/** * Generates an audit record for the creation of a controller service. * * @param controllerService service * @param operation operation * @param actionDetails details * @return action */ private Action generateAuditRecord( ControllerServiceNode controllerService, Operation operation, ActionDetails actionDetails) { FlowChangeAction action = null; // get the current user NiFiUser user = NiFiUserUtils.getNiFiUser(); // ensure the user was found if (user != null) { // create the controller service details FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails(); serviceDetails.setType( controllerService.getControllerServiceImplementation().getClass().getSimpleName()); // create the controller service action for adding this controller service action = new FlowChangeAction(); action.setUserIdentity(user.getDn()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); action.setSourceId(controllerService.getIdentifier()); action.setSourceName(controllerService.getName()); action.setSourceType(Component.ControllerService); action.setComponentDetails(serviceDetails); if (actionDetails != null) { action.setActionDetails(actionDetails); } } return action; }
/** * Audits the update of a component referencing a controller service. * * @param proceedingJoinPoint join point * @return object * @throws Throwable ex */ @Around( "within(org.apache.nifi.web.dao.ControllerServiceDAO+) && " + "execution(org.apache.nifi.controller.service.ControllerServiceReference " + "updateControllerServiceReferencingComponents(java.lang.String, org.apache.nifi.controller.ScheduledState, " + "org.apache.nifi.controller.service.ControllerServiceState))") public Object updateControllerServiceReferenceAdvice(ProceedingJoinPoint proceedingJoinPoint) throws Throwable { // update the controller service references final ControllerServiceReference controllerServiceReference = (ControllerServiceReference) proceedingJoinPoint.proceed(); // get the current user final NiFiUser user = NiFiUserUtils.getNiFiUser(); if (user != null) { final Collection<Action> actions = new ArrayList<>(); final Collection<String> visitedServices = new ArrayList<>(); visitedServices.add(controllerServiceReference.getReferencedComponent().getIdentifier()); // get all applicable actions getUpdateActionsForReferencingComponents( user, actions, visitedServices, controllerServiceReference.getReferencingComponents()); // ensure there are actions to record if (!actions.isEmpty()) { // save the actions saveActions(actions, logger); } } return controllerServiceReference; }
@Override public void doFilter( final ServletRequest req, final ServletResponse resp, final FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest request = (HttpServletRequest) req; // only log http requests has https requests are logged elsewhere if ("http".equalsIgnoreCase(request.getScheme())) { final NiFiUser user = NiFiUserUtils.getNiFiUser(); // get the user details for the log message String identity = "<no user found>"; if (user != null) { identity = user.getIdentity(); } // log the request attempt - response details will be logged later logger.info( String.format( "Attempting request for (%s) %s %s (source ip: %s)", identity, request.getMethod(), request.getRequestURL().toString(), request.getRemoteAddr())); } // continue the filter chain filterChain.doFilter(req, resp); }
private Revision updateRevision(final Revision updatedRevision) { // record the current modification setLastModification(new FlowModification(updatedRevision, NiFiUserUtils.getNiFiUserName())); // return the revision return updatedRevision; }
/** * Audits the configuration of a single controller service. * * @param proceedingJoinPoint join point * @param controllerServiceDTO dto * @param controllerServiceDAO dao * @return object * @throws Throwable ex */ @Around( "within(org.apache.nifi.web.dao.ControllerServiceDAO+) && " + "execution(org.apache.nifi.controller.service.ControllerServiceNode updateControllerService(org.apache.nifi.web.api.dto.ControllerServiceDTO)) && " + "args(controllerServiceDTO) && " + "target(controllerServiceDAO)") public Object updateControllerServiceAdvice( ProceedingJoinPoint proceedingJoinPoint, ControllerServiceDTO controllerServiceDTO, ControllerServiceDAO controllerServiceDAO) throws Throwable { // determine the initial values for each property/setting thats changing ControllerServiceNode controllerService = controllerServiceDAO.getControllerService(controllerServiceDTO.getId()); final Map<String, String> values = extractConfiguredPropertyValues(controllerService, controllerServiceDTO); final boolean isDisabled = isDisabled(controllerService); // update the controller service state final ControllerServiceNode updatedControllerService = (ControllerServiceNode) proceedingJoinPoint.proceed(); // if no exceptions were thrown, add the controller service action... controllerService = controllerServiceDAO.getControllerService(updatedControllerService.getIdentifier()); // get the current user NiFiUser user = NiFiUserUtils.getNiFiUser(); // ensure the user was found if (user != null) { // determine the updated values Map<String, String> updatedValues = extractConfiguredPropertyValues(controllerService, controllerServiceDTO); // create the controller service details FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails(); serviceDetails.setType( controllerService.getControllerServiceImplementation().getClass().getSimpleName()); // create a controller service action Date actionTimestamp = new Date(); Collection<Action> actions = new ArrayList<>(); // go through each updated value for (String property : updatedValues.keySet()) { String newValue = updatedValues.get(property); String oldValue = values.get(property); Operation operation = null; // determine the type of operation if (oldValue == null || newValue == null || !newValue.equals(oldValue)) { operation = Operation.Configure; } // create a configuration action accordingly if (operation != null) { // clear the value if this property is sensitive final PropertyDescriptor propertyDescriptor = controllerService .getControllerServiceImplementation() .getPropertyDescriptor(property); if (propertyDescriptor != null && propertyDescriptor.isSensitive()) { if (newValue != null) { newValue = "********"; } if (oldValue != null) { oldValue = "********"; } } else if (ANNOTATION_DATA.equals(property)) { if (newValue != null) { newValue = "<annotation data not shown>"; } if (oldValue != null) { oldValue = "<annotation data not shown>"; } } final FlowChangeConfigureDetails actionDetails = new FlowChangeConfigureDetails(); actionDetails.setName(property); actionDetails.setValue(newValue); actionDetails.setPreviousValue(oldValue); // create a configuration action FlowChangeAction configurationAction = new FlowChangeAction(); configurationAction.setUserIdentity(user.getDn()); configurationAction.setUserName(user.getUserName()); configurationAction.setOperation(operation); configurationAction.setTimestamp(actionTimestamp); configurationAction.setSourceId(controllerService.getIdentifier()); configurationAction.setSourceName(controllerService.getName()); configurationAction.setSourceType(Component.ControllerService); configurationAction.setComponentDetails(serviceDetails); configurationAction.setActionDetails(actionDetails); actions.add(configurationAction); } } // determine the new executing state final boolean updateIsDisabled = isDisabled(updatedControllerService); // determine if the running state has changed and its not disabled if (isDisabled != updateIsDisabled) { // create a controller service action FlowChangeAction serviceAction = new FlowChangeAction(); serviceAction.setUserIdentity(user.getDn()); serviceAction.setUserName(user.getUserName()); serviceAction.setTimestamp(new Date()); serviceAction.setSourceId(controllerService.getIdentifier()); serviceAction.setSourceName(controllerService.getName()); serviceAction.setSourceType(Component.ControllerService); serviceAction.setComponentDetails(serviceDetails); // set the operation accordingly if (updateIsDisabled) { serviceAction.setOperation(Operation.Disable); } else { serviceAction.setOperation(Operation.Enable); } actions.add(serviceAction); } // ensure there are actions to record if (!actions.isEmpty()) { // save the actions saveActions(actions, logger); } } return updatedControllerService; }