Package org.casbin.jcasbin.main
Class CoreEnforcer
java.lang.Object
org.casbin.jcasbin.main.CoreEnforcer
- Direct Known Subclasses:
InternalEnforcer
CoreEnforcer defines the core functionality of an enforcer.
-
Field Summary
FieldsModifier and TypeFieldDescription(package private) boolean
(package private) Adapter
(package private) boolean
(package private) boolean
(package private) boolean
(package private) boolean
private com.googlecode.aviator.AviatorEvaluatorInstance
(package private) Map
<String, ConditionalRoleManager> (package private) Dispatcher
private Effector
private boolean
(package private) FunctionMap
(package private) Model
(package private) String
(package private) Map
<String, RoleManager> (package private) Watcher
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionboolean
addNamedDomainLinkConditionFunc
(String ptype, String user, String role, String domain, Function<String[], Boolean> fn) addNamedDomainLinkConditionFunc Add condition function fn for Link userName-> {roleName, domain}, when fn returns true, Link is valid, otherwise invalidboolean
addNamedDomainMatchingFunc
(String ptype, String name, BiPredicate<String, String> fn) addNamedMatchingFunc add MatchingFunc by ptype RoleManagerboolean
addNamedLinkConditionFunc Add condition function fn for Link userName->roleName, when fn returns true, Link is valid, otherwise invalidboolean
addNamedMatchingFunc
(String ptype, String name, BiPredicate<String, String> fn) addNamedMatchingFunc add MatchingFunc by ptype RoleManagerprivate void
add or update the DomainManager object in rmMap and associate it with a specific domain matching functionvoid
void
buildRoleLinks manually rebuild the role inheritance relations.void
clearPolicy clears all policy.private void
clearRmMap clears rmMap.void
enableAcceptJsonRequest
(boolean acceptJsonRequest) EnableAcceptJsonRequest controls whether to accept json as a request parametervoid
enableAutoBuildRoleLinks
(boolean autoBuildRoleLinks) enableAutoBuildRoleLinks controls whether to save a policy rule automatically to the adapter when it is added or removed.void
enableAutoSave
(boolean autoSave) enableAutoSave controls whether to save a policy rule automatically to the adapter when it is added or removed.void
enableEnforce
(boolean enable) enableEnforce changes the enforcing state of Casbin, when Casbin is disabled, all access will be allowed by the enforce() function.void
enableLog
(boolean enable) enableLog changes whether to print Casbin log to the standard output.boolean
enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).private EnforceResult
enforce use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, explain, sub, obj, act), use model matcher by default when matcher is "" or null.enforceEx decides whether a "subject" can access "object" with the operation "action", input parameters are usually: (sub, obj, act).enforceExWithMatcher
(String matcher, Object... rvals) enforceExWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null.boolean
enforceWithMatcher
(String matcher, Object... rvals) enforceWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null.getAdapter gets the current adapter.com.googlecode.aviator.AviatorEvaluatorInstance
gets the current Aviator Evaluator instancegetModel()
getModel gets the current model.getNamedRoleManager
(String ptype) getNamedRoleManager gets the role manager for the named policy.private void
getPTokens Retrieves policy tokens and populates them into the provided parameters map.getRmMap()
getRmMap gets the current role manager map.getRoleManager gets the current role manager.private void
getRTokens Retrieves request tokens and populates them into the provided parameters map.private void
(package private) void
private void
initRmMap initializes rmMap.boolean
boolean
boolean
isFiltered returns true if the loaded policy has been filtered.void
loadFilteredPolicy
(Object filter) loadFilteredPolicy reloads a filtered policy from file/database.void
loadModel reloads the model from the model CONF file.void
loadPolicy reloads the policy from file/database.protected boolean
static Model
newModel()
newModel creates a model.static Model
newModel creates a model.static Model
newModel creates a model.void
Invalidate cache of compiled model matcher expression.void
savePolicy saves the current policy (usually after changed with Casbin API) back to file/database.void
setAdapter
(Adapter adapter) setAdapter sets the current adapter.void
setAutoNotifyDispatcher
(boolean autoNotifyDispatcher) void
setAutoNotifyWatcher
(boolean autoNotifyWatcher) void
setAviatorEvaluator
(com.googlecode.aviator.AviatorEvaluatorInstance evaluator) set the aviator evaluatorvoid
setDispatcher
(Dispatcher dispatcher) setDispatcher sets the current dispatcher.void
setEffector
(Effector eft) setEffector sets the current effector.void
setModel sets the current model.boolean
setNamedDomainLinkConditionFuncParams
(String ptype, String user, String role, String domain, String... params) setNamedDomainLinkConditionFuncParams Sets the parameters of the condition function fn for Link userName->{roleName, domain}boolean
setNamedLinkConditionFuncParams
(String ptype, String user, String role, String... params) setNamedLinkConditionFuncParams Sets the parameters of the condition function fn for Link userName->roleNamevoid
setNamedRoleManager
(String ptype, RoleManager rm) setNamedRoleManager sets the role manager for the named policy.void
setRoleManager
(String ptype, RoleManager rm) setRoleManager sets role manager for ptype.void
setRoleManager sets the current role manager for g.void
setWatcher
(Watcher watcher) setWatcher sets the current watcher.boolean
validateEnforce
(Object... rvals) private boolean
validateEnforceSection
(String section, Object... rvals)
-
Field Details
-
modelPath
String modelPath -
model
Model model -
fm
FunctionMap fm -
eft
-
adapter
Adapter adapter -
watcher
Watcher watcher -
dispatcher
Dispatcher dispatcher -
rmMap
Map<String,RoleManager> rmMap -
condRmMap
Map<String,ConditionalRoleManager> condRmMap -
enabled
private boolean enabled -
autoSave
boolean autoSave -
autoBuildRoleLinks
boolean autoBuildRoleLinks -
autoNotifyWatcher
boolean autoNotifyWatcher -
autoNotifyDispatcher
boolean autoNotifyDispatcher -
acceptJsonRequest
boolean acceptJsonRequest -
aviatorEval
private com.googlecode.aviator.AviatorEvaluatorInstance aviatorEval
-
-
Constructor Details
-
CoreEnforcer
public CoreEnforcer()
-
-
Method Details
-
initialize
void initialize() -
newModel
newModel creates a model.- Returns:
- an empty model.
-
newModel
newModel creates a model.- Parameters:
text
- the model text.- Returns:
- the model.
-
newModel
newModel creates a model.- Parameters:
modelPath
- the path of the model file.unused
- unused parameter, just for differentiating with newModel(String text).- Returns:
- the model.
-
loadModel
public void loadModel()loadModel reloads the model from the model CONF file. Because the policy is attached to a model, so the policy is invalidated and needs to be reloaded by calling LoadPolicy(). -
getModel
getModel gets the current model.- Returns:
- the model of the enforcer.
-
setModel
setModel sets the current model.- Parameters:
model
- the model.
-
setAviatorEvaluator
public void setAviatorEvaluator(com.googlecode.aviator.AviatorEvaluatorInstance evaluator) set the aviator evaluator- Parameters:
evaluator
- aviator evaluator
-
getAviatorEval
public com.googlecode.aviator.AviatorEvaluatorInstance getAviatorEval()gets the current Aviator Evaluator instance- Returns:
- Aviator Evaluator instance of enforcer
-
getAdapter
getAdapter gets the current adapter.- Returns:
- the adapter of the enforcer.
-
setAdapter
setAdapter sets the current adapter.- Parameters:
adapter
- the adapter.
-
setWatcher
setWatcher sets the current watcher.- Parameters:
watcher
- the watcher.
-
setDispatcher
setDispatcher sets the current dispatcher.- Parameters:
dispatcher
- jCasbin dispatcher
-
getRmMap
getRmMap gets the current role manager map.- Returns:
- the role manager map of the enforcer.
-
getRoleManager
getRoleManager gets the current role manager.- Returns:
- the role manager.
-
getNamedRoleManager
getNamedRoleManager gets the role manager for the named policy.- Parameters:
ptype
- the policy type.- Returns:
- the role manager.
-
setRoleManager
setRoleManager sets the current role manager for g.- Parameters:
rm
- the role manager.
-
setNamedRoleManager
setNamedRoleManager sets the role manager for the named policy.- Parameters:
ptype
- the policy type.rm
- the role manager.
-
setEffector
setEffector sets the current effector.- Parameters:
eft
- the effector.
-
clearPolicy
public void clearPolicy()clearPolicy clears all policy. -
loadPolicy
public void loadPolicy()loadPolicy reloads the policy from file/database. -
loadFilteredPolicy
loadFilteredPolicy reloads a filtered policy from file/database.- Parameters:
filter
- the filter used to specify which type of policy should be loaded.
-
isFiltered
public boolean isFiltered()isFiltered returns true if the loaded policy has been filtered.- Returns:
- if the loaded policy has been filtered.
-
savePolicy
public void savePolicy()savePolicy saves the current policy (usually after changed with Casbin API) back to file/database. -
setRoleManager
setRoleManager sets role manager for ptype.- Parameters:
ptype
- the policy type, can be "g", "g2", "g3", ..rm
- the role manager.
-
initRmMap
private void initRmMap()initRmMap initializes rmMap. -
addOrUpdateDomainManagerMatching
add or update the DomainManager object in rmMap and associate it with a specific domain matching function -
initBuiltInFunction
private void initBuiltInFunction() -
clearRmMap
private void clearRmMap()clearRmMap clears rmMap. -
enableEnforce
public void enableEnforce(boolean enable) enableEnforce changes the enforcing state of Casbin, when Casbin is disabled, all access will be allowed by the enforce() function.- Parameters:
enable
- whether to enable the enforcer.
-
enableLog
public void enableLog(boolean enable) enableLog changes whether to print Casbin log to the standard output.- Parameters:
enable
- whether to enable Casbin's log.
-
enableAutoSave
public void enableAutoSave(boolean autoSave) enableAutoSave controls whether to save a policy rule automatically to the adapter when it is added or removed.- Parameters:
autoSave
- whether to enable the AutoSave feature.
-
enableAutoBuildRoleLinks
public void enableAutoBuildRoleLinks(boolean autoBuildRoleLinks) enableAutoBuildRoleLinks controls whether to save a policy rule automatically to the adapter when it is added or removed.- Parameters:
autoBuildRoleLinks
- whether to automatically build the role links.
-
enableAcceptJsonRequest
public void enableAcceptJsonRequest(boolean acceptJsonRequest) EnableAcceptJsonRequest controls whether to accept json as a request parameter- Parameters:
acceptJsonRequest
- a boolean that indicates whether JSON requests are accepted.
-
buildRoleLinks
public void buildRoleLinks()buildRoleLinks manually rebuild the role inheritance relations. -
buildConditionalRoleLinks
public void buildConditionalRoleLinks() -
enforce
enforce use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, explain, sub, obj, act), use model matcher by default when matcher is "" or null.- Parameters:
matcher
- the custom matcher.rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.- Returns:
- whether to allow the request.
-
enforce
enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).- Parameters:
rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.- Returns:
- whether to allow the request.
-
enforceWithMatcher
enforceWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null.- Parameters:
matcher
- the custom matcher.rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.- Returns:
- whether to allow the request.
-
enforceEx
enforceEx decides whether a "subject" can access "object" with the operation "action", input parameters are usually: (sub, obj, act). the list explain, store matching rule.- Parameters:
rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.- Returns:
- whether to allow the request.
-
enforceExWithMatcher
enforceExWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null. the list explain, store matching rule.- Parameters:
matcher
- the custom matcher.rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.- Returns:
- whether to allow the request.
-
addNamedMatchingFunc
addNamedMatchingFunc add MatchingFunc by ptype RoleManager- Parameters:
ptype
- the type of the role manager.name
- the name of the matching function to be added.fn
- the matching function.- Returns:
- whether the matching function was successfully added.
-
addNamedDomainMatchingFunc
addNamedMatchingFunc add MatchingFunc by ptype RoleManager- Parameters:
ptype
- the type of the role manager.name
- the name of the matching function to be added.fn
- the domain matching function.- Returns:
- whether the matching function was successfully added.
-
addNamedLinkConditionFunc
public boolean addNamedLinkConditionFunc(String ptype, String user, String role, Function<String[], Boolean> fn) addNamedLinkConditionFunc Add condition function fn for Link userName->roleName, when fn returns true, Link is valid, otherwise invalid- Parameters:
ptype
- the type of the role manager.user
- the username for which the link condition is being added.role
- the role associated with the user for which the condition is evaluated.fn
- a function that takes an array of parameters (e.g., [user, role]) and returns a Boolean indicating the validity of the link.- Returns:
- whether the Link is valid.
-
addNamedDomainLinkConditionFunc
public boolean addNamedDomainLinkConditionFunc(String ptype, String user, String role, String domain, Function<String[], Boolean> fn) addNamedDomainLinkConditionFunc Add condition function fn for Link userName-> {roleName, domain}, when fn returns true, Link is valid, otherwise invalid- Parameters:
ptype
- the type of the conditional role manager.user
- the username for which the link condition is being added.role
- the role associated with the user for which the condition is evaluated.domain
- the domain associated with the role.fn
- a function that takes an array of parameters (e.g., [user, role, domain]) and returns a Boolean indicating the validity of the link.- Returns:
- whether the Link is valid.
-
setNamedLinkConditionFuncParams
public boolean setNamedLinkConditionFuncParams(String ptype, String user, String role, String... params) setNamedLinkConditionFuncParams Sets the parameters of the condition function fn for Link userName->roleName- Parameters:
ptype
- the type of the conditional role manager.user
- the username for which the link condition parameters are being set.role
- the role associated with the user for which the parameters are being configured.params
- an array of parameters to be passed to the condition function.- Returns:
- whether the Link is valid.
-
setNamedDomainLinkConditionFuncParams
public boolean setNamedDomainLinkConditionFuncParams(String ptype, String user, String role, String domain, String... params) setNamedDomainLinkConditionFuncParams Sets the parameters of the condition function fn for Link userName->{roleName, domain}- Parameters:
ptype
- the type of the conditional role manager.user
- the username for which the link condition parameters are being set.role
- the role associated with the user for which the parameters are being configured.domain
- the domain associated with the role and user.params
- an array of parameters to be passed to the condition function, allowing customization of the condition logic.- Returns:
- whether the parameters were successfully set.
-
getRTokens
getRTokens Retrieves request tokens and populates them into the provided parameters map.- Parameters:
parameters
- a map to store the request tokens and their corresponding values.rType
- the type of the request for which tokens are being retrieved, used to access the appropriate model.rvals
- the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.
-
getPTokens
private void getPTokens(Map<String, Object> parameters, String pType, List<String> pvals, String[] pTokens) getPTokens Retrieves policy tokens and populates them into the provided parameters map.- Parameters:
parameters
- a map to store the policy tokens and their corresponding values.pType
- the type of the policy for which tokens are being retrieved, used for context.pvals
- a list of values corresponding to the policy tokens.pTokens
- an array of tokens associated with the policy.
-
validateEnforce
-
validateEnforceSection
-
resetExpressionEvaluator
public void resetExpressionEvaluator()Invalidate cache of compiled model matcher expression. This is done automatically most of the time, but you may need to call it explicitly if you manipulate directly Model. -
isAutoNotifyWatcher
public boolean isAutoNotifyWatcher() -
setAutoNotifyWatcher
public void setAutoNotifyWatcher(boolean autoNotifyWatcher) -
isAutoNotifyDispatcher
public boolean isAutoNotifyDispatcher() -
setAutoNotifyDispatcher
public void setAutoNotifyDispatcher(boolean autoNotifyDispatcher) -
mustUseDispatcher
protected boolean mustUseDispatcher()
-