org.apache.nifi.cluster.firewall.impl.FileBasedClusterNodeFirewall

All Implemented Interfaces:: ClusterNodeFirewall

public class FileBasedClusterNodeFirewall extends Object implements ClusterNodeFirewall

A file-based implementation of the ClusterFirewall interface. The class is configured with a file. If the file is empty, then everything is permissible. Otherwise, the file should contain hostnames or IPs formatted as dotted decimals with an optional CIDR suffix. Each entry must be separated by a newline. An example configuration is given below:


 # hash character is a comment delimiter
 1.2.3.4         # exact IP
 some.host.name  # a host name
 4.5.6.7/8       # range of CIDR IPs
 9.10.11.12/13   # a smaller range of CIDR IPs

This class allows for synchronization with an optionally configured restore directory. If configured, then at startup, if the either the config file or the restore directory's copy is missing, then the configuration file will be copied to the appropriate location. If both restore directory contains a copy that is different in content to configuration file, then an exception is thrown at construction time.

Field Summary

Fields

Modifier and Type

Field

Description

private final File

config

private static final org.slf4j.Logger

logger

private final File

restoreDirectory

private final Collection<org.apache.commons.net.util.SubnetUtils.SubnetInfo>

subnetInfos
Constructor Summary

Constructors

Constructor

Description

FileBasedClusterNodeFirewall(File config)

FileBasedClusterNodeFirewall(File config, File restoreDirectory)
Method Summary

Modifier and Type

Method

Description

boolean

isPermissible(String hostOrIp)

Returns true if the given host or IP is permissible through the firewall; false otherwise.

private void

parseConfig(File config)

private void

syncWithRestoreDirectory()

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details
- config
  
  private final File config
- restoreDirectory
  
  private final File restoreDirectory
- subnetInfos
  
  private final Collection<org.apache.commons.net.util.SubnetUtils.SubnetInfo> subnetInfos
- logger
  
  private static final org.slf4j.Logger logger
Constructor Details
- FileBasedClusterNodeFirewall
  
  public FileBasedClusterNodeFirewall(File config) throws IOException
  
  Throws:
  
  IOException
- FileBasedClusterNodeFirewall
  
  public FileBasedClusterNodeFirewall(File config, File restoreDirectory) throws IOException
  
  Throws:
  
  IOException
Method Details
- isPermissible
  
  public boolean isPermissible(String hostOrIp)
  
  Description copied from interface: ClusterNodeFirewall
  
  Returns true if the given host or IP is permissible through the firewall; false otherwise. If an IP is given, then it must be formatted in dotted decimal notation.
  
  Specified by:
  
  isPermissible in interface ClusterNodeFirewall
  
  Parameters:
  
  hostOrIp - host
  
  Returns:
  
  true if permissible
- syncWithRestoreDirectory
  
  private void syncWithRestoreDirectory() throws IOException
  
  Throws:
  
  IOException
- parseConfig
  
  private void parseConfig(File config) throws IOException
  
  Throws:
  
  IOException

Class FileBasedClusterNodeFirewall

Field Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Field Details

config

restoreDirectory

subnetInfos

logger

Constructor Details

FileBasedClusterNodeFirewall

FileBasedClusterNodeFirewall

Method Details

isPermissible

syncWithRestoreDirectory

parseConfig