/** Seed any users from the authority provider that are not already present. */
public void seedUserAccounts() {
// do not seed node's user cache. when/if the node disconnects its
// cache will be populated lazily (as needed)
if (properties.isNode()) {
return;
}
Transaction transaction = null;
writeLock.lock();
try {
// start the transaction
transaction = transactionBuilder.start();
// seed the accounts
SeedUserAccountsAction seedUserAccounts = new SeedUserAccountsAction();
transaction.execute(seedUserAccounts);
// commit the transaction
transaction.commit();
} catch (AdministrationException ae) {
rollback(transaction);
throw ae;
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
writeLock.unlock();
}
}
@Override
public Key getOrCreateKey(String identity) {
Transaction transaction = null;
Key key = null;
writeLock.lock();
try {
// start the transaction
transaction = transactionBuilder.start();
// get or create a key
GetOrCreateKeyAction addActions = new GetOrCreateKeyAction(identity);
key = transaction.execute(addActions);
// commit the transaction
transaction.commit();
} catch (TransactionException | DataAccessException te) {
rollback(transaction);
throw new AdministrationException(te);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
writeLock.unlock();
}
return key;
}
@Override
public void deleteKey(String identity) {
Transaction transaction = null;
writeLock.lock();
try {
// start the transaction
transaction = transactionBuilder.start();
// delete the keys
DeleteKeysAction deleteKeys = new DeleteKeysAction(identity);
transaction.execute(deleteKeys);
// commit the transaction
transaction.commit();
} catch (TransactionException | DataAccessException te) {
rollback(transaction);
throw new AdministrationException(te);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
writeLock.unlock();
}
}
@Override
public NiFiUser getUserByDn(String dn) {
Transaction transaction = null;
readLock.lock();
try {
// start the transaction
transaction = transactionBuilder.start();
// return the desired user
FindUserByDnAction findUserByDn = new FindUserByDnAction(dn);
NiFiUser user = transaction.execute(findUserByDn);
// commit the transaction
transaction.commit();
// return the user
return user;
} catch (TransactionException | DataAccessException te) {
rollback(transaction);
throw new AdministrationException(te);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
readLock.unlock();
}
}
@Override
public Key getKey(int id) {
Transaction transaction = null;
Key key = null;
readLock.lock();
try {
// start the transaction
transaction = transactionBuilder.start();
// get the key
GetKeyByIdAction addActions = new GetKeyByIdAction(id);
key = transaction.execute(addActions);
// commit the transaction
transaction.commit();
} catch (TransactionException | DataAccessException te) {
rollback(transaction);
throw new AdministrationException(te);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
readLock.unlock();
}
return key;
}
@Override
public DownloadAuthorization authorizeDownload(
final List<String> dnChain, final Map<String, String> attributes) {
Transaction transaction = null;
readLock.lock();
try {
// start the transaction
transaction = transactionBuilder.start();
// authorize the download
AuthorizeDownloadAction authorizeDownload = new AuthorizeDownloadAction(dnChain, attributes);
DownloadAuthorization downloadAuthorization = transaction.execute(authorizeDownload);
// commit the transaction
transaction.commit();
// return the authorization
return downloadAuthorization;
} catch (TransactionException | DataAccessException te) {
rollback(transaction);
throw new AdministrationException(te);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
readLock.unlock();
}
}
@Override
public Collection<NiFiUser> getUsers() {
Transaction transaction = null;
readLock.lock();
try {
// start the transaction
transaction = transactionBuilder.start();
// get all users
GetUsersAction getUsers = new GetUsersAction();
Collection<NiFiUser> users = transaction.execute(getUsers);
// commit the transaction
transaction.commit();
// return the users
return users;
} catch (TransactionException | DataAccessException te) {
rollback(transaction);
throw new AdministrationException(te);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
readLock.unlock();
}
}
@Override
public void invalidateUserGroupAccount(String group) {
Transaction transaction = null;
writeLock.lock();
try {
// start the transaction
transaction = transactionBuilder.start();
// invalidate the user account
InvalidateUserGroupAccountsAction invalidateUserGroupAccounts =
new InvalidateUserGroupAccountsAction(group);
transaction.execute(invalidateUserGroupAccounts);
// commit the transaction
transaction.commit();
} catch (TransactionException | DataAccessException te) {
rollback(transaction);
throw new AdministrationException(te);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
writeLock.unlock();
}
}
// -----------------
// read only methods
// -----------------
@Override
public Boolean hasPendingUserAccount() {
Transaction transaction = null;
readLock.lock();
try {
// start the transaction
transaction = transactionBuilder.start();
final HasPendingUserAccounts hasPendingAccounts = new HasPendingUserAccounts();
final Boolean hasPendingUserAccounts = transaction.execute(hasPendingAccounts);
// commit the transaction
transaction.commit();
return hasPendingUserAccounts;
} catch (TransactionException | DataAccessException te) {
rollback(transaction);
throw new AdministrationException(te);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
readLock.unlock();
}
}
@Override
public NiFiUserGroup disableGroup(String group) {
Transaction transaction = null;
writeLock.lock();
try {
// create the connection
transaction = transactionBuilder.start();
// disable the user
DisableUserGroupAction disableUser = new DisableUserGroupAction(group);
NiFiUserGroup userGroup = transaction.execute(disableUser);
// commit the transaction
transaction.commit();
// return the user
return userGroup;
} catch (DataAccessException | TransactionException dae) {
rollback(transaction);
throw new AdministrationException(dae);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
writeLock.unlock();
}
}
@Override
public void deleteUser(String id) {
Transaction transaction = null;
writeLock.lock();
try {
// create the connection
transaction = transactionBuilder.start();
// delete the user
DeleteUserAction deleteUser = new DeleteUserAction(id);
transaction.execute(deleteUser);
// commit the transaction
transaction.commit();
} catch (DataAccessException | TransactionException dae) {
rollback(transaction);
throw new AdministrationException(dae);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
writeLock.unlock();
}
}
@Override
public void ungroup(String group) {
Transaction transaction = null;
writeLock.lock();
try {
// start the transaction
transaction = transactionBuilder.start();
// ungroup the specified user
final UngroupUserGroupAction ungroupUserGroup = new UngroupUserGroupAction(group);
transaction.execute(ungroupUserGroup);
// commit the transaction
transaction.commit();
} catch (TransactionException | DataAccessException te) {
rollback(transaction);
throw new AdministrationException(te);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
writeLock.unlock();
}
}
@Override
public NiFiUser createPendingUserAccount(String dn, String justification) {
Transaction transaction = null;
writeLock.lock();
try {
// start the transaction
transaction = transactionBuilder.start();
// create the account request
RequestUserAccountAction requestUserAccount = new RequestUserAccountAction(dn, justification);
NiFiUser user = transaction.execute(requestUserAccount);
// commit the transaction
transaction.commit();
// return the nifi user
return user;
} catch (TransactionException | DataAccessException te) {
rollback(transaction);
throw new AdministrationException(te);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
writeLock.unlock();
}
}
@Override
public NiFiUser checkAuthorization(String dn) {
Transaction transaction = null;
writeLock.lock();
try {
// create the connection
transaction = transactionBuilder.start();
// determine how long the cache is valid for
final int cacheSeconds;
try {
cacheSeconds =
(int)
FormatUtils.getTimeDuration(
properties.getUserCredentialCacheDuration(), TimeUnit.SECONDS);
} catch (IllegalArgumentException iae) {
throw new AdministrationException(
"User credential cache duration is not configured correctly.");
}
// attempt to authorize the user
AuthorizeUserAction authorizeUser = new AuthorizeUserAction(dn, cacheSeconds);
NiFiUser user = transaction.execute(authorizeUser);
// commit the transaction
transaction.commit();
// return the nifi user
return user;
} catch (DataAccessException | TransactionException dae) {
rollback(transaction);
throw new AdministrationException(dae);
} catch (AccountDisabledException | AccountPendingException ade) {
rollback(transaction);
throw ade;
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
writeLock.unlock();
}
}
@Override
public NiFiUserGroup updateGroup(
final String group, final Set<String> userIds, final Set<Authority> authorities) {
Transaction transaction = null;
writeLock.lock();
try {
// if user ids have been specified, invalidate the user accounts before performing
// the desired updates. if case of an error, this will ensure that these users are
// authorized the next time the access the application
if (userIds != null) {
for (final String userId : userIds) {
invalidateUserAccount(userId);
}
}
// start the transaction
transaction = transactionBuilder.start();
// set the authorities for each user in this group if specified
final UpdateUserGroupAction updateUserGroup =
new UpdateUserGroupAction(group, userIds, authorities);
transaction.execute(updateUserGroup);
// get all the users that are now in this group
final GetUserGroupAction getUserGroup = new GetUserGroupAction(group);
final NiFiUserGroup userGroup = transaction.execute(getUserGroup);
// commit the transaction
transaction.commit();
return userGroup;
} catch (TransactionException | DataAccessException te) {
rollback(transaction);
throw new AdministrationException(te);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
writeLock.unlock();
}
}
@Override
public NiFiUser update(String id, Set<Authority> authorities) {
Transaction transaction = null;
// may be empty but not null
if (authorities == null) {
throw new IllegalArgumentException("The specified authorities cannot be null.");
}
writeLock.lock();
try {
// invalidate the user account in preparation for potential subsequent errors
invalidateUserAccount(id);
// at this point the current user account has been invalidated so we will
// attempt to update the account. if any part fails we are assured the
// user will be need to be given approval before they access the system at
// a later time
// start the transaction
transaction = transactionBuilder.start();
// update the user authorities
UpdateUserAction setUserAuthorities = new UpdateUserAction(id, authorities);
NiFiUser user = transaction.execute(setUserAuthorities);
// commit the transaction
transaction.commit();
// return the user
return user;
} catch (TransactionException | DataAccessException e) {
rollback(transaction);
throw new AdministrationException(e);
} catch (Throwable t) {
rollback(transaction);
throw t;
} finally {
closeQuietly(transaction);
writeLock.unlock();
}
}
