Package org.apache.nifi.authorization
Interface ConfigurableUserGroupProvider
- All Superinterfaces:
UserGroupProvider
Provides support for configuring Users and Groups.
NOTE: Extensions will be called often and frequently. Because of this, if the underlying implementation needs to
make remote calls or expensive calculations those should probably be done asynchronously and/or cache the results.
Additionally, extensions need to be thread safe.
-
Method Summary
Modifier and TypeMethodDescriptionAdds a new group.Adds the given user.void
checkInheritability
(String proposedFingerprint) When the fingerprints are not equal, this method will check if the proposed fingerprint is inheritable.deleteGroup
(Group group) Deletes the given group.deleteUser
(User user) Deletes the given user.void
forciblyInheritFingerprint
(String fingerprint) Parses the fingerprint and determines whether or not the fingerprint can be inherited in the same manner asinheritFingerprint(String)
.Returns a fingerprint representing the authorizations managed by this authorizer.void
inheritFingerprint
(String fingerprint) Parses the fingerprint and adds any users and groups to the current Authorizer.default boolean
isConfigurable
(Group group) Determines whether the specified group is configurable.default boolean
isConfigurable
(User user) Determines whether the specified user is configurable.updateGroup
(Group group) The group represented by the provided instance will be updated based on the provided instance.updateUser
(User user) The user represented by the provided instance will be updated based on the provided instance.Methods inherited from interface org.apache.nifi.authorization.UserGroupProvider
getGroup, getGroupByName, getGroups, getUser, getUserAndGroups, getUserByIdentity, getUsers, initialize, onConfigured, preDestruction
-
Method Details
-
getFingerprint
Returns a fingerprint representing the authorizations managed by this authorizer. The fingerprint will be used for comparison to determine if two policy-based authorizers represent a compatible set of users and/or groups.- Returns:
- the fingerprint for this Authorizer
- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operation
-
inheritFingerprint
Parses the fingerprint and adds any users and groups to the current Authorizer.- Parameters:
fingerprint
- the fingerprint that was obtained from calling getFingerprint() on another Authorizer.- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operation
-
forciblyInheritFingerprint
Parses the fingerprint and determines whether or not the fingerprint can be inherited in the same manner asinheritFingerprint(String)
. If so, will inherit as such. Otherwise, a backup of the existing user group provider will be made, if possible, and the policies will be replaced with those in the given fingerprint.- Parameters:
fingerprint
- the fingerprint to replace the existing policies with- Throws:
AuthorizationAccessException
- if unable to perform the operation
-
checkInheritability
void checkInheritability(String proposedFingerprint) throws AuthorizationAccessException, UninheritableAuthorizationsException When the fingerprints are not equal, this method will check if the proposed fingerprint is inheritable. If the fingerprint is an exact match, this method will not be invoked as there is nothing to inherit.- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operationUninheritableAuthorizationsException
- if the proposed fingerprint was uninheritable
-
addUser
Adds the given user.- Parameters:
user
- the user to add- Returns:
- the user that was added
- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operationIllegalStateException
- if there is already a user with the same identity
-
isConfigurable
Determines whether the specified user is configurable. Provides the opportunity for a ConfigurableUserGroupProvider to prevent editing of a specific user. By default, all known users are configurable.- Parameters:
user
- the user- Returns:
- is configurable
-
updateUser
The user represented by the provided instance will be updated based on the provided instance.- Parameters:
user
- an updated user instance- Returns:
- the updated user instance, or null if no matching user was found
- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operationIllegalStateException
- if there is already a user with the same identity
-
deleteUser
Deletes the given user.- Parameters:
user
- the user to delete- Returns:
- the user that was deleted, or null if no matching user was found
- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operation
-
addGroup
Adds a new group.- Parameters:
group
- the Group to add- Returns:
- the added Group
- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operationIllegalStateException
- if a group with the same name already exists
-
isConfigurable
Determines whether the specified group is configurable. Provides the opportunity for a ConfigurableUserGroupProvider to prevent editing of a specific group. By default, all known groups are configurable.- Parameters:
group
- the group- Returns:
- is configurable
-
updateGroup
The group represented by the provided instance will be updated based on the provided instance.- Parameters:
group
- an updated group instance- Returns:
- the updated group instance, or null if no matching group was found
- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operationIllegalStateException
- if there is already a group with the same name
-
deleteGroup
Deletes the given group.- Parameters:
group
- the group to delete- Returns:
- the deleted group, or null if no matching group was found
- Throws:
AuthorizationAccessException
- if there was an unexpected error performing the operation
-