Package org.apache.nifi.authorization
Interface ConfigurableAccessPolicyProvider
- All Superinterfaces:
AccessPolicyProvider
Provides support for configuring AccessPolicies.
NOTE: Extensions will be called often and frequently. Because of this, if the underlying implementation needs to
make remote calls or expensive calculations those should probably be done asynchronously and/or cache the results.
Additionally, extensions need to be thread safe.
-
Method Summary
Modifier and TypeMethodDescriptionaddAccessPolicy
(AccessPolicy accessPolicy) Adds the given policy ensuring that multiple policies can not be added for the same resource and action.void
checkInheritability
(String proposedFingerprint) When the fingerprints are not equal, this method will check if the proposed fingerprint is inheritable.deleteAccessPolicy
(AccessPolicy accessPolicy) Deletes the given policy.void
forciblyInheritFingerprint
(String fingerprint) Parses the fingerprint and determines whether or not the fingerprint can be inherited in the same manner asinheritFingerprint(String)
.Returns a fingerprint representing the authorizations managed by this authorizer.void
inheritFingerprint
(String fingerprint) Parses the fingerprint and adds any policies to the current AccessPolicyProvider.default boolean
isConfigurable
(AccessPolicy accessPolicy) Determines whether the specified access policy is configurable.updateAccessPolicy
(AccessPolicy accessPolicy) The policy represented by the provided instance will be updated based on the provided instance.Methods inherited from interface org.apache.nifi.authorization.AccessPolicyProvider
getAccessPolicies, getAccessPolicy, getAccessPolicy, getUserGroupProvider, initialize, onConfigured, preDestruction
-
Method Details
-
getFingerprint
Returns a fingerprint representing the authorizations managed by this authorizer. The fingerprint will be used for comparison to determine if two policy-based authorizers represent a compatible set of policies.- Returns:
- the fingerprint for this Authorizer
- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operation
-
inheritFingerprint
Parses the fingerprint and adds any policies to the current AccessPolicyProvider.- Parameters:
fingerprint
- the fingerprint that was obtained from calling getFingerprint() on another Authorizer.- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operation
-
forciblyInheritFingerprint
Parses the fingerprint and determines whether or not the fingerprint can be inherited in the same manner asinheritFingerprint(String)
. If so, will inherit as such. Otherwise, a backup of the existing policy provider will be made, if possible, and the policies will be replaced with those in the given fingerprint.- Parameters:
fingerprint
- the fingerprint to replace the existing policies with- Throws:
AuthorizationAccessException
- if unable to perform the operation
-
checkInheritability
void checkInheritability(String proposedFingerprint) throws AuthorizationAccessException, UninheritableAuthorizationsException When the fingerprints are not equal, this method will check if the proposed fingerprint is inheritable. If the fingerprint is an exact match, this method will not be invoked as there is nothing to inherit.- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operationUninheritableAuthorizationsException
- if the proposed fingerprint was uninheritable
-
addAccessPolicy
Adds the given policy ensuring that multiple policies can not be added for the same resource and action.- Parameters:
accessPolicy
- the policy to add- Returns:
- the policy that was added
- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operation
-
isConfigurable
Determines whether the specified access policy is configurable. Provides the opportunity for a ConfigurableAccessPolicyProvider to prevent editing of a specific access policy. By default, all known access policies are configurable.- Parameters:
accessPolicy
- the access policy- Returns:
- is configurable
-
updateAccessPolicy
The policy represented by the provided instance will be updated based on the provided instance.- Parameters:
accessPolicy
- an updated policy- Returns:
- the updated policy, or null if no matching policy was found
- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operation
-
deleteAccessPolicy
Deletes the given policy.- Parameters:
accessPolicy
- the policy to delete- Returns:
- the deleted policy, or null if no matching policy was found
- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operation
-