[ https://issues.apache.org/jira/browse/NIFI-1916?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15308733#comment-15308733 ]
ASF GitHub Bot commented on NIFI-1916: -------------------------------------- Github user jtstorck commented on a diff in the pull request: https://github.com/apache/nifi/pull/473#discussion_r65270822 --- Diff: nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-file-authorizer/src/main/java/org/apache/nifi/authorization/FileAuthorizer.java --- @@ -127,153 +145,766 @@ public void onConfigured(final AuthorizerConfigurationContext configurationConte } } - final PropertyValue rawReloadInterval = configurationContext.getProperty("Reload Interval"); + // load the authorizations + load(); + + // if there are no users or policies then see if an initial admin was provided + if (allUsers.get().isEmpty() && allPolicies.get().isEmpty()) { + final PropertyValue initialAdminIdentity = configurationContext.getProperty("Initial Admin Identity"); + if (initialAdminIdentity != null && !StringUtils.isBlank(initialAdminIdentity.getValue())) { + populateInitialAdmin(initialAdminIdentity.getValue()); + } + } + + // if we've copied the authorizations file to a restore directory synchronize it + if (restoreAuthorizationsFile != null) { + FileUtils.copyFile(authorizationsFile, restoreAuthorizationsFile, false, false, logger); + } + + logger.info(String.format("Authorizations file loaded at %s", new Date().toString())); + + } catch (IOException | AuthorizerCreationException | JAXBException | IllegalStateException e) { + throw new AuthorizerCreationException(e); + } + } + + /** + * Reloads the authorized users file. + * + * @throws JAXBException Unable to reload the authorized users file + * @throws IOException Unable to sync file with restore + * @throws IllegalStateException Unable to sync file with restore + */ + private void load() throws JAXBException, IOException, IllegalStateException { + // attempt to unmarshal + final Unmarshaller unmarshaller = JAXB_CONTEXT.createUnmarshaller(); + unmarshaller.setSchema(schema); + final JAXBElement<Authorizations> element = unmarshaller.unmarshal(new StreamSource(authorizationsFile), Authorizations.class); + + final Authorizations authorizations = element.getValue(); + + if (authorizations.getUsers() == null) { + authorizations.setUsers(new Users()); + } + if (authorizations.getGroups() == null) { + authorizations.setGroups(new Groups()); + } + if (authorizations.getPolicies() == null) { + authorizations.setPolicies(new Policies()); + } + + this.authorizations.set(authorizations); + load(authorizations); + } + + /** + * Loads the internal data structures from the given Authorizations. + * + * @param authorizations the Authorizations to populate from + */ + private void load(final Authorizations authorizations) { + // load all users + final Users users = authorizations.getUsers(); + final Set<User> allUsers = Collections.unmodifiableSet(createUsers(users)); + + // load all groups + final Groups groups = authorizations.getGroups(); + final Set<Group> allGroups = Collections.unmodifiableSet(createGroups(groups, users)); + + // load all access policies + final Policies policies = authorizations.getPolicies(); + final Set<AccessPolicy> allPolicies = Collections.unmodifiableSet(createAccessPolicies(policies)); + + // create a convenience map to retrieve a user by id + final Map<String, User> userByIdMap = Collections.unmodifiableMap(createUserByIdMap(allUsers)); + + // create a convenience map to retrieve a user by identity + final Map<String, User> userByIdentityMap = Collections.unmodifiableMap(createUserByIdentityMap(allUsers)); + + // create a convenience map to retrieve a group by id + final Map<String, Group> groupByIdMap = Collections.unmodifiableMap(createGroupByIdMap(allGroups)); + + // create a convenience map from resource id to policies + final Map<String, Set<AccessPolicy>> resourcePolicies = Collections.unmodifiableMap(createResourcePolicyMap(allPolicies)); --- End diff -- Based on the other names of the maps here, do you think policiesByResourceId is a more descriptive/accurate name for `resourcePolicies`? > Make File Based Authorizer implement new User, Group, Policy API > ---------------------------------------------------------------- > > Key: NIFI-1916 > URL: https://issues.apache.org/jira/browse/NIFI-1916 > Project: Apache NiFi > Issue Type: Sub-task > Components: Core Framework > Reporter: Bryan Bende > Assignee: Bryan Bende > Fix For: 1.0.0 > > > This ticket is a sub-task of NIFI-1550 which is the larger effort to refactor > NiFi's authorization API. > This ticket specifically is to update the FileAuthorizer introduced on > master, to now extend from AbstractPolicyBasedAuthorizer and implement all of > the CRUD operations for Users, Groups, and Policies. -- This message was sent by Atlassian JIRA (v6.3.4#6332)