Package com.illumon.iris.db.v2.permissions

Class MysqlDbAclProvider

java.lang.Object
com.illumon.iris.db.v2.permissions.MysqlDbAclProvider
All Implemented Interfaces:
com.illumon.iris.auth.AuthModule, DbAclProvider, DbAclWriter, Closeable, AutoCloseable
Direct Known Subclasses:
MysqlDbAclGuiHelper, UnauthenticatedPermissionFilterProviderMysqlImpl
public class MysqlDbAclProvider extends Object implements DbAclProvider, DbAclWriter, com.illumon.iris.auth.AuthModule, Closeable
Access to the MySQL ACL database.

This class implements DbAclProvider, AuthModule, and DbAclWriter and serves as the basis for the Mysql permission filter provider, as well as the GUI helper. Anything that talks to the MySql ACL database should use or extend it.

The class is configured with properties: MysqlDbAclProvider.host - the mysql host to connect to MysqlDbAclProvider.db - the database containing our ACL tables MysqlDbAclProvider.user - username for MySQL connection MysqlDbAclProvider.ssl - SSL connectivity to MySQL (not yet tested in a production environment)

The MySQL password is stored as a base64 encoded string, either in a file (which takes precedence) referenced by: environment variable MYSQLDBACLPROVIDER.PASS or in the file identified by MysqlDbAclProvider.passwordFile or within a property itself MysqlDbAclProvider.pass

  • Field Details

    • PASSWORD_ENV

      public static final String PASSWORD_ENV
      See Also:

    • mysqlConnection

      protected Connection mysqlConnection

    • aclValidator

      protected final com.illumon.iris.db.v2.permissions.AclValidator aclValidator

  • Constructor Details

    • MysqlDbAclProvider

      public MysqlDbAclProvider(com.fishlib.io.logger.Logger log)

    • MysqlDbAclProvider

      public MysqlDbAclProvider(com.fishlib.io.logger.Logger log, boolean readOnly)

  • Method Details

    • getEncodedPassword

      public static String getEncodedPassword()
      Retrieve the stored password for connecting to the MySQL ACL database, leaving it encoded
      Returns:
      the still-encoded representation of the password for connecting to the MySQL ACL database.

    • close

      public void close()
      Description copied from interface: DbAclProvider
      Releases network resources associated with this ACL provider. close() may only be called once. After calling close, the provider may not be used anymore.
      Specified by:
      close in interface AutoCloseable
      Specified by:
      close in interface Closeable
      Specified by:
      close in interface DbAclProvider

    • getFilterDetailsForUserImpl

      @NotNull protected List<PermissionFilterProvider.FilterDetails> getFilterDetailsForUserImpl(UserContext userContext)

    • retrieveRowAclsImpl

      @NotNull protected Collection<String> retrieveRowAclsImpl(String effectiveUser, String namespace, String tableName)

    • retrieveColumnAclsImpl

      @NotNull protected Map<String,List<com.fishlib.base.Pair<String,String>>> retrieveColumnAclsImpl(String effectiveUser, String namespace, String tableName)

    • canEditInputTableImpl

      protected boolean canEditInputTableImpl(String effectiveUser, String namespace, String tableName)

    • canAnyoneEditInputTableImpl

      protected boolean canAnyoneEditInputTableImpl(String namespace, String tableName)

    • getAccountsForUserImpl

      @NotNull protected String[] getAccountsForUserImpl(String effectiveUser)

    • getAllUsers

      @NotNull public String[] getAllUsers()
      Description copied from interface: DbAclProvider
      Retrieves all user accounts in the system
      Specified by:
      getAllUsers in interface DbAclProvider
      Returns:
      An array of String of usernames

    • getSystemUsers

      @NotNull public String[] getSystemUsers()
      Description copied from interface: DbAclProvider
      Returns an array of systemusers.
      Specified by:
      getSystemUsers in interface DbAclProvider
      Returns:
      A String array of distinct systemuser names, sorted.

    • getAllGroups

      @NotNull public String[] getAllGroups()
      Description copied from interface: DbAclProvider
      Retrieves all groups accounts in the system
      Specified by:
      getAllGroups in interface DbAclProvider
      Returns:
      An array of String of groups names

    • getAllStrategies

      @NotNull public String[] getAllStrategies() throws AclStoreException
      Description copied from interface: DbAclProvider
      Retrieves all strategy names by unioning strategies in strategyaccount with those in groupstrategy
      Specified by:
      getAllStrategies in interface DbAclProvider
      Returns:
      An array of String of strategy names
      Throws:
      AclStoreException - when operation results in backing store errors

    • getAllAccounts

      @NotNull public String[] getAllAccounts() throws AclStoreException
      Description copied from interface: DbAclProvider
      Retrieves all strategy accounts in the system
      Specified by:
      getAllAccounts in interface DbAclProvider
      Returns:
      An array of String of strategy account names
      Throws:
      AclStoreException - when operation results in backing store errors

    • getAccountsForStrategyImpl

      @NotNull protected String[] getAccountsForStrategyImpl(String strategy)

    • getStrategyForAccountImpl

      @NotNull protected String[] getStrategyForAccountImpl(String account)

    • getAccountsForGroupImpl

      @NotNull protected String[] getAccountsForGroupImpl(String group)

    • getStrategiesForGroupImpl

      @NotNull protected String[] getStrategiesForGroupImpl(String group)

    • groupStrategyExistsImpl

      protected boolean groupStrategyExistsImpl(String groupName, String strategy)

    • userExistsImpl

      protected boolean userExistsImpl(String username)

    • isUserPassValidImpl

      protected boolean isUserPassValidImpl(String username, String password)

    • getPasswdsForMigration

      @NotNull public List<com.fishlib.base.Pair<String,String>> getPasswdsForMigration()
      Returns user and password entries from the passwd table. Intended for use during ACL exports and/or data migration between MySQL and Etcd ACL stores.
      Specified by:
      getPasswdsForMigration in interface DbAclProvider
      Returns:
      A List of Pair&lt;String,String&gt; objects which contain a user and password entry.

    • runFunctionWithSqlRetry

      protected <R> R runFunctionWithSqlRetry(MysqlDbAclProvider.SQLFunction<R> function, String errorMessage)

    • runCheckedFunctionWithSqlRetry

      protected <R> R runCheckedFunctionWithSqlRetry(MysqlDbAclProvider.SQLFunction<R> function, String errorMessage) throws AclStoreException
      Throws:
      AclStoreException

    • runFunctionWithSqlRetryInternal

      protected <R> R runFunctionWithSqlRetryInternal(MysqlDbAclProvider.SQLFunction<R> function) throws SQLException
      Throws:
      SQLException

    • runProcedureWithRetry

      protected void runProcedureWithRetry(MysqlDbAclProvider.SQLProcedure procedure, String errorMessage)
      Delegates to runProcedureWithSqlRetryInternal(SQLProcedure). In case of exception will throw UncheckedPermissionException with given errorMessage and include thrown exception as cause
      Parameters:
      procedure - The sql procedure to invoke on the database

    • runProcedureWithRetry

      protected void runProcedureWithRetry(MysqlDbAclProvider.SQLProcedure procedure) throws AclStoreException
      Delegates to runProcedureWithSqlRetryInternal(SQLProcedure). In case of exception will rethrow using AclStoreException
      Parameters:
      procedure - The sql procedure to invoke on the database
      Throws:
      AclStoreException - when operation fails to complete

    • getGroupsForUserImpl

      @NotNull protected String[] getGroupsForUserImpl(String effectiveUser)

    • getStrategiesForUserImpl

      @NotNull protected String[] getStrategiesForUserImpl(String effectiveUser)

    • getUsersForGroupImpl

      @NotNull protected String[] getUsersForGroupImpl(String group)

    • getRunAsUserMap

      @NotNull public Map<String,String> getRunAsUserMap()
      Description copied from interface: DbAclProvider
      Returns a map of usernames to systemuser names
      Specified by:
      getRunAsUserMap in interface DbAclProvider
      Returns:
      a map of usernames to systemuser names

    • getRunAsUserImpl

      protected String getRunAsUserImpl(String effectiveUser)

    • addMembership

      public void addMembership(String user, List<String> groups) throws AclStoreException
      Description copied from interface: DbAclWriter
      Adds a user to a list of groups

      If the user could not be added to all the groups, a RuntimeException is thrown.

      Specified by:
      addMembership in interface DbAclWriter
      Parameters:
      user - the user to add to the groups
      groups - a list of groups to add the user to
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addUser

      public void addUser(@NotNull String user, @Nullable String passwordHash) throws AclStoreException
      Description copied from interface: DbAclWriter
      Adds a user to the Iris system.
      Specified by:
      addUser in interface DbAclWriter
      Parameters:
      user - the user to add.
      passwordHash - the optional APR1 hash of the user's password. Ignored if the system is not configured to manage user authentication.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • changePassword

      public void changePassword(String user, String passwordHash) throws AclStoreException
      Description copied from interface: DbAclProvider
      Changes the password of a user entry in passwd
      Specified by:
      changePassword in interface DbAclProvider
      Specified by:
      changePassword in interface DbAclWriter
      Parameters:
      user - The user for which the password should be updated
      passwordHash - The new password value to store
      Throws:
      AclStoreException - when operation results in backing store errors

    • removeMembership

      public void removeMembership(String user, List<String> groups) throws AclStoreException
      Description copied from interface: DbAclWriter
      Removes a user from a list of groups.

      It is possible that the user may be removed from some groups and not others. If the user could not be removed from all the specified groups (e.g., because they are not a member of those groups), a runtime exception is thrown.

      Specified by:
      removeMembership in interface DbAclWriter
      Parameters:
      user - the user to remove from groups
      groups - a list of groups to remove the user from
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteGroup

      public void deleteGroup(String group) throws AclStoreException
      Description copied from interface: DbAclWriter
      Deletes a group.

      The group is removed from all user to group mappings, all group to strategy mappings. All table ACLs and input table editors that reference the group are deleted.

      Specified by:
      deleteGroup in interface DbAclWriter
      Parameters:
      group - the group to delete.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteUser

      public void deleteUser(String user) throws AclStoreException
      Description copied from interface: DbAclWriter
      The user is deleted.

      Deletes the user's group, followed by deleting any other user to group associations for the user.

      If managed authentication is enabled, also deletes the user's password.

      Specified by:
      deleteUser in interface DbAclWriter
      Parameters:
      user - the user to delete
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addGroupStrategy

      public void addGroupStrategy(String group, String strategy) throws AclStoreException
      Description copied from interface: DbAclWriter
      For AccountFilterGenerator() there are two levels of mappings. Group to strategy and strategy to account.

      This will add a group to the intermediate "strategy".

      Specified by:
      addGroupStrategy in interface DbAclWriter
      Parameters:
      group - the group to map to a strategy
      strategy - the strategy that the group is added to
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteGroupStrategy

      public void deleteGroupStrategy(String group, String strategy) throws AclStoreException
      Description copied from interface: DbAclWriter
      For AccountFilterGenerator() there are two levels of mappings. Group to strategy and strategy to account.

      This will remove a group from the intermediate "strategy".

      Specified by:
      deleteGroupStrategy in interface DbAclWriter
      Parameters:
      group - the group to remove a mapping to a strategy
      strategy - the strategy that the group is removed from
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addStrategyAccount

      public void addStrategyAccount(String strategy, String account) throws AclStoreException
      Description copied from interface: DbAclWriter
      For AccountFilterGenerator() there are two levels of mappings. Group to strategy and strategy to account.

      This will add an account to the intermediate "strategy".

      Specified by:
      addStrategyAccount in interface DbAclWriter
      Parameters:
      strategy - the strategy that the account is added to
      account - the account to add to a strategy
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteStrategyAccount

      public void deleteStrategyAccount(String strategy, String account) throws AclStoreException
      Description copied from interface: DbAclWriter
      For AccountFilterGenerator() there are two levels of mappings. Group to strategy and strategy to account.

      This will remove an account from the intermediate "strategy".

      Specified by:
      deleteStrategyAccount in interface DbAclWriter
      Parameters:
      strategy - the strategy that the account is added to
      account - the account to add to a strategy
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addAcl

      public int addAcl(String group, String ns, String table, String acl) throws AclStoreException
      Description copied from interface: DbAclWriter
      Adds an ACL entry.

      No ACL entry may currently exist for the group and table in question.

      Specified by:
      addAcl in interface DbAclWriter
      Parameters:
      group - the group to add the entry for
      ns - the namespace to add the entry for ("*" for all namespaces)
      table - the tablename to add the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      acl - the ACL to add, see Acl Documentation.
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • updateAcl

      public int updateAcl(String group, String ns, String table, String acl) throws AclStoreException
      Description copied from interface: DbAclWriter
      Changes an already existent ACL entry.

      An ACL entry must currently exist for the group and table in question.

      Specified by:
      updateAcl in interface DbAclWriter
      Parameters:
      group - the group to update the entry for
      ns - the namespace to update the entry for ("*" for all namespaces)
      table - the tablename to update the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      acl - the new ACL, see Acl Documentation.
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteAcls

      public void deleteAcls(String group, String ns, String table) throws AclStoreException
      Description copied from interface: DbAclWriter
      Deletes an ACL entry for a group and table.
      Specified by:
      deleteAcls in interface DbAclWriter
      Parameters:
      group - the group to remove the entry for
      ns - the namespace to remove the entry for ("*" for all namespaces)
      table - the tablename to remove the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addColumnAcl

      public int addColumnAcl(String group, String ns, String table, String columns, String acl) throws AclStoreException
      Description copied from interface: DbAclWriter
      Adds a Column ACL entry.

      No ACL entry may currently exist for the group and table in question.

      Specified by:
      addColumnAcl in interface DbAclWriter
      Parameters:
      group - the group to add the entry for
      ns - the namespace to add the entry for ("*" for all namespaces)
      table - the tablename to add the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      columns - the columns the ACL applies to
      acl - the ACL to add, see Acl Documentation.
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • updateColumnAcl

      public int updateColumnAcl(String group, String ns, String table, String columns, String acl) throws AclStoreException
      Description copied from interface: DbAclWriter
      Changes an already existent Column ACL entry.

      An ACL entry must currently exist for the group, table, and column set in question.

      Specified by:
      updateColumnAcl in interface DbAclWriter
      Parameters:
      group - the group to update the entry for
      ns - the namespace to update the entry for ("*" for all namespaces)
      table - the tablename to update the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      columns - the columns the ACL applies to
      acl - the new ACL, see Acl Documentation.
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteColumnAcls

      public void deleteColumnAcls(String group, String ns, String table, String columns) throws AclStoreException
      Description copied from interface: DbAclWriter
      Deletes a Column ACL entry for a group, table, and column set.
      Specified by:
      deleteColumnAcls in interface DbAclWriter
      Parameters:
      group - the group to remove the entry for
      ns - the namespace to add the entry for ("*" for all namespaces)
      table - the tablename to add the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      columns - the applicable columns set
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addInputTableEditor

      public int addInputTableEditor(String group, String ns, String table, boolean canEdit) throws AclStoreException
      Description copied from interface: DbAclWriter
      Adds an entry to the ACL database for editing an input table.
      Specified by:
      addInputTableEditor in interface DbAclWriter
      Parameters:
      group - the group to add the entry for
      ns - the namespace to add the entry for ("*" for all namespaces)
      table - the tablename to add the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      canEdit - whether the table is editable for this group
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • updateInputTableEditor

      public int updateInputTableEditor(String group, String ns, String table, boolean canEdit) throws AclStoreException
      Description copied from interface: DbAclWriter
      Updates an entry to the ACL database for editing an input table.
      Specified by:
      updateInputTableEditor in interface DbAclWriter
      Parameters:
      group - the group to update the entry for
      ns - the namespace to update the entry for ("*" for all namespaces)
      table - the tablename to update the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      canEdit - whether the table is editable for this group
      Returns:
      the number of rows within the ACL database that were modified.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteInputTableEditor

      public void deleteInputTableEditor(String group, String ns, String table) throws AclStoreException
      Description copied from interface: DbAclWriter
      Deletes an entry to the ACL database for editing an input table.
      Specified by:
      deleteInputTableEditor in interface DbAclWriter
      Parameters:
      group - the group to delete the entry for
      ns - the namespace to delete the entry for ("*" for all namespaces)
      table - the tablename to delete the entry for ("*" for all tables within a namespace, if ns is "*" table must also be "*")
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • addOrUpdateSystemUserAcl

      public int addOrUpdateSystemUserAcl(String user, String systemUser) throws AclStoreException
      Description copied from interface: DbAclWriter
      Inserts or Updates an entry to the ACL database for run-as mapping
      Specified by:
      addOrUpdateSystemUserAcl in interface DbAclWriter
      Parameters:
      user - the user whose system-user mapping is to be updated
      systemUser - the system-user which will be used for launching workers
      Returns:
      the number of rows within the ACL database that were modified
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteSystemUserAcl

      public void deleteSystemUserAcl(String user) throws AclStoreException
      Description copied from interface: DbAclWriter
      Removes an entry from the ACL database for run-as mapping
      Specified by:
      deleteSystemUserAcl in interface DbAclWriter
      Parameters:
      user - the user whose system-user mapping is to be deleted
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • getUserByPublicKey

      public String getUserByPublicKey(PublicKey publicKey)
      Specified by:
      getUserByPublicKey in interface com.illumon.iris.auth.AuthModule

    • getPublicKeysImpl

      @NotNull protected List<PublicKeyRecord> getPublicKeysImpl(@Nullable String user)

    • getPublicKeys

      @NotNull public List<PublicKeyRecord> getPublicKeys()
      Description copied from interface: DbAclProvider
      Retrieve all public key data in the ACL database. Has the same effect as calling DbAclProvider.getPublicKeys(String) with a null user parameter.
      Specified by:
      getPublicKeys in interface DbAclProvider
      Returns:
      A list of PublicKeyRecord objects containing the user, the base64-encoded PublicKey key value, and a comment.

    • addPublicKeyForUser

      public int addPublicKeyForUser(String user, PublicKey publicKey, String comment) throws AclStoreException
      Description copied from interface: DbAclWriter
      Adds a public key for the user into the ACL database.
      Specified by:
      addPublicKeyForUser in interface DbAclWriter
      Parameters:
      user - The identifier for the user.
      publicKey - The user's public key.
      comment - An optional comment.
      Returns:
      The number of rows within the ACL database that were modified.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deletePublicKeyForUser

      public boolean deletePublicKeyForUser(String user, PublicKey publicKey) throws AclStoreException
      Description copied from interface: DbAclWriter
      Delete the public key from the ACL database, if it exists.
      Specified by:
      deletePublicKeyForUser in interface DbAclWriter
      Parameters:
      user - The user whose public key is to be deleted.
      publicKey - The public key to remove.
      Returns:
      True if the key was deleted.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteAllAclData

      public void deleteAllAclData() throws AclStoreException
      Deletes all data in the ACL store. Use with great care.
      Specified by:
      deleteAllAclData in interface DbAclWriter
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • deleteAclData

      public void deleteAclData(@NotNull String... types) throws AclStoreException
      Deletes the specified data in the ACL store. Use with great care.
      Specified by:
      deleteAclData in interface DbAclWriter
      Parameters:
      types - the types to delete.
      Throws:
      AclStoreException - if the underlying operation could not be completed

    • userExists

      public boolean userExists(String username)
      Specified by:
      userExists in interface com.illumon.iris.auth.AuthModule

    • isUserPassValid

      public boolean isUserPassValid(String username, String password)
      Specified by:
      isUserPassValid in interface com.illumon.iris.auth.AuthModule

    • isUserPresentInBasicGroups

      protected boolean isUserPresentInBasicGroups(@NotNull String username)
      Returns true if the username is present in the basic groups of 'allusers' and a group with the same name as given username.
      Parameters:
      username - the username for the check is being performed
      Returns:
      true if username exists in basic groups

    • getFilterDetailsForUser

      @NotNull public List<PermissionFilterProvider.FilterDetails> getFilterDetailsForUser(UserContext userContext)
      Description copied from interface: DbAclProvider
      Gets the tableacls permissions filters for an effective user
      Specified by:
      getFilterDetailsForUser in interface DbAclProvider
      Parameters:
      userContext - The UserContext from which the effective username to filter will be obtained
      Returns:
      A List of PermissionFilterProvider.FilterDetails for the effective user

    • retrieveRowAcls

      @NotNull public Collection<String> retrieveRowAcls(String effectiveUser, String namespace, String tableName)
      Description copied from interface: DbAclProvider
      Returns the most specific tableacl per group for a specific user, namespace, and table.
      Specified by:
      retrieveRowAcls in interface DbAclProvider
      Parameters:
      effectiveUser - the user for which acls should be retrieved
      namespace - the namespace specifically for which acls should be retrieved - will also match * in tableacls
      tableName - the table name specifically for which acls should be retrieved - will also match * in tableacls
      Returns:
      A Collection of tableacls filters.

    • retrieveColumnAcls

      @NotNull public Map<String,List<com.fishlib.base.Pair<String,String>>> retrieveColumnAcls(String effectiveUser, String namespace, String tableName)
      Description copied from interface: DbAclProvider
      Returns the most specific Column ACL per group for a specific user, namespace, and table.
      Specified by:
      retrieveColumnAcls in interface DbAclProvider
      Parameters:
      effectiveUser - the user for which acls should be retrieved
      namespace - the namespace specifically for which acls should be retrieved - will also match * in columnacls
      tableName - the table name specifically for which acls should be retrieved - will also match * in columnacls
      Returns:
      A Map of group names to Lists of columns and filter pairs.

    • canEditInputTable

      public boolean canEditInputTable(String effectiveUser, String namespace, String tableName)
      Description copied from interface: DbAclProvider
      Checks whether a user has rights to edit an input table
      Specified by:
      canEditInputTable in interface DbAclProvider
      Parameters:
      effectiveUser - The user for whom permissions should be checked
      namespace - the namespace specifically for which acls should be retrieved - will also match * in inputtableeditors
      tableName - the table name specifically for which acls should be retrieved - will also match * in inputtableeditors
      Returns:
      True if the user has an effective canedit grant, otherwise false

    • canAnyoneEditInputTable

      public boolean canAnyoneEditInputTable(String namespace, String tableName)
      Description copied from interface: DbAclProvider
      Checks whether an input table can be edited by all users
      Specified by:
      canAnyoneEditInputTable in interface DbAclProvider
      Parameters:
      namespace - the namespace specifically for which acls should be retrieved - will also match * in inputtableeditors
      tableName - the table name specifically for which acls should be retrieved - will also match * in inputtableeditors
      Returns:
      True if the input table can be edited by all users, otherwise false

    • getAccountsForUser

      @NotNull public String[] getAccountsForUser(String effectiveUser)
      Description copied from interface: DbAclProvider
      Retrieves all strategy accounts associated with a user, directly or through group membership
      Specified by:
      getAccountsForUser in interface DbAclProvider
      Parameters:
      effectiveUser - The user for whom strategy account access should be checked
      Returns:
      An array of String of associated strategy accounts

    • getAccountsForStrategy

      @NotNull public String[] getAccountsForStrategy(String strategy)
      Description copied from interface: DbAclProvider
      Retrieves all strategy accounts associated with a particular strategy
      Specified by:
      getAccountsForStrategy in interface DbAclProvider
      Parameters:
      strategy - The strategy name for which to filter accounts
      Returns:
      An array of String of strategy account names

    • getStrategyForAccount

      @NotNull public String[] getStrategyForAccount(String account)
      Description copied from interface: DbAclProvider
      Retrieves all strategies associated with a particular strategy account
      Specified by:
      getStrategyForAccount in interface DbAclProvider
      Parameters:
      account - The strategy account name for which to filter strategies
      Returns:
      An array of String of strategy account names

    • getAccountsForGroup

      @NotNull public String[] getAccountsForGroup(String group)
      Description copied from interface: DbAclProvider
      Retrieves all strategy accounts associated with a particular group
      Specified by:
      getAccountsForGroup in interface DbAclProvider
      Parameters:
      group - The group name for which to filter accounts
      Returns:
      An array of String of strategy account names

    • getStrategiesForGroup

      @NotNull public String[] getStrategiesForGroup(String group)
      Description copied from interface: DbAclProvider
      Retrieves all strategies associated with a particular group
      Specified by:
      getStrategiesForGroup in interface DbAclProvider
      Parameters:
      group - The group name for which to filter strategies
      Returns:
      An array of String of strategy names

    • groupStrategyExists

      public boolean groupStrategyExists(String groupName, String strategy)
      Description copied from interface: DbAclProvider
      Checks whether a particular association of a group and a strategy exists
      Specified by:
      groupStrategyExists in interface DbAclProvider
      Parameters:
      groupName - The group name to check
      strategy - The strategy name to check
      Returns:
      True if the mapping exists, false if it does not

    • getGroupsForUser

      @NotNull public String[] getGroupsForUser(String effectiveUser)
      Description copied from interface: DbAclProvider
      Get the groups to which a user is mapped
      Specified by:
      getGroupsForUser in interface DbAclProvider
      Parameters:
      effectiveUser - The String name of the user to find groups for
      Returns:
      A String array of groups mapped to this user

    • getStrategiesForUser

      @NotNull public String[] getStrategiesForUser(String effectiveUser)
      Description copied from interface: DbAclProvider
      Retrieves all strategies associated with a particular user, either directly or through group membership
      Specified by:
      getStrategiesForUser in interface DbAclProvider
      Parameters:
      effectiveUser - The user for whom strategy access should be checked
      Returns:
      An array of String of strategy names

    • getUsersForGroup

      @NotNull public String[] getUsersForGroup(String group)
      Description copied from interface: DbAclProvider
      Get the users that are members of a group
      Specified by:
      getUsersForGroup in interface DbAclProvider
      Parameters:
      group - The String name of the group to find users for
      Returns:
      A String array of users with membership in this group

    • getRunAsUser

      public String getRunAsUser(String effectiveUser)
      Description copied from interface: DbAclProvider
      Returns the systemuser to which the effectiveUser is mapped, or null if no mapping exists.
      Specified by:
      getRunAsUser in interface DbAclProvider
      Parameters:
      effectiveUser - The user for which a mapped systemuser name should be retrieved.
      Returns:
      the String systemuser to which the effectiveUser is mapped, or null if no mapping exists.

    • getPublicKeys

      @NotNull public List<PublicKeyRecord> getPublicKeys(@Nullable String user)
      Description copied from interface: DbAclProvider
      Retrieve the public key data in the ACL database for the user. If the user is null then all keys are retrieved.
      Specified by:
      getPublicKeys in interface DbAclProvider
      Parameters:
      user - The user identifier.
      Returns:
      A list of PublicKeyRecord objects containing the user, the base64-encoded PublicKey key value, and a comment.