nifi-registry-core/nifi-registry-framework/src/main/java/org/apache/nifi/registry/security/authorization/file/AuthorizationsHolder.java - nifi-registry - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.nifi.registry.security.authorization.file;


 import org.apache.nifi.registry.security.authorization.file.generated.Authorizations;
 import org.apache.nifi.registry.security.authorization.file.generated.Policies;
 import org.apache.nifi.registry.security.authorization.AccessPolicy;
 import org.apache.nifi.registry.security.authorization.RequestAction;

 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;

 /**
  * A holder to provide atomic access to data structures.
  */
 public class AuthorizationsHolder {

     private final Authorizations authorizations;

     private final Set<AccessPolicy> allPolicies;
     private final Map<String, Set<AccessPolicy>> policiesByResource;
     private final Map<String, AccessPolicy> policiesById;

     /**
      * Creates a new holder and populates all convenience authorizations data structures.
      *
      * @param authorizations the current authorizations instance
      */
     public AuthorizationsHolder(final Authorizations authorizations) {
         this.authorizations = authorizations;

         // load all access policies
         final Policies policies = authorizations.getPolicies();
         final Set<AccessPolicy> allPolicies = Collections.unmodifiableSet(createAccessPolicies(policies));

         // create a convenience map from resource id to policies
         final Map<String, Set<AccessPolicy>> policiesByResourceMap = Collections.unmodifiableMap(createResourcePolicyMap(allPolicies));

         // create a convenience map from policy id to policy
         final Map<String, AccessPolicy> policiesByIdMap = Collections.unmodifiableMap(createPoliciesByIdMap(allPolicies));

         // set all the holders
         this.allPolicies = allPolicies;
         this.policiesByResource = policiesByResourceMap;
         this.policiesById = policiesByIdMap;
     }

     /**
      * Creates AccessPolicies from the JAXB Policies.
      *
      * @param policies the JAXB Policies element
      * @return a set of AccessPolicies corresponding to the provided Resources
      */
     private Set<AccessPolicy> createAccessPolicies(org.apache.nifi.registry.security.authorization.file.generated.Policies policies) {
         Set<AccessPolicy> allPolicies = new HashSet<>();
         if (policies == null || policies.getPolicy() == null) {
             return allPolicies;
         }

         // load the new authorizations
         for (final org.apache.nifi.registry.security.authorization.file.generated.Policy policy : policies.getPolicy()) {
             final String policyIdentifier = policy.getIdentifier();
             final String resourceIdentifier = policy.getResource();

             // start a new builder and set the policy and resource identifiers
             final AccessPolicy.Builder builder = new AccessPolicy.Builder()
                     .identifier(policyIdentifier)
                     .resource(resourceIdentifier);

             // add each user identifier
             for (org.apache.nifi.registry.security.authorization.file.generated.Policy.User user : policy.getUser()) {
                 builder.addUser(user.getIdentifier());
             }

             // add each group identifier
             for (org.apache.nifi.registry.security.authorization.file.generated.Policy.Group group : policy.getGroup()) {
                 builder.addGroup(group.getIdentifier());
             }

             // add the appropriate request actions
             final String authorizationCode = policy.getAction();
             if (authorizationCode.equals(FileAccessPolicyProvider.READ_CODE)) {
                 builder.action(RequestAction.READ);
             } else if (authorizationCode.equals(FileAccessPolicyProvider.WRITE_CODE)){
                 builder.action(RequestAction.WRITE);
             } else if (authorizationCode.equals(FileAccessPolicyProvider.DELETE_CODE)){
                 builder.action(RequestAction.DELETE);
             } else {
                 throw new IllegalStateException("Unknown Policy Action: " + authorizationCode);
             }

             // build the policy and add it to the map
             allPolicies.add(builder.build());
         }

         return allPolicies;
     }

     /**
      * Creates a map from resource identifier to the set of policies for the given resource.
      *
      * @param allPolicies the set of all policies
      * @return a map from resource identifier to policies
      */
     private Map<String, Set<AccessPolicy>> createResourcePolicyMap(final Set<AccessPolicy> allPolicies) {
         Map<String, Set<AccessPolicy>> resourcePolicies = new HashMap<>();

         for (AccessPolicy policy : allPolicies) {
             Set<AccessPolicy> policies = resourcePolicies.get(policy.getResource());
             if (policies == null) {
                 policies = new HashSet<>();
                 resourcePolicies.put(policy.getResource(), policies);
             }
             policies.add(policy);
         }

         return resourcePolicies;
     }

     /**
      * Creates a Map from policy identifier to AccessPolicy.
      *
      * @param policies the set of all access policies
      * @return the Map from policy identifier to AccessPolicy
      */
     private Map<String, AccessPolicy> createPoliciesByIdMap(final Set<AccessPolicy> policies) {
         Map<String,AccessPolicy> policyMap = new HashMap<>();
         for (AccessPolicy policy : policies) {
             policyMap.put(policy.getIdentifier(), policy);
         }
         return policyMap;
     }

     public Authorizations getAuthorizations() {
         return authorizations;
     }

     public Set<AccessPolicy> getAllPolicies() {
         return allPolicies;
     }

     public Map<String, Set<AccessPolicy>> getPoliciesByResource() {
         return policiesByResource;
     }

     public Map<String, AccessPolicy> getPoliciesById() {
         return policiesById;
     }

     public AccessPolicy getAccessPolicy(final String resourceIdentifier, final RequestAction action) {
         if (resourceIdentifier == null) {
             throw new IllegalArgumentException("Resource Identifier cannot be null");
         }

         final Set<AccessPolicy> resourcePolicies = policiesByResource.get(resourceIdentifier);
         if (resourcePolicies == null) {
             return null;
         }

         for (AccessPolicy accessPolicy : resourcePolicies) {
             if (accessPolicy.getAction() == action) {
                 return accessPolicy;
             }
         }

         return null;
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.nifi.registry.security.authorization.file;


	import org.apache.nifi.registry.security.authorization.file.generated.Authorizations;
	import org.apache.nifi.registry.security.authorization.file.generated.Policies;
	import org.apache.nifi.registry.security.authorization.AccessPolicy;
	import org.apache.nifi.registry.security.authorization.RequestAction;

	import java.util.Collections;
	import java.util.HashMap;
	import java.util.HashSet;
	import java.util.Map;
	import java.util.Set;

	/**
	* A holder to provide atomic access to data structures.
	*/
	public class AuthorizationsHolder {

	private final Authorizations authorizations;

	private final Set<AccessPolicy> allPolicies;
	private final Map<String, Set<AccessPolicy>> policiesByResource;
	private final Map<String, AccessPolicy> policiesById;

	/**
	* Creates a new holder and populates all convenience authorizations data structures.
	*
	* @param authorizations the current authorizations instance
	*/
	public AuthorizationsHolder(final Authorizations authorizations) {
	this.authorizations = authorizations;

	// load all access policies
	final Policies policies = authorizations.getPolicies();
	final Set<AccessPolicy> allPolicies = Collections.unmodifiableSet(createAccessPolicies(policies));

	// create a convenience map from resource id to policies
	final Map<String, Set<AccessPolicy>> policiesByResourceMap = Collections.unmodifiableMap(createResourcePolicyMap(allPolicies));

	// create a convenience map from policy id to policy
	final Map<String, AccessPolicy> policiesByIdMap = Collections.unmodifiableMap(createPoliciesByIdMap(allPolicies));

	// set all the holders
	this.allPolicies = allPolicies;
	this.policiesByResource = policiesByResourceMap;
	this.policiesById = policiesByIdMap;
	}

	/**
	* Creates AccessPolicies from the JAXB Policies.
	*
	* @param policies the JAXB Policies element
	* @return a set of AccessPolicies corresponding to the provided Resources
	*/
	private Set<AccessPolicy> createAccessPolicies(org.apache.nifi.registry.security.authorization.file.generated.Policies policies) {
	Set<AccessPolicy> allPolicies = new HashSet<>();
	if (policies == null \|\| policies.getPolicy() == null) {
	return allPolicies;
	}

	// load the new authorizations
	for (final org.apache.nifi.registry.security.authorization.file.generated.Policy policy : policies.getPolicy()) {
	final String policyIdentifier = policy.getIdentifier();
	final String resourceIdentifier = policy.getResource();

	// start a new builder and set the policy and resource identifiers
	final AccessPolicy.Builder builder = new AccessPolicy.Builder()
	.identifier(policyIdentifier)
	.resource(resourceIdentifier);

	// add each user identifier
	for (org.apache.nifi.registry.security.authorization.file.generated.Policy.User user : policy.getUser()) {
	builder.addUser(user.getIdentifier());
	}

	// add each group identifier
	for (org.apache.nifi.registry.security.authorization.file.generated.Policy.Group group : policy.getGroup()) {
	builder.addGroup(group.getIdentifier());
	}

	// add the appropriate request actions
	final String authorizationCode = policy.getAction();
	if (authorizationCode.equals(FileAccessPolicyProvider.READ_CODE)) {
	builder.action(RequestAction.READ);
	} else if (authorizationCode.equals(FileAccessPolicyProvider.WRITE_CODE)){
	builder.action(RequestAction.WRITE);
	} else if (authorizationCode.equals(FileAccessPolicyProvider.DELETE_CODE)){
	builder.action(RequestAction.DELETE);
	} else {
	throw new IllegalStateException("Unknown Policy Action: " + authorizationCode);
	}

	// build the policy and add it to the map
	allPolicies.add(builder.build());
	}

	return allPolicies;
	}

	/**
	* Creates a map from resource identifier to the set of policies for the given resource.
	*
	* @param allPolicies the set of all policies
	* @return a map from resource identifier to policies
	*/
	private Map<String, Set<AccessPolicy>> createResourcePolicyMap(final Set<AccessPolicy> allPolicies) {
	Map<String, Set<AccessPolicy>> resourcePolicies = new HashMap<>();

	for (AccessPolicy policy : allPolicies) {
	Set<AccessPolicy> policies = resourcePolicies.get(policy.getResource());
	if (policies == null) {
	policies = new HashSet<>();
	resourcePolicies.put(policy.getResource(), policies);
	}
	policies.add(policy);
	}

	return resourcePolicies;
	}

	/**
	* Creates a Map from policy identifier to AccessPolicy.
	*
	* @param policies the set of all access policies
	* @return the Map from policy identifier to AccessPolicy
	*/
	private Map<String, AccessPolicy> createPoliciesByIdMap(final Set<AccessPolicy> policies) {
	Map<String,AccessPolicy> policyMap = new HashMap<>();
	for (AccessPolicy policy : policies) {
	policyMap.put(policy.getIdentifier(), policy);
	}
	return policyMap;
	}

	public Authorizations getAuthorizations() {
	return authorizations;
	}

	public Set<AccessPolicy> getAllPolicies() {
	return allPolicies;
	}

	public Map<String, Set<AccessPolicy>> getPoliciesByResource() {
	return policiesByResource;
	}

	public Map<String, AccessPolicy> getPoliciesById() {
	return policiesById;
	}

	public AccessPolicy getAccessPolicy(final String resourceIdentifier, final RequestAction action) {
	if (resourceIdentifier == null) {
	throw new IllegalArgumentException("Resource Identifier cannot be null");
	}

	final Set<AccessPolicy> resourcePolicies = policiesByResource.get(resourceIdentifier);
	if (resourcePolicies == null) {
	return null;
	}

	for (AccessPolicy accessPolicy : resourcePolicies) {
	if (accessPolicy.getAction() == action) {
	return accessPolicy;
	}
	}

	return null;
	}

	}