http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java index 901f83d..f263ac6 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiWebConfigurationContext.java @@ -134,7 +134,7 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable authorizable = lookup.getProcessor(requestContext.getId()); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); componentType = Component.Processor; @@ -143,7 +143,7 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable authorizable = lookup.getControllerService(requestContext.getId()); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); componentType = Component.ControllerService; @@ -152,7 +152,7 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable authorizable = lookup.getReportingTask(requestContext.getId()); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); componentType = Component.ReportingTask; @@ -322,7 +322,7 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable authorizable = lookup.getProcessor(id); - authorizable.authorize(authorizer, RequestAction.READ); + authorizable.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); final ProcessorDTO processor; @@ -374,7 +374,7 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable authorizable = lookup.getProcessor(id); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); final ProcessorDTO processor; @@ -510,7 +510,7 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable authorizable = lookup.getControllerService(id); - authorizable.authorize(authorizer, RequestAction.READ); + authorizable.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // if the lookup has the service that means we are either a node or @@ -568,7 +568,7 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable authorizable = lookup.getControllerService(id); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); final ControllerServiceDTO controllerService; @@ -678,7 +678,7 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable authorizable = lookup.getReportingTask(id); - authorizable.authorize(authorizer, RequestAction.READ); + authorizable.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // if the provider has the service that means we are either a node or @@ -736,7 +736,7 @@ public class StandardNiFiWebConfigurationContext implements NiFiWebConfiguration // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable authorizable = lookup.getReportingTask(id); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); final ReportingTaskDTO reportingTask;
http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java index 6ccbeee..dd537cd 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/AccessPolicyResource.java @@ -26,6 +26,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.cluster.coordination.ClusterCoordinator; import org.apache.nifi.cluster.coordination.http.replication.RequestReplicator; import org.apache.nifi.util.NiFiProperties; @@ -205,7 +206,7 @@ public class AccessPolicyResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable accessPolicies = lookup.getAccessPoliciesAuthorizable(); - accessPolicies.authorize(authorizer, RequestAction.WRITE); + accessPolicies.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -270,7 +271,7 @@ public class AccessPolicyResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable accessPolicy = lookup.getAccessPolicyAuthorizable(id); - accessPolicy.authorize(authorizer, RequestAction.READ); + accessPolicy.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the access policy @@ -347,7 +348,7 @@ public class AccessPolicyResource extends ApplicationResource { revision, lookup -> { Authorizable authorizable = lookup.getAccessPolicyAuthorizable(id); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, null, () -> { @@ -422,7 +423,7 @@ public class AccessPolicyResource extends ApplicationResource { revision, lookup -> { final Authorizable accessPolicy = lookup.getAccessPolicyAuthorizable(id); - accessPolicy.authorize(authorizer, RequestAction.READ); + accessPolicy.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }, () -> { }, http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ApplicationResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ApplicationResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ApplicationResource.java index cb11f90..262e274 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ApplicationResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ApplicationResource.java @@ -424,7 +424,7 @@ public abstract class ApplicationResource { * @param action action */ protected void authorizeSnippet(final Snippet snippet, final Authorizer authorizer, final AuthorizableLookup lookup, final RequestAction action) { - final Consumer<Authorizable> authorize = authorizable -> authorizable.authorize(authorizer, action); + final Consumer<Authorizable> authorize = authorizable -> authorizable.authorize(authorizer, action, NiFiUserUtils.getNiFiUser()); snippet.getProcessGroups().keySet().stream().map(id -> lookup.getProcessGroup(id)).forEach(authorize); snippet.getRemoteProcessGroups().keySet().stream().map(id -> lookup.getRemoteProcessGroup(id)).forEach(authorize); @@ -444,7 +444,7 @@ public abstract class ApplicationResource { * @param action action */ protected void authorizeSnippet(final SnippetDTO snippet, final Authorizer authorizer, final AuthorizableLookup lookup, final RequestAction action) { - final Consumer<Authorizable> authorize = authorizable -> authorizable.authorize(authorizer, action); + final Consumer<Authorizable> authorize = authorizable -> authorizable.authorize(authorizer, action, NiFiUserUtils.getNiFiUser()); snippet.getProcessGroups().keySet().stream().map(id -> lookup.getProcessGroup(id)).forEach(authorize); snippet.getRemoteProcessGroups().keySet().stream().map(id -> lookup.getRemoteProcessGroup(id)).forEach(authorize); http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java index 67a76fd..6cd1dea 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ConnectionResource.java @@ -26,6 +26,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.web.NiFiServiceFacade; import org.apache.nifi.web.Revision; import org.apache.nifi.web.api.dto.ConnectionDTO; @@ -191,7 +192,7 @@ public class ConnectionResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable conn = lookup.getConnection(id); - conn.authorize(authorizer, RequestAction.READ); + conn.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the specified relationship @@ -270,7 +271,7 @@ public class ConnectionResource extends ApplicationResource { revision, lookup -> { Authorizable authorizable = lookup.getConnection(id); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyUpdateConnection(connection), () -> { @@ -345,7 +346,7 @@ public class ConnectionResource extends ApplicationResource { revision, lookup -> { final Authorizable conn = lookup.getConnection(id); - conn.authorize(authorizer, RequestAction.WRITE); + conn.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyDeleteConnection(id), () -> { http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java index b79ee62..10cf9bf 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ControllerServiceResource.java @@ -16,16 +16,34 @@ */ package org.apache.nifi.web.api; -import com.wordnik.swagger.annotations.Api; -import com.wordnik.swagger.annotations.ApiOperation; -import com.wordnik.swagger.annotations.ApiParam; -import com.wordnik.swagger.annotations.ApiResponse; -import com.wordnik.swagger.annotations.ApiResponses; -import com.wordnik.swagger.annotations.Authorization; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.stream.Collectors; + +import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.DefaultValue; +import javax.ws.rs.GET; +import javax.ws.rs.HttpMethod; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.controller.ScheduledState; import org.apache.nifi.controller.service.ControllerServiceState; import org.apache.nifi.ui.extension.UiExtension; @@ -47,27 +65,12 @@ import org.apache.nifi.web.api.request.LongParameter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import javax.servlet.ServletContext; -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.Consumes; -import javax.ws.rs.DELETE; -import javax.ws.rs.DefaultValue; -import javax.ws.rs.GET; -import javax.ws.rs.HttpMethod; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.stream.Collectors; +import com.wordnik.swagger.annotations.Api; +import com.wordnik.swagger.annotations.ApiOperation; +import com.wordnik.swagger.annotations.ApiParam; +import com.wordnik.swagger.annotations.ApiResponse; +import com.wordnik.swagger.annotations.ApiResponses; +import com.wordnik.swagger.annotations.Authorization; /** * RESTful endpoint for managing a Controller Service. @@ -192,7 +195,7 @@ public class ControllerServiceResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable controllerService = lookup.getControllerService(id); - controllerService.authorize(authorizer, RequestAction.READ); + controllerService.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the controller service @@ -256,7 +259,7 @@ public class ControllerServiceResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable controllerService = lookup.getControllerService(id); - controllerService.authorize(authorizer, RequestAction.READ); + controllerService.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the property descriptor @@ -311,7 +314,7 @@ public class ControllerServiceResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable controllerService = lookup.getControllerService(id); - controllerService.authorize(authorizer, RequestAction.WRITE); + controllerService.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); // get the component state @@ -370,7 +373,7 @@ public class ControllerServiceResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processor = lookup.getControllerService(id); - processor.authorize(authorizer, RequestAction.WRITE); + processor.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -431,7 +434,7 @@ public class ControllerServiceResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable controllerService = lookup.getControllerService(id); - controllerService.authorize(authorizer, RequestAction.READ); + controllerService.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the controller service @@ -540,7 +543,7 @@ public class ControllerServiceResource extends ApplicationResource { lookup -> { referencingRevisions.entrySet().stream().forEach(e -> { final Authorizable controllerService = lookup.getControllerServiceReferencingComponent(id, e.getKey()); - controllerService.authorize(authorizer, RequestAction.WRITE); + controllerService.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); }, () -> serviceFacade.verifyUpdateControllerServiceReferencingComponents(updateReferenceRequest.getId(), scheduledState, controllerServiceState), @@ -621,7 +624,7 @@ public class ControllerServiceResource extends ApplicationResource { revision, lookup -> { Authorizable authorizable = lookup.getControllerService(id); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyUpdateControllerService(requestControllerServiceDTO), () -> { @@ -696,7 +699,7 @@ public class ControllerServiceResource extends ApplicationResource { revision, lookup -> { final Authorizable controllerService = lookup.getControllerService(id); - controllerService.authorize(authorizer, RequestAction.WRITE); + controllerService.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyDeleteControllerService(id), () -> { http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowFileQueueResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowFileQueueResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowFileQueueResource.java index 2956bb5..2be19e6 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowFileQueueResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowFileQueueResource.java @@ -26,6 +26,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.cluster.manager.exception.UnknownNodeException; import org.apache.nifi.cluster.protocol.NodeIdentifier; import org.apache.nifi.stream.io.StreamUtils; @@ -177,7 +178,7 @@ public class FlowFileQueueResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable connection = lookup.getConnection(connectionId); - connection.authorize(authorizer, RequestAction.WRITE); + connection.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); // get the flowfile @@ -265,7 +266,7 @@ public class FlowFileQueueResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable connection = lookup.getConnection(connectionId); - connection.authorize(authorizer, RequestAction.WRITE); + connection.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); // get the uri of the request @@ -344,7 +345,7 @@ public class FlowFileQueueResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable connection = lookup.getConnection(id); - connection.authorize(authorizer, RequestAction.WRITE); + connection.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -415,7 +416,7 @@ public class FlowFileQueueResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable connection = lookup.getConnection(connectionId); - connection.authorize(authorizer, RequestAction.WRITE); + connection.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); // get the listing request @@ -481,7 +482,7 @@ public class FlowFileQueueResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable connection = lookup.getConnection(connectionId); - connection.authorize(authorizer, RequestAction.WRITE); + connection.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -551,7 +552,7 @@ public class FlowFileQueueResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable connection = lookup.getConnection(id); - connection.authorize(authorizer, RequestAction.WRITE); + connection.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -621,7 +622,7 @@ public class FlowFileQueueResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable connection = lookup.getConnection(connectionId); - connection.authorize(authorizer, RequestAction.WRITE); + connection.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); // get the drop request @@ -687,7 +688,7 @@ public class FlowFileQueueResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable connection = lookup.getConnection(connectionId); - connection.authorize(authorizer, RequestAction.WRITE); + connection.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowResource.java index 765933c..5c9bd9a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FlowResource.java @@ -16,13 +16,29 @@ */ package org.apache.nifi.web.api; -import com.sun.jersey.api.core.ResourceContext; -import com.wordnik.swagger.annotations.Api; -import com.wordnik.swagger.annotations.ApiOperation; -import com.wordnik.swagger.annotations.ApiParam; -import com.wordnik.swagger.annotations.ApiResponse; -import com.wordnik.swagger.annotations.ApiResponses; -import com.wordnik.swagger.annotations.Authorization; +import java.util.Arrays; +import java.util.EnumSet; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; +import java.util.stream.Collectors; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.Consumes; +import javax.ws.rs.DefaultValue; +import javax.ws.rs.GET; +import javax.ws.rs.HttpMethod; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; + import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.AccessDeniedException; import org.apache.nifi.authorization.AuthorizationRequest; @@ -96,27 +112,13 @@ import org.apache.nifi.web.api.request.DateTimeParameter; import org.apache.nifi.web.api.request.IntegerParameter; import org.apache.nifi.web.api.request.LongParameter; -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.Consumes; -import javax.ws.rs.DefaultValue; -import javax.ws.rs.GET; -import javax.ws.rs.HttpMethod; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; -import java.util.Arrays; -import java.util.EnumSet; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; -import java.util.stream.Collectors; +import com.sun.jersey.api.core.ResourceContext; +import com.wordnik.swagger.annotations.Api; +import com.wordnik.swagger.annotations.ApiOperation; +import com.wordnik.swagger.annotations.ApiParam; +import com.wordnik.swagger.annotations.ApiResponse; +import com.wordnik.swagger.annotations.ApiResponses; +import com.wordnik.swagger.annotations.Authorization; /** * RESTful endpoint for managing a Flow. @@ -661,7 +663,7 @@ public class FlowResource extends ApplicationResource { // ensure authorized for each processor we will attempt to schedule group.findAllProcessors().stream() .filter(ScheduledState.RUNNING.equals(state) ? ProcessGroup.SCHEDULABLE_PROCESSORS : ProcessGroup.UNSCHEDULABLE_PROCESSORS) - .filter(processor -> processor.isAuthorized(authorizer, RequestAction.WRITE)) + .filter(processor -> processor.isAuthorized(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser())) .forEach(processor -> { componentIds.add(processor.getIdentifier()); }); @@ -669,7 +671,7 @@ public class FlowResource extends ApplicationResource { // ensure authorized for each input port we will attempt to schedule group.findAllInputPorts().stream() .filter(ScheduledState.RUNNING.equals(state) ? ProcessGroup.SCHEDULABLE_PORTS : ProcessGroup.UNSCHEDULABLE_PORTS) - .filter(inputPort -> inputPort.isAuthorized(authorizer, RequestAction.WRITE)) + .filter(inputPort -> inputPort.isAuthorized(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser())) .forEach(inputPort -> { componentIds.add(inputPort.getIdentifier()); }); @@ -677,7 +679,7 @@ public class FlowResource extends ApplicationResource { // ensure authorized for each output port we will attempt to schedule group.findAllOutputPorts().stream() .filter(ScheduledState.RUNNING.equals(state) ? ProcessGroup.SCHEDULABLE_PORTS : ProcessGroup.UNSCHEDULABLE_PORTS) - .filter(outputPort -> outputPort.isAuthorized(authorizer, RequestAction.WRITE)) + .filter(outputPort -> outputPort.isAuthorized(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser())) .forEach(outputPort -> { componentIds.add(outputPort.getIdentifier()); }); @@ -713,7 +715,7 @@ public class FlowResource extends ApplicationResource { // ensure access to every component being scheduled componentsToSchedule.keySet().forEach(componentId -> { final Authorizable connectable = lookup.getConnectable(componentId); - connectable.authorize(authorizer, RequestAction.WRITE); + connectable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); }, () -> serviceFacade.verifyScheduleComponents(id, state, componentRevisions.keySet()), http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FunnelResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FunnelResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FunnelResource.java index de2179c..51e8d7b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FunnelResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/FunnelResource.java @@ -26,6 +26,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.web.NiFiServiceFacade; import org.apache.nifi.web.Revision; import org.apache.nifi.web.api.dto.FunnelDTO; @@ -153,7 +154,7 @@ public class FunnelResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable funnel = lookup.getFunnel(id); - funnel.authorize(authorizer, RequestAction.READ); + funnel.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the funnel @@ -230,7 +231,7 @@ public class FunnelResource extends ApplicationResource { revision, lookup -> { Authorizable authorizable = lookup.getFunnel(id); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, null, () -> { @@ -305,7 +306,7 @@ public class FunnelResource extends ApplicationResource { revision, lookup -> { final Authorizable funnel = lookup.getFunnel(id); - funnel.authorize(authorizer, RequestAction.WRITE); + funnel.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyDeleteFunnel(id), () -> { http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/InputPortResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/InputPortResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/InputPortResource.java index 53e11ba..997838e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/InputPortResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/InputPortResource.java @@ -26,6 +26,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.web.NiFiServiceFacade; import org.apache.nifi.web.Revision; import org.apache.nifi.web.api.dto.PortDTO; @@ -153,7 +154,7 @@ public class InputPortResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable inputPort = lookup.getInputPort(id); - inputPort.authorize(authorizer, RequestAction.READ); + inputPort.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the port @@ -230,7 +231,7 @@ public class InputPortResource extends ApplicationResource { revision, lookup -> { Authorizable authorizable = lookup.getInputPort(id); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyUpdateInputPort(requestPortDTO), () -> { @@ -302,7 +303,7 @@ public class InputPortResource extends ApplicationResource { revision, lookup -> { final Authorizable inputPort = lookup.getInputPort(id); - inputPort.authorize(authorizer, RequestAction.WRITE); + inputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyDeleteInputPort(id), () -> { http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/LabelResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/LabelResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/LabelResource.java index f21882b..f1ec506 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/LabelResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/LabelResource.java @@ -26,6 +26,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.web.NiFiServiceFacade; import org.apache.nifi.web.Revision; import org.apache.nifi.web.api.dto.LabelDTO; @@ -153,7 +154,7 @@ public class LabelResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable label = lookup.getLabel(id); - label.authorize(authorizer, RequestAction.READ); + label.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the label @@ -230,7 +231,7 @@ public class LabelResource extends ApplicationResource { revision, lookup -> { Authorizable authorizable = lookup.getLabel(id); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, null, () -> { @@ -302,7 +303,7 @@ public class LabelResource extends ApplicationResource { revision, lookup -> { final Authorizable label = lookup.getLabel(id); - label.authorize(authorizer, RequestAction.WRITE); + label.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, null, () -> { http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OutputPortResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OutputPortResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OutputPortResource.java index bfaed4b..c99896c 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OutputPortResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/OutputPortResource.java @@ -26,6 +26,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.web.NiFiServiceFacade; import org.apache.nifi.web.Revision; import org.apache.nifi.web.api.dto.PortDTO; @@ -153,7 +154,7 @@ public class OutputPortResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable outputPort = lookup.getOutputPort(id); - outputPort.authorize(authorizer, RequestAction.READ); + outputPort.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the port @@ -230,7 +231,7 @@ public class OutputPortResource extends ApplicationResource { revision, lookup -> { Authorizable authorizable = lookup.getOutputPort(id); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyUpdateOutputPort(requestPortDTO), () -> { @@ -302,7 +303,7 @@ public class OutputPortResource extends ApplicationResource { revision, lookup -> { final Authorizable outputPort = lookup.getOutputPort(id); - outputPort.authorize(authorizer, RequestAction.WRITE); + outputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyDeleteOutputPort(id), () -> { http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java index b6671b2..48c241c 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessGroupResource.java @@ -16,18 +16,41 @@ */ package org.apache.nifi.web.api; -import com.sun.jersey.api.core.ResourceContext; -import com.sun.jersey.multipart.FormDataParam; -import com.wordnik.swagger.annotations.Api; -import com.wordnik.swagger.annotations.ApiOperation; -import com.wordnik.swagger.annotations.ApiParam; -import com.wordnik.swagger.annotations.ApiResponse; -import com.wordnik.swagger.annotations.ApiResponses; -import com.wordnik.swagger.annotations.Authorization; +import java.io.InputStream; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.Date; +import java.util.HashMap; +import java.util.Map; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.Consumes; +import javax.ws.rs.DELETE; +import javax.ws.rs.DefaultValue; +import javax.ws.rs.GET; +import javax.ws.rs.HttpMethod; +import javax.ws.rs.POST; +import javax.ws.rs.PUT; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.QueryParam; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import javax.xml.transform.stream.StreamSource; + import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.controller.Snippet; import org.apache.nifi.web.AuthorizableLookup; import org.apache.nifi.web.NiFiServiceFacade; @@ -65,34 +88,14 @@ import org.apache.nifi.web.api.request.LongParameter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.Consumes; -import javax.ws.rs.DELETE; -import javax.ws.rs.DefaultValue; -import javax.ws.rs.GET; -import javax.ws.rs.HttpMethod; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Unmarshaller; -import javax.xml.transform.stream.StreamSource; -import java.io.InputStream; -import java.net.URI; -import java.net.URISyntaxException; -import java.util.Date; -import java.util.HashMap; -import java.util.Map; -import java.util.Set; +import com.sun.jersey.api.core.ResourceContext; +import com.sun.jersey.multipart.FormDataParam; +import com.wordnik.swagger.annotations.Api; +import com.wordnik.swagger.annotations.ApiOperation; +import com.wordnik.swagger.annotations.ApiParam; +import com.wordnik.swagger.annotations.ApiResponse; +import com.wordnik.swagger.annotations.ApiResponses; +import com.wordnik.swagger.annotations.Authorization; /** * RESTful endpoint for managing a Group. @@ -237,7 +240,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.READ); + processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get this process group contents @@ -318,7 +321,7 @@ public class ProcessGroupResource extends ApplicationResource { revision, lookup -> { Authorizable authorizable = lookup.getProcessGroup(id); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, null, () -> { @@ -391,7 +394,7 @@ public class ProcessGroupResource extends ApplicationResource { revision, lookup -> { final Authorizable processGroup = lookup.getProcessGroup(id); - processGroup.authorize(authorizer, RequestAction.WRITE); + processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyDeleteProcessGroup(id), () -> { @@ -473,7 +476,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.WRITE); + processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -535,7 +538,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.READ); + processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the process groups @@ -633,7 +636,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.WRITE); + processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -696,7 +699,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.READ); + processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the processors @@ -783,7 +786,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.WRITE); + processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -844,7 +847,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.READ); + processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get all the input ports @@ -930,7 +933,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.WRITE); + processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -991,7 +994,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.READ); + processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get all the output ports @@ -1078,7 +1081,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.WRITE); + processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -1139,7 +1142,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.READ); + processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get all the funnels @@ -1226,7 +1229,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.WRITE); + processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -1287,7 +1290,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.READ); + processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get all the labels @@ -1380,7 +1383,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.WRITE); + processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -1472,7 +1475,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.READ); + processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get all the remote process groups @@ -1571,7 +1574,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.WRITE); + processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -1634,7 +1637,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.READ); + processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // all of the relationships for the specified source processor @@ -1803,10 +1806,10 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.WRITE); + processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); final Authorizable template = lookup.getTemplate(instantiateTemplateRequestEntity.getTemplateId()); - template.authorize(authorizer, RequestAction.READ); + template.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -1837,7 +1840,7 @@ public class ProcessGroupResource extends ApplicationResource { private void authorizeSnippetUsage(final AuthorizableLookup lookup, final String groupId, final String snippetId) { // ensure write access to the target process group - lookup.getProcessGroup(groupId).authorize(authorizer, RequestAction.WRITE); + lookup.getProcessGroup(groupId).authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); // ensure read permission to every component in the snippet final Snippet snippet = lookup.getSnippet(snippetId); @@ -1885,7 +1888,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.READ); + processGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get all the templates @@ -2077,7 +2080,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.WRITE); + processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -2187,7 +2190,7 @@ public class ProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processGroup = lookup.getProcessGroup(groupId); - processGroup.authorize(authorizer, RequestAction.WRITE); + processGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessorResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessorResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessorResource.java index 0847fe0..a6169aa 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessorResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProcessorResource.java @@ -26,6 +26,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.ui.extension.UiExtension; import org.apache.nifi.ui.extension.UiExtensionMapping; import org.apache.nifi.web.NiFiServiceFacade; @@ -191,7 +192,7 @@ public class ProcessorResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processor = lookup.getProcessor(id); - processor.authorize(authorizer, RequestAction.READ); + processor.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the specified processor @@ -262,7 +263,7 @@ public class ProcessorResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processor = lookup.getProcessor(id); - processor.authorize(authorizer, RequestAction.READ); + processor.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the property descriptor @@ -318,7 +319,7 @@ public class ProcessorResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processor = lookup.getProcessor(id); - processor.authorize(authorizer, RequestAction.WRITE); + processor.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); // get the component state @@ -378,7 +379,7 @@ public class ProcessorResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processor = lookup.getProcessor(id); - processor.authorize(authorizer, RequestAction.WRITE); + processor.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (isValidationPhase) { @@ -464,7 +465,7 @@ public class ProcessorResource extends ApplicationResource { revision, lookup -> { Authorizable authorizable = lookup.getProcessor(id); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyUpdateProcessor(requestProcessorDTO), () -> { @@ -536,7 +537,7 @@ public class ProcessorResource extends ApplicationResource { revision, lookup -> { final Authorizable processor = lookup.getProcessor(id); - processor.authorize(authorizer, RequestAction.WRITE); + processor.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyDeleteProcessor(id), () -> { http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProvenanceResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProvenanceResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProvenanceResource.java index cfeaff7..f4501f5 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProvenanceResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ProvenanceResource.java @@ -780,14 +780,14 @@ public class ProvenanceResource extends ApplicationResource { // replicate if cluster manager if (isReplicateRequest()) { - if (lineageDto.getClusterNodeId() == null) { + if (requestDto.getClusterNodeId() == null) { throw new IllegalArgumentException("The cluster node identifier must be specified."); } // change content type to JSON for serializing entity final Map<String, String> headersToOverride = new HashMap<>(); headersToOverride.put("content-type", MediaType.APPLICATION_JSON); - return replicate(HttpMethod.POST, lineageEntity, lineageDto.getClusterNodeId(), headersToOverride); + return replicate(HttpMethod.POST, lineageEntity, requestDto.getClusterNodeId(), headersToOverride); } // handle expects request (usually from the cluster manager) @@ -798,7 +798,7 @@ public class ProvenanceResource extends ApplicationResource { // get the provenance event final LineageDTO dto = serviceFacade.submitLineage(lineageDto); - dto.setClusterNodeId(lineageDto.getClusterNodeId()); + dto.getRequest().setClusterNodeId(requestDto.getClusterNodeId()); populateRemainingLineageContent(dto); // create a response entity @@ -858,7 +858,7 @@ public class ProvenanceResource extends ApplicationResource { // get the lineage final LineageDTO dto = serviceFacade.getLineage(id); - dto.setClusterNodeId(clusterNodeId); + dto.getRequest().setClusterNodeId(clusterNodeId); populateRemainingLineageContent(dto); // create the response entity http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java index 9739c8c..e6669d9 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/RemoteProcessGroupResource.java @@ -26,6 +26,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.web.NiFiServiceFacade; import org.apache.nifi.web.Revision; import org.apache.nifi.web.api.dto.RemoteProcessGroupDTO; @@ -169,7 +170,7 @@ public class RemoteProcessGroupResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable remoteProcessGroup = lookup.getRemoteProcessGroup(id); - remoteProcessGroup.authorize(authorizer, RequestAction.READ); + remoteProcessGroup.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the remote process group @@ -245,7 +246,7 @@ public class RemoteProcessGroupResource extends ApplicationResource { revision, lookup -> { final Authorizable remoteProcessGroup = lookup.getRemoteProcessGroup(id); - remoteProcessGroup.authorize(authorizer, RequestAction.WRITE); + remoteProcessGroup.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyDeleteRemoteProcessGroup(id), () -> { @@ -323,7 +324,7 @@ public class RemoteProcessGroupResource extends ApplicationResource { revision, lookup -> { final Authorizable remoteProcessGroupInputPort = lookup.getRemoteProcessGroupInputPort(id, portId); - remoteProcessGroupInputPort.authorize(authorizer, RequestAction.WRITE); + remoteProcessGroupInputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyUpdateRemoteProcessGroupInputPort(id, requestRemoteProcessGroupPort), () -> { @@ -412,7 +413,7 @@ public class RemoteProcessGroupResource extends ApplicationResource { revision, lookup -> { final Authorizable remoteProcessGroupOutputPort = lookup.getRemoteProcessGroupOutputPort(id, portId); - remoteProcessGroupOutputPort.authorize(authorizer, RequestAction.WRITE); + remoteProcessGroupOutputPort.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyUpdateRemoteProcessGroupOutputPort(id, requestRemoteProcessGroupPort), () -> { @@ -492,7 +493,7 @@ public class RemoteProcessGroupResource extends ApplicationResource { revision, lookup -> { Authorizable authorizable = lookup.getRemoteProcessGroup(id); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyUpdateRemoteProcessGroup(requestRemoteProcessGroup), () -> { http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java index 54e63b3..0bf2c19 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java @@ -26,6 +26,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.ui.extension.UiExtension; import org.apache.nifi.ui.extension.UiExtensionMapping; import org.apache.nifi.web.NiFiServiceFacade; @@ -180,7 +181,7 @@ public class ReportingTaskResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable reportingTask = lookup.getReportingTask(id); - reportingTask.authorize(authorizer, RequestAction.READ); + reportingTask.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the reporting task @@ -244,7 +245,7 @@ public class ReportingTaskResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable reportingTask = lookup.getReportingTask(id); - reportingTask.authorize(authorizer, RequestAction.READ); + reportingTask.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the property descriptor @@ -299,7 +300,7 @@ public class ReportingTaskResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable reportingTask = lookup.getReportingTask(id); - reportingTask.authorize(authorizer, RequestAction.WRITE); + reportingTask.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); // get the component state @@ -358,7 +359,7 @@ public class ReportingTaskResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable processor = lookup.getReportingTask(id); - processor.authorize(authorizer, RequestAction.WRITE); + processor.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (isValidationPhase) { @@ -443,7 +444,7 @@ public class ReportingTaskResource extends ApplicationResource { revision, lookup -> { Authorizable authorizable = lookup.getReportingTask(id); - authorizable.authorize(authorizer, RequestAction.WRITE); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyUpdateReportingTask(requestReportingTaskDTO), () -> { @@ -518,7 +519,7 @@ public class ReportingTaskResource extends ApplicationResource { revision, lookup -> { final Authorizable reportingTask = lookup.getReportingTask(id); - reportingTask.authorize(authorizer, RequestAction.WRITE); + reportingTask.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, () -> serviceFacade.verifyDeleteReportingTask(id), () -> { http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java index 2f9b32b..9669017 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java @@ -35,6 +35,7 @@ import javax.ws.rs.core.Response; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.controller.Snippet; import org.apache.nifi.web.NiFiServiceFacade; import org.apache.nifi.web.Revision; @@ -228,7 +229,7 @@ public class SnippetResource extends ApplicationResource { lookup -> { // ensure write access to the target process group if (requestSnippetDTO.getParentGroupId() != null) { - lookup.getProcessGroup(requestSnippetDTO.getParentGroupId()).authorize(authorizer, RequestAction.WRITE); + lookup.getProcessGroup(requestSnippetDTO.getParentGroupId()).authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); } // ensure read permission to every component in the snippet http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java index 9a3f87b..6994815 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java @@ -34,6 +34,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.web.NiFiServiceFacade; import org.apache.nifi.web.api.dto.TemplateDTO; import org.apache.nifi.web.api.entity.TemplateEntity; @@ -123,7 +124,7 @@ public class TemplateResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable template = lookup.getTemplate(id); - template.authorize(authorizer, RequestAction.READ); + template.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the template @@ -190,7 +191,7 @@ public class TemplateResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable template = lookup.getTemplate(id); - template.authorize(authorizer, RequestAction.WRITE); + template.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); return generateContinueResponse().build(); } http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java index 5903b2d..4c6dcd3 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java @@ -26,6 +26,7 @@ import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.Authorizer; import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.cluster.coordination.ClusterCoordinator; import org.apache.nifi.cluster.coordination.http.replication.RequestReplicator; import org.apache.nifi.util.NiFiProperties; @@ -182,7 +183,7 @@ public class TenantsResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable users = lookup.getTenantAuthorizable(); - users.authorize(authorizer, RequestAction.WRITE); + users.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -247,7 +248,7 @@ public class TenantsResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable users = lookup.getTenantAuthorizable(); - users.authorize(authorizer, RequestAction.READ); + users.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the user @@ -294,7 +295,7 @@ public class TenantsResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable users = lookup.getTenantAuthorizable(); - users.authorize(authorizer, RequestAction.READ); + users.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get all the users @@ -375,7 +376,7 @@ public class TenantsResource extends ApplicationResource { revision, lookup -> { final Authorizable users = lookup.getTenantAuthorizable(); - users.authorize(authorizer, RequestAction.WRITE); + users.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, null, () -> { @@ -450,7 +451,7 @@ public class TenantsResource extends ApplicationResource { revision, lookup -> { final Authorizable users = lookup.getTenantAuthorizable(); - users.authorize(authorizer, RequestAction.READ); + users.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }, null, () -> { @@ -567,7 +568,7 @@ public class TenantsResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable userGroups = lookup.getTenantAuthorizable(); - userGroups.authorize(authorizer, RequestAction.WRITE); + userGroups.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }); } if (validationPhase) { @@ -632,7 +633,7 @@ public class TenantsResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable userGroups = lookup.getTenantAuthorizable(); - userGroups.authorize(authorizer, RequestAction.READ); + userGroups.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get the user group @@ -679,7 +680,7 @@ public class TenantsResource extends ApplicationResource { // authorize access serviceFacade.authorizeAccess(lookup -> { final Authorizable userGroups = lookup.getTenantAuthorizable(); - userGroups.authorize(authorizer, RequestAction.READ); + userGroups.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }); // get all the user groups @@ -760,7 +761,7 @@ public class TenantsResource extends ApplicationResource { revision, lookup -> { final Authorizable userGroups = lookup.getTenantAuthorizable(); - userGroups.authorize(authorizer, RequestAction.WRITE); + userGroups.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, null, () -> { @@ -835,7 +836,7 @@ public class TenantsResource extends ApplicationResource { revision, lookup -> { final Authorizable userGroups = lookup.getTenantAuthorizable(); - userGroups.authorize(authorizer, RequestAction.READ); + userGroups.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); }, null, () -> { http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccessDeniedExceptionMapper.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccessDeniedExceptionMapper.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccessDeniedExceptionMapper.java index 93d1bab..b3244b6 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccessDeniedExceptionMapper.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/AccessDeniedExceptionMapper.java @@ -49,17 +49,13 @@ public class AccessDeniedExceptionMapper implements ExceptionMapper<AccessDenied status = Status.FORBIDDEN; } - if (user != null) { - logger.info(String.format("%s does not have permission to access the requested resource. Returning %s response.", user.getIdentity(), status)); - } else { - logger.info(String.format("User does not have permission to access the requested resource. Returning %s response.", status)); - } + logger.info(String.format("%s does not have permission to access the requested resource. Returning %s response.", user.getIdentity(), status)); if (logger.isDebugEnabled()) { logger.debug(StringUtils.EMPTY, exception); } - return Response.status(status).entity("Unable to perform the desired action. Contact the system administrator.").type("text/plain").build(); + return Response.status(status).entity("Unable to perform the desired action due to insufficient permissions. Contact the system administrator.").type("text/plain").build(); } } http://git-wip-us.apache.org/repos/asf/nifi/blob/ae9e2fdf/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java index 8889292..3689680 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/dto/DtoFactory.java @@ -41,6 +41,7 @@ import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.Resource; import org.apache.nifi.authorization.User; import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.cluster.coordination.heartbeat.NodeHeartbeat; import org.apache.nifi.cluster.coordination.node.NodeConnectionStatus; import org.apache.nifi.cluster.event.NodeEvent; @@ -1579,8 +1580,8 @@ public final class DtoFactory { */ public AccessPolicyDTO createAccessPolicyDto(final Authorizable authorizable) { final AccessPolicyDTO dto = new AccessPolicyDTO(); - dto.setCanRead(authorizable.isAuthorized(authorizer, RequestAction.READ)); - dto.setCanWrite(authorizable.isAuthorized(authorizer, RequestAction.WRITE)); + dto.setCanRead(authorizable.isAuthorized(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser())); + dto.setCanWrite(authorizable.isAuthorized(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser())); return dto; } @@ -2461,7 +2462,7 @@ public final class DtoFactory { final List<AllowableValueDTO> allowableValues = new ArrayList<>(); for (final String serviceIdentifier : controllerServiceProvider.getControllerServiceIdentifiers(serviceDefinition, groupId)) { final ControllerServiceNode service = controllerServiceProvider.getControllerServiceNode(serviceIdentifier); - final String displayName = service.isAuthorized(authorizer, RequestAction.READ) ? service.getName() : serviceIdentifier; + final String displayName = service.isAuthorized(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()) ? service.getName() : serviceIdentifier; final AllowableValueDTO allowableValue = new AllowableValueDTO(); allowableValue.setDisplayName(displayName);
