/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.integration.accesscontrol;
import com.sun.jersey.api.client.ClientResponse;
import org.apache.nifi.bundle.Bundle;
import org.apache.nifi.integration.NiFiWebApiTest;
import org.apache.nifi.integration.util.NiFiTestAuthorizer;
import org.apache.nifi.integration.util.NiFiTestServer;
import org.apache.nifi.integration.util.NiFiTestUser;
import org.apache.nifi.nar.ExtensionManager;
import org.apache.nifi.nar.NarClassLoaders;
import org.apache.nifi.nar.SystemBundle;
import org.apache.nifi.util.NiFiProperties;
import java.io.File;
import static org.junit.Assert.assertEquals;
/**
* Access control test for the dfm user.
*/
public class AccessControlHelper {
public static final String NONE_CLIENT_ID = "client-id";
public static final String READ_CLIENT_ID = "r-client-id";
public static final String WRITE_CLIENT_ID = "w-client-id";
public static final String READ_WRITE_CLIENT_ID = "rw-client-id";
private NiFiTestUser readUser;
private NiFiTestUser writeUser;
private NiFiTestUser readWriteUser;
private NiFiTestUser noneUser;
private NiFiTestUser privilegedUser;
private static final String CONTEXT_PATH = "/nifi-api";
private NiFiTestServer server;
private String baseUrl;
private String flowXmlPath;
public AccessControlHelper() throws Exception {
this("src/test/resources/access-control/nifi.properties");
}
public AccessControlHelper(final String nifiPropertiesPath) throws Exception {
// configure the location of the nifi properties
File nifiPropertiesFile = new File(nifiPropertiesPath);
System.setProperty(NiFiProperties.PROPERTIES_FILE_PATH, nifiPropertiesFile.getAbsolutePath());
NiFiProperties props = NiFiProperties.createBasicNiFiProperties(null, null);
flowXmlPath = props.getProperty(NiFiProperties.FLOW_CONFIGURATION_FILE);
// load extensions
final Bundle systemBundle = SystemBundle.create(props);
NarClassLoaders.getInstance().init(props.getFrameworkWorkingDirectory(), props.getExtensionsWorkingDirectory());
ExtensionManager.discoverExtensions(systemBundle, NarClassLoaders.getInstance().getBundles());
// start the server
server = new NiFiTestServer("src/main/webapp", CONTEXT_PATH, props);
server.startServer();
server.loadFlow();
// get the base url
baseUrl = server.getBaseUrl() + CONTEXT_PATH;
// create the users - user purposefully decoupled from clientId (same user different browsers tabs)
readUser = new NiFiTestUser(server.getClient(), NiFiTestAuthorizer.READ_USER_DN);
writeUser = new NiFiTestUser(server.getClient(), NiFiTestAuthorizer.WRITE_USER_DN);
readWriteUser = new NiFiTestUser(server.getClient(), NiFiTestAuthorizer.READ_WRITE_USER_DN);
noneUser = new NiFiTestUser(server.getClient(), NiFiTestAuthorizer.NONE_USER_DN);
privilegedUser = new NiFiTestUser(server.getClient(), NiFiTestAuthorizer.PRIVILEGED_USER_DN);
// populate the initial data flow
NiFiWebApiTest.populateFlow(server.getClient(), baseUrl, readWriteUser, READ_WRITE_CLIENT_ID);
}
public NiFiTestUser getReadUser() {
return readUser;
}
public NiFiTestUser getWriteUser() {
return writeUser;
}
public NiFiTestUser getReadWriteUser() {
return readWriteUser;
}
public NiFiTestUser getNoneUser() {
return noneUser;
}
public NiFiTestUser getPrivilegedUser() {
return privilegedUser;
}
public void testGenericGetUri(final String uri) throws Exception {
ClientResponse response;
// read
response = getReadUser().testGet(uri);
assertEquals(200, response.getStatus());
// read/write
response = getReadWriteUser().testGet(uri);
assertEquals(200, response.getStatus());
// write
response = getWriteUser().testGet(uri);
assertEquals(403, response.getStatus());
// none
response = getNoneUser().testGet(uri);
assertEquals(403, response.getStatus());
}
public String getBaseUrl() {
return baseUrl;
}
public void cleanup() throws Exception {
// shutdown the server
server.shutdownServer();
server = null;
// look for the flow.xml and toss it
File flow = new File(flowXmlPath);
if (flow.exists()) {
flow.delete();
}
}
}