Class ManagementEnforcer

Direct Known Subclasses:
Enforcer

public class ManagementEnforcer extends InternalEnforcer
ManagementEnforcer = InternalEnforcer + Management API.
  • Constructor Details

    • ManagementEnforcer

      public ManagementEnforcer()
  • Method Details

    • getAllSubjects

      public List<String> getAllSubjects()
      getAllSubjects gets the list of subjects that show up in the current policy.
      Returns:
      all the subjects in "p" policy rules. It actually collects the 0-index elements of "p" policy rules. So make sure your subject is the 0-index element, like (sub, obj, act). Duplicates are removed.
    • getAllNamedSubjects

      public List<String> getAllNamedSubjects(String ptype)
      GetAllNamedSubjects gets the list of subjects that show up in the currentnamed policy.
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      Returns:
      all the subjects in policy rules of the ptype type. It actually collects the 0-index elements of the policy rules. So make sure your subject is the 0-index element, like (sub, obj, act). Duplicates are removed.
    • getAllObjects

      public List<String> getAllObjects()
      getAllObjects gets the list of objects that show up in the current policy.
      Returns:
      all the objects in "p" policy rules. It actually collects the 1-index elements of "p" policy rules. So make sure your object is the 1-index element, like (sub, obj, act). Duplicates are removed.
    • getAllNamedObjects

      public List<String> getAllNamedObjects(String ptype)
      getAllNamedObjects gets the list of objects that show up in the current named policy.
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      Returns:
      all the objects in policy rules of the ptype type. It actually collects the 1-index elements of the policy rules. So make sure your object is the 1-index element, like (sub, obj, act). Duplicates are removed.
    • getAllActions

      public List<String> getAllActions()
      getAllActions gets the list of actions that show up in the current policy.
      Returns:
      all the actions in "p" policy rules. It actually collects the 2-index elements of "p" policy rules. So make sure your action is the 2-index element, like (sub, obj, act). Duplicates are removed.
    • getAllNamedActions

      public List<String> getAllNamedActions(String ptype)
      GetAllNamedActions gets the list of actions that show up in the current named policy.
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      Returns:
      all the actions in policy rules of the ptype type. It actually collects the 2-index elements of the policy rules. So make sure your action is the 2-index element, like (sub, obj, act). Duplicates are removed.
    • getAllRoles

      public List<String> getAllRoles()
      getAllRoles gets the list of roles that show up in the current policy.
      Returns:
      all the roles in "g" policy rules. It actually collects the 1-index elements of "g" policy rules. So make sure your role is the 1-index element, like (sub, role). Duplicates are removed.
    • getAllNamedRoles

      public List<String> getAllNamedRoles(String ptype)
      getAllNamedRoles gets the list of roles that show up in the current named policy.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      Returns:
      all the subjects in policy rules of the ptype type. It actually collects the 0-index elements of the policy rules. So make sure your subject is the 0-index element, like (sub, obj, act). Duplicates are removed.
    • getPolicy

      public List<List<String>> getPolicy()
      getPolicy gets all the authorization rules in the policy.
      Returns:
      all the "p" policy rules.
    • getFilteredPolicy

      public List<List<String>> getFilteredPolicy(int fieldIndex, String... fieldValues)
      getFilteredPolicy gets all the authorization rules in the policy, field filters can be specified.
      Parameters:
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      the filtered "p" policy rules.
    • getNamedPolicy

      public List<List<String>> getNamedPolicy(String ptype)
      getNamedPolicy gets all the authorization rules in the named policy.
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      Returns:
      the "p" policy rules of the specified ptype.
    • getFilteredNamedPolicy

      public List<List<String>> getFilteredNamedPolicy(String ptype, int fieldIndex, String... fieldValues)
      getFilteredNamedPolicy gets all the authorization rules in the named policy, field filters can be specified.
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      the filtered "p" policy rules of the specified ptype.
    • getGroupingPolicy

      public List<List<String>> getGroupingPolicy()
      getGroupingPolicy gets all the role inheritance rules in the policy.
      Returns:
      all the "g" policy rules.
    • getFilteredGroupingPolicy

      public List<List<String>> getFilteredGroupingPolicy(int fieldIndex, String... fieldValues)
      getFilteredGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.
      Parameters:
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      the filtered "g" policy rules.
    • getNamedGroupingPolicy

      public List<List<String>> getNamedGroupingPolicy(String ptype)
      getNamedGroupingPolicy gets all the role inheritance rules in the policy.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      Returns:
      the "g" policy rules of the specified ptype.
    • getFilteredNamedGroupingPolicy

      public List<List<String>> getFilteredNamedGroupingPolicy(String ptype, int fieldIndex, String... fieldValues)
      getFilteredNamedGroupingPolicy gets all the role inheritance rules in the policy, field filters can be specified.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      the filtered "g" policy rules of the specified ptype.
    • hasPolicy

      public boolean hasPolicy(List<String> params)
      hasPolicy determines whether an authorization rule exists.
      Parameters:
      params - the "p" policy rule, ptype "p" is implicitly used.
      Returns:
      whether the rule exists.
    • hasPolicy

      public boolean hasPolicy(String... params)
      hasPolicy determines whether an authorization rule exists.
      Parameters:
      params - the "p" policy rule, ptype "p" is implicitly used.
      Returns:
      whether the rule exists.
    • hasNamedPolicy

      public boolean hasNamedPolicy(String ptype, List<String> params)
      hasNamedPolicy determines whether a named authorization rule exists.
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      params - the "p" policy rule.
      Returns:
      whether the rule exists.
    • hasNamedPolicy

      public boolean hasNamedPolicy(String ptype, String... params)
      hasNamedPolicy determines whether a named authorization rule exists.
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      params - the "p" policy rule.
      Returns:
      whether the rule exists.
    • addPolicy

      public boolean addPolicy(List<String> params)
      addPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Parameters:
      params - the "p" policy rule, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • addPolicies

      public boolean addPolicies(List<List<String>> rules)
      addPolicies adds authorization rules to the current policy. If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. Otherwise the function returns true for the corresponding rule by adding the new rule.
      Parameters:
      rules - the "p" policy rules, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • updatePolicy

      public boolean updatePolicy(List<String> params1, List<String> params2)
      updatePolicy update an authorization rule to the current policy.
      Parameters:
      params1 - the old rule.
      params2 - the new rule.
      Returns:
      succeeds or not.
    • addPolicy

      public boolean addPolicy(String... params)
      addPolicy adds an authorization rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Parameters:
      params - the "p" policy rule, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • addPolicies

      public boolean addPolicies(String[][] rules)
      addPolicies adds authorization rules to the current policy. If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. Otherwise the function returns true for the corresponding rule by adding the new rule.
      Parameters:
      rules - the "p" policy rules, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • addNamedPolicy

      public boolean addNamedPolicy(String ptype, List<String> params)
      AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      params - the "p" policy rule.
      Returns:
      succeeds or not.
    • addNamedPolicies

      public boolean addNamedPolicies(String ptype, List<List<String>> rules)
      addNamedPolicies adds authorization rules to the current named policy. If the rule already exists, the function returns false for the corresponding rule and the rule will not be added. Otherwise the function returns true for the corresponding by adding the new rule.
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      rules - the "p" policy rules.
      Returns:
      succeeds or not.
    • addNamedPoliciesEx

      public boolean addNamedPoliciesEx(String ptype, List<List<String>> rules)
      addNamedPoliciesEx adds authorization rules to the current named policy. If the rule already exists, the rule will not be added. But unlike AddNamedPolicies, other non-existent rules are added instead of returning false directly
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      rules - the "p" policy rules.
      Returns:
      succeeds or not.
    • updateNamedPolicy

      public boolean updateNamedPolicy(String ptype, List<String> params1, List<String> params2)
      updateNamedPolicy updates an authorization rule to the current named policy.
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      params1 - the old rule.
      params2 - the new rule.
      Returns:
      succeeds or not.
    • updateGroupingPolicy

      public boolean updateGroupingPolicy(List<String> params1, List<String> params2)
      UpdateGroupingPolicy updates an authorization rule to the current named policy.
      Parameters:
      params1 - the old rule.
      params2 - the new rule.
      Returns:
      succeeds or not.
    • updateNamedGroupingPolicy

      public boolean updateNamedGroupingPolicy(String ptype, List<String> params1, List<String> params2)
      updateNamedGroupingPolicy updates an authorization rule to the current named policy.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      params1 - the old rule.
      params2 - the new rule.
      Returns:
      succeeds or not.
    • addNamedPolicy

      public boolean addNamedPolicy(String ptype, String... params)
      AddNamedPolicy adds an authorization rule to the current named policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      params - the "p" policy rule.
      Returns:
      succeeds or not.
    • removePolicy

      public boolean removePolicy(List<String> params)
      removePolicy removes an authorization rule from the current policy.
      Parameters:
      params - the "p" policy rule, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • removePolicy

      public boolean removePolicy(String... params)
      removePolicy removes an authorization rule from the current policy.
      Parameters:
      params - the "p" policy rule, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • removePolicies

      public boolean removePolicies(List<List<String>> rules)
      removePolicies removes authorization rules from the current policy.
      Parameters:
      rules - the "p" policy rules, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • removePolicies

      public boolean removePolicies(String[][] rules)
      removePolicies removes authorization rules from the current policy.
      Parameters:
      rules - the "p" policy rules, ptype "p" is implicitly used.
      Returns:
      succeeds or not.
    • removeFilteredPolicy

      public boolean removeFilteredPolicy(int fieldIndex, String... fieldValues)
      removeFilteredPolicy removes an authorization rule from the current policy, field filters can be specified.
      Parameters:
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      succeeds or not.
    • removeNamedPolicy

      public boolean removeNamedPolicy(String ptype, List<String> params)
      removeNamedPolicy removes an authorization rule from the current named policy.
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      params - the "p" policy rule.
      Returns:
      succeeds or not.
    • removeNamedPolicy

      public boolean removeNamedPolicy(String ptype, String... params)
      removeNamedPolicy removes an authorization rule from the current named policy.
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      params - the "p" policy rule.
      Returns:
      succeeds or not.
    • removeNamedPolicies

      public boolean removeNamedPolicies(String ptype, List<List<String>> rules)
      removeNamedPolicies removes authorization rules from the current named policy.
      Parameters:
      ptype - ptype the policy type, can be "p", "p2", "p3", ..
      rules - the "p" policy rules.
      Returns:
      succeeds or not.
    • removeFilteredNamedPolicy

      public boolean removeFilteredNamedPolicy(String ptype, int fieldIndex, String... fieldValues)
      removeFilteredNamedPolicy removes an authorization rule from the current named policy, field filters can be specified.
      Parameters:
      ptype - the policy type, can be "p", "p2", "p3", ..
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      succeeds or not.
    • hasGroupingPolicy

      public boolean hasGroupingPolicy(List<String> params)
      hasGroupingPolicy determines whether a role inheritance rule exists.
      Parameters:
      params - the "g" policy rule, ptype "g" is implicitly used.
      Returns:
      whether the rule exists.
    • hasGroupingPolicy

      public boolean hasGroupingPolicy(String... params)
      hasGroupingPolicy determines whether a role inheritance rule exists.
      Parameters:
      params - the "g" policy rule, ptype "g" is implicitly used.
      Returns:
      whether the rule exists.
    • hasNamedGroupingPolicy

      public boolean hasNamedGroupingPolicy(String ptype, List<String> params)
      hasNamedGroupingPolicy determines whether a named role inheritance rule exists.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      params - the "g" policy rule.
      Returns:
      whether the rule exists.
    • hasNamedGroupingPolicy

      public boolean hasNamedGroupingPolicy(String ptype, String... params)
      hasNamedGroupingPolicy determines whether a named role inheritance rule exists.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      params - the "g" policy rule.
      Returns:
      whether the rule exists.
    • addGroupingPolicy

      public boolean addGroupingPolicy(List<String> params)
      addGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Parameters:
      params - the "g" policy rule, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • addGroupingPolicy

      public boolean addGroupingPolicy(String... params)
      addGroupingPolicy adds a role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Parameters:
      params - the "g" policy rule, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • addGroupingPolicies

      public boolean addGroupingPolicies(List<List<String>> rules)
      addGroupingPolicies adds role inheritance rules to the current policy. If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. Otherwise the function returns true for the corresponding policy rule by adding the new rule.
      Parameters:
      rules - the "g" policy rules, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • addGroupingPolicies

      public boolean addGroupingPolicies(String[][] rules)
      addGroupingPolicies adds role inheritance rules to the current policy. If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. Otherwise the function returns true for the corresponding policy rule by adding the new rule.
      Parameters:
      rules - the "g" policy rules, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • addNamedGroupingPolicy

      public boolean addNamedGroupingPolicy(String ptype, List<String> params)
      addNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      params - the "g" policy rule.
      Returns:
      succeeds or not.
    • addNamedGroupingPolicy

      public boolean addNamedGroupingPolicy(String ptype, String... params)
      addNamedGroupingPolicy adds a named role inheritance rule to the current policy. If the rule already exists, the function returns false and the rule will not be added. Otherwise the function returns true by adding the new rule.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      params - the "g" policy rule.
      Returns:
      succeeds or not.
    • addNamedGroupingPolicies

      public boolean addNamedGroupingPolicies(String ptype, List<List<String>> rules)
      addNamedGroupingPolicies adds named role inheritance rules to the current policy. If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. Otherwise the function returns true for the corresponding policy rule by adding the new rule.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      rules - the "g" policy rules.
      Returns:
      succeeds or not.
    • addNamedGroupingPolicies

      public boolean addNamedGroupingPolicies(String ptype, String[][] rules)
      addNamedGroupingPolicies adds named role inheritance rules to the current policy. If the rule already exists, the function returns false for the corresponding policy rule and the rule will not be added. Otherwise the function returns true for the corresponding policy rule by adding the new rule.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      rules - the "g" policy rules.
      Returns:
      succeeds or not.
    • removeGroupingPolicy

      public boolean removeGroupingPolicy(List<String> params)
      removeGroupingPolicy removes a role inheritance rule from the current policy.
      Parameters:
      params - the "g" policy rule, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • removeGroupingPolicy

      public boolean removeGroupingPolicy(String... params)
      removeGroupingPolicy removes a role inheritance rule from the current policy.
      Parameters:
      params - the "g" policy rule, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • removeGroupingPolicies

      public boolean removeGroupingPolicies(List<List<String>> rules)
      removeGroupingPolicies removes role inheritance rules from the current policy.
      Parameters:
      rules - the "g" policy rules, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • removeGroupingPolicies

      public boolean removeGroupingPolicies(String[][] rules)
      removeGroupingPolicies removes role inheritance rules from the current policy.
      Parameters:
      rules - the "g" policy rules, ptype "g" is implicitly used.
      Returns:
      succeeds or not.
    • removeFilteredGroupingPolicy

      public boolean removeFilteredGroupingPolicy(int fieldIndex, String... fieldValues)
      removeFilteredGroupingPolicy removes a role inheritance rule from the current policy, field filters can be specified.
      Parameters:
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      succeeds or not.
    • removeNamedGroupingPolicy

      public boolean removeNamedGroupingPolicy(String ptype, List<String> params)
      removeNamedGroupingPolicy removes a role inheritance rule from the current named policy.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      params - the "g" policy rule.
      Returns:
      succeeds or not.
    • removeNamedGroupingPolicy

      public boolean removeNamedGroupingPolicy(String ptype, String... params)
      removeNamedGroupingPolicy removes a role inheritance rule from the current named policy.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      params - the "g" policy rule.
      Returns:
      succeeds or not.
    • removeNamedGroupingPolicies

      public boolean removeNamedGroupingPolicies(String ptype, List<List<String>> rules)
      removeNamedGroupingPolicies removes role inheritance rules from the current named policy.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      rules - the "g" policy rules.
      Returns:
      succeeds or not.
    • removeNamedGroupingPolicies

      public boolean removeNamedGroupingPolicies(String ptype, String[][] rules)
      removeNamedGroupingPolicies removes role inheritance rules from the current named policy.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      rules - the "g" policy rules.
      Returns:
      succeeds or not.
    • removeFilteredNamedGroupingPolicy

      public boolean removeFilteredNamedGroupingPolicy(String ptype, int fieldIndex, String... fieldValues)
      removeFilteredNamedGroupingPolicy removes a role inheritance rule from the current named policy, field filters can be specified.
      Parameters:
      ptype - the policy type, can be "g", "g2", "g3", ..
      fieldIndex - the policy rule's start index to be matched.
      fieldValues - the field values to be matched, value "" means not to match this field.
      Returns:
      succeeds or not.
    • addFunction

      public void addFunction(String name, CustomFunction function)
      addFunction adds a customized function.
      Parameters:
      name - the name of the function.
      function - the custom function.
    • getPermittedActions

      public Set<String> getPermittedActions(Object sub, Object obj)
      getPermittedActions returns all valid actions to specific object for current subject. At present, the execution efficiency of this method is not high. Please avoid calling this method frequently.
      Parameters:
      sub - the subject(usually means user).
      obj - the object(usually means resources).
      Returns:
      all valid actions to specific object for current subject.
    • getElementIndex

      private int getElementIndex(Assertion policy, String elementName)
      getElementIndex returns the index of a specific element.
      Parameters:
      policy - the policy. For example: policy.value = "sub, obj, act"
      elementName - the element's name. For example: elementName = "act"
      Returns:
      the index of a specific element. If the above two example parameters are passed in, it will return 2. -1 if the element does not exist.