/**
   * Generates an audit record for the creation of a controller service.
   *
   * @param controllerService service
   * @param operation operation
   * @param actionDetails details
   * @return action
   */
  private Action generateAuditRecord(
      ControllerServiceNode controllerService, Operation operation, ActionDetails actionDetails) {
    FlowChangeAction action = null;

    // get the current user
    NiFiUser user = NiFiUserUtils.getNiFiUser();

    // ensure the user was found
    if (user != null) {
      // create the controller service details
      FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails();
      serviceDetails.setType(
          controllerService.getControllerServiceImplementation().getClass().getSimpleName());

      // create the controller service action for adding this controller service
      action = new FlowChangeAction();
      action.setUserIdentity(user.getDn());
      action.setUserName(user.getUserName());
      action.setOperation(operation);
      action.setTimestamp(new Date());
      action.setSourceId(controllerService.getIdentifier());
      action.setSourceName(controllerService.getName());
      action.setSourceType(Component.ControllerService);
      action.setComponentDetails(serviceDetails);

      if (actionDetails != null) {
        action.setActionDetails(actionDetails);
      }
    }

    return action;
  }
  /**
   * Audits the update of a component referencing a controller service.
   *
   * @param proceedingJoinPoint join point
   * @return object
   * @throws Throwable ex
   */
  @Around(
      "within(org.apache.nifi.web.dao.ControllerServiceDAO+) && "
          + "execution(org.apache.nifi.controller.service.ControllerServiceReference "
          + "updateControllerServiceReferencingComponents(java.lang.String, org.apache.nifi.controller.ScheduledState, "
          + "org.apache.nifi.controller.service.ControllerServiceState))")
  public Object updateControllerServiceReferenceAdvice(ProceedingJoinPoint proceedingJoinPoint)
      throws Throwable {
    // update the controller service references
    final ControllerServiceReference controllerServiceReference =
        (ControllerServiceReference) proceedingJoinPoint.proceed();

    // get the current user
    final NiFiUser user = NiFiUserUtils.getNiFiUser();

    if (user != null) {
      final Collection<Action> actions = new ArrayList<>();
      final Collection<String> visitedServices = new ArrayList<>();
      visitedServices.add(controllerServiceReference.getReferencedComponent().getIdentifier());

      // get all applicable actions
      getUpdateActionsForReferencingComponents(
          user, actions, visitedServices, controllerServiceReference.getReferencingComponents());

      // ensure there are actions to record
      if (!actions.isEmpty()) {
        // save the actions
        saveActions(actions, logger);
      }
    }

    return controllerServiceReference;
  }
Example #3
0
  @Override
  public void doFilter(
      final ServletRequest req, final ServletResponse resp, final FilterChain filterChain)
      throws IOException, ServletException {

    final HttpServletRequest request = (HttpServletRequest) req;

    // only log http requests has https requests are logged elsewhere
    if ("http".equalsIgnoreCase(request.getScheme())) {
      final NiFiUser user = NiFiUserUtils.getNiFiUser();

      // get the user details for the log message
      String identity = "<no user found>";
      if (user != null) {
        identity = user.getIdentity();
      }

      // log the request attempt - response details will be logged later
      logger.info(
          String.format(
              "Attempting request for (%s) %s %s (source ip: %s)",
              identity,
              request.getMethod(),
              request.getRequestURL().toString(),
              request.getRemoteAddr()));
    }

    // continue the filter chain
    filterChain.doFilter(req, resp);
  }
  /**
   * Audits the configuration of a single controller service.
   *
   * @param proceedingJoinPoint join point
   * @param controllerServiceDTO dto
   * @param controllerServiceDAO dao
   * @return object
   * @throws Throwable ex
   */
  @Around(
      "within(org.apache.nifi.web.dao.ControllerServiceDAO+) && "
          + "execution(org.apache.nifi.controller.service.ControllerServiceNode updateControllerService(org.apache.nifi.web.api.dto.ControllerServiceDTO)) && "
          + "args(controllerServiceDTO) && "
          + "target(controllerServiceDAO)")
  public Object updateControllerServiceAdvice(
      ProceedingJoinPoint proceedingJoinPoint,
      ControllerServiceDTO controllerServiceDTO,
      ControllerServiceDAO controllerServiceDAO)
      throws Throwable {
    // determine the initial values for each property/setting thats changing
    ControllerServiceNode controllerService =
        controllerServiceDAO.getControllerService(controllerServiceDTO.getId());
    final Map<String, String> values =
        extractConfiguredPropertyValues(controllerService, controllerServiceDTO);
    final boolean isDisabled = isDisabled(controllerService);

    // update the controller service state
    final ControllerServiceNode updatedControllerService =
        (ControllerServiceNode) proceedingJoinPoint.proceed();

    // if no exceptions were thrown, add the controller service action...
    controllerService =
        controllerServiceDAO.getControllerService(updatedControllerService.getIdentifier());

    // get the current user
    NiFiUser user = NiFiUserUtils.getNiFiUser();

    // ensure the user was found
    if (user != null) {
      // determine the updated values
      Map<String, String> updatedValues =
          extractConfiguredPropertyValues(controllerService, controllerServiceDTO);

      // create the controller service details
      FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails();
      serviceDetails.setType(
          controllerService.getControllerServiceImplementation().getClass().getSimpleName());

      // create a controller service action
      Date actionTimestamp = new Date();
      Collection<Action> actions = new ArrayList<>();

      // go through each updated value
      for (String property : updatedValues.keySet()) {
        String newValue = updatedValues.get(property);
        String oldValue = values.get(property);
        Operation operation = null;

        // determine the type of operation
        if (oldValue == null || newValue == null || !newValue.equals(oldValue)) {
          operation = Operation.Configure;
        }

        // create a configuration action accordingly
        if (operation != null) {
          // clear the value if this property is sensitive
          final PropertyDescriptor propertyDescriptor =
              controllerService
                  .getControllerServiceImplementation()
                  .getPropertyDescriptor(property);
          if (propertyDescriptor != null && propertyDescriptor.isSensitive()) {
            if (newValue != null) {
              newValue = "********";
            }
            if (oldValue != null) {
              oldValue = "********";
            }
          } else if (ANNOTATION_DATA.equals(property)) {
            if (newValue != null) {
              newValue = "<annotation data not shown>";
            }
            if (oldValue != null) {
              oldValue = "<annotation data not shown>";
            }
          }

          final FlowChangeConfigureDetails actionDetails = new FlowChangeConfigureDetails();
          actionDetails.setName(property);
          actionDetails.setValue(newValue);
          actionDetails.setPreviousValue(oldValue);

          // create a configuration action
          FlowChangeAction configurationAction = new FlowChangeAction();
          configurationAction.setUserIdentity(user.getDn());
          configurationAction.setUserName(user.getUserName());
          configurationAction.setOperation(operation);
          configurationAction.setTimestamp(actionTimestamp);
          configurationAction.setSourceId(controllerService.getIdentifier());
          configurationAction.setSourceName(controllerService.getName());
          configurationAction.setSourceType(Component.ControllerService);
          configurationAction.setComponentDetails(serviceDetails);
          configurationAction.setActionDetails(actionDetails);
          actions.add(configurationAction);
        }
      }

      // determine the new executing state
      final boolean updateIsDisabled = isDisabled(updatedControllerService);

      // determine if the running state has changed and its not disabled
      if (isDisabled != updateIsDisabled) {
        // create a controller service action
        FlowChangeAction serviceAction = new FlowChangeAction();
        serviceAction.setUserIdentity(user.getDn());
        serviceAction.setUserName(user.getUserName());
        serviceAction.setTimestamp(new Date());
        serviceAction.setSourceId(controllerService.getIdentifier());
        serviceAction.setSourceName(controllerService.getName());
        serviceAction.setSourceType(Component.ControllerService);
        serviceAction.setComponentDetails(serviceDetails);

        // set the operation accordingly
        if (updateIsDisabled) {
          serviceAction.setOperation(Operation.Disable);
        } else {
          serviceAction.setOperation(Operation.Enable);
        }
        actions.add(serviceAction);
      }

      // ensure there are actions to record
      if (!actions.isEmpty()) {
        // save the actions
        saveActions(actions, logger);
      }
    }

    return updatedControllerService;
  }