/** * Generates an audit record for the creation of a controller service. * * @param controllerService service * @param operation operation * @param actionDetails details * @return action */ private Action generateAuditRecord( ControllerServiceNode controllerService, Operation operation, ActionDetails actionDetails) { FlowChangeAction action = null; // get the current user NiFiUser user = NiFiUserUtils.getNiFiUser(); // ensure the user was found if (user != null) { // create the controller service details FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails(); serviceDetails.setType( controllerService.getControllerServiceImplementation().getClass().getSimpleName()); // create the controller service action for adding this controller service action = new FlowChangeAction(); action.setUserIdentity(user.getDn()); action.setUserName(user.getUserName()); action.setOperation(operation); action.setTimestamp(new Date()); action.setSourceId(controllerService.getIdentifier()); action.setSourceName(controllerService.getName()); action.setSourceType(Component.ControllerService); action.setComponentDetails(serviceDetails); if (actionDetails != null) { action.setActionDetails(actionDetails); } } return action; }
@Override public void doFilter( final ServletRequest req, final ServletResponse resp, final FilterChain filterChain) throws IOException, ServletException { final HttpServletRequest request = (HttpServletRequest) req; // only log http requests has https requests are logged elsewhere if ("http".equalsIgnoreCase(request.getScheme())) { final NiFiUser user = NiFiUserUtils.getNiFiUser(); // get the user details for the log message String identity = "<no user found>"; if (user != null) { identity = user.getIdentity(); } // log the request attempt - response details will be logged later logger.info( String.format( "Attempting request for (%s) %s %s (source ip: %s)", identity, request.getMethod(), request.getRequestURL().toString(), request.getRemoteAddr())); } // continue the filter chain filterChain.doFilter(req, resp); }
/** * Gets the update actions for all specified referencing components. * * @param user user * @param actions actions * @param visitedServices services * @param referencingComponents components */ private void getUpdateActionsForReferencingComponents( final NiFiUser user, final Collection<Action> actions, final Collection<String> visitedServices, final Set<ConfiguredComponent> referencingComponents) { // consider each component updates for (final ConfiguredComponent component : referencingComponents) { if (component instanceof ProcessorNode) { final ProcessorNode processor = ((ProcessorNode) component); // create the processor details FlowChangeExtensionDetails processorDetails = new FlowChangeExtensionDetails(); processorDetails.setType(processor.getProcessor().getClass().getSimpleName()); // create a processor action FlowChangeAction processorAction = new FlowChangeAction(); processorAction.setUserIdentity(user.getDn()); processorAction.setUserName(user.getUserName()); processorAction.setTimestamp(new Date()); processorAction.setSourceId(processor.getIdentifier()); processorAction.setSourceName(processor.getName()); processorAction.setSourceType(Component.Processor); processorAction.setComponentDetails(processorDetails); processorAction.setOperation( ScheduledState.RUNNING.equals(processor.getScheduledState()) ? Operation.Start : Operation.Stop); actions.add(processorAction); } else if (component instanceof ReportingTask) { final ReportingTaskNode reportingTask = ((ReportingTaskNode) component); // create the reporting task details FlowChangeExtensionDetails processorDetails = new FlowChangeExtensionDetails(); processorDetails.setType(reportingTask.getReportingTask().getClass().getSimpleName()); // create a reporting task action FlowChangeAction reportingTaskAction = new FlowChangeAction(); reportingTaskAction.setUserIdentity(user.getDn()); reportingTaskAction.setUserName(user.getUserName()); reportingTaskAction.setTimestamp(new Date()); reportingTaskAction.setSourceId(reportingTask.getIdentifier()); reportingTaskAction.setSourceName(reportingTask.getName()); reportingTaskAction.setSourceType(Component.ReportingTask); reportingTaskAction.setComponentDetails(processorDetails); reportingTaskAction.setOperation( ScheduledState.RUNNING.equals(reportingTask.getScheduledState()) ? Operation.Start : Operation.Stop); actions.add(reportingTaskAction); } else if (component instanceof ControllerServiceNode) { final ControllerServiceNode controllerService = ((ControllerServiceNode) component); // create the controller service details FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails(); serviceDetails.setType( controllerService.getControllerServiceImplementation().getClass().getSimpleName()); // create a controller service action FlowChangeAction serviceAction = new FlowChangeAction(); serviceAction.setUserIdentity(user.getDn()); serviceAction.setUserName(user.getUserName()); serviceAction.setTimestamp(new Date()); serviceAction.setSourceId(controllerService.getIdentifier()); serviceAction.setSourceName(controllerService.getName()); serviceAction.setSourceType(Component.ControllerService); serviceAction.setComponentDetails(serviceDetails); serviceAction.setOperation( isDisabled(controllerService) ? Operation.Disable : Operation.Enable); actions.add(serviceAction); // need to consider components referencing this controller service (transitive) if (!visitedServices.contains(controllerService.getIdentifier())) { getUpdateActionsForReferencingComponents( user, actions, visitedServices, controllerService.getReferences().getReferencingComponents()); } } } }
/** * Audits the configuration of a single controller service. * * @param proceedingJoinPoint join point * @param controllerServiceDTO dto * @param controllerServiceDAO dao * @return object * @throws Throwable ex */ @Around( "within(org.apache.nifi.web.dao.ControllerServiceDAO+) && " + "execution(org.apache.nifi.controller.service.ControllerServiceNode updateControllerService(org.apache.nifi.web.api.dto.ControllerServiceDTO)) && " + "args(controllerServiceDTO) && " + "target(controllerServiceDAO)") public Object updateControllerServiceAdvice( ProceedingJoinPoint proceedingJoinPoint, ControllerServiceDTO controllerServiceDTO, ControllerServiceDAO controllerServiceDAO) throws Throwable { // determine the initial values for each property/setting thats changing ControllerServiceNode controllerService = controllerServiceDAO.getControllerService(controllerServiceDTO.getId()); final Map<String, String> values = extractConfiguredPropertyValues(controllerService, controllerServiceDTO); final boolean isDisabled = isDisabled(controllerService); // update the controller service state final ControllerServiceNode updatedControllerService = (ControllerServiceNode) proceedingJoinPoint.proceed(); // if no exceptions were thrown, add the controller service action... controllerService = controllerServiceDAO.getControllerService(updatedControllerService.getIdentifier()); // get the current user NiFiUser user = NiFiUserUtils.getNiFiUser(); // ensure the user was found if (user != null) { // determine the updated values Map<String, String> updatedValues = extractConfiguredPropertyValues(controllerService, controllerServiceDTO); // create the controller service details FlowChangeExtensionDetails serviceDetails = new FlowChangeExtensionDetails(); serviceDetails.setType( controllerService.getControllerServiceImplementation().getClass().getSimpleName()); // create a controller service action Date actionTimestamp = new Date(); Collection<Action> actions = new ArrayList<>(); // go through each updated value for (String property : updatedValues.keySet()) { String newValue = updatedValues.get(property); String oldValue = values.get(property); Operation operation = null; // determine the type of operation if (oldValue == null || newValue == null || !newValue.equals(oldValue)) { operation = Operation.Configure; } // create a configuration action accordingly if (operation != null) { // clear the value if this property is sensitive final PropertyDescriptor propertyDescriptor = controllerService .getControllerServiceImplementation() .getPropertyDescriptor(property); if (propertyDescriptor != null && propertyDescriptor.isSensitive()) { if (newValue != null) { newValue = "********"; } if (oldValue != null) { oldValue = "********"; } } else if (ANNOTATION_DATA.equals(property)) { if (newValue != null) { newValue = "<annotation data not shown>"; } if (oldValue != null) { oldValue = "<annotation data not shown>"; } } final FlowChangeConfigureDetails actionDetails = new FlowChangeConfigureDetails(); actionDetails.setName(property); actionDetails.setValue(newValue); actionDetails.setPreviousValue(oldValue); // create a configuration action FlowChangeAction configurationAction = new FlowChangeAction(); configurationAction.setUserIdentity(user.getDn()); configurationAction.setUserName(user.getUserName()); configurationAction.setOperation(operation); configurationAction.setTimestamp(actionTimestamp); configurationAction.setSourceId(controllerService.getIdentifier()); configurationAction.setSourceName(controllerService.getName()); configurationAction.setSourceType(Component.ControllerService); configurationAction.setComponentDetails(serviceDetails); configurationAction.setActionDetails(actionDetails); actions.add(configurationAction); } } // determine the new executing state final boolean updateIsDisabled = isDisabled(updatedControllerService); // determine if the running state has changed and its not disabled if (isDisabled != updateIsDisabled) { // create a controller service action FlowChangeAction serviceAction = new FlowChangeAction(); serviceAction.setUserIdentity(user.getDn()); serviceAction.setUserName(user.getUserName()); serviceAction.setTimestamp(new Date()); serviceAction.setSourceId(controllerService.getIdentifier()); serviceAction.setSourceName(controllerService.getName()); serviceAction.setSourceType(Component.ControllerService); serviceAction.setComponentDetails(serviceDetails); // set the operation accordingly if (updateIsDisabled) { serviceAction.setOperation(Operation.Disable); } else { serviceAction.setOperation(Operation.Enable); } actions.add(serviceAction); } // ensure there are actions to record if (!actions.isEmpty()) { // save the actions saveActions(actions, logger); } } return updatedControllerService; }