org.apache.nifi.authorization.AuthorizationResult.Result Java Examples
The following examples show how to use
org.apache.nifi.authorization.AuthorizationResult.Result.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: FileAuthorizerTest.java From localization_nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testUnauthorizedUser() throws Exception {
writeFile(primaryAuthorizations, SIMPLE_AUTHORIZATION_BY_USER);
writeFile(primaryTenants, SIMPLE_TENANTS_BY_USER);
authorizer.onConfigured(configurationContext);
final AuthorizationRequest request = new AuthorizationRequest.Builder()
.resource(ResourceFactory.getFlowResource())
.identity("user-2")
.anonymous(false)
.accessAttempt(true)
.action(RequestAction.READ)
.build();
final AuthorizationResult result = authorizer.authorize(request);
assertFalse(Result.Approved.equals(result.getResult()));
}
Example #2
| Source File: FileAuthorizerTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testUnauthorizedAction() throws Exception {
writeFile(primaryAuthorizations, SIMPLE_AUTHORIZATION_BY_USER);
writeFile(primaryTenants, SIMPLE_TENANTS_BY_USER);
authorizer.onConfigured(configurationContext);
final AuthorizationRequest request = new AuthorizationRequest.Builder()
.resource(ResourceFactory.getFlowResource())
.identity("user-1")
.anonymous(false)
.accessAttempt(true)
.action(RequestAction.WRITE)
.build();
final AuthorizationResult result = authorizer.authorize(request);
assertFalse(Result.Approved.equals(result.getResult()));
}
Example #3
| Source File: FileAuthorizerTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testUnauthorizedUser() throws Exception {
writeFile(primaryAuthorizations, SIMPLE_AUTHORIZATION_BY_USER);
writeFile(primaryTenants, SIMPLE_TENANTS_BY_USER);
authorizer.onConfigured(configurationContext);
final AuthorizationRequest request = new AuthorizationRequest.Builder()
.resource(ResourceFactory.getFlowResource())
.identity("user-2")
.anonymous(false)
.accessAttempt(true)
.action(RequestAction.READ)
.build();
final AuthorizationResult result = authorizer.authorize(request);
assertFalse(Result.Approved.equals(result.getResult()));
}
Example #4
| Source File: FileAuthorizerTest.java From nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testAuthorizedUserAction() throws Exception {
writeFile(primaryAuthorizations, SIMPLE_AUTHORIZATION_BY_USER);
writeFile(primaryTenants, SIMPLE_TENANTS_BY_USER);
authorizer.onConfigured(configurationContext);
final AuthorizationRequest request = new AuthorizationRequest.Builder()
.resource(ResourceFactory.getFlowResource())
.identity("user-1")
.anonymous(false)
.accessAttempt(true)
.action(RequestAction.READ)
.build();
final AuthorizationResult result = authorizer.authorize(request);
assertTrue(Result.Approved.equals(result.getResult()));
}
Example #5
| Source File: ControllerFacade.java From nifi with Apache License 2.0 | 6 votes |
|
/**
* Authorizes access to replay a specified provenance event. Whether to check read data permission can be specified. The context this
* method is invoked may have already verified these permissions. Using a flag here as it forces the caller to acknowledge this fact
* limiting the possibility of overlooking it.
*
* @param event event
* @param checkReadDataPermissions whether to verify read data permissions
*/
private AuthorizationResult checkAuthorizationForReplay(final ProvenanceEventRecord event, final boolean checkReadDataPermissions) {
// if the connection id isn't specified, then the replay wouldn't be available anyways and we have nothing to authorize against so deny it`
if (event.getSourceQueueIdentifier() == null) {
return AuthorizationResult.denied("The connection id in the provenance event is unknown.");
}
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final Authorizable dataAuthorizable = getDataAuthorizable(event);
final Map<String, String> eventAttributes = event.getAttributes();
if (checkReadDataPermissions) {
// ensure we can read the data
final AuthorizationResult result = dataAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, eventAttributes);
if (!Result.Approved.equals(result.getResult())) {
return result;
}
}
// ensure we can write the data; read the data should have been checked already
return dataAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user, eventAttributes);
}
Example #6
| Source File: DataTransferResource.java From nifi with Apache License 2.0 | 6 votes |
|
/**
* Authorizes access to data transfers.
* <p>
* Note: Protected for testing purposes
*/
protected void authorizeDataTransfer(final AuthorizableLookup lookup, final ResourceType resourceType, final String identifier) {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the resource type is correct
if (!ResourceType.InputPort.equals(resourceType) && !ResourceType.OutputPort.equals(resourceType)) {
throw new IllegalArgumentException("The resource must be an Input or Output Port.");
}
// get the authorizable
final PublicPortAuthorizable authorizable;
if (ResourceType.InputPort.equals(resourceType)) {
authorizable = lookup.getPublicInputPort(identifier);
} else {
authorizable = lookup.getPublicOutputPort(identifier);
}
// perform the authorization
final AuthorizationResult authorizationResult = authorizable.checkAuthorization(user);
if (!Result.Approved.equals(authorizationResult.getResult())) {
throw new AccessDeniedException(authorizationResult.getExplanation());
}
}
Example #7
| Source File: ComponentNode.java From nifi with Apache License 2.0 | 6 votes |
|
@Override
default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) {
// if this is a modification request and the reporting task is restricted ensure the user has elevated privileges. if this
// is not a modification request, we just want to use the normal rules
if (RequestAction.WRITE.equals(action) && isRestricted()) {
final Set<Authorizable> restrictedComponentsAuthorizables = RestrictedComponentsAuthorizableFactory.getRestrictedComponentsAuthorizable(getComponentClass());
for (final Authorizable restrictedComponentsAuthorizable : restrictedComponentsAuthorizables) {
final AuthorizationResult result = restrictedComponentsAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user, resourceContext);
if (Result.Denied.equals(result.getResult())) {
return result;
}
}
}
// defer to the base authorization check
return ComponentAuthorizable.super.checkAuthorization(authorizer, action, user, resourceContext);
}
Example #8
| Source File: UserEventAuthorizer.java From nifi with Apache License 2.0 | 6 votes |
|
@Override
public boolean isAuthorized(final ProvenanceEventRecord event) {
if (authorizer == null || user == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
eventAuthorizable = resourceFactory.createProvenanceDataAuthorizable(event.getComponentId());
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user);
return Result.Approved.equals(result.getResult());
}
Example #9
| Source File: MiNiFiPersistentProvenanceRepository.java From nifi-minifi with Apache License 2.0 | 6 votes |
|
public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
if (authorizer == null || user == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
if (event.isRemotePortType()) {
eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId());
} else {
eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId());
}
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, event.getAttributes());
return Result.Approved.equals(result.getResult());
}
Example #10
| Source File: FileAuthorizerTest.java From localization_nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testUnauthorizedAction() throws Exception {
writeFile(primaryAuthorizations, SIMPLE_AUTHORIZATION_BY_USER);
writeFile(primaryTenants, SIMPLE_TENANTS_BY_USER);
authorizer.onConfigured(configurationContext);
final AuthorizationRequest request = new AuthorizationRequest.Builder()
.resource(ResourceFactory.getFlowResource())
.identity("user-1")
.anonymous(false)
.accessAttempt(true)
.action(RequestAction.WRITE)
.build();
final AuthorizationResult result = authorizer.authorize(request);
assertFalse(Result.Approved.equals(result.getResult()));
}
Example #11
| Source File: FileAuthorizerTest.java From localization_nifi with Apache License 2.0 | 6 votes |
|
@Test
public void testAuthorizedUserAction() throws Exception {
writeFile(primaryAuthorizations, SIMPLE_AUTHORIZATION_BY_USER);
writeFile(primaryTenants, SIMPLE_TENANTS_BY_USER);
authorizer.onConfigured(configurationContext);
final AuthorizationRequest request = new AuthorizationRequest.Builder()
.resource(ResourceFactory.getFlowResource())
.identity("user-1")
.anonymous(false)
.accessAttempt(true)
.action(RequestAction.READ)
.build();
final AuthorizationResult result = authorizer.authorize(request);
assertTrue(Result.Approved.equals(result.getResult()));
}
Example #12
| Source File: ControllerFacade.java From localization_nifi with Apache License 2.0 | 6 votes |
|
/**
* Authorizes access to replay a specified provenance event.
*
* @param event event
*/
private AuthorizationResult checkAuthorizationForReplay(final ProvenanceEventRecord event) {
// if the connection id isn't specified, then the replay wouldn't be available anyways and we have nothing to authorize against so deny it`
if (event.getSourceQueueIdentifier() == null) {
return AuthorizationResult.denied("The connection id in the provenance event is unknown.");
}
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final Authorizable dataAuthorizable;
if (event.isRemotePortType()) {
dataAuthorizable = flowController.createRemoteDataAuthorizable(event.getComponentId());
} else {
dataAuthorizable = flowController.createLocalDataAuthorizable(event.getComponentId());
}
final Map<String, String> eventAttributes = event.getAttributes();
// ensure we can read the data
final AuthorizationResult result = dataAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, eventAttributes);
if (!Result.Approved.equals(result.getResult())) {
return result;
}
// ensure we can write the data
return dataAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user, eventAttributes);
}
Example #13
| Source File: ResourceResource.java From localization_nifi with Apache License 2.0 | 6 votes |
|
private void authorizeResource() {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final Map<String, String> userContext;
if (!StringUtils.isBlank(user.getClientAddress())) {
userContext = new HashMap<>();
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
} else {
userContext = null;
}
final AuthorizationRequest request = new AuthorizationRequest.Builder()
.resource(ResourceFactory.getResourceResource())
.identity(user.getIdentity())
.anonymous(user.isAnonymous())
.accessAttempt(true)
.action(RequestAction.READ)
.userContext(userContext)
.explanationSupplier(() -> "Unable to retrieve resources.")
.build();
final AuthorizationResult result = authorizer.authorize(request);
if (!Result.Approved.equals(result.getResult())) {
throw new AccessDeniedException(result.getExplanation());
}
}
Example #14
| Source File: ProvenanceResource.java From localization_nifi with Apache License 2.0 | 6 votes |
|
private void authorizeProvenanceRequest() {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final Map<String, String> userContext;
if (!StringUtils.isBlank(user.getClientAddress())) {
userContext = new HashMap<>();
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
} else {
userContext = null;
}
final AuthorizationRequest request = new AuthorizationRequest.Builder()
.resource(ResourceFactory.getProvenanceResource())
.identity(user.getIdentity())
.anonymous(user.isAnonymous())
.accessAttempt(true)
.action(RequestAction.READ)
.userContext(userContext)
.explanationSupplier(() -> "Unable to query provenance.")
.build();
final AuthorizationResult result = authorizer.authorize(request);
if (!Result.Approved.equals(result.getResult())) {
throw new AccessDeniedException(result.getExplanation());
}
}
Example #15
| Source File: UserEventAuthorizer.java From localization_nifi with Apache License 2.0 | 6 votes |
|
@Override
public boolean isAuthorized(final ProvenanceEventRecord event) {
if (authorizer == null || user == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
if (event.isRemotePortType()) {
eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId());
} else {
eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId());
}
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, event.getAttributes());
return Result.Approved.equals(result.getResult());
}
Example #16
| Source File: DataTransferResource.java From localization_nifi with Apache License 2.0 | 6 votes |
|
/**
* Authorizes access to data transfers.
* <p>
* Note: Protected for testing purposes
*/
protected void authorizeDataTransfer(final AuthorizableLookup lookup, final ResourceType resourceType, final String identifier) {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
// ensure the resource type is correct
if (!ResourceType.InputPort.equals(resourceType) && !ResourceType.OutputPort.equals(resourceType)) {
throw new IllegalArgumentException("The resource must be an Input or Output Port.");
}
// get the authorizable
final RootGroupPortAuthorizable authorizable;
if (ResourceType.InputPort.equals(resourceType)) {
authorizable = lookup.getRootGroupInputPort(identifier);
} else {
authorizable = lookup.getRootGroupOutputPort(identifier);
}
// perform the authorization
final AuthorizationResult authorizationResult = authorizable.checkAuthorization(user);
if (!Result.Approved.equals(authorizationResult.getResult())) {
throw new AccessDeniedException(authorizationResult.getExplanation());
}
}
Example #17
| Source File: StandardNiFiServiceFacade.java From localization_nifi with Apache License 2.0 | 6 votes |
|
@Override
public ActionEntity getAction(final Integer actionId) {
// get the action
final Action action = auditService.getAction(actionId);
// ensure the action was found
if (action == null) {
throw new ResourceNotFoundException(String.format("Unable to find action with id '%s'.", actionId));
}
final AuthorizationResult result = authorizeAction(action);
final boolean authorized = Result.Approved.equals(result.getResult());
if (!authorized) {
throw new AccessDeniedException(result.getExplanation());
}
// return the action
return entityFactory.createActionEntity(dtoFactory.createActionDto(action), authorized);
}
Example #18
| Source File: PersistentProvenanceRepository.java From localization_nifi with Apache License 2.0 | 6 votes |
|
public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
if (authorizer == null || user == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
if (event.isRemotePortType()) {
eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId());
} else {
eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId());
}
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, event.getAttributes());
return Result.Approved.equals(result.getResult());
}
Example #19
| Source File: VolatileProvenanceRepository.java From localization_nifi with Apache License 2.0 | 6 votes |
|
public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
if (authorizer == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
if (event.isRemotePortType()) {
eventAuthorizable = resourceFactory.createRemoteDataAuthorizable(event.getComponentId());
} else {
eventAuthorizable = resourceFactory.createLocalDataAuthorizable(event.getComponentId());
}
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user, event.getAttributes());
return Result.Approved.equals(result.getResult());
}
Example #20
| Source File: SystemDiagnosticsResource.java From localization_nifi with Apache License 2.0 | 6 votes |
|
private void authorizeSystem() {
final NiFiUser user = NiFiUserUtils.getNiFiUser();
final Map<String, String> userContext;
if (!StringUtils.isBlank(user.getClientAddress())) {
userContext = new HashMap<>();
userContext.put(UserContextKeys.CLIENT_ADDRESS.name(), user.getClientAddress());
} else {
userContext = null;
}
final AuthorizationRequest request = new AuthorizationRequest.Builder()
.resource(ResourceFactory.getSystemResource())
.identity(user.getIdentity())
.anonymous(user.isAnonymous())
.accessAttempt(true)
.action(RequestAction.READ)
.userContext(userContext)
.explanationSupplier(() -> "Unable to view system diagnostics.")
.build();
final AuthorizationResult result = authorizer.authorize(request);
if (!Result.Approved.equals(result.getResult())) {
throw new AccessDeniedException(result.getExplanation());
}
}
Example #21
| Source File: DataAuthorizableTest.java From localization_nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testCheckAuthorizationUserChain() {
final NiFiUser proxy2 = new StandardNiFiUser(PROXY_2);
final NiFiUser proxy1 = new StandardNiFiUser(PROXY_1, proxy2);
final NiFiUser user = new StandardNiFiUser(IDENTITY_1, proxy1);
final AuthorizationResult result = testDataAuthorizable.checkAuthorization(testAuthorizer, RequestAction.READ, user, null);
assertEquals(Result.Approved, result.getResult());
verify(testAuthorizer, times(3)).authorize(any(AuthorizationRequest.class));
verifyAuthorizeForUser(IDENTITY_1);
verifyAuthorizeForUser(PROXY_1);
verifyAuthorizeForUser(PROXY_2);
}
Example #22
| Source File: ProvenanceDataAuthorizableTest.java From nifi with Apache License 2.0 | 5 votes |
|
@Test
public void testCheckAuthorizationUser() {
final NiFiUser user = new Builder().identity(IDENTITY_1).build();
final AuthorizationResult result = testProvenanceDataAuthorizable.checkAuthorization(testAuthorizer, RequestAction.READ, user, null);
assertEquals(Result.Approved, result.getResult());
verify(testAuthorizer, times(1)).authorize(argThat(o -> IDENTITY_1.equals(o.getIdentity())));
}
Example #23
| Source File: StandardConnection.java From nifi with Apache License 2.0 | 5 votes |
|
@Override
public AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) {
if (user == null) {
return AuthorizationResult.denied("Unknown user.");
}
// check the source
final AuthorizationResult sourceResult = getSourceAuthorizable().checkAuthorization(authorizer, action, user, resourceContext);
if (Result.Denied.equals(sourceResult.getResult())) {
return sourceResult;
}
// check the destination
return getDestinationAuthorizable().checkAuthorization(authorizer, action, user, resourceContext);
}
Example #24
| Source File: AccessPolicyAuthorizable.java From nifi with Apache License 2.0 | 5 votes |
|
@Override
public AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) {
if (user == null) {
throw new AccessDeniedException("Unknown user.");
}
final AuthorizationResult resourceResult = Authorizable.super.checkAuthorization(authorizer, action, user, resourceContext);
// if we're denied from the resource try inheriting
if (Result.Denied.equals(resourceResult.getResult())) {
return getParentAuthorizable().checkAuthorization(authorizer, action, user, resourceContext);
} else {
return resourceResult;
}
}
Example #25
| Source File: AuthorizerFactory.java From nifi with Apache License 2.0 | 5 votes |
|
private static void audit(final Authorizer authorizer, final AuthorizationRequest request, final AuthorizationResult result) {
// audit when...
// 1 - the authorizer supports auditing
// 2 - the request is an access attempt
// 3 - the result is either approved/denied, when resource is not found a subsequent request may be following with the parent resource
if (authorizer instanceof AuthorizationAuditor && request.isAccessAttempt() && !Result.ResourceNotFound.equals(result.getResult())) {
((AuthorizationAuditor) authorizer).auditAccessAttempt(request, result);
}
}
Example #26
| Source File: DataAuthorizable.java From nifi with Apache License 2.0 | 5 votes |
|
@Override
public AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) {
if (user == null) {
return AuthorizationResult.denied("Unknown user.");
}
AuthorizationResult result = null;
// authorize each element in the chain
NiFiUser chainedUser = user;
do {
try {
// perform the current user authorization
result = Authorizable.super.checkAuthorization(authorizer, action, chainedUser, resourceContext);
// if authorization is not approved, reject
if (!Result.Approved.equals(result.getResult())) {
return result;
}
// go to the next user in the chain
chainedUser = chainedUser.getChain();
} catch (final ResourceNotFoundException e) {
result = AuthorizationResult.denied("Unknown source component.");
}
} while (chainedUser != null);
if (result == null) {
result = AuthorizationResult.denied();
}
return result;
}
Example #27
| Source File: ConfiguredComponent.java From localization_nifi with Apache License 2.0 | 5 votes |
|
@Override
default AuthorizationResult checkAuthorization(Authorizer authorizer, RequestAction action, NiFiUser user, Map<String, String> resourceContext) {
// if this is a modification request and the reporting task is restricted ensure the user has elevated privileges. if this
// is not a modification request, we just want to use the normal rules
if (RequestAction.WRITE.equals(action) && isRestricted()) {
final RestrictedComponentsAuthorizable restrictedComponentsAuthorizable = new RestrictedComponentsAuthorizable();
final AuthorizationResult result = restrictedComponentsAuthorizable.checkAuthorization(authorizer, RequestAction.WRITE, user, resourceContext);
if (Result.Denied.equals(result.getResult())) {
return result;
}
}
// defer to the base authorization check
return ComponentAuthorizable.super.checkAuthorization(authorizer, action, user, resourceContext);
}
Example #28
| Source File: VolatileProvenanceRepository.java From nifi with Apache License 2.0 | 5 votes |
|
public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
if (authorizer == null || user == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
eventAuthorizable = resourceFactory.createProvenanceDataAuthorizable(event.getComponentId());
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user);
return Result.Approved.equals(result.getResult());
}
Example #29
| Source File: PersistentProvenanceRepository.java From nifi with Apache License 2.0 | 5 votes |
|
public boolean isAuthorized(final ProvenanceEventRecord event, final NiFiUser user) {
if (authorizer == null || user == null) {
return true;
}
final Authorizable eventAuthorizable;
try {
eventAuthorizable = resourceFactory.createProvenanceDataAuthorizable(event.getComponentId());
} catch (final ResourceNotFoundException rnfe) {
return false;
}
final AuthorizationResult result = eventAuthorizable.checkAuthorization(authorizer, RequestAction.READ, user);
return Result.Approved.equals(result.getResult());
}
Example #30
| Source File: StandardNiFiServiceFacade.java From localization_nifi with Apache License 2.0 | 5 votes |
|
private boolean authorizeBulletin(final Bulletin bulletin) {
final String sourceId = bulletin.getSourceId();
final ComponentType type = bulletin.getSourceType();
final Authorizable authorizable;
try {
switch (type) {
case PROCESSOR:
authorizable = authorizableLookup.getProcessor(sourceId).getAuthorizable();
break;
case REPORTING_TASK:
authorizable = authorizableLookup.getReportingTask(sourceId).getAuthorizable();
break;
case CONTROLLER_SERVICE:
authorizable = authorizableLookup.getControllerService(sourceId).getAuthorizable();
break;
case FLOW_CONTROLLER:
authorizable = controllerFacade;
break;
case INPUT_PORT:
authorizable = authorizableLookup.getInputPort(sourceId);
break;
case OUTPUT_PORT:
authorizable = authorizableLookup.getOutputPort(sourceId);
break;
case REMOTE_PROCESS_GROUP:
authorizable = authorizableLookup.getRemoteProcessGroup(sourceId);
break;
default:
throw new WebApplicationException(Response.serverError().entity("An unexpected type of component is the source of this bulletin.").build());
}
} catch (final ResourceNotFoundException e) {
// if the underlying component is gone, disallow
return false;
}
// perform the authorization
final AuthorizationResult result = authorizable.checkAuthorization(authorizer, RequestAction.READ, NiFiUserUtils.getNiFiUser());
return Result.Approved.equals(result.getResult());
}
