Repository: nifi Updated Branches: refs/heads/master fca59ff9d -> 9338f102c
http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java index 1025de2..67ba737 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ReportingTaskResource.java @@ -65,8 +65,8 @@ import java.util.Set; */ @Path("/reporting-tasks") @Api( - value = "/reporting-tasks", - description = "Endpoint for managing a Reporting Task." + value = "/reporting-tasks", + description = "Endpoint for managing a Reporting Task." ) public class ReportingTaskResource extends ApplicationResource { @@ -135,23 +135,20 @@ public class ReportingTaskResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{id}") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Gets a reporting task", response = ReportingTaskEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Read - /reporting-tasks/{uuid}", type = "") } ) @ApiResponses( value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 404, message = "The specified resource could not be found."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 404, message = "The specified resource could not be found."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") } ) public Response getReportingTask( @@ -181,7 +178,7 @@ public class ReportingTaskResource extends ApplicationResource { /** * Returns the descriptor for the specified property. * - * @param id The id of the reporting task. + * @param id The id of the reporting task. * @param propertyName The property * @return a propertyDescriptorEntity */ @@ -189,23 +186,20 @@ public class ReportingTaskResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{id}/descriptors") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Gets a reporting task property descriptor", response = PropertyDescriptorEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Read - /reporting-tasks/{uuid}", type = "") } ) @ApiResponses( value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 404, message = "The specified resource could not be found."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 404, message = "The specified resource could not be found."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") } ) public Response getPropertyDescriptor( @@ -256,29 +250,28 @@ public class ReportingTaskResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{id}/state") - // TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')") @ApiOperation( - value = "Gets the state for a reporting task", - response = ComponentStateDTO.class, - authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") - } + value = "Gets the state for a reporting task", + response = ComponentStateDTO.class, + authorizations = { + @Authorization(value = "Write - /reporting-tasks/{uuid}", type = "") + } ) @ApiResponses( - value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 404, message = "The specified resource could not be found."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") - } + value = { + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 404, message = "The specified resource could not be found."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + } ) public Response getState( - @ApiParam( - value = "The reporting task id.", - required = true - ) - @PathParam("id") final String id) { + @ApiParam( + value = "The reporting task id.", + required = true + ) + @PathParam("id") final String id) { if (isReplicateRequest()) { return replicate(HttpMethod.GET); @@ -305,37 +298,36 @@ public class ReportingTaskResource extends ApplicationResource { * Clears the state for a reporting task. * * @param httpServletRequest servlet request - * @param id The id of the reporting task + * @param id The id of the reporting task * @return a componentStateEntity */ @POST @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{id}/state/clear-requests") - // TODO - @PreAuthorize("hasAnyRole('ROLE_DFM')") @ApiOperation( - value = "Clears the state for a reporting task", - response = ComponentStateDTO.class, - authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") - } + value = "Clears the state for a reporting task", + response = ComponentStateDTO.class, + authorizations = { + @Authorization(value = "Write - /reporting-tasks/{uuid}", type = "") + } ) @ApiResponses( - value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 404, message = "The specified resource could not be found."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") - } + value = { + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 404, message = "The specified resource could not be found."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + } ) public Response clearState( - @Context final HttpServletRequest httpServletRequest, - @ApiParam( - value = "The reporting task id.", - required = true - ) - @PathParam("id") final String id) { + @Context final HttpServletRequest httpServletRequest, + @ApiParam( + value = "The reporting task id.", + required = true + ) + @PathParam("id") final String id) { if (isReplicateRequest()) { return replicate(HttpMethod.POST); @@ -367,8 +359,8 @@ public class ReportingTaskResource extends ApplicationResource { /** * Updates the specified a Reporting Task. * - * @param httpServletRequest request - * @param id The id of the reporting task to update. + * @param httpServletRequest request + * @param id The id of the reporting task to update. * @param reportingTaskEntity A reportingTaskEntity. * @return A reportingTaskEntity. */ @@ -376,21 +368,20 @@ public class ReportingTaskResource extends ApplicationResource { @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Path("{id}") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Updates a reporting task", response = ReportingTaskEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write - /reporting-tasks/{uuid}", type = "") } ) @ApiResponses( value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 404, message = "The specified resource could not be found."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 404, message = "The specified resource could not be found."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") } ) public Response updateReportingTask( @@ -427,20 +418,20 @@ public class ReportingTaskResource extends ApplicationResource { // handle expects request (usually from the cluster manager) final Revision revision = getRevision(reportingTaskEntity, id); return withWriteLock( - serviceFacade, - revision, - lookup -> { - Authorizable authorizable = lookup.getReportingTask(id); - authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); - }, - () -> serviceFacade.verifyUpdateReportingTask(requestReportingTaskDTO), - () -> { - // update the reporting task - final ReportingTaskEntity entity = serviceFacade.updateReportingTask(revision, requestReportingTaskDTO); - populateRemainingReportingTaskEntityContent(entity); - - return clusterContext(generateOkResponse(entity)).build(); - } + serviceFacade, + revision, + lookup -> { + Authorizable authorizable = lookup.getReportingTask(id); + authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); + }, + () -> serviceFacade.verifyUpdateReportingTask(requestReportingTaskDTO), + () -> { + // update the reporting task + final ReportingTaskEntity entity = serviceFacade.updateReportingTask(revision, requestReportingTaskDTO); + populateRemainingReportingTaskEntityContent(entity); + + return clusterContext(generateOkResponse(entity)).build(); + } ); } @@ -448,33 +439,32 @@ public class ReportingTaskResource extends ApplicationResource { * Removes the specified reporting task. * * @param httpServletRequest request - * @param version The revision is used to verify the client is working with - * the latest version of the flow. - * @param clientId Optional client id. If the client id is not specified, a - * new one will be generated. This value (whether specified or generated) is - * included in the response. - * @param id The id of the reporting task to remove. + * @param version The revision is used to verify the client is working with + * the latest version of the flow. + * @param clientId Optional client id. If the client id is not specified, a + * new one will be generated. This value (whether specified or generated) is + * included in the response. + * @param id The id of the reporting task to remove. * @return A entity containing the client id and an updated revision. */ @DELETE @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{id}") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Deletes a reporting task", response = ReportingTaskEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write - /reporting-tasks/{uuid}", type = "") } ) @ApiResponses( value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 404, message = "The specified resource could not be found."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 404, message = "The specified resource could not be found."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") } ) public Response removeReportingTask( @@ -502,22 +492,23 @@ public class ReportingTaskResource extends ApplicationResource { // handle expects request (usually from the cluster manager) final Revision revision = new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id); return withWriteLock( - serviceFacade, - revision, - lookup -> { - final Authorizable reportingTask = lookup.getReportingTask(id); - reportingTask.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); - }, - () -> serviceFacade.verifyDeleteReportingTask(id), - () -> { - // delete the specified reporting task - final ReportingTaskEntity entity = serviceFacade.deleteReportingTask(revision, id); - return clusterContext(generateOkResponse(entity)).build(); - } + serviceFacade, + revision, + lookup -> { + final Authorizable reportingTask = lookup.getReportingTask(id); + reportingTask.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); + }, + () -> serviceFacade.verifyDeleteReportingTask(id), + () -> { + // delete the specified reporting task + final ReportingTaskEntity entity = serviceFacade.deleteReportingTask(revision, id); + return clusterContext(generateOkResponse(entity)).build(); + } ); } // setters + public void setServiceFacade(NiFiServiceFacade serviceFacade) { this.serviceFacade = serviceFacade; } http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ResourceResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ResourceResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ResourceResource.java index 83f313f..67c1b22 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ResourceResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/ResourceResource.java @@ -16,18 +16,11 @@ */ package org.apache.nifi.web.api; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import javax.ws.rs.Consumes; -import javax.ws.rs.GET; -import javax.ws.rs.HttpMethod; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; - +import com.wordnik.swagger.annotations.Api; +import com.wordnik.swagger.annotations.ApiOperation; +import com.wordnik.swagger.annotations.ApiResponse; +import com.wordnik.swagger.annotations.ApiResponses; +import com.wordnik.swagger.annotations.Authorization; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.AccessDeniedException; import org.apache.nifi.authorization.AuthorizationRequest; @@ -43,19 +36,24 @@ import org.apache.nifi.web.NiFiServiceFacade; import org.apache.nifi.web.api.dto.ResourceDTO; import org.apache.nifi.web.api.entity.ResourcesEntity; -import com.wordnik.swagger.annotations.Api; -import com.wordnik.swagger.annotations.ApiOperation; -import com.wordnik.swagger.annotations.ApiResponse; -import com.wordnik.swagger.annotations.ApiResponses; -import com.wordnik.swagger.annotations.Authorization; +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.HttpMethod; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import java.util.HashMap; +import java.util.List; +import java.util.Map; /** * RESTful endpoint for retrieving system diagnostics. */ @Path("/resources") @Api( - value = "/resources", - description = "Provides the resources in this NiFi that can have access/authorization policies." + value = "/resources", + description = "Provides the resources in this NiFi that can have access/authorization policies." ) public class ResourceResource extends ApplicationResource { @@ -65,7 +63,7 @@ public class ResourceResource extends ApplicationResource { private void authorizeResource() { final NiFiUser user = NiFiUserUtils.getNiFiUser(); - final Map<String,String> userContext; + final Map<String, String> userContext; if (!StringUtils.isBlank(user.getClientAddress())) { userContext = new HashMap<>(); userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress()); @@ -74,13 +72,13 @@ public class ResourceResource extends ApplicationResource { } final AuthorizationRequest request = new AuthorizationRequest.Builder() - .resource(ResourceFactory.getResourceResource()) - .identity(user.getIdentity()) - .anonymous(user.isAnonymous()) - .accessAttempt(true) - .action(RequestAction.READ) - .userContext(userContext) - .build(); + .resource(ResourceFactory.getResourceResource()) + .identity(user.getIdentity()) + .anonymous(user.isAnonymous()) + .accessAttempt(true) + .action(RequestAction.READ) + .userContext(userContext) + .build(); final AuthorizationResult result = authorizer.authorize(request); if (!Result.Approved.equals(result.getResult())) { @@ -97,20 +95,17 @@ public class ResourceResource extends ApplicationResource { @GET @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Gets the available resources that support access/authorization policies", response = ResourcesEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Read - /resources", type = "") } ) @ApiResponses( value = { - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."),} + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."),} ) public Response getResources() { @@ -120,7 +115,6 @@ public class ResourceResource extends ApplicationResource { return replicate(HttpMethod.GET); } - // TODO - if unsecure, return no resources? final List<ResourceDTO> resources = serviceFacade.getResources(); // create the response @@ -132,6 +126,7 @@ public class ResourceResource extends ApplicationResource { } // setters + public void setServiceFacade(NiFiServiceFacade serviceFacade) { this.serviceFacade = serviceFacade; } http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SiteToSiteResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SiteToSiteResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SiteToSiteResource.java index 0411bec..66b1151 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SiteToSiteResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SiteToSiteResource.java @@ -34,6 +34,11 @@ import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; +import com.wordnik.swagger.annotations.Api; +import com.wordnik.swagger.annotations.ApiOperation; +import com.wordnik.swagger.annotations.ApiResponse; +import com.wordnik.swagger.annotations.ApiResponses; +import com.wordnik.swagger.annotations.Authorization; import org.apache.commons.lang3.StringUtils; import org.apache.nifi.authorization.AccessDeniedException; import org.apache.nifi.authorization.AuthorizationRequest; @@ -60,11 +65,20 @@ import org.apache.nifi.web.api.entity.PeersEntity; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import com.wordnik.swagger.annotations.Api; -import com.wordnik.swagger.annotations.ApiOperation; -import com.wordnik.swagger.annotations.ApiResponse; -import com.wordnik.swagger.annotations.ApiResponses; -import com.wordnik.swagger.annotations.Authorization; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.Consumes; +import javax.ws.rs.GET; +import javax.ws.rs.HttpMethod; +import javax.ws.rs.Path; +import javax.ws.rs.Produces; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Response; +import java.util.ArrayList; +import java.util.List; +import java.util.Set; + +import static org.apache.commons.lang3.StringUtils.isEmpty; /** * RESTful endpoint for managing a SiteToSite connection. @@ -81,8 +95,6 @@ public class SiteToSiteResource extends ApplicationResource { private NiFiServiceFacade serviceFacade; private ClusterCoordinator clusterCoordinator; private Authorizer authorizer; - public static final String CHECK_SUM = "checksum"; - public static final String RESPONSE_CODE = "responseCode"; private final ResponseCreator responseCreator = new ResponseCreator(); private final VersionNegotiator transportProtocolVersionNegotiator = new TransportProtocolVersionNegotiator(1); @@ -90,7 +102,7 @@ public class SiteToSiteResource extends ApplicationResource { /** * Authorizes access to Site To Site details. - * + * <p> * Note: Protected for testing purposes */ protected void authorizeSiteToSite() { @@ -119,18 +131,19 @@ public class SiteToSiteResource extends ApplicationResource { @GET @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) - // TODO - @PreAuthorize("hasRole('ROLE_NIFI')") @ApiOperation( value = "Returns the details about this NiFi necessary to communicate via site to site", response = ControllerEntity.class, - authorizations = @Authorization(value = "NiFi", type = "ROLE_NIFI") + authorizations = { + @Authorization(value = "Read - /site-to-site", type = "") + } ) @ApiResponses( value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") } ) public Response getSiteToSiteDetails(@Context HttpServletRequest req) { @@ -174,7 +187,9 @@ public class SiteToSiteResource extends ApplicationResource { @ApiOperation( value = "Returns the available Peers and its status of this NiFi", response = PeersEntity.class, - authorizations = @Authorization(value = "NiFi", type = "ROLE_NIFI") + authorizations = { + @Authorization(value = "Read - /site-to-site", type = "") + } ) @ApiResponses( value = { @@ -246,6 +261,7 @@ public class SiteToSiteResource extends ApplicationResource { } // setters + public void setServiceFacade(final NiFiServiceFacade serviceFacade) { this.serviceFacade = serviceFacade; } http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java index 9669017..e30de40 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SnippetResource.java @@ -16,9 +16,20 @@ */ package org.apache.nifi.web.api; -import java.net.URI; -import java.util.Set; -import java.util.stream.Collectors; +import com.wordnik.swagger.annotations.Api; +import com.wordnik.swagger.annotations.ApiOperation; +import com.wordnik.swagger.annotations.ApiParam; +import com.wordnik.swagger.annotations.ApiResponse; +import com.wordnik.swagger.annotations.ApiResponses; +import com.wordnik.swagger.annotations.Authorization; +import org.apache.nifi.authorization.Authorizer; +import org.apache.nifi.authorization.RequestAction; +import org.apache.nifi.authorization.user.NiFiUserUtils; +import org.apache.nifi.controller.Snippet; +import org.apache.nifi.web.NiFiServiceFacade; +import org.apache.nifi.web.Revision; +import org.apache.nifi.web.api.dto.SnippetDTO; +import org.apache.nifi.web.api.entity.SnippetEntity; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.Consumes; @@ -32,30 +43,17 @@ import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; - -import org.apache.nifi.authorization.Authorizer; -import org.apache.nifi.authorization.RequestAction; -import org.apache.nifi.authorization.user.NiFiUserUtils; -import org.apache.nifi.controller.Snippet; -import org.apache.nifi.web.NiFiServiceFacade; -import org.apache.nifi.web.Revision; -import org.apache.nifi.web.api.dto.SnippetDTO; -import org.apache.nifi.web.api.entity.SnippetEntity; - -import com.wordnik.swagger.annotations.Api; -import com.wordnik.swagger.annotations.ApiOperation; -import com.wordnik.swagger.annotations.ApiParam; -import com.wordnik.swagger.annotations.ApiResponse; -import com.wordnik.swagger.annotations.ApiResponses; -import com.wordnik.swagger.annotations.Authorization; +import java.net.URI; +import java.util.Set; +import java.util.stream.Collectors; /** * RESTful endpoint for querying dataflow snippets. */ @Path("/snippets") @Api( - value = "/snippets", - description = "Endpoint for accessing dataflow snippets." + value = "/snippets", + description = "Endpoint for accessing dataflow snippets." ) public class SnippetResource extends ApplicationResource { @@ -95,38 +93,35 @@ public class SnippetResource extends ApplicationResource { * Creates a snippet based off the specified configuration. * * @param httpServletRequest request - * @param snippetEntity A snippetEntity + * @param snippetEntity A snippetEntity * @return A snippetEntity */ @POST @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( - value = "Creates a snippet", - response = SnippetEntity.class, - authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") - } + value = "Creates a snippet", + response = SnippetEntity.class, + authorizations = { + @Authorization(value = "Read - /{component-type}/{uuid} - For each component in the Snippet", type = "") + } ) @ApiResponses( - value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 404, message = "The specified resource could not be found."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") - } + value = { + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 404, message = "The specified resource could not be found."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + } ) public Response createSnippet( - @Context HttpServletRequest httpServletRequest, - @ApiParam( - value = "The snippet configuration details.", - required = true - ) - final SnippetEntity snippetEntity) { + @Context HttpServletRequest httpServletRequest, + @ApiParam( + value = "The snippet configuration details.", + required = true + ) + final SnippetEntity snippetEntity) { if (snippetEntity == null || snippetEntity.getSnippet() == null) { throw new IllegalArgumentException("Snippet details must be specified."); @@ -165,46 +160,45 @@ public class SnippetResource extends ApplicationResource { } /** - * Updates the specified snippet. The contents of the snippet (component - * ids) cannot be updated once the snippet is created. + * Move's the components in this Snippet into a new Process Group. * * @param httpServletRequest request - * @param snippetId The id of the snippet. - * @param snippetEntity A snippetEntity + * @param snippetId The id of the snippet. + * @param snippetEntity A snippetEntity * @return A snippetEntity */ @PUT @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Path("{id}") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( - value = "Updates a snippet", - response = SnippetEntity.class, - authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") - } + value = "Move's the components in this Snippet into a new Process Group and drops the snippet", + response = SnippetEntity.class, + authorizations = { + @Authorization(value = "Write Process Group - /process-groups/{uuid}", type = ""), + @Authorization(value = "Write - /{component-type}/{uuid} - For each component in the Snippet", type = "") + } ) @ApiResponses( - value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 404, message = "The specified resource could not be found."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") - } + value = { + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 404, message = "The specified resource could not be found."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + } ) public Response updateSnippet( - @Context HttpServletRequest httpServletRequest, - @ApiParam( - value = "The snippet id.", - required = true - ) - @PathParam("id") String snippetId, - @ApiParam( - value = "The snippet configuration details.", - required = true - ) final SnippetEntity snippetEntity) { + @Context HttpServletRequest httpServletRequest, + @ApiParam( + value = "The snippet id.", + required = true + ) + @PathParam("id") String snippetId, + @ApiParam( + value = "The snippet configuration details.", + required = true + ) final SnippetEntity snippetEntity) { if (snippetEntity == null || snippetEntity.getSnippet() == null) { throw new IllegalArgumentException("Snippet details must be specified."); @@ -214,7 +208,7 @@ public class SnippetResource extends ApplicationResource { final SnippetDTO requestSnippetDTO = snippetEntity.getSnippet(); if (!snippetId.equals(requestSnippetDTO.getId())) { throw new IllegalArgumentException(String.format("The snippet id (%s) in the request body does not equal the " - + "snippet id of the requested resource (%s).", requestSnippetDTO.getId(), snippetId)); + + "snippet id of the requested resource (%s).", requestSnippetDTO.getId(), snippetId)); } if (isReplicateRequest()) { @@ -224,25 +218,25 @@ public class SnippetResource extends ApplicationResource { // get the revision from this snippet final Set<Revision> revisions = serviceFacade.getRevisionsFromSnippet(snippetId); return withWriteLock( - serviceFacade, - revisions, - lookup -> { - // ensure write access to the target process group - if (requestSnippetDTO.getParentGroupId() != null) { - lookup.getProcessGroup(requestSnippetDTO.getParentGroupId()).authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); - } + serviceFacade, + revisions, + lookup -> { + // ensure write access to the target process group + if (requestSnippetDTO.getParentGroupId() != null) { + lookup.getProcessGroup(requestSnippetDTO.getParentGroupId()).authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); + } - // ensure read permission to every component in the snippet - final Snippet snippet = lookup.getSnippet(snippetId); - authorizeSnippet(snippet, authorizer, lookup, RequestAction.WRITE); - }, - () -> serviceFacade.verifyUpdateSnippet(requestSnippetDTO, revisions.stream().map(rev -> rev.getComponentId()).collect(Collectors.toSet())), - () -> { - // update the snippet - final SnippetEntity entity = serviceFacade.updateSnippet(revisions, snippetEntity.getSnippet()); - populateRemainingSnippetEntityContent(entity); - return clusterContext(generateOkResponse(entity)).build(); - } + // ensure write permission to every component in the snippet + final Snippet snippet = lookup.getSnippet(snippetId); + authorizeSnippet(snippet, authorizer, lookup, RequestAction.WRITE); + }, + () -> serviceFacade.verifyUpdateSnippet(requestSnippetDTO, revisions.stream().map(rev -> rev.getComponentId()).collect(Collectors.toSet())), + () -> { + // update the snippet + final SnippetEntity entity = serviceFacade.updateSnippet(revisions, snippetEntity.getSnippet()); + populateRemainingSnippetEntityContent(entity); + return clusterContext(generateOkResponse(entity)).build(); + } ); } @@ -250,37 +244,36 @@ public class SnippetResource extends ApplicationResource { * Removes the specified snippet. * * @param httpServletRequest request - * @param snippetId The id of the snippet to remove. + * @param snippetId The id of the snippet to remove. * @return A entity containing the client id and an updated revision. */ @DELETE @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{id}") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( - value = "Deletes the components in a snippet and drops the snippet", - response = SnippetEntity.class, - authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") - } + value = "Deletes the components in a snippet and drops the snippet", + response = SnippetEntity.class, + authorizations = { + @Authorization(value = "Write - /{component-type}/{uuid} - For each component in the Snippet", type = "") + } ) @ApiResponses( - value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 404, message = "The specified resource could not be found."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") - } + value = { + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 404, message = "The specified resource could not be found."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + } ) public Response deleteSnippet( - @Context final HttpServletRequest httpServletRequest, - @ApiParam( - value = "The snippet id.", - required = true - ) - @PathParam("id") final String snippetId) { + @Context final HttpServletRequest httpServletRequest, + @ApiParam( + value = "The snippet id.", + required = true + ) + @PathParam("id") final String snippetId) { if (isReplicateRequest()) { return replicate(HttpMethod.DELETE); @@ -289,23 +282,24 @@ public class SnippetResource extends ApplicationResource { // get the revision from this snippet final Set<Revision> revisions = serviceFacade.getRevisionsFromSnippet(snippetId); return withWriteLock( - serviceFacade, - revisions, - lookup -> { - // ensure read permission to every component in the snippet - final Snippet snippet = lookup.getSnippet(snippetId); - authorizeSnippet(snippet, authorizer, lookup, RequestAction.WRITE); - }, - () -> serviceFacade.verifyDeleteSnippet(snippetId, revisions.stream().map(rev -> rev.getComponentId()).collect(Collectors.toSet())), - () -> { - // delete the specified snippet - final SnippetEntity snippetEntity = serviceFacade.deleteSnippet(revisions, snippetId); - return clusterContext(generateOkResponse(snippetEntity)).build(); - } + serviceFacade, + revisions, + lookup -> { + // ensure read permission to every component in the snippet + final Snippet snippet = lookup.getSnippet(snippetId); + authorizeSnippet(snippet, authorizer, lookup, RequestAction.WRITE); + }, + () -> serviceFacade.verifyDeleteSnippet(snippetId, revisions.stream().map(rev -> rev.getComponentId()).collect(Collectors.toSet())), + () -> { + // delete the specified snippet + final SnippetEntity snippetEntity = serviceFacade.deleteSnippet(revisions, snippetId); + return clusterContext(generateOkResponse(snippetEntity)).build(); + } ); } /* setters */ + public void setServiceFacade(NiFiServiceFacade serviceFacade) { this.serviceFacade = serviceFacade; } http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SystemDiagnosticsResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SystemDiagnosticsResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SystemDiagnosticsResource.java index d9db992..641042b 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SystemDiagnosticsResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/SystemDiagnosticsResource.java @@ -58,8 +58,8 @@ import java.util.Set; */ @Path("/system-diagnostics") @Api( - value = "/system-diagnostics", - description = "Endpoint for accessing system diagnostics." + value = "/system-diagnostics", + description = "Endpoint for accessing system diagnostics." ) public class SystemDiagnosticsResource extends ApplicationResource { @@ -69,7 +69,7 @@ public class SystemDiagnosticsResource extends ApplicationResource { private void authorizeSystem() { final NiFiUser user = NiFiUserUtils.getNiFiUser(); - final Map<String,String> userContext; + final Map<String, String> userContext; if (!StringUtils.isBlank(user.getClientAddress())) { userContext = new HashMap<>(); userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress()); @@ -78,13 +78,13 @@ public class SystemDiagnosticsResource extends ApplicationResource { } final AuthorizationRequest request = new AuthorizationRequest.Builder() - .resource(ResourceFactory.getSystemResource()) - .identity(user.getIdentity()) - .anonymous(user.isAnonymous()) - .accessAttempt(true) - .action(RequestAction.READ) - .userContext(userContext) - .build(); + .resource(ResourceFactory.getSystemResource()) + .identity(user.getIdentity()) + .anonymous(user.isAnonymous()) + .accessAttempt(true) + .action(RequestAction.READ) + .userContext(userContext) + .build(); final AuthorizationResult result = authorizer.authorize(request); if (!Result.Approved.equals(result.getResult())) { @@ -102,32 +102,29 @@ public class SystemDiagnosticsResource extends ApplicationResource { @GET @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Gets the diagnostics for the system NiFi is running on", response = SystemDiagnosticsEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Read - /system", type = "") } ) @ApiResponses( value = { - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."),} + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."),} ) public Response getSystemDiagnostics( @ApiParam( - value = "Whether or not to include the breakdown per node. Optional, defaults to false", - required = false + value = "Whether or not to include the breakdown per node. Optional, defaults to false", + required = false ) @QueryParam("nodewise") @DefaultValue(NODEWISE) final Boolean nodewise, @ApiParam( - value = "The id of the node where to get the status.", - required = false + value = "The id of the node where to get the status.", + required = false ) - @QueryParam("clusterNodeId") final String clusterNodeId) throws InterruptedException { + @QueryParam("clusterNodeId") final String clusterNodeId) throws InterruptedException { authorizeSystem(); @@ -174,6 +171,7 @@ public class SystemDiagnosticsResource extends ApplicationResource { } // setters + public void setServiceFacade(NiFiServiceFacade serviceFacade) { this.serviceFacade = serviceFacade; } http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java index 3c492fc..abc8fe1 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TemplateResource.java @@ -16,8 +16,21 @@ */ package org.apache.nifi.web.api; -import java.nio.charset.StandardCharsets; -import java.util.Set; +import com.wordnik.swagger.annotations.Api; +import com.wordnik.swagger.annotations.ApiOperation; +import com.wordnik.swagger.annotations.ApiParam; +import com.wordnik.swagger.annotations.ApiResponse; +import com.wordnik.swagger.annotations.ApiResponses; +import com.wordnik.swagger.annotations.Authorization; +import org.apache.commons.lang3.StringUtils; +import org.apache.nifi.authorization.Authorizer; +import org.apache.nifi.authorization.RequestAction; +import org.apache.nifi.authorization.resource.Authorizable; +import org.apache.nifi.authorization.user.NiFiUserUtils; +import org.apache.nifi.persistence.TemplateSerializer; +import org.apache.nifi.web.NiFiServiceFacade; +import org.apache.nifi.web.api.dto.TemplateDTO; +import org.apache.nifi.web.api.entity.TemplateEntity; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.Consumes; @@ -30,31 +43,16 @@ import javax.ws.rs.Produces; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; - -import org.apache.commons.lang3.StringUtils; -import org.apache.nifi.authorization.Authorizer; -import org.apache.nifi.authorization.RequestAction; -import org.apache.nifi.authorization.resource.Authorizable; -import org.apache.nifi.authorization.user.NiFiUserUtils; -import org.apache.nifi.persistence.TemplateSerializer; -import org.apache.nifi.web.NiFiServiceFacade; -import org.apache.nifi.web.api.dto.TemplateDTO; -import org.apache.nifi.web.api.entity.TemplateEntity; - -import com.wordnik.swagger.annotations.Api; -import com.wordnik.swagger.annotations.ApiOperation; -import com.wordnik.swagger.annotations.ApiParam; -import com.wordnik.swagger.annotations.ApiResponse; -import com.wordnik.swagger.annotations.ApiResponses; -import com.wordnik.swagger.annotations.Authorization; +import java.nio.charset.StandardCharsets; +import java.util.Set; /** * RESTful endpoint for managing a Template. */ @Path("/templates") @Api( - value = "/templates", - description = "Endpoint for managing a Template." + value = "/templates", + description = "Endpoint for managing a Template." ) public class TemplateResource extends ApplicationResource { @@ -77,32 +75,6 @@ public class TemplateResource extends ApplicationResource { } /** - * Populate the uri's for the specified templates. - * - * @param templateEntity templates - * @return templates - */ - public TemplateEntity populateRemainingTemplateEntityContent(TemplateEntity templateEntity) { - if (templateEntity.getTemplate() != null) { - populateRemainingTemplateContent(templateEntity.getTemplate()); - } - return templateEntity; - } - - /** - * Populates the uri for the specified templates. - * - * @param templates templates - * @return templates - */ - public Set<TemplateDTO> populateRemainingTemplatesContent(Set<TemplateDTO> templates) { - for (TemplateDTO template : templates) { - populateRemainingTemplateContent(template); - } - return templates; - } - - /** * Populates the uri for the specified template. */ public TemplateDTO populateRemainingTemplateContent(TemplateDTO template) { @@ -121,23 +93,20 @@ public class TemplateResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_XML) @Path("{id}/download") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Exports a template", response = TemplateDTO.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Read - /templates/{uuid}", type = "") } ) @ApiResponses( value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 404, message = "The specified resource could not be found."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 404, message = "The specified resource could not be found."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") } ) public Response exportTemplate( @@ -185,28 +154,27 @@ public class TemplateResource extends ApplicationResource { * Removes the specified template. * * @param httpServletRequest request - * @param id The id of the template to remove. + * @param id The id of the template to remove. * @return A templateEntity. */ @DELETE @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("{id}") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Deletes a template", response = TemplateEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write - /templates/{uuid}", type = "") } ) @ApiResponses( value = { - @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), - @ApiResponse(code = 401, message = "Client could not be authenticated."), - @ApiResponse(code = 403, message = "Client is not authorized to make this request."), - @ApiResponse(code = 404, message = "The specified resource could not be found."), - @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") + @ApiResponse(code = 400, message = "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."), + @ApiResponse(code = 401, message = "Client could not be authenticated."), + @ApiResponse(code = 403, message = "Client is not authorized to make this request."), + @ApiResponse(code = 404, message = "The specified resource could not be found."), + @ApiResponse(code = 409, message = "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.") } ) public Response removeTemplate( @@ -242,6 +210,7 @@ public class TemplateResource extends ApplicationResource { } // setters + public void setServiceFacade(NiFiServiceFacade serviceFacade) { this.serviceFacade = serviceFacade; } http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java index b944bf7..049b5d2 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/TenantsResource.java @@ -122,12 +122,12 @@ public class TenantsResource extends ApplicationResource { @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Path("users") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Creates a user", + notes = NON_GUARANTEED_ENDPOINT, response = UserEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write - /tenants", type = "") } ) @ApiResponses( @@ -205,14 +205,12 @@ public class TenantsResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("users/{id}") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Gets a user", + notes = NON_GUARANTEED_ENDPOINT, response = UserEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Read - /tenants", type = "") } ) @ApiResponses( @@ -262,14 +260,12 @@ public class TenantsResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("users") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Gets all users", + notes = NON_GUARANTEED_ENDPOINT, response = UsersEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Read - /tenants", type = "") } ) @ApiResponses( @@ -322,12 +318,12 @@ public class TenantsResource extends ApplicationResource { @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Path("users/{id}") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Updates a user", + notes = NON_GUARANTEED_ENDPOINT, response = UserEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write - /tenants", type = "") } ) @ApiResponses( @@ -411,12 +407,12 @@ public class TenantsResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("users/{id}") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Deletes a user", + notes = NON_GUARANTEED_ENDPOINT, response = UserEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write - /tenants", type = "") } ) @ApiResponses( @@ -462,7 +458,7 @@ public class TenantsResource extends ApplicationResource { revision, lookup -> { final Authorizable tenants = lookup.getTenant(); - tenants.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); + tenants.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, null, () -> { @@ -508,12 +504,12 @@ public class TenantsResource extends ApplicationResource { @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Path("user-groups") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Creates a user group", + notes = NON_GUARANTEED_ENDPOINT, response = UserGroupEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write - /tenants", type = "") } ) @ApiResponses( @@ -591,14 +587,12 @@ public class TenantsResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("user-groups/{id}") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Gets a user group", + notes = NON_GUARANTEED_ENDPOINT, response = UserGroupEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Read - /tenants", type = "") } ) @ApiResponses( @@ -648,14 +642,12 @@ public class TenantsResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("user-groups") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Gets all user groups", + notes = NON_GUARANTEED_ENDPOINT, response = UserGroupsEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"), - @Authorization(value = "Administrator", type = "ROLE_ADMIN") + @Authorization(value = "Read - /tenants", type = "") } ) @ApiResponses( @@ -707,12 +699,12 @@ public class TenantsResource extends ApplicationResource { @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) @Path("user-groups/{id}") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Updates a user group", + notes = NON_GUARANTEED_ENDPOINT, response = UserGroupEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write - /tenants", type = "") } ) @ApiResponses( @@ -796,12 +788,12 @@ public class TenantsResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("user-groups/{id}") - // TODO - @PreAuthorize("hasRole('ROLE_DFM')") @ApiOperation( value = "Deletes a user group", + notes = NON_GUARANTEED_ENDPOINT, response = UserGroupEntity.class, authorizations = { - @Authorization(value = "Data Flow Manager", type = "ROLE_DFM") + @Authorization(value = "Write - /tenants", type = "") } ) @ApiResponses( @@ -847,7 +839,7 @@ public class TenantsResource extends ApplicationResource { revision, lookup -> { final Authorizable tenants = lookup.getTenant(); - tenants.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser()); + tenants.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser()); }, null, () -> { @@ -872,14 +864,12 @@ public class TenantsResource extends ApplicationResource { @Consumes(MediaType.WILDCARD) @Produces(MediaType.APPLICATION_JSON) @Path("search-results") - // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')") @ApiOperation( value = "Searches the cluster for a node with the specified address", + notes = NON_GUARANTEED_ENDPOINT, response = ClusterSearchResultsEntity.class, authorizations = { - @Authorization(value = "Read Only", type = "ROLE_MONITOR"), - @Authorization(value = "DFM", type = "ROLE_DFM"), - @Authorization(value = "Admin", type = "ROLE_ADMIN") + @Authorization(value = "Read - /tenants", type = "") } ) @ApiResponses( http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/InvalidRevisionExceptionMapper.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/InvalidRevisionExceptionMapper.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/InvalidRevisionExceptionMapper.java index d2c648c..73304e7 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/InvalidRevisionExceptionMapper.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/api/config/InvalidRevisionExceptionMapper.java @@ -16,14 +16,16 @@ */ package org.apache.nifi.web.api.config; -import javax.ws.rs.core.Response; -import javax.ws.rs.ext.ExceptionMapper; -import javax.ws.rs.ext.Provider; import org.apache.nifi.util.StringUtils; import org.apache.nifi.web.InvalidRevisionException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import javax.ws.rs.core.Response; +import javax.ws.rs.core.Response.Status; +import javax.ws.rs.ext.ExceptionMapper; +import javax.ws.rs.ext.Provider; + /** * Maps invalid revision exceptions into client responses. */ @@ -35,13 +37,13 @@ public class InvalidRevisionExceptionMapper implements ExceptionMapper<InvalidRe @Override public Response toResponse(InvalidRevisionException exception) { // log the error - logger.info(String.format("%s. Returning %s response.", exception, Response.Status.CONFLICT)); + logger.info(String.format("%s. Returning %s response.", exception, Status.BAD_REQUEST)); if (logger.isDebugEnabled()) { logger.debug(StringUtils.EMPTY, exception); } - return Response.status(Response.Status.CONFLICT).entity(exception.getMessage()).type("text/plain").build(); + return Response.status(Status.BAD_REQUEST).entity(exception.getMessage()).type("text/plain").build(); } } http://git-wip-us.apache.org/repos/asf/nifi/blob/9338f102/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java ---------------------------------------------------------------------- diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java index bed66ab..f781cea 100644 --- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java +++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-web-api/src/main/java/org/apache/nifi/web/controller/ControllerFacade.java @@ -27,7 +27,6 @@ import org.apache.nifi.authorization.RequestAction; import org.apache.nifi.authorization.Resource; import org.apache.nifi.authorization.resource.Authorizable; import org.apache.nifi.authorization.resource.ResourceFactory; -import org.apache.nifi.authorization.resource.ResourceType; import org.apache.nifi.authorization.user.NiFiUser; import org.apache.nifi.authorization.user.NiFiUserUtils; import org.apache.nifi.cluster.coordination.ClusterCoordinator; @@ -94,7 +93,6 @@ import org.apache.nifi.web.NiFiCoreException; import org.apache.nifi.web.ResourceNotFoundException; import org.apache.nifi.web.api.dto.DocumentedTypeDTO; import org.apache.nifi.web.api.dto.DtoFactory; -import org.apache.nifi.web.api.dto.TemplateDTO; import org.apache.nifi.web.api.dto.provenance.AttributeDTO; import org.apache.nifi.web.api.dto.provenance.ProvenanceDTO; import org.apache.nifi.web.api.dto.provenance.ProvenanceEventDTO; @@ -131,6 +129,7 @@ import java.util.SortedSet; import java.util.TimeZone; import java.util.TreeSet; import java.util.concurrent.TimeUnit; +import java.util.function.Consumer; import static org.apache.nifi.controller.FlowController.ROOT_GROUP_ID_ALIAS; @@ -754,68 +753,97 @@ public class ControllerFacade implements Authorizable { public List<Resource> getResources() { final List<Resource> resources = new ArrayList<>(); + resources.add(ResourceFactory.getFlowResource()); resources.add(ResourceFactory.getSystemResource()); resources.add(ResourceFactory.getControllerResource()); - resources.add(ResourceFactory.getFlowResource()); + resources.add(ResourceFactory.getCountersResource()); resources.add(ResourceFactory.getProvenanceResource()); + resources.add(ResourceFactory.getPoliciesResource()); + resources.add(ResourceFactory.getTenantResource()); resources.add(ResourceFactory.getProxyResource()); resources.add(ResourceFactory.getResourceResource()); + resources.add(ResourceFactory.getSiteToSiteResource()); final ProcessGroup root = flowController.getGroup(flowController.getRootGroupId()); // add each processor for (final ProcessorNode processor : root.findAllProcessors()) { - resources.add(ResourceFactory.getComponentResource(ResourceType.Processor, processor.getIdentifier(), processor.getName())); - resources.add(ResourceFactory.getDataResource(processor.getResource())); + final Resource processorResource = processor.getResource(); + resources.add(processorResource); + resources.add(ResourceFactory.getDataResource(processorResource)); + resources.add(ResourceFactory.getPolicyResource(processorResource)); } // add each label for (final Label label : root.findAllLabels()) { - resources.add(ResourceFactory.getComponentResource(ResourceType.Label, label.getIdentifier(), label.getValue())); + final Resource labelResource = label.getResource(); + resources.add(labelResource); + resources.add(ResourceFactory.getPolicyResource(labelResource)); } // add each process group for (final ProcessGroup processGroup : root.findAllProcessGroups()) { - resources.add(ResourceFactory.getComponentResource(ResourceType.ProcessGroup, processGroup.getIdentifier(), processGroup.getName())); - resources.add(ResourceFactory.getDataResource(processGroup.getResource())); + final Resource processGroupResource = processGroup.getResource(); + resources.add(processGroupResource); + resources.add(ResourceFactory.getDataResource(processGroupResource)); + resources.add(ResourceFactory.getPolicyResource(processGroupResource)); } // add each remote process group for (final RemoteProcessGroup remoteProcessGroup : root.findAllRemoteProcessGroups()) { - resources.add(ResourceFactory.getComponentResource(ResourceType.RemoteProcessGroup, remoteProcessGroup.getIdentifier(), remoteProcessGroup.getName())); - resources.add(ResourceFactory.getDataResource(remoteProcessGroup.getResource())); + final Resource remoteProcessGroupResource = remoteProcessGroup.getResource(); + resources.add(remoteProcessGroupResource); + resources.add(ResourceFactory.getDataResource(remoteProcessGroupResource)); + resources.add(ResourceFactory.getPolicyResource(remoteProcessGroupResource)); } // add each input port for (final Port inputPort : root.findAllInputPorts()) { - resources.add(ResourceFactory.getComponentResource(ResourceType.InputPort, inputPort.getIdentifier(), inputPort.getName())); - resources.add(ResourceFactory.getDataResource(inputPort.getResource())); + final Resource inputPortResource = inputPort.getResource(); + resources.add(inputPortResource); + resources.add(ResourceFactory.getDataResource(inputPortResource)); + resources.add(ResourceFactory.getPolicyResource(inputPortResource)); + if (inputPort instanceof RootGroupPort) { + resources.add(ResourceFactory.getDataTransferResource(inputPortResource)); + } } // add each output port for (final Port outputPort : root.findAllOutputPorts()) { - resources.add(ResourceFactory.getComponentResource(ResourceType.OutputPort, outputPort.getIdentifier(), outputPort.getName())); - resources.add(ResourceFactory.getDataResource(outputPort.getResource())); + final Resource outputPortResource = outputPort.getResource(); + resources.add(outputPortResource); + resources.add(ResourceFactory.getDataResource(outputPortResource)); + resources.add(ResourceFactory.getPolicyResource(outputPortResource)); + if (outputPort instanceof RootGroupPort) { + resources.add(ResourceFactory.getDataTransferResource(outputPortResource)); + } } // add each controller service - for (final ControllerServiceNode controllerService : flowController.getAllControllerServices()) { - resources.add(ResourceFactory.getComponentResource(ResourceType.ControllerService, controllerService.getIdentifier(), controllerService.getName())); - } + final Consumer<ControllerServiceNode> csConsumer = controllerService -> { + final Resource controllerServiceResource = controllerService.getResource(); + resources.add(controllerServiceResource); + resources.add(ResourceFactory.getPolicyResource(controllerServiceResource)); + }; + + flowController.getAllControllerServices().forEach(csConsumer); + root.findAllControllerServices().forEach(csConsumer); + // add each reporting task for (final ReportingTaskNode reportingTask : flowController.getAllReportingTasks()) { - resources.add(ResourceFactory.getComponentResource(ResourceType.ReportingTask, reportingTask.getIdentifier(), reportingTask.getName())); + final Resource reportingTaskResource = reportingTask.getResource(); + resources.add(reportingTaskResource); + resources.add(ResourceFactory.getPolicyResource(reportingTaskResource)); } // add each template for (final Template template : root.findAllTemplates()) { - final TemplateDTO details = template.getDetails(); - resources.add(ResourceFactory.getComponentResource(ResourceType.Template, details.getId(), details.getName())); + final Resource templateResource = template.getResource(); + resources.add(templateResource); + resources.add(ResourceFactory.getPolicyResource(templateResource)); } - // TODO - need token resource? - // resources.add(ResourceFactory.getTokenResource()); return resources; }