com.dtolabs.rundeck.core.authorization

Class RuleEvaluator

java.lang.Object

com.dtolabs.rundeck.core.authorization.RuleEvaluator

All Implemented Interfaces:

AclRuleSetAuthorization, AclRuleSetSource, Authorization

public class RuleEvaluator
extends java.lang.Object
implements AclRuleSetAuthorization

Evaluate ACL requests over a set of rules

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	RuleEvaluator.AclSubjectCreator

Method Summary

Modifier and Type	Method and Description
static RuleEvaluator	createRuleEvaluator(AclRuleSet rules, RuleEvaluator.AclSubjectCreator creator)
static RuleEvaluator	createRuleEvaluator(AclRuleSetSource ruleSetSource, RuleEvaluator.AclSubjectCreator creator)
Decision	evaluate(java.util.Map<java.lang.String,java.lang.String> resource, javax.security.auth.Subject subject, java.lang.String action, java.util.Set<Attribute> environment) Evaluate the authorization request and return if this request is valid.
java.util.Set<Decision>	evaluate(java.util.Set<java.util.Map<java.lang.String,java.lang.String>> resources, javax.security.auth.Subject subject, java.util.Set<java.lang.String> actions, java.util.Set<Attribute> environment) Make a multiple resource determination by evaluating each action for each resource.
AclRuleSet	getRuleSet()
Explanation.Code	includes(AclRule rule, java.util.Map<java.lang.String,java.lang.String> resource, java.lang.String action)
static boolean	matchesAnyPatterns(java.util.Collection<java.lang.String> groups, java.lang.String patternStr)
static boolean	matchesContexts(AclRule rule, AclSubject subject, java.util.Set<Attribute> environment)
static java.util.List<AclRule>	narrowContext(AclRuleSet ruleSet, AclSubject subject, java.util.Set<Attribute> environment)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

createRuleEvaluator

public static RuleEvaluator createRuleEvaluator(AclRuleSetSource ruleSetSource,
                                                RuleEvaluator.AclSubjectCreator creator)

createRuleEvaluator

public static RuleEvaluator createRuleEvaluator(AclRuleSet rules,
                                                RuleEvaluator.AclSubjectCreator creator)

evaluate

public Decision evaluate(java.util.Map<java.lang.String,java.lang.String> resource,
                         javax.security.auth.Subject subject,
                         java.lang.String action,
                         java.util.Set<Attribute> environment)

Description copied from interface: Authorization

Evaluate the authorization request and return if this request is valid. Make a single resource determination. The method is loosely based on the XACML model for structuring requests and response. These can be prefixed with a fully qualified namespace and ':'. If anything goes wrong in evaluating the request, the result will be false. No exception will be thrown.

Specified by:

evaluate in interface Authorization

Parameters:

resource - The properties that identify the resource.

subject - The properties that represent the subject.

action - A set of actions that are being requested on the resource.

environment - A set of environment properties (hostname, time of day, etc.)

Returns:

decision Return true if the subject's action on the object given the environment is authorized.

narrowContext

public static java.util.List<AclRule> narrowContext(AclRuleSet ruleSet,
                                                    AclSubject subject,
                                                    java.util.Set<Attribute> environment)

matchesContexts

public static boolean matchesContexts(AclRule rule,
                                      AclSubject subject,
                                      java.util.Set<Attribute> environment)

matchesAnyPatterns

public static boolean matchesAnyPatterns(java.util.Collection<java.lang.String> groups,
                                         java.lang.String patternStr)

evaluate

public java.util.Set<Decision> evaluate(java.util.Set<java.util.Map<java.lang.String,java.lang.String>> resources,
                                        javax.security.auth.Subject subject,
                                        java.util.Set<java.lang.String> actions,
                                        java.util.Set<Attribute> environment)

Description copied from interface: Authorization

Make a multiple resource determination by evaluating each action for each resource.

Specified by:

evaluate in interface Authorization

Parameters:

resources - resource set

subject - subject

actions - action set

environment - environment

Returns:

decisions for each resource+action pair

getRuleSet

public AclRuleSet getRuleSet()

Specified by:

getRuleSet in interface AclRuleSetSource

includes

public Explanation.Code includes(AclRule rule,
                                 java.util.Map<java.lang.String,java.lang.String> resource,
                                 java.lang.String action)