Package org.apache.nifi.authorization

Interface ConfigurableUserGroupProvider

All Superinterfaces:
UserGroupProvider
public interface ConfigurableUserGroupProvider extends UserGroupProvider
Provides support for configuring Users and Groups. NOTE: Extensions will be called often and frequently. Because of this, if the underlying implementation needs to make remote calls or expensive calculations those should probably be done asynchronously and/or cache the results. Additionally, extensions need to be thread safe.

  • Method Details

    • getFingerprint

      String getFingerprint() throws AuthorizationAccessException
      Returns a fingerprint representing the authorizations managed by this authorizer. The fingerprint will be used for comparison to determine if two policy-based authorizers represent a compatible set of users and/or groups.
      Returns:
      the fingerprint for this Authorizer
      Throws:
      AuthorizationAccessException - if there was an unexpected error performing the operation

    • inheritFingerprint

      void inheritFingerprint(String fingerprint) throws AuthorizationAccessException
      Parses the fingerprint and adds any users and groups to the current Authorizer.
      Parameters:
      fingerprint - the fingerprint that was obtained from calling getFingerprint() on another Authorizer.
      Throws:
      AuthorizationAccessException - if there was an unexpected error performing the operation

    • forciblyInheritFingerprint

      void forciblyInheritFingerprint(String fingerprint) throws AuthorizationAccessException
      Parses the fingerprint and determines whether or not the fingerprint can be inherited in the same manner as inheritFingerprint(String). If so, will inherit as such. Otherwise, a backup of the existing user group provider will be made, if possible, and the policies will be replaced with those in the given fingerprint.
      Parameters:
      fingerprint - the fingerprint to replace the existing policies with
      Throws:
      AuthorizationAccessException - if unable to perform the operation

    • checkInheritability

      void checkInheritability(String proposedFingerprint) throws AuthorizationAccessException, UninheritableAuthorizationsException
      When the fingerprints are not equal, this method will check if the proposed fingerprint is inheritable. If the fingerprint is an exact match, this method will not be invoked as there is nothing to inherit.
      Throws:
      AuthorizationAccessException - if there was an unexpected error performing the operation
      UninheritableAuthorizationsException - if the proposed fingerprint was uninheritable

    • addUser

      User addUser(User user) throws AuthorizationAccessException
      Adds the given user.
      Parameters:
      user - the user to add
      Returns:
      the user that was added
      Throws:
      AuthorizationAccessException - if there was an unexpected error performing the operation
      IllegalStateException - if there is already a user with the same identity

    • isConfigurable

      default boolean isConfigurable(User user)
      Determines whether the specified user is configurable. Provides the opportunity for a ConfigurableUserGroupProvider to prevent editing of a specific user. By default, all known users are configurable.
      Parameters:
      user - the user
      Returns:
      is configurable

    • updateUser

      User updateUser(User user) throws AuthorizationAccessException
      The user represented by the provided instance will be updated based on the provided instance.
      Parameters:
      user - an updated user instance
      Returns:
      the updated user instance, or null if no matching user was found
      Throws:
      AuthorizationAccessException - if there was an unexpected error performing the operation
      IllegalStateException - if there is already a user with the same identity

    • deleteUser

      User deleteUser(User user) throws AuthorizationAccessException
      Deletes the given user.
      Parameters:
      user - the user to delete
      Returns:
      the user that was deleted, or null if no matching user was found
      Throws:
      AuthorizationAccessException - if there was an unexpected error performing the operation

    • addGroup

      Group addGroup(Group group) throws AuthorizationAccessException
      Adds a new group.
      Parameters:
      group - the Group to add
      Returns:
      the added Group
      Throws:
      AuthorizationAccessException - if there was an unexpected error performing the operation
      IllegalStateException - if a group with the same name already exists

    • isConfigurable

      default boolean isConfigurable(Group group)
      Determines whether the specified group is configurable. Provides the opportunity for a ConfigurableUserGroupProvider to prevent editing of a specific group. By default, all known groups are configurable.
      Parameters:
      group - the group
      Returns:
      is configurable

    • updateGroup

      Group updateGroup(Group group) throws AuthorizationAccessException
      The group represented by the provided instance will be updated based on the provided instance.
      Parameters:
      group - an updated group instance
      Returns:
      the updated group instance, or null if no matching group was found
      Throws:
      AuthorizationAccessException - if there was an unexpected error performing the operation
      IllegalStateException - if there is already a group with the same name

    • deleteGroup

      Group deleteGroup(Group group) throws AuthorizationAccessException
      Deletes the given group.
      Parameters:
      group - the group to delete
      Returns:
      the deleted group, or null if no matching group was found
      Throws:
      AuthorizationAccessException - if there was an unexpected error performing the operation