org.apache.nifi.authorization

Interface AuthorityProvider

public interface AuthorityProvider

This class allows clients to retrieve the authorities for a given DN.

Method Summary

Methods

Modifier and Type	Method and Description
void	addUser(String dn, String group) Add the specified user.
DownloadAuthorization	authorizeDownload(List<String> dnChain, Map<String,String> attributes) Determines whether the user in the specified dnChain should be able to download the content for the flowfile with the specified attributes.
boolean	doesDnExist(String dn)
Set<Authority>	getAuthorities(String dn) Get the authorities for the specified user.
String	getGroupForUser(String dn) Gets the group for the specified user.
Set<String>	getUsers(Authority authority) Gets the users for the specified authority.
void	initialize(AuthorityProviderInitializationContext initializationContext) Called immediately after instance creation for implementers to perform additional setup
void	onConfigured(AuthorityProviderConfigurationContext configurationContext) Called to configure the AuthorityProvider.
void	preDestruction() Called immediately before instance destruction for implementers to release resources.
void	revokeGroup(String group) Revokes all users for a specified group.
void	revokeUser(String dn) Revokes the specified user.
void	setAuthorities(String dn, Set<Authority> authorities) Sets the specified authorities for the specified user.
void	setUsersGroup(Set<String> dn, String group) Adds the specified users to the specified group.
void	ungroup(String group) Ungroups the specified group.
void	ungroupUser(String dn) Ungroups the specified user.

Method Detail

doesDnExist

boolean doesDnExist(String dn)
                    throws AuthorityAccessException

Parameters:

dn - of the user

Returns:

whether the user with the specified DN is known to this authority provider. It is not necessary for the user to have any authorities

Throws:

AuthorityAccessException

getAuthorities

Set<Authority> getAuthorities(String dn)
                              throws UnknownIdentityException,
                                     AuthorityAccessException

Get the authorities for the specified user. If the specified user exists but does not have any authorities, an empty set should be returned.

Parameters:

dn - of the user to lookup

Returns:

the authorities for the specified user. If the specified user exists but does not have any authorities, an empty set should be returned

Throws:

UnknownIdentityException - if identity is not known

AuthorityAccessException - if unable to access authorities

setAuthorities

void setAuthorities(String dn,
                  Set<Authority> authorities)
                    throws UnknownIdentityException,
                           AuthorityAccessException

Sets the specified authorities for the specified user.

Parameters:

dn - the specified user

authorities - the new authorities for the user

Throws:

UnknownIdentityException - if identity is not known

AuthorityAccessException - if unable to access authorities

getUsers

Set<String> getUsers(Authority authority)
                     throws AuthorityAccessException

Gets the users for the specified authority.

Parameters:

authority - for which to determine membership of

Returns:

all users with the specified authority

Throws:

AuthorityAccessException - if unable to access authorities

revokeUser

void revokeUser(String dn)
                throws UnknownIdentityException,
                       AuthorityAccessException

Revokes the specified user. Its up to the implementor to determine the semantics of revocation.

Parameters:

dn - the dn of the user

Throws:

UnknownIdentityException - if the user is not known

AuthorityAccessException - if unable to access the authorities

addUser

void addUser(String dn,
           String group)
             throws IdentityAlreadyExistsException,
                    AuthorityAccessException

Add the specified user.

Parameters:

dn - of the user

group - Optional

Throws:

UnknownIdentityException - if the user is not known

AuthorityAccessException - if unable to access the authorities

IdentityAlreadyExistsException

getGroupForUser

String getGroupForUser(String dn)
                       throws UnknownIdentityException,
                              AuthorityAccessException

Gets the group for the specified user. Return null if the user does not belong to a group.

Parameters:

dn - the user

Returns:

the group of the given user

Throws:

UnknownIdentityException - if the user is not known

AuthorityAccessException - if unable to access the authorities

revokeGroup

void revokeGroup(String group)
                 throws UnknownIdentityException,
                        AuthorityAccessException

Revokes all users for a specified group. Its up to the implementor to determine the semantics of revocation.

Parameters:

group - to revoke the users of

Throws:

UnknownIdentityException - if the user is not known

AuthorityAccessException - if unable to access the authorities

setUsersGroup

void setUsersGroup(Set<String> dn,
                 String group)
                   throws UnknownIdentityException,
                          AuthorityAccessException

Adds the specified users to the specified group.

Parameters:

dn - the set of users to add to the group

group - to add users to

Throws:

UnknownIdentityException - if the user is not known

AuthorityAccessException - if unable to access the authorities

ungroupUser

void ungroupUser(String dn)
                 throws UnknownIdentityException,
                        AuthorityAccessException

Ungroups the specified user.

Parameters:

dn - of the user

Throws:

UnknownIdentityException - if the user is not known

AuthorityAccessException - if unable to access the authorities

ungroup

void ungroup(String group)
             throws AuthorityAccessException

Ungroups the specified group. Since the semantics of revocation is up to the implementor, this method should do nothing if the specified group does not exist. If an admin revoked this group before calling ungroup, it may or may not exist.

Parameters:

group - to ungroup

Throws:

AuthorityAccessException - if unable to access the authorities

authorizeDownload

DownloadAuthorization authorizeDownload(List<String> dnChain,
                                      Map<String,String> attributes)
                                        throws UnknownIdentityException,
                                               AuthorityAccessException

Determines whether the user in the specified dnChain should be able to download the content for the flowfile with the specified attributes. The first dn in the chain is the end user that the request was issued on behalf of. The subsequent dn's in the chain represent entities proxying the user's request with the last being the proxy that sent the current request.

Parameters:

dnChain - of the user

attributes - of the flowfile being requested

Returns:

the authorization result

Throws:

UnknownIdentityException - if the user is not known

AuthorityAccessException - if unable to access the authorities

initialize

void initialize(AuthorityProviderInitializationContext initializationContext)
                throws ProviderCreationException

Called immediately after instance creation for implementers to perform additional setup

Parameters:

initializationContext - in which to initialize

Throws:

ProviderCreationException

onConfigured

void onConfigured(AuthorityProviderConfigurationContext configurationContext)
                  throws ProviderCreationException

Called to configure the AuthorityProvider.

Parameters:

configurationContext - at the time of configuration

Throws:

ProviderCreationException - for any issues configuring the provider

preDestruction

void preDestruction()
                    throws ProviderDestructionException

Called immediately before instance destruction for implementers to release resources.

Throws:

ProviderDestructionException - If pre-destruction fails.