http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/GetUserGroupAction.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/GetUserGroupAction.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/GetUserGroupAction.java deleted file mode 100644 index 5377c46..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/GetUserGroupAction.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.action; - -import org.apache.nifi.admin.dao.DAOFactory; -import org.apache.nifi.admin.dao.DataAccessException; -import org.apache.nifi.admin.dao.UserDAO; -import org.apache.nifi.authorization.AuthorityProvider; -import org.apache.nifi.user.NiFiUserGroup; - -/** - * - */ -public class GetUserGroupAction implements AdministrationAction<NiFiUserGroup> { - - private final String group; - - public GetUserGroupAction(String group) { - this.group = group; - } - - @Override - public NiFiUserGroup execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException { - final UserDAO userDAO = daoFactory.getUserDAO(); - final NiFiUserGroup userGroup = new NiFiUserGroup(); - - // set the group - userGroup.setGroup(group); - - // get the users in this group - userGroup.setUsers(userDAO.findUsersForGroup(group)); - - // return the group - return userGroup; - } -}
http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/GetUsersAction.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/GetUsersAction.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/GetUsersAction.java deleted file mode 100644 index 42d180e..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/GetUsersAction.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.action; - -import java.util.Collection; -import org.apache.nifi.admin.dao.DAOFactory; -import org.apache.nifi.admin.dao.DataAccessException; -import org.apache.nifi.admin.dao.UserDAO; -import org.apache.nifi.authorization.AuthorityProvider; -import org.apache.nifi.user.NiFiUser; - -/** - * - */ -public class GetUsersAction implements AdministrationAction<Collection<NiFiUser>> { - - @Override - public Collection<NiFiUser> execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException { - // get a UserDAO - UserDAO userDAO = daoFactory.getUserDAO(); - - // return the desired user - return userDAO.findUsers(); - } -} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/HasPendingUserAccounts.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/HasPendingUserAccounts.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/HasPendingUserAccounts.java deleted file mode 100644 index 3325642..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/HasPendingUserAccounts.java +++ /dev/null @@ -1,34 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.action; - -import org.apache.nifi.admin.dao.DAOFactory; -import org.apache.nifi.admin.dao.DataAccessException; -import org.apache.nifi.admin.dao.UserDAO; -import org.apache.nifi.authorization.AuthorityProvider; - -/** - * Action for creating a NiFiUser account. - */ -public class HasPendingUserAccounts extends AbstractUserAction<Boolean> { - - @Override - public Boolean execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException { - UserDAO userDao = daoFactory.getUserDAO(); - return userDao.hasPendingUserAccounts(); - } -} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserAccountAction.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserAccountAction.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserAccountAction.java deleted file mode 100644 index 14596b2..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserAccountAction.java +++ /dev/null @@ -1,58 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.action; - -import org.apache.nifi.admin.dao.DAOFactory; -import org.apache.nifi.admin.dao.DataAccessException; -import org.apache.nifi.admin.dao.UserDAO; -import org.apache.nifi.admin.service.AccountNotFoundException; -import org.apache.nifi.authorization.AuthorityProvider; -import org.apache.nifi.user.NiFiUser; - -/** - * Invalidates a user account. - */ -public class InvalidateUserAccountAction implements AdministrationAction<Void> { - - private final String id; - - public InvalidateUserAccountAction(String id) { - this.id = id; - } - - @Override - public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException { - UserDAO userDao = daoFactory.getUserDAO(); - - // get the current user details - NiFiUser user = userDao.findUserById(id); - - // ensure the user exists - if (user == null) { - throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", id)); - } - - // invalidate the user account - user.setLastVerified(null); - - // create the user entry - userDao.updateUser(user); - - return null; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserGroupAccountsAction.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserGroupAccountsAction.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserGroupAccountsAction.java deleted file mode 100644 index 0cb7e14..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/InvalidateUserGroupAccountsAction.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.action; - -import org.apache.nifi.admin.dao.DAOFactory; -import org.apache.nifi.admin.dao.DataAccessException; -import org.apache.nifi.admin.dao.UserDAO; -import org.apache.nifi.authorization.AuthorityProvider; - -/** - * Invalidates a user account. - */ -public class InvalidateUserGroupAccountsAction implements AdministrationAction<Void> { - - private final String group; - - public InvalidateUserGroupAccountsAction(String group) { - this.group = group; - } - - @Override - public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException { - UserDAO userDao = daoFactory.getUserDAO(); - - // create the user entry - userDao.updateGroupVerification(group, null); - - return null; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/PurgeActionsAction.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/PurgeActionsAction.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/PurgeActionsAction.java deleted file mode 100644 index b5a2883..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/PurgeActionsAction.java +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.action; - -import java.util.Date; -import org.apache.nifi.action.Action; -import org.apache.nifi.admin.dao.ActionDAO; -import org.apache.nifi.admin.dao.DAOFactory; -import org.apache.nifi.authorization.AuthorityProvider; - -/** - * Purges actions up to a specified end date. - */ -public class PurgeActionsAction implements AdministrationAction<Void> { - - private final Date end; - private final Action purgeAction; - - public PurgeActionsAction(Date end, Action purgeAction) { - this.end = end; - this.purgeAction = purgeAction; - } - - @Override - public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) { - ActionDAO actionDao = daoFactory.getActionDAO(); - - // remove the corresponding actions - actionDao.deleteActions(end); - - // create a purge action - actionDao.createAction(purgeAction); - - return null; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java deleted file mode 100644 index 3dce6d9..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/RequestUserAccountAction.java +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.action; - -import java.util.Date; -import org.apache.nifi.admin.dao.DAOFactory; -import org.apache.nifi.admin.dao.DataAccessException; -import org.apache.nifi.admin.dao.UserDAO; -import org.apache.nifi.authorization.AuthorityProvider; -import org.apache.nifi.security.util.CertificateUtils; -import org.apache.nifi.user.AccountStatus; -import org.apache.nifi.user.NiFiUser; - -/** - * - */ -public class RequestUserAccountAction implements AdministrationAction<NiFiUser> { - - private final String dn; - private final String justification; - - public RequestUserAccountAction(String dn, String justification) { - this.dn = dn; - this.justification = justification; - } - - @Override - public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException { - UserDAO userDao = daoFactory.getUserDAO(); - - // determine if this user already exists - NiFiUser user = userDao.findUserByDn(dn); - if (user != null) { - throw new IllegalArgumentException(String.format("User account for %s already exists.", dn)); - } - - // create the user - user = new NiFiUser(); - user.setDn(dn); - user.setUserName(CertificateUtils.extractUsername(dn)); - user.setJustification(justification); - user.setStatus(AccountStatus.PENDING); - - // update user timestamps - Date now = new Date(); - user.setCreation(now); - - // create the new user account - userDao.createUser(user); - - return user; - } -} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java deleted file mode 100644 index 72d68db..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/SeedUserAccountsAction.java +++ /dev/null @@ -1,164 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.action; - -import java.util.HashSet; -import java.util.Set; -import org.apache.nifi.admin.dao.DAOFactory; -import org.apache.nifi.admin.dao.DataAccessException; -import org.apache.nifi.admin.dao.UserDAO; -import org.apache.nifi.admin.service.AdministrationException; -import org.apache.nifi.authorization.Authority; -import org.apache.nifi.authorization.AuthorityProvider; -import org.apache.nifi.authorization.exception.AuthorityAccessException; -import org.apache.nifi.authorization.exception.UnknownIdentityException; -import org.apache.nifi.security.util.CertificateUtils; -import org.apache.nifi.user.AccountStatus; -import org.apache.nifi.user.NiFiUser; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * Seeds the user accounts. This action is performed at start up because it - * takes the users specified in the authority provider and makes them available - * to be seen in the UI. This happens because the UI loads the users from the - * cache. Without pre loading the users, the table in the UI would only show a - * given user once they have visited the application. - */ -public class SeedUserAccountsAction extends AbstractUserAction<Void> { - - private static final Logger logger = LoggerFactory.getLogger(SeedUserAccountsAction.class); - - @Override - public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException { - UserDAO userDao = daoFactory.getUserDAO(); - Set<String> authorizedDns = new HashSet<>(); - - // get the current user cache - final Set<NiFiUser> existingUsers; - try { - existingUsers = userDao.findUsers(); - } catch (Exception e) { - // unable to access local cache... start up failure - logger.error(String.format("Unable to get existing user base. Cannot proceed until these users can be " - + "verified against the current authority provider: %s", e)); - throw new AdministrationException(e); - } - - try { - // all users for all roles - for (final Authority authority : Authority.values()) { - authorizedDns.addAll(authorityProvider.getUsers(authority)); - } - } catch (AuthorityAccessException aae) { - // unable to access the authority provider... honor the cache - logger.warn("Unable to access authority provider due to " + aae); - return null; - } - - final Set<NiFiUser> accountsToRevoke = new HashSet<>(existingUsers); - - // persist the users - for (String dn : authorizedDns) { - NiFiUser user = null; - try { - // locate the user for this dn - user = userDao.findUserByDn(dn); - boolean newAccount = false; - - // if the user does not exist, create a new account - if (user == null) { - logger.info(String.format("Creating user account: %s", dn)); - newAccount = true; - - // create the user - user = new NiFiUser(); - user.setDn(dn); - user.setUserName(CertificateUtils.extractUsername(dn)); - user.setJustification("User details specified by authority provider."); - } else { - logger.info(String.format("User account already created: %s. Updating authorities...", dn)); - } - - // verify the account - verifyAccount(authorityProvider, user); - - // persist the account accordingly - if (newAccount) { - CreateUserAction createUser = new CreateUserAction(user); - createUser.execute(daoFactory, authorityProvider); - } else { - // this is not a new user and we have just verified their - // account, do not revoke... - accountsToRevoke.remove(user); - - // persist the user - UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user); - updateUser.execute(daoFactory, authorityProvider); - - // persist the user's authorities - UpdateUserAuthoritiesCacheAction updateUserAuthorities = new UpdateUserAuthoritiesCacheAction(user); - updateUserAuthorities.execute(daoFactory, authorityProvider); - } - } catch (DataAccessException dae) { - if (user != null) { - logger.warn(String.format("Unable to access account details in local cache for user %s: %s", user, dae.getMessage())); - } else { - logger.warn(String.format("Unable to access account details in local cache: %s", dae.getMessage())); - } - } catch (UnknownIdentityException uie) { - if (user != null) { - logger.warn(String.format("Unable to find account details in authority provider for user %s: %s", user, uie.getMessage())); - } else { - logger.warn(String.format("Unable to find account details in authority provider: %s", uie.getMessage())); - } - } catch (AuthorityAccessException aae) { - logger.warn("Unable to access authority provider due to " + aae); - - // unable to access authority provider for this user, honor the cache for now - accountsToRevoke.remove(user); - } - } - - // remove all users that are no longer in the provider - for (final NiFiUser user : accountsToRevoke) { - // allow pending requests to remain... - if (AccountStatus.PENDING.equals(user.getStatus())) { - continue; - } - - try { - logger.info(String.format("User not authorized with configured provider: %s. Disabling account...", user.getDn())); - - // disable the account and reset its last verified timestamp since it was not found - // in the current configured authority provider - user.setStatus(AccountStatus.DISABLED); - user.setLastVerified(null); - - // update the user record - UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user); - updateUser.execute(daoFactory, authorityProvider); - } catch (final Exception e) { - // unable to revoke access for someone we know is not authorized... fail start up - logger.error(String.format("Unable to revoke access for user %s that is no longer authorized: %s", user, e)); - throw new AdministrationException(e); - } - } - - return null; - } -} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java deleted file mode 100644 index 01eaf5f..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserAction.java +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.action; - -import org.apache.nifi.admin.dao.DAOFactory; -import org.apache.nifi.admin.dao.UserDAO; -import org.apache.nifi.admin.service.AccountNotFoundException; -import org.apache.nifi.admin.service.AdministrationException; -import org.apache.nifi.authorization.AuthorityProvider; -import org.apache.nifi.authorization.exception.AuthorityAccessException; -import org.apache.nifi.authorization.exception.UnknownIdentityException; -import org.apache.nifi.user.NiFiUser; - -/** - * - */ -public class UngroupUserAction extends AbstractUserAction<Void> { - - private final String userId; - - public UngroupUserAction(String userId) { - this.userId = userId; - } - - @Override - public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) { - final UserDAO userDao = daoFactory.getUserDAO(); - - // get the user in question - final NiFiUser user = userDao.findUserById(userId); - - // ensure the user exists - if (user == null) { - throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", userId)); - } - - // set the user group - user.setUserGroup(null); - - // update the user locally - userDao.updateUser(user); - - try { - // update the authority provider - authorityProvider.ungroupUser(user.getDn()); - } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to ungroup user '%s': %s", user.getDn(), uie.getMessage()), uie); - } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to ungroup user '%s': %s", user.getDn(), aae.getMessage()), aae); - } - - return null; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserGroupAction.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserGroupAction.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserGroupAction.java deleted file mode 100644 index fa24fbe..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UngroupUserGroupAction.java +++ /dev/null @@ -1,57 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.action; - -import org.apache.nifi.admin.dao.DAOFactory; -import org.apache.nifi.admin.dao.UserDAO; -import org.apache.nifi.admin.service.AccountNotFoundException; -import org.apache.nifi.admin.service.AdministrationException; -import org.apache.nifi.authorization.AuthorityProvider; -import org.apache.nifi.authorization.exception.AuthorityAccessException; -import org.apache.nifi.authorization.exception.UnknownIdentityException; - -/** - * - */ -public class UngroupUserGroupAction extends AbstractUserAction<Void> { - - private final String group; - - public UngroupUserGroupAction(String group) { - this.group = group; - } - - @Override - public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) { - final UserDAO userDao = daoFactory.getUserDAO(); - - // update the user locally - userDao.ungroup(group); - - try { - // update the authority provider - authorityProvider.ungroup(group); - } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to ungroup '%s': %s", group, uie.getMessage()), uie); - } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to ungroup '%s': %s", group, aae.getMessage()), aae); - } - - return null; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java deleted file mode 100644 index cef21d7..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAction.java +++ /dev/null @@ -1,124 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.action; - -import java.util.Date; -import java.util.Set; -import org.apache.nifi.admin.dao.DAOFactory; -import org.apache.nifi.admin.dao.DataAccessException; -import org.apache.nifi.admin.dao.UserDAO; -import org.apache.nifi.admin.service.AccountNotFoundException; -import org.apache.nifi.admin.service.AdministrationException; -import org.apache.nifi.authorization.Authority; -import org.apache.nifi.authorization.AuthorityProvider; -import org.apache.nifi.authorization.exception.AuthorityAccessException; -import org.apache.nifi.authorization.exception.IdentityAlreadyExistsException; -import org.apache.nifi.authorization.exception.UnknownIdentityException; -import org.apache.nifi.user.AccountStatus; -import org.apache.nifi.user.NiFiUser; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * Sets user authorities. - */ -public class UpdateUserAction extends AbstractUserAction<NiFiUser> { - - private static final Logger logger = LoggerFactory.getLogger(UpdateUserAction.class); - - private final String id; - private final Set<Authority> authorities; - - public UpdateUserAction(String id, Set<Authority> authorities) { - this.id = id; - this.authorities = authorities; - } - - @Override - public NiFiUser execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException, AdministrationException { - UserDAO userDao = daoFactory.getUserDAO(); - - // get the user - NiFiUser user = userDao.findUserById(id); - - // ensure the user exists - if (user == null) { - throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", id)); - } - - // determine whether this users exists - boolean doesDnExist = false; - try { - doesDnExist = authorityProvider.doesDnExist(user.getDn()); - } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae); - } - - // if the user already doesn't exist, add them - if (!doesDnExist) { - try { - // add the account account and group if necessary - authorityProvider.addUser(user.getDn(), user.getUserGroup()); - } catch (final IdentityAlreadyExistsException iaee) { - logger.warn(String.format("User '%s' already exists in the authority provider. Continuing with user update.", user.getDn())); - } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to access authorities for '%s': %s", user.getDn(), aae.getMessage()), aae); - } - } - - try { - // update the authority provider as approprivate - authorityProvider.setAuthorities(user.getDn(), authorities); - } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getDn(), uie.getMessage()), uie); - } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getDn(), aae.getMessage()), aae); - } - - try { - // get the user group - user.setUserGroup(authorityProvider.getGroupForUser(user.getDn())); - } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getDn(), uie.getMessage()), uie); - } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getDn(), aae.getMessage()), aae); - } - - // since all the authorities were updated accordingly, set the authorities - user.getAuthorities().clear(); - user.getAuthorities().addAll(authorities); - - // update the users status in case they were previously pending or disabled - user.setStatus(AccountStatus.ACTIVE); - - // update the users last verified time - this timestamp shouldn't be recorded - // until the both the user's authorities and group have been synced - Date now = new Date(); - user.setLastVerified(now); - - // persist the user's updates - UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user); - updateUser.execute(daoFactory, authorityProvider); - - // persist the user's authorities - UpdateUserAuthoritiesCacheAction updateUserAuthorities = new UpdateUserAuthoritiesCacheAction(user); - updateUserAuthorities.execute(daoFactory, authorityProvider); - - // return the user - return user; - } -} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAuthoritiesCacheAction.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAuthoritiesCacheAction.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAuthoritiesCacheAction.java deleted file mode 100644 index 89661b2..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserAuthoritiesCacheAction.java +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.action; - -import java.util.Set; -import org.apache.nifi.admin.dao.AuthorityDAO; -import org.apache.nifi.admin.dao.DAOFactory; -import org.apache.nifi.admin.dao.DataAccessException; -import org.apache.nifi.admin.dao.UserDAO; -import org.apache.nifi.admin.service.AccountNotFoundException; -import org.apache.nifi.authorization.Authority; -import org.apache.nifi.authorization.AuthorityProvider; -import org.apache.nifi.user.NiFiUser; -import org.apache.commons.collections4.CollectionUtils; - -/** - * Updates a NiFiUser's authorities. Prior to invoking this action, the user's - * authorities should be set according to the business logic of the service in - * question. This should not be invoked directly when attempting to set user - * authorities as the authorityProvider is not called from this action. - */ -public class UpdateUserAuthoritiesCacheAction extends AbstractUserAction<Void> { - - private final NiFiUser user; - - public UpdateUserAuthoritiesCacheAction(NiFiUser user) { - this.user = user; - } - - @Override - public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException { - UserDAO userDao = daoFactory.getUserDAO(); - AuthorityDAO authorityDao = daoFactory.getAuthorityDAO(); - - // get the user - NiFiUser currentUser = userDao.findUserById(user.getId()); - - // ensure the user exists - if (currentUser == null) { - throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", user.getId())); - } - - // determine what authorities need to be added/removed - Set<Authority> authorities = user.getAuthorities(); - Set<Authority> authoritiesToAdd = determineAuthoritiesToAdd(currentUser, authorities); - Set<Authority> authoritiesToRemove = determineAuthoritiesToRemove(currentUser, authorities); - - // update the user authorities locally - if (CollectionUtils.isNotEmpty(authoritiesToAdd)) { - authorityDao.createAuthorities(authoritiesToAdd, user.getId()); - } - if (CollectionUtils.isNotEmpty(authoritiesToRemove)) { - authorityDao.deleteAuthorities(authoritiesToRemove, user.getId()); - } - - return null; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserCacheAction.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserCacheAction.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserCacheAction.java deleted file mode 100644 index 288e297..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserCacheAction.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.action; - -import org.apache.nifi.admin.dao.DAOFactory; -import org.apache.nifi.admin.dao.DataAccessException; -import org.apache.nifi.admin.dao.UserDAO; -import org.apache.nifi.authorization.AuthorityProvider; -import org.apache.nifi.user.NiFiUser; - -/** - * Updates a NiFiUser. This will not update the user authorities, they must be - * updated with the UpdateUserAuthoritiesAction. - */ -public class UpdateUserCacheAction extends AbstractUserAction<Void> { - - private final NiFiUser user; - - public UpdateUserCacheAction(NiFiUser user) { - this.user = user; - } - - @Override - public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException { - UserDAO userDao = daoFactory.getUserDAO(); - - // update the user - userDao.updateUser(user); - - return null; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java deleted file mode 100644 index 56b214c..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/action/UpdateUserGroupAction.java +++ /dev/null @@ -1,171 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.action; - -import java.util.Date; -import java.util.HashSet; -import java.util.Set; -import org.apache.nifi.admin.dao.DAOFactory; -import org.apache.nifi.admin.dao.DataAccessException; -import org.apache.nifi.admin.dao.UserDAO; -import org.apache.nifi.admin.service.AccountNotFoundException; -import org.apache.nifi.admin.service.AdministrationException; -import org.apache.nifi.authorization.Authority; -import org.apache.nifi.authorization.AuthorityProvider; -import org.apache.nifi.authorization.exception.AuthorityAccessException; -import org.apache.nifi.authorization.exception.UnknownIdentityException; -import org.apache.nifi.user.AccountStatus; -import org.apache.nifi.user.NiFiUser; -import org.apache.commons.lang3.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * Updates all NiFiUser authorities in a specified group. - */ -public class UpdateUserGroupAction extends AbstractUserAction<Void> { - - private static final Logger logger = LoggerFactory.getLogger(UpdateUserGroupAction.class); - - private final String group; - private final Set<String> userIds; - private final Set<Authority> authorities; - - public UpdateUserGroupAction(String group, Set<String> userIds, Set<Authority> authorities) { - this.group = group; - this.userIds = userIds; - this.authorities = authorities; - } - - @Override - public Void execute(DAOFactory daoFactory, AuthorityProvider authorityProvider) throws DataAccessException { - if (userIds == null && authorities == null) { - throw new IllegalArgumentException("Must specify user Ids or authorities."); - } - - UserDAO userDao = daoFactory.getUserDAO(); - - // record the new users being added to this group - final Set<NiFiUser> newUsers = new HashSet<>(); - final Set<String> newUserDns = new HashSet<>(); - - // if the user ids have been specified we need to create/update a group using the specified group name - if (userIds != null) { - if (userIds.isEmpty()) { - throw new IllegalArgumentException("When creating a group, at least one user id must be specified."); - } - - // going to create a group using the specified user ids - for (final String userId : userIds) { - // get the user in question - final NiFiUser user = userDao.findUserById(userId); - - // ensure the user exists - if (user == null) { - throw new AccountNotFoundException(String.format("Unable to find account with ID %s.", userId)); - } - - try { - // if the user is unknown to the authority provider we cannot continue - if (!authorityProvider.doesDnExist(user.getDn()) || AccountStatus.DISABLED.equals(user.getStatus())) { - throw new IllegalStateException(String.format("Unable to group these users because access for '%s' is not %s.", user.getDn(), AccountStatus.ACTIVE.toString())); - } - - // record the user being added to this group - newUsers.add(user); - newUserDns.add(user.getDn()); - } catch (final AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to access authority details: %s", aae.getMessage()), aae); - } - } - - try { - // update the authority provider - authorityProvider.setUsersGroup(newUserDns, group); - } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserDns, ", "), uie.getMessage()), uie); - } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to set user group '%s': %s", StringUtils.join(newUserDns, ", "), aae.getMessage()), aae); - } - } - - // get all the users that need to be updated - final Set<NiFiUser> users = new HashSet<>(userDao.findUsersForGroup(group)); - users.addAll(newUsers); - - // ensure the user exists - if (users.isEmpty()) { - throw new AccountNotFoundException(String.format("Unable to find user accounts with group id %s.", group)); - } - - // update each user in this group - for (final NiFiUser user : users) { - // if there are new authorities set them, otherwise refresh them according to the provider - if (authorities != null) { - try { - // update the authority provider as approprivate - authorityProvider.setAuthorities(user.getDn(), authorities); - - // since all the authorities were updated accordingly, set the authorities - user.getAuthorities().clear(); - user.getAuthorities().addAll(authorities); - } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to modify authorities for '%s': %s.", user.getDn(), uie.getMessage()), uie); - } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getDn(), aae.getMessage()), aae); - } - } else { - try { - // refresh the authorities according to the provider - user.getAuthorities().clear(); - user.getAuthorities().addAll(authorityProvider.getAuthorities(user.getDn())); - } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to determine the authorities for '%s': %s.", user.getDn(), uie.getMessage()), uie); - } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to access authorities for '%s': %s.", user.getDn(), aae.getMessage()), aae); - } - } - - try { - // get the user group - user.setUserGroup(authorityProvider.getGroupForUser(user.getDn())); - } catch (UnknownIdentityException uie) { - throw new AccountNotFoundException(String.format("Unable to determine the group for '%s': %s.", user.getDn(), uie.getMessage()), uie); - } catch (AuthorityAccessException aae) { - throw new AdministrationException(String.format("Unable to access the group for '%s': %s.", user.getDn(), aae.getMessage()), aae); - } - - // update the users status in case they were previously pending or disabled - user.setStatus(AccountStatus.ACTIVE); - - // update the users last verified time - this timestamp shouldn't be recorded - // until the both the user's authorities and group have been synced - Date now = new Date(); - user.setLastVerified(now); - - // persist the user's updates - UpdateUserCacheAction updateUser = new UpdateUserCacheAction(user); - updateUser.execute(daoFactory, authorityProvider); - - // persist the user's authorities - UpdateUserAuthoritiesCacheAction updateUserAuthorities = new UpdateUserAuthoritiesCacheAction(user); - updateUserAuthorities.execute(daoFactory, authorityProvider); - } - - return null; - } -} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/impl/StandardAuditService.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/impl/StandardAuditService.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/impl/StandardAuditService.java deleted file mode 100644 index 127f1df..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/impl/StandardAuditService.java +++ /dev/null @@ -1,230 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.impl; - -import java.io.IOException; -import java.util.Collection; -import java.util.Date; -import java.util.List; -import java.util.Map; -import java.util.concurrent.locks.ReentrantReadWriteLock; -import org.apache.nifi.action.Action; -import org.apache.nifi.admin.dao.DataAccessException; -import org.apache.nifi.admin.service.AdministrationException; -import org.apache.nifi.admin.service.AuditService; -import org.apache.nifi.admin.service.action.AddActionsAction; -import org.apache.nifi.admin.service.action.GetActionAction; -import org.apache.nifi.admin.service.action.GetActionsAction; -import org.apache.nifi.admin.service.action.GetPreviousValues; -import org.apache.nifi.admin.service.action.PurgeActionsAction; -import org.apache.nifi.admin.service.transaction.Transaction; -import org.apache.nifi.admin.service.transaction.TransactionBuilder; -import org.apache.nifi.admin.service.transaction.TransactionException; -import org.apache.nifi.history.History; -import org.apache.nifi.history.HistoryQuery; -import org.apache.nifi.history.PreviousValue; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * - */ -public class StandardAuditService implements AuditService { - - private static final Logger logger = LoggerFactory.getLogger(StandardAuditService.class); - - private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock(); - private final ReentrantReadWriteLock.ReadLock readLock = lock.readLock(); - private final ReentrantReadWriteLock.WriteLock writeLock = lock.writeLock(); - - private TransactionBuilder transactionBuilder; - - @Override - public void addActions(Collection<Action> actions) { - Transaction transaction = null; - - writeLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // seed the accounts - AddActionsAction addActions = new AddActionsAction(actions); - transaction.execute(addActions); - - // commit the transaction - transaction.commit(); - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - writeLock.unlock(); - } - } - - @Override - public Map<String, List<PreviousValue>> getPreviousValues(String processorId) { - Transaction transaction = null; - Map<String, List<PreviousValue>> previousValues = null; - - readLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // seed the accounts - GetPreviousValues getActions = new GetPreviousValues(processorId); - previousValues = transaction.execute(getActions); - - // commit the transaction - transaction.commit(); - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - readLock.unlock(); - } - - return previousValues; - } - - @Override - public History getActions(HistoryQuery query) { - Transaction transaction = null; - History history = null; - - readLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // seed the accounts - GetActionsAction getActions = new GetActionsAction(query); - history = transaction.execute(getActions); - - // commit the transaction - transaction.commit(); - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - readLock.unlock(); - } - - return history; - } - - @Override - public Action getAction(Integer actionId) { - Transaction transaction = null; - Action action = null; - - readLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // seed the accounts - GetActionAction getAction = new GetActionAction(actionId); - action = transaction.execute(getAction); - - // commit the transaction - transaction.commit(); - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - readLock.unlock(); - } - - return action; - } - - @Override - public void purgeActions(Date end, Action purgeAction) { - Transaction transaction = null; - - writeLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // purge the action database - PurgeActionsAction purgeActions = new PurgeActionsAction(end, purgeAction); - transaction.execute(purgeActions); - - // commit the transaction - transaction.commit(); - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - writeLock.unlock(); - } - } - - /** - * Rolls back the specified transaction. - * - * @param transaction - */ - private void rollback(Transaction transaction) { - if (transaction != null) { - transaction.rollback(); - } - } - - /** - * Closes the specified transaction. - * - * @param transaction - */ - private void closeQuietly(final Transaction transaction) { - if (transaction != null) { - try { - transaction.close(); - } catch (final IOException ioe) { - } - } - } - - /* setters */ - public void setTransactionBuilder(TransactionBuilder transactionBuilder) { - this.transactionBuilder = transactionBuilder; - } - -} http://git-wip-us.apache.org/repos/asf/incubator-nifi/blob/f6d9354b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/impl/StandardUserService.java ---------------------------------------------------------------------- diff --git a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/impl/StandardUserService.java b/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/impl/StandardUserService.java deleted file mode 100644 index 5c9af4b..0000000 --- a/nifi/nar-bundles/framework-bundle/framework/administration/src/main/java/org/apache/nifi/admin/service/impl/StandardUserService.java +++ /dev/null @@ -1,663 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.nifi.admin.service.impl; - -import java.io.IOException; -import java.util.Collection; -import java.util.List; -import java.util.Map; -import java.util.Set; -import java.util.concurrent.TimeUnit; -import java.util.concurrent.locks.ReentrantReadWriteLock; - -import org.apache.nifi.admin.dao.DataAccessException; -import org.apache.nifi.admin.service.AccountDisabledException; -import org.apache.nifi.admin.service.AccountPendingException; -import org.apache.nifi.admin.service.AdministrationException; -import org.apache.nifi.admin.service.UserService; -import org.apache.nifi.admin.service.action.AuthorizeDownloadAction; -import org.apache.nifi.admin.service.action.AuthorizeUserAction; -import org.apache.nifi.admin.service.action.DeleteUserAction; -import org.apache.nifi.admin.service.action.DisableUserAction; -import org.apache.nifi.admin.service.action.DisableUserGroupAction; -import org.apache.nifi.admin.service.action.FindUserByDnAction; -import org.apache.nifi.admin.service.action.FindUserByIdAction; -import org.apache.nifi.admin.service.action.GetUserGroupAction; -import org.apache.nifi.admin.service.action.GetUsersAction; -import org.apache.nifi.admin.service.action.HasPendingUserAccounts; -import org.apache.nifi.admin.service.action.InvalidateUserAccountAction; -import org.apache.nifi.admin.service.action.InvalidateUserGroupAccountsAction; -import org.apache.nifi.admin.service.action.RequestUserAccountAction; -import org.apache.nifi.admin.service.action.SeedUserAccountsAction; -import org.apache.nifi.admin.service.action.UpdateUserAction; -import org.apache.nifi.admin.service.action.UpdateUserGroupAction; -import org.apache.nifi.admin.service.action.UngroupUserAction; -import org.apache.nifi.admin.service.action.UngroupUserGroupAction; -import org.apache.nifi.admin.service.transaction.Transaction; -import org.apache.nifi.admin.service.transaction.TransactionBuilder; -import org.apache.nifi.admin.service.transaction.TransactionException; -import org.apache.nifi.authorization.Authority; -import org.apache.nifi.authorization.DownloadAuthorization; -import org.apache.nifi.user.NiFiUser; -import org.apache.nifi.user.NiFiUserGroup; -import org.apache.nifi.util.FormatUtils; -import org.apache.nifi.util.NiFiProperties; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * - */ -public class StandardUserService implements UserService { - - private static final Logger logger = LoggerFactory.getLogger(StandardUserService.class); - - private final ReentrantReadWriteLock lock = new ReentrantReadWriteLock(); - private final ReentrantReadWriteLock.ReadLock readLock = lock.readLock(); - private final ReentrantReadWriteLock.WriteLock writeLock = lock.writeLock(); - - private TransactionBuilder transactionBuilder; - private NiFiProperties properties; - - /** - * Seed any users from the authority provider that are not already present. - */ - public void seedUserAccounts() { - // do not seed node's user cache. when/if the node disconnects its - // cache will be populated lazily (as needed) - if (properties.isNode()) { - return; - } - - Transaction transaction = null; - writeLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // seed the accounts - SeedUserAccountsAction seedUserAccounts = new SeedUserAccountsAction(); - transaction.execute(seedUserAccounts); - - // commit the transaction - transaction.commit(); - } catch (AdministrationException ae) { - rollback(transaction); - throw ae; - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - writeLock.unlock(); - } - } - - @Override - public NiFiUser createPendingUserAccount(String dn, String justification) { - Transaction transaction = null; - - writeLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // create the account request - RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(dn, justification); - NiFiUser user = transaction.execute(requestUserAccount); - - // commit the transaction - transaction.commit(); - - // return the nifi user - return user; - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - writeLock.unlock(); - } - } - - @Override - public NiFiUserGroup updateGroup(final String group, final Set<String> userIds, final Set<Authority> authorities) { - Transaction transaction = null; - - writeLock.lock(); - try { - // if user ids have been specified, invalidate the user accounts before performing - // the desired updates. if case of an error, this will ensure that these users are - // authorized the next time the access the application - if (userIds != null) { - for (final String userId : userIds) { - invalidateUserAccount(userId); - } - } - - // start the transaction - transaction = transactionBuilder.start(); - - // set the authorities for each user in this group if specified - final UpdateUserGroupAction updateUserGroup = new UpdateUserGroupAction(group, userIds, authorities); - transaction.execute(updateUserGroup); - - // get all the users that are now in this group - final GetUserGroupAction getUserGroup = new GetUserGroupAction(group); - final NiFiUserGroup userGroup = transaction.execute(getUserGroup); - - // commit the transaction - transaction.commit(); - - return userGroup; - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - writeLock.unlock(); - } - } - - @Override - public void ungroupUser(String id) { - Transaction transaction = null; - - writeLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // ungroup the specified user - final UngroupUserAction ungroupUser = new UngroupUserAction(id); - transaction.execute(ungroupUser); - - // commit the transaction - transaction.commit(); - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - writeLock.unlock(); - } - } - - @Override - public void ungroup(String group) { - Transaction transaction = null; - - writeLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // ungroup the specified user - final UngroupUserGroupAction ungroupUserGroup = new UngroupUserGroupAction(group); - transaction.execute(ungroupUserGroup); - - // commit the transaction - transaction.commit(); - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - writeLock.unlock(); - } - } - - @Override - public NiFiUser checkAuthorization(String dn) { - Transaction transaction = null; - - writeLock.lock(); - try { - // create the connection - transaction = transactionBuilder.start(); - - // determine how long the cache is valid for - final int cacheSeconds; - try { - cacheSeconds = (int) FormatUtils.getTimeDuration(properties.getUserCredentialCacheDuration(), TimeUnit.SECONDS); - } catch (IllegalArgumentException iae) { - throw new AdministrationException("User credential cache duration is not configured correctly."); - } - - // attempt to authorize the user - AuthorizeUserAction authorizeUser = new AuthorizeUserAction(dn, cacheSeconds); - NiFiUser user = transaction.execute(authorizeUser); - - // commit the transaction - transaction.commit(); - - // return the nifi user - return user; - } catch (DataAccessException | TransactionException dae) { - rollback(transaction); - throw new AdministrationException(dae); - } catch (AccountDisabledException | AccountPendingException ade) { - rollback(transaction); - throw ade; - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - writeLock.unlock(); - } - } - - @Override - public void deleteUser(String id) { - Transaction transaction = null; - - writeLock.lock(); - try { - // create the connection - transaction = transactionBuilder.start(); - - // delete the user - DeleteUserAction deleteUser = new DeleteUserAction(id); - transaction.execute(deleteUser); - - // commit the transaction - transaction.commit(); - } catch (DataAccessException | TransactionException dae) { - rollback(transaction); - throw new AdministrationException(dae); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - writeLock.unlock(); - } - } - - @Override - public NiFiUser disable(String id) { - Transaction transaction = null; - - writeLock.lock(); - try { - // create the connection - transaction = transactionBuilder.start(); - - // disable the user - DisableUserAction disableUser = new DisableUserAction(id); - NiFiUser user = transaction.execute(disableUser); - - // commit the transaction - transaction.commit(); - - // return the user - return user; - } catch (DataAccessException | TransactionException dae) { - rollback(transaction); - throw new AdministrationException(dae); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - writeLock.unlock(); - } - } - - @Override - public NiFiUserGroup disableGroup(String group) { - Transaction transaction = null; - - writeLock.lock(); - try { - // create the connection - transaction = transactionBuilder.start(); - - // disable the user - DisableUserGroupAction disableUser = new DisableUserGroupAction(group); - NiFiUserGroup userGroup = transaction.execute(disableUser); - - // commit the transaction - transaction.commit(); - - // return the user - return userGroup; - } catch (DataAccessException | TransactionException dae) { - rollback(transaction); - throw new AdministrationException(dae); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - writeLock.unlock(); - } - } - - @Override - public NiFiUser update(String id, Set<Authority> authorities) { - Transaction transaction = null; - - // may be empty but not null - if (authorities == null) { - throw new IllegalArgumentException("The specified authorities cannot be null."); - } - - writeLock.lock(); - try { - // invalidate the user account in preparation for potential subsequent errors - invalidateUserAccount(id); - - // at this point the current user account has been invalidated so we will - // attempt to update the account. if any part fails we are assured the - // user will be need to be given approval before they access the system at - // a later time - // start the transaction - transaction = transactionBuilder.start(); - - // update the user authorities - UpdateUserAction setUserAuthorities = new UpdateUserAction(id, authorities); - NiFiUser user = transaction.execute(setUserAuthorities); - - // commit the transaction - transaction.commit(); - - // return the user - return user; - } catch (TransactionException | DataAccessException e) { - rollback(transaction); - throw new AdministrationException(e); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - writeLock.unlock(); - } - } - - /** - * Invalidates the user with the specified id. This is done to ensure a user - * account will need to be re-validated in case an error occurs while - * modifying a user account. This method should only be invoked from within - * a write lock. - * - * @param id - */ - @Override - public void invalidateUserAccount(String id) { - Transaction transaction = null; - - writeLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // invalidate the user account - InvalidateUserAccountAction invalidateUserAccount = new InvalidateUserAccountAction(id); - transaction.execute(invalidateUserAccount); - - // commit the transaction - transaction.commit(); - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - writeLock.unlock(); - } - } - - /** - * Invalidates the user with the specified id. This is done to ensure a user - * account will need to be re-validated in case an error occurs while - * modifying a user account. This method should only be invoked from within - * a write lock. - * - * @param group - */ - @Override - public void invalidateUserGroupAccount(String group) { - Transaction transaction = null; - - writeLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // invalidate the user account - InvalidateUserGroupAccountsAction invalidateUserGroupAccounts = new InvalidateUserGroupAccountsAction(group); - transaction.execute(invalidateUserGroupAccounts); - - // commit the transaction - transaction.commit(); - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - writeLock.unlock(); - } - } - - // ----------------- - // read only methods - // ----------------- - @Override - public Boolean hasPendingUserAccount() { - Transaction transaction = null; - - readLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - final HasPendingUserAccounts hasPendingAccounts = new HasPendingUserAccounts(); - final Boolean hasPendingUserAccounts = transaction.execute(hasPendingAccounts); - - // commit the transaction - transaction.commit(); - - return hasPendingUserAccounts; - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - readLock.unlock(); - } - } - - @Override - public DownloadAuthorization authorizeDownload(final List<String> dnChain, final Map<String, String> attributes) { - Transaction transaction = null; - - readLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // authorize the download - AuthorizeDownloadAction authorizeDownload = new AuthorizeDownloadAction(dnChain, attributes); - DownloadAuthorization downloadAuthorization = transaction.execute(authorizeDownload); - - // commit the transaction - transaction.commit(); - - // return the authorization - return downloadAuthorization; - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - readLock.unlock(); - } - } - - @Override - public Collection<NiFiUser> getUsers() { - Transaction transaction = null; - - readLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // get all users - GetUsersAction getUsers = new GetUsersAction(); - Collection<NiFiUser> users = transaction.execute(getUsers); - - // commit the transaction - transaction.commit(); - - // return the users - return users; - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - readLock.unlock(); - } - } - - @Override - public NiFiUser getUserById(String id) { - Transaction transaction = null; - - readLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // return the desired user - FindUserByIdAction findUserById = new FindUserByIdAction(id); - NiFiUser user = transaction.execute(findUserById); - - // commit the transaction - transaction.commit(); - - // return the user - return user; - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - readLock.unlock(); - } - } - - @Override - public NiFiUser getUserByDn(String dn) { - Transaction transaction = null; - - readLock.lock(); - try { - // start the transaction - transaction = transactionBuilder.start(); - - // return the desired user - FindUserByDnAction findUserByDn = new FindUserByDnAction(dn); - NiFiUser user = transaction.execute(findUserByDn); - - // commit the transaction - transaction.commit(); - - // return the user - return user; - } catch (TransactionException | DataAccessException te) { - rollback(transaction); - throw new AdministrationException(te); - } catch (Throwable t) { - rollback(transaction); - throw t; - } finally { - closeQuietly(transaction); - readLock.unlock(); - } - } - - /** - * Rolls back the specified transaction. - * - * @param transaction - */ - private void rollback(final Transaction transaction) { - if (transaction != null) { - transaction.rollback(); - } - } - - /** - * Closes the specified transaction. - * - * @param transaction - */ - private void closeQuietly(final Transaction transaction) { - if (transaction != null) { - try { - transaction.close(); - } catch (final IOException ioe) { - } - } - } - - /* - * setters - */ - public void setTransactionBuilder(TransactionBuilder transactionBuilder) { - this.transactionBuilder = transactionBuilder; - } - - public void setProperties(NiFiProperties properties) { - this.properties = properties; - } - -}