/** * Builds the proxy chain for the specified user. * * @param user The current user * @return The proxy chain for that user in List form */ public static List<String> buildProxiedEntitiesChain(final NiFiUser user) { // calculate the dn chain final List<String> proxyChain = new ArrayList<>(); // build the dn chain NiFiUser chainedUser = user; while (chainedUser != null) { // add the entry for this user if (chainedUser.isAnonymous()) { // use an empty string to represent an anonymous user in the proxy entities chain proxyChain.add(StringUtils.EMPTY); } else { proxyChain.add(chainedUser.getIdentity()); } // go to the next user in the chain chainedUser = chainedUser.getChain(); } return proxyChain; } }
@Override public void authorize(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) throws AccessDeniedException { if (user == null) { throw new AccessDeniedException("Unknown user."); } // authorize each element in the chain NiFiUser chainedUser = user; do { try { // perform the current user authorization Authorizable.super.authorize(authorizer, action, chainedUser, resourceContext); // go to the next user in the chain chainedUser = chainedUser.getChain(); } catch (final ResourceNotFoundException e) { throw new AccessDeniedException("Unknown source component."); } } while (chainedUser != null); } }
@Override public AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) { if (user == null) { return AuthorizationResult.denied("Unknown user."); } AuthorizationResult result = null; // authorize each element in the chain NiFiUser chainedUser = user; do { try { // perform the current user authorization result = Authorizable.super.checkAuthorization(authorizer, action, chainedUser, resourceContext); // if authorization is not approved, reject if (!Result.Approved.equals(result.getResult())) { return result; } // go to the next user in the chain chainedUser = chainedUser.getChain(); } catch (final ResourceNotFoundException e) { result = AuthorizationResult.denied("Unknown source component."); } } while (chainedUser != null); if (result == null) { result = AuthorizationResult.denied(); } return result; }