Class SyncedEnforcer

Direct Known Subclasses:
DistributedEnforcer, SyncedCachedEnforcer

public class SyncedEnforcer extends Enforcer
SyncedEnforcer = ManagementEnforcer + RBAC API.
  • Field Details

    • READ_WRITE_LOCK

      private static final ReadWriteLock READ_WRITE_LOCK
    • stopAutoLoad

      private final Object stopAutoLoad
    • autoLoadRunning

      private final AtomicInteger autoLoadRunning
  • Constructor Details

    • SyncedEnforcer

      public SyncedEnforcer()
      ; SyncedEnforcer is the default constructor.
    • SyncedEnforcer

      public SyncedEnforcer(String modelPath, String policyFile)
      SyncedEnforcer initializes an enforcer with a model file and a policy file.
      Parameters:
      modelPath - the path of the model file.
      policyFile - the path of the policy file.
    • SyncedEnforcer

      public SyncedEnforcer(String modelPath, Adapter adapter)
      SyncedEnforcer initializes an enforcer with a database adapter.
      Parameters:
      modelPath - the path of the model file.
      adapter - the adapter.
    • SyncedEnforcer

      public SyncedEnforcer(Model m, Adapter adapter)
      SyncedEnforcer initializes an enforcer with a model and a database adapter.
      Parameters:
      m - the model.
      adapter - the adapter.
    • SyncedEnforcer

      public SyncedEnforcer(Model m)
      SyncedEnforcer initializes an enforcer with a model.
      Parameters:
      m - the model.
    • SyncedEnforcer

      public SyncedEnforcer(String modelPath)
      SyncedEnforcer initializes an enforcer with a model file.
      Parameters:
      modelPath - the path of the model file.
    • SyncedEnforcer

      public SyncedEnforcer(String modelPath, String policyFile, boolean enableLog)
      SyncedEnforcer initializes an enforcer with a model file, a policy file and an enable log flag.
      Parameters:
      modelPath - the path of the model file.
      policyFile - the path of the policy file.
      enableLog - whether to enable Casbin's log.
  • Method Details

    • isAutoLoadingRunning

      public boolean isAutoLoadingRunning()
    • startAutoLoadPolicy

      public void startAutoLoadPolicy(long d)
    • stopAutoLoadPolicy

      public void stopAutoLoadPolicy()
    • setWatcher

      public void setWatcher(Watcher watcher)
      setWatcher sets the current watcher.
      Overrides:
      setWatcher in class CoreEnforcer
      Parameters:
      watcher - the watcher.
    • clearPolicy

      public void clearPolicy()
      clearPolicy clears all policy.
      Overrides:
      clearPolicy in class CoreEnforcer
    • loadPolicy

      public void loadPolicy()
      loadPolicy reloads the policy from file/database.
      Overrides:
      loadPolicy in class CoreEnforcer
    • loadFilteredPolicy

      public void loadFilteredPolicy(Object filter)
      loadFilteredPolicy reloads a filtered policy from file/database.
      Overrides:
      loadFilteredPolicy in class CoreEnforcer
      Parameters:
      filter - the filter used to specify which type of policy should be loaded.
    • savePolicy

      public void savePolicy()
      savePolicy saves the current policy (usually after changed with Casbin API) back to file/database.
      Overrides:
      savePolicy in class CoreEnforcer
    • buildRoleLinks

      public void buildRoleLinks()
      buildRoleLinks manually rebuild the role inheritance relations.
      Overrides:
      buildRoleLinks in class CoreEnforcer
    • enforce

      public boolean enforce(Object... rvals)
      enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).
      Overrides:
      enforce in class CoreEnforcer
      Parameters:
      rvals - the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.
      Returns:
      whether to allow the request.
    • enforceWithMatcher

      public boolean enforceWithMatcher(String matcher, Object... rvals)
      enforceWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null.
      Overrides:
      enforceWithMatcher in class CoreEnforcer
      Parameters:
      matcher - the custom matcher.
      rvals - the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.
      Returns:
      whether to allow the request.
    • enforceEx

      public EnforceResult enforceEx(Object... rvals)
      enforceEx decides whether a "subject" can access "object" with the operation "action", input parameters are usually: (sub, obj, act). the list explain, store matching rule.
      Overrides:
      enforceEx in class CoreEnforcer
      Parameters:
      rvals - the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.
      Returns:
      whether to allow the request.
    • enforceExWithMatcher

      public EnforceResult enforceExWithMatcher(String matcher, Object... rvals)
      enforceExWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null. the list explain, store matching rule.
      Overrides:
      enforceExWithMatcher in class CoreEnforcer
      Parameters:
      matcher - the custom matcher.
      rvals - the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.
      Returns:
      whether to allow the request.
    • batchEnforce

      public List<Boolean> batchEnforce(List<List<String>> rules)
      batchEnforce enforce in batches
      Overrides:
      batchEnforce in class Enforcer
      Parameters:
      rules - the rules.
      Returns:
      the results
    • batchEnforceWithMatcher

      public List<Boolean> batchEnforceWithMatcher(String matcher, List<List<String>> rules)
      batchEnforceWithMatcher enforce with matcher in batches
      Overrides:
      batchEnforceWithMatcher in class Enforcer
      Parameters:
      matcher - the custom matcher.
      rules - the rules.
      Returns:
      the results
    • getAllSubjects

      public List<String> getAllSubjects()
      getAllSubjects gets the list of subjects that show up in the current policy.
      Overrides:
      getAllSubjects in class ManagementEnforcer
      Returns:
      all the subjects in "p" policy rules. It actually collects the 0-index elements of "p" policy rules. So make sure your subject is the 0-index element, like (sub, obj, act). Duplicates are removed.
    • getAllObjects

      public List<String> getAllObjects()
      getAllObjects gets the list of objects that show up in the current policy.
      Overrides:
      getAllObjects in class ManagementEnforcer
      Returns:
      all the objects in "p" policy rules. It actually collects the 1-index elements of "p" policy rules. So make sure your object is the 1-index element, like (sub, obj, act). Duplicates are removed.
    • getAllNamedObjects

      public List<String> getAllNamedObjects(String ptype)
      getAllNamedObjects gets the list of objects that show up in the current named policy.
      Overrides:
      getAllNamedObjects in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      Returns:
      all the objects in policy rules of the ptype type. It actually collects the 1-index elements of the policy rules. So make sure your object is the 1-index element, like (sub, obj, act). Duplicates are removed.
    • getAllActions

      public List<String> getAllActions()
      getAllActions gets the list of actions that show up in the current policy.
      Overrides:
      getAllActions in class ManagementEnforcer
      Returns:
      all the actions in "p" policy rules. It actually collects the 2-index elements of "p" policy rules. So make sure your action is the 2-index element, like (sub, obj, act). Duplicates are removed.
    • getAllNamedActions

      public List<String> getAllNamedActions(String ptype)
      GetAllNamedActions gets the list of actions that show up in the current named policy.
      Overrides:
      getAllNamedActions in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      Returns:
      all the actions in policy rules of the ptype type. It actually collects the 2-index elements of the policy rules. So make sure your action is the 2-index element, like (sub, obj, act). Duplicates are removed.
    • getAllRoles

      public List<String> getAllRoles()
      getAllRoles gets the list of roles that show up in the current policy.
      Overrides:
      getAllRoles in class ManagementEnforcer
      Returns:
      all the roles in "g" policy rules. It actually collects the 1-index elements of "g" policy rules. So make sure your role is the 1-index element, like (sub, role). Duplicates are removed.
    • getAllNamedRoles

      public List<String> getAllNamedRoles(String ptype)
      getAllNamedRoles gets the list of roles that show up in the current named policy.
      Overrides:
      getAllNamedRoles in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      Returns:
      all the subjects in policy rules of the ptype type. It actually collects the 0-index elements of the policy rules. So make sure your subject is the 0-index element, like (sub, obj, act). Duplicates are removed.
    • getPolicy

      public List<List<String>> getPolicy()
      getPolicy gets all the authorization rules in the policy.
      Overrides:
      getPolicy in class ManagementEnforcer
      Returns:
      all the "p" policy rules.
    • getFilteredPolicy

      public List<List<String>> getFilteredPolicy(int fieldIndex, String... fieldValues)
      getFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.
      Overrides:
      getFilteredPolicy in class ManagementEnforcer
      Parameters:
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      the filtered "p" policy rules.
    • getNamedPolicy

      public List<List<String>> getNamedPolicy(String ptype)
      getNamedPolicy gets all the authorization rules in the named policy.
      Overrides:
      getNamedPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      Returns:
      the "p" policy rules of the specified ptype.
    • getFilteredNamedPolicy

      public List<List<String>> getFilteredNamedPolicy(String ptype, int fieldIndex, String... fieldValues)
      getFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified.
      Overrides:
      getFilteredNamedPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      the filtered "p" policy rules of the specified ptype.
    • getGroupingPolicy

      public List<List<String>> getGroupingPolicy()
      getGroupingPolicy gets all the role inheritance rules in the policy.
      Overrides:
      getGroupingPolicy in class ManagementEnforcer
      Returns:
      all the "g" policy rules.
    • getRolesForUser

      public List<String> getRolesForUser(String name)
      getRolesForUser gets the roles that a user has.
      Overrides:
      getRolesForUser in class Enforcer
      Parameters:
      name - the user.
      Returns:
      the roles that the user has.
    • getFilteredGroupingPolicy

      public List<List<String>> getFilteredGroupingPolicy(int fieldIndex, String... fieldValues)
      getFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.
      Overrides:
      getFilteredGroupingPolicy in class ManagementEnforcer
      Parameters:
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      the filtered "g" policy rules.
    • getNamedGroupingPolicy

      public List<List<String>> getNamedGroupingPolicy(String ptype)
      getNamedGroupingPolicy gets all the role inheritance rules in the policy.
      Overrides:
      getNamedGroupingPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      Returns:
      the "g" policy rules of the specified ptype.
    • getFilteredNamedGroupingPolicy

      public List<List<String>> getFilteredNamedGroupingPolicy(String ptype, int fieldIndex, String... fieldValues)
      getFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.
      Overrides:
      getFilteredNamedGroupingPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      the filtered "g" policy rules of the specified ptype.
    • hasPolicy

      public boolean hasPolicy(List<String> params)
      hasPolicy determines whether an authorization rule exists.
      Overrides:
      hasPolicy in class ManagementEnforcer
      Parameters:
      params - the "p" policy rule, ptype "p" is implicitly used.
      Returns:
      whether the rule exists.
    • hasPolicy

      public boolean hasPolicy(String... params)
      hasPolicy determines whether an authorization rule exists.
      Overrides:
      hasPolicy in class ManagementEnforcer
      Parameters:
      params - the "p" policy rule, ptype "p" is implicitly used.
      Returns:
      whether the rule exists.
    • hasNamedPolicy

      public boolean hasNamedPolicy(String ptype, List<String> params)
      hasNamedPolicy determines whether a named authorization rule exists.
      Overrides:
      hasNamedPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      params - the "p" policy rule.
      Returns:
      whether the rule exists.
    • hasNamedPolicy

      public boolean hasNamedPolicy(String ptype, String... params)
      hasNamedPolicy determines whether a named authorization rule exists.
      Overrides:
      hasNamedPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      params - the "p" policy rule.
      Returns:
      whether the rule exists.
    • addPolicy

      public boolean addPolicy(List<String> params)
      addPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Overrides:
      addPolicy in class ManagementEnforcer
      Parameters:
      params - the "p" policy rule, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • addPolicies

      public boolean addPolicies(List<List<String>> rules)
      addPolicies adds authorization rules to the current policy. If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. Otherwise the function returns true for the corresponding rule by adding the new rule.
      Overrides:
      addPolicies in class ManagementEnforcer
      Parameters:
      rules - the "p" policy rules, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • updatePolicy

      public boolean updatePolicy(List<String> params1, List<String> params2)
      updatePolicy update an authorization rule to the current policy.
      Overrides:
      updatePolicy in class ManagementEnforcer
      Parameters:
      params1 - the old rule.
      params2 - the new rule.
      Returns:
      succeeds or not.
    • addPolicy

      public boolean addPolicy(String... params)
      addPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Overrides:
      addPolicy in class ManagementEnforcer
      Parameters:
      params - the "p" policy rule, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • addPolicies

      public boolean addPolicies(String[][] rules)
      addPolicies adds authorization rules to the current policy. If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. Otherwise the function returns true for the corresponding rule by adding the new rule.
      Overrides:
      addPolicies in class ManagementEnforcer
      Parameters:
      rules - the "p" policy rules, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • addNamedPolicy

      public boolean addNamedPolicy(String ptype, List<String> params)
      AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Overrides:
      addNamedPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      params - the "p" policy rule.
      Returns:
      succeeds or not.
    • addNamedPolicies

      public boolean addNamedPolicies(String ptype, List<List<String>> rules)
      addNamedPolicies adds authorization rules to the current named policy. If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. Otherwise the function returns true for the corresponding by adding the new rule.
      Overrides:
      addNamedPolicies in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      rules - the "p" policy rules.
      Returns:
      succeeds or not.
    • addNamedPoliciesEx

      public boolean addNamedPoliciesEx(String ptype, List<List<String>> rules)
      addNamedPoliciesEx adds authorization rules to the current named policy. If the rule already exists, the rule will not be added. But unlike AddNamedPolicies, other non-existent rules are added instead of returning false directly
      Overrides:
      addNamedPoliciesEx in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      rules - the "p" policy rules.
      Returns:
      succeeds or not.
    • updateNamedPolicy

      public boolean updateNamedPolicy(String ptype, List<String> params1, List<String> params2)
      updateNamedPolicy updates an authorization rule to the current named policy.
      Overrides:
      updateNamedPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      params1 - the old rule.
      params2 - the new rule.
      Returns:
      succeeds or not.
    • updateGroupingPolicy

      public boolean updateGroupingPolicy(List<String> params1, List<String> params2)
      UpdateGroupingPolicy updates an authorization rule to the current named policy.
      Overrides:
      updateGroupingPolicy in class ManagementEnforcer
      Parameters:
      params1 - the old rule.
      params2 - the new rule.
      Returns:
      succeeds or not.
    • updateNamedGroupingPolicy

      public boolean updateNamedGroupingPolicy(String ptype, List<String> params1, List<String> params2)
      updateNamedGroupingPolicy updates an authorization rule to the current named policy.
      Overrides:
      updateNamedGroupingPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      params1 - the old rule.
      params2 - the new rule.
      Returns:
      succeeds or not.
    • addNamedPolicy

      public boolean addNamedPolicy(String ptype, String... params)
      AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Overrides:
      addNamedPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      params - the "p" policy rule.
      Returns:
      succeeds or not.
    • removePolicy

      public boolean removePolicy(List<String> params)
      removePolicy removes an authorization rule from the current policy.
      Overrides:
      removePolicy in class ManagementEnforcer
      Parameters:
      params - the "p" policy rule, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • removePolicy

      public boolean removePolicy(String... params)
      removePolicy removes an authorization rule from the current policy.
      Overrides:
      removePolicy in class ManagementEnforcer
      Parameters:
      params - the "p" policy rule, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • removePolicies

      public boolean removePolicies(List<List<String>> rules)
      removePolicies removes authorization rules from the current policy.
      Overrides:
      removePolicies in class ManagementEnforcer
      Parameters:
      rules - the "p" policy rules, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • removePolicies

      public boolean removePolicies(String[][] rules)
      removePolicies removes authorization rules from the current policy.
      Overrides:
      removePolicies in class ManagementEnforcer
      Parameters:
      rules - the "p" policy rules, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • removeFilteredPolicy

      public boolean removeFilteredPolicy(int fieldIndex, String... fieldValues)
      removeFilteredPolicy removes an authorization rule from the current policy, field filters can be specified.
      Overrides:
      removeFilteredPolicy in class ManagementEnforcer
      Parameters:
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      succeeds or not.
    • removeNamedPolicy

      public boolean removeNamedPolicy(String ptype, List<String> params)
      removeNamedPolicy removes an authorization rule from the current named policy.
      Overrides:
      removeNamedPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      params - the "p" policy rule.
      Returns:
      succeeds or not.
    • removeNamedPolicy

      public boolean removeNamedPolicy(String ptype, String... params)
      removeNamedPolicy removes an authorization rule from the current named policy.
      Overrides:
      removeNamedPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      params - the "p" policy rule.
      Returns:
      succeeds or not.
    • removeNamedPolicies

      public boolean removeNamedPolicies(String ptype, List<List<String>> rules)
      removeNamedPolicies removes authorization rules from the current named policy.
      Overrides:
      removeNamedPolicies in class ManagementEnforcer
      Parameters:
      ptype - ptype the policy type, can be "p", "p2", "p3", ..
      rules - the "p" policy rules.
      Returns:
      succeeds or not.
    • removeFilteredNamedPolicy

      public boolean removeFilteredNamedPolicy(String ptype, int fieldIndex, String... fieldValues)
      removeFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified.
      Overrides:
      removeFilteredNamedPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      succeeds or not.
    • hasGroupingPolicy

      public boolean hasGroupingPolicy(List<String> params)
      hasGroupingPolicy determines whether a role inheritance rule exists.
      Overrides:
      hasGroupingPolicy in class ManagementEnforcer
      Parameters:
      params - the "g" policy rule, ptype "g" is implicitly used.
      Returns:
      whether the rule exists.
    • hasGroupingPolicy

      public boolean hasGroupingPolicy(String... params)
      hasGroupingPolicy determines whether a role inheritance rule exists.
      Overrides:
      hasGroupingPolicy in class ManagementEnforcer
      Parameters:
      params - the "g" policy rule, ptype "g" is implicitly used.
      Returns:
      whether the rule exists.
    • hasNamedGroupingPolicy

      public boolean hasNamedGroupingPolicy(String ptype, List<String> params)
      hasNamedGroupingPolicy determines whether a named role inheritance rule exists.
      Overrides:
      hasNamedGroupingPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      params - the "g" policy rule.
      Returns:
      whether the rule exists.
    • hasNamedGroupingPolicy

      public boolean hasNamedGroupingPolicy(String ptype, String... params)
      hasNamedGroupingPolicy determines whether a named role inheritance rule exists.
      Overrides:
      hasNamedGroupingPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      params - the "g" policy rule.
      Returns:
      whether the rule exists.
    • addGroupingPolicy

      public boolean addGroupingPolicy(List<String> params)
      addGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Overrides:
      addGroupingPolicy in class ManagementEnforcer
      Parameters:
      params - the "g" policy rule, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • addGroupingPolicy

      public boolean addGroupingPolicy(String... params)
      addGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Overrides:
      addGroupingPolicy in class ManagementEnforcer
      Parameters:
      params - the "g" policy rule, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • addGroupingPolicies

      public boolean addGroupingPolicies(List<List<String>> rules)
      addGroupingPolicies adds role inheritance rules to the current policy. If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. Otherwise the function returns true for the corresponding policy rule by adding the new rule.
      Overrides:
      addGroupingPolicies in class ManagementEnforcer
      Parameters:
      rules - the "g" policy rules, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • addGroupingPolicies

      public boolean addGroupingPolicies(String[][] rules)
      addGroupingPolicies adds role inheritance rules to the current policy. If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. Otherwise the function returns true for the corresponding policy rule by adding the new rule.
      Overrides:
      addGroupingPolicies in class ManagementEnforcer
      Parameters:
      rules - the "g" policy rules, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • addNamedGroupingPolicy

      public boolean addNamedGroupingPolicy(String ptype, List<String> params)
      addNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Overrides:
      addNamedGroupingPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      params - the "g" policy rule.
      Returns:
      succeeds or not.
    • addNamedGroupingPolicy

      public boolean addNamedGroupingPolicy(String ptype, String... params)
      addNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Overrides:
      addNamedGroupingPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      params - the "g" policy rule.
      Returns:
      succeeds or not.
    • addNamedGroupingPolicies

      public boolean addNamedGroupingPolicies(String ptype, List<List<String>> rules)
      addNamedGroupingPolicies adds named role inheritance rules to the current policy. If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. Otherwise the function returns true for the corresponding policy rule by adding the new rule.
      Overrides:
      addNamedGroupingPolicies in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      rules - the "g" policy rules.
      Returns:
      succeeds or not.
    • addNamedGroupingPolicies

      public boolean addNamedGroupingPolicies(String ptype, String[][] rules)
      addNamedGroupingPolicies adds named role inheritance rules to the current policy. If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. Otherwise the function returns true for the corresponding policy rule by adding the new rule.
      Overrides:
      addNamedGroupingPolicies in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      rules - the "g" policy rules.
      Returns:
      succeeds or not.
    • removeGroupingPolicy

      public boolean removeGroupingPolicy(List<String> params)
      removeGroupingPolicy removes a role inheritance rule from the current policy.
      Overrides:
      removeGroupingPolicy in class ManagementEnforcer
      Parameters:
      params - the "g" policy rule, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • removeGroupingPolicy

      public boolean removeGroupingPolicy(String... params)
      removeGroupingPolicy removes a role inheritance rule from the current policy.
      Overrides:
      removeGroupingPolicy in class ManagementEnforcer
      Parameters:
      params - the "g" policy rule, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • removeGroupingPolicies

      public boolean removeGroupingPolicies(List<List<String>> rules)
      removeGroupingPolicies removes role inheritance rules from the current policy.
      Overrides:
      removeGroupingPolicies in class ManagementEnforcer
      Parameters:
      rules - the "g" policy rules, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • removeGroupingPolicies

      public boolean removeGroupingPolicies(String[][] rules)
      removeGroupingPolicies removes role inheritance rules from the current policy.
      Overrides:
      removeGroupingPolicies in class ManagementEnforcer
      Parameters:
      rules - the "g" policy rules, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • removeFilteredGroupingPolicy

      public boolean removeFilteredGroupingPolicy(int fieldIndex, String... fieldValues)
      removeFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.
      Overrides:
      removeFilteredGroupingPolicy in class ManagementEnforcer
      Parameters:
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      succeeds or not.
    • removeNamedGroupingPolicy

      public boolean removeNamedGroupingPolicy(String ptype, List<String> params)
      removeNamedGroupingPolicy removes a role inheritance rule from the current named policy.
      Overrides:
      removeNamedGroupingPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      params - the "g" policy rule.
      Returns:
      succeeds or not.
    • removeNamedGroupingPolicy

      public boolean removeNamedGroupingPolicy(String ptype, String... params)
      removeNamedGroupingPolicy removes a role inheritance rule from the current named policy.
      Overrides:
      removeNamedGroupingPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      params - the "g" policy rule.
      Returns:
      succeeds or not.
    • removeNamedGroupingPolicies

      public boolean removeNamedGroupingPolicies(String ptype, List<List<String>> rules)
      removeNamedGroupingPolicies removes role inheritance rules from the current named policy.
      Overrides:
      removeNamedGroupingPolicies in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      rules - the "g" policy rules.
      Returns:
      succeeds or not.
    • removeNamedGroupingPolicies

      public boolean removeNamedGroupingPolicies(String ptype, String[][] rules)
      removeNamedGroupingPolicies removes role inheritance rules from the current named policy.
      Overrides:
      removeNamedGroupingPolicies in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      rules - the "g" policy rules.
      Returns:
      succeeds or not.
    • removeFilteredNamedGroupingPolicy

      public boolean removeFilteredNamedGroupingPolicy(String ptype, int fieldIndex, String... fieldValues)
      removeFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified.
      Overrides:
      removeFilteredNamedGroupingPolicy in class ManagementEnforcer
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      succeeds or not.
    • getUsersForRole

      public List<String> getUsersForRole(String name)
      getUsersForRole gets the users that has a role.
      Overrides:
      getUsersForRole in class Enforcer
      Parameters:
      name - the role.
      Returns:
      the users that has the role.
    • hasRoleForUser

      public boolean hasRoleForUser(String name, String role)
      hasRoleForUser determines whether a user has a role.
      Overrides:
      hasRoleForUser in class Enforcer
      Parameters:
      name - the user.
      role - the role.
      Returns:
      whether the user has the role.
    • addRoleForUser

      public boolean addRoleForUser(String user, String role)
      addRoleForUser adds a role for a user. Returns false if the user already has the role (aka not affected).
      Overrides:
      addRoleForUser in class Enforcer
      Parameters:
      user - the user.
      role - the role.
      Returns:
      succeeds or not.
    • deleteRoleForUser

      public boolean deleteRoleForUser(String user, String role)
      deleteRoleForUser deletes a role for a user. Returns false if the user does not have the role (aka not affected).
      Overrides:
      deleteRoleForUser in class Enforcer
      Parameters:
      user - the user.
      role - the role.
      Returns:
      succeeds or not.
    • deleteRolesForUser

      public boolean deleteRolesForUser(String user)
      deleteRolesForUser deletes all roles for a user. Returns false if the user does not have any roles (aka not affected).
      Overrides:
      deleteRolesForUser in class Enforcer
      Parameters:
      user - the user.
      Returns:
      succeeds or not.
    • deleteUser

      public boolean deleteUser(String user)
      deleteUser deletes a user. Returns false if the user does not exist (aka not affected).
      Overrides:
      deleteUser in class Enforcer
      Parameters:
      user - the user.
      Returns:
      succeeds or not.
    • deleteRole

      public void deleteRole(String role)
      deleteRole deletes a role.
      Overrides:
      deleteRole in class Enforcer
      Parameters:
      role - the role.
    • deletePermission

      public boolean deletePermission(String... permission)
      deletePermission deletes a permission. Returns false if the permission does not exist (aka not affected).
      Overrides:
      deletePermission in class Enforcer
      Parameters:
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      succeeds or not.
    • deletePermission

      public boolean deletePermission(List<String> permission)
      deletePermission deletes a permission. Returns false if the permission does not exist (aka not affected).
      Overrides:
      deletePermission in class Enforcer
      Parameters:
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      succeeds or not.
    • addPermissionForUser

      public boolean addPermissionForUser(String user, String... permission)
      addPermissionForUser adds a permission for a user or role. Returns false if the user or role already has the permission (aka not affected).
      Overrides:
      addPermissionForUser in class Enforcer
      Parameters:
      user - the user.
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      succeeds or not.
    • addPermissionForUser

      public boolean addPermissionForUser(String user, List<String> permission)
      addPermissionForUser adds a permission for a user or role. Returns false if the user or role already has the permission (aka not affected).
      Overrides:
      addPermissionForUser in class Enforcer
      Parameters:
      user - the user.
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      succeeds or not.
    • deletePermissionForUser

      public boolean deletePermissionForUser(String user, String... permission)
      deletePermissionForUser deletes a permission for a user or role. Returns false if the user or role does not have the permission (aka not affected).
      Overrides:
      deletePermissionForUser in class Enforcer
      Parameters:
      user - the user.
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      succeeds or not.
    • deletePermissionForUser

      public boolean deletePermissionForUser(String user, List<String> permission)
      deletePermissionForUser deletes a permission for a user or role. Returns false if the user or role does not have the permission (aka not affected).
      Overrides:
      deletePermissionForUser in class Enforcer
      Parameters:
      user - the user.
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      succeeds or not.
    • deletePermissionsForUser

      public boolean deletePermissionsForUser(String user)
      deletePermissionsForUser deletes permissions for a user or role. Returns false if the user or role does not have any permissions (aka not affected).
      Overrides:
      deletePermissionsForUser in class Enforcer
      Parameters:
      user - the user.
      Returns:
      succeeds or not.
    • getPermissionsForUser

      public List<List<String>> getPermissionsForUser(String user, String... domain)
      getPermissionsForUser gets permissions for a user or role.
      Overrides:
      getPermissionsForUser in class Enforcer
      Parameters:
      user - the user.
      domain - the user's domain.
      Returns:
      the permissions, a permission is usually like (obj, act). It is actually the rule without the subject.
    • getNamedPermissionsForUser

      public List<List<String>> getNamedPermissionsForUser(String pType, String user, String... domain)
      GetNamedPermissionsForUser gets permissions for a user or role by named policy.
      Overrides:
      getNamedPermissionsForUser in class Enforcer
      Parameters:
      pType - the name policy.
      user - the user.
      domain - domain.
      Returns:
      the permissions.
    • hasPermissionForUser

      public boolean hasPermissionForUser(String user, String... permission)
      hasPermissionForUser determines whether a user has a permission.
      Overrides:
      hasPermissionForUser in class Enforcer
      Parameters:
      user - the user.
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      whether the user has the permission.
    • hasPermissionForUser

      public boolean hasPermissionForUser(String user, List<String> permission)
      hasPermissionForUser determines whether a user has a permission.
      Overrides:
      hasPermissionForUser in class Enforcer
      Parameters:
      user - the user.
      permission - the permission, usually be (obj, act). It is actually the rule without the subject.
      Returns:
      whether the user has the permission.
    • getUsersForRoleInDomain

      public List<String> getUsersForRoleInDomain(String name, String domain)
      getUsersForRoleInDomain gets the users that a role has inside a domain.
      Overrides:
      getUsersForRoleInDomain in class Enforcer
      Parameters:
      name - the role.
      domain - the domain.
      Returns:
      the users that the role has in the domain.
    • getRolesForUserInDomain

      public List<String> getRolesForUserInDomain(String name, String domain)
      getRolesForUserInDomain gets the roles that a user has inside a domain.
      Overrides:
      getRolesForUserInDomain in class Enforcer
      Parameters:
      name - the user.
      domain - the domain.
      Returns:
      the roles that the user has in the domain.
    • getPermissionsForUserInDomain

      public List<List<String>> getPermissionsForUserInDomain(String user, String domain)
      getPermissionsForUserInDomain gets permissions for a user or role inside a domain.
      Overrides:
      getPermissionsForUserInDomain in class Enforcer
      Parameters:
      user - the user.
      domain - the domain.
      Returns:
      the permissions, a permission is usually like (obj, act). It is actually the rule without the subject.
    • addRoleForUserInDomain

      public boolean addRoleForUserInDomain(String user, String role, String domain)
      addRoleForUserInDomain adds a role for a user inside a domain. Returns false if the user already has the role (aka not affected).
      Overrides:
      addRoleForUserInDomain in class Enforcer
      Parameters:
      user - the user.
      role - the role.
      domain - the domain.
      Returns:
      succeeds or not.
    • deleteRoleForUserInDomain

      public boolean deleteRoleForUserInDomain(String user, String role, String domain)
      deleteRoleForUserInDomain deletes a role for a user inside a domain. Returns false if the user does not have the role (aka not affected).
      Overrides:
      deleteRoleForUserInDomain in class Enforcer
      Parameters:
      user - the user.
      role - the role.
      domain - the domain.
      Returns:
      succeeds or not.
    • getImplicitRolesForUser

      public List<String> getImplicitRolesForUser(String name, String... domain)
      getImplicitRolesForUser gets implicit roles that a user has. Compared to getRolesForUser(), this function retrieves indirect roles besides direct roles. For example: g, alice, role:admin g, role:admin, role:user

      getRolesForUser("alice") can only get: ["role:admin"]. But getImplicitRolesForUser("alice") will get: ["role:admin", "role:user"].

      Overrides:
      getImplicitRolesForUser in class Enforcer
      Parameters:
      name - the user
      domain - the domain
      Returns:
      implicit roles that a user has.
    • getImplicitPermissionsForUser

      public List<List<String>> getImplicitPermissionsForUser(String user, String... domain)
      getImplicitPermissionsForUser gets implicit permissions for a user or role. Compared to getPermissionsForUser(), this function retrieves permissions for inherited roles. For example: p, admin, data1, read p, alice, data2, read g, alice, admin

      getPermissionsForUser("alice") can only get: [["alice", "data2", "read"]]. But getImplicitPermissionsForUser("alice") will get: [["admin", "data1", "read"], ["alice", "data2", "read"]].

      Overrides:
      getImplicitPermissionsForUser in class Enforcer
      Parameters:
      user - the user.
      domain - the user's domain.
      Returns:
      implicit permissions for a user or role.
    • getNamedImplicitPermissionsForUser

      public List<List<String>> getNamedImplicitPermissionsForUser(String pType, String user, String... domain)
      GetNamedImplicitPermissionsForUser gets implicit permissions for a user or role by named policy. Compared to GetNamedPermissionsForUser(), this function retrieves permissions for inherited roles. For example: p, admin, data1, read p2, admin, create g, alice, admin

      GetImplicitPermissionsForUser("alice") can only get: [["admin", "data1", "read"]], whose policy is default policy "p" But you can specify the named policy "p2" to get: [["admin", "create"]] by GetNamedImplicitPermissionsForUser("p2","alice")

      Overrides:
      getNamedImplicitPermissionsForUser in class Enforcer
      Parameters:
      pType - the name policy.
      user - the user.
      domain - the user's domain.
      Returns:
      implicit permissions for a user or role by named policy.
    • runSynchronized

      private <T> T runSynchronized(Supplier<T> action, Lock lock)
    • runSynchronized

      private void runSynchronized(Runnable action, Lock lock)