コード例 #1
0
  /**
   * Retrieves the specified access policy.
   *
   * @return An accessPolicyEntity.
   */
  @GET
  @Consumes(MediaType.WILDCARD)
  @Produces(MediaType.APPLICATION_JSON)
  @Path("{action}/{resource: .+}")
  // TODO - @PreAuthorize("hasAnyRole('ROLE_MONITOR', 'ROLE_DFM', 'ROLE_ADMIN')")
  @ApiOperation(
      value = "Gets an access policy",
      response = AccessPolicyEntity.class,
      authorizations = {
        @Authorization(value = "Read Only", type = "ROLE_MONITOR"),
        @Authorization(value = "Data Flow Manager", type = "ROLE_DFM"),
        @Authorization(value = "Administrator", type = "ROLE_ADMIN")
      })
  @ApiResponses(
      value = {
        @ApiResponse(
            code = 400,
            message =
                "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
        @ApiResponse(code = 401, message = "Client could not be authenticated."),
        @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
        @ApiResponse(code = 404, message = "The specified resource could not be found."),
        @ApiResponse(
            code = 409,
            message =
                "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
      })
  public Response getAccessPolicyForResource(
      @ApiParam(value = "The request action.", allowableValues = "read, write", required = true)
          @PathParam("action")
          final String action,
      @ApiParam(value = "The resource of the policy.", required = true) @PathParam("resource")
          String rawResource) {

    // parse the action and resource type
    final RequestAction requestAction = RequestAction.valueOfValue(action);
    final String resource = "/" + rawResource;

    if (isReplicateRequest()) {
      return replicate(HttpMethod.GET);
    }

    // authorize access
    serviceFacade.authorizeAccess(
        lookup -> {
          final Authorizable accessPolicy = lookup.getAccessPolicyByResource(resource);
          accessPolicy.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
        });

    // get the access policy
    final AccessPolicyEntity entity = serviceFacade.getAccessPolicy(requestAction, resource);
    populateRemainingAccessPolicyEntityContent(entity);

    return clusterContext(generateOkResponse(entity)).build();
  }
コード例 #2
0
ファイル: TemplateResource.java プロジェクト: alopresto/nifi
  /**
   * Removes the specified template.
   *
   * @param httpServletRequest request
   * @param id The id of the template to remove.
   * @return A templateEntity.
   */
  @DELETE
  @Consumes(MediaType.WILDCARD)
  @Produces(MediaType.APPLICATION_JSON)
  @Path("{id}")
  @ApiOperation(
      value = "Deletes a template",
      response = TemplateEntity.class,
      authorizations = {@Authorization(value = "Write - /templates/{uuid}", type = "")})
  @ApiResponses(
      value = {
        @ApiResponse(
            code = 400,
            message =
                "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
        @ApiResponse(code = 401, message = "Client could not be authenticated."),
        @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
        @ApiResponse(code = 404, message = "The specified resource could not be found."),
        @ApiResponse(
            code = 409,
            message =
                "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
      })
  public Response removeTemplate(
      @Context final HttpServletRequest httpServletRequest,
      @ApiParam(value = "The template id.", required = true) @PathParam("id") final String id) {

    if (isReplicateRequest()) {
      return replicate(HttpMethod.DELETE);
    }

    final TemplateEntity requestTemplateEntity = new TemplateEntity();
    requestTemplateEntity.setId(id);

    return withWriteLock(
        serviceFacade,
        requestTemplateEntity,
        lookup -> {
          final Authorizable template = lookup.getTemplate(id);
          template.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
        },
        null,
        (templateEntity) -> {
          // delete the specified template
          serviceFacade.deleteTemplate(templateEntity.getId());

          // build the response entity
          final TemplateEntity entity = new TemplateEntity();

          return clusterContext(generateOkResponse(entity)).build();
        });
  }
コード例 #3
0
ファイル: OutputPortResource.java プロジェクト: cloudoo/nifi
  /**
   * Retrieves the specified output port.
   *
   * @param id The id of the output port to retrieve
   * @return A outputPortEntity.
   */
  @GET
  @Consumes(MediaType.WILDCARD)
  @Produces(MediaType.APPLICATION_JSON)
  @Path("{id}")
  @ApiOperation(
      value = "Gets an output port",
      response = PortEntity.class,
      authorizations = {@Authorization(value = "Read - /output-ports/{uuid}", type = "")})
  @ApiResponses(
      value = {
        @ApiResponse(
            code = 400,
            message =
                "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
        @ApiResponse(code = 401, message = "Client could not be authenticated."),
        @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
        @ApiResponse(code = 404, message = "The specified resource could not be found."),
        @ApiResponse(
            code = 409,
            message =
                "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
      })
  public Response getOutputPort(
      @ApiParam(value = "The output port id.", required = true) @PathParam("id") final String id) {

    if (isReplicateRequest()) {
      return replicate(HttpMethod.GET);
    }

    // authorize access
    serviceFacade.authorizeAccess(
        lookup -> {
          final Authorizable outputPort = lookup.getOutputPort(id);
          outputPort.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
        });

    // get the port
    final PortEntity entity = serviceFacade.getOutputPort(id);
    populateRemainingOutputPortEntityContent(entity);

    return clusterContext(generateOkResponse(entity)).build();
  }
コード例 #4
0
ファイル: TemplateResource.java プロジェクト: alopresto/nifi
  /**
   * Retrieves the specified template.
   *
   * @param id The id of the template to retrieve
   * @return A templateEntity.
   */
  @GET
  @Consumes(MediaType.WILDCARD)
  @Produces(MediaType.APPLICATION_XML)
  @Path("{id}/download")
  @ApiOperation(
      value = "Exports a template",
      response = TemplateDTO.class,
      authorizations = {@Authorization(value = "Read - /templates/{uuid}", type = "")})
  @ApiResponses(
      value = {
        @ApiResponse(
            code = 400,
            message =
                "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
        @ApiResponse(code = 401, message = "Client could not be authenticated."),
        @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
        @ApiResponse(code = 404, message = "The specified resource could not be found."),
        @ApiResponse(
            code = 409,
            message =
                "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
      })
  public Response exportTemplate(
      @ApiParam(value = "The template id.", required = true) @PathParam("id") final String id) {

    if (isReplicateRequest()) {
      return replicate(HttpMethod.GET);
    }

    // authorize access
    serviceFacade.authorizeAccess(
        lookup -> {
          final Authorizable template = lookup.getTemplate(id);
          template.authorize(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
        });

    // get the template
    final TemplateDTO template = serviceFacade.exportTemplate(id);

    // prune the template id
    template.setId(null);

    // determine the name of the attachement - possible issues with spaces in file names
    String attachmentName = template.getName();
    if (StringUtils.isBlank(attachmentName)) {
      attachmentName = "template";
    } else {
      attachmentName = attachmentName.replaceAll("\\s", "_");
    }

    // generate the response
    /*
     * Here instead of relying on default JAXB marshalling we are simply
     * serializing template to String (formatted, indented etc) and sending
     * it as part of the response.
     */
    String serializedTemplate =
        new String(TemplateSerializer.serialize(template), StandardCharsets.UTF_8);
    return generateOkResponse(serializedTemplate)
        .header(
            "Content-Disposition", String.format("attachment; filename=\"%s.xml\"", attachmentName))
        .build();
  }
コード例 #5
0
  /**
   * Removes the specified access policy.
   *
   * @param httpServletRequest request
   * @param version The revision is used to verify the client is working with the latest version of
   *     the flow.
   * @param clientId Optional client id. If the client id is not specified, a new one will be
   *     generated. This value (whether specified or generated) is included in the response.
   * @param id The id of the access policy to remove.
   * @return A entity containing the client id and an updated revision.
   */
  @DELETE
  @Consumes(MediaType.WILDCARD)
  @Produces(MediaType.APPLICATION_JSON)
  @Path("{id}")
  // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
  @ApiOperation(
      value = "Deletes an access policy",
      response = AccessPolicyEntity.class,
      authorizations = {@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")})
  @ApiResponses(
      value = {
        @ApiResponse(
            code = 400,
            message =
                "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
        @ApiResponse(code = 401, message = "Client could not be authenticated."),
        @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
        @ApiResponse(code = 404, message = "The specified resource could not be found."),
        @ApiResponse(
            code = 409,
            message =
                "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
      })
  public Response removeAccessPolicy(
      @Context final HttpServletRequest httpServletRequest,
      @ApiParam(
              value =
                  "The revision is used to verify the client is working with the latest version of the flow.",
              required = false)
          @QueryParam(VERSION)
          final LongParameter version,
      @ApiParam(
              value =
                  "If the client id is not specified, new one will be generated. This value (whether specified or generated) is included in the response.",
              required = false)
          @QueryParam(CLIENT_ID)
          @DefaultValue(StringUtils.EMPTY)
          final ClientIdParameter clientId,
      @ApiParam(value = "The access policy id.", required = true) @PathParam("id")
          final String id) {

    if (isReplicateRequest()) {
      return replicate(HttpMethod.DELETE);
    }

    // handle expects request (usually from the cluster manager)
    final Revision revision =
        new Revision(version == null ? null : version.getLong(), clientId.getClientId(), id);
    return withWriteLock(
        serviceFacade,
        revision,
        lookup -> {
          final Authorizable accessPolicy = lookup.getAccessPolicyById(id);
          accessPolicy.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
        },
        () -> {},
        () -> {
          // delete the specified access policy
          final AccessPolicyEntity entity = serviceFacade.deleteAccessPolicy(revision, id);
          return clusterContext(generateOkResponse(entity)).build();
        });
  }
コード例 #6
0
  /**
   * Updates an access policy.
   *
   * @param httpServletRequest request
   * @param id The id of the access policy to update.
   * @param accessPolicyEntity An accessPolicyEntity.
   * @return An accessPolicyEntity.
   */
  @PUT
  @Consumes(MediaType.APPLICATION_JSON)
  @Produces(MediaType.APPLICATION_JSON)
  @Path("{id}")
  // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
  @ApiOperation(
      value = "Updates a access policy",
      response = AccessPolicyEntity.class,
      authorizations = {@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")})
  @ApiResponses(
      value = {
        @ApiResponse(
            code = 400,
            message =
                "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
        @ApiResponse(code = 401, message = "Client could not be authenticated."),
        @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
        @ApiResponse(code = 404, message = "The specified resource could not be found."),
        @ApiResponse(
            code = 409,
            message =
                "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
      })
  public Response updateAccessPolicy(
      @Context final HttpServletRequest httpServletRequest,
      @ApiParam(value = "The access policy id.", required = true) @PathParam("id") final String id,
      @ApiParam(value = "The access policy configuration details.", required = true)
          final AccessPolicyEntity accessPolicyEntity) {

    if (accessPolicyEntity == null || accessPolicyEntity.getComponent() == null) {
      throw new IllegalArgumentException("Access policy details must be specified.");
    }

    if (accessPolicyEntity.getRevision() == null) {
      throw new IllegalArgumentException("Revision must be specified.");
    }

    // ensure the ids are the same
    final AccessPolicyDTO accessPolicyDTO = accessPolicyEntity.getComponent();
    if (!id.equals(accessPolicyDTO.getId())) {
      throw new IllegalArgumentException(
          String.format(
              "The access policy id (%s) in the request body does not equal the "
                  + "access policy id of the requested resource (%s).",
              accessPolicyDTO.getId(), id));
    }

    if (isReplicateRequest()) {
      return replicate(HttpMethod.PUT, accessPolicyEntity);
    }

    // Extract the revision
    final Revision revision = getRevision(accessPolicyEntity, id);
    return withWriteLock(
        serviceFacade,
        revision,
        lookup -> {
          Authorizable authorizable = lookup.getAccessPolicyById(id);
          authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
        },
        null,
        () -> {
          // update the access policy
          final AccessPolicyEntity entity =
              serviceFacade.updateAccessPolicy(revision, accessPolicyDTO);
          populateRemainingAccessPolicyEntityContent(entity);

          return clusterContext(generateOkResponse(entity)).build();
        });
  }
コード例 #7
0
  /**
   * Creates a new access policy.
   *
   * @param httpServletRequest request
   * @param accessPolicyEntity An accessPolicyEntity.
   * @return An accessPolicyEntity.
   */
  @POST
  @Consumes(MediaType.APPLICATION_JSON)
  @Produces(MediaType.APPLICATION_JSON)
  // TODO - @PreAuthorize("hasRole('ROLE_DFM')")
  @ApiOperation(
      value = "Creates an access policy",
      response = AccessPolicyEntity.class,
      authorizations = {@Authorization(value = "Data Flow Manager", type = "ROLE_DFM")})
  @ApiResponses(
      value = {
        @ApiResponse(
            code = 400,
            message =
                "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
        @ApiResponse(code = 401, message = "Client could not be authenticated."),
        @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
        @ApiResponse(code = 404, message = "The specified resource could not be found."),
        @ApiResponse(
            code = 409,
            message =
                "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
      })
  public Response createAccessPolicy(
      @Context final HttpServletRequest httpServletRequest,
      @ApiParam(value = "The access policy configuration details.", required = true)
          final AccessPolicyEntity accessPolicyEntity) {

    if (accessPolicyEntity == null || accessPolicyEntity.getComponent() == null) {
      throw new IllegalArgumentException("Access policy details must be specified.");
    }

    if (accessPolicyEntity.getRevision() == null
        || (accessPolicyEntity.getRevision().getVersion() == null
            || accessPolicyEntity.getRevision().getVersion() != 0)) {
      throw new IllegalArgumentException(
          "A revision of 0 must be specified when creating a new Policy.");
    }

    final AccessPolicyDTO requestAccessPolicy = accessPolicyEntity.getComponent();
    if (requestAccessPolicy.getId() != null) {
      throw new IllegalArgumentException("Access policy ID cannot be specified.");
    }

    if (requestAccessPolicy.getResource() == null) {
      throw new IllegalArgumentException("Access policy resource must be specified.");
    }

    // ensure this is a valid action
    RequestAction.valueOfValue(requestAccessPolicy.getAction());

    if (isReplicateRequest()) {
      return replicate(HttpMethod.POST, accessPolicyEntity);
    }

    // handle expects request (usually from the cluster manager)
    final boolean validationPhase = isValidationPhase(httpServletRequest);
    if (validationPhase || !isTwoPhaseRequest(httpServletRequest)) {
      // authorize access
      serviceFacade.authorizeAccess(
          lookup -> {
            final Authorizable accessPolicies =
                lookup.getAccessPolicyByResource(requestAccessPolicy.getResource());
            accessPolicies.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
          });
    }
    if (validationPhase) {
      return generateContinueResponse().build();
    }

    // set the access policy id as appropriate
    requestAccessPolicy.setId(generateUuid());

    // get revision from the config
    final RevisionDTO revisionDTO = accessPolicyEntity.getRevision();
    Revision revision =
        new Revision(
            revisionDTO.getVersion(),
            revisionDTO.getClientId(),
            accessPolicyEntity.getComponent().getId());

    // create the access policy and generate the json
    final AccessPolicyEntity entity =
        serviceFacade.createAccessPolicy(revision, accessPolicyEntity.getComponent());
    populateRemainingAccessPolicyEntityContent(entity);

    // build the response
    return clusterContext(generateCreatedResponse(URI.create(entity.getUri()), entity)).build();
  }
コード例 #8
0
ファイル: OutputPortResource.java プロジェクト: cloudoo/nifi
  /**
   * Updates the specified output port.
   *
   * @param httpServletRequest request
   * @param id The id of the output port to update.
   * @param requestPortEntity A outputPortEntity.
   * @return A outputPortEntity.
   */
  @PUT
  @Consumes(MediaType.APPLICATION_JSON)
  @Produces(MediaType.APPLICATION_JSON)
  @Path("{id}")
  @ApiOperation(
      value = "Updates an output port",
      response = PortEntity.class,
      authorizations = {@Authorization(value = "Write - /output-ports/{uuid}", type = "")})
  @ApiResponses(
      value = {
        @ApiResponse(
            code = 400,
            message =
                "NiFi was unable to complete the request because it was invalid. The request should not be retried without modification."),
        @ApiResponse(code = 401, message = "Client could not be authenticated."),
        @ApiResponse(code = 403, message = "Client is not authorized to make this request."),
        @ApiResponse(code = 404, message = "The specified resource could not be found."),
        @ApiResponse(
            code = 409,
            message =
                "The request was valid but NiFi was not in the appropriate state to process it. Retrying the same request later may be successful.")
      })
  public Response updateOutputPort(
      @Context final HttpServletRequest httpServletRequest,
      @ApiParam(value = "The output port id.", required = true) @PathParam("id") final String id,
      @ApiParam(value = "The output port configuration details.", required = true)
          final PortEntity requestPortEntity) {

    if (requestPortEntity == null || requestPortEntity.getComponent() == null) {
      throw new IllegalArgumentException("Output port details must be specified.");
    }

    if (requestPortEntity.getRevision() == null) {
      throw new IllegalArgumentException("Revision must be specified.");
    }

    // ensure the ids are the same
    PortDTO requestPortDTO = requestPortEntity.getComponent();
    if (!id.equals(requestPortDTO.getId())) {
      throw new IllegalArgumentException(
          String.format(
              "The output port id (%s) in the request body does not equal the "
                  + "output port id of the requested resource (%s).",
              requestPortDTO.getId(), id));
    }

    final PositionDTO proposedPosition = requestPortDTO.getPosition();
    if (proposedPosition != null) {
      if (proposedPosition.getX() == null || proposedPosition.getY() == null) {
        throw new IllegalArgumentException(
            "The x and y coordinate of the proposed position must be specified.");
      }
    }

    if (isReplicateRequest()) {
      return replicate(HttpMethod.PUT, requestPortEntity);
    }

    // handle expects request (usually from the cluster manager)
    final Revision requestRevision = getRevision(requestPortEntity, id);
    return withWriteLock(
        serviceFacade,
        requestPortEntity,
        requestRevision,
        lookup -> {
          Authorizable authorizable = lookup.getOutputPort(id);
          authorizable.authorize(authorizer, RequestAction.WRITE, NiFiUserUtils.getNiFiUser());
        },
        () -> serviceFacade.verifyUpdateOutputPort(requestPortDTO),
        (revision, portEntity) -> {
          final PortDTO portDTO = portEntity.getComponent();

          // update the output port
          final PortEntity entity = serviceFacade.updateOutputPort(revision, portDTO);
          populateRemainingOutputPortEntityContent(entity);

          return clusterContext(generateOkResponse(entity)).build();
        });
  }