public class JcrRoleAuthorizationPolicyRoleBindingDao extends AbstractJcrBackedRoleBindingDao
IRoleAuthorizationPolicyRoleBindingDao
implementation that uses JCR. Storage is done using nodes and
properties, not XML. Storage looks like this:
- acme
- .authz
- roleBased
- runtimeRoles
- runtimeRole1
- logicalRole1,logicalRole2 (multi-valued property)
- runtimeRole2
- logicalRole2 (multi-valued property)
Note: All multi-valued properties are ordered.
Note: This code runs as the repository superuser. Ideally this would run as the tenant admin but such a named user doesn't exist for us to run as. Now that the repo uses IAuthorizationPolicy for access control, this code MUST continue to run as the repository superuser. This is one reason not to implement this on top of PUR.
bootstrapRoleBindings, FOLDER_NAME_AUTHZ, FOLDER_NAME_ROLEBASED, FOLDER_NAME_RUNTIMEROLES, immutableRoleBindingNames, immutableRoleBindings, superAdminRoleName, tenantedRoleNameUtils
Constructor and Description |
---|
JcrRoleAuthorizationPolicyRoleBindingDao(org.springframework.extensions.jcr.JcrTemplate jcrTemplate,
Map<String,List<IAuthorizationAction>> immutableRoleBindings,
Map<String,List<String>> bootstrapRoleBindings,
String superAdminRoleName,
ITenantedPrincipleNameResolver tenantedRoleNameUtils,
List<IAuthorizationAction> authorizationActions) |
Modifier and Type | Method and Description |
---|---|
List<String> |
getBoundLogicalRoleNames(ITenant tenant,
List<String> runtimeRoleNames)
Gets the logical roles bound to the given runtime roles in a particular tenant.
|
List<String> |
getBoundLogicalRoleNames(List<String> runtimeRoleNames)
Gets the logical roles bound to the given runtime roles.
|
RoleBindingStruct |
getRoleBindingStruct(ITenant tenant,
String locale)
Gets a struct-like object that contains everything known by this DAO for a given tenant.
|
RoleBindingStruct |
getRoleBindingStruct(String locale)
Gets a struct-like object that contains everything known by this DAO.
|
void |
setRoleBindings(ITenant tenant,
String runtimeRoleName,
List<String> logicalRoleNames)
Sets the bindings for the given runtime role in a particular tenant.
|
void |
setRoleBindings(String runtimeRoleName,
List<String> logicalRoleNames)
Sets the bindings for the given runtime role.
|
getBoundLogicalRoleNames, getBoundLogicalRoleNames, getMapForLocale, getRoleBindings, getRoleBindingStruct, getRuntimeRolesFolderNode, isImmutable, setAuthorizationActions, setRoleBindings, updateImmutableRoleBindingNames
public JcrRoleAuthorizationPolicyRoleBindingDao(org.springframework.extensions.jcr.JcrTemplate jcrTemplate, Map<String,List<IAuthorizationAction>> immutableRoleBindings, Map<String,List<String>> bootstrapRoleBindings, String superAdminRoleName, ITenantedPrincipleNameResolver tenantedRoleNameUtils, List<IAuthorizationAction> authorizationActions)
public RoleBindingStruct getRoleBindingStruct(String locale)
locale
- locale, possibly null
public RoleBindingStruct getRoleBindingStruct(ITenant tenant, String locale)
IRoleAuthorizationPolicyRoleBindingDao
public void setRoleBindings(String runtimeRoleName, List<String> logicalRoleNames)
runtimeRoleName
- runtime role namepublic void setRoleBindings(ITenant tenant, String runtimeRoleName, List<String> logicalRoleNames)
IRoleAuthorizationPolicyRoleBindingDao
public List<String> getBoundLogicalRoleNames(List<String> runtimeRoleNames)
#getRoleBindingStruct()
.runtimeRoleNames
- list of runtime role namesnull
public List<String> getBoundLogicalRoleNames(ITenant tenant, List<String> runtimeRoleNames)
IRoleAuthorizationPolicyRoleBindingDao
#getRoleBindingStruct()
.runtimeRoleNames
- list of runtime role namesnull
Copyright © 2017 Hitachi Vantara. All rights reserved.