AuthorityProvider (nifi-api 0.6.1 API)

```
public interface AuthorityProvider
```
This class allows clients to retrieve the authorities for a given DN.

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`void`	`addUser(String identity, String group)` Add the specified user.
`DownloadAuthorization`	`authorizeDownload(List<String> proxyChain, Map<String,String> attributes)` Determines whether the user in the specified dnChain should be able to download the content for the flowfile with the specified attributes.
`boolean`	`doesDnExist(String identity)`
`Set<Authority>`	`getAuthorities(String identity)` Get the authorities for the specified user.
`String`	`getGroupForUser(String identity)` Gets the group for the specified user.
`Set<String>`	`getUsers(Authority authority)` Gets the users for the specified authority.
`void`	`initialize(AuthorityProviderInitializationContext initializationContext)` Called immediately after instance creation for implementers to perform additional setup
`void`	`onConfigured(AuthorityProviderConfigurationContext configurationContext)` Called to configure the AuthorityProvider.
`void`	`preDestruction()` Called immediately before instance destruction for implementers to release resources.
`void`	`revokeGroup(String group)` Revokes all users for a specified group.
`void`	`revokeUser(String identity)` Revokes the specified user.
`void`	`setAuthorities(String identity, Set<Authority> authorities)` Sets the specified authorities for the specified user.
`void`	`setUsersGroup(Set<String> identity, String group)` Adds the specified users to the specified group.
`void`	`ungroup(String group)` Ungroups the specified group.
`void`	`ungroupUser(String identity)` Ungroups the specified user.

- Method Detail
  - doesDnExist
```
boolean doesDnExist(String identity)
             throws AuthorityAccessException
```
    Parameters:
    
    identity - of the user. The identity may be a dn, an email, a username, or any string that identities the user.
    
    Returns:
    
    whether the user with the specified identity is known to this authority provider. It is not necessary for the user to have any authorities
    
    Throws:
    
    AuthorityAccessException
  - getAuthorities
```
Set<Authority> getAuthorities(String identity)
                       throws UnknownIdentityException,
                              AuthorityAccessException
```
    Get the authorities for the specified user. If the specified user exists but does not have any authorities, an empty set should be returned.
    
    Parameters:
    
    identity - of the user. The identity may be a dn, an email, a username, or any string that identities the user.
    
    Returns:
    
    the authorities for the specified user. If the specified user exists but does not have any authorities, an empty set should be returned
    
    Throws:
    
    UnknownIdentityException - if identity is not known
    
    AuthorityAccessException - if unable to access authorities
  - setAuthorities
```
void setAuthorities(String identity,
                    Set<Authority> authorities)
             throws UnknownIdentityException,
                    AuthorityAccessException
```
    Sets the specified authorities for the specified user.
    
    Parameters:
    
    identity - of the user. The identity may be a dn, an email, a username, or any string that identities the user.
    
    authorities - the new authorities for the user
    
    Throws:
    
    UnknownIdentityException - if identity is not known
    
    AuthorityAccessException - if unable to access authorities
  - getUsers
```
Set<String> getUsers(Authority authority)
              throws AuthorityAccessException
```
    Gets the users for the specified authority.
    
    Parameters:
    
    authority - for which to determine membership of
    
    Returns:
    
    all users with the specified authority
    
    Throws:
    
    AuthorityAccessException - if unable to access authorities
  - revokeUser
```
void revokeUser(String identity)
         throws UnknownIdentityException,
                AuthorityAccessException
```
    Revokes the specified user. Its up to the implementor to determine the semantics of revocation.
    
    Parameters:
    
    identity - of the user. The identity may be a dn, an email, a username, or any string that identities the user.
    
    Throws:
    
    UnknownIdentityException - if the user is not known
    
    AuthorityAccessException - if unable to access the authorities
  - addUser
```
void addUser(String identity,
             String group)
      throws IdentityAlreadyExistsException,
             AuthorityAccessException
```
    Add the specified user.
    
    Parameters:
    
    identity - of the user. The identity may be a dn, an email, a username, or any string that identities the user.
    
    group - Optional
    
    Throws:
    
    UnknownIdentityException - if the user is not known
    
    AuthorityAccessException - if unable to access the authorities
    
    IdentityAlreadyExistsException
  - getGroupForUser
```
String getGroupForUser(String identity)
                throws UnknownIdentityException,
                       AuthorityAccessException
```
    Gets the group for the specified user. Return null if the user does not belong to a group.
    
    Parameters:
    
    identity - of the user. The identity may be a dn, an email, a username, or any string that identities the user.
    
    Returns:
    
    the group of the given user
    
    Throws:
    
    UnknownIdentityException - if the user is not known
    
    AuthorityAccessException - if unable to access the authorities
  - revokeGroup
```
void revokeGroup(String group)
          throws UnknownIdentityException,
                 AuthorityAccessException
```
    Revokes all users for a specified group. Its up to the implementor to determine the semantics of revocation.
    
    Parameters:
    
    group - to revoke the users of
    
    Throws:
    
    UnknownIdentityException - if the user is not known
    
    AuthorityAccessException - if unable to access the authorities
  - setUsersGroup
```
void setUsersGroup(Set<String> identity,
                   String group)
            throws UnknownIdentityException,
                   AuthorityAccessException
```
    Adds the specified users to the specified group.
    
    Parameters:
    
    identity - of the user. The identity may be a dn, an email, a username, or any string that identities the user.
    
    group - to add users to
    
    Throws:
    
    UnknownIdentityException - if the user is not known
    
    AuthorityAccessException - if unable to access the authorities
  - ungroupUser
```
void ungroupUser(String identity)
          throws UnknownIdentityException,
                 AuthorityAccessException
```
    Ungroups the specified user.
    
    Parameters:
    
    identity - of the user. The identity may be a dn, an email, a username, or any string that identities the user.
    
    Throws:
    
    UnknownIdentityException - if the user is not known
    
    AuthorityAccessException - if unable to access the authorities
  - ungroup
```
void ungroup(String group)
      throws AuthorityAccessException
```
    Ungroups the specified group. Since the semantics of revocation is up to the implementor, this method should do nothing if the specified group does not exist. If an admin revoked this group before calling ungroup, it may or may not exist.
    
    Parameters:
    
    group - to ungroup
    
    Throws:
    
    AuthorityAccessException - if unable to access the authorities
  - authorizeDownload
```
DownloadAuthorization authorizeDownload(List<String> proxyChain,
                                        Map<String,String> attributes)
                                 throws UnknownIdentityException,
                                        AuthorityAccessException
```
    Determines whether the user in the specified dnChain should be able to download the content for the flowfile with the specified attributes. The first identity in the chain is the end user that the request was issued on behalf of. The subsequent identities in the chain represent entities proxying the user's request with the last being the proxy that sent the current request.
    
    Parameters:
    
    proxyChain - proxy chain of user identities that for the download request
    
    attributes - of the flowfile being requested
    
    Returns:
    
    the authorization result
    
    Throws:
    
    UnknownIdentityException - if the user is not known
    
    AuthorityAccessException - if unable to access the authorities
  - initialize
```
void initialize(AuthorityProviderInitializationContext initializationContext)
         throws ProviderCreationException
```
    Called immediately after instance creation for implementers to perform additional setup
    
    Parameters:
    
    initializationContext - in which to initialize
    
    Throws:
    
    ProviderCreationException
  - onConfigured
```
void onConfigured(AuthorityProviderConfigurationContext configurationContext)
           throws ProviderCreationException
```
    Called to configure the AuthorityProvider.
    
    Parameters:
    
    configurationContext - at the time of configuration
    
    Throws:
    
    ProviderCreationException - for any issues configuring the provider
  - preDestruction
```
void preDestruction()
             throws ProviderDestructionException
```
    Called immediately before instance destruction for implementers to release resources.
    
    Throws:
    
    ProviderDestructionException - If pre-destruction fails.

Interface AuthorityProvider

Method Summary

Method Detail

doesDnExist

getAuthorities

setAuthorities

getUsers

revokeUser

addUser

getGroupForUser

revokeGroup

setUsersGroup

ungroupUser

ungroup

authorizeDownload

initialize

onConfigured

preDestruction