Class CoreEnforcer

java.lang.Object
org.casbin.jcasbin.main.CoreEnforcer
Direct Known Subclasses:
InternalEnforcer

public class CoreEnforcer extends Object
CoreEnforcer defines the core functionality of an enforcer.
  • Field Details

    • modelPath

      String modelPath
    • model

      Model model
    • fm

    • eft

      private Effector eft
    • adapter

      Adapter adapter
    • watcher

      Watcher watcher
    • dispatcher

      Dispatcher dispatcher
    • rmMap

    • condRmMap

    • enabled

      private boolean enabled
    • autoSave

      boolean autoSave
    • autoNotifyWatcher

      boolean autoNotifyWatcher
    • autoNotifyDispatcher

      boolean autoNotifyDispatcher
    • acceptJsonRequest

      boolean acceptJsonRequest
    • aviatorEval

      private com.googlecode.aviator.AviatorEvaluatorInstance aviatorEval
  • Constructor Details

    • CoreEnforcer

      public CoreEnforcer()
  • Method Details

    • initialize

      void initialize()
    • newModel

      public static Model newModel()
      newModel creates a model.
      Returns:
      an empty model.
    • newModel

      public static Model newModel(String text)
      newModel creates a model.
      Parameters:
      text - the model text.
      Returns:
      the model.
    • newModel

      public static Model newModel(String modelPath, String unused)
      newModel creates a model.
      Parameters:
      modelPath - the path of the model file.
      unused - unused parameter, just for differentiating with newModel(String text).
      Returns:
      the model.
    • loadModel

      public void loadModel()
      loadModel reloads the model from the model CONF file. Because the policy is attached to a model, so the policy is invalidated and needs to be reloaded by calling LoadPolicy().
    • getModel

      public Model getModel()
      getModel gets the current model.
      Returns:
      the model of the enforcer.
    • setModel

      public void setModel(Model model)
      setModel sets the current model.
      Parameters:
      model - the model.
    • setAviatorEvaluator

      public void setAviatorEvaluator(com.googlecode.aviator.AviatorEvaluatorInstance evaluator)
      set the aviator evaluator
      Parameters:
      evaluator - aviator evaluator
    • getAviatorEval

      public com.googlecode.aviator.AviatorEvaluatorInstance getAviatorEval()
      gets the current Aviator Evaluator instance
      Returns:
      Aviator Evaluator instance of enforcer
    • getAdapter

      public Adapter getAdapter()
      getAdapter gets the current adapter.
      Returns:
      the adapter of the enforcer.
    • setAdapter

      public void setAdapter(Adapter adapter)
      setAdapter sets the current adapter.
      Parameters:
      adapter - the adapter.
    • setWatcher

      public void setWatcher(Watcher watcher)
      setWatcher sets the current watcher.
      Parameters:
      watcher - the watcher.
    • setDispatcher

      public void setDispatcher(Dispatcher dispatcher)
      setDispatcher sets the current dispatcher.
      Parameters:
      dispatcher - jCasbin dispatcher
    • getRmMap

      public Map<String,RoleManager> getRmMap()
      getRmMap gets the current role manager map.
      Returns:
      the role manager map of the enforcer.
    • getRoleManager

      public RoleManager getRoleManager()
      getRoleManager gets the current role manager.
      Returns:
      the role manager.
    • getNamedRoleManager

      public RoleManager getNamedRoleManager(String ptype)
      getNamedRoleManager gets the role manager for the named policy.
      Parameters:
      ptype - the policy type.
      Returns:
      the role manager.
    • setRoleManager

      public void setRoleManager(RoleManager rm)
      setRoleManager sets the current role manager for g.
      Parameters:
      rm - the role manager.
    • setNamedRoleManager

      public void setNamedRoleManager(String ptype, RoleManager rm)
      setNamedRoleManager sets the role manager for the named policy.
      Parameters:
      ptype - the policy type.
      rm - the role manager.
    • setEffector

      public void setEffector(Effector eft)
      setEffector sets the current effector.
      Parameters:
      eft - the effector.
    • clearPolicy

      public void clearPolicy()
      clearPolicy clears all policy.
    • loadPolicy

      public void loadPolicy()
      loadPolicy reloads the policy from file/database.
    • loadFilteredPolicy

      public void loadFilteredPolicy(Object filter)
      loadFilteredPolicy reloads a filtered policy from file/database.
      Parameters:
      filter - the filter used to specify which type of policy should be loaded.
    • isFiltered

      public boolean isFiltered()
      isFiltered returns true if the loaded policy has been filtered.
      Returns:
      if the loaded policy has been filtered.
    • savePolicy

      public void savePolicy()
      savePolicy saves the current policy (usually after changed with Casbin API) back to file/database.
    • setRoleManager

      public void setRoleManager(String ptype, RoleManager rm)
      setRoleManager sets role manager for ptype.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      rm - the role manager.
    • initRmMap

      private void initRmMap()
      initRmMap initializes rmMap.
    • addOrUpdateDomainManagerMatching

      private void addOrUpdateDomainManagerMatching(String ptype)
      add or update the DomainManager object in rmMap and associate it with a specific domain matching function
    • initBuiltInFunction

      private void initBuiltInFunction()
    • clearRmMap

      private void clearRmMap()
      clearRmMap clears rmMap.
    • enableEnforce

      public void enableEnforce(boolean enable)
      enableEnforce changes the enforcing state of Casbin, when Casbin is disabled, all access will be allowed by the enforce() function.
      Parameters:
      enable - whether to enable the enforcer.
    • enableLog

      public void enableLog(boolean enable)
      enableLog changes whether to print Casbin log to the standard output.
      Parameters:
      enable - whether to enable Casbin's log.
    • enableAutoSave

      public void enableAutoSave(boolean autoSave)
      enableAutoSave controls whether to save a policy rule automatically to the adapter when it is added or removed.
      Parameters:
      autoSave - whether to enable the AutoSave feature.
    • enableAutoBuildRoleLinks

      public void enableAutoBuildRoleLinks(boolean autoBuildRoleLinks)
      enableAutoBuildRoleLinks controls whether to save a policy rule automatically to the adapter when it is added or removed.
      Parameters:
      autoBuildRoleLinks - whether to automatically build the role links.
    • enableAcceptJsonRequest

      public void enableAcceptJsonRequest(boolean acceptJsonRequest)
      EnableAcceptJsonRequest controls whether to accept json as a request parameter
      Parameters:
      acceptJsonRequest - a boolean that indicates whether JSON requests are accepted.
    • buildRoleLinks

      public void buildRoleLinks()
      buildRoleLinks manually rebuild the role inheritance relations.
    • buildConditionalRoleLinks

      public void buildConditionalRoleLinks()
    • enforce

      private EnforceResult enforce(String matcher, Object... rvals)
      enforce use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, explain, sub, obj, act), use model matcher by default when matcher is "" or null.
      Parameters:
      matcher - the custom matcher.
      rvals - the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.
      Returns:
      whether to allow the request.
    • enforce

      public boolean enforce(Object... rvals)
      enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).
      Parameters:
      rvals - the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.
      Returns:
      whether to allow the request.
    • enforceWithMatcher

      public boolean enforceWithMatcher(String matcher, Object... rvals)
      enforceWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null.
      Parameters:
      matcher - the custom matcher.
      rvals - the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.
      Returns:
      whether to allow the request.
    • enforceEx

      public EnforceResult enforceEx(Object... rvals)
      enforceEx decides whether a "subject" can access "object" with the operation "action", input parameters are usually: (sub, obj, act). the list explain, store matching rule.
      Parameters:
      rvals - the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.
      Returns:
      whether to allow the request.
    • enforceExWithMatcher

      public EnforceResult enforceExWithMatcher(String matcher, Object... rvals)
      enforceExWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null. the list explain, store matching rule.
      Parameters:
      matcher - the custom matcher.
      rvals - the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.
      Returns:
      whether to allow the request.
    • addNamedMatchingFunc

      public boolean addNamedMatchingFunc(String ptype, String name, BiPredicate<String,String> fn)
      addNamedMatchingFunc add MatchingFunc by ptype RoleManager
      Parameters:
      ptype - the type of the role manager.
      name - the name of the matching function to be added.
      fn - the matching function.
      Returns:
      whether the matching function was successfully added.
    • addNamedDomainMatchingFunc

      public boolean addNamedDomainMatchingFunc(String ptype, String name, BiPredicate<String,String> fn)
      addNamedMatchingFunc add MatchingFunc by ptype RoleManager
      Parameters:
      ptype - the type of the role manager.
      name - the name of the matching function to be added.
      fn - the domain matching function.
      Returns:
      whether the matching function was successfully added.
    • addNamedLinkConditionFunc

      public boolean addNamedLinkConditionFunc(String ptype, String user, String role, Function<String[],Boolean> fn)
      addNamedLinkConditionFunc Add condition function fn for Link userName->roleName, when fn returns true, Link is valid, otherwise invalid
      Parameters:
      ptype - the type of the role manager.
      user - the username for which the link condition is being added.
      role - the role associated with the user for which the condition is evaluated.
      fn - a function that takes an array of parameters (e.g., [user, role]) and returns a Boolean indicating the validity of the link.
      Returns:
      whether the Link is valid.
    • addNamedDomainLinkConditionFunc

      public boolean addNamedDomainLinkConditionFunc(String ptype, String user, String role, String domain, Function<String[],Boolean> fn)
      addNamedDomainLinkConditionFunc Add condition function fn for Link userName-> {roleName, domain}, when fn returns true, Link is valid, otherwise invalid
      Parameters:
      ptype - the type of the conditional role manager.
      user - the username for which the link condition is being added.
      role - the role associated with the user for which the condition is evaluated.
      domain - the domain associated with the role.
      fn - a function that takes an array of parameters (e.g., [user, role, domain]) and returns a Boolean indicating the validity of the link.
      Returns:
      whether the Link is valid.
    • setNamedLinkConditionFuncParams

      public boolean setNamedLinkConditionFuncParams(String ptype, String user, String role, String... params)
      setNamedLinkConditionFuncParams Sets the parameters of the condition function fn for Link userName->roleName
      Parameters:
      ptype - the type of the conditional role manager.
      user - the username for which the link condition parameters are being set.
      role - the role associated with the user for which the parameters are being configured.
      params - an array of parameters to be passed to the condition function.
      Returns:
      whether the Link is valid.
    • setNamedDomainLinkConditionFuncParams

      public boolean setNamedDomainLinkConditionFuncParams(String ptype, String user, String role, String domain, String... params)
      setNamedDomainLinkConditionFuncParams Sets the parameters of the condition function fn for Link userName->{roleName, domain}
      Parameters:
      ptype - the type of the conditional role manager.
      user - the username for which the link condition parameters are being set.
      role - the role associated with the user for which the parameters are being configured.
      domain - the domain associated with the role and user.
      params - an array of parameters to be passed to the condition function, allowing customization of the condition logic.
      Returns:
      whether the parameters were successfully set.
    • getRTokens

      private void getRTokens(Map<String,Object> parameters, String rType, Object... rvals)
      getRTokens Retrieves request tokens and populates them into the provided parameters map.
      Parameters:
      parameters - a map to store the request tokens and their corresponding values.
      rType - the type of the request for which tokens are being retrieved, used to access the appropriate model.
      rvals - the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.
    • getPTokens

      private void getPTokens(Map<String,Object> parameters, String pType, List<String> pvals, String[] pTokens)
      getPTokens Retrieves policy tokens and populates them into the provided parameters map.
      Parameters:
      parameters - a map to store the policy tokens and their corresponding values.
      pType - the type of the policy for which tokens are being retrieved, used for context.
      pvals - a list of values corresponding to the policy tokens.
      pTokens - an array of tokens associated with the policy.
    • validateEnforce

      public boolean validateEnforce(Object... rvals)
    • validateEnforceSection

      private boolean validateEnforceSection(String section, Object... rvals)
    • resetExpressionEvaluator

      public void resetExpressionEvaluator()
      Invalidate cache of compiled model matcher expression. This is done automatically most of the time, but you may need to call it explicitly if you manipulate directly Model.
    • isAutoNotifyWatcher

      public boolean isAutoNotifyWatcher()
    • setAutoNotifyWatcher

      public void setAutoNotifyWatcher(boolean autoNotifyWatcher)
    • isAutoNotifyDispatcher

      public boolean isAutoNotifyDispatcher()
    • setAutoNotifyDispatcher

      public void setAutoNotifyDispatcher(boolean autoNotifyDispatcher)
    • mustUseDispatcher

      protected boolean mustUseDispatcher()