http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/java/org/apache/nifi/authorization/UserGroupProviderFactory.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/java/org/apache/nifi/authorization/UserGroupProviderFactory.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/java/org/apache/nifi/authorization/UserGroupProviderFactory.java new file mode 100644 index 0000000..caa265f --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/java/org/apache/nifi/authorization/UserGroupProviderFactory.java @@ -0,0 +1,228 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.authorization; + +import org.apache.nifi.authorization.exception.AuthorizationAccessException; +import org.apache.nifi.authorization.exception.AuthorizerCreationException; +import org.apache.nifi.authorization.exception.AuthorizerDestructionException; +import org.apache.nifi.authorization.exception.UninheritableAuthorizationsException; +import org.apache.nifi.nar.NarCloseable; + +import java.util.Set; + +public final class UserGroupProviderFactory { + + public static UserGroupProvider withNarLoader(final UserGroupProvider baseUserGroupProvider) { + if (baseUserGroupProvider instanceof ConfigurableUserGroupProvider) { + final ConfigurableUserGroupProvider baseConfigurableUserGroupProvider = (ConfigurableUserGroupProvider) baseUserGroupProvider; + return new ConfigurableUserGroupProvider() { + @Override + public User addUser(User user) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseConfigurableUserGroupProvider.addUser(user); + } + } + + @Override + public User updateUser(User user) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseConfigurableUserGroupProvider.updateUser(user); + } + } + + @Override + public User deleteUser(User user) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseConfigurableUserGroupProvider.deleteUser(user); + } + } + + @Override + public Group addGroup(Group group) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseConfigurableUserGroupProvider.addGroup(group); + } + } + + @Override + public Group updateGroup(Group group) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseConfigurableUserGroupProvider.updateGroup(group); + } + } + + @Override + public Group deleteGroup(Group group) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseConfigurableUserGroupProvider.deleteGroup(group); + } + } + + @Override + public Set<User> getUsers() throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseConfigurableUserGroupProvider.getUsers(); + } + } + + @Override + public User getUser(String identifier) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseConfigurableUserGroupProvider.getUser(identifier); + } + } + + @Override + public User getUserByIdentity(String identity) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseConfigurableUserGroupProvider.getUserByIdentity(identity); + } + } + + @Override + public Set<Group> getGroups() throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseConfigurableUserGroupProvider.getGroups(); + } + } + + @Override + public Group getGroup(String identifier) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseConfigurableUserGroupProvider.getGroup(identifier); + } + } + + @Override + public UserAndGroups getUserAndGroups(String identity) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseConfigurableUserGroupProvider.getUserAndGroups(identity); + } + } + + @Override + public void inheritFingerprint(String fingerprint) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + baseConfigurableUserGroupProvider.inheritFingerprint(fingerprint); + } + } + + @Override + public void checkInheritability(String proposedFingerprint) throws AuthorizationAccessException, UninheritableAuthorizationsException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + baseConfigurableUserGroupProvider.checkInheritability(proposedFingerprint); + } + } + + @Override + public String getFingerprint() throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseConfigurableUserGroupProvider.getFingerprint(); + } + } + + @Override + public void initialize(UserGroupProviderInitializationContext initializationContext) throws AuthorizerCreationException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + baseConfigurableUserGroupProvider.initialize(initializationContext); + } + } + + @Override + public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + baseConfigurableUserGroupProvider.onConfigured(configurationContext); + } + } + + @Override + public void preDestruction() throws AuthorizerDestructionException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + baseConfigurableUserGroupProvider.preDestruction(); + } + } + }; + } else { + return new UserGroupProvider() { + @Override + public Set<User> getUsers() throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseUserGroupProvider.getUsers(); + } + } + + @Override + public User getUser(String identifier) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseUserGroupProvider.getUser(identifier); + } + } + + @Override + public User getUserByIdentity(String identity) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseUserGroupProvider.getUserByIdentity(identity); + } + } + + @Override + public Set<Group> getGroups() throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseUserGroupProvider.getGroups(); + } + } + + @Override + public Group getGroup(String identifier) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseUserGroupProvider.getGroup(identifier); + } + } + + @Override + public UserAndGroups getUserAndGroups(String identity) throws AuthorizationAccessException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + return baseUserGroupProvider.getUserAndGroups(identity); + } + } + + @Override + public void initialize(UserGroupProviderInitializationContext initializationContext) throws AuthorizerCreationException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + baseUserGroupProvider.initialize(initializationContext); + } + } + + @Override + public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + baseUserGroupProvider.onConfigured(configurationContext); + } + } + + @Override + public void preDestruction() throws AuthorizerDestructionException { + try (final NarCloseable narCloseable = NarCloseable.withNarLoader()) { + baseUserGroupProvider.preDestruction(); + } + } + }; + } + } + + private UserGroupProviderFactory() {} +}
http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/xsd/authorizers.xsd ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/xsd/authorizers.xsd b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/xsd/authorizers.xsd index 4b68b00..46c004a 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/xsd/authorizers.xsd +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/main/xsd/authorizers.xsd @@ -14,7 +14,25 @@ limitations under the License. --> <xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema";> - <!-- role --> + <!-- user group providers type --> + <xs:complexType name="UserGroupProvider"> + <xs:sequence> + <xs:element name="identifier" type="NonEmptyStringType"/> + <xs:element name="class" type="NonEmptyStringType"/> + <xs:element name="property" type="Property" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + + <!-- access policy provider type --> + <xs:complexType name="AccessPolicyProvider"> + <xs:sequence> + <xs:element name="identifier" type="NonEmptyStringType"/> + <xs:element name="class" type="NonEmptyStringType"/> + <xs:element name="property" type="Property" minOccurs="0" maxOccurs="unbounded" /> + </xs:sequence> + </xs:complexType> + + <!-- authorizers type --> <xs:complexType name="Authorizer"> <xs:sequence> <xs:element name="identifier" type="NonEmptyStringType"/> @@ -38,10 +56,12 @@ </xs:restriction> </xs:simpleType> - <!-- users --> + <!-- authorizers --> <xs:element name="authorizers"> <xs:complexType> <xs:sequence> + <xs:element name="userGroupProvider" type="UserGroupProvider" minOccurs="0" maxOccurs="unbounded"/> + <xs:element name="accessPolicyProvider" type="AccessPolicyProvider" minOccurs="0" maxOccurs="unbounded"/> <xs:element name="authorizer" type="Authorizer" minOccurs="0" maxOccurs="unbounded"/> </xs:sequence> </xs:complexType> http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/AuthorizerFactoryTest.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/AuthorizerFactoryTest.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/AuthorizerFactoryTest.java new file mode 100644 index 0000000..13d6f5a --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/AuthorizerFactoryTest.java @@ -0,0 +1,264 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.authorization; + +import org.apache.nifi.authorization.exception.AuthorizerCreationException; +import org.junit.Assert; +import org.junit.Test; +import org.mockito.Mockito; + +import java.util.HashSet; +import java.util.LinkedHashSet; +import java.util.Set; + +public class AuthorizerFactoryTest { + + @Test(expected = AuthorizerCreationException.class) + public void testOnConfiguredWhenPoliciesWithSameResourceAndAction() { + User user1 = new User.Builder().identifier("user-id-1").identity("user-1").build(); + + AccessPolicy policy1 = new AccessPolicy.Builder() + .identifier("policy-id-1") + .resource("resource1") + .action(RequestAction.READ) + .addUser(user1.getIdentifier()) + .build(); + + AccessPolicy policy2 = new AccessPolicy.Builder() + .identifier("policy-id-2") + .resource("resource1") + .action(RequestAction.READ) + .addUser(user1.getIdentifier()) + .build(); + + Set<AccessPolicy> policies = new LinkedHashSet<>(); + policies.add(policy1); + policies.add(policy2); + + Set<User> users = new LinkedHashSet<>(); + users.add(user1); + + AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class); + Authorizer authorizer = AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer(new HashSet<>(), users, policies)); + authorizer.onConfigured(context); + } + + @Test(expected = AuthorizerCreationException.class) + public void testOnConfiguredWhenUsersWithSameIdentity() { + User user1 = new User.Builder().identifier("user-id-1").identity("user-1").build(); + User user2 = new User.Builder().identifier("user-id-2").identity("user-1").build(); + + Set<User> users = new LinkedHashSet<>(); + users.add(user1); + users.add(user2); + + AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class); + Authorizer authorizer = AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer(new HashSet<>(), users, new HashSet<>())); + authorizer.onConfigured(context); + } + + @Test(expected = AuthorizerCreationException.class) + public void testOnConfiguredWhenGroupsWithSameName() { + Group group1 = new Group.Builder().identifier("group-id-1").name("group-1").build(); + Group group2 = new Group.Builder().identifier("group-id-2").name("group-1").build(); + + Set<Group> groups = new LinkedHashSet<>(); + groups.add(group1); + groups.add(group2); + + AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class); + Authorizer authorizer = AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer(groups, new HashSet<>(), new HashSet<>())); + authorizer.onConfigured(context); + } + + @Test + public void testAddPoliciesWithSameResourceAndAction() { + AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class); + + final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer()); + managedAuthorizer.onConfigured(context); + + final ConfigurableAccessPolicyProvider accessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider(); + final ConfigurableUserGroupProvider userGroupProvider = (ConfigurableUserGroupProvider) accessPolicyProvider.getUserGroupProvider(); + + User user1 = new User.Builder().identifier("user-id-1").identity("user-1").build(); + userGroupProvider.addUser(user1); + + AccessPolicy policy1 = new AccessPolicy.Builder() + .identifier("policy-id-1") + .resource("resource1") + .action(RequestAction.READ) + .addUser(user1.getIdentifier()) + .build(); + accessPolicyProvider.addAccessPolicy(policy1); + + AccessPolicy policy2 = new AccessPolicy.Builder() + .identifier("policy-id-2") + .resource("resource1") + .action(RequestAction.READ) + .addUser(user1.getIdentifier()) + .build(); + + try { + accessPolicyProvider.addAccessPolicy(policy2); + Assert.fail("Should have thrown exception"); + } catch (IllegalStateException e) { + + } + } + + @Test + public void testAddUsersWithSameIdentity() { + AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class); + + final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer()); + managedAuthorizer.onConfigured(context); + + final ConfigurableAccessPolicyProvider accessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider(); + final ConfigurableUserGroupProvider userGroupProvider = (ConfigurableUserGroupProvider) accessPolicyProvider.getUserGroupProvider(); + + User user1 = new User.Builder().identifier("user-id-1").identity("user-1").build(); + userGroupProvider.addUser(user1); + + User user2 = new User.Builder().identifier("user-id-2").identity("user-1").build(); + + try { + userGroupProvider.addUser(user2); + Assert.fail("Should have thrown exception"); + } catch (IllegalStateException e) { + + } + } + + @Test + public void testAddGroupsWithSameName() { + AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class); + + final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer()); + managedAuthorizer.onConfigured(context); + + final ConfigurableAccessPolicyProvider accessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider(); + final ConfigurableUserGroupProvider userGroupProvider = (ConfigurableUserGroupProvider) accessPolicyProvider.getUserGroupProvider(); + + Group group1 = new Group.Builder().identifier("group-id-1").name("group-1").build(); + userGroupProvider.addGroup(group1); + + Group group2 = new Group.Builder().identifier("group-id-2").name("group-1").build(); + + try { + userGroupProvider.addGroup(group2); + Assert.fail("Should have thrown exception"); + } catch (IllegalStateException e) { + + } + } + + @Test + public void testAddUsersWithSameIdentityAsGroupName() { + AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class); + + final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer()); + managedAuthorizer.onConfigured(context); + + final ConfigurableAccessPolicyProvider accessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider(); + final ConfigurableUserGroupProvider userGroupProvider = (ConfigurableUserGroupProvider) accessPolicyProvider.getUserGroupProvider(); + + Group group1 = new Group.Builder().identifier("group-id-1").name("abc").build(); + userGroupProvider.addGroup(group1); + + User user = new User.Builder().identifier("user-id-2").identity("abc").build(); + + try { + userGroupProvider.addUser(user); + Assert.fail("Should have thrown exception"); + } catch (IllegalStateException e) { + + } + } + + @Test + public void testAddGroupWithSameNameAsUserIdentity() { + AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class); + + final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer()); + managedAuthorizer.onConfigured(context); + + final ConfigurableAccessPolicyProvider accessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider(); + final ConfigurableUserGroupProvider userGroupProvider = (ConfigurableUserGroupProvider) accessPolicyProvider.getUserGroupProvider(); + + User user = new User.Builder().identifier("user-id-2").identity("abc").build(); + userGroupProvider.addUser(user); + + Group group1 = new Group.Builder().identifier("group-id-1").name("abc").build(); + try { + userGroupProvider.addGroup(group1); + Assert.fail("Should have thrown exception"); + } catch (IllegalStateException e) { + + } + } + + @Test + public void testUpdateUserWithSameIdentity() { + AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class); + + final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer()); + managedAuthorizer.onConfigured(context); + + final ConfigurableAccessPolicyProvider accessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider(); + final ConfigurableUserGroupProvider userGroupProvider = (ConfigurableUserGroupProvider) accessPolicyProvider.getUserGroupProvider(); + + User user1 = new User.Builder().identifier("user-id-1").identity("abc").build(); + userGroupProvider.addUser(user1); + + User user2 = new User.Builder().identifier("user-id-2").identity("xyz").build(); + userGroupProvider.addUser(user2); + + try { + User user1Updated = new User.Builder().identifier("user-id-1").identity("xyz").build(); + userGroupProvider.updateUser(user1Updated); + Assert.fail("Should have thrown exception"); + } catch (IllegalStateException e) { + + } + } + + @Test + public void testUpdateGroupWithSameName() { + AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class); + + final ManagedAuthorizer managedAuthorizer = (ManagedAuthorizer) AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer()); + managedAuthorizer.onConfigured(context); + + final ConfigurableAccessPolicyProvider accessPolicyProvider = (ConfigurableAccessPolicyProvider) managedAuthorizer.getAccessPolicyProvider(); + final ConfigurableUserGroupProvider userGroupProvider = (ConfigurableUserGroupProvider) accessPolicyProvider.getUserGroupProvider(); + + Group group1 = new Group.Builder().identifier("group-id-1").name("abc").build(); + userGroupProvider.addGroup(group1); + + Group group2 = new Group.Builder().identifier("group-id-2").name("xyz").build(); + userGroupProvider.addGroup(group2); + + try { + Group group1Updated = new Group.Builder().identifier("group-id-1").name("xyz").build(); + userGroupProvider.updateGroup(group1Updated); + Assert.fail("Should have thrown exception"); + } catch (IllegalStateException e) { + + } + } +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/MockPolicyBasedAuthorizer.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/MockPolicyBasedAuthorizer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/MockPolicyBasedAuthorizer.java new file mode 100644 index 0000000..9b50b50 --- /dev/null +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-authorizer/src/test/java/org/apache/nifi/authorization/MockPolicyBasedAuthorizer.java @@ -0,0 +1,183 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.authorization; + +import org.apache.nifi.authorization.exception.AuthorizationAccessException; +import org.apache.nifi.authorization.exception.AuthorizerCreationException; +import org.apache.nifi.authorization.exception.AuthorizerDestructionException; + +import java.util.HashSet; +import java.util.Set; +import java.util.stream.Collectors; + +/** + * Mock implementation of AbstractPolicyBasedAuthorizer. + */ +public class MockPolicyBasedAuthorizer extends AbstractPolicyBasedAuthorizer { + + private Set<Group> groups = new HashSet<>(); + private Set<User> users = new HashSet<>(); + private Set<AccessPolicy> policies = new HashSet<>(); + + public MockPolicyBasedAuthorizer() { + + } + + public MockPolicyBasedAuthorizer(Set<Group> groups, Set<User> users, Set<AccessPolicy> policies) { + if (groups != null) { + this.groups.addAll(groups); + } + if (users != null) { + this.users.addAll(users); + } + if (policies != null) { + this.policies.addAll(policies); + } + } + + @Override + public Group doAddGroup(Group group) throws AuthorizationAccessException { + groups.add(group); + return group; + } + + @Override + public Group getGroup(String identifier) throws AuthorizationAccessException { + return groups.stream().filter(g -> g.getIdentifier().equals(identifier)).findFirst().get(); + } + + @Override + public Group doUpdateGroup(Group group) throws AuthorizationAccessException { + deleteGroup(group); + return addGroup(group); + } + + @Override + public Group deleteGroup(Group group) throws AuthorizationAccessException { + groups.remove(group); + return group; + } + + @Override + public Set<Group> getGroups() throws AuthorizationAccessException { + return groups; + } + + @Override + public User doAddUser(User user) throws AuthorizationAccessException { + users.add(user); + return user; + } + + @Override + public User getUser(String identifier) throws AuthorizationAccessException { + return users.stream().filter(u -> u.getIdentifier().equals(identifier)).findFirst().get(); + } + + @Override + public User getUserByIdentity(String identity) throws AuthorizationAccessException { + return users.stream().filter(u -> u.getIdentity().equals(identity)).findFirst().get(); + } + + @Override + public User doUpdateUser(User user) throws AuthorizationAccessException { + deleteUser(user); + return addUser(user); + } + + @Override + public User deleteUser(User user) throws AuthorizationAccessException { + users.remove(user); + return user; + } + + @Override + public Set<User> getUsers() throws AuthorizationAccessException { + return users; + } + + @Override + protected AccessPolicy doAddAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException { + policies.add(accessPolicy); + return accessPolicy; + } + + @Override + public AccessPolicy getAccessPolicy(String identifier) throws AuthorizationAccessException { + return policies.stream().filter(p -> p.getIdentifier().equals(identifier)).findFirst().get(); + } + + @Override + public AccessPolicy updateAccessPolicy(AccessPolicy accessPolicy) throws AuthorizationAccessException { + deleteAccessPolicy(accessPolicy); + return addAccessPolicy(accessPolicy); + } + + @Override + public AccessPolicy deleteAccessPolicy(AccessPolicy policy) throws AuthorizationAccessException { + policies.remove(policy); + return policy; + } + + @Override + public Set<AccessPolicy> getAccessPolicies() throws AuthorizationAccessException { + return policies; + } + + @Override + public UsersAndAccessPolicies getUsersAndAccessPolicies() throws AuthorizationAccessException { + return new UsersAndAccessPolicies() { + @Override + public AccessPolicy getAccessPolicy(String resourceIdentifier, RequestAction action) { + return null; + } + + @Override + public User getUser(String identity) { + return getUserByIdentity(identity); + } + + @Override + public Set<Group> getGroups(String userIdentity) { + User user = getUserByIdentity(userIdentity); + if (user == null) { + return new HashSet<>(); + } else { + return groups.stream() + .filter(g -> g.getUsers().contains(user.getIdentifier())) + .collect(Collectors.toSet()); + } + } + }; + } + + @Override + public void initialize(AuthorizerInitializationContext initializationContext) throws AuthorizerCreationException { + + } + + @Override + public void doOnConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException { + + } + + @Override + public void preDestruction() throws AuthorizerDestructionException { + + } + +} http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/FlowConfigurationDTO.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/FlowConfigurationDTO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/FlowConfigurationDTO.java index 9e546b1..fa039fe 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/FlowConfigurationDTO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/dto/FlowConfigurationDTO.java @@ -29,7 +29,9 @@ import java.util.Date; @XmlType(name = "flowConfiguration") public class FlowConfigurationDTO { + private Boolean supportsManagedAuthorizer; private Boolean supportsConfigurableAuthorizer; + private Boolean supportsConfigurableUsersAndGroups; private Long autoRefreshIntervalSeconds; private Date currentTime; @@ -51,6 +53,37 @@ public class FlowConfigurationDTO { } /** + * @return whether this NiFi supports a managed authorizer. Managed authorizers can visualize users, groups, + * and policies in the UI. This value is read only + */ + @ApiModelProperty( + value = "Whether this NiFi supports a managed authorizer. Managed authorizers can visualize users, groups, and policies in the UI.", + readOnly = true + ) + public Boolean getSupportsManagedAuthorizer() { + return supportsManagedAuthorizer; + } + + public void setSupportsManagedAuthorizer(Boolean supportsManagedAuthorizer) { + this.supportsManagedAuthorizer = supportsManagedAuthorizer; + } + + /** + * @return whether this NiFi supports configurable users and groups. This value is read only + */ + @ApiModelProperty( + value = "Whether this NiFi supports configurable users and groups.", + readOnly = true + ) + public Boolean getSupportsConfigurableUsersAndGroups() { + return supportsConfigurableUsersAndGroups; + } + + public void setSupportsConfigurableUsersAndGroups(Boolean supportsConfigurableUsersAndGroups) { + this.supportsConfigurableUsersAndGroups = supportsConfigurableUsersAndGroups; + } + + /** * @return whether this NiFi supports a configurable authorizer. This value is read only */ @ApiModelProperty( http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessPolicyEntity.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessPolicyEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessPolicyEntity.java index d42f498..19d831d 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessPolicyEntity.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/AccessPolicyEntity.java @@ -28,7 +28,7 @@ import java.util.Date; * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to an {@link AccessPolicyDTO}. */ @XmlRootElement(name = "accessPolicyEntity") -public class AccessPolicyEntity extends ComponentEntity { +public class AccessPolicyEntity extends ComponentEntity implements Permissible<AccessPolicyDTO> { private Date generated; private AccessPolicyDTO component; http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantsEntity.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantsEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantsEntity.java index 49c51c3..cc97619 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantsEntity.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/TenantsEntity.java @@ -24,7 +24,7 @@ import java.util.Collection; * TenantEntity objects. */ @XmlRootElement(name = "tenantsEntity") -public class TenantsEntity { +public class TenantsEntity extends Entity { private Collection<TenantEntity> users; private Collection<TenantEntity> userGroups; http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserEntity.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserEntity.java index 983cdfb..11d2f9d 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserEntity.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserEntity.java @@ -24,7 +24,7 @@ import javax.xml.bind.annotation.XmlRootElement; * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a UserDTO. */ @XmlRootElement(name = "userEntity") -public class UserEntity extends ComponentEntity { +public class UserEntity extends ComponentEntity implements Permissible<UserDTO> { private UserDTO component; http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupEntity.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupEntity.java index ea8238a..d70489c 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupEntity.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupEntity.java @@ -16,14 +16,15 @@ */ package org.apache.nifi.web.api.entity; -import javax.xml.bind.annotation.XmlRootElement; import org.apache.nifi.web.api.dto.UserGroupDTO; +import javax.xml.bind.annotation.XmlRootElement; + /** * A serialized representation of this class can be placed in the entity body of a request or response to or from the API. This particular entity holds a reference to a UserGroupDTO. */ @XmlRootElement(name = "userGroupEntity") -public class UserGroupEntity extends ComponentEntity { +public class UserGroupEntity extends ComponentEntity implements Permissible<UserGroupDTO> { private UserGroupDTO component; http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupsEntity.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupsEntity.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupsEntity.java index bdde662..d4b4c5d 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupsEntity.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-client-dto/src/main/java/org/apache/nifi/web/api/entity/UserGroupsEntity.java @@ -24,7 +24,7 @@ import java.util.Collection; * UserGroupEntity objects. */ @XmlRootElement(name = "userGroupsEntity") -public class UserGroupsEntity { +public class UserGroupsEntity extends Entity { private Collection<UserGroupEntity> userGroups; http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml index 0f44b6a..bba0413 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/pom.xml @@ -41,8 +41,9 @@ <goal>xjc</goal> </goals> <configuration> - <schemaDirectory>src/main/xsd</schemaDirectory> - <schemaFiles>authorizations.xsd</schemaFiles> + <sources> + <source>src/main/xsd/authorizations.xsd</source> + </sources> <packageName>org.apache.nifi.authorization.file.generated</packageName> </configuration> </execution> @@ -52,8 +53,9 @@ <goal>xjc</goal> </goals> <configuration> - <schemaDirectory>src/main/xsd</schemaDirectory> - <schemaFiles>tenants.xsd</schemaFiles> + <sources> + <source>src/main/xsd/tenants.xsd</source> + </sources> <packageName>org.apache.nifi.authorization.file.tenants.generated</packageName> <clearOutputDir>false</clearOutputDir> </configuration> @@ -64,8 +66,9 @@ <goal>xjc</goal> </goals> <configuration> - <schemaDirectory>src/main/xsd</schemaDirectory> - <schemaFiles>legacy-users.xsd</schemaFiles> + <sources> + <source>src/main/xsd/legacy-users.xsd</source> + </sources> <packageName>org.apache.nifi.user.generated</packageName> <clearOutputDir>false</clearOutputDir> </configuration> http://git-wip-us.apache.org/repos/asf/nifi/blob/4ed7511b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/AuthorizationsHolder.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/AuthorizationsHolder.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/AuthorizationsHolder.java index e407289..0d3ea64 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/AuthorizationsHolder.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/AuthorizationsHolder.java @@ -19,9 +19,6 @@ package org.apache.nifi.authorization; import org.apache.nifi.authorization.file.generated.Authorizations; import org.apache.nifi.authorization.file.generated.Policies; -import org.apache.nifi.authorization.file.tenants.generated.Groups; -import org.apache.nifi.authorization.file.tenants.generated.Tenants; -import org.apache.nifi.authorization.file.tenants.generated.Users; import java.util.Collections; import java.util.HashMap; @@ -32,56 +29,26 @@ import java.util.Set; /** * A holder to provide atomic access to data structures. */ -public class AuthorizationsHolder implements UsersAndAccessPolicies { +public class AuthorizationsHolder { - private final Tenants tenants; private final Authorizations authorizations; private final Set<AccessPolicy> allPolicies; private final Map<String, Set<AccessPolicy>> policiesByResource; private final Map<String, AccessPolicy> policiesById; - private final Set<User> allUsers; - private final Map<String,User> usersById; - private final Map<String,User> usersByIdentity; - - private final Set<Group> allGroups; - private final Map<String,Group> groupsById; - private final Map<String, Set<Group>> groupsByUserIdentity; - /** - * Creates a new holder and populates all convenience data structures. + * Creates a new holder and populates all convenience authorizations data structures. * * @param authorizations the current authorizations instance */ - public AuthorizationsHolder(final Authorizations authorizations, final Tenants tenants) { + public AuthorizationsHolder(final Authorizations authorizations) { this.authorizations = authorizations; - this.tenants = tenants; - - // load all users - final Users users = tenants.getUsers(); - final Set<User> allUsers = Collections.unmodifiableSet(createUsers(users)); - - // load all groups - final Groups groups = tenants.getGroups(); - final Set<Group> allGroups = Collections.unmodifiableSet(createGroups(groups, users)); // load all access policies final Policies policies = authorizations.getPolicies(); final Set<AccessPolicy> allPolicies = Collections.unmodifiableSet(createAccessPolicies(policies)); - // create a convenience map to retrieve a user by id - final Map<String, User> userByIdMap = Collections.unmodifiableMap(createUserByIdMap(allUsers)); - - // create a convenience map to retrieve a user by identity - final Map<String, User> userByIdentityMap = Collections.unmodifiableMap(createUserByIdentityMap(allUsers)); - - // create a convenience map to retrieve a group by id - final Map<String, Group> groupByIdMap = Collections.unmodifiableMap(createGroupByIdMap(allGroups)); - - // create a convenience map to retrieve the groups for a user identity - final Map<String, Set<Group>> groupsByUserIdentityMap = Collections.unmodifiableMap(createGroupsByUserIdentityMap(allGroups, allUsers)); - // create a convenience map from resource id to policies final Map<String, Set<AccessPolicy>> policiesByResourceMap = Collections.unmodifiableMap(createResourcePolicyMap(allPolicies)); @@ -89,13 +56,7 @@ public class AuthorizationsHolder implements UsersAndAccessPolicies { final Map<String, AccessPolicy> policiesByIdMap = Collections.unmodifiableMap(createPoliciesByIdMap(allPolicies)); // set all the holders - this.allUsers = allUsers; - this.allGroups = allGroups; this.allPolicies = allPolicies; - this.usersById = userByIdMap; - this.usersByIdentity = userByIdentityMap; - this.groupsById = groupByIdMap; - this.groupsByUserIdentity = groupsByUserIdentityMap; this.policiesByResource = policiesByResourceMap; this.policiesById = policiesByIdMap; } @@ -134,9 +95,9 @@ public class AuthorizationsHolder implements UsersAndAccessPolicies { // add the appropriate request actions final String authorizationCode = policy.getAction(); - if (authorizationCode.equals(FileAuthorizer.READ_CODE)) { + if (authorizationCode.equals(FileAccessPolicyProvider.READ_CODE)) { builder.action(RequestAction.READ); - } else if (authorizationCode.equals(FileAuthorizer.WRITE_CODE)){ + } else if (authorizationCode.equals(FileAccessPolicyProvider.WRITE_CODE)){ builder.action(RequestAction.WRITE); } else { throw new IllegalStateException("Unknown Policy Action: " + authorizationCode); @@ -150,57 +111,6 @@ public class AuthorizationsHolder implements UsersAndAccessPolicies { } /** - * Creates a set of Users from the JAXB Users. - * - * @param users the JAXB Users - * @return a set of API Users matching the provided JAXB Users - */ - private Set<User> createUsers(org.apache.nifi.authorization.file.tenants.generated.Users users) { - Set<User> allUsers = new HashSet<>(); - if (users == null || users.getUser() == null) { - return allUsers; - } - - for (org.apache.nifi.authorization.file.tenants.generated.User user : users.getUser()) { - final User.Builder builder = new User.Builder() - .identity(user.getIdentity()) - .identifier(user.getIdentifier()); - - allUsers.add(builder.build()); - } - - return allUsers; - } - - /** - * Creates a set of Groups from the JAXB Groups. - * - * @param groups the JAXB Groups - * @return a set of API Groups matching the provided JAXB Groups - */ - private Set<Group> createGroups(org.apache.nifi.authorization.file.tenants.generated.Groups groups, - org.apache.nifi.authorization.file.tenants.generated.Users users) { - Set<Group> allGroups = new HashSet<>(); - if (groups == null || groups.getGroup() == null) { - return allGroups; - } - - for (org.apache.nifi.authorization.file.tenants.generated.Group group : groups.getGroup()) { - final Group.Builder builder = new Group.Builder() - .identifier(group.getIdentifier()) - .name(group.getName()); - - for (org.apache.nifi.authorization.file.tenants.generated.Group.User groupUser : group.getUser()) { - builder.addUser(groupUser.getIdentifier()); - } - - allGroups.add(builder.build()); - } - - return allGroups; - } - - /** * Creates a map from resource identifier to the set of policies for the given resource. * * @param allPolicies the set of all policies @@ -222,74 +132,6 @@ public class AuthorizationsHolder implements UsersAndAccessPolicies { } /** - * Creates a Map from user identifier to User. - * - * @param users the set of all users - * @return the Map from user identifier to User - */ - private Map<String,User> createUserByIdMap(final Set<User> users) { - Map<String,User> usersMap = new HashMap<>(); - for (User user : users) { - usersMap.put(user.getIdentifier(), user); - } - return usersMap; - } - - /** - * Creates a Map from user identity to User. - * - * @param users the set of all users - * @return the Map from user identity to User - */ - private Map<String,User> createUserByIdentityMap(final Set<User> users) { - Map<String,User> usersMap = new HashMap<>(); - for (User user : users) { - usersMap.put(user.getIdentity(), user); - } - return usersMap; - } - - /** - * Creates a Map from group identifier to Group. - * - * @param groups the set of all groups - * @return the Map from group identifier to Group - */ - private Map<String,Group> createGroupByIdMap(final Set<Group> groups) { - Map<String,Group> groupsMap = new HashMap<>(); - for (Group group : groups) { - groupsMap.put(group.getIdentifier(), group); - } - return groupsMap; - } - - /** - * Creates a Map from user identity to the set of Groups for that identity. - * - * @param groups all groups - * @param users all users - * @return a Map from User identity to the set of Groups for that identity - */ - private Map<String, Set<Group>> createGroupsByUserIdentityMap(final Set<Group> groups, final Set<User> users) { - Map<String, Set<Group>> groupsByUserIdentity = new HashMap<>(); - - for (User user : users) { - Set<Group> userGroups = new HashSet<>(); - for (Group group : groups) { - for (String groupUser : group.getUsers()) { - if (groupUser.equals(user.getIdentifier())) { - userGroups.add(group); - } - } - } - - groupsByUserIdentity.put(user.getIdentity(), userGroups); - } - - return groupsByUserIdentity; - } - - /** * Creates a Map from policy identifier to AccessPolicy. * * @param policies the set of all access policies @@ -307,10 +149,6 @@ public class AuthorizationsHolder implements UsersAndAccessPolicies { return authorizations; } - public Tenants getTenants() { - return tenants; - } - public Set<AccessPolicy> getAllPolicies() { return allPolicies; } @@ -323,27 +161,6 @@ public class AuthorizationsHolder implements UsersAndAccessPolicies { return policiesById; } - public Set<User> getAllUsers() { - return allUsers; - } - - public Map<String, User> getUsersById() { - return usersById; - } - - public Map<String, User> getUsersByIdentity() { - return usersByIdentity; - } - - public Set<Group> getAllGroups() { - return allGroups; - } - - public Map<String, Group> getGroupsById() { - return groupsById; - } - - @Override public AccessPolicy getAccessPolicy(final String resourceIdentifier, final RequestAction action) { if (resourceIdentifier == null) { throw new IllegalArgumentException("Resource Identifier cannot be null"); @@ -363,20 +180,4 @@ public class AuthorizationsHolder implements UsersAndAccessPolicies { return null; } - @Override - public User getUser(String identity) { - if (identity == null) { - throw new IllegalArgumentException("Identity cannot be null"); - } - return usersByIdentity.get(identity); - } - - @Override - public Set<Group> getGroups(String userIdentity) { - if (userIdentity == null) { - throw new IllegalArgumentException("User Identity cannot be null"); - } - return groupsByUserIdentity.get(userIdentity); - } - }
