Class DefaultRoleManager

    • Constructor Summary

      Constructors 
      Constructor Description
      DefaultRoleManager​(int maxHierarchyLevel)
      DefaultRoleManager is the constructor for creating an instance of the default RoleManager implementation.
      DefaultRoleManager​(int maxHierarchyLevel, java.util.function.BiPredicate<java.lang.String,​java.lang.String> matchingFunc, java.util.function.BiPredicate<java.lang.String,​java.lang.String> domainMatchingFunc)
      In order to use a specific role name matching function, set explicitly the role manager on the Enforcer and rebuild role links (you can optimize by using minimal enforcer constructor).
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void addDomainMatchingFunc​(java.lang.String name, java.util.function.BiPredicate<java.lang.String,​java.lang.String> domainMatchingFunc)
      addDomainMatchingFunc support use domain pattern in g
      void addLink​(java.lang.String name1, java.lang.String name2, java.lang.String... domain)
      addLink adds the inheritance link between role: name1 and role: name2.
      void addMatchingFunc​(java.lang.String name, java.util.function.BiPredicate<java.lang.String,​java.lang.String> matchingFunc)
      addMatchingFunc support use pattern in g.
      void clear()
      clear clears all stored data and resets the role manager to the initial state.
      (package private) void copyFrom​(DefaultRoleManager other)  
      void deleteLink​(java.lang.String name1, java.lang.String name2, java.lang.String... domain)
      deleteLink deletes the inheritance link between role: name1 and role: name2.
      (package private) Role getRole​(java.lang.String name)  
      java.util.List<java.lang.String> getRoles​(java.lang.String name, java.lang.String... domain)
      getRoles gets the roles that a subject inherits.
      java.util.List<java.lang.String> getUsers​(java.lang.String name, java.lang.String... domain)
      getUsers gets the users that inherits a subject.
      boolean hasLink​(java.lang.String name1, java.lang.String name2, java.lang.String... domain)
      hasLink determines whether role: name1 inherits role: name2.
      private boolean hasLinkHelper​(java.lang.String targetName, java.util.Map<java.lang.String,​Role> roles, int level)  
      (package private) boolean match​(java.lang.String str, java.lang.String pattern)  
      void printRoles()
      printRoles prints all the roles to log.
      private void rebuild()  
      (package private) void removeRole​(java.lang.String name)  
      java.lang.String toString()  
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
    • Field Detail

      • allRoles

        java.util.Map<java.lang.String,​Role> allRoles
      • maxHierarchyLevel

        final int maxHierarchyLevel
      • matchingFunc

        java.util.function.BiPredicate<java.lang.String,​java.lang.String> matchingFunc
      • matchingFuncCache

        private SyncedLRUCache<java.lang.String,​java.lang.Boolean> matchingFuncCache
    • Constructor Detail

      • DefaultRoleManager

        public DefaultRoleManager​(int maxHierarchyLevel)
        DefaultRoleManager is the constructor for creating an instance of the default RoleManager implementation.
        Parameters:
        maxHierarchyLevel - the maximized allowed RBAC hierarchy level.
      • DefaultRoleManager

        public DefaultRoleManager​(int maxHierarchyLevel,
                                  java.util.function.BiPredicate<java.lang.String,​java.lang.String> matchingFunc,
                                  java.util.function.BiPredicate<java.lang.String,​java.lang.String> domainMatchingFunc)
        In order to use a specific role name matching function, set explicitly the role manager on the Enforcer and rebuild role links (you can optimize by using minimal enforcer constructor).
         final Enforcer e = new Enforcer("model.conf");
         e.setAdapter(new FileAdapter("policies.csv"));
         e.setRoleManager(new DefaultRoleManager(10, BuiltInFunctions::domainMatch));
         e.loadPolicy();
         
        Parameters:
        maxHierarchyLevel - the maximized allowed RBAC hierarchy level.
        matchingFunc - a matcher for supporting pattern in g
        domainMatchingFunc - a matcher for supporting domain pattern in g
    • Method Detail

      • addMatchingFunc

        public void addMatchingFunc​(java.lang.String name,
                                    java.util.function.BiPredicate<java.lang.String,​java.lang.String> matchingFunc)
        addMatchingFunc support use pattern in g.
        Parameters:
        name - the name of the matching function.
        matchingFunc - the matching function.
      • addDomainMatchingFunc

        public void addDomainMatchingFunc​(java.lang.String name,
                                          java.util.function.BiPredicate<java.lang.String,​java.lang.String> domainMatchingFunc)
        addDomainMatchingFunc support use domain pattern in g
        Parameters:
        name - the name of the domain matching function.
        domainMatchingFunc - the domain matching function.
      • rebuild

        private void rebuild()
      • match

        boolean match​(java.lang.String str,
                      java.lang.String pattern)
      • getRole

        Role getRole​(java.lang.String name)
      • removeRole

        void removeRole​(java.lang.String name)
      • clear

        public void clear()
        clear clears all stored data and resets the role manager to the initial state.
        Specified by:
        clear in interface RoleManager
      • addLink

        public void addLink​(java.lang.String name1,
                            java.lang.String name2,
                            java.lang.String... domain)
        addLink adds the inheritance link between role: name1 and role: name2. aka role: name1 inherits role: name2. domain is a prefix to the roles.
        Specified by:
        addLink in interface RoleManager
        Parameters:
        name1 - the first role (or user).
        name2 - the second role.
        domain - the domain the roles belong to.
      • deleteLink

        public void deleteLink​(java.lang.String name1,
                               java.lang.String name2,
                               java.lang.String... domain)
        deleteLink deletes the inheritance link between role: name1 and role: name2. aka role: name1 does not inherit role: name2 any more. domain is a prefix to the roles.
        Specified by:
        deleteLink in interface RoleManager
        Parameters:
        name1 - the first role (or user).
        name2 - the second role.
        domain - the domain the roles belong to.
      • hasLink

        public boolean hasLink​(java.lang.String name1,
                               java.lang.String name2,
                               java.lang.String... domain)
        hasLink determines whether role: name1 inherits role: name2. domain is a prefix to the roles.
        Specified by:
        hasLink in interface RoleManager
        Parameters:
        name1 - the first role (or a user).
        name2 - the second role.
        domain - the domain the roles belong to.
        Returns:
        whether name1 inherits name2 (name1 has role name2).
      • hasLinkHelper

        private boolean hasLinkHelper​(java.lang.String targetName,
                                      java.util.Map<java.lang.String,​Role> roles,
                                      int level)
      • getRoles

        public java.util.List<java.lang.String> getRoles​(java.lang.String name,
                                                         java.lang.String... domain)
        getRoles gets the roles that a subject inherits. domain is a prefix to the roles.
        Specified by:
        getRoles in interface RoleManager
        Parameters:
        name - the user (or a role).
        domain - the domain the roles belong to.
        Returns:
        the roles.
      • getUsers

        public java.util.List<java.lang.String> getUsers​(java.lang.String name,
                                                         java.lang.String... domain)
        getUsers gets the users that inherits a subject.
        Specified by:
        getUsers in interface RoleManager
        Parameters:
        name - the role.
        domain - is a prefix to the users (can be used for other purposes).
        Returns:
        the users.
      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object
      • printRoles

        public void printRoles()
        printRoles prints all the roles to log.
        Specified by:
        printRoles in interface RoleManager