Package org.apache.nifi.authorization

Interface ConfigurableAccessPolicyProvider

All Superinterfaces:

AccessPolicyProvider

public interface ConfigurableAccessPolicyProvider
extends AccessPolicyProvider

Provides support for configuring AccessPolicies. NOTE: Extensions will be called often and frequently. Because of this, if the underlying implementation needs to make remote calls or expensive calculations those should probably be done asynchronously and/or cache the results. Additionally, extensions need to be thread safe.

Method Summary

Modifier and Type	Method	Description
AccessPolicy	addAccessPolicy(AccessPolicy accessPolicy)	Adds the given policy ensuring that multiple policies can not be added for the same resource and action.
void	checkInheritability(String proposedFingerprint)	When the fingerprints are not equal, this method will check if the proposed fingerprint is inheritable.
AccessPolicy	deleteAccessPolicy(AccessPolicy accessPolicy)	Deletes the given policy.
void	forciblyInheritFingerprint(String fingerprint)	Parses the fingerprint and determines whether or not the fingerprint can be inherited in the same manner as inheritFingerprint(String).
String	getFingerprint()	Returns a fingerprint representing the authorizations managed by this authorizer.
void	inheritFingerprint(String fingerprint)	Parses the fingerprint and adds any policies to the current AccessPolicyProvider.
default boolean	isConfigurable(AccessPolicy accessPolicy)	Determines whether the specified access policy is configurable.
AccessPolicy	updateAccessPolicy(AccessPolicy accessPolicy)	The policy represented by the provided instance will be updated based on the provided instance.

Methods inherited from interface org.apache.nifi.authorization.AccessPolicyProvider

getAccessPolicies, getAccessPolicy, getAccessPolicy, getUserGroupProvider, initialize, onConfigured, preDestruction

Method Details

getFingerprint

String getFingerprint()
               throws AuthorizationAccessException

Returns a fingerprint representing the authorizations managed by this authorizer. The fingerprint will be used for comparison to determine if two policy-based authorizers represent a compatible set of policies.

Returns:

the fingerprint for this Authorizer

Throws:

AuthorizationAccessException - if there was an unexpected error performing the operation

inheritFingerprint

void inheritFingerprint(String fingerprint)
                 throws AuthorizationAccessException

Parses the fingerprint and adds any policies to the current AccessPolicyProvider.

Parameters:

fingerprint - the fingerprint that was obtained from calling getFingerprint() on another Authorizer.

Throws:

AuthorizationAccessException - if there was an unexpected error performing the operation

forciblyInheritFingerprint

void forciblyInheritFingerprint(String fingerprint)
                         throws AuthorizationAccessException

Parses the fingerprint and determines whether or not the fingerprint can be inherited in the same manner as inheritFingerprint(String). If so, will inherit as such. Otherwise, a backup of the existing policy provider will be made, if possible, and the policies will be replaced with those in the given fingerprint.

Parameters:

fingerprint - the fingerprint to replace the existing policies with

Throws:

AuthorizationAccessException - if unable to perform the operation

checkInheritability

void checkInheritability(String proposedFingerprint)
                  throws AuthorizationAccessException,
UninheritableAuthorizationsException

When the fingerprints are not equal, this method will check if the proposed fingerprint is inheritable. If the fingerprint is an exact match, this method will not be invoked as there is nothing to inherit.

Throws:

AuthorizationAccessException - if there was an unexpected error performing the operation

UninheritableAuthorizationsException - if the proposed fingerprint was uninheritable

addAccessPolicy

AccessPolicy addAccessPolicy(AccessPolicy accessPolicy)
                      throws AuthorizationAccessException

Adds the given policy ensuring that multiple policies can not be added for the same resource and action.

Parameters:

accessPolicy - the policy to add

Returns:

the policy that was added

Throws:

AuthorizationAccessException - if there was an unexpected error performing the operation

isConfigurable

default boolean isConfigurable(AccessPolicy accessPolicy)

Determines whether the specified access policy is configurable. Provides the opportunity for a ConfigurableAccessPolicyProvider to prevent editing of a specific access policy. By default, all known access policies are configurable.

Parameters:

accessPolicy - the access policy

Returns:

is configurable

updateAccessPolicy

AccessPolicy updateAccessPolicy(AccessPolicy accessPolicy)
                         throws AuthorizationAccessException

The policy represented by the provided instance will be updated based on the provided instance.

Parameters:

accessPolicy - an updated policy

Returns:

the updated policy, or null if no matching policy was found

Throws:

AuthorizationAccessException - if there was an unexpected error performing the operation

deleteAccessPolicy

AccessPolicy deleteAccessPolicy(AccessPolicy accessPolicy)
                         throws AuthorizationAccessException

Deletes the given policy.

Parameters:

accessPolicy - the policy to delete

Returns:

the deleted policy, or null if no matching policy was found

Throws:

AuthorizationAccessException - if there was an unexpected error performing the operation