@Override public PortAuthorizationResult checkUserAuthorization(NiFiUser user) { if (!secure) { return new StandardPortAuthorizationResult(true, "Site-to-Site is not Secure"); } if (user == null) { final String message = String.format("%s authorization failed because the user is unknown", this, user); logger.warn(message); eventReporter.reportEvent(Severity.WARNING, CATEGORY, message); return new StandardPortAuthorizationResult(false, "User is not known"); } // perform the authorization final Authorizable dataTransferAuthorizable = new DataTransferAuthorizable(this); final AuthorizationResult result = dataTransferAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user); if (!Result.Approved.equals(result.getResult())) { final String message = String.format("%s authorization failed for user %s because %s", this, user.getIdentity(), result.getExplanation()); logger.warn(message); eventReporter.reportEvent(Severity.WARNING, CATEGORY, message); return new StandardPortAuthorizationResult(false, message); } return new StandardPortAuthorizationResult(true, "User is Authorized"); }
@Override public ActionEntity getAction(final Integer actionId) { // get the action final Action action = auditService.getAction(actionId); // ensure the action was found if (action == null) { throw new ResourceNotFoundException(String.format("Unable to find action with id '%s'.", actionId)); } final AuthorizationResult result = authorizeAction(action); final boolean authorized = Result.Approved.equals(result.getResult()); if (!authorized) { throw new AccessDeniedException(result.getExplanation()); } // return the action return entityFactory.createActionEntity(dtoFactory.createActionDto(action), authorized); }
/** * Authorizes access to data transfers. * <p> * Note: Protected for testing purposes */ protected void authorizeDataTransfer(final AuthorizableLookup lookup, final ResourceType resourceType, final String identifier) { final NiFiUser user = NiFiUserUtils.getNiFiUser(); // ensure the resource type is correct if (!ResourceType.InputPort.equals(resourceType) && !ResourceType.OutputPort.equals(resourceType)) { throw new IllegalArgumentException("The resource must be an Input or Output Port."); } // get the authorizable final RootGroupPortAuthorizable authorizable; if (ResourceType.InputPort.equals(resourceType)) { authorizable = lookup.getRootGroupInputPort(identifier); } else { authorizable = lookup.getRootGroupOutputPort(identifier); } // perform the authorization final AuthorizationResult authorizationResult = authorizable.checkAuthorization(user); if (!Result.Approved.equals(authorizationResult.getResult())) { throw new AccessDeniedException(authorizationResult.getExplanation()); } }
throw new AccessDeniedException(failure.getExplanation()); } else { throw new AccessDeniedException(result.getExplanation());
&& !Result.Approved.equals(replayAuthorized.getResult()) ? replayAuthorized.getExplanation() : contentAvailability.getReasonNotReplayable()); dto.setSourceConnectionIdentifier(event.getSourceQueueIdentifier()); } else { dto.setReplayAvailable(false); dto.setReplayExplanation(dataResult.getExplanation());
@Override public PortAuthorizationResult checkUserAuthorization(NiFiUser user) { if (!secure) { return new StandardPortAuthorizationResult(true, "Site-to-Site is not Secure"); } if (user == null) { final String message = String.format("%s authorization failed because the user is unknown", this, user); logger.warn(message); eventReporter.reportEvent(Severity.WARNING, CATEGORY, message); return new StandardPortAuthorizationResult(false, "User is not known"); } // perform the authorization final Authorizable dataTransferAuthorizable = new DataTransferAuthorizable(this); final AuthorizationResult result = dataTransferAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user); if (!Result.Approved.equals(result.getResult())) { final String message = String.format("%s authorization failed for user %s because %s", this, user.getIdentity(), result.getExplanation()); logger.warn(message); eventReporter.reportEvent(Severity.WARNING, CATEGORY, message); return new StandardPortAuthorizationResult(false, message); } return new StandardPortAuthorizationResult(true, "User is Authorized"); }