Package org.apache.nifi.ldap.tenants

Class LdapUserGroupProvider

java.lang.Object

org.apache.nifi.ldap.tenants.LdapUserGroupProvider

All Implemented Interfaces:

UserGroupProvider

public class LdapUserGroupProvider
extends Object
implements UserGroupProvider

Abstract LDAP based implementation of a login identity provider.

Field Summary

Fields

Modifier and Type	Field	Description
private List<IdentityMapping>	groupMappings
private String	groupMemberAttribute
private String	groupMemberReferencedUserAttribute
private boolean	groupMembershipEnforceCaseSensitivity
private String	groupNameAttribute
private String	groupObjectClass
private String	groupSearchBase
private String	groupSearchFilter
private SearchScope	groupSearchScope
private List<IdentityMapping>	identityMappings
private ScheduledExecutorService	ldapSync
private static final org.slf4j.Logger	logger
private static final long	MINIMUM_SYNC_INTERVAL_MILLISECONDS
private Integer	pageSize
private boolean	performGroupSearch
private boolean	performUserSearch
static final String	PROP_AUTHENTICATION_STRATEGY
static final String	PROP_CONNECT_TIMEOUT
static final String	PROP_GROUP_MEMBER_ATTRIBUTE
static final String	PROP_GROUP_MEMBER_REFERENCED_USER_ATTRIBUTE
static final String	PROP_GROUP_MEMBERSHIP_ENFORCE_CASE_SENSITIVITY
static final String	PROP_GROUP_NAME_ATTRIBUTE
static final String	PROP_GROUP_OBJECT_CLASS
static final String	PROP_GROUP_SEARCH_BASE
static final String	PROP_GROUP_SEARCH_FILTER
static final String	PROP_GROUP_SEARCH_SCOPE
static final String	PROP_MANAGER_DN
static final String	PROP_MANAGER_PASSWORD
static final String	PROP_PAGE_SIZE
static final String	PROP_READ_TIMEOUT
static final String	PROP_REFERRAL_STRATEGY
static final String	PROP_SYNC_INTERVAL
static final String	PROP_URL
static final String	PROP_USER_GROUP_ATTRIBUTE
static final String	PROP_USER_GROUP_REFERENCED_GROUP_ATTRIBUTE
static final String	PROP_USER_IDENTITY_ATTRIBUTE
static final String	PROP_USER_OBJECT_CLASS
static final String	PROP_USER_SEARCH_BASE
static final String	PROP_USER_SEARCH_FILTER
static final String	PROP_USER_SEARCH_SCOPE
private NiFiProperties	properties
private final AtomicReference<TenantHolder>	tenants
private boolean	useDnForGroupName
private boolean	useDnForUserIdentity
private String	userGroupNameAttribute
private String	userGroupReferencedGroupAttribute
private String	userIdentityAttribute
private String	userObjectClass
private String	userSearchBase
private String	userSearchFilter
private SearchScope	userSearchScope

Constructor Summary

Constructors

Constructor	Description
LdapUserGroupProvider()

Method Summary

Modifier and Type	Method	Description
private User	buildUser(String userIdentity, Object reference)
private User	buildUser(org.springframework.ldap.core.DirContextOperations dirContextOperations)
private SSLContext	getConfiguredSslContext(AuthorizerConfigurationContext configurationContext)
Group	getGroup(String identifier)
Group	getGroupByName(String name)
private String	getGroupName(org.springframework.ldap.core.DirContextOperations ctx)
Set<Group>	getGroups()
private String	getReferencedGroupValue(org.springframework.ldap.core.DirContextOperations ctx)
private String	getReferencedUserValue(org.springframework.ldap.core.DirContextOperations ctx)
User	getUser(String identifier)
UserAndGroups	getUserAndGroups(String identity)
User	getUserByIdentity(String identity)
private String	getUserIdentity(org.springframework.ldap.core.DirContextOperations ctx)
Set<User>	getUsers()
private boolean	hasMorePages(org.springframework.ldap.core.DirContextProcessor processor)
void	initialize(UserGroupProviderInitializationContext initializationContext)
private void	load(org.springframework.ldap.core.ContextSource contextSource)	Reloads the tenants.
void	onConfigured(AuthorizerConfigurationContext configurationContext)
final void	preDestruction()
void	setNiFiProperties(NiFiProperties properties)
private void	setTimeout(AuthorizerConfigurationContext configurationContext, Map<String,Object> baseEnvironment, String configurationProperty, String environmentKey)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

logger

private static final org.slf4j.Logger logger

PROP_CONNECT_TIMEOUT

public static final String PROP_CONNECT_TIMEOUT

See Also:

• Constant Field Values

PROP_READ_TIMEOUT

public static final String PROP_READ_TIMEOUT

See Also:

• Constant Field Values

PROP_AUTHENTICATION_STRATEGY

public static final String PROP_AUTHENTICATION_STRATEGY

See Also:

• Constant Field Values

PROP_MANAGER_DN

public static final String PROP_MANAGER_DN

See Also:

• Constant Field Values

PROP_MANAGER_PASSWORD

public static final String PROP_MANAGER_PASSWORD

See Also:

• Constant Field Values

PROP_REFERRAL_STRATEGY

public static final String PROP_REFERRAL_STRATEGY

See Also:

• Constant Field Values

PROP_URL

public static final String PROP_URL

See Also:

• Constant Field Values

PROP_PAGE_SIZE

public static final String PROP_PAGE_SIZE

See Also:

• Constant Field Values

PROP_GROUP_MEMBERSHIP_ENFORCE_CASE_SENSITIVITY

public static final String PROP_GROUP_MEMBERSHIP_ENFORCE_CASE_SENSITIVITY

See Also:

• Constant Field Values

PROP_USER_SEARCH_BASE

public static final String PROP_USER_SEARCH_BASE

See Also:

• Constant Field Values

PROP_USER_OBJECT_CLASS

public static final String PROP_USER_OBJECT_CLASS

See Also:

• Constant Field Values

PROP_USER_SEARCH_SCOPE

public static final String PROP_USER_SEARCH_SCOPE

See Also:

• Constant Field Values

PROP_USER_SEARCH_FILTER

public static final String PROP_USER_SEARCH_FILTER

See Also:

• Constant Field Values

PROP_USER_IDENTITY_ATTRIBUTE

public static final String PROP_USER_IDENTITY_ATTRIBUTE

See Also:

• Constant Field Values

PROP_USER_GROUP_ATTRIBUTE

public static final String PROP_USER_GROUP_ATTRIBUTE

See Also:

• Constant Field Values

PROP_USER_GROUP_REFERENCED_GROUP_ATTRIBUTE

public static final String PROP_USER_GROUP_REFERENCED_GROUP_ATTRIBUTE

See Also:

• Constant Field Values

PROP_GROUP_SEARCH_BASE

public static final String PROP_GROUP_SEARCH_BASE

See Also:

• Constant Field Values

PROP_GROUP_OBJECT_CLASS

public static final String PROP_GROUP_OBJECT_CLASS

See Also:

• Constant Field Values

PROP_GROUP_SEARCH_SCOPE

public static final String PROP_GROUP_SEARCH_SCOPE

See Also:

• Constant Field Values

PROP_GROUP_SEARCH_FILTER

public static final String PROP_GROUP_SEARCH_FILTER

See Also:

• Constant Field Values

PROP_GROUP_NAME_ATTRIBUTE

public static final String PROP_GROUP_NAME_ATTRIBUTE

See Also:

• Constant Field Values

PROP_GROUP_MEMBER_ATTRIBUTE

public static final String PROP_GROUP_MEMBER_ATTRIBUTE

See Also:

• Constant Field Values

PROP_GROUP_MEMBER_REFERENCED_USER_ATTRIBUTE

public static final String PROP_GROUP_MEMBER_REFERENCED_USER_ATTRIBUTE

See Also:

• Constant Field Values

PROP_SYNC_INTERVAL

public static final String PROP_SYNC_INTERVAL

See Also:

• Constant Field Values

MINIMUM_SYNC_INTERVAL_MILLISECONDS

private static final long MINIMUM_SYNC_INTERVAL_MILLISECONDS

See Also:

• Constant Field Values

identityMappings

private List<IdentityMapping> identityMappings

groupMappings

private List<IdentityMapping> groupMappings

properties

private NiFiProperties properties

ldapSync

private ScheduledExecutorService ldapSync

tenants

private final AtomicReference<TenantHolder> tenants

userSearchBase

private String userSearchBase

userSearchScope

private SearchScope userSearchScope

userSearchFilter

private String userSearchFilter

userIdentityAttribute

private String userIdentityAttribute

userObjectClass

private String userObjectClass

userGroupNameAttribute

private String userGroupNameAttribute

userGroupReferencedGroupAttribute

private String userGroupReferencedGroupAttribute

useDnForUserIdentity

private boolean useDnForUserIdentity

performUserSearch

private boolean performUserSearch

groupSearchBase

private String groupSearchBase

groupSearchScope

private SearchScope groupSearchScope

groupSearchFilter

private String groupSearchFilter

groupMemberAttribute

private String groupMemberAttribute

groupMemberReferencedUserAttribute

private String groupMemberReferencedUserAttribute

groupNameAttribute

private String groupNameAttribute

groupObjectClass

private String groupObjectClass

useDnForGroupName

private boolean useDnForGroupName

performGroupSearch

private boolean performGroupSearch

pageSize

private Integer pageSize

groupMembershipEnforceCaseSensitivity

private boolean groupMembershipEnforceCaseSensitivity

Constructor Details

LdapUserGroupProvider

public LdapUserGroupProvider()

Method Details

initialize

public void initialize(UserGroupProviderInitializationContext initializationContext)
                throws AuthorizerCreationException

Specified by:

initialize in interface UserGroupProvider

Throws:

AuthorizerCreationException

onConfigured

public void onConfigured(AuthorizerConfigurationContext configurationContext)
                  throws AuthorizerCreationException

Specified by:

onConfigured in interface UserGroupProvider

Throws:

AuthorizerCreationException

getUsers

public Set<User> getUsers()
                   throws AuthorizationAccessException

Specified by:

getUsers in interface UserGroupProvider

Throws:

AuthorizationAccessException

getUser

public User getUser(String identifier)
             throws AuthorizationAccessException

Specified by:

getUser in interface UserGroupProvider

Throws:

AuthorizationAccessException

getUserByIdentity

public User getUserByIdentity(String identity)
                       throws AuthorizationAccessException

Specified by:

getUserByIdentity in interface UserGroupProvider

Throws:

AuthorizationAccessException

getGroups

public Set<Group> getGroups()
                     throws AuthorizationAccessException

Specified by:

getGroups in interface UserGroupProvider

Throws:

AuthorizationAccessException

getGroup

public Group getGroup(String identifier)
               throws AuthorizationAccessException

Specified by:

getGroup in interface UserGroupProvider

Throws:

AuthorizationAccessException

getGroupByName

public Group getGroupByName(String name)
                     throws AuthorizationAccessException

Specified by:

getGroupByName in interface UserGroupProvider

Throws:

AuthorizationAccessException

getUserAndGroups

public UserAndGroups getUserAndGroups(String identity)
                               throws AuthorizationAccessException

Specified by:

getUserAndGroups in interface UserGroupProvider

Throws:

AuthorizationAccessException

load

private void load(org.springframework.ldap.core.ContextSource contextSource)

Reloads the tenants.

hasMorePages

private boolean hasMorePages(org.springframework.ldap.core.DirContextProcessor processor)

buildUser

private User buildUser(org.springframework.ldap.core.DirContextOperations dirContextOperations)

buildUser

private User buildUser(String userIdentity,
 Object reference)

getUserIdentity

private String getUserIdentity(org.springframework.ldap.core.DirContextOperations ctx)

getReferencedUserValue

private String getReferencedUserValue(org.springframework.ldap.core.DirContextOperations ctx)

getGroupName

private String getGroupName(org.springframework.ldap.core.DirContextOperations ctx)

getReferencedGroupValue

private String getReferencedGroupValue(org.springframework.ldap.core.DirContextOperations ctx)

setNiFiProperties

@AuthorizerContext
public void setNiFiProperties(NiFiProperties properties)

preDestruction

public final void preDestruction()
                          throws ProviderDestructionException

Specified by:

preDestruction in interface UserGroupProvider

Throws:

ProviderDestructionException

setTimeout

private void setTimeout(AuthorizerConfigurationContext configurationContext,
 Map<String,Object> baseEnvironment,
 String configurationProperty,
 String environmentKey)

getConfiguredSslContext

private SSLContext getConfiguredSslContext(AuthorizerConfigurationContext configurationContext)