This is an automated email from the ASF dual-hosted git repository.
ctubbsii pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/accumulo-access.git
The following commit(s) were added to refs/heads/main by this push:
new 9fad2d6 Replace Authorizer with `Predicate<String>` (#107)
9fad2d6 is described below
commit 9fad2d62b4376eec82cbc69576872d907b0c0098
Author: Christopher Tubbs <[email protected]>
AuthorDate: Tue Mar 10 20:38:00 2026 -0400
Replace Authorizer with `Predicate<String>` (#107)
* Replace Authorizer with predicate so that users can construct more
complex Predicate objects, as needed, using Predicate's `and`, `or`,
and `negate` convenience methods.
* Move javadoc explanation closer to the API where authorizer is used.
* Minor AccessEvaluator improvements to replace redundant/verbose code
This supersedes #64 and fixes #57
---
.../main/java/org/apache/accumulo/access/Access.java | 6 ++++--
.../org/apache/accumulo/access/AccessEvaluator.java | 13 +++----------
.../accumulo/access/impl/AccessEvaluatorImpl.java | 19 +++++--------------
.../org/apache/accumulo/access/impl/AccessImpl.java | 3 ++-
.../access/impl/MultiAccessEvaluatorImpl.java | 5 -----
5 files changed, 14 insertions(+), 32 deletions(-)
diff --git a/modules/core/src/main/java/org/apache/accumulo/access/Access.java
b/modules/core/src/main/java/org/apache/accumulo/access/Access.java
index 26b687f..59a21f4 100644
--- a/modules/core/src/main/java/org/apache/accumulo/access/Access.java
+++ b/modules/core/src/main/java/org/apache/accumulo/access/Access.java
@@ -21,6 +21,7 @@ package org.apache.accumulo.access;
import java.util.Collection;
import java.util.Set;
import java.util.function.Consumer;
+import java.util.function.Predicate;
import org.apache.accumulo.access.impl.BuilderImpl;
@@ -160,10 +161,11 @@ public interface Access {
/**
* Creates an AccessEvaluator from an Authorizer
*
- * @param authorizer authorizer to use in the AccessEvaluator
+ * @param authorizer used to determine whether the provided authorization
seen during the
+ * evaluation of an access expression is authorized
* @return AccessEvaluator object
*/
- AccessEvaluator newEvaluator(AccessEvaluator.Authorizer authorizer);
+ AccessEvaluator newEvaluator(Predicate<String> authorizer);
/**
* Creates an AccessEvaluator from multiple sets of authorizations. Each
expression will be
diff --git
a/modules/core/src/main/java/org/apache/accumulo/access/AccessEvaluator.java
b/modules/core/src/main/java/org/apache/accumulo/access/AccessEvaluator.java
index a693041..bc447bc 100644
--- a/modules/core/src/main/java/org/apache/accumulo/access/AccessEvaluator.java
+++ b/modules/core/src/main/java/org/apache/accumulo/access/AccessEvaluator.java
@@ -72,15 +72,8 @@ public sealed interface AccessEvaluator permits
AccessEvaluatorImpl, MultiAccess
* @return true if the expression is visible using the authorizations
supplied at creation, false
* otherwise
*/
- boolean canAccess(AccessExpression accessExpression);
-
- /**
- * An interface that is used to check if an authorization seen in an access
expression is
- * authorized.
- *
- * @since 1.0.0
- */
- interface Authorizer {
- boolean isAuthorized(String auth);
+ default boolean canAccess(AccessExpression accessExpression) {
+ return canAccess(accessExpression.getExpression());
}
+
}
diff --git
a/modules/core/src/main/java/org/apache/accumulo/access/impl/AccessEvaluatorImpl.java
b/modules/core/src/main/java/org/apache/accumulo/access/impl/AccessEvaluatorImpl.java
index cc888d3..3912077 100644
---
a/modules/core/src/main/java/org/apache/accumulo/access/impl/AccessEvaluatorImpl.java
+++
b/modules/core/src/main/java/org/apache/accumulo/access/impl/AccessEvaluatorImpl.java
@@ -29,7 +29,6 @@ import java.util.Set;
import java.util.function.Predicate;
import org.apache.accumulo.access.AccessEvaluator;
-import org.apache.accumulo.access.AccessExpression;
import org.apache.accumulo.access.AuthorizationValidator;
import org.apache.accumulo.access.Authorizations;
import org.apache.accumulo.access.InvalidAccessExpressionException;
@@ -42,9 +41,9 @@ public final class AccessEvaluatorImpl implements
AccessEvaluator {
/**
* Create an AccessEvaluatorImpl using an Authorizer object
*/
- public AccessEvaluatorImpl(Authorizer authorizationChecker,
+ public AccessEvaluatorImpl(Predicate<String> authorizationChecker,
AuthorizationValidator authorizationValidator) {
- this.authorizedPredicate = auth ->
authorizationChecker.isAuthorized(auth.toString());
+ this.authorizedPredicate = auth ->
authorizationChecker.test(auth.toString());
this.authorizationValidator = authorizationValidator;
}
@@ -63,12 +62,9 @@ public final class AccessEvaluatorImpl implements
AccessEvaluator {
wrappedAuths.add(new CharsWrapper(authorization.toCharArray()));
}
- this.authorizedPredicate = auth -> {
- if (auth instanceof CharsWrapper wrapped) {
- return wrappedAuths.contains(wrapped);
- }
- return wrappedAuths.contains(new
CharsWrapper(auth.toString().toCharArray()));
- };
+ this.authorizedPredicate =
+ auth -> auth instanceof CharsWrapper wrapped ?
wrappedAuths.contains(wrapped)
+ : wrappedAuths.contains(new
CharsWrapper(auth.toString().toCharArray()));
this.authorizationValidator = authorizationValidator;
}
@@ -148,11 +144,6 @@ public final class AccessEvaluatorImpl implements
AccessEvaluator {
return auth;
}
- @Override
- public boolean canAccess(AccessExpression expression) {
- return canAccess(expression.getExpression());
- }
-
@Override
public boolean canAccess(String expression) throws
InvalidAccessExpressionException {
return evaluate(expression);
diff --git
a/modules/core/src/main/java/org/apache/accumulo/access/impl/AccessImpl.java
b/modules/core/src/main/java/org/apache/accumulo/access/impl/AccessImpl.java
index d8b1d57..ed00893 100644
--- a/modules/core/src/main/java/org/apache/accumulo/access/impl/AccessImpl.java
+++ b/modules/core/src/main/java/org/apache/accumulo/access/impl/AccessImpl.java
@@ -24,6 +24,7 @@ import java.util.Collection;
import java.util.Objects;
import java.util.Set;
import java.util.function.Consumer;
+import java.util.function.Predicate;
import org.apache.accumulo.access.Access;
import org.apache.accumulo.access.AccessEvaluator;
@@ -106,7 +107,7 @@ public class AccessImpl implements Access {
}
@Override
- public AccessEvaluator newEvaluator(AccessEvaluator.Authorizer authorizer) {
+ public AccessEvaluator newEvaluator(Predicate<String> authorizer) {
return new AccessEvaluatorImpl(authorizer, authValidator);
}
diff --git
a/modules/core/src/main/java/org/apache/accumulo/access/impl/MultiAccessEvaluatorImpl.java
b/modules/core/src/main/java/org/apache/accumulo/access/impl/MultiAccessEvaluatorImpl.java
index e2a905c..2ea6964 100644
---
a/modules/core/src/main/java/org/apache/accumulo/access/impl/MultiAccessEvaluatorImpl.java
+++
b/modules/core/src/main/java/org/apache/accumulo/access/impl/MultiAccessEvaluatorImpl.java
@@ -23,7 +23,6 @@ import java.util.Collection;
import java.util.List;
import org.apache.accumulo.access.AccessEvaluator;
-import org.apache.accumulo.access.AccessExpression;
import org.apache.accumulo.access.AuthorizationValidator;
import org.apache.accumulo.access.Authorizations;
import org.apache.accumulo.access.InvalidAccessExpressionException;
@@ -50,8 +49,4 @@ public final class MultiAccessEvaluatorImpl implements
AccessEvaluator {
return true;
}
- @Override
- public boolean canAccess(AccessExpression accessExpression) {
- return canAccess(accessExpression.getExpression());
- }
}
