Package org.casbin.jcasbin.main
Class CoreEnforcer
- java.lang.Object
-
- org.casbin.jcasbin.main.CoreEnforcer
-
- Direct Known Subclasses:
InternalEnforcer
public class CoreEnforcer extends java.lang.Object
CoreEnforcer defines the core functionality of an enforcer.
-
-
Field Summary
Fields Modifier and Type Field Description (package private) boolean
acceptJsonRequest
(package private) Adapter
adapter
(package private) boolean
autoBuildRoleLinks
(package private) boolean
autoNotifyDispatcher
(package private) boolean
autoNotifyWatcher
(package private) boolean
autoSave
private com.googlecode.aviator.AviatorEvaluatorInstance
aviatorEval
(package private) java.util.Map<java.lang.String,ConditionalRoleManager>
condRmMap
(package private) Dispatcher
dispatcher
private Effector
eft
private boolean
enabled
(package private) FunctionMap
fm
(package private) Model
model
(package private) java.lang.String
modelPath
(package private) java.util.Map<java.lang.String,RoleManager>
rmMap
(package private) Watcher
watcher
-
Constructor Summary
Constructors Constructor Description CoreEnforcer()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
addNamedDomainLinkConditionFunc(java.lang.String ptype, java.lang.String user, java.lang.String role, java.lang.String domain, java.util.function.Function<java.lang.String[],java.lang.Boolean> fn)
addNamedDomainLinkConditionFunc Add condition function fn for Link userName-> {roleName, domain}, when fn returns true, Link is valid, otherwise invalidboolean
addNamedDomainMatchingFunc(java.lang.String ptype, java.lang.String name, java.util.function.BiPredicate<java.lang.String,java.lang.String> fn)
addNamedMatchingFunc add MatchingFunc by ptype RoleManagerboolean
addNamedLinkConditionFunc(java.lang.String ptype, java.lang.String user, java.lang.String role, java.util.function.Function<java.lang.String[],java.lang.Boolean> fn)
addNamedLinkConditionFunc Add condition function fn for Link userName->roleName, when fn returns true, Link is valid, otherwise invalidboolean
addNamedMatchingFunc(java.lang.String ptype, java.lang.String name, java.util.function.BiPredicate<java.lang.String,java.lang.String> fn)
addNamedMatchingFunc add MatchingFunc by ptype RoleManagerprivate void
addOrUpdateDomainManagerMatching(java.lang.String ptype)
add or update the DomainManager object in rmMap and associate it with a specific domain matching functionvoid
buildConditionalRoleLinks()
void
buildRoleLinks()
buildRoleLinks manually rebuild the role inheritance relations.void
clearPolicy()
clearPolicy clears all policy.private void
clearRmMap()
clearRmMap clears rmMap.void
enableAcceptJsonRequest(boolean acceptJsonRequest)
EnableAcceptJsonRequest controls whether to accept json as a request parametervoid
enableAutoBuildRoleLinks(boolean autoBuildRoleLinks)
enableAutoBuildRoleLinks controls whether to save a policy rule automatically to the adapter when it is added or removed.void
enableAutoSave(boolean autoSave)
enableAutoSave controls whether to save a policy rule automatically to the adapter when it is added or removed.void
enableEnforce(boolean enable)
enableEnforce changes the enforcing state of Casbin, when Casbin is disabled, all access will be allowed by the enforce() function.void
enableLog(boolean enable)
enableLog changes whether to print Casbin log to the standard output.boolean
enforce(java.lang.Object... rvals)
enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).private EnforceResult
enforce(java.lang.String matcher, java.lang.Object... rvals)
enforce use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, explain, sub, obj, act), use model matcher by default when matcher is "" or null.EnforceResult
enforceEx(java.lang.Object... rvals)
enforceEx decides whether a "subject" can access "object" with the operation "action", input parameters are usually: (sub, obj, act).EnforceResult
enforceExWithMatcher(java.lang.String matcher, java.lang.Object... rvals)
enforceExWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null.boolean
enforceWithMatcher(java.lang.String matcher, java.lang.Object... rvals)
enforceWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null.Adapter
getAdapter()
getAdapter gets the current adapter.com.googlecode.aviator.AviatorEvaluatorInstance
getAviatorEval()
gets the current Aviator Evaluator instanceModel
getModel()
getModel gets the current model.RoleManager
getNamedRoleManager(java.lang.String ptype)
getNamedRoleManager gets the role manager for the named policy.private void
getPTokens(java.util.Map<java.lang.String,java.lang.Object> parameters, java.lang.String pType, java.util.List<java.lang.String> pvals, java.lang.String[] pTokens)
getPTokens Retrieves policy tokens and populates them into the provided parameters map.java.util.Map<java.lang.String,RoleManager>
getRmMap()
getRmMap gets the current role manager map.RoleManager
getRoleManager()
getRoleManager gets the current role manager.private void
getRTokens(java.util.Map<java.lang.String,java.lang.Object> parameters, java.lang.String rType, java.lang.Object... rvals)
getRTokens Retrieves request tokens and populates them into the provided parameters map.private void
initBuiltInFunction()
(package private) void
initialize()
private void
initRmMap()
initRmMap initializes rmMap.boolean
isAutoNotifyDispatcher()
boolean
isAutoNotifyWatcher()
boolean
isFiltered()
isFiltered returns true if the loaded policy has been filtered.void
loadFilteredPolicy(java.lang.Object filter)
loadFilteredPolicy reloads a filtered policy from file/database.void
loadModel()
loadModel reloads the model from the model CONF file.void
loadPolicy()
loadPolicy reloads the policy from file/database.protected boolean
mustUseDispatcher()
static Model
newModel()
newModel creates a model.static Model
newModel(java.lang.String text)
newModel creates a model.static Model
newModel(java.lang.String modelPath, java.lang.String unused)
newModel creates a model.void
resetExpressionEvaluator()
Invalidate cache of compiled model matcher expression.void
savePolicy()
savePolicy saves the current policy (usually after changed with Casbin API) back to file/database.void
setAdapter(Adapter adapter)
setAdapter sets the current adapter.void
setAutoNotifyDispatcher(boolean autoNotifyDispatcher)
void
setAutoNotifyWatcher(boolean autoNotifyWatcher)
void
setAviatorEvaluator(com.googlecode.aviator.AviatorEvaluatorInstance evaluator)
set the aviator evaluatorvoid
setDispatcher(Dispatcher dispatcher)
setDispatcher sets the current dispatcher.void
setEffector(Effector eft)
setEffector sets the current effector.void
setModel(Model model)
setModel sets the current model.boolean
setNamedDomainLinkConditionFuncParams(java.lang.String ptype, java.lang.String user, java.lang.String role, java.lang.String domain, java.lang.String... params)
setNamedDomainLinkConditionFuncParams Sets the parameters of the condition function fn for Link userName->{roleName, domain}boolean
setNamedLinkConditionFuncParams(java.lang.String ptype, java.lang.String user, java.lang.String role, java.lang.String... params)
setNamedLinkConditionFuncParams Sets the parameters of the condition function fn for Link userName->roleNamevoid
setNamedRoleManager(java.lang.String ptype, RoleManager rm)
setNamedRoleManager sets the role manager for the named policy.void
setRoleManager(java.lang.String ptype, RoleManager rm)
setRoleManager sets role manager for ptype.void
setRoleManager(RoleManager rm)
setRoleManager sets the current role manager for g.void
setWatcher(Watcher watcher)
setWatcher sets the current watcher.boolean
validateEnforce(java.lang.Object... rvals)
private boolean
validateEnforceSection(java.lang.String section, java.lang.Object... rvals)
-
-
-
Field Detail
-
modelPath
java.lang.String modelPath
-
model
Model model
-
fm
FunctionMap fm
-
eft
private Effector eft
-
adapter
Adapter adapter
-
watcher
Watcher watcher
-
dispatcher
Dispatcher dispatcher
-
rmMap
java.util.Map<java.lang.String,RoleManager> rmMap
-
condRmMap
java.util.Map<java.lang.String,ConditionalRoleManager> condRmMap
-
enabled
private boolean enabled
-
autoSave
boolean autoSave
-
autoBuildRoleLinks
boolean autoBuildRoleLinks
-
autoNotifyWatcher
boolean autoNotifyWatcher
-
autoNotifyDispatcher
boolean autoNotifyDispatcher
-
acceptJsonRequest
boolean acceptJsonRequest
-
aviatorEval
private com.googlecode.aviator.AviatorEvaluatorInstance aviatorEval
-
-
Method Detail
-
initialize
void initialize()
-
newModel
public static Model newModel()
newModel creates a model.- Returns:
- an empty model.
-
newModel
public static Model newModel(java.lang.String text)
newModel creates a model.- Parameters:
text
- the model text.- Returns:
- the model.
-
newModel
public static Model newModel(java.lang.String modelPath, java.lang.String unused)
newModel creates a model.- Parameters:
modelPath
- the path of the model file.unused
- unused parameter, just for differentiating with newModel(String text).- Returns:
- the model.
-
loadModel
public void loadModel()
loadModel reloads the model from the model CONF file. Because the policy is attached to a model, so the policy is invalidated and needs to be reloaded by calling LoadPolicy().
-
getModel
public Model getModel()
getModel gets the current model.- Returns:
- the model of the enforcer.
-
setModel
public void setModel(Model model)
setModel sets the current model.- Parameters:
model
- the model.
-
setAviatorEvaluator
public void setAviatorEvaluator(com.googlecode.aviator.AviatorEvaluatorInstance evaluator)
set the aviator evaluator- Parameters:
evaluator
- aviator evaluator
-
getAviatorEval
public com.googlecode.aviator.AviatorEvaluatorInstance getAviatorEval()
gets the current Aviator Evaluator instance- Returns:
- Aviator Evaluator instance of enforcer
-
getAdapter
public Adapter getAdapter()
getAdapter gets the current adapter.- Returns:
- the adapter of the enforcer.
-
setAdapter
public void setAdapter(Adapter adapter)
setAdapter sets the current adapter.- Parameters:
adapter
- the adapter.
-
setWatcher
public void setWatcher(Watcher watcher)
setWatcher sets the current watcher.- Parameters:
watcher
- the watcher.
-
setDispatcher
public void setDispatcher(Dispatcher dispatcher)
setDispatcher sets the current dispatcher.- Parameters:
dispatcher
- jCasbin dispatcher
-
getRmMap
public java.util.Map<java.lang.String,RoleManager> getRmMap()
getRmMap gets the current role manager map.- Returns:
- the role manager map of the enforcer.
-
getRoleManager
public RoleManager getRoleManager()
getRoleManager gets the current role manager.- Returns:
- the role manager.
-
getNamedRoleManager
public RoleManager getNamedRoleManager(java.lang.String ptype)
getNamedRoleManager gets the role manager for the named policy.- Parameters:
ptype
- the policy type.- Returns:
- the role manager.
-
setRoleManager
public void setRoleManager(RoleManager rm)
setRoleManager sets the current role manager for g.- Parameters:
rm
- the role manager.
-
setNamedRoleManager
public void setNamedRoleManager(java.lang.String ptype, RoleManager rm)
setNamedRoleManager sets the role manager for the named policy.- Parameters:
ptype
- the policy type.rm
- the role manager.
-
setEffector
public void setEffector(Effector eft)
setEffector sets the current effector.- Parameters:
eft
- the effector.
-
clearPolicy
public void clearPolicy()
clearPolicy clears all policy.
-
loadPolicy
public void loadPolicy()
loadPolicy reloads the policy from file/database.
-
loadFilteredPolicy
public void loadFilteredPolicy(java.lang.Object filter)
loadFilteredPolicy reloads a filtered policy from file/database.- Parameters:
filter
- the filter used to specify which type of policy should be loaded.
-
isFiltered
public boolean isFiltered()
isFiltered returns true if the loaded policy has been filtered.- Returns:
- if the loaded policy has been filtered.
-
savePolicy
public void savePolicy()
savePolicy saves the current policy (usually after changed with Casbin API) back to file/database.
-
setRoleManager
public void setRoleManager(java.lang.String ptype, RoleManager rm)
setRoleManager sets role manager for ptype.- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..rm
- the role manager.
-
initRmMap
private void initRmMap()
initRmMap initializes rmMap.
-
addOrUpdateDomainManagerMatching
private void addOrUpdateDomainManagerMatching(java.lang.String ptype)
add or update the DomainManager object in rmMap and associate it with a specific domain matching function
-
initBuiltInFunction
private void initBuiltInFunction()
-
clearRmMap
private void clearRmMap()
clearRmMap clears rmMap.
-
enableEnforce
public void enableEnforce(boolean enable)
enableEnforce changes the enforcing state of Casbin, when Casbin is disabled, all access will be allowed by the enforce() function.- Parameters:
enable
- whether to enable the enforcer.
-
enableLog
public void enableLog(boolean enable)
enableLog changes whether to print Casbin log to the standard output.- Parameters:
enable
- whether to enable Casbin's log.
-
enableAutoSave
public void enableAutoSave(boolean autoSave)
enableAutoSave controls whether to save a policy rule automatically to the adapter when it is added or removed.- Parameters:
autoSave
- whether to enable the AutoSave feature.
-
enableAutoBuildRoleLinks
public void enableAutoBuildRoleLinks(boolean autoBuildRoleLinks)
enableAutoBuildRoleLinks controls whether to save a policy rule automatically to the adapter when it is added or removed.- Parameters:
autoBuildRoleLinks
- whether to automatically build the role links.
-
enableAcceptJsonRequest
public void enableAcceptJsonRequest(boolean acceptJsonRequest)
EnableAcceptJsonRequest controls whether to accept json as a request parameter- Parameters:
acceptJsonRequest
- a boolean that indicates whether JSON requests are accepted.
-
buildRoleLinks
public void buildRoleLinks()
buildRoleLinks manually rebuild the role inheritance relations.
-
buildConditionalRoleLinks
public void buildConditionalRoleLinks()
-
enforce
private EnforceResult enforce(java.lang.String matcher, java.lang.Object... rvals)
enforce use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, explain, sub, obj, act), use model matcher by default when matcher is "" or null.- Parameters:
matcher
- the custom matcher.rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.- Returns:
- whether to allow the request.
-
enforce
public boolean enforce(java.lang.Object... rvals)
enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).- Parameters:
rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.- Returns:
- whether to allow the request.
-
enforceWithMatcher
public boolean enforceWithMatcher(java.lang.String matcher, java.lang.Object... rvals)
enforceWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null.- Parameters:
matcher
- the custom matcher.rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.- Returns:
- whether to allow the request.
-
enforceEx
public EnforceResult enforceEx(java.lang.Object... rvals)
enforceEx decides whether a "subject" can access "object" with the operation "action", input parameters are usually: (sub, obj, act). the list explain, store matching rule.- Parameters:
rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.- Returns:
- whether to allow the request.
-
enforceExWithMatcher
public EnforceResult enforceExWithMatcher(java.lang.String matcher, java.lang.Object... rvals)
enforceExWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null. the list explain, store matching rule.- Parameters:
matcher
- the custom matcher.rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.- Returns:
- whether to allow the request.
-
addNamedMatchingFunc
public boolean addNamedMatchingFunc(java.lang.String ptype, java.lang.String name, java.util.function.BiPredicate<java.lang.String,java.lang.String> fn)
addNamedMatchingFunc add MatchingFunc by ptype RoleManager- Parameters:
ptype
- the type of the role manager.name
- the name of the matching function to be added.fn
- the matching function.- Returns:
- whether the matching function was successfully added.
-
addNamedDomainMatchingFunc
public boolean addNamedDomainMatchingFunc(java.lang.String ptype, java.lang.String name, java.util.function.BiPredicate<java.lang.String,java.lang.String> fn)
addNamedMatchingFunc add MatchingFunc by ptype RoleManager- Parameters:
ptype
- the type of the role manager.name
- the name of the matching function to be added.fn
- the domain matching function.- Returns:
- whether the matching function was successfully added.
-
addNamedLinkConditionFunc
public boolean addNamedLinkConditionFunc(java.lang.String ptype, java.lang.String user, java.lang.String role, java.util.function.Function<java.lang.String[],java.lang.Boolean> fn)
addNamedLinkConditionFunc Add condition function fn for Link userName->roleName, when fn returns true, Link is valid, otherwise invalid- Parameters:
ptype
- the type of the role manager.user
- the username for which the link condition is being added.role
- the role associated with the user for which the condition is evaluated.fn
- a function that takes an array of parameters (e.g., [user, role]) and returns a Boolean indicating the validity of the link.- Returns:
- whether the Link is valid.
-
addNamedDomainLinkConditionFunc
public boolean addNamedDomainLinkConditionFunc(java.lang.String ptype, java.lang.String user, java.lang.String role, java.lang.String domain, java.util.function.Function<java.lang.String[],java.lang.Boolean> fn)
addNamedDomainLinkConditionFunc Add condition function fn for Link userName-> {roleName, domain}, when fn returns true, Link is valid, otherwise invalid- Parameters:
ptype
- the type of the conditional role manager.user
- the username for which the link condition is being added.role
- the role associated with the user for which the condition is evaluated.domain
- the domain associated with the role.fn
- a function that takes an array of parameters (e.g., [user, role, domain]) and returns a Boolean indicating the validity of the link.- Returns:
- whether the Link is valid.
-
setNamedLinkConditionFuncParams
public boolean setNamedLinkConditionFuncParams(java.lang.String ptype, java.lang.String user, java.lang.String role, java.lang.String... params)
setNamedLinkConditionFuncParams Sets the parameters of the condition function fn for Link userName->roleName- Parameters:
ptype
- the type of the conditional role manager.user
- the username for which the link condition parameters are being set.role
- the role associated with the user for which the parameters are being configured.params
- an array of parameters to be passed to the condition function.- Returns:
- whether the Link is valid.
-
setNamedDomainLinkConditionFuncParams
public boolean setNamedDomainLinkConditionFuncParams(java.lang.String ptype, java.lang.String user, java.lang.String role, java.lang.String domain, java.lang.String... params)
setNamedDomainLinkConditionFuncParams Sets the parameters of the condition function fn for Link userName->{roleName, domain}- Parameters:
ptype
- the type of the conditional role manager.user
- the username for which the link condition parameters are being set.role
- the role associated with the user for which the parameters are being configured.domain
- the domain associated with the role and user.params
- an array of parameters to be passed to the condition function, allowing customization of the condition logic.- Returns:
- whether the parameters were successfully set.
-
getRTokens
private void getRTokens(java.util.Map<java.lang.String,java.lang.Object> parameters, java.lang.String rType, java.lang.Object... rvals)
getRTokens Retrieves request tokens and populates them into the provided parameters map.- Parameters:
parameters
- a map to store the request tokens and their corresponding values.rType
- the type of the request for which tokens are being retrieved, used to access the appropriate model.rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.
-
getPTokens
private void getPTokens(java.util.Map<java.lang.String,java.lang.Object> parameters, java.lang.String pType, java.util.List<java.lang.String> pvals, java.lang.String[] pTokens)
getPTokens Retrieves policy tokens and populates them into the provided parameters map.- Parameters:
parameters
- a map to store the policy tokens and their corresponding values.pType
- the type of the policy for which tokens are being retrieved, used for context.pvals
- a list of values corresponding to the policy tokens.pTokens
- an array of tokens associated with the policy.
-
validateEnforce
public boolean validateEnforce(java.lang.Object... rvals)
-
validateEnforceSection
private boolean validateEnforceSection(java.lang.String section, java.lang.Object... rvals)
-
resetExpressionEvaluator
public void resetExpressionEvaluator()
Invalidate cache of compiled model matcher expression. This is done automatically most of the time, but you may need to call it explicitly if you manipulate directly Model.
-
isAutoNotifyWatcher
public boolean isAutoNotifyWatcher()
-
setAutoNotifyWatcher
public void setAutoNotifyWatcher(boolean autoNotifyWatcher)
-
isAutoNotifyDispatcher
public boolean isAutoNotifyDispatcher()
-
setAutoNotifyDispatcher
public void setAutoNotifyDispatcher(boolean autoNotifyDispatcher)
-
mustUseDispatcher
protected boolean mustUseDispatcher()
-
-