Class JcrRoleAuthorizationPolicyRoleBindingDao
- java.lang.Object
-
- org.pentaho.platform.security.policy.rolebased.AbstractJcrBackedRoleBindingDao
-
- org.pentaho.platform.security.policy.rolebased.JcrRoleAuthorizationPolicyRoleBindingDao
-
- All Implemented Interfaces:
IRoleAuthorizationPolicyRoleBindingDao
public class JcrRoleAuthorizationPolicyRoleBindingDao extends AbstractJcrBackedRoleBindingDao
AnIRoleAuthorizationPolicyRoleBindingDao
implementation that uses JCR. Storage is done using nodes and properties, not XML. Storage looks like this:- acme - .authz - roleBased - runtimeRoles - runtimeRole1 - logicalRole1,logicalRole2 (multi-valued property) - runtimeRole2 - logicalRole2 (multi-valued property)
Note: All multi-valued properties are ordered.
Note: This code runs as the repository superuser. Ideally this would run as the tenant admin but such a named user doesn't exist for us to run as. Now that the repo uses IAuthorizationPolicy for access control, this code MUST continue to run as the repository superuser. This is one reason not to implement this on top of PUR.
- Author:
- mlowery
-
-
Field Summary
-
Fields inherited from class org.pentaho.platform.security.policy.rolebased.AbstractJcrBackedRoleBindingDao
bootstrapRoleBindings, FOLDER_NAME_AUTHZ, FOLDER_NAME_ROLEBASED, FOLDER_NAME_RUNTIMEROLES, immutableRoleBindingNames, immutableRoleBindings, superAdminRoleName, tenantedRoleNameUtils
-
-
Constructor Summary
Constructors Constructor Description JcrRoleAuthorizationPolicyRoleBindingDao(org.springframework.extensions.jcr.JcrTemplate jcrTemplate, Map<String,List<org.pentaho.platform.api.engine.IAuthorizationAction>> immutableRoleBindings, Map<String,List<String>> bootstrapRoleBindings, String superAdminRoleName, org.pentaho.platform.api.mt.ITenantedPrincipleNameResolver tenantedRoleNameUtils, List<org.pentaho.platform.api.engine.IAuthorizationAction> authorizationActions)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description List<String>
getBoundLogicalRoleNames(List<String> runtimeRoleNames)
Gets the logical roles bound to the given runtime roles.List<String>
getBoundLogicalRoleNames(org.pentaho.platform.api.mt.ITenant tenant, List<String> runtimeRoleNames)
Gets the logical roles bound to the given runtime roles in a particular tenant.RoleBindingStruct
getRoleBindingStruct(String locale)
Gets a struct-like object that contains everything known by this DAO.RoleBindingStruct
getRoleBindingStruct(org.pentaho.platform.api.mt.ITenant tenant, String locale)
Gets a struct-like object that contains everything known by this DAO for a given tenant.void
setRoleBindings(String runtimeRoleName, List<String> logicalRoleNames)
Sets the bindings for the given runtime role.void
setRoleBindings(org.pentaho.platform.api.mt.ITenant tenant, String runtimeRoleName, List<String> logicalRoleNames)
Sets the bindings for the given runtime role in a particular tenant.-
Methods inherited from class org.pentaho.platform.security.policy.rolebased.AbstractJcrBackedRoleBindingDao
getBoundLogicalRoleNames, getBoundLogicalRoleNames, getMapForLocale, getRoleBindings, getRoleBindingStruct, getRuntimeRolesFolderNode, isImmutable, setAuthorizationActions, setRoleBindings, updateImmutableRoleBindingNames
-
-
-
-
Constructor Detail
-
JcrRoleAuthorizationPolicyRoleBindingDao
public JcrRoleAuthorizationPolicyRoleBindingDao(org.springframework.extensions.jcr.JcrTemplate jcrTemplate, Map<String,List<org.pentaho.platform.api.engine.IAuthorizationAction>> immutableRoleBindings, Map<String,List<String>> bootstrapRoleBindings, String superAdminRoleName, org.pentaho.platform.api.mt.ITenantedPrincipleNameResolver tenantedRoleNameUtils, List<org.pentaho.platform.api.engine.IAuthorizationAction> authorizationActions)
-
-
Method Detail
-
getRoleBindingStruct
public RoleBindingStruct getRoleBindingStruct(String locale)
Gets a struct-like object that contains everything known by this DAO. This is a batch operation provided for UIs.- Parameters:
locale
- locale, possiblynull
- Returns:
- role binding struct
-
getRoleBindingStruct
public RoleBindingStruct getRoleBindingStruct(org.pentaho.platform.api.mt.ITenant tenant, String locale)
Description copied from interface:IRoleAuthorizationPolicyRoleBindingDao
Gets a struct-like object that contains everything known by this DAO for a given tenant. This is a batch operation provided for UIs.- Returns:
- role binding struct
-
setRoleBindings
public void setRoleBindings(String runtimeRoleName, List<String> logicalRoleNames)
Sets the bindings for the given runtime role. All other bindings for this runtime role are removed.- Parameters:
runtimeRoleName
- runtime role name
-
setRoleBindings
public void setRoleBindings(org.pentaho.platform.api.mt.ITenant tenant, String runtimeRoleName, List<String> logicalRoleNames)
Description copied from interface:IRoleAuthorizationPolicyRoleBindingDao
Sets the bindings for the given runtime role in a particular tenant. All other bindings for this runtime role are removed.
-
getBoundLogicalRoleNames
public List<String> getBoundLogicalRoleNames(List<String> runtimeRoleNames)
Gets the logical roles bound to the given runtime roles. Note that the size of the incoming list might not match the size of the returned list. This is a convenience method. The same result could be obtained from#getRoleBindingStruct()
.- Parameters:
runtimeRoleNames
- list of runtime role names- Returns:
- list of logical role names, never
null
-
getBoundLogicalRoleNames
public List<String> getBoundLogicalRoleNames(org.pentaho.platform.api.mt.ITenant tenant, List<String> runtimeRoleNames)
Description copied from interface:IRoleAuthorizationPolicyRoleBindingDao
Gets the logical roles bound to the given runtime roles in a particular tenant. Note that the size of the incoming list might not match the size of the returned list. This is a convenience method. The same result could be obtained from#getRoleBindingStruct()
.runtimeRoleNames
- list of runtime role names- Returns:
- list of logical role names, never
null
-
-