Package org.apache.nifi.authorization

Class AuthorizationRequest

java.lang.Object
org.apache.nifi.authorization.AuthorizationRequest
public class AuthorizationRequest extends Object
Represents an authorization request for a given user/entity performing an action against a resource within some userContext.

  • Field Details

    • DEFAULT_EXPLANATION

      public static final String DEFAULT_EXPLANATION
      See Also:

    • resource

      private final Resource resource

    • requestedResource

      private final Resource requestedResource

    • identity

      private final String identity

    • groups

      private final Set<String> groups

    • action

      private final RequestAction action

    • isAccessAttempt

      private final boolean isAccessAttempt

    • isAnonymous

      private final boolean isAnonymous

    • userContext

      private final Map<String,String> userContext

    • resourceContext

      private final Map<String,String> resourceContext

    • explanationSupplier

      private final Supplier<String> explanationSupplier

  • Constructor Details

  • Method Details

    • getResource

      public Resource getResource()
      The Resource being authorized. Not null.
      Returns:
      The resource

    • getRequestedResource

      public Resource getRequestedResource()
      The original Resource being requested. In cases with inherited policies, this will be a ancestor resource of of the current resource. The initial request, and cases without inheritance, the requested resource will be the same as the current resource.
      Returns:
      The requested resource

    • getIdentity

      public String getIdentity()
      The identity accessing the Resource. May be null if the user could not authenticate.
      Returns:
      The identity

    • getGroups

      public Set<String> getGroups()
      The groups the user making this request belongs to. May be null if this NiFi is not configured to load user groups or empty if the user has no groups
      Returns:
      The groups

    • isAccessAttempt

      public boolean isAccessAttempt()
      Whether this is a direct access attempt of the Resource if if it's being checked as part of another response.
      Returns:
      if this is a direct access attempt

    • isAnonymous

      public boolean isAnonymous()
      Whether the entity accessing is anonymous.
      Returns:
      whether the entity is anonymous

    • getAction

      public RequestAction getAction()
      The action being taken against the Resource. Not null.
      Returns:
      The action

    • getUserContext

      public Map<String,String> getUserContext()
      The userContext of the user request to make additional access decisions. May be null.
      Returns:
      The userContext of the user request

    • getResourceContext

      public Map<String,String> getResourceContext()
      The event attributes to make additional access decisions for provenance events. May be null.
      Returns:
      The event attributes

    • getExplanationSupplier

      public Supplier<String> getExplanationSupplier()
      A supplier for the explanation if access is denied. Non null.
      Returns:
      The explanation supplier if access is denied