NIFI-1781: - Updating UI according to permissions through out the application. - Shuffling provenance events, template, and cluster search REST APIs according to resources being authorized. - Moving template upload controls. - Removing username where appropriate. - Addressing issues when authorizing flow configuration actions. - Code clean up.
Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/ce533033 Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/ce533033 Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/ce533033 Branch: refs/heads/master Commit: ce5330330ac1e377144fc1d29d5ef9fb2f60e29f Parents: 8eb0a38 Author: Matt Gilman <[email protected]> Authored: Fri Jul 1 15:10:27 2016 -0400 Committer: Matt Gilman <[email protected]> Committed: Fri Jul 1 15:10:27 2016 -0400 ---------------------------------------------------------------------- .../java/org/apache/nifi/action/Action.java | 2 - .../authorization/AuthorizationRequest.java | 38 +- .../apache/nifi/authorization/Authorizer.java | 2 +- .../authorization/resource/Authorizable.java | 48 ++- .../nifi/authorization/user/NiFiUser.java | 5 - .../nifi/web/NiFiWebConfigurationContext.java | 11 +- .../org/apache/nifi/util/NiFiProperties.java | 3 +- .../java/org/apache/nifi/web/util/WebUtils.java | 94 +---- .../nifi/admin/AuditDataSourceFactoryBean.java | 31 +- .../nifi/admin/dao/impl/StandardActionDAO.java | 64 ++- .../nifi/admin/dao/impl/StandardKeyDAO.java | 7 +- .../org/apache/nifi/history/HistoryQuery.java | 10 +- .../org/apache/nifi/history/PreviousValue.java | 10 +- .../nifi/web/api/dto/AccessStatusDTO.java | 15 - .../nifi/web/api/dto/PreviousValueDTO.java | 15 +- .../nifi/web/api/dto/action/ActionDTO.java | 22 +- .../web/api/dto/action/HistoryQueryDTO.java | 19 +- .../dto/search/UserGroupSearchResultDTO.java | 44 --- .../web/api/dto/search/UserSearchResultDTO.java | 59 --- .../nifi/web/api/entity/AuthorityEntity.java | 54 --- .../nifi/web/api/entity/CurrentUserEntity.java | 102 +++++ .../nifi/web/api/entity/IdentityEntity.java | 63 --- .../nifi/web/api/entity/TemplateEntity.java | 5 +- .../nifi/web/api/entity/TemplatesEntity.java | 14 +- .../web/api/entity/UserSearchResultsEntity.java | 56 --- .../nifi/authorization/FileAuthorizer.java | 2 +- .../nifi/authorization/user/NiFiUserUtils.java | 4 +- .../authorization/user/StandardNiFiUser.java | 19 +- .../org/apache/nifi/controller/Template.java | 53 ++- .../nifi/groups/StandardProcessGroup.java | 4 + .../apache/nifi/action/FlowChangeAction.java | 10 - .../nifi/audit/ComponentStateAuditor.java | 3 - .../apache/nifi/audit/ControllerAuditor.java | 2 - .../nifi/audit/ControllerServiceAuditor.java | 22 +- .../org/apache/nifi/audit/FunnelAuditor.java | 8 +- .../java/org/apache/nifi/audit/PortAuditor.java | 3 - .../apache/nifi/audit/ProcessGroupAuditor.java | 3 - .../org/apache/nifi/audit/ProcessorAuditor.java | 29 +- .../apache/nifi/audit/RelationshipAuditor.java | 25 +- .../nifi/audit/RemoteProcessGroupAuditor.java | 3 - .../apache/nifi/audit/ReportingTaskAuditor.java | 19 +- .../org/apache/nifi/audit/SnippetAuditor.java | 1 - .../org/apache/nifi/web/AuthorizableLookup.java | 14 + .../org/apache/nifi/web/NiFiServiceFacade.java | 11 +- .../web/NiFiWebApiSecurityConfiguration.java | 17 - .../nifi/web/StandardAuthorizableLookup.java | 36 ++ .../nifi/web/StandardNiFiContentAccess.java | 46 +-- .../nifi/web/StandardNiFiServiceFacade.java | 75 +++- .../StandardNiFiWebConfigurationContext.java | 30 +- .../org/apache/nifi/web/api/AccessResource.java | 41 +- .../nifi/web/api/ApplicationResource.java | 27 -- .../apache/nifi/web/api/ControllerResource.java | 80 ---- .../org/apache/nifi/web/api/FlowResource.java | 289 +++++++++----- .../nifi/web/api/ProcessGroupResource.java | 130 ++---- .../nifi/web/api/ProvenanceEventResource.java | 391 +++++++++++++++++++ .../apache/nifi/web/api/ProvenanceResource.java | 366 ++--------------- .../apache/nifi/web/api/TemplateResource.java | 60 ++- .../org/apache/nifi/web/api/dto/DtoFactory.java | 11 +- .../nifi/web/controller/ControllerFacade.java | 212 +++++++--- .../web/dao/impl/StandardConnectionDAO.java | 2 +- .../src/main/resources/nifi-web-api-context.xml | 6 + .../nifi/web/revision/NaiveRevisionManager.java | 4 +- .../security/node/NodeAuthorizedUserFilter.java | 128 ------ .../x509/X509AuthenticationProvider.java | 2 +- .../src/main/webapp/WEB-INF/pages/canvas.jsp | 2 + .../src/main/webapp/WEB-INF/pages/templates.jsp | 1 - .../WEB-INF/partials/canvas/canvas-header.jsp | 21 +- .../WEB-INF/partials/canvas/navigation.jsp | 8 +- .../partials/canvas/upload-template-dialog.jsp | 35 ++ .../partials/templates/templates-content.jsp | 19 - .../nifi-web-ui/src/main/webapp/css/header.css | 11 +- .../nifi-web-ui/src/main/webapp/css/main.css | 75 ++++ .../src/main/webapp/css/templates.css | 90 ----- .../nf-ng-canvas-global-menu-controller.js | 50 +-- .../nf-ng-canvas-operate-controller.js | 138 +++++++ .../nf-ng-canvas-toolbox-controller.js | 27 +- .../components/nf-ng-template-component.js | 16 +- .../src/main/webapp/js/nf/canvas/nf-actions.js | 7 + .../src/main/webapp/js/nf/canvas/nf-canvas.js | 92 +---- .../main/webapp/js/nf/canvas/nf-context-menu.js | 2 +- .../js/nf/canvas/nf-processor-configuration.js | 5 - .../nf/canvas/nf-remote-process-group-ports.js | 19 +- .../src/main/webapp/js/nf/canvas/nf-settings.js | 32 +- .../webapp/js/nf/cluster/nf-cluster-table.js | 6 +- .../src/main/webapp/js/nf/cluster/nf-cluster.js | 35 +- .../webapp/js/nf/counters/nf-counters-table.js | 2 +- .../main/webapp/js/nf/counters/nf-counters.js | 36 +- .../webapp/js/nf/history/nf-history-model.js | 2 +- .../webapp/js/nf/history/nf-history-table.js | 19 +- .../src/main/webapp/js/nf/history/nf-history.js | 36 +- .../src/main/webapp/js/nf/login/nf-login.js | 2 - .../src/main/webapp/js/nf/nf-common.js | 117 ++++-- .../js/nf/provenance/nf-provenance-lineage.js | 2 +- .../js/nf/provenance/nf-provenance-table.js | 95 +++-- .../webapp/js/nf/provenance/nf-provenance.js | 35 +- .../webapp/js/nf/summary/nf-cluster-search.js | 2 +- .../js/nf/templates/nf-templates-table.js | 100 +++-- .../main/webapp/js/nf/templates/nf-templates.js | 124 +----- .../PersistentProvenanceRepository.java | 94 ++--- .../TestPersistentProvenanceRepository.java | 59 ++- .../VolatileProvenanceRepository.java | 46 +-- .../TestVolatileProvenanceRepository.java | 24 +- .../script/ExecuteScriptGroovyTest.groovy | 4 +- 103 files changed, 2105 insertions(+), 2366 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-api/src/main/java/org/apache/nifi/action/Action.java ---------------------------------------------------------------------- diff --git a/nifi-api/src/main/java/org/apache/nifi/action/Action.java b/nifi-api/src/main/java/org/apache/nifi/action/Action.java index 4ab167e..ed6505f 100644 --- a/nifi-api/src/main/java/org/apache/nifi/action/Action.java +++ b/nifi-api/src/main/java/org/apache/nifi/action/Action.java @@ -33,8 +33,6 @@ public interface Action extends Serializable { String getUserIdentity(); - String getUserName(); - String getSourceId(); String getSourceName(); http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java ---------------------------------------------------------------------- diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java index 7e6999c..da0a276 100644 --- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java +++ b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorizationRequest.java @@ -22,7 +22,7 @@ import java.util.Map; import java.util.Objects; /** - * Represents an authorization request for a given user/entity performing an action against a resource within some context. + * Represents an authorization request for a given user/entity performing an action against a resource within some userContext. */ public class AuthorizationRequest { @@ -31,8 +31,8 @@ public class AuthorizationRequest { private final RequestAction action; private final boolean isAccessAttempt; private final boolean isAnonymous; - private final Map<String, String> context; - private final Map<String, String> eventAttributes; + private final Map<String, String> userContext; + private final Map<String, String> resourceContext; private AuthorizationRequest(final Builder builder) { Objects.requireNonNull(builder.resource, "The resource is required when creating an authorization request"); @@ -45,8 +45,8 @@ public class AuthorizationRequest { this.action = builder.action; this.isAccessAttempt = builder.isAccessAttempt; this.isAnonymous = builder.isAnonymous; - this.context = builder.context == null ? null : Collections.unmodifiableMap(builder.context); - this.eventAttributes = builder.context == null ? null : Collections.unmodifiableMap(builder.eventAttributes); + this.userContext = builder.userContext == null ? null : Collections.unmodifiableMap(builder.userContext); + this.resourceContext = builder.resourceContext == null ? null : Collections.unmodifiableMap(builder.resourceContext); } /** @@ -95,12 +95,12 @@ public class AuthorizationRequest { } /** - * The context of the user request to make additional access decisions. May be null. + * The userContext of the user request to make additional access decisions. May be null. * - * @return The context of the user request + * @return The userContext of the user request */ - public Map<String, String> getContext() { - return context; + public Map<String, String> getUserContext() { + return userContext; } /** @@ -108,8 +108,8 @@ public class AuthorizationRequest { * * @return The event attributes */ - public Map<String, String> getEventAttributes() { - return eventAttributes; + public Map<String, String> getResourceContext() { + return resourceContext; } /** @@ -122,8 +122,8 @@ public class AuthorizationRequest { private Boolean isAnonymous; private Boolean isAccessAttempt; private RequestAction action; - private Map<String, String> context; - private Map<String, String> eventAttributes; + private Map<String, String> userContext; + private Map<String, String> resourceContext; public Builder resource(final Resource resource) { this.resource = resource; @@ -150,13 +150,17 @@ public class AuthorizationRequest { return this; } - public Builder context(final Map<String, String> context) { - this.context = new HashMap<>(context); + public Builder userContext(final Map<String, String> userContext) { + if (userContext != null) { + this.userContext = new HashMap<>(userContext); + } return this; } - public Builder eventAttributes(final Map<String, String> eventAttributes) { - this.eventAttributes = new HashMap<>(eventAttributes); + public Builder resourceContext(final Map<String, String> resourceContext) { + if (resourceContext != null) { + this.resourceContext = new HashMap<>(resourceContext); + } return this; } http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java ---------------------------------------------------------------------- diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java b/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java index 5aec6f0..cb8c7f1 100644 --- a/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java +++ b/nifi-api/src/main/java/org/apache/nifi/authorization/Authorizer.java @@ -30,7 +30,7 @@ public interface Authorizer { * * @param request The authorization request * @return the authorization result - * @throws AuthorizationAccessException if unable to access the authorities + * @throws AuthorizationAccessException if unable to access the policies */ AuthorizationResult authorize(AuthorizationRequest request) throws AuthorizationAccessException; http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-api/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java ---------------------------------------------------------------------- diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java b/nifi-api/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java index 09fab19..90374dd 100644 --- a/nifi-api/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java +++ b/nifi-api/src/main/java/org/apache/nifi/authorization/resource/Authorizable.java @@ -25,6 +25,8 @@ import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.Resource; import org.apache.nifi.authorization.user.NiFiUser; +import java.util.Map; + public interface Authorizable { /** @@ -64,7 +66,7 @@ public interface Authorizable { * @param user user * @return is authorized */ - default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user) { + default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) { // TODO - include user details context // build the request @@ -74,6 +76,7 @@ public interface Authorizable { .accessAttempt(false) .action(action) .resource(getResource()) + .resourceContext(resourceContext) .build(); // perform the authorization @@ -93,22 +96,39 @@ public interface Authorizable { } /** + * Returns the result of an authorization request for the specified user for the specified action on the specified + * resource. This method does not imply the user is directly attempting to access the specified resource. If the user is + * attempting a direct access use Authorizable.authorize(). + * + * @param authorizer authorizer + * @param action action + * @param user user + * @return is authorized + */ + default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user) { + return checkAuthorization(authorizer, action, user, null); + } + + /** * Authorizes the current user for the specified action on the specified resource. This method does imply the user is * directly accessing the specified resource. * * @param authorizer authorizer * @param action action + * @param user user + * @param resourceContext resource context */ - default void authorize(Authorizer authorizer, RequestAction action, NiFiUser user) throws AccessDeniedException { + default void authorize(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) throws AccessDeniedException { // TODO - include user details context final AuthorizationRequest request = new AuthorizationRequest.Builder() - .identity(user.getIdentity()) - .anonymous(user.isAnonymous()) - .accessAttempt(true) - .action(action) - .resource(getResource()) - .build(); + .identity(user.getIdentity()) + .anonymous(user.isAnonymous()) + .accessAttempt(true) + .action(action) + .resource(getResource()) + .resourceContext(resourceContext) + .build(); final AuthorizationResult result = authorizer.authorize(request); if (Result.ResourceNotFound.equals(result.getResult())) { @@ -122,4 +142,16 @@ public interface Authorizable { throw new AccessDeniedException(result.getExplanation()); } } + + /** + * Authorizes the current user for the specified action on the specified resource. This method does imply the user is + * directly accessing the specified resource. + * + * @param authorizer authorizer + * @param action action + * @param user user + */ + default void authorize(Authorizer authorizer, RequestAction action, NiFiUser user) throws AccessDeniedException { + authorize(authorizer, action, user, null); + } } http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-api/src/main/java/org/apache/nifi/authorization/user/NiFiUser.java ---------------------------------------------------------------------- diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/user/NiFiUser.java b/nifi-api/src/main/java/org/apache/nifi/authorization/user/NiFiUser.java index d5dee54..9ec04e2 100644 --- a/nifi-api/src/main/java/org/apache/nifi/authorization/user/NiFiUser.java +++ b/nifi-api/src/main/java/org/apache/nifi/authorization/user/NiFiUser.java @@ -28,11 +28,6 @@ public interface NiFiUser { String getIdentity(); /** - * @return the user name for this user - */ - String getUserName(); - - /** * @return the next user in the proxied entities chain, or <code>null</code> if no more users exist in the chain. */ NiFiUser getChain(); http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebConfigurationContext.java ---------------------------------------------------------------------- diff --git a/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebConfigurationContext.java b/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebConfigurationContext.java index a0a605c..5082af2 100644 --- a/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebConfigurationContext.java +++ b/nifi-api/src/main/java/org/apache/nifi/web/NiFiWebConfigurationContext.java @@ -16,11 +16,11 @@ */ package org.apache.nifi.web; +import org.apache.nifi.controller.ControllerService; + import java.util.Collection; import java.util.Map; -import org.apache.nifi.controller.ControllerService; - /** * NiFi web context providing limited access to dataflow configuration for * component custom UIs. @@ -58,12 +58,7 @@ public interface NiFiWebConfigurationContext { /** * @return the current user identity. The value may be a DN, an email, a username, or any string that identities the user. Returns null if no user is found */ - String getCurrentUserDn(); - - /** - * @return the current user name. Returns null if no user is found - */ - String getCurrentUserName(); + String getCurrentUserIdentity(); /** * Sets the annotation data for the underlying component. http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java ---------------------------------------------------------------------- diff --git a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java index 73a54c5..2e84c5b 100644 --- a/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java +++ b/nifi-commons/nifi-properties/src/main/java/org/apache/nifi/util/NiFiProperties.java @@ -518,7 +518,7 @@ public class NiFiProperties extends Properties { } /** - * @return the user authorities file + * @return the user login identity provider file */ public File getLoginIdentityProviderConfigurationFile() { final String value = getProperty(LOGIN_IDENTITY_PROVIDER_CONFIGURATION_FILE); @@ -774,7 +774,6 @@ public class NiFiProperties extends Properties { * Returns true if client certificates are required for REST API. Determined if the following conditions are all true: * * - login identity provider is not populated - * - anonymous authorities is empty * - Kerberos service support is not enabled * * @return true if client certificates are required for access to the REST API http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/util/WebUtils.java ---------------------------------------------------------------------- diff --git a/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/util/WebUtils.java b/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/util/WebUtils.java index e27f91c..18083ca 100644 --- a/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/util/WebUtils.java +++ b/nifi-commons/nifi-web-utils/src/main/java/org/apache/nifi/web/util/WebUtils.java @@ -16,12 +16,20 @@ */ package org.apache.nifi.web.util; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.ObjectInputStream; -import java.io.ObjectOutputStream; -import java.io.Serializable; +import com.sun.jersey.api.client.Client; +import com.sun.jersey.api.client.config.ClientConfig; +import com.sun.jersey.api.client.config.DefaultClientConfig; +import com.sun.jersey.api.json.JSONConfiguration; +import com.sun.jersey.client.urlconnection.HTTPSProperties; +import org.apache.commons.lang3.StringUtils; +import org.apache.nifi.security.util.CertificateUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLPeerUnverifiedException; +import javax.net.ssl.SSLSession; import java.security.cert.Certificate; import java.security.cert.CertificateParsingException; import java.security.cert.X509Certificate; @@ -29,25 +37,6 @@ import java.util.List; import java.util.concurrent.locks.ReadWriteLock; import java.util.concurrent.locks.ReentrantReadWriteLock; -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLPeerUnverifiedException; -import javax.net.ssl.SSLSession; - -import org.apache.nifi.security.util.CertificateUtils; - -import org.apache.commons.codec.DecoderException; -import org.apache.commons.codec.binary.Hex; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import com.sun.jersey.api.client.Client; -import com.sun.jersey.api.client.config.ClientConfig; -import com.sun.jersey.api.client.config.DefaultClientConfig; -import com.sun.jersey.api.json.JSONConfiguration; -import com.sun.jersey.client.urlconnection.HTTPSProperties; - /** * Common utilities related to web development. * @@ -139,59 +128,4 @@ public final class WebUtils { } - /** - * Serializes the given object to hexadecimal. Serialization uses Java's - * native serialization mechanism, the ObjectOutputStream. - * - * @param obj an object - * @return the serialized object as hex - */ - public static String serializeObjectToHex(final Serializable obj) { - - final ByteArrayOutputStream serializedObj = new ByteArrayOutputStream(); - - // IOException can never be thrown because we are serializing to an in memory byte array - try { - final ObjectOutputStream oos = new ObjectOutputStream(serializedObj); - oos.writeObject(obj); - oos.close(); - } catch (final IOException ioe) { - throw new RuntimeException(ioe); - } - - logger.debug(String.format("Serialized object '%s' size: %d", obj, serializedObj.size())); - - // hex encode the binary - return new String(Hex.encodeHex(serializedObj.toByteArray(), /* tolowercase */ true)); - } - - /** - * Deserializes a Java serialized, hex-encoded string into a Java object. - * This method is the inverse of the serializeObjectToHex method in this - * class. - * - * @param hexEncodedObject a string - * @return the object - * @throws ClassNotFoundException if the class could not be found - */ - public static Serializable deserializeHexToObject(final String hexEncodedObject) throws ClassNotFoundException { - - // decode the hex encoded object - byte[] serializedObj; - try { - serializedObj = Hex.decodeHex(hexEncodedObject.toCharArray()); - } catch (final DecoderException de) { - throw new IllegalArgumentException(de); - } - - // IOException can never be thrown because we are deserializing from an in memory byte array - try { - // deserialize bytes into object - ObjectInputStream ois = new ObjectInputStream(new ByteArrayInputStream(serializedObj)); - return (Serializable) ois.readObject(); - } catch (final IOException ioe) { - throw new RuntimeException(ioe); - } - - } } http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/AuditDataSourceFactoryBean.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/AuditDataSourceFactoryBean.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/AuditDataSourceFactoryBean.java index 87cd420..18df4bc 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/AuditDataSourceFactoryBean.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/AuditDataSourceFactoryBean.java @@ -16,18 +16,19 @@ */ package org.apache.nifi.admin; -import java.io.File; -import java.sql.Connection; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; import org.apache.commons.lang3.StringUtils; -import org.h2.jdbcx.JdbcConnectionPool; import org.apache.nifi.util.NiFiProperties; +import org.h2.jdbcx.JdbcConnectionPool; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.FactoryBean; +import java.io.File; +import java.sql.Connection; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; + /** * */ @@ -38,7 +39,7 @@ public class AuditDataSourceFactoryBean implements FactoryBean { private static final int MAX_CONNECTIONS = 5; // database file name - private static final String AUDIT_DATABASE_FILE_NAME = "nifi-audit"; + private static final String AUDIT_DATABASE_FILE_NAME = "nifi-flow-audit"; // ------------ // action table @@ -46,7 +47,6 @@ public class AuditDataSourceFactoryBean implements FactoryBean { private static final String CREATE_ACTION_TABLE = "CREATE TABLE ACTION (" + "ID INT NOT NULL PRIMARY KEY AUTO_INCREMENT, " + "IDENTITY VARCHAR2(4096) NOT NULL, " - + "USER_NAME VARCHAR2(4096) NOT NULL, " + "SOURCE_ID VARCHAR2(100) NOT NULL, " + "SOURCE_NAME VARCHAR2(1000) NOT NULL, " + "SOURCE_TYPE VARCHAR2(1000) NOT NULL, " @@ -107,10 +107,6 @@ public class AuditDataSourceFactoryBean implements FactoryBean { + "FOREIGN KEY (ACTION_ID) REFERENCES ACTION(ID)" + ")"; - private static final String RENAME_DN_COLUMN = "ALTER TABLE ACTION ALTER COLUMN USER_DN RENAME TO IDENTITY"; - private static final String RESIZE_IDENTITY_COLUMN = "ALTER TABLE ACTION MODIFY IDENTITY VARCHAR(4096)"; - private static final String RESIZE_USER_NAME_COLUMN = "ALTER TABLE ACTION MODIFY USER_NAME VARCHAR(4096)"; - private JdbcConnectionPool connectionPool; private NiFiProperties properties; @@ -173,17 +169,6 @@ public class AuditDataSourceFactoryBean implements FactoryBean { statement.execute(CREATE_CONFIGURE_DETAILS_TABLE); statement.execute(CREATE_CONNECT_DETAILS_TABLE); statement.execute(CREATE_PURGE_DETAILS_TABLE); - } else { - logger.info("Existing database found and connected to at: " + databaseUrl); - RepositoryUtils.closeQuietly(rs); - - // check if the DN column exists to see if we need to transform the table - rs = connection.getMetaData().getColumns(null, null, "ACTION", "USER_DN"); - if (rs.next()) { - statement.execute(RENAME_DN_COLUMN); - statement.execute(RESIZE_IDENTITY_COLUMN); - statement.execute(RESIZE_USER_NAME_COLUMN); - } } // commit any changes http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardActionDAO.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardActionDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardActionDAO.java index 8fdfd34..df1774c 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardActionDAO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardActionDAO.java @@ -16,18 +16,7 @@ */ package org.apache.nifi.admin.dao.impl; -import java.sql.Connection; -import java.sql.PreparedStatement; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; -import java.util.ArrayList; -import java.util.Collection; -import java.util.Date; -import java.util.HashMap; -import java.util.LinkedHashMap; -import java.util.List; -import java.util.Map; +import org.apache.commons.lang3.StringUtils; import org.apache.nifi.action.Action; import org.apache.nifi.action.Component; import org.apache.nifi.action.FlowChangeAction; @@ -52,7 +41,19 @@ import org.apache.nifi.admin.dao.DataAccessException; import org.apache.nifi.history.History; import org.apache.nifi.history.HistoryQuery; import org.apache.nifi.history.PreviousValue; -import org.apache.commons.lang3.StringUtils; + +import java.sql.Connection; +import java.sql.PreparedStatement; +import java.sql.ResultSet; +import java.sql.SQLException; +import java.sql.Statement; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Date; +import java.util.HashMap; +import java.util.LinkedHashMap; +import java.util.List; +import java.util.Map; /** * @@ -63,15 +64,14 @@ public class StandardActionDAO implements ActionDAO { // action table // ------------ private static final String INSERT_ACTION = "INSERT INTO ACTION (" - + "IDENTITY, USER_NAME, SOURCE_ID, SOURCE_NAME, SOURCE_TYPE, OPERATION, ACTION_TIMESTAMP" + + "IDENTITY, SOURCE_ID, SOURCE_NAME, SOURCE_TYPE, OPERATION, ACTION_TIMESTAMP" + ") VALUES (" + "?, " + "?, " + "?, " + "?, " + "?, " - + "?, " - + "?, " + + "? " + ")"; // ----------------- @@ -178,7 +178,7 @@ public class StandardActionDAO implements ActionDAO { private static final String SELECT_PREVIOUS_VALUES = "SELECT CD.VALUE, " + "A.ACTION_TIMESTAMP, " - + "A.USER_NAME " + + "A.IDENTITY " + "FROM CONFIGURE_DETAILS CD " + "INNER JOIN ACTION A " + "ON CD.ACTION_ID = A.ID " @@ -198,7 +198,7 @@ public class StandardActionDAO implements ActionDAO { this.columnMap.put("sourceName", "SOURCE_NAME"); this.columnMap.put("sourceType", "SOURCE_TYPE"); this.columnMap.put("operation", "OPERATION"); - this.columnMap.put("userName", "USER_NAME"); + this.columnMap.put("userIdentity", "IDENTITY"); } @Override @@ -217,19 +217,17 @@ public class StandardActionDAO implements ActionDAO { // obtain a statement to insert to the action table statement = connection.prepareStatement(INSERT_ACTION, Statement.RETURN_GENERATED_KEYS); statement.setString(1, StringUtils.left(action.getUserIdentity(), 4096)); - statement.setString(2, StringUtils.left(action.getUserName(), 4096)); - statement.setString(3, action.getSourceId()); - statement.setString(4, StringUtils.left(action.getSourceName(), 1000)); - statement.setString(5, action.getSourceType().toString()); - statement.setString(6, action.getOperation().toString()); - statement.setTimestamp(7, new java.sql.Timestamp(action.getTimestamp().getTime())); + statement.setString(2, action.getSourceId()); + statement.setString(3, StringUtils.left(action.getSourceName(), 1000)); + statement.setString(4, action.getSourceType().toString()); + statement.setString(5, action.getOperation().toString()); + statement.setTimestamp(6, new java.sql.Timestamp(action.getTimestamp().getTime())); // insert the action int updateCount = statement.executeUpdate(); final FlowChangeAction createdAction = new FlowChangeAction(); createdAction.setUserIdentity(action.getUserIdentity()); - createdAction.setUserName(action.getUserName()); createdAction.setSourceId(action.getSourceId()); createdAction.setSourceName(action.getSourceName()); createdAction.setSourceType(action.getSourceType()); @@ -458,8 +456,8 @@ public class StandardActionDAO implements ActionDAO { } // append the user id as necessary - if (historyQuery.getUserName() != null) { - where.add("UPPER(USER_NAME) LIKE ?"); + if (historyQuery.getUserIdentity() != null) { + where.add("UPPER(IDENTITY) LIKE ?"); } // append the source id as necessary @@ -487,8 +485,8 @@ public class StandardActionDAO implements ActionDAO { } // set the user id as necessary - if (historyQuery.getUserName() != null) { - statement.setString(paramIndex++, "%" + historyQuery.getUserName().toUpperCase() + "%"); + if (historyQuery.getUserIdentity() != null) { + statement.setString(paramIndex++, "%" + historyQuery.getUserIdentity().toUpperCase() + "%"); } // set the source id as necessary @@ -535,8 +533,8 @@ public class StandardActionDAO implements ActionDAO { } // set the user id as necessary - if (historyQuery.getUserName() != null) { - statement.setString(paramIndex++, "%" + historyQuery.getUserName().toUpperCase() + "%"); + if (historyQuery.getUserIdentity() != null) { + statement.setString(paramIndex++, "%" + historyQuery.getUserIdentity().toUpperCase() + "%"); } // set the source id as necessary @@ -562,7 +560,6 @@ public class StandardActionDAO implements ActionDAO { FlowChangeAction action = new FlowChangeAction(); action.setId(actionId); action.setUserIdentity(rs.getString("IDENTITY")); - action.setUserName(rs.getString("USER_NAME")); action.setOperation(Operation.valueOf(rs.getString("OPERATION"))); action.setTimestamp(new Date(rs.getTimestamp("ACTION_TIMESTAMP").getTime())); action.setSourceId(rs.getString("SOURCE_ID")); @@ -636,7 +633,6 @@ public class StandardActionDAO implements ActionDAO { action = new FlowChangeAction(); action.setId(rs.getInt("ID")); action.setUserIdentity(rs.getString("IDENTITY")); - action.setUserName(rs.getString("USER_NAME")); action.setOperation(operation); action.setTimestamp(new Date(rs.getTimestamp("ACTION_TIMESTAMP").getTime())); action.setSourceId(rs.getString("SOURCE_ID")); @@ -907,7 +903,7 @@ public class StandardActionDAO implements ActionDAO { final PreviousValue previousValue = new PreviousValue(); previousValue.setPreviousValue(rs.getString("VALUE")); previousValue.setTimestamp(new Date(rs.getTimestamp("ACTION_TIMESTAMP").getTime())); - previousValue.setUserName(rs.getString("USER_NAME")); + previousValue.setUserIdentity(rs.getString("IDENTITY")); previousValues.add(previousValue); } } catch (SQLException sqle) { http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java index cc337fd..9d19361 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/admin/dao/impl/StandardKeyDAO.java @@ -157,16 +157,11 @@ public class StandardKeyDAO implements KeyDAO { @Override public void deleteKeys(String identity) { - // ensure there are some authorities to create PreparedStatement statement = null; try { // add each authority for the specified user statement = connection.prepareStatement(DELETE_KEYS); - statement.setString(1, identity); - - // insert the authorities - int count = statement.executeUpdate(); - System.out.println(); + statement.executeUpdate(); } catch (SQLException sqle) { throw new DataAccessException(sqle); } catch (DataAccessException dae) { http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/HistoryQuery.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/HistoryQuery.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/HistoryQuery.java index 53cc13c..e9970c5 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/HistoryQuery.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/HistoryQuery.java @@ -23,7 +23,7 @@ import java.util.Date; */ public class HistoryQuery { - private String userName; + private String userIdentity; private String sourceId; private Date startDate; private Date endDate; @@ -56,12 +56,12 @@ public class HistoryQuery { this.startDate = startDate; } - public String getUserName() { - return userName; + public String getUserIdentity() { + return userIdentity; } - public void setUserName(String userName) { - this.userName = userName; + public void setUserIdentity(String userIdentity) { + this.userIdentity = userIdentity; } public Integer getOffset() { http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/PreviousValue.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/PreviousValue.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/PreviousValue.java index 6ece5cf..e4cce3e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/PreviousValue.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-administration/src/main/java/org/apache/nifi/history/PreviousValue.java @@ -25,7 +25,7 @@ public class PreviousValue { private String previousValue; private Date timestamp; - private String userName; + private String userIdentity; public String getPreviousValue() { return previousValue; @@ -43,12 +43,12 @@ public class PreviousValue { this.timestamp = timestamp; } - public String getUserName() { - return userName; + public String getUserIdentity() { + return userIdentity; } - public void setUserName(String userName) { - this.userName = userName; + public void setUserIdentity(String userIdentity) { + this.userIdentity = userIdentity; } } http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java index 5962cc2..fa334c4 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/AccessStatusDTO.java @@ -52,21 +52,6 @@ public class AccessStatusDTO { } /** - * @return the username - */ - @ApiModelProperty( - value = "The username.", - readOnly = true - ) - public String getUsername() { - return username; - } - - public void setUsername(String username) { - this.username = username; - } - - /** * @return the user access status */ @ApiModelProperty( http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/PreviousValueDTO.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/PreviousValueDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/PreviousValueDTO.java index 132456c..558f471 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/PreviousValueDTO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/PreviousValueDTO.java @@ -17,10 +17,11 @@ package org.apache.nifi.web.api.dto; import com.wordnik.swagger.annotations.ApiModelProperty; -import java.util.Date; +import org.apache.nifi.web.api.dto.util.DateTimeAdapter; + import javax.xml.bind.annotation.XmlType; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import org.apache.nifi.web.api.dto.util.DateTimeAdapter; +import java.util.Date; /** * The previous value for a processor property. @@ -30,7 +31,7 @@ public class PreviousValueDTO { private String previousValue; private Date timestamp; - private String userName; + private String userIdentity; /** * @return previous value @@ -67,11 +68,11 @@ public class PreviousValueDTO { @ApiModelProperty( value = "The user who changed the previous value." ) - public String getUserName() { - return userName; + public String getUserIdentity() { + return userIdentity; } - public void setUserName(String userName) { - this.userName = userName; + public void setUserIdentity(String userIdentity) { + this.userIdentity = userIdentity; } } http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/ActionDTO.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/ActionDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/ActionDTO.java index d4dea38..1332f5c 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/ActionDTO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/ActionDTO.java @@ -17,13 +17,14 @@ package org.apache.nifi.web.api.dto.action; import com.wordnik.swagger.annotations.ApiModelProperty; -import java.util.Date; -import javax.xml.bind.annotation.XmlType; -import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; import org.apache.nifi.web.api.dto.action.component.details.ComponentDetailsDTO; import org.apache.nifi.web.api.dto.action.details.ActionDetailsDTO; import org.apache.nifi.web.api.dto.util.DateTimeAdapter; +import javax.xml.bind.annotation.XmlType; +import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import java.util.Date; + /** * An action performed in this NiFi. */ @@ -32,7 +33,6 @@ public class ActionDTO { private Integer id; private String userDn; - private String userName; private Date timestamp; private String sourceId; @@ -72,20 +72,6 @@ public class ActionDTO { } /** - * @return user name who perform this action - */ - @ApiModelProperty( - value = "The name of the user that performed the action." - ) - public String getUserName() { - return userName; - } - - public void setUserName(String userName) { - this.userName = userName; - } - - /** * @return action's timestamp */ @XmlJavaTypeAdapter(DateTimeAdapter.class) http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/HistoryQueryDTO.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/HistoryQueryDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/HistoryQueryDTO.java index 7d4d21d..8dde361 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/HistoryQueryDTO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/action/HistoryQueryDTO.java @@ -17,10 +17,11 @@ package org.apache.nifi.web.api.dto.action; import com.wordnik.swagger.annotations.ApiModelProperty; -import java.util.Date; +import org.apache.nifi.web.api.dto.util.DateTimeAdapter; + import javax.xml.bind.annotation.XmlType; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import org.apache.nifi.web.api.dto.util.DateTimeAdapter; +import java.util.Date; /** * A history query to find desired actions. @@ -28,7 +29,7 @@ import org.apache.nifi.web.api.dto.util.DateTimeAdapter; @XmlType(name = "historyQuery") public class HistoryQueryDTO { - private String userName; + private String userIdentity; private String sourceId; private Date startDate; private Date endDate; @@ -38,17 +39,17 @@ public class HistoryQueryDTO { private String sortOrder; /** - * @return user name + * @return user identity */ @ApiModelProperty( - value = "The name of the source component." + value = "The user identity." ) - public String getUserName() { - return userName; + public String getUserIdentity() { + return userIdentity; } - public void setUserName(String userName) { - this.userName = userName; + public void setUserIdentity(String userIdentity) { + this.userIdentity = userIdentity; } /** http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserGroupSearchResultDTO.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserGroupSearchResultDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserGroupSearchResultDTO.java deleted file mode 100644 index ef81b88..0000000 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserGroupSearchResultDTO.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.web.api.dto.search; - -import com.wordnik.swagger.annotations.ApiModelProperty; -import javax.xml.bind.annotation.XmlType; - -/** - * A search result for a matching user group. - */ -@XmlType(name = "userGroupSearchResult") -public class UserGroupSearchResultDTO { - - private String group; - - /** - * @return name of the group that matched - */ - @ApiModelProperty( - value = "The name of the group that matched the search." - ) - public String getGroup() { - return group; - } - - public void setGroup(String group) { - this.group = group; - } - -} http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserSearchResultDTO.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserSearchResultDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserSearchResultDTO.java deleted file mode 100644 index 8bed771..0000000 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/search/UserSearchResultDTO.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.web.api.dto.search; - -import com.wordnik.swagger.annotations.ApiModelProperty; -import javax.xml.bind.annotation.XmlType; - -/** - * A search result for a matching user. - */ -@XmlType(name = "userSearchResult") -public class UserSearchResultDTO { - - private String userName; - private String userDn; - - /** - * @return dn of the user that matched - */ - @ApiModelProperty( - value = "The dn of the user that matched the search." - ) - public String getUserDn() { - return userDn; - } - - public void setUserDn(String userDn) { - this.userDn = userDn; - } - - /** - * @return username of user that matched - */ - @ApiModelProperty( - value = "The name of the user that matched the search." - ) - public String getUserName() { - return userName; - } - - public void setUserName(String userName) { - this.userName = userName; - } - -} http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AuthorityEntity.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AuthorityEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AuthorityEntity.java deleted file mode 100644 index 9b023ba..0000000 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AuthorityEntity.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.web.api.entity; - -import java.util.Set; - -import javax.xml.bind.annotation.XmlRootElement; - -/** - * A serialized representation of this class can be placed in the entity body of a response to the API. This particular entity holds a set of user authorities. - */ -@XmlRootElement(name = "authoritiesEntity") -public class AuthorityEntity extends Entity { - - private String userId; - private Set<String> authorities; - - /** - * @return current user id - */ - public String getUserId() { - return userId; - } - - public void setUserId(String userId) { - this.userId = userId; - } - - /** - * @return set of authorities that are being serialized - */ - public Set<String> getAuthorities() { - return authorities; - } - - public void setAuthorities(Set<String> authorities) { - this.authorities = authorities; - } - -} http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/CurrentUserEntity.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/CurrentUserEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/CurrentUserEntity.java new file mode 100644 index 0000000..1a7ff1c --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/CurrentUserEntity.java @@ -0,0 +1,102 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.web.api.entity; + +import org.apache.nifi.web.api.dto.AccessPolicyDTO; + +import javax.xml.bind.annotation.XmlRootElement; + +/** + * A serialized representation of this class can be placed in the entity body of a response to the API. This particular entity holds the users identity. + */ +@XmlRootElement(name = "currentEntity") +public class CurrentUserEntity extends Entity { + + private String identity; + private boolean anonymous; + + private AccessPolicyDTO provenancePermissions; + private AccessPolicyDTO countersPermissions; + private AccessPolicyDTO tenantsPermissions; + private AccessPolicyDTO controllerPermissions; + + /** + * @return the user identity being serialized + */ + public String getIdentity() { + return identity; + } + + public void setIdentity(String identity) { + this.identity = identity; + } + + /** + * @return if the user is anonymous + */ + public boolean isAnonymous() { + return anonymous; + } + + public void setAnonymous(boolean anonymous) { + this.anonymous = anonymous; + } + + /** + * @return if the use can query provenance + */ + public AccessPolicyDTO getProvenancePermissions() { + return provenancePermissions; + } + + public void setProvenancePermissions(AccessPolicyDTO provenancePermissions) { + this.provenancePermissions = provenancePermissions; + } + + /** + * @return permissions for accessing counters + */ + public AccessPolicyDTO getCountersPermissions() { + return countersPermissions; + } + + public void setCountersPermissions(AccessPolicyDTO countersPermissions) { + this.countersPermissions = countersPermissions; + } + + /** + * @return permissions for accessing users + */ + public AccessPolicyDTO getTenantsPermissions() { + return tenantsPermissions; + } + + public void setTenantsPermissions(AccessPolicyDTO tenantsPermissions) { + this.tenantsPermissions = tenantsPermissions; + } + + /** + * @return permissions for accessing the controller + */ + public AccessPolicyDTO getControllerPermissions() { + return controllerPermissions; + } + + public void setControllerPermissions(AccessPolicyDTO controllerPermissions) { + this.controllerPermissions = controllerPermissions; + } +} http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/IdentityEntity.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/IdentityEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/IdentityEntity.java deleted file mode 100644 index ee38efe..0000000 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/IdentityEntity.java +++ /dev/null @@ -1,63 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.web.api.entity; - -import javax.xml.bind.annotation.XmlRootElement; - -/** - * A serialized representation of this class can be placed in the entity body of a response to the API. This particular entity holds the users identity. - */ -@XmlRootElement(name = "identityEntity") -public class IdentityEntity extends Entity { - - private String userId; - private String identity; - private boolean anonymous; - - /** - * @return current user id - */ - public String getUserId() { - return userId; - } - - public void setUserId(String userId) { - this.userId = userId; - } - - /** - * @return the user identity being serialized - */ - public String getIdentity() { - return identity; - } - - public void setIdentity(String identity) { - this.identity = identity; - } - - /** - * @return if the user is anonymous - */ - public boolean isAnonymous() { - return anonymous; - } - - public void setAnonymous(boolean anonymous) { - this.anonymous = anonymous; - } -} http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplateEntity.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplateEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplateEntity.java index 553d686..483de4f 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplateEntity.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplateEntity.java @@ -16,14 +16,15 @@ */ package org.apache.nifi.web.api.entity; -import javax.xml.bind.annotation.XmlRootElement; import org.apache.nifi.web.api.dto.TemplateDTO; +import javax.xml.bind.annotation.XmlRootElement; + /** * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a TemplateDTO. */ @XmlRootElement(name = "templateEntity") -public class TemplateEntity extends Entity { +public class TemplateEntity extends ComponentEntity { private TemplateDTO template; http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplatesEntity.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplatesEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplatesEntity.java index 3a9f46d..42ea3cd 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplatesEntity.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TemplatesEntity.java @@ -16,12 +16,12 @@ */ package org.apache.nifi.web.api.entity; -import java.util.Date; -import java.util.Set; +import org.apache.nifi.web.api.dto.util.TimeAdapter; + import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import org.apache.nifi.web.api.dto.TemplateDTO; -import org.apache.nifi.web.api.dto.util.TimeAdapter; +import java.util.Date; +import java.util.Set; /** * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a set of TemplateDTOs. @@ -29,7 +29,7 @@ import org.apache.nifi.web.api.dto.util.TimeAdapter; @XmlRootElement(name = "templatesEntity") public class TemplatesEntity extends Entity { - private Set<TemplateDTO> templates; + private Set<TemplateEntity> templates; private Date generated; /** @@ -37,11 +37,11 @@ public class TemplatesEntity extends Entity { * * @return The TemplateDTO object */ - public Set<TemplateDTO> getTemplates() { + public Set<TemplateEntity> getTemplates() { return templates; } - public void setTemplates(Set<TemplateDTO> templates) { + public void setTemplates(Set<TemplateEntity> templates) { this.templates = templates; } http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserSearchResultsEntity.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserSearchResultsEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserSearchResultsEntity.java deleted file mode 100644 index fcdeee3..0000000 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserSearchResultsEntity.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.web.api.entity; - -import java.util.List; -import javax.xml.bind.annotation.XmlRootElement; -import org.apache.nifi.web.api.dto.search.UserGroupSearchResultDTO; -import org.apache.nifi.web.api.dto.search.UserSearchResultDTO; - -/** - * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to UserSearchResultDTOs and - * UserGroupSearchResultDTOs. - */ -@XmlRootElement(name = "userSearchResultsEntity") -public class UserSearchResultsEntity { - - private List<UserSearchResultDTO> userResults; - private List<UserGroupSearchResultDTO> userGroupResults; - - /** - * @return user search results - */ - public List<UserSearchResultDTO> getUserResults() { - return userResults; - } - - public void setUserResults(List<UserSearchResultDTO> userResults) { - this.userResults = userResults; - } - - /** - * @return user group search results - */ - public List<UserGroupSearchResultDTO> getUserGroupResults() { - return userGroupResults; - } - - public void setUserGroupResults(List<UserGroupSearchResultDTO> userGroupResults) { - this.userGroupResults = userGroupResults; - } - -} http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java index 7c04298..e49e24e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java @@ -69,7 +69,7 @@ import java.util.concurrent.atomic.AtomicReference; import java.util.zip.GZIPInputStream; /** - * Provides identity checks and grants authorities. + * Provides authorizes requests to resources using policies persisted in a file. */ public class FileAuthorizer extends AbstractPolicyBasedAuthorizer { http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/NiFiUserUtils.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/NiFiUserUtils.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/NiFiUserUtils.java index 840df69..4a75274 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/NiFiUserUtils.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/NiFiUserUtils.java @@ -47,13 +47,13 @@ public final class NiFiUserUtils { return user; } - public static String getNiFiUserName() { + public static String getNiFiUserIdentity() { // get the nifi user to extract the username NiFiUser user = NiFiUserUtils.getNiFiUser(); if (user == null) { return "unknown"; } else { - return user.getUserName(); + return user.getIdentity(); } } } http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/StandardNiFiUser.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/StandardNiFiUser.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/StandardNiFiUser.java index 8c41a1f..8d50151 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/StandardNiFiUser.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-authorization/src/main/java/org/apache/nifi/authorization/user/StandardNiFiUser.java @@ -16,32 +16,24 @@ */ package org.apache.nifi.authorization.user; -import java.io.Serializable; import java.util.Objects; /** * An implementation of NiFiUser. */ -public class StandardNiFiUser implements NiFiUser, Serializable { - private static final long serialVersionUID = -5503790026187817496L; +public class StandardNiFiUser implements NiFiUser { public static final StandardNiFiUser ANONYMOUS = new StandardNiFiUser("anonymous"); private final String identity; - private final String userName; private final NiFiUser chain; public StandardNiFiUser(String identity) { - this(identity, identity, null); + this(identity, null); } public StandardNiFiUser(String identity, NiFiUser chain) { - this(identity, identity, chain); - } - - public StandardNiFiUser(String identity, String userName, NiFiUser chain) { this.identity = identity; - this.userName = userName; this.chain = chain; } @@ -52,11 +44,6 @@ public class StandardNiFiUser implements NiFiUser, Serializable { } @Override - public String getUserName() { - return userName; - } - - @Override public NiFiUser getChain() { return chain; } @@ -89,6 +76,6 @@ public class StandardNiFiUser implements NiFiUser, Serializable { @Override public String toString() { - return String.format("identity[%s], userName[%s]", getIdentity(), getUserName(), ", "); + return String.format("identity[%s]", getIdentity()); } } http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/Template.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/Template.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/Template.java index b330581..5231095 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/Template.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core-api/src/main/java/org/apache/nifi/controller/Template.java @@ -16,9 +16,6 @@ */ package org.apache.nifi.controller; -import java.util.HashSet; -import java.util.Set; - import org.apache.nifi.authorization.AccessDeniedException; import org.apache.nifi.authorization.AuthorizationRequest; import org.apache.nifi.authorization.AuthorizationResult; @@ -32,6 +29,7 @@ import org.apache.nifi.authorization.resource.ResourceType; import org.apache.nifi.authorization.user.NiFiUser; import org.apache.nifi.connectable.Connection; import org.apache.nifi.controller.label.Label; +import org.apache.nifi.controller.service.ControllerServiceNode; import org.apache.nifi.groups.ProcessGroup; import org.apache.nifi.groups.RemoteProcessGroup; import org.apache.nifi.web.api.dto.ConnectionDTO; @@ -43,6 +41,9 @@ import org.apache.nifi.web.api.dto.ProcessorDTO; import org.apache.nifi.web.api.dto.RemoteProcessGroupDTO; import org.apache.nifi.web.api.dto.TemplateDTO; +import java.util.HashSet; +import java.util.Set; + public class Template implements Authorizable { private final TemplateDTO dto; @@ -84,53 +85,68 @@ public class Template implements Authorizable { return ResourceFactory.getComponentResource(ResourceType.Template, dto.getId(), dto.getName()); } + private ProcessGroup getRootGroup(final ProcessGroup currentGroup) { + if (currentGroup.getParent() == null) { + return currentGroup; + } else { + return getRootGroup(currentGroup.getParent()); + } + } + private Set<Authorizable> getAuthorizableComponents() { - return getAuthorizableComponents(processGroup); + return getAuthorizableComponents(processGroup.getIdentifier(), dto.getSnippet()); } - private Set<Authorizable> getAuthorizableComponents(final ProcessGroup processGroup) { + private Set<Authorizable> getAuthorizableComponents(final String currentGroupId, final FlowSnippetDTO snippet) { final Set<Authorizable> authComponents = new HashSet<>(); - final FlowSnippetDTO snippet = dto.getSnippet(); - authComponents.add(processGroup); + // If there is any component in the DTO that still exists in the flow, check its authorizations... + // need to go to the root group in case a sensitive processor was moved out of this processGroup + final ProcessGroup root = getRootGroup(processGroup); + + // include the current group + final ProcessGroup currentGroup = root.findProcessGroup(currentGroupId); + authComponents.add(currentGroup); - // If there is any component in the DTO that still exists in the flow, check its authorizations for (final ConnectionDTO connectionDto : snippet.getConnections()) { - final Connection connection = processGroup.getConnection(connectionDto.getId()); + final Connection connection = root.findConnection(connectionDto.getId()); if (connection != null) { authComponents.add(connection); } } - // TODO: Authorize Controller Services for (final ControllerServiceDTO service : snippet.getControllerServices()) { + final ControllerServiceNode controllerService = root.findControllerService(service.getId()); + if (controllerService != null) { + authComponents.add(controllerService); + } } for (final LabelDTO labelDto : snippet.getLabels()) { - final Label label = processGroup.getLabel(labelDto.getId()); + final Label label = root.findLabel(labelDto.getId()); if (label != null) { authComponents.add(label); } } for (final ProcessorDTO processorDto : snippet.getProcessors()) { - final ProcessorNode procNode = processGroup.getProcessor(processorDto.getId()); + final ProcessorNode procNode = root.findProcessor(processorDto.getId()); if (procNode != null) { authComponents.add(procNode); } } for (final RemoteProcessGroupDTO groupDto : snippet.getRemoteProcessGroups()) { - final RemoteProcessGroup rpg = processGroup.getRemoteProcessGroup(groupDto.getId()); + final RemoteProcessGroup rpg = root.findRemoteProcessGroup(groupDto.getId()); if (rpg != null) { authComponents.add(rpg); } } for (final ProcessGroupDTO groupDto : snippet.getProcessGroups()) { - final ProcessGroup group = processGroup.getProcessGroup(groupDto.getId()); + final ProcessGroup group = root.findProcessGroup(groupDto.getId()); if (group != null) { - authComponents.addAll(getAuthorizableComponents(group)); + authComponents.addAll(getAuthorizableComponents(groupDto.getId(), groupDto.getContents())); } } @@ -170,12 +186,15 @@ public class Template implements Authorizable { if (Result.ResourceNotFound.equals(result.getResult())) { for (final Authorizable child : getAuthorizableComponents()) { final AuthorizationResult childResult = child.checkAuthorization(authorizer, action, user); - if (Result.Denied.equals(childResult)) { + + // if the authoriable in this template explicitly says no, respect it + if (Result.Denied.equals(childResult.getResult())) { return childResult; } } - return AuthorizationResult.denied(); + // if all authorizables are approved or no longer have a policy, approve it + return AuthorizationResult.approved(); } else { return result; } http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java index 6b643e6..a931841 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-framework-core/src/main/java/org/apache/nifi/groups/StandardProcessGroup.java @@ -2249,6 +2249,10 @@ public final class StandardProcessGroup implements ProcessGroup { childGroup.verifyCanDelete(true); } + if (!templates.isEmpty()) { + throw new IllegalStateException(String.format("Cannot delete Process Group because it contains %s Templates. The Templates must be deleted first.", templates.size())); + } + if (!ignoreConnections) { for (final Port port : inputPorts.values()) { for (final Connection connection : port.getIncomingConnections()) { http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-user-actions/src/main/java/org/apache/nifi/action/FlowChangeAction.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-user-actions/src/main/java/org/apache/nifi/action/FlowChangeAction.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-user-actions/src/main/java/org/apache/nifi/action/FlowChangeAction.java index ad22059..4d8d1d0 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-user-actions/src/main/java/org/apache/nifi/action/FlowChangeAction.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-user-actions/src/main/java/org/apache/nifi/action/FlowChangeAction.java @@ -27,7 +27,6 @@ public class FlowChangeAction implements Action { private Integer id; private String userIdentity; - private String userName; private Date timestamp; private String sourceId; @@ -66,15 +65,6 @@ public class FlowChangeAction implements Action { } @Override - public String getUserName() { - return userName; - } - - public void setUserName(String userName) { - this.userName = userName; - } - - @Override public String getSourceId() { return sourceId; } http://git-wip-us.apache.org/repos/asf/nifi/blob/ce533033/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ComponentStateAuditor.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ComponentStateAuditor.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ComponentStateAuditor.java index e231456..2f70796 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ComponentStateAuditor.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/audit/ComponentStateAuditor.java @@ -73,7 +73,6 @@ public class ComponentStateAuditor extends NiFiAuditor { // create the clear action FlowChangeAction configAction = new FlowChangeAction(); configAction.setUserIdentity(user.getIdentity()); - configAction.setUserName(user.getUserName()); configAction.setOperation(Operation.ClearState); configAction.setTimestamp(new Date()); configAction.setSourceId(processor.getIdentifier()); @@ -120,7 +119,6 @@ public class ComponentStateAuditor extends NiFiAuditor { // create the clear action FlowChangeAction configAction = new FlowChangeAction(); configAction.setUserIdentity(user.getIdentity()); - configAction.setUserName(user.getUserName()); configAction.setOperation(Operation.ClearState); configAction.setTimestamp(new Date()); configAction.setSourceId(controllerService.getIdentifier()); @@ -167,7 +165,6 @@ public class ComponentStateAuditor extends NiFiAuditor { // create the clear action FlowChangeAction configAction = new FlowChangeAction(); configAction.setUserIdentity(user.getIdentity()); - configAction.setUserName(user.getUserName()); configAction.setOperation(Operation.ClearState); configAction.setTimestamp(new Date()); configAction.setSourceId(reportingTask.getIdentifier());
