NIFI-8783 Moved SingleUserAuthorizer Login Provider check to initialize() (#5216)

2025-02-06 01:58:32 +00:00 · 2021-07-15 15:19:04 -05:00 · 2021-07-15 15:19:04 -05:00 · e4ff6f95a0
commit e4ff6f95a0
parent c668d3df1b
2 changed files with 58 additions and 13 deletions
--- a/nifi-nar-bundles/nifi-single-user-iaa-providers-bundle/nifi-single-user-iaa-providers/src/main/java/org/apache/nifi/authorization/single/user/SingleUserAuthorizer.java
+++ b/nifi-nar-bundles/nifi-single-user-iaa-providers-bundle/nifi-single-user-iaa-providers/src/main/java/org/apache/nifi/authorization/single/user/SingleUserAuthorizer.java
@ -53,6 +53,8 @@ public class SingleUserAuthorizer implements Authorizer {

    private static final String BLANK_PROVIDER = "provider";

+    private NiFiProperties niFiProperties;
+
    /**
     * Set NiFi Properties using method injection
     *
@ -60,14 +62,7 @@ public class SingleUserAuthorizer implements Authorizer {
     */
    @AuthorizerContext
    public void setProperties(final NiFiProperties niFiProperties) {
-        final File configuration = niFiProperties.getLoginIdentityProviderConfigurationFile();
-        final String identifier = niFiProperties.getProperty(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER, BLANK_PROVIDER);
-        if (isSingleUserLoginIdentityProviderConfigured(identifier, configuration)) {
-            LOGGER.debug("Required Login Identity Provider Configured [{}]", REQUIRED_PROVIDER);
-        } else {
-            final String message = String.format("%s requires %s to be configured", getClass().getSimpleName(), REQUIRED_PROVIDER);
-            throw new AuthorizerCreationException(message);
-        }
+        this.niFiProperties = niFiProperties;
    }

    @Override
@ -75,9 +70,27 @@ public class SingleUserAuthorizer implements Authorizer {
        return AuthorizationResult.approved();
    }

+    /**
+     * Initialize Provider and confirm that the Single User Login Identity Provider is also configured
+     *
+     * @param initializationContext Initialization Context
+     */
    @Override
    public void initialize(final AuthorizerInitializationContext initializationContext) {
        LOGGER.info("Initializing Authorizer");
+
+        final String securityUserAuthorizer = niFiProperties.getProperty(NiFiProperties.SECURITY_USER_AUTHORIZER);
+        final String authorizerIdentifier = initializationContext.getIdentifier();
+        if (authorizerIdentifier.equals(securityUserAuthorizer)) {
+            final File configuration = niFiProperties.getLoginIdentityProviderConfigurationFile();
+            final String identifier = niFiProperties.getProperty(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER, BLANK_PROVIDER);
+            if (isSingleUserLoginIdentityProviderConfigured(identifier, configuration)) {
+                LOGGER.debug("Required Login Identity Provider Configured [{}]", REQUIRED_PROVIDER);
+            } else {
+                final String message = String.format("%s requires %s to be configured", getClass().getSimpleName(), REQUIRED_PROVIDER);
+                throw new AuthorizerCreationException(message);
+            }
+        }
    }

    @Override
--- a/nifi-nar-bundles/nifi-single-user-iaa-providers-bundle/nifi-single-user-iaa-providers/src/test/java/org/apache/nifi/authorization/single/user/SingleUserAuthorizerTest.java
+++ b/nifi-nar-bundles/nifi-single-user-iaa-providers-bundle/nifi-single-user-iaa-providers/src/test/java/org/apache/nifi/authorization/single/user/SingleUserAuthorizerTest.java
@ -16,10 +16,14 @@
 */
 package org.apache.nifi.authorization.single.user;

+import org.apache.nifi.authorization.AuthorizerInitializationContext;
 import org.apache.nifi.authorization.exception.AuthorizerCreationException;
 import org.apache.nifi.util.NiFiProperties;
 import org.junit.Before;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.mockito.Mock;
+import org.mockito.junit.MockitoJUnitRunner;

 import java.net.URISyntaxException;
 import java.nio.file.Path;
@ -27,7 +31,9 @@ import java.nio.file.Paths;
 import java.util.Properties;

 import static org.junit.Assert.assertThrows;
+import static org.mockito.Mockito.when;

+@RunWith(MockitoJUnitRunner.class)
 public class SingleUserAuthorizerTest {
    private static final String BLANK_PROVIDERS = "/conf/login-identity-providers.xml";

@ -37,41 +43,67 @@ public class SingleUserAuthorizerTest {

    private static final String UNSUPPORTED_PROVIDER_IDENTIFIER = "unsupported-provider";

+    private static final String AUTHORIZER_IDENTIFIER = "single-user-authorizer";
+
+    private static final String OTHER_AUTHORIZER_IDENTIFIER = "other-authorizer";
+
    private static final String EMPTY_PROPERTIES_PATH = "";

    private SingleUserAuthorizer authorizer;

+    @Mock
+    private AuthorizerInitializationContext initializationContext;
+
    @Before
    public void setAuthorizer() {
        authorizer = new SingleUserAuthorizer();
+        when(initializationContext.getIdentifier()).thenReturn(AUTHORIZER_IDENTIFIER);
    }

    @Test
-    public void testSetPropertiesSingleUserIdentityProviderConfigured() throws URISyntaxException {
+    public void testInitializeSingleUserAuthorizerNotConfigured() throws URISyntaxException {
        final Path providersPath = Paths.get(getClass().getResource(BLANK_PROVIDERS).toURI());
        final Properties properties = new Properties();
        properties.put(NiFiProperties.LOGIN_IDENTITY_PROVIDER_CONFIGURATION_FILE, providersPath.toString());
        properties.put(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER, PROVIDER_IDENTIFIER);
+        properties.put(NiFiProperties.SECURITY_USER_AUTHORIZER, OTHER_AUTHORIZER_IDENTIFIER);
        final NiFiProperties niFiProperties = NiFiProperties.createBasicNiFiProperties(EMPTY_PROPERTIES_PATH, properties);
        authorizer.setProperties(niFiProperties);
+        authorizer.initialize(initializationContext);
    }

    @Test
-    public void testSetPropertiesSingleUserIdentityProviderNotSpecified() throws URISyntaxException {
+    public void testInitializeSingleUserIdentityProviderConfigured() throws URISyntaxException {
        final Path providersPath = Paths.get(getClass().getResource(BLANK_PROVIDERS).toURI());
        final Properties properties = new Properties();
        properties.put(NiFiProperties.LOGIN_IDENTITY_PROVIDER_CONFIGURATION_FILE, providersPath.toString());
+        properties.put(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER, PROVIDER_IDENTIFIER);
+        properties.put(NiFiProperties.SECURITY_USER_AUTHORIZER, AUTHORIZER_IDENTIFIER);
        final NiFiProperties niFiProperties = NiFiProperties.createBasicNiFiProperties(EMPTY_PROPERTIES_PATH, properties);
-        assertThrows(AuthorizerCreationException.class, () -> authorizer.setProperties(niFiProperties));
+        authorizer.setProperties(niFiProperties);
+        authorizer.initialize(initializationContext);
    }

    @Test
-    public void testSetPropertiesAuthorizerCreationException() throws URISyntaxException {
+    public void testInitializeSingleUserIdentityProviderNotSpecified() throws URISyntaxException {
+        final Path providersPath = Paths.get(getClass().getResource(BLANK_PROVIDERS).toURI());
+        final Properties properties = new Properties();
+        properties.put(NiFiProperties.LOGIN_IDENTITY_PROVIDER_CONFIGURATION_FILE, providersPath.toString());
+        properties.put(NiFiProperties.SECURITY_USER_AUTHORIZER, AUTHORIZER_IDENTIFIER);
+        final NiFiProperties niFiProperties = NiFiProperties.createBasicNiFiProperties(EMPTY_PROPERTIES_PATH, properties);
+        authorizer.setProperties(niFiProperties);
+        assertThrows(AuthorizerCreationException.class, () -> authorizer.initialize(initializationContext));
+    }
+
+    @Test
+    public void testInitializeAuthorizerCreationException() throws URISyntaxException {
        final Path providersPath = Paths.get(getClass().getResource(UNSUPPORTED_PROVIDERS).toURI());
        final Properties properties = new Properties();
        properties.put(NiFiProperties.LOGIN_IDENTITY_PROVIDER_CONFIGURATION_FILE, providersPath.toString());
        properties.put(NiFiProperties.SECURITY_USER_LOGIN_IDENTITY_PROVIDER, UNSUPPORTED_PROVIDER_IDENTIFIER);
+        properties.put(NiFiProperties.SECURITY_USER_AUTHORIZER, AUTHORIZER_IDENTIFIER);
        final NiFiProperties niFiProperties = NiFiProperties.createBasicNiFiProperties(EMPTY_PROPERTIES_PATH, properties);
-        assertThrows(AuthorizerCreationException.class, () -> authorizer.setProperties(niFiProperties));
+        authorizer.setProperties(niFiProperties);
+        assertThrows(AuthorizerCreationException.class, () -> authorizer.initialize(initializationContext));
    }
 }