Package org.apache.iotdb.commons.auth.authorizer

Interface IAuthorizer

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      boolean checkUserPrivileges​(java.lang.String username, PartialPath path, int privilegeId)
      Check if the user have the privilege on the seriesPath.
      void createRole​(java.lang.String roleName)
      Add a role.
      void createUser​(java.lang.String username, java.lang.String password)
      Create a user with given username and password.
      void deleteRole​(java.lang.String roleName)
      Delete a role.
      void deleteUser​(java.lang.String username)
      Delete a user.
      java.util.Map<java.lang.String,​Role> getAllRoles()
      get all role
      java.util.Map<java.lang.String,​User> getAllUsers()
      get all user
      java.util.Map<java.lang.String,​java.lang.Boolean> getAllUserWaterMarkStatus()
      get all user water mark status
      java.util.Set<java.lang.Integer> getPrivileges​(java.lang.String username, PartialPath path)
      Get the all the privileges of a user on a seriesPath.
      Role getRole​(java.lang.String roleName)
      Find a role by its name.
      User getUser​(java.lang.String username)
      Find a user by its name.
      void grantPrivilegeToRole​(java.lang.String roleName, PartialPath path, int privilegeId)
      Add a privilege on a seriesPath to a role.
      void grantPrivilegeToUser​(java.lang.String username, PartialPath path, int privilegeId)
      Grant a privilege on a seriesPath to a user.
      void grantRoleToUser​(java.lang.String roleName, java.lang.String username)
      Add a role to a user.
      boolean isUserUseWaterMark​(java.lang.String userName)
      Whether data water-mark is enabled for user 'userName'.
      java.util.List<java.lang.String> listAllRoles()
      List existing roles in the database.
      java.util.List<java.lang.String> listAllUsers()
      List existing users in the database.
      boolean login​(java.lang.String username, java.lang.String password)
      Login for a user.
      void replaceAllRoles​(java.util.Map<java.lang.String,​Role> roles)
      clear all old role info, replace the old roles with the new one
      void replaceAllUsers​(java.util.Map<java.lang.String,​User> users)
      clear all old user info, replace the old users with the new one
      void reset()
      Reset the Authorizer to initiative status.
      void revokePrivilegeFromRole​(java.lang.String roleName, PartialPath path, int privilegeId)
      Remove a privilege on a seriesPath from a role.
      void revokePrivilegeFromUser​(java.lang.String username, PartialPath path, int privilegeId)
      Revoke a privilege on seriesPath from a user.
      void revokeRoleFromUser​(java.lang.String roleName, java.lang.String username)
      Revoke a role from a user.
      void setUserUseWaterMark​(java.lang.String userName, boolean useWaterMark)
      Enable or disable data water-mark for user 'userName'.
      void updateUserPassword​(java.lang.String username, java.lang.String newPassword)
      Modify the password of a user.

    • Method Detail

      • login

        boolean login​(java.lang.String username,
              java.lang.String password)
       throws AuthException
        Login for a user.
        Parameters:
        username - The username of the user.
        password - The password of the user.
        Returns:
        True if such user exists and the given password is correct, else return false.
        Throws:
        AuthException - if exception raised when searching for the user.

      • createUser

        void createUser​(java.lang.String username,
                java.lang.String password)
         throws AuthException
        Create a user with given username and password. New users will only be granted no privileges.
        Parameters:
        username - is not null or empty
        password - is not null or empty
        Throws:
        AuthException - if the given username or password is illegal or the user already exists.

      • deleteUser

        void deleteUser​(java.lang.String username)
         throws AuthException
        Delete a user.
        Parameters:
        username - the username of the user.
        Throws:
        AuthException - When attempting to delete the default administrator or the user does not exists.

      • grantPrivilegeToUser

        void grantPrivilegeToUser​(java.lang.String username,
                          PartialPath path,
                          int privilegeId)
                   throws AuthException
        Grant a privilege on a seriesPath to a user.
        Parameters:
        username - The username of the user to which the privilege should be added.
        path - The seriesPath on which the privilege takes effect. If the privilege is a seriesPath-free privilege, this should be "root".
        privilegeId - An integer that represents a privilege.
        Throws:
        AuthException - If the user does not exist or the privilege or the seriesPath is illegal or the permission already exists.

      • revokePrivilegeFromUser

        void revokePrivilegeFromUser​(java.lang.String username,
                             PartialPath path,
                             int privilegeId)
                      throws AuthException
        Revoke a privilege on seriesPath from a user.
        Parameters:
        username - The username of the user from which the privilege should be removed.
        path - The seriesPath on which the privilege takes effect. If the privilege is a seriesPath-free privilege, this should be "root".
        privilegeId - An integer that represents a privilege.
        Throws:
        AuthException - If the user does not exist or the privilege or the seriesPath is illegal or if the permission does not exist.

      • createRole

        void createRole​(java.lang.String roleName)
         throws AuthException
        Add a role.
        Parameters:
        roleName - the name of the role to be added.
        Throws:
        AuthException - if exception raised when adding the role or the role already exists.

      • deleteRole

        void deleteRole​(java.lang.String roleName)
         throws AuthException
        Delete a role.
        Parameters:
        roleName - the name of the role tobe deleted.
        Throws:
        AuthException - if exception raised when deleting the role or the role does not exists.

      • grantPrivilegeToRole

        void grantPrivilegeToRole​(java.lang.String roleName,
                          PartialPath path,
                          int privilegeId)
                   throws AuthException
        Add a privilege on a seriesPath to a role.
        Parameters:
        roleName - The name of the role to which the privilege is added.
        path - The seriesPath on which the privilege takes effect. If the privilege is a seriesPath-free privilege, this should be "root".
        privilegeId - An integer that represents a privilege.
        Throws:
        AuthException - If the role does not exist or the privilege or the seriesPath is illegal or the privilege already exists.

      • revokePrivilegeFromRole

        void revokePrivilegeFromRole​(java.lang.String roleName,
                             PartialPath path,
                             int privilegeId)
                      throws AuthException
        Remove a privilege on a seriesPath from a role.
        Parameters:
        roleName - The name of the role from which the privilege is removed.
        path - The seriesPath on which the privilege takes effect. If the privilege is a seriesPath-free privilege, this should be "root".
        privilegeId - An integer that represents a privilege.
        Throws:
        AuthException - If the role does not exist or the privilege or the seriesPath is illegal or the privilege does not exists.

      • grantRoleToUser

        void grantRoleToUser​(java.lang.String roleName,
                     java.lang.String username)
              throws AuthException
        Add a role to a user.
        Parameters:
        roleName - The name of the role to be added.
        username - The name of the user to which the role is added.
        Throws:
        AuthException - If either the role or the user does not exist or the role already exists.

      • revokeRoleFromUser

        void revokeRoleFromUser​(java.lang.String roleName,
                        java.lang.String username)
                 throws AuthException
        Revoke a role from a user.
        Parameters:
        roleName - The name of the role to be removed.
        username - The name of the user from which the role is removed.
        Throws:
        AuthException - If either the role or the user does not exist or the role already exists.

      • getPrivileges

        java.util.Set<java.lang.Integer> getPrivileges​(java.lang.String username,
                                               PartialPath path)
                                        throws AuthException
        Get the all the privileges of a user on a seriesPath.
        Parameters:
        username - The user whose privileges are to be queried.
        path - The seriesPath on which the privileges take effect. If the privilege is a seriesPath-free privilege, this should be "root".
        Returns:
        A set of integers each present a privilege.
        Throws:
        AuthException - if exception raised when finding the privileges.

      • updateUserPassword

        void updateUserPassword​(java.lang.String username,
                        java.lang.String newPassword)
                 throws AuthException
        Modify the password of a user.
        Parameters:
        username - The user whose password is to be modified.
        newPassword - The new password.
        Throws:
        AuthException - If the user does not exists or the new password is illegal.

      • checkUserPrivileges

        boolean checkUserPrivileges​(java.lang.String username,
                            PartialPath path,
                            int privilegeId)
                     throws AuthException
        Check if the user have the privilege on the seriesPath.
        Parameters:
        username - The name of the user whose privileges are checked.
        path - The seriesPath on which the privilege takes effect. If the privilege is a seriesPath-free privilege, this should be "root".
        privilegeId - An integer that represents a privilege.
        Returns:
        True if the user has such privilege, false if the user does not have such privilege.
        Throws:
        AuthException - If the seriesPath or the privilege is illegal.

      • listAllUsers

        java.util.List<java.lang.String> listAllUsers()
        List existing users in the database.
        Returns:
        A list contains all usernames.

      • listAllRoles

        java.util.List<java.lang.String> listAllRoles()
        List existing roles in the database.
        Returns:
        A list contains all roleNames.

      • getRole

        Role getRole​(java.lang.String roleName)
      throws AuthException
        Find a role by its name.
        Parameters:
        roleName - the name of the role.
        Returns:
        A role whose name is roleName or null if such role does not exist.
        Throws:
        AuthException

      • getUser

        User getUser​(java.lang.String username)
      throws AuthException
        Find a user by its name.
        Parameters:
        username - the name of the user.
        Returns:
        A user whose name is username or null if such user does not exist.
        Throws:
        AuthException

      • isUserUseWaterMark

        boolean isUserUseWaterMark​(java.lang.String userName)
                    throws AuthException
        Whether data water-mark is enabled for user 'userName'.
        Parameters:
        userName - the name of user
        Throws:
        AuthException - if the user does not exist

      • setUserUseWaterMark

        void setUserUseWaterMark​(java.lang.String userName,
                         boolean useWaterMark)
                  throws AuthException
        Enable or disable data water-mark for user 'userName'.
        Parameters:
        userName - the name of user
        useWaterMark - whether to use water-mark or not
        Throws:
        AuthException - if the user does not exist.

      • getAllUserWaterMarkStatus

        java.util.Map<java.lang.String,​java.lang.Boolean> getAllUserWaterMarkStatus()
        get all user water mark status
        Returns:
        key->userName, value->useWaterMark or not

      • getAllUsers

        java.util.Map<java.lang.String,​User> getAllUsers()
        get all user
        Returns:
        key-> userName, value->user

      • getAllRoles

        java.util.Map<java.lang.String,​Role> getAllRoles()
        get all role
        Returns:
        key->userName, value->role

      • replaceAllUsers

        void replaceAllUsers​(java.util.Map<java.lang.String,​User> users)
              throws AuthException
        clear all old user info, replace the old users with the new one
        Parameters:
        users - new users info
        Throws:
        AuthException - IOException

      • replaceAllRoles

        void replaceAllRoles​(java.util.Map<java.lang.String,​Role> roles)
              throws AuthException
        clear all old role info, replace the old roles with the new one
        Parameters:
        roles - new roles info
        Throws:
        AuthException - IOException