org.casbin.jcasbin.main

Class CoreEnforcer

java.lang.Object

org.casbin.jcasbin.main.CoreEnforcer

Direct Known Subclasses:

ManagementEnforcer

public class CoreEnforcer
extends java.lang.Object

CoreEnforcer defines the core functionality of an enforcer.

Constructor Summary

Constructors

Constructor and Description
CoreEnforcer()

Method Summary

Modifier and Type	Method and Description
boolean	addNamedDomainLinkConditionFunc(java.lang.String ptype, java.lang.String user, java.lang.String role, java.lang.String domain, java.util.function.Function<java.lang.String[],java.lang.Boolean> fn) addNamedDomainLinkConditionFunc Add condition function fn for Link userName-> {roleName, domain}, when fn returns true, Link is valid, otherwise invalid
boolean	addNamedDomainMatchingFunc(java.lang.String ptype, java.lang.String name, java.util.function.BiPredicate<java.lang.String,java.lang.String> fn) addNamedMatchingFunc add MatchingFunc by ptype RoleManager
boolean	addNamedLinkConditionFunc(java.lang.String ptype, java.lang.String user, java.lang.String role, java.util.function.Function<java.lang.String[],java.lang.Boolean> fn) addNamedLinkConditionFunc Add condition function fn for Link userName->roleName, when fn returns true, Link is valid, otherwise invalid
boolean	addNamedMatchingFunc(java.lang.String ptype, java.lang.String name, java.util.function.BiPredicate<java.lang.String,java.lang.String> fn) addNamedMatchingFunc add MatchingFunc by ptype RoleManager
void	buildConditionalRoleLinks()
void	buildRoleLinks() buildRoleLinks manually rebuild the role inheritance relations.
void	clearPolicy() clearPolicy clears all policy.
void	enableAcceptJsonRequest(boolean acceptJsonRequest) EnableAcceptJsonRequest controls whether to accept json as a request parameter
void	enableAutoBuildRoleLinks(boolean autoBuildRoleLinks) enableAutoBuildRoleLinks controls whether to save a policy rule automatically to the adapter when it is added or removed.
void	enableAutoSave(boolean autoSave) enableAutoSave controls whether to save a policy rule automatically to the adapter when it is added or removed.
void	enableEnforce(boolean enable) enableEnforce changes the enforcing state of Casbin, when Casbin is disabled, all access will be allowed by the enforce() function.
void	enableLog(boolean enable) enableLog changes whether to print Casbin log to the standard output.
boolean	enforce(java.lang.Object... rvals) enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).
EnforceResult	enforceEx(java.lang.Object... rvals) enforceEx decides whether a "subject" can access "object" with the operation "action", input parameters are usually: (sub, obj, act).
EnforceResult	enforceExWithMatcher(java.lang.String matcher, java.lang.Object... rvals) enforceExWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null.
boolean	enforceWithMatcher(java.lang.String matcher, java.lang.Object... rvals) enforceWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null.
Adapter	getAdapter() getAdapter gets the current adapter.
com.googlecode.aviator.AviatorEvaluatorInstance	getAviatorEval() gets the current Aviator Evaluator instance
Model	getModel() getModel gets the current model.
RoleManager	getNamedRoleManager(java.lang.String ptype) getNamedRoleManager gets the role manager for the named policy.
java.util.Map<java.lang.String,RoleManager>	getRmMap() getRmMap gets the current role manager map.
RoleManager	getRoleManager() getRoleManager gets the current role manager.
boolean	isAutoNotifyDispatcher()
boolean	isAutoNotifyWatcher()
boolean	isFiltered() isFiltered returns true if the loaded policy has been filtered.
void	loadFilteredPolicy(java.lang.Object filter) loadFilteredPolicy reloads a filtered policy from file/database.
void	loadModel() loadModel reloads the model from the model CONF file.
void	loadPolicy() loadPolicy reloads the policy from file/database.
protected boolean	mustUseDispatcher()
static Model	newModel() newModel creates a model.
static Model	newModel(java.lang.String text) newModel creates a model.
static Model	newModel(java.lang.String modelPath, java.lang.String unused) newModel creates a model.
void	resetExpressionEvaluator() Invalidate cache of compiled model matcher expression.
void	savePolicy() savePolicy saves the current policy (usually after changed with Casbin API) back to file/database.
void	setAdapter(Adapter adapter) setAdapter sets the current adapter.
void	setAutoNotifyDispatcher(boolean autoNotifyDispatcher)
void	setAutoNotifyWatcher(boolean autoNotifyWatcher)
void	setAviatorEvaluator(com.googlecode.aviator.AviatorEvaluatorInstance evaluator) set the aviator evaluator
void	setDispatcher(Dispatcher dispatcher) setDispatcher sets the current dispatcher.
void	setEffector(Effector eft) setEffector sets the current effector.
void	setModel(Model model) setModel sets the current model.
boolean	setNamedDomainLinkConditionFuncParams(java.lang.String ptype, java.lang.String user, java.lang.String role, java.lang.String domain, java.lang.String... params) setNamedDomainLinkConditionFuncParams Sets the parameters of the condition function fn for Link userName->{roleName, domain}
boolean	setNamedLinkConditionFuncParams(java.lang.String ptype, java.lang.String user, java.lang.String role, java.lang.String... params) setNamedLinkConditionFuncParams Sets the parameters of the condition function fn for Link userName->roleName
void	setNamedRoleManager(java.lang.String ptype, RoleManager rm) setNamedRoleManager sets the role manager for the named policy.
void	setRoleManager(RoleManager rm) setRoleManager sets the current role manager for g.
void	setRoleManager(java.lang.String ptype, RoleManager rm) setRoleManager sets role manager for ptype.
void	setWatcher(Watcher watcher) setWatcher sets the current watcher.
boolean	validateEnforce(java.lang.Object... rvals)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

CoreEnforcer

public CoreEnforcer()

Method Detail

newModel

public static Model newModel()

newModel creates a model.

Returns:

an empty model.

newModel

public static Model newModel(java.lang.String text)

newModel creates a model.

Parameters:

text - the model text.

Returns:

the model.

newModel

public static Model newModel(java.lang.String modelPath,
                             java.lang.String unused)

newModel creates a model.

Parameters:

modelPath - the path of the model file.

unused - unused parameter, just for differentiating with newModel(String text).

Returns:

the model.

loadModel

public void loadModel()

loadModel reloads the model from the model CONF file. Because the policy is attached to a model, so the policy is invalidated and needs to be reloaded by calling LoadPolicy().

getModel

public Model getModel()

getModel gets the current model.

Returns:

the model of the enforcer.

setModel

public void setModel(Model model)

setModel sets the current model.

Parameters:

model - the model.

setAviatorEvaluator

public void setAviatorEvaluator(com.googlecode.aviator.AviatorEvaluatorInstance evaluator)

set the aviator evaluator

Parameters:

evaluator - aviator evaluator

getAviatorEval

public com.googlecode.aviator.AviatorEvaluatorInstance getAviatorEval()

gets the current Aviator Evaluator instance

Returns:

Aviator Evaluator instance of enforcer

getAdapter

public Adapter getAdapter()

getAdapter gets the current adapter.

Returns:

the adapter of the enforcer.

setAdapter

public void setAdapter(Adapter adapter)

setAdapter sets the current adapter.

Parameters:

adapter - the adapter.

setWatcher

public void setWatcher(Watcher watcher)

setWatcher sets the current watcher.

Parameters:

watcher - the watcher.

setDispatcher

public void setDispatcher(Dispatcher dispatcher)

setDispatcher sets the current dispatcher.

Parameters:

dispatcher - jCasbin dispatcher

getRmMap

public java.util.Map<java.lang.String,RoleManager> getRmMap()

getRmMap gets the current role manager map.

Returns:

the role manager map of the enforcer.

getRoleManager

public RoleManager getRoleManager()

getRoleManager gets the current role manager.

Returns:

the role manager.

getNamedRoleManager

public RoleManager getNamedRoleManager(java.lang.String ptype)

getNamedRoleManager gets the role manager for the named policy.

Parameters:

ptype - the policy type.

Returns:

the role manager.

setRoleManager

public void setRoleManager(RoleManager rm)

setRoleManager sets the current role manager for g.

Parameters:

rm - the role manager.

setNamedRoleManager

public void setNamedRoleManager(java.lang.String ptype,
                                RoleManager rm)

setNamedRoleManager sets the role manager for the named policy.

Parameters:

ptype - the policy type.

rm - the role manager.

setEffector

public void setEffector(Effector eft)

setEffector sets the current effector.

Parameters:

eft - the effector.

clearPolicy

public void clearPolicy()

clearPolicy clears all policy.

loadPolicy

public void loadPolicy()

loadPolicy reloads the policy from file/database.

loadFilteredPolicy

public void loadFilteredPolicy(java.lang.Object filter)

loadFilteredPolicy reloads a filtered policy from file/database.

Parameters:

filter - the filter used to specify which type of policy should be loaded.

isFiltered

public boolean isFiltered()

isFiltered returns true if the loaded policy has been filtered.

Returns:

if the loaded policy has been filtered.

savePolicy

public void savePolicy()

savePolicy saves the current policy (usually after changed with Casbin API) back to file/database.

setRoleManager

public void setRoleManager(java.lang.String ptype,
                           RoleManager rm)

setRoleManager sets role manager for ptype.

Parameters:

ptype - the policy type, can be "g", "g2", "g3", ..

rm - the role manager.

enableEnforce

public void enableEnforce(boolean enable)

enableEnforce changes the enforcing state of Casbin, when Casbin is disabled, all access will be allowed by the enforce() function.

Parameters:

enable - whether to enable the enforcer.

enableLog

public void enableLog(boolean enable)

enableLog changes whether to print Casbin log to the standard output.

Parameters:

enable - whether to enable Casbin's log.

enableAutoSave

public void enableAutoSave(boolean autoSave)

enableAutoSave controls whether to save a policy rule automatically to the adapter when it is added or removed.

Parameters:

autoSave - whether to enable the AutoSave feature.

enableAutoBuildRoleLinks

public void enableAutoBuildRoleLinks(boolean autoBuildRoleLinks)

enableAutoBuildRoleLinks controls whether to save a policy rule automatically to the adapter when it is added or removed.

Parameters:

autoBuildRoleLinks - whether to automatically build the role links.

enableAcceptJsonRequest

public void enableAcceptJsonRequest(boolean acceptJsonRequest)

EnableAcceptJsonRequest controls whether to accept json as a request parameter

Parameters:

acceptJsonRequest - a boolean that indicates whether JSON requests are accepted.

buildRoleLinks

public void buildRoleLinks()

buildRoleLinks manually rebuild the role inheritance relations.

buildConditionalRoleLinks

public void buildConditionalRoleLinks()

enforce

public boolean enforce(java.lang.Object... rvals)

enforce decides whether a "subject" can access a "object" with the operation "action", input parameters are usually: (sub, obj, act).

Parameters:

rvals - the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.

Returns:

whether to allow the request.

enforceWithMatcher

public boolean enforceWithMatcher(java.lang.String matcher,
                                  java.lang.Object... rvals)

enforceWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null.

Parameters:

matcher - the custom matcher.

rvals - the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.

Returns:

whether to allow the request.

enforceEx

public EnforceResult enforceEx(java.lang.Object... rvals)

enforceEx decides whether a "subject" can access "object" with the operation "action", input parameters are usually: (sub, obj, act). the list explain, store matching rule.

Parameters:

rvals - the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.

Returns:

whether to allow the request.

enforceExWithMatcher

public EnforceResult enforceExWithMatcher(java.lang.String matcher,
                                          java.lang.Object... rvals)

enforceExWithMatcher use a custom matcher to decide whether a "subject" can access a "object" with the operation "action", input parameters are usually: (matcher, sub, obj, act), use model matcher by default when matcher is "" or null. the list explain, store matching rule.

Parameters:

matcher - the custom matcher.

rvals - the request needs to be mediated, usually an array of strings, can be class instances if ABAC is used.

Returns:

whether to allow the request.

addNamedMatchingFunc

public boolean addNamedMatchingFunc(java.lang.String ptype,
                                    java.lang.String name,
                                    java.util.function.BiPredicate<java.lang.String,java.lang.String> fn)

addNamedMatchingFunc add MatchingFunc by ptype RoleManager

Parameters:

ptype - the type of the role manager.

name - the name of the matching function to be added.

fn - the matching function.

Returns:

whether the matching function was successfully added.

addNamedDomainMatchingFunc

public boolean addNamedDomainMatchingFunc(java.lang.String ptype,
                                          java.lang.String name,
                                          java.util.function.BiPredicate<java.lang.String,java.lang.String> fn)

addNamedMatchingFunc add MatchingFunc by ptype RoleManager

Parameters:

ptype - the type of the role manager.

name - the name of the matching function to be added.

fn - the domain matching function.

Returns:

whether the matching function was successfully added.

addNamedLinkConditionFunc

public boolean addNamedLinkConditionFunc(java.lang.String ptype,
                                         java.lang.String user,
                                         java.lang.String role,
                                         java.util.function.Function<java.lang.String[],java.lang.Boolean> fn)

addNamedLinkConditionFunc Add condition function fn for Link userName->roleName, when fn returns true, Link is valid, otherwise invalid

Parameters:

ptype - the type of the role manager.

user - the username for which the link condition is being added.

role - the role associated with the user for which the condition is evaluated.

fn - a function that takes an array of parameters (e.g., [user, role]) and returns a Boolean indicating the validity of the link.

Returns:

whether the Link is valid.

addNamedDomainLinkConditionFunc

public boolean addNamedDomainLinkConditionFunc(java.lang.String ptype,
                                               java.lang.String user,
                                               java.lang.String role,
                                               java.lang.String domain,
                                               java.util.function.Function<java.lang.String[],java.lang.Boolean> fn)

addNamedDomainLinkConditionFunc Add condition function fn for Link userName-> {roleName, domain}, when fn returns true, Link is valid, otherwise invalid

Parameters:

ptype - the type of the conditional role manager.

user - the username for which the link condition is being added.

role - the role associated with the user for which the condition is evaluated.

domain - the domain associated with the role.

fn - a function that takes an array of parameters (e.g., [user, role, domain]) and returns a Boolean indicating the validity of the link.

Returns:

whether the Link is valid.

setNamedLinkConditionFuncParams

public boolean setNamedLinkConditionFuncParams(java.lang.String ptype,
                                               java.lang.String user,
                                               java.lang.String role,
                                               java.lang.String... params)

setNamedLinkConditionFuncParams Sets the parameters of the condition function fn for Link userName->roleName

Parameters:

ptype - the type of the conditional role manager.

user - the username for which the link condition parameters are being set.

role - the role associated with the user for which the parameters are being configured.

params - an array of parameters to be passed to the condition function.

Returns:

whether the Link is valid.

setNamedDomainLinkConditionFuncParams

public boolean setNamedDomainLinkConditionFuncParams(java.lang.String ptype,
                                                     java.lang.String user,
                                                     java.lang.String role,
                                                     java.lang.String domain,
                                                     java.lang.String... params)

setNamedDomainLinkConditionFuncParams Sets the parameters of the condition function fn for Link userName->{roleName, domain}

Parameters:

ptype - the type of the conditional role manager.

user - the username for which the link condition parameters are being set.

role - the role associated with the user for which the parameters are being configured.

domain - the domain associated with the role and user.

params - an array of parameters to be passed to the condition function, allowing customization of the condition logic.

Returns:

whether the parameters were successfully set.

validateEnforce

public boolean validateEnforce(java.lang.Object... rvals)

resetExpressionEvaluator

public void resetExpressionEvaluator()

Invalidate cache of compiled model matcher expression. This is done automatically most of the time, but you may need to call it explicitly if you manipulate directly Model.

isAutoNotifyWatcher

public boolean isAutoNotifyWatcher()

setAutoNotifyWatcher

public void setAutoNotifyWatcher(boolean autoNotifyWatcher)

isAutoNotifyDispatcher

public boolean isAutoNotifyDispatcher()

setAutoNotifyDispatcher

public void setAutoNotifyDispatcher(boolean autoNotifyDispatcher)

mustUseDispatcher

protected boolean mustUseDispatcher()