private boolean requiresAuthentication(final HttpServletRequest request) { return NiFiUserUtils.getNiFiUser() == null; }
/** * Builds the proxy chain for the specified user. * * @param user The current user * @return The proxy chain for that user in String form */ public static String buildProxiedEntitiesChainString(final NiFiUser user) { // calculate the dn chain List<String> proxyChain = NiFiUserUtils.buildProxiedEntitiesChain(user); if (proxyChain.isEmpty()) { return ANONYMOUS_CHAIN; } proxyChain = proxyChain.stream().map(ProxiedEntitiesUtils::formatProxyDn).collect(Collectors.toList()); return StringUtils.join(proxyChain, ""); }
@Override public UserGroupEntity createUserGroup(final Revision revision, final UserGroupDTO userGroupDTO) { final String creator = NiFiUserUtils.getNiFiUserIdentity(); final Group newUserGroup = userGroupDAO.createUserGroup(userGroupDTO); final Set<TenantEntity> tenantEntities = newUserGroup.getUsers().stream().map(mapUserIdToTenantEntity()).collect(Collectors.toSet()); final Set<AccessPolicySummaryEntity> policyEntities = userGroupDAO.getAccessPoliciesForUserGroup(newUserGroup.getIdentifier()).stream() .map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet()); final UserGroupDTO newUserGroupDto = dtoFactory.createUserGroupDto(newUserGroup, tenantEntities, policyEntities); final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant()); return entityFactory.createUserGroupEntity(newUserGroupDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), permissions); }
@Override public AsyncClusterResponse replicate(Set<NodeIdentifier> nodeIds, String method, URI uri, Object entity, Map<String, String> headers, final boolean indicateReplicated, final boolean performVerification) { return replicate(nodeIds, NiFiUserUtils.getNiFiUser(), method, uri, entity, headers, indicateReplicated, performVerification); }
@Override public UserEntity createUser(final Revision revision, final UserDTO userDTO) { final String creator = NiFiUserUtils.getNiFiUserIdentity(); final User newUser = userDAO.createUser(userDTO); final Set<TenantEntity> tenantEntities = userGroupDAO.getUserGroupsForUser(newUser.getIdentifier()).stream() .map(g -> g.getIdentifier()).map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()); final Set<AccessPolicySummaryEntity> policyEntities = userGroupDAO.getAccessPoliciesForUser(newUser.getIdentifier()).stream() .map(ap -> createAccessPolicySummaryEntity(ap)).collect(Collectors.toSet()); final UserDTO newUserDto = dtoFactory.createUserDto(newUser, tenantEntities, policyEntities); final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getTenant()); return entityFactory.createUserEntity(newUserDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), permissions); }
/** * Creates the PermissionsDTO based on the specified Authorizable. * * @param authorizable authorizable * @return dto */ public PermissionsDTO createPermissionsDto(final Authorizable authorizable) { return createPermissionsDto(authorizable, NiFiUserUtils.getNiFiUser()); }
@Override public AccessPolicyEntity createAccessPolicy(final Revision revision, final AccessPolicyDTO accessPolicyDTO) { final Authorizable tenantAuthorizable = authorizableLookup.getTenant(); final String creator = NiFiUserUtils.getNiFiUserIdentity(); final AccessPolicy newAccessPolicy = accessPolicyDAO.createAccessPolicy(accessPolicyDTO); final ComponentReferenceEntity componentReference = createComponentReferenceEntity(newAccessPolicy.getResource()); final AccessPolicyDTO newAccessPolicyDto = dtoFactory.createAccessPolicyDto(newAccessPolicy, newAccessPolicy.getGroups().stream().map(mapUserGroupIdToTenantEntity()).collect(Collectors.toSet()), newAccessPolicy.getUsers().stream().map(userId -> { final RevisionDTO userRevision = dtoFactory.createRevisionDTO(revisionManager.getRevision(userId)); return entityFactory.createTenantEntity(dtoFactory.createTenantDTO(userDAO.getUser(userId)), userRevision, dtoFactory.createPermissionsDto(tenantAuthorizable)); }).collect(Collectors.toSet()), componentReference); final PermissionsDTO permissions = dtoFactory.createPermissionsDto(authorizableLookup.getAccessPolicyById(accessPolicyDTO.getId())); return entityFactory.createAccessPolicyEntity(newAccessPolicyDto, dtoFactory.createRevisionDTO(new FlowModification(revision, creator)), permissions); }
public static String getNiFiUserIdentity() { // get the nifi user to extract the username NiFiUser user = NiFiUserUtils.getNiFiUser(); if (user == null) { return "unknown"; } else { return user.getIdentity(); } }
final ControllerServiceReference reference, final Map<String, Revision> revisions, final Set<ControllerServiceNode> visited) { final String modifier = NiFiUserUtils.getNiFiUserIdentity(); final Set<ComponentNode> referencingComponents = reference.getReferencingComponents();
@Override public AsyncClusterResponse replicate(String method, URI uri, Object entity, Map<String, String> headers) { return replicate(NiFiUserUtils.getNiFiUser(), method, uri, entity, headers); }
@Override public AsyncClusterResponse forwardToCoordinator(final NodeIdentifier coordinatorNodeId, final String method, final URI uri, final Object entity, final Map<String, String> headers) { return forwardToCoordinator(coordinatorNodeId, NiFiUserUtils.getNiFiUser(), method, uri, entity, headers); }
@Override public Set<RemoteProcessGroupEntity> getRemoteProcessGroups(final String groupId) { final NiFiUser user = NiFiUserUtils.getNiFiUser(); final Set<RemoteProcessGroup> rpgs = remoteProcessGroupDAO.getRemoteProcessGroups(groupId); return rpgs.stream() .map(rpg -> createRemoteGroupEntity(rpg, user)) .collect(Collectors.toSet()); }
@Override public Set<ProcessorEntity> getProcessors(final String groupId, final boolean includeDescendants) { final Set<ProcessorNode> processors = processorDAO.getProcessors(groupId, includeDescendants); final NiFiUser user = NiFiUserUtils.getNiFiUser(); return processors.stream() .map(processor -> createProcessorEntity(processor, user)) .collect(Collectors.toSet()); }
@Override public void doFilter(final ServletRequest req, final ServletResponse resp, final FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest request = (HttpServletRequest) req; // only log http requests has https requests are logged elsewhere if ("http".equalsIgnoreCase(request.getScheme())) { final NiFiUser user = NiFiUserUtils.getNiFiUser(); // get the user details for the log message String identity = "<no user found>"; if (user != null) { identity = user.getIdentity(); } // log the request attempt - response details will be logged later logger.info(String.format("Attempting request for (%s) %s %s (source ip: %s)", identity, request.getMethod(), request.getRequestURL().toString(), request.getRemoteAddr())); } // continue the filter chain filterChain.doFilter(req, resp); }
/** * Authorize any restrictions for the specified ComponentAuthorizable. * * @param authorizer authorizer * @param authorizable component authorizable */ protected void authorizeRestrictions(final Authorizer authorizer, final ComponentAuthorizable authorizable) { authorizable.getRestrictedAuthorizables().forEach(restrictionAuthorizable -> restrictionAuthorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser())); }
@Override public RemoteProcessGroupEntity getRemoteProcessGroup(final String remoteProcessGroupId) { final RemoteProcessGroup rpg = remoteProcessGroupDAO.getRemoteProcessGroup(remoteProcessGroupId); return createRemoteGroupEntity(rpg, NiFiUserUtils.getNiFiUser()); }
@Override public String getCurrentUserIdentity() { final NiFiUser user = NiFiUserUtils.getNiFiUser(); authorizeFlowAccess(user); return user.getIdentity(); }
@Override public VersionedFlow deleteVersionedFlow(final String registryId, final String bucketId, final String flowId) { final FlowRegistry registry = flowRegistryClient.getFlowRegistry(registryId); if (registry == null) { throw new IllegalArgumentException("No Flow Registry exists with ID " + registryId); } try { return registry.deleteVersionedFlow(bucketId, flowId, NiFiUserUtils.getNiFiUser()); } catch (final IOException | NiFiRegistryException e) { throw new NiFiCoreException("Failed to remove flow from Flow Registry due to " + e.getMessage(), e); } }
@Override public ProcessorEntity getProcessor(final String id) { final ProcessorNode processor = processorDAO.getProcessor(id); return createProcessorEntity(processor, NiFiUserUtils.getNiFiUser()); }
@Override public ControllerService getControllerService(final String serviceIdentifier, final String componentId) { final NiFiUser user = NiFiUserUtils.getNiFiUser(); authorizeFlowAccess(user); return controllerServiceProvider.getControllerServiceForComponent(serviceIdentifier, componentId); }