Package org.gridgain.internal.rbac.authorization

Interface Authorizer

public interface Authorizer
Role-based access control authorizer.

Any operation in GridGain that is supposed to be protected by RBAC should be authorized by this interface by calling authorizeAsync(Privilege).

For example: authorizer.authorizeAsync(Privilege.fromAction(Action.CREATE_USER)).thenCompose(ign -> userManagement.createAsync(user));

To execute this code you must wrap the call with GridGain security context.

See Also:

  • Method Details

    • authorizeAsync

      default CompletableFuture<Void> authorizeAsync(Action action)
      Authorize the given action. The roles to authorize will be fetched from the current security context.
      Parameters:
      action - Action to authorize.
      Returns:
      Completed future if the privilege is authorized.
      Throws:
      AuthorizationException - if there are no roles with enough privileges.

    • authorizeAsync

      CompletableFuture<Void> authorizeAsync(org.gridgain.internal.security.context.SecurityContext context, Privilege privilege)
      Authorize the given privilege. The roles to authorize will be fetched from the provided security context.
      Parameters:
      context - Security context.
      privilege - Privilege to authorize.
      Returns:
      Completed future if the privilege is authorized.
      Throws:
      AuthorizationException - if there are no roles with enough privileges.

    • authorizeAsync

      CompletableFuture<Void> authorizeAsync(Privilege privilege)
      Authorize the given privilege. The roles to authorize will be fetched from the current security context.
      Parameters:
      privilege - Privilege to authorize.
      Returns:
      Completed future if the privilege is authorized.
      Throws:
      AuthorizationException - if there are no roles with enough privileges.

    • authorizeAsync

      CompletableFuture<Void> authorizeAsync(org.gridgain.internal.security.context.SecurityContext context, Set<Privilege> privileges)
      Authorize all the given privileges. The roles to authorize will be fetched from the provided security context.
      Parameters:
      context - Security context.
      privileges - Set of privileges to authorize.
      Returns:
      Completed future if all the privileges are authorized.
      Throws:
      AuthorizationException - if there are no roles with enough privileges.

    • authorizeAsync

      CompletableFuture<Void> authorizeAsync(Set<Privilege> privileges)
      Authorize all the given privileges. The roles to authorize will be fetched from the current security context.
      Parameters:
      privileges - Set of privileges to authorize.
      Returns:
      Completed future if all the privileges are authorized.
      Throws:
      AuthorizationException - if there are no roles with enough privileges.

    • enable

      void enable(boolean isEnabled)
      Enable or disable authorizer. Disabled authorizer should authorize any action.
      Parameters:
      isEnabled - Is authorizer enabled or not.

    • authorizeThenCompose

      default <T> CompletableFuture<T> authorizeThenCompose(Privilege privilege, Supplier<CompletableFuture<T>> futureSupplier)
      Authorize the given privilege. The roles to authorize will be fetched from the current security context.
      Parameters:
      privilege - Privilege to authorize.
      futureSupplier - Future supplier to execute if the privilege is authorized.
      Returns:
      Future returned by the future supplier.

    • authorizeThenCompose

      default <T> CompletableFuture<T> authorizeThenCompose(org.gridgain.internal.security.context.SecurityContext context, Privilege privilege, Supplier<CompletableFuture<T>> futureSupplier)
      Authorize the given privilege. The roles to authorize will be fetched from the provided security context.
      Parameters:
      context - Security context.
      privilege - Privilege to authorize.
      futureSupplier - Future supplier to execute if the privilege is authorized.
      Returns:
      Future returned by the future supplier.

    • authorizeThenCompose

      default <T> CompletableFuture<T> authorizeThenCompose(Action action, Supplier<CompletableFuture<T>> futureSupplier)
      Authorize the given action. The roles to authorize will be fetched from the current security context.
      Parameters:
      action - Action to authorize.
      futureSupplier - Future supplier to execute if the privilege is authorized.
      Returns:
      Future returned by the future supplier.

    • authorizeThenCompose

      default <T> CompletableFuture<T> authorizeThenCompose(Set<Privilege> privileges, Supplier<CompletableFuture<T>> futureSupplier)
      Authorize the given privileges. The roles to authorize will be fetched from the current security context.
      Parameters:
      privileges - set of Privileges to authorize.
      futureSupplier - Future supplier to execute if the privilege is authorized.
      Returns:
      Future returned by the future supplier.

    • authorizeThenCompose

      default <T> CompletableFuture<T> authorizeThenCompose(org.gridgain.internal.security.context.SecurityContext context, Set<Privilege> privileges, Supplier<CompletableFuture<T>> futureSupplier)
      Authorize the given privileges. The roles to authorize will be fetched from the provided security context.
      Parameters:
      context - Security context.
      privileges - set of Privileges to authorize.
      futureSupplier - Future supplier to execute if the privilege is authorized.
      Returns:
      Future returned by the future supplier.

    • authorize

      default <T> T authorize(Action action, Supplier<T> supplier)
      Authorize the given action synchronously. The roles to authorize will be fetched from the current security context.
      Parameters:
      action - Action to authorize.
      supplier - Supplier to execute if the privilege is authorized.
      Returns:
      Result from the supplier.

    • authorize

      default void authorize(Action action, Runnable runnable)
      Authorize the given action synchronously. The roles to authorize will be fetched from the current security context.
      Parameters:
      action - Action to authorize.
      runnable - Runnable to execute if the privilege is authorized.