Package org.pentaho.platform.security.policy.rolebased

Class JcrRoleAuthorizationPolicyRoleBindingDao

  • All Implemented Interfaces:
    IRoleAuthorizationPolicyRoleBindingDao
    public class JcrRoleAuthorizationPolicyRoleBindingDao
extends AbstractJcrBackedRoleBindingDao
    An IRoleAuthorizationPolicyRoleBindingDao implementation that uses JCR. Storage is done using nodes and properties, not XML. Storage looks like this: 
     
 - acme
   - .authz
     - roleBased
       - runtimeRoles
         - runtimeRole1
           - logicalRole1,logicalRole2 (multi-valued property)
         - runtimeRole2
           - logicalRole2 (multi-valued property)

    Note: All multi-valued properties are ordered.

    Note: This code runs as the repository superuser. Ideally this would run as the tenant admin but such a named user doesn't exist for us to run as. Now that the repo uses IAuthorizationPolicy for access control, this code MUST continue to run as the repository superuser. This is one reason not to implement this on top of PUR.

    Author:
    mlowery

    • Constructor Detail

      • JcrRoleAuthorizationPolicyRoleBindingDao

        public JcrRoleAuthorizationPolicyRoleBindingDao​(org.springframework.extensions.jcr.JcrTemplate jcrTemplate,
                                                Map<String,​List<org.pentaho.platform.api.engine.IAuthorizationAction>> immutableRoleBindings,
                                                Map<String,​List<String>> bootstrapRoleBindings,
                                                String superAdminRoleName,
                                                org.pentaho.platform.api.mt.ITenantedPrincipleNameResolver tenantedRoleNameUtils,
                                                List<org.pentaho.platform.api.engine.IAuthorizationAction> authorizationActions)

    • Method Detail

      • getRoleBindingStruct

        public RoleBindingStruct getRoleBindingStruct​(String locale)
        Gets a struct-like object that contains everything known by this DAO. This is a batch operation provided for UIs.
        Parameters:
        locale - locale, possibly null
        Returns:
        role binding struct

      • getRoleBindingStruct

        public RoleBindingStruct getRoleBindingStruct​(org.pentaho.platform.api.mt.ITenant tenant,
                                              String locale)
        Description copied from interface: IRoleAuthorizationPolicyRoleBindingDao
        Gets a struct-like object that contains everything known by this DAO for a given tenant. This is a batch operation provided for UIs.
        Returns:
        role binding struct

      • setRoleBindings

        public void setRoleBindings​(String runtimeRoleName,
                            List<String> logicalRoleNames)
        Sets the bindings for the given runtime role. All other bindings for this runtime role are removed.
        Parameters:
        runtimeRoleName - runtime role name

      • setRoleBindings

        public void setRoleBindings​(org.pentaho.platform.api.mt.ITenant tenant,
                            String runtimeRoleName,
                            List<String> logicalRoleNames)
        Description copied from interface: IRoleAuthorizationPolicyRoleBindingDao
        Sets the bindings for the given runtime role in a particular tenant. All other bindings for this runtime role are removed.

      • getBoundLogicalRoleNames

        public List<String> getBoundLogicalRoleNames​(List<String> runtimeRoleNames)
        Gets the logical roles bound to the given runtime roles. Note that the size of the incoming list might not match the size of the returned list. This is a convenience method. The same result could be obtained from #getRoleBindingStruct().
        Parameters:
        runtimeRoleNames - list of runtime role names
        Returns:
        list of logical role names, never null

      • getBoundLogicalRoleNames

        public List<String> getBoundLogicalRoleNames​(org.pentaho.platform.api.mt.ITenant tenant,
                                             List<String> runtimeRoleNames)
        Description copied from interface: IRoleAuthorizationPolicyRoleBindingDao
        Gets the logical roles bound to the given runtime roles in a particular tenant. Note that the size of the incoming list might not match the size of the returned list. This is a convenience method. The same result could be obtained from #getRoleBindingStruct().
        runtimeRoleNames - list of runtime role names
        Returns:
        list of logical role names, never null