Package com.osohq.oso
Class Oso
java.lang.Object
com.osohq.oso.Polar
com.osohq.oso.Oso
-
Field Summary
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidvoidEnsure that `actor` is allowed to perform `action` on `resource`.authorizedActions(Object actor, Object resource) authorizedActions(Object actor, Object resource, boolean allowWildcard) Determine the actions `actor` is allowed to take on `resource`.authorizedFields(Object actor, Object action, Object resource) authorizedFields(Object actor, Object action, Object resource, boolean allowWildcard) Determine the fields of `resource` on which `actor` is allowed to perform `action`.voidauthorizeField(Object actor, Object action, Object resource, Object field) Ensure that `actor` is allowed to perform `action` on a given `resource`'s `field`.voidauthorizeRequest(Object actor, Object request) Ensure that `actor` is allowed to send `request` to the server.getAllowedActions(Object actor, Object resource) Return the allowed actions for the given actor and resource, if any.getAllowedActions(Object actor, Object resource, boolean allowWildcard) Deprecated.Use `authorizedActions` instead.booleanSubmit an `allow` query to the Polar knowledge base.static voidvoidsetReadAction(Object readAction) Override the "read" action, which is used to differentiate between a `NotFoundException` and a `ForbiddenException` on authorization failures.Methods inherited from class com.osohq.oso.Polar
clearRules, loadFile, loadFiles, loadFilesFromResources, loadStr, loadStr, query, query, query, query, query, query, query, queryRule, queryRule, queryRuleOnce, registerClass, registerClass, registerConstant, repl, repl
-
Constructor Details
-
Oso
public Oso()
-
-
Method Details
-
main
- Throws:
Exceptions.OsoExceptionIOException
-
setReadAction
Override the "read" action, which is used to differentiate between a `NotFoundException` and a `ForbiddenException` on authorization failures. -
isAllowed
public boolean isAllowed(Object actor, Object action, Object resource) throws Exceptions.OsoException Submit an `allow` query to the Polar knowledge base.Oso oso = new Oso(); o.loadStr("allow(\"guest\", \"get\", \"widget\");"); assert o.isAllowed("guest", "get", "widget");- Parameters:
actor- the actor performing the requestaction- the action the actor is attempting to performresource- the resource being accessed- Returns:
- boolean
- Throws:
Exceptions.OsoException
-
getAllowedActions
public HashSet<Object> getAllowedActions(Object actor, Object resource) throws Exceptions.OsoException Return the allowed actions for the given actor and resource, if any.Oso oso = new Oso(); o.loadStr("allow(\"guest\", \"get\", \"widget\");"); HashSet actions = o.getAllowedActions("guest", "widget"); assert actions.contains("get");- Parameters:
actor- the actor performing the requestresource- the resource being accessed- Returns:
- HashSet
- Throws:
Exceptions.OsoException
-
getAllowedActions
public HashSet<Object> getAllowedActions(Object actor, Object resource, boolean allowWildcard) throws Exceptions.OsoException Deprecated.Use `authorizedActions` instead.Return the allowed actions for the given actor and resource, if any. Explicitly allow or disallow wildcard actions. If allowed, wildcard actions are represented as "*".- Parameters:
actor- the actor performing the requestresource- the resource being accessedallowWildcard- whether or not to allow wildcard actions- Returns:
- HashSet
- Throws:
Exceptions.OsoException
-
authorize
public void authorize(Object actor, Object action, Object resource, boolean checkRead) throws Exceptions.OsoException Ensure that `actor` is allowed to perform `action` on `resource`.If the action is permitted with an `allow` rule in the policy, then this method returns `None`. If the action is not permitted by the policy, this method will raise an error.
The error raised by this method depends on whether the actor can perform the `"read"` action on the resource. If they cannot read the resource, then a `NotFoundException` is raised. Otherwise, a `ForbiddenException` is raised.
- Parameters:
actor- The actor performing the request.action- The action the actor is attempting to perform.resource- The resource being accessed.checkRead- If set to `false`, a `ForbiddenException` is always thrown on authorization failures, regardless of whether the actor can read the resource. Default is `true`.- Throws:
Exceptions.OsoException
-
authorize
- Throws:
Exceptions.OsoException
-
authorizeRequest
Ensure that `actor` is allowed to send `request` to the server.Checks the `allow_request` rule of a policy.
If the request is permitted with an `allow_request` rule in the policy, then this method returns nothing. Otherwise, this method raises a `ForbiddenException`.
- Parameters:
actor- The actor performing the request.request- An object representing the request that was sent by the actor.- Throws:
Exceptions.OsoException
-
authorizeField
public void authorizeField(Object actor, Object action, Object resource, Object field) throws Exceptions.OsoException Ensure that `actor` is allowed to perform `action` on a given `resource`'s `field`.If the action is permitted by an `allow_field` rule in the policy, then this method returns nothing. If the action is not permitted by the policy, this method will raise a `ForbiddenException`.
- Parameters:
actor- The actor performing the request.action- The action the actor is attempting to perform on the field.resource- The resource being accessed.field- The name of the field being accessed.- Throws:
Exceptions.OsoException
-
authorizedActions
public HashSet<Object> authorizedActions(Object actor, Object resource, boolean allowWildcard) throws Exceptions.OsoException Determine the actions `actor` is allowed to take on `resource`.Collects all actions allowed by allow rules in the Polar policy for the given combination of actor and resource.
- Parameters:
actor- The actor for whom to collect allowed actionsresource- The resource being accessedallowWildcard- Flag to determine behavior if the policy includes a wildcard action. E.g., a rule allowing any action: `allow(_actor, _action, _resource)`. If `true`, the method will return `["*"]`, if `false`, the method will raise an exception.- Returns:
- HashSet
- Throws:
Exceptions.OsoException
-
authorizedActions
public HashSet<Object> authorizedActions(Object actor, Object resource) throws Exceptions.OsoException - Throws:
Exceptions.OsoException
-
authorizedFields
public HashSet<Object> authorizedFields(Object actor, Object action, Object resource, boolean allowWildcard) throws Exceptions.OsoException Determine the fields of `resource` on which `actor` is allowed to perform `action`.Uses `allow_field` rules in the policy to find all allowed fields.
- Parameters:
actor- The actor for whom to collect allowed fields.action- The action being taken on the field.resource- The resource being accessed.allowWildcard- Flag to determine behavior if the policy \ includes a wildcard field. E.g., a rule allowing any field: \ `allow_field(_actor, _action, _resource, _field)`. If `true`, the \ method will return `["*"]`, if `false`, the method will raise an \ exception.- Returns:
- HashSet
- Throws:
Exceptions.OsoException
-
authorizedFields
public HashSet<Object> authorizedFields(Object actor, Object action, Object resource) throws Exceptions.OsoException - Throws:
Exceptions.OsoException
-