Repository: nifi Updated Branches: refs/heads/master 09b124714 -> 01adb050f
NIFI-2421: - Only attempting to clone policies when NiFI supports a configurable authorizer. This closes #738 Signed-off-by: jpercivall <[email protected]> Project: http://git-wip-us.apache.org/repos/asf/nifi/repo Commit: http://git-wip-us.apache.org/repos/asf/nifi/commit/01adb050 Tree: http://git-wip-us.apache.org/repos/asf/nifi/tree/01adb050 Diff: http://git-wip-us.apache.org/repos/asf/nifi/diff/01adb050 Branch: refs/heads/master Commit: 01adb050f93ced1fe0ff85963265d286e1817a69 Parents: 09b1247 Author: Matt Gilman <[email protected]> Authored: Thu Jul 28 12:56:39 2016 -0400 Committer: jpercivall <[email protected]> Committed: Thu Jul 28 13:01:20 2016 -0400 ---------------------------------------------------------------------- .../org/apache/nifi/web/StandardNiFiServiceFacade.java | 3 +-- .../java/org/apache/nifi/web/dao/AccessPolicyDAO.java | 7 +++++++ .../web/dao/impl/StandardPolicyBasedAuthorizerDAO.java | 8 ++++++++ .../java/org/apache/nifi/web/util/SnippetUtils.java | 12 ++++++++++++ 4 files changed, 28 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/nifi/blob/01adb050/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java index 77696df..3b010d5 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/StandardNiFiServiceFacade.java @@ -23,7 +23,6 @@ import org.apache.nifi.action.FlowChangeAction; import org.apache.nifi.action.Operation; import org.apache.nifi.action.details.FlowChangePurgeDetails; import org.apache.nifi.admin.service.AuditService; -import org.apache.nifi.authorization.AbstractPolicyBasedAuthorizer; import org.apache.nifi.authorization.AccessDeniedException; import org.apache.nifi.authorization.AccessPolicy; import org.apache.nifi.authorization.AuthorizableLookup; @@ -999,7 +998,7 @@ public class StandardNiFiServiceFacade implements NiFiServiceFacade { logger.debug("Deletion of component {} was successful", resourceIdentifier); // clean up the policy if necessary and configured with a policy based authorizer - if (cleanUpPolicies && authorizer instanceof AbstractPolicyBasedAuthorizer) { + if (cleanUpPolicies && accessPolicyDAO.supportsConfigurableAuthorizer()) { try { // since the component is being deleted, also delete any relevant read access policies final AccessPolicy readPolicy = accessPolicyDAO.getAccessPolicy(RequestAction.READ, resourceIdentifier); http://git-wip-us.apache.org/repos/asf/nifi/blob/01adb050/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/AccessPolicyDAO.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/AccessPolicyDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/AccessPolicyDAO.java index 05b7fd7..009ec9c 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/AccessPolicyDAO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/AccessPolicyDAO.java @@ -24,6 +24,13 @@ import org.apache.nifi.web.api.dto.AccessPolicyDTO; public interface AccessPolicyDAO { /** + * Whether or not NiFi supports a configurable authorizer. + * + * @return whether or not NiFi supports a configurable authorizer + */ + boolean supportsConfigurableAuthorizer(); + + /** * @param accessPolicyId access policy ID * @return Determines if the specified access policy exists */ http://git-wip-us.apache.org/repos/asf/nifi/blob/01adb050/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java index a4be613..4c41584 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/dao/impl/StandardPolicyBasedAuthorizerDAO.java @@ -46,10 +46,12 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr static final String MSG_NON_ABSTRACT_POLICY_BASED_AUTHORIZER = "This NiFi is not configured to internally manage users, groups, and policies. Please contact your system administrator."; private final AbstractPolicyBasedAuthorizer authorizer; + private final boolean supportsConfigurableAuthorizer; public StandardPolicyBasedAuthorizerDAO(final Authorizer authorizer) { if (authorizer instanceof AbstractPolicyBasedAuthorizer) { this.authorizer = (AbstractPolicyBasedAuthorizer) authorizer; + this.supportsConfigurableAuthorizer = true; } else { this.authorizer = new AbstractPolicyBasedAuthorizer() { @Override @@ -149,6 +151,7 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr public void preDestruction() throws AuthorizerDestructionException { } }; + this.supportsConfigurableAuthorizer = false; } } @@ -160,6 +163,11 @@ public class StandardPolicyBasedAuthorizerDAO implements AccessPolicyDAO, UserGr } @Override + public boolean supportsConfigurableAuthorizer() { + return supportsConfigurableAuthorizer; + } + + @Override public boolean hasAccessPolicy(final String accessPolicyId) { return authorizer.getAccessPolicy(accessPolicyId) != null; } http://git-wip-us.apache.org/repos/asf/nifi/blob/01adb050/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/util/SnippetUtils.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/util/SnippetUtils.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/util/SnippetUtils.java index e7b69c1..f88889e 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/util/SnippetUtils.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/util/SnippetUtils.java @@ -612,6 +612,10 @@ public final class SnippetUtils { * @param idGenerationSeed id generation seed */ private void cloneComponentSpecificPolicies(final Resource originalComponentResource, final Resource clonedComponentResource, final String idGenerationSeed) { + if (!accessPolicyDAO.supportsConfigurableAuthorizer()) { + return; + } + final Map<Resource, Resource> resources = new HashMap<>(); resources.put(originalComponentResource, clonedComponentResource); resources.put(ResourceFactory.getDataResource(originalComponentResource), ResourceFactory.getDataResource(clonedComponentResource)); @@ -661,6 +665,10 @@ public final class SnippetUtils { * @param snippet snippet */ public void rollbackClonedPolicies(final FlowSnippetDTO snippet) { + if (!accessPolicyDAO.supportsConfigurableAuthorizer()) { + return; + } + snippet.getControllerServices().forEach(controllerServiceDTO -> { rollbackClonedPolicy(ResourceFactory.getComponentResource(ResourceType.ControllerService, controllerServiceDTO.getId(), controllerServiceDTO.getName())); }); @@ -699,6 +707,10 @@ public final class SnippetUtils { * @param componentResource component resource */ private void rollbackClonedPolicy(final Resource componentResource) { + if (!accessPolicyDAO.supportsConfigurableAuthorizer()) { + return; + } + final List<Resource> resources = new ArrayList<>(); resources.add(componentResource); resources.add(ResourceFactory.getDataResource(componentResource));
