#include <XrdSciTokensAccess.hh>

Collaboration diagram for XrdAccRules:

Public Member Functions
	XrdAccRules (uint64_t expiry_time, const std::string &username, const std::string &token_subject, const std::string &issuer, const std::vector< MapRule > &rules, const std::vector< std::string > &groups, uint32_t authz_strategy, AuthzSetting acceptable_authz)

	~XrdAccRules ()

bool	acceptable_authz (Access_Operation oper) const

bool	apply (Access_Operation oper, const std::string_view path)

bool	expired () const

uint32_t	get_authz_strategy () const

const std::string &	get_default_username () const

const std::string &	get_issuer () const

const std::string &	get_token_subject () const

std::string	get_username (const std::string_view &req_path) const

const std::vector< std::string > &	groups () const

void	parse (const AccessRulesRaw &rules)

size_t	size () const

const std::string	str () const

Detailed Description

A class that encapsulates the access rules generated from a token.

The access rules are generated from the token's claims; the object is intended to be kept in a cache and periodically checked for expiration.

Definition at line 137 of file XrdSciTokensAccess.hh.

Constructor & Destructor Documentation

◆ XrdAccRules()

XrdAccRules::XrdAccRules	(	uint64_t	expiry_time,
		const std::string &	username,
		const std::string &	token_subject,
		const std::string &	issuer,
		const std::vector< MapRule > &	rules,
		const std::vector< std::string > &	groups,
		uint32_t	authz_strategy,
		AuthzSetting	acceptable_authz )

inline

Definition at line 140 of file XrdSciTokensAccess.hh.

                                                                :
        m_authz_strategy(authz_strategy),
        m_acceptable_authz(acceptable_authz),
        m_expiry_time(expiry_time),
        m_username(username),
        m_token_subject(token_subject),
        m_issuer(issuer),
        m_map_rules(rules),
        m_groups(groups)
    {}

References acceptable_authz(), and groups().

Here is the call graph for this function:

◆ ~XrdAccRules()

XrdAccRules::~XrdAccRules ( )

inline

Definition at line 153 of file XrdSciTokensAccess.hh.

153{}

Member Function Documentation

◆ acceptable_authz()

bool XrdAccRules::acceptable_authz ( Access_Operation oper ) const

inline

Definition at line 187 of file XrdSciTokensAccess.hh.

                                                       {
        if (m_acceptable_authz == AuthzSetting::All) return true;
        if (m_acceptable_authz == AuthzSetting::None) return false;
 
        bool is_read = oper == AOP_Read || oper == AOP_Readdir || oper == AOP_Stat;
        if (is_read) return m_acceptable_authz == AuthzSetting::Read;
        else return m_acceptable_authz == AuthzSetting::Write;
    }

References All, AOP_Read, AOP_Readdir, AOP_Stat, None, Read, and Write.

Referenced by XrdAccRules().

Here is the caller graph for this function:

◆ apply()

bool XrdAccRules::apply	(	Access_Operation	oper,
		const std::string_view	path )

inline

Definition at line 155 of file XrdSciTokensAccess.hh.

                                                                 {
        return m_matcher.apply(oper, path);
    }

◆ expired()

bool XrdAccRules::expired ( ) const

Definition at line 351 of file XrdSciTokensAccess.cc.

{
    return monotonic_time() > m_expiry_time;
}

◆ get_authz_strategy()

uint32_t XrdAccRules::get_authz_strategy ( ) const

inline

Definition at line 186 of file XrdSciTokensAccess.hh.

186{return m_authz_strategy;}

◆ get_default_username()

const std::string & XrdAccRules::get_default_username ( ) const

inline

Definition at line 183 of file XrdSciTokensAccess.hh.

183{return m_username;}

◆ get_issuer()

const std::string & XrdAccRules::get_issuer ( ) const

inline

Definition at line 184 of file XrdSciTokensAccess.hh.

184{return m_issuer;}

◆ get_token_subject()

const std::string & XrdAccRules::get_token_subject ( ) const

inline

Definition at line 182 of file XrdSciTokensAccess.hh.

182{return m_token_subject;}

◆ get_username()

std::string XrdAccRules::get_username ( const std::string_view & req_path ) const

inline

Definition at line 166 of file XrdSciTokensAccess.hh.

    {
        for (const auto &rule : m_map_rules) {
            std::string name = rule.match(m_token_subject, m_username, req_path, m_groups);
            if (!name.empty()) {
                return name;
            }
        }
        return "";
    }

◆ groups()

const std::vector< std::string > & XrdAccRules::groups ( ) const

inline

Definition at line 197 of file XrdSciTokensAccess.hh.

197{return m_groups;}

Referenced by XrdAccRules().

Here is the caller graph for this function:

◆ parse()

void XrdAccRules::parse ( const AccessRulesRaw & rules )

inline

Definition at line 162 of file XrdSciTokensAccess.hh.

                                            {
        m_matcher = SubpathMatch(rules);
    }

◆ size()

size_t XrdAccRules::size ( ) const

inline

Definition at line 196 of file XrdSciTokensAccess.hh.

196{return m_matcher.size();}

◆ str()

const std::string XrdAccRules::str ( ) const

Definition at line 332 of file XrdSciTokensAccess.cc.

{
    std::stringstream ss;
    ss << "mapped_username=" << m_username << ", subject=" << m_token_subject
        << ", issuer=" << m_issuer;
    if (!m_groups.empty()) {
        ss << ", groups=";
        bool first=true;
        for (const auto &group : m_groups) {
            ss << (first ? "" : ",") << group;
            first = false;
        }
    }
    if (!m_matcher.empty()) {
        ss << ", authorizations=" << m_matcher.str();
    }
    return ss.str();
}

The documentation for this class was generated from the following files:

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

◆ XrdAccRules()

◆ ~XrdAccRules()

Member Function Documentation

◆ acceptable_authz()

◆ apply()

◆ expired()

◆ get_authz_strategy()

◆ get_default_username()

◆ get_issuer()

◆ get_token_subject()

◆ get_username()

◆ groups()

◆ parse()

◆ size()

◆ str()