org.apache.nifi.audit.UserGroupAuditor.java Source code

Java tutorial

Introduction

Here is the source code for org.apache.nifi.audit.UserGroupAuditor.java

Source

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.nifi.audit;

import org.apache.commons.lang3.StringUtils;
import org.apache.nifi.action.Action;
import org.apache.nifi.action.Component;
import org.apache.nifi.action.FlowChangeAction;
import org.apache.nifi.action.Operation;
import org.apache.nifi.action.details.ActionDetails;
import org.apache.nifi.action.details.FlowChangeConfigureDetails;
import org.apache.nifi.authorization.Group;
import org.apache.nifi.authorization.user.NiFiUser;
import org.apache.nifi.authorization.user.NiFiUserUtils;
import org.apache.nifi.web.api.dto.UserGroupDTO;
import org.apache.nifi.web.dao.UserGroupDAO;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.text.Collator;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Locale;
import java.util.Map;

/**
 * Audits user creation/removal and configuration changes.
 */
@Aspect
public class UserGroupAuditor extends NiFiAuditor {

    private static final Logger logger = LoggerFactory.getLogger(UserGroupAuditor.class);

    private static final String NAME = "Name";
    private static final String USERS = "Users";

    /**
     * Audits the creation of policies via createUser().
     *
     * This method only needs to be run 'after returning'. However, in Java 7 the order in which these methods are returned from Class.getDeclaredMethods (even though there is no order guaranteed)
     * seems to differ from Java 6. SpringAOP depends on this ordering to determine advice precedence. By normalizing all advice into Around advice we can alleviate this issue.
     *
     * @param proceedingJoinPoint join point
     * @return node
     * @throws Throwable ex
     */
    @Around("within(org.apache.nifi.web.dao.UserGroupDAO+) && "
            + "execution(org.apache.nifi.authorization.Group createUserGroup(org.apache.nifi.web.api.dto.UserGroupDTO))")
    public Group createUserGroupAdvice(ProceedingJoinPoint proceedingJoinPoint) throws Throwable {
        // create the access user group
        Group userGroup = (Group) proceedingJoinPoint.proceed();

        // if no exceptions were thrown, add the user action...
        final Action action = generateAuditRecord(userGroup, Operation.Add);

        // save the actions
        if (action != null) {
            saveAction(action, logger);
        }

        return userGroup;
    }

    /**
     * Audits the configuration of a single user.
     *
     * @param proceedingJoinPoint join point
     * @param userGroupDTO dto
     * @param userGroupDAO dao
     * @return node
     * @throws Throwable ex
     */
    @Around("within(org.apache.nifi.web.dao.UserGroupDAO+) && "
            + "execution(org.apache.nifi.authorization.Group updateUserGroup(org.apache.nifi.web.api.dto.UserGroupDTO)) && "
            + "args(userGroupDTO) && " + "target(userGroupDAO)")
    public Group updateUserAdvice(ProceedingJoinPoint proceedingJoinPoint, UserGroupDTO userGroupDTO,
            UserGroupDAO userGroupDAO) throws Throwable {
        // determine the initial values for each property/setting that's changing
        Group user = userGroupDAO.getUserGroup(userGroupDTO.getId());
        final Map<String, String> values = extractConfiguredPropertyValues(user, userGroupDTO);

        // update the user state
        final Group updatedUserGroup = (Group) proceedingJoinPoint.proceed();

        // if no exceptions were thrown, add the user group action...
        user = userGroupDAO.getUserGroup(updatedUserGroup.getIdentifier());

        // get the current user
        NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();

        // ensure the user was found
        if (niFiUser != null) {
            // determine the updated values
            Map<String, String> updatedValues = extractConfiguredPropertyValues(user, userGroupDTO);

            // create a user action
            Date actionTimestamp = new Date();
            Collection<Action> actions = new ArrayList<>();

            // go through each updated value
            for (String property : updatedValues.keySet()) {
                String newValue = updatedValues.get(property);
                String oldValue = values.get(property);
                Operation operation = null;

                // determine the type of operation
                if (oldValue == null || newValue == null || !newValue.equals(oldValue)) {
                    operation = Operation.Configure;
                }

                // create a configuration action accordingly
                if (operation != null) {
                    final FlowChangeConfigureDetails actionDetails = new FlowChangeConfigureDetails();
                    actionDetails.setName(property);
                    actionDetails.setValue(newValue);
                    actionDetails.setPreviousValue(oldValue);

                    // create a configuration action
                    FlowChangeAction configurationAction = new FlowChangeAction();
                    configurationAction.setUserIdentity(niFiUser.getIdentity());
                    configurationAction.setOperation(operation);
                    configurationAction.setTimestamp(actionTimestamp);
                    configurationAction.setSourceId(user.getIdentifier());
                    configurationAction.setSourceName(user.getName());
                    configurationAction.setSourceType(Component.UserGroup);
                    configurationAction.setActionDetails(actionDetails);
                    actions.add(configurationAction);
                }
            }

            // ensure there are actions to record
            if (!actions.isEmpty()) {
                // save the actions
                saveActions(actions, logger);
            }
        }

        return updatedUserGroup;
    }

    /**
     * Audits the removal of a user via deleteUser().
     *
     * @param proceedingJoinPoint join point
     * @param userGroupId user id
     * @param userGroupDAO dao
     * @throws Throwable ex
     */
    @Around("within(org.apache.nifi.web.dao.UserGroupDAO+) && "
            + "execution(org.apache.nifi.authorization.Group deleteUserGroup(java.lang.String)) && "
            + "args(userGroupId) && " + "target(userGroupDAO)")
    public Group removeUserAdvice(ProceedingJoinPoint proceedingJoinPoint, String userGroupId,
            UserGroupDAO userGroupDAO) throws Throwable {
        // get the user group before removing it
        Group userGroup = userGroupDAO.getUserGroup(userGroupId);

        // remove the user group
        final Group removedUserGroup = (Group) proceedingJoinPoint.proceed();

        // if no exceptions were thrown, add removal actions...
        // audit the user removal
        final Action action = generateAuditRecord(userGroup, Operation.Remove);

        // save the actions
        if (action != null) {
            saveAction(action, logger);
        }

        return removedUserGroup;
    }

    /**
     * Generates an audit record for the creation of a user group.
     *
     * @param userGroup userGroup
     * @param operation operation
     * @return action
     */
    public Action generateAuditRecord(Group userGroup, Operation operation) {
        return generateAuditRecord(userGroup, operation, null);
    }

    /**
     * Generates an audit record for the creation of a user group.
     *
     * @param userGroup userGroup
     * @param operation operation
     * @param actionDetails details
     * @return action
     */
    public Action generateAuditRecord(Group userGroup, Operation operation, ActionDetails actionDetails) {
        FlowChangeAction action = null;

        // get the current user
        NiFiUser niFiUser = NiFiUserUtils.getNiFiUser();

        // ensure the user was found
        if (niFiUser != null) {
            // create the user action for adding this user
            action = new FlowChangeAction();
            action.setUserIdentity(niFiUser.getIdentity());
            action.setOperation(operation);
            action.setTimestamp(new Date());
            action.setSourceId(userGroup.getIdentifier());
            action.setSourceName(userGroup.getName());
            action.setSourceType(Component.UserGroup);

            if (actionDetails != null) {
                action.setActionDetails(actionDetails);
            }
        }

        return action;
    }

    /**
     * Extracts the values for the configured properties from the specified user group.
     */
    private Map<String, String> extractConfiguredPropertyValues(Group group, UserGroupDTO userGroupDTO) {
        Map<String, String> values = new HashMap<>();

        if (userGroupDTO.getIdentity() != null) {
            values.put(NAME, group.getName());
        }
        if (userGroupDTO.getUsers() != null) {
            // get each of the auto terminated relationship names
            final List<String> currentUsers = new ArrayList<>(group.getUsers());

            // sort them and include in the configuration
            Collections.sort(currentUsers, Collator.getInstance(Locale.US));
            values.put(USERS, StringUtils.join(currentUsers, ", "));
        }

        return values;
    }

}