[
https://issues.apache.org/jira/browse/NIFI-3653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15946047#comment-15946047
]
Michael Moser commented on NIFI-3653:
-------------------------------------
[~mcgilman] We started implementing that approach, but we ended up wanting to
copy large portions of the AbstractPolicyBasedAuthorizer into our own custom
Authorizer. It didn't seem very clean to do it this way.
> Allow extension of authorize method in AbstractPolicyBasedAuthorizer
> --------------------------------------------------------------------
>
> Key: NIFI-3653
> URL: https://issues.apache.org/jira/browse/NIFI-3653
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Core Framework
> Reporter: Michael Moser
>
> While investigating alternate implementations of the Authorizer interface, I
> see the AbstractPolicyBasedAuthorizer is meant to be extended. It's
> authorize() method is final, however, and does not have an abstract
> doAuthorize() method that sub-classes can extend.
> In particular, the existing AbstractPolicyBasedAuthorizer authorize() method
> does not take into account the AuthorizationRequest "resourceContext" in its
> authorization decision. This is especially important when authorizing access
> to events in Provenance, which places attributes in resouceContext of its
> AuthorizationRequest when obtaining an authorization decision. I would like
> to use attributes to authorize access to Provenance download & view content
> feature.
> If I had my own sub-class of AbstractPolicyBasedAuthorizer, with the
> availability of a doAuthorize() method, then I could maintain my own user
> policies for allowing access to flowfile content via Provenance.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
