NIFI-65: - Adding methods to the AuthorityProvider to authorize the downloading of content.
Project: http://git-wip-us.apache.org/repos/asf/incubator-nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-nifi/commit/418d6b03 Tree: http://git-wip-us.apache.org/repos/asf/incubator-nifi/tree/418d6b03 Diff: http://git-wip-us.apache.org/repos/asf/incubator-nifi/diff/418d6b03 Branch: refs/heads/NIFI-65 Commit: 418d6b03b2a2c81597954b6c29469e180c3e780e Parents: 2df0314 Author: Matt Gilman <[email protected]> Authored: Tue Dec 23 09:31:46 2014 -0500 Committer: Matt Gilman <[email protected]> Committed: Tue Dec 23 09:31:46 2014 -0500 ---------------------------------------------------------------------- .../nifi/authorization/AuthorityProvider.java | 18 +++++ .../authorization/DownloadAuthorization.java | 85 ++++++++++++++++++++ 2 files changed, 103 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/418d6b03/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java ---------------------------------------------------------------------- diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java index cd96a99..da536c2 100644 --- a/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java +++ b/nifi-api/src/main/java/org/apache/nifi/authorization/AuthorityProvider.java @@ -16,6 +16,8 @@ */ package org.apache.nifi.authorization; +import java.util.List; +import java.util.Map; import java.util.Set; import org.apache.nifi.authorization.exception.AuthorityAccessException; import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException; @@ -137,6 +139,22 @@ public interface AuthorityProvider { void ungroup(String group) throws AuthorityAccessException; /** + * Determines whether the user in the specified dnChain should be able to + * download the content for the flowfile with the specified attributes. + * + * The last dn in the chain is the end user that the request was issued on + * behalf of. The previous dn's in the chain represent entities proxying the + * user's request. + * + * @param dnChain + * @param attributes + * @return + * @throws UnknownIdentityException + * @throws AuthorityAccessException + */ + DownloadAuthorization authorizeDownload(List<String> dnChain, Map<String, String> attributes) throws UnknownIdentityException, AuthorityAccessException; + + /** * Called immediately after instance creation for implementers to perform * additional setup * http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/418d6b03/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java ---------------------------------------------------------------------- diff --git a/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java b/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java new file mode 100644 index 0000000..3855817 --- /dev/null +++ b/nifi-api/src/main/java/org/apache/nifi/authorization/DownloadAuthorization.java @@ -0,0 +1,85 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.nifi.authorization; + +/** + * Represents a decision whether authorization is granted to download content. + */ +public class DownloadAuthorization { + + private static enum Result { + Approved, + Denied; + }; + + private static final DownloadAuthorization APPROVED = new DownloadAuthorization(Result.Approved, null); + + private final Result result; + private final String explanation; + + /** + * Creates a new DownloadAuthorization with the specified result and explanation. + * + * @param result + * @param explanation + */ + private DownloadAuthorization(Result result, String explanation) { + if (Result.Denied.equals(result) && explanation == null) { + throw new IllegalArgumentException("An explanation is request when the download request is denied."); + } + + this.result = result; + this.explanation = explanation; + } + + /** + * Whether or not the download request is approved. + * + * @return + */ + public boolean isApproved() { + return Result.Approved.equals(result); + } + + /** + * If the download request is denied, the reason why. Null otherwise. + * + * @return + */ + public String getExplanation() { + return explanation; + } + + /** + * Creates a new approved DownloadAuthorization. + * + * @return + */ + public static DownloadAuthorization approved() { + return APPROVED; + } + + /** + * Creates a new denied DownloadAuthorization with the specified exlanation. + * + * @param explanation + * @return + */ + public static DownloadAuthorization denied(String explanation) { + return new DownloadAuthorization(Result.Denied, explanation); + } +}
