org.apache.nifi.authorization.exception.AuthorizerCreationException Java Examples

@Test(expected = AuthorizerCreationException.class)
public void testDuplicateProviders() throws Exception {

    // Mock UserGroupProviderLookup
    UserGroupProvider configurableUserGroupProvider = getConfigurableUserGroupProvider();
    final UserGroupProviderLookup ugpLookup = mock(UserGroupProviderLookup.class);
    when(ugpLookup.getUserGroupProvider(eq(CONFIGURABLE_USER_GROUP_PROVIDER))).thenReturn(configurableUserGroupProvider);

    // Mock AuthorizerInitializationContext
    final AuthorizerInitializationContext initializationContext = mock(AuthorizerInitializationContext.class);
    when(initializationContext.getUserGroupProviderLookup()).thenReturn(ugpLookup);

    // Mock AuthorizerConfigurationContext to introduce the duplicate provider ids
    final AuthorizerConfigurationContext configurationContext = mock(AuthorizerConfigurationContext.class);
    when(configurationContext.getProperty(PROP_CONFIGURABLE_USER_GROUP_PROVIDER)).thenReturn(new StandardPropertyValue(CONFIGURABLE_USER_GROUP_PROVIDER, null, ParameterLookup.EMPTY));
    Map<String, String> configurationContextProperties = new HashMap<>();
    configurationContextProperties.put(PROP_USER_GROUP_PROVIDER_PREFIX + "1", CONFIGURABLE_USER_GROUP_PROVIDER);
    configurationContextProperties.put(PROP_USER_GROUP_PROVIDER_PREFIX + "2", NOT_CONFIGURABLE_USER_GROUP_PROVIDER);
    when(configurationContext.getProperties()).thenReturn(configurationContextProperties);

    // configure (should throw exception)
    CompositeConfigurableUserGroupProvider provider = new CompositeConfigurableUserGroupProvider();
    provider.initialize(initializationContext);
    provider.onConfigured(configurationContext);
}
 

private long getDelayProperty(AuthorizerConfigurationContext authContext, String propertyName, String defaultValue) {
    final PropertyValue intervalProperty = authContext.getProperty(propertyName);
    final String propertyValue;
    final long syncInterval;

    if (intervalProperty.isSet()) {
        propertyValue = intervalProperty.getValue();
    } else {
        propertyValue = defaultValue;
    }

    try {
        syncInterval = Math.round(FormatUtils.getPreciseTimeDuration(propertyValue, TimeUnit.MILLISECONDS));
    } catch (final IllegalArgumentException ignored) {
        throw new AuthorizerCreationException(String.format("The %s '%s' is not a valid time interval.", propertyName, propertyValue));
    }

    if (syncInterval < MINIMUM_SYNC_INTERVAL_MILLISECONDS) {
        throw new AuthorizerCreationException(String.format("The %s '%s' is below the minimum value of '%d ms'", propertyName, propertyValue, MINIMUM_SYNC_INTERVAL_MILLISECONDS));
    }
    return syncInterval;
}
 

@Test
public void testKerberosEnabledWithoutPrincipal() {
    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_KERBEROS_ENABLED_PROP)))
            .thenReturn(new MockPropertyValue("true"));

    nifiProperties = Mockito.mock(NiFiProperties.class);
    when(nifiProperties.getKerberosServiceKeytabLocation()).thenReturn("");

    authorizer = new MockRangerNiFiAuthorizer(rangerBasePlugin);
    authorizer.setNiFiProperties(nifiProperties);

    try {
        authorizer.onConfigured(configurationContext);
        Assert.fail("Should have thrown exception");
    } catch (AuthorizerCreationException e) {
        // want to make sure this exception is from our authorizer code
        verifyOnlyAuthorizeCreationExceptions(e);
    }
}
 

/**
 * @return a default Authorizer to use when running unsecurely with no authorizer configured
 */
private Authorizer createDefaultAuthorizer() {
    return new Authorizer() {
        @Override
        public AuthorizationResult authorize(final AuthorizationRequest request) throws AuthorizationAccessException {
            return AuthorizationResult.approved();
        }

        @Override
        public void initialize(AuthorizerInitializationContext initializationContext) throws AuthorizerCreationException {
        }

        @Override
        public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
        }

        @Override
        public void preDestruction() throws AuthorizerDestructionException {
        }
    };
}
 

@Override
public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
    final PropertyValue accessPolicyProviderKey = configurationContext.getProperty("Access Policy Provider");
    if (!accessPolicyProviderKey.isSet()) {
        throw new AuthorizerCreationException("The Access Policy Provider must be set.");
    }

    accessPolicyProvider = accessPolicyProviderLookup.getAccessPolicyProvider(accessPolicyProviderKey.getValue());

    // ensure the desired access policy provider was found
    if (accessPolicyProvider == null) {
        throw new AuthorizerCreationException(String.format("Unable to locate configured Access Policy Provider: %s", accessPolicyProviderKey));
    }

    userGroupProvider = accessPolicyProvider.getUserGroupProvider();

    // ensure the desired access policy provider has a user group provider
    if (userGroupProvider == null) {
        throw new AuthorizerCreationException(String.format("Configured Access Policy Provider %s does not contain a User Group Provider", accessPolicyProviderKey));
    }
}
 

@Test
public void testKerberosEnabledWithoutPrincipal() {
    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_KERBEROS_ENABLED_PROP)))
            .thenReturn(new MockPropertyValue("true"));

    nifiProperties = Mockito.mock(NiFiProperties.class);
    when(nifiProperties.getKerberosServiceKeytabLocation()).thenReturn("");

    authorizer = new MockRangerNiFiAuthorizer(rangerBasePlugin);
    authorizer.setNiFiProperties(nifiProperties);

    try {
        authorizer.onConfigured(configurationContext);
        Assert.fail("Should have thrown exception");
    } catch (AuthorizerCreationException e) {
        // want to make sure this exception is from our authorizer code
        verifyOnlyAuthorizeCreationExceptions(e);
    }
}
 

@Test
public void testKerberosEnabledWithoutKeytab() {
    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_KERBEROS_ENABLED_PROP)))
            .thenReturn(new MockPropertyValue("true"));

    nifiProperties = Mockito.mock(NiFiProperties.class);
    when(nifiProperties.getKerberosServicePrincipal()).thenReturn("");

    authorizer = new MockRangerNiFiAuthorizer(rangerBasePlugin);
    authorizer.setNiFiProperties(nifiProperties);

    try {
        authorizer.onConfigured(configurationContext);
        Assert.fail("Should have thrown exception");
    } catch (AuthorizerCreationException e) {
        // want to make sure this exception is from our authorizer code
        verifyOnlyAuthorizeCreationExceptions(e);
    }
}
 

/**
 * Adds a resource to the RangerConfiguration singleton so it is already there by the time RangerBasePlugin.init()
 * is called.
 *
 * @param name the name of the given PropertyValue from the AuthorizationConfigurationContext
 * @param resourceValue the value for the given name, should be a full path to a file
 */
private void addRequiredResource(final String name, final PropertyValue resourceValue) {
    if (resourceValue == null || StringUtils.isBlank(resourceValue.getValue())) {
        throw new AuthorizerCreationException(name + " must be specified.");
    }

    final File resourceFile = new File(resourceValue.getValue());
    if (!resourceFile.exists() || !resourceFile.canRead()) {
        throw new AuthorizerCreationException(resourceValue + " does not exist, or can not be read");
    }

    try {
        RangerConfiguration.getInstance().addResource(resourceFile.toURI().toURL());
    } catch (MalformedURLException e) {
        throw new AuthorizerCreationException("Error creating URI for " + resourceValue, e);
    }
}
 

/**
 * @return a default Authorizer to use when running unsecurely with no authorizer configured
 */
private Authorizer createDefaultAuthorizer() {
    return new Authorizer() {
        @Override
        public AuthorizationResult authorize(final AuthorizationRequest request) throws AuthorizationAccessException {
            return AuthorizationResult.approved();
        }

        @Override
        public void initialize(AuthorizerInitializationContext initializationContext) throws AuthorizerCreationException {
        }

        @Override
        public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
        }

        @Override
        public void preDestruction() throws AuthorizerDestructionException {
        }
    };
}
 

@Override
public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
    for (Map.Entry<String,String> entry : configurationContext.getProperties().entrySet()) {
        Matcher matcher = USER_GROUP_PROVIDER_PATTERN.matcher(entry.getKey());
        if (matcher.matches() && !StringUtils.isBlank(entry.getValue())) {
            final String userGroupProviderKey = entry.getValue();
            final UserGroupProvider userGroupProvider = userGroupProviderLookup.getUserGroupProvider(userGroupProviderKey);

            if (userGroupProvider == null) {
                throw new AuthorizerCreationException(String.format("Unable to locate the configured User Group Provider: %s", userGroupProviderKey));
            }

            if (userGroupProviders.contains(userGroupProvider)) {
                throw new AuthorizerCreationException(String.format("Duplicate provider in Composite User Group Provider configuration: %s", userGroupProviderKey));
            }

            userGroupProviders.add(userGroupProvider);
        }
    }

    if (!allowEmptyProviderList && userGroupProviders.isEmpty()) {
        throw new AuthorizerCreationException("At least one User Group Provider must be configured.");
    }
}
 

@Test(expected = AuthorizerCreationException.class)
public void testOnConfiguredWhenPoliciesWithSameResourceAndAction() {
    User user1 = new User.Builder().identifier("user-id-1").identity("user-1").build();

    AccessPolicy policy1 = new AccessPolicy.Builder()
            .identifier("policy-id-1")
            .resource("resource1")
            .action(RequestAction.READ)
            .addUser(user1.getIdentifier())
            .build();

    AccessPolicy policy2 = new AccessPolicy.Builder()
            .identifier("policy-id-2")
            .resource("resource1")
            .action(RequestAction.READ)
            .addUser(user1.getIdentifier())
            .build();

    Set<AccessPolicy> policies = new LinkedHashSet<>();
    policies.add(policy1);
    policies.add(policy2);

    Set<User> users = new LinkedHashSet<>();
    users.add(user1);

    AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class);
    Authorizer authorizer = AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer(new HashSet<>(), users, policies));
    authorizer.onConfigured(context);
}
 

@Test
public void testInvalidDelayIntervalThrowsException() throws AuthorizerCreationException {
    final AuthorizerConfigurationContext authContext = Mockito.mock(AuthorizerConfigurationContext.class);
    final ShellUserGroupProvider localProvider = new ShellUserGroupProvider();
    Mockito.when(authContext.getProperty(Mockito.eq(ShellUserGroupProvider.REFRESH_DELAY_PROPERTY))).thenReturn(new MockPropertyValue("Not an interval"));

    expectedException.expect(AuthorizerCreationException.class);
    expectedException.expectMessage("The Refresh Delay 'Not an interval' is not a valid time interval.");

    localProvider.onConfigured(authContext);
}
 

@Test(expected = AuthorizerCreationException.class)
public void testOnConfiguredWhenNodeGroupDoesNotExist() throws Exception {
    final String adminIdentity = "admin-user";

    when(configurationContext.getProperty(eq(FileAccessPolicyProvider.PROP_INITIAL_ADMIN_IDENTITY)))
        .thenReturn(new StandardPropertyValue(adminIdentity, null, ParameterLookup.EMPTY));
    when(configurationContext.getProperty(eq(FileAccessPolicyProvider.PROP_NODE_GROUP_NAME)))
        .thenReturn(new StandardPropertyValue("nonexistent", null, ParameterLookup.EMPTY));

    writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE);
    writeFile(primaryTenants, TENANTS_FOR_ADMIN_AND_NODE_GROUP);

    userGroupProvider.onConfigured(configurationContext);
    accessPolicyProvider.onConfigured(configurationContext);
}
 

@Test(expected = AuthorizerCreationException.class)
public void testOnConfiguredWhenBadLegacyUsersFileProvided() throws Exception {
    when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE)))
            .thenReturn(new StandardPropertyValue("src/test/resources/does-not-exist.xml", null, ParameterLookup.EMPTY));

    writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE);
    writeFile(primaryTenants, EMPTY_TENANTS_CONCISE);
    authorizer.onConfigured(configurationContext);
}
 

@Test(expected = AuthorizerCreationException.class)
public void testOnConfiguredWhenBadLegacyUsersFileProvided() throws Exception {
    when(configurationContext.getProperty(eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE)))
            .thenReturn(new StandardPropertyValue("src/test/resources/does-not-exist.xml", null, ParameterLookup.EMPTY));

    writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE);
    writeFile(primaryTenants, EMPTY_TENANTS_CONCISE);
    accessPolicyProvider.onConfigured(configurationContext);
}
 

@Test(expected = AuthorizerCreationException.class)
public void testOnConfiguredWhenPoliciesWithSameResourceAndAction() {
    User user1 = new User.Builder().identifier("user-id-1").identity("user-1").build();

    AccessPolicy policy1 = new AccessPolicy.Builder()
            .identifier("policy-id-1")
            .resource("resource1")
            .action(RequestAction.READ)
            .addUser(user1.getIdentifier())
            .build();

    AccessPolicy policy2 = new AccessPolicy.Builder()
            .identifier("policy-id-2")
            .resource("resource1")
            .action(RequestAction.READ)
            .addUser(user1.getIdentifier())
            .build();

    Set<AccessPolicy> policies = new LinkedHashSet<>();
    policies.add(policy1);
    policies.add(policy2);

    Set<User> users = new LinkedHashSet<>();
    users.add(user1);

    AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class);
    AbstractPolicyBasedAuthorizer authorizer = new MockPolicyBasedAuthorizer(new HashSet<>(), users, policies);
    authorizer.onConfigured(context);
}
 

@Test(expected = AuthorizerCreationException.class)
public void testOnConfiguredWhenGroupsWithSameName() {
    Group group1 = new Group.Builder().identifier("group-id-1").name("group-1").build();
    Group group2 = new Group.Builder().identifier("group-id-2").name("group-1").build();

    Set<Group> groups = new LinkedHashSet<>();
    groups.add(group1);
    groups.add(group2);

    AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class);
    Authorizer authorizer = AuthorizerFactory.installIntegrityChecks(new MockPolicyBasedAuthorizer(groups, new HashSet<>(), new HashSet<>()));
    authorizer.onConfigured(context);
}
 

@Test(expected = AuthorizerCreationException.class)
public void testOnConfiguredWhenGroupsWithSameName() {
    Group group1 = new Group.Builder().identifier("group-id-1").name("group-1").build();
    Group group2 = new Group.Builder().identifier("group-id-2").name("group-1").build();

    Set<Group> groups = new LinkedHashSet<>();
    groups.add(group1);
    groups.add(group2);

    AuthorizerConfigurationContext context = Mockito.mock(AuthorizerConfigurationContext.class);
    AbstractPolicyBasedAuthorizer authorizer = new MockPolicyBasedAuthorizer(groups, new HashSet<>(), new HashSet<>());
    authorizer.onConfigured(context);
}
 

@Test
public void testKerberosEnabled() {
    when(configurationContext.getProperty(eq(RangerNiFiAuthorizer.RANGER_KERBEROS_ENABLED_PROP)))
            .thenReturn(new MockPropertyValue("true"));

    nifiProperties = Mockito.mock(NiFiProperties.class);
    when(nifiProperties.getKerberosServiceKeytabLocation()).thenReturn("test");
    when(nifiProperties.getKerberosServicePrincipal()).thenReturn("test");

    authorizer = new MockRangerNiFiAuthorizer(rangerBasePlugin);
    authorizer.setNiFiProperties(nifiProperties);

    try {
        authorizer.onConfigured(configurationContext);
        Assert.fail("Should have thrown exception");
    } catch (AuthorizerCreationException e) {
        // getting a LoginException here means we attempted to login which is what we want
        boolean foundLoginException = false;
        Throwable cause = e.getCause();
        while (cause != null) {
            if (cause instanceof LoginException) {
                foundLoginException = true;
                break;
            }
            cause = cause.getCause();
        }
        assertTrue(foundLoginException);
    }
}
 

@Test(expected = AuthorizerCreationException.class)
public void testOnConfiguredWhenInitialAdminAndLegacyUsersProvided() throws Exception {
    final String adminIdentity = "admin-user";
    when(configurationContext.getProperty(eq(FileAccessPolicyProvider.PROP_INITIAL_ADMIN_IDENTITY)))
            .thenReturn(new StandardPropertyValue(adminIdentity, null, ParameterLookup.EMPTY));

    when(configurationContext.getProperty(eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE)))
            .thenReturn(new StandardPropertyValue("src/test/resources/authorized-users.xml", null, ParameterLookup.EMPTY));

    writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE);
    writeFile(primaryTenants, EMPTY_TENANTS_CONCISE);
    accessPolicyProvider.onConfigured(configurationContext);
}
 

@Test(expected = AuthorizerCreationException.class)
public void testOnConfiguredWhenInitialAdminAndLegacyUsersProvided() throws Exception {
    final String adminIdentity = "admin-user";
    when(configurationContext.getProperty(Mockito.eq(FileAccessPolicyProvider.PROP_INITIAL_ADMIN_IDENTITY)))
            .thenReturn(new StandardPropertyValue(adminIdentity, null, ParameterLookup.EMPTY));

    when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE)))
            .thenReturn(new StandardPropertyValue("src/test/resources/authorized-users.xml", null, ParameterLookup.EMPTY));

    writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE);
    writeFile(primaryTenants, EMPTY_TENANTS_CONCISE);
    authorizer.onConfigured(configurationContext);
}
 

@Test(expected = AuthorizerCreationException.class)
public void testOnConfiguredWhenBadLegacyUsersFileProvided() throws Exception {
    when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE)))
            .thenReturn(new StandardPropertyValue("src/test/resources/does-not-exist.xml", null));

    writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE);
    writeFile(primaryTenants, EMPTY_TENANTS_CONCISE);
    authorizer.onConfigured(configurationContext);
}
 

@Test(expected = AuthorizerCreationException.class)
public void testOnConfiguredWhenInitialAdminAndLegacyUsersProvided() throws Exception {
    final String adminIdentity = "admin-user";
    when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_INITIAL_ADMIN_IDENTITY)))
            .thenReturn(new StandardPropertyValue(adminIdentity, null));

    when(configurationContext.getProperty(Mockito.eq(FileAuthorizer.PROP_LEGACY_AUTHORIZED_USERS_FILE)))
            .thenReturn(new StandardPropertyValue("src/test/resources/authorized-users.xml", null));

    writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE);
    writeFile(primaryTenants, EMPTY_TENANTS_CONCISE);
    authorizer.onConfigured(configurationContext);
}
 

@Override
public AccessPolicyProvider getAccessPolicyProvider() {
    return new AccessPolicyProvider() {
        @Override
        public Set<AccessPolicy> getAccessPolicies() throws AuthorizationAccessException {
            return nifiPlugin.getAccessPolicies();
        }

        @Override
        public AccessPolicy getAccessPolicy(String identifier) throws AuthorizationAccessException {
            return nifiPlugin.getAccessPolicy(identifier);
        }

        @Override
        public AccessPolicy getAccessPolicy(String resourceIdentifier, RequestAction action) throws AuthorizationAccessException {
            return nifiPlugin.getAccessPolicy(resourceIdentifier, action);
        }

        @Override
        public UserGroupProvider getUserGroupProvider() {
            return userGroupProvider;
        }

        @Override
        public void initialize(AccessPolicyProviderInitializationContext initializationContext) throws AuthorizerCreationException {
        }

        @Override
        public void onConfigured(AuthorizerConfigurationContext configurationContext) throws AuthorizerCreationException {
        }

        @Override
        public void preDestruction() throws AuthorizerDestructionException {
        }
    };
}
 

/**
 * Loads the authorizations file and populates the AuthorizationsHolder, only called during start-up.
 *
 * @throws JAXBException            Unable to reload the authorized users file
 * @throws IOException              Unable to sync file with restore
 * @throws IllegalStateException    Unable to sync file with restore
 */
private synchronized void load() throws JAXBException, IOException, IllegalStateException, SAXException {
    // attempt to unmarshal
    final Authorizations authorizations = unmarshallAuthorizations();
    if (authorizations.getPolicies() == null) {
        authorizations.setPolicies(new Policies());
    }

    final AuthorizationsHolder authorizationsHolder = new AuthorizationsHolder(authorizations);
    final boolean emptyAuthorizations = authorizationsHolder.getAllPolicies().isEmpty();
    final boolean hasInitialAdminIdentity = (initialAdminIdentity != null && !StringUtils.isBlank(initialAdminIdentity));
    final boolean hasLegacyAuthorizedUsers = (legacyAuthorizedUsersFile != null && !StringUtils.isBlank(legacyAuthorizedUsersFile));

    // if we are starting fresh then we might need to populate an initial admin or convert legacy users
    if (emptyAuthorizations) {
        parseFlow();

        if (hasInitialAdminIdentity && hasLegacyAuthorizedUsers) {
            throw new AuthorizerCreationException("Cannot provide an Initial Admin Identity and a Legacy Authorized Users File");
        } else if (hasInitialAdminIdentity) {
            logger.info("Populating authorizations for Initial Admin: " + initialAdminIdentity);
            populateInitialAdmin(authorizations);
        } else if (hasLegacyAuthorizedUsers) {
            logger.info("Converting " + legacyAuthorizedUsersFile + " to new authorizations model");
            convertLegacyAuthorizedUsers(authorizations);
        }

        populateNodes(authorizations);

        // save any changes that were made and repopulate the holder
        saveAndRefreshHolder(authorizations);
    } else {
        this.authorizationsHolder.set(authorizationsHolder);
    }
}
 

@Override
public void initialize(UserGroupProviderInitializationContext initializationContext) throws AuthorizerCreationException {
    try {
        final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
        tenantsSchema = schemaFactory.newSchema(FileAuthorizer.class.getResource(TENANTS_XSD));
        usersSchema = schemaFactory.newSchema(FileAuthorizer.class.getResource(USERS_XSD));
    } catch (Exception e) {
        throw new AuthorizerCreationException(e);
    }
}
 

@Override
public void initialize(AccessPolicyProviderInitializationContext initializationContext) throws AuthorizerCreationException {
    userGroupProviderLookup = initializationContext.getUserGroupProviderLookup();

    try {
        final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
        authorizationsSchema = schemaFactory.newSchema(FileAuthorizer.class.getResource(AUTHORIZATIONS_XSD));
        usersSchema = schemaFactory.newSchema(FileAuthorizer.class.getResource(USERS_XSD));
    } catch (Exception e) {
        throw new AuthorizerCreationException(e);
    }
}
 

@Override
public void initialize(final AuthorizerInitializationContext initializationContext) throws AuthorizerCreationException {
    // initialize the user group provider
    userGroupProvider.initialize(new UserGroupProviderInitializationContext() {
        @Override
        public String getIdentifier() {
            return FILE_USER_GROUP_PROVIDER_ID;
        }

        @Override
        public UserGroupProviderLookup getUserGroupProviderLookup() {
            return (identifier) -> null;
        }
    });

    // initialize the access policy provider
    accessPolicyProvider.initialize(new AccessPolicyProviderInitializationContext() {
        @Override
        public String getIdentifier() {
            return FILE_ACCESS_POLICY_PROVIDER_ID;
        }

        @Override
        public UserGroupProviderLookup getUserGroupProviderLookup() {
            return (identifier) -> {
                if (FILE_USER_GROUP_PROVIDER_ID.equals(identifier)) {
                    return userGroupProvider;
                }

                return null;
            };
        }

        @Override
        public AccessPolicyProviderLookup getAccessPolicyProviderLookup() {
            return (identifier) ->  null;
        }
    });
}
 

private void setTimeout(final AuthorizerConfigurationContext configurationContext,
                        final Map<String, Object> baseEnvironment,
                        final String configurationProperty,
                        final String environmentKey) {

    final PropertyValue rawTimeout = configurationContext.getProperty(configurationProperty);
    if (rawTimeout.isSet()) {
        try {
            final Long timeout = FormatUtils.getTimeDuration(rawTimeout.getValue(), TimeUnit.MILLISECONDS);
            baseEnvironment.put(environmentKey, timeout.toString());
        } catch (final IllegalArgumentException iae) {
            throw new AuthorizerCreationException(String.format("The %s '%s' is not a valid time duration", configurationProperty, rawTimeout));
        }
    }
}
 

@Test(expected = AuthorizerCreationException.class)
public void testOnConfiguredWhenPrimaryAuthorizationsDifferentThanRestore() throws Exception {
    writeFile(primaryAuthorizations, EMPTY_AUTHORIZATIONS);
    writeFile(restoreAuthorizations, EMPTY_AUTHORIZATIONS_CONCISE);
    userGroupProvider.onConfigured(configurationContext);
    accessPolicyProvider.onConfigured(configurationContext);
}