Package org.apache.cassandra.auth

Class Roles

java.lang.Object

org.apache.cassandra.auth.Roles

public class Roles
extends java.lang.Object

Field Summary

Fields

Modifier and Type	Field	Description
static RolesCache	cache

Constructor Summary

Constructors

Constructor	Description
Roles()

Method Summary

Modifier and Type	Method	Description
static boolean	canLogin(RoleResource role)	Returns true if the supplied role has the login privilege.
static Role	fromRoleResource(RoleResource resource, IRoleManager roleManager)	Constructs a Role object from a RoleResource, using the methods of the supplied IRoleManager.
static java.util.Set<RoleResource>	getAllRoles()	Enumerate all the roles in the system, preferably these will be fetched from the cache, which in turn may have been warmed during startup.
static java.util.Map<java.lang.String,java.lang.String>	getOptions(RoleResource role)	Returns the map of custom options for the named role.
static java.util.Set<Role>	getRoleDetails(RoleResource primaryRole)	Get detailed info on all the roles granted to the role identified by the supplied RoleResource.
static java.util.Set<RoleResource>	getRoles(RoleResource primaryRole)	Identify all roles granted to the supplied Role, including both directly granted and inherited roles.
static boolean	hasSuperuserStatus(RoleResource role)	Returns true if the supplied role or any other role granted to it (directly or indirectly) has superuser status.
static void	init()	Use AuthCacheService.initializeAndRegisterCaches() rather than calling this directly
static boolean	isNullRole(Role role)	Just a convenience method which compares a role instance with the null object version, indicating if the return from some query/lookup method was a valid Role or indicates that the role does not exist.
static Role	nullRole()	Return the NullObject Role instance which can be safely used to indicate no information is available when querying for a specific named role.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

cache

public static final RolesCache cache

Constructor Detail

Roles

public Roles()

Method Detail

init

public static void init()

Use AuthCacheService.initializeAndRegisterCaches() rather than calling this directly

getRoles

public static java.util.Set<RoleResource> getRoles(RoleResource primaryRole)

Identify all roles granted to the supplied Role, including both directly granted and inherited roles. This method is used where we mainly just care about *which* roles are granted to a given role, including when looking up or listing permissions for a role on a given resource.

Parameters:

primaryRole - the Role

Returns:

set of all granted Roles for the primary Role

getRoleDetails

public static java.util.Set<Role> getRoleDetails(RoleResource primaryRole)

Get detailed info on all the roles granted to the role identified by the supplied RoleResource. This includes superuser status and login privileges for the primary role and all roles granted directly to it or inherited. The returned roles may be cached if roles_validity > 0 This method is used where we need to know specific attributes of the collection of granted roles, i.e. when checking for superuser status which may be inherited from *any* granted role.

Parameters:

primaryRole - identifies the role

Returns:

set of detailed info for all of the roles granted to the primary

getAllRoles

public static java.util.Set<RoleResource> getAllRoles()

Enumerate all the roles in the system, preferably these will be fetched from the cache, which in turn may have been warmed during startup.

hasSuperuserStatus

public static boolean hasSuperuserStatus(RoleResource role)

Returns true if the supplied role or any other role granted to it (directly or indirectly) has superuser status.

Parameters:

role - the primary role

Returns:

true if the role has superuser status, false otherwise

canLogin

public static boolean canLogin(RoleResource role)

Returns true if the supplied role has the login privilege. This cannot be inherited, so returns true iff the named role has that bit set.

Parameters:

role - the role identifier

Returns:

true if the role has the canLogin privilege, false otherwise

getOptions

public static java.util.Map<java.lang.String,java.lang.String> getOptions(RoleResource role)

Returns the map of custom options for the named role. These options are not inherited from granted roles, but are set directly.

Parameters:

role - the role identifier

Returns:

map of option_name -> value. If no options are set for the named role, the map will be empty but never null.

nullRole

public static Role nullRole()

Return the NullObject Role instance which can be safely used to indicate no information is available when querying for a specific named role.

Returns:

singleton null role object

isNullRole

public static boolean isNullRole(Role role)

Just a convenience method which compares a role instance with the null object version, indicating if the return from some query/lookup method was a valid Role or indicates that the role does not exist.

Parameters:

role -

Returns:

true if the supplied role is the null role instance, false otherwise.

fromRoleResource

public static Role fromRoleResource(RoleResource resource,
                                    IRoleManager roleManager)

Constructs a Role object from a RoleResource, using the methods of the supplied IRoleManager. This is used by the default implementation of IRoleManager#getRoleDetails so that IRoleManager impls which don't implement an optimized getRoleDetails remain compatible. Depending on the IRoleManager implementation this could be quite heavyweight, so should not be used on any hot path.

Parameters:

resource - identifies the role

roleManager - provides lookup functions to retrieve role info

Returns:

Role object including superuser status, login privilege, custom options and the set of roles granted to identified role.