /proxy.

Parameters:

authorizations - the overall authorizations

addUserToAccessPolicy

private void addUserToAccessPolicy(Authorizations authorizations,
 String resource,
 String userIdentifier,
 String action)

Creates and adds an access policy for the given resource, identity, and actions to the specified authorizations.

Parameters:

authorizations - the Authorizations instance to add the policy to

resource - the resource for the policy

userIdentifier - the identifier for the user to add to the policy

action - the action for the policy

addGroupToAccessPolicy

private void addGroupToAccessPolicy(Authorizations authorizations,
 String resource,
 String groupIdentifier,
 String action)

Creates and adds an access policy for the given resource, group identity, and actions to the specified authorizations.

Parameters:

authorizations - the Authorizations instance to add the policy to

resource - the resource for the policy

groupIdentifier - the identifier for the group to add to the policy

action - the action for the policy

createJAXBPolicy

private Policy createJAXBPolicy(AccessPolicy accessPolicy)

transferUsersAndGroups

private void transferUsersAndGroups(AccessPolicy accessPolicy,
 Policy policy)

Sets the given Policy to the state of the provided AccessPolicy. Users and Groups will be cleared and set to match the AccessPolicy, the resource and action will be set to match the AccessPolicy. Does not set the identifier.

Parameters:

accessPolicy - the AccessPolicy to transfer state from

policy - the Policy to transfer state to

saveAndRefreshHolder

private void saveAndRefreshHolder(Authorizations authorizations)
                           throws AuthorizationAccessException

Saves the Authorizations instance by marshalling to a file, then re-populates the in-memory data structures and sets the new holder. Synchronized to ensure only one thread writes the file at a time.

Parameters:

authorizations - the authorizations to save and populate from

Throws:

AuthorizationAccessException - if an error occurs saving the authorizations

preDestruction

public void preDestruction()
                    throws AuthorizerDestructionException

Specified by:

preDestruction in interface AccessPolicyProvider

Throws:

AuthorizerDestructionException