A Java / PostgreSQL port of "A fairly capable authorization sub system"
Based on : https://www.codeproject.com/Articles/30380/A-Fairly-Capable-Authorization-Sub-System-with-Row
All the scripts in the sql
folder must be run in the postgres database where we will be persisting the authorization permissions.
Gradle : https://gradle.org/install/
GraalVM : https://www.graalvm.org/downloads/#
To build a JAR file with all the dependencies :
gradle shadowJar
To build a native executable with all the dependencies :
gradle nativeCompile
When adding new dependencies, if they are using reflection, we need to generate a reflect-config.json
file so that graalvm can compile the classes ahead of time and package them in the executable.
Refer : https://graalvm.github.io/native-build-tools/latest/gradle-plugin.html#agent-support
The JAR build file will be created at app/build/libs/afcas.jar
java -jar afcas.jar
The native build executable will be created at app/build/native/nativeCompile/afcas
./afcas
The program will ask you for database credentials when it is executed, else you can pass the parameters :
./afcas -h <db-hostname> -p <db-port> -U <username>
If you need to connect to different database.
connect-db -h <db-url> -p <db-port> -U <db-user> -W
Eg.
connect-db -h localhost -p 5432 -U postgres -W
add principal <name> <principal-type> [<display-name>] [<email>] [<description>] [<source>]
Eg.
add principal John User John john@gmail.com test TestSource
add principal Admin Group
remove principal <name>
Eg.
remove principal John
remove principal Admin
add operation <id> [<name>] [<description>]
Eg.
add operation Edit EditOperation
remove operation <name>
Eg.
remove operation Edit
add resource <id> <name>
Eg.
add resouce workspace Workspaces
remove resource <name>
Eg.
remove resource Workspace
add permission <principle> <operation> <workspace> <predicateType>
Eg.
add permission John Edit Workspace Grant
remove permission <principle> <operation> <workspace> <predicateType>
Eg.
remove permission John Edit Workspace Grant
is-authorized <principle> <operation> <workspace>
Eg.
is-authorized John Edit Workspace
add group-member <group-name> <member-name>
Eg.
add group-member Admin John
remove group-member <group-name> <member-name>
Eg.
remove group-member Admin John
add sub-operation <parent-operation> <sub-operation>
Eg.
add sub-operation ViewEdit View
remove sub-operation <parent-operation> <sub-operation>
Eg.
remove sub-operation ViewEdit View
add sub-resource <parent-resource> <sub-resource>
Eg.
add sub-resource Workspace WorkspaceA
remove sub-resource <parent-resource> <sub-resource>
Eg.
remove sub-resource Workspace WorkspaceA
get principal
get members <group-name> [<is-flat>]
Eg.
get members Admins true
is-member-of <group-name> <member-name>
Eg.
is-member-of Admins Bob
get operations [<parent-operation>] [<is-flat>]
Eg.
get operations
get operations Edit
get operations Edit true
is-sub-operation <operation-name> <sub-operation-name>
Eg.
is-sub-operation ViewEdit View
get authorization-digest <principal-name>
Eg.
get authorization-digest John
get authorized-operations <principal-name> <resource-name>
Eg.
get authorized-operations John Workspace
get authorized-resources <principal-name> <operation-name>
Eg.
get authorized-resources John Edit
docker build -t afcas-app .
docker run --name afcas-app -it afcas-app