Package uk.gov.gchq.gaffer.graph.hook

Class OperationChainLimiter

  • All Implemented Interfaces:
    GraphHook
    public class OperationChainLimiter
extends Object
implements GraphHook
    An OperationChainLimiter is a GraphHook that checks a user is authorised to execute an operation chain based on that user's maximum chain score and the configured score value for each operation in the chain. This class requires a map of operation scores. When using a properties file the last entry in the file that an operation can be assigned to will be the score that is used for that operation. containing the operations and the score. E.g if you put gaffer.operation.impl.add.AddElements = 8 And then gaffer.operation.impl.add = 1 The add elements will have a score of 1 not 8. So make sure to write your properties file in class hierarchical order. This class also requires a map of authorisation scores, this is the score value someone with that auth can have, the maximum score value of a users auths is used. The class delegates the logic to ScoreOperationChainHandler. If you wish to use the ScoreOperationChain operation and this graph hook, then both need to have the same score configuration.

    • Constructor Detail

      • OperationChainLimiter

        public OperationChainLimiter​(String cacheServiceNameSuffix)

    • Method Detail

      • getSuffixNamedOperationCacheName

        public String getSuffixNamedOperationCacheName()

      • preExecute

        public void preExecute​(OperationChain<?> opChain,
                       Context context)
        Checks the OperationChain is allowed to be executed by the user. This is done by checking the user's auths against the auth scores getting the users maximum score limit value. Then checking the operation score of all operations in the chain and comparing the total score value of the chain against a users maximum score limit. If an operation cannot be executed then an IllegalAccessError is thrown.
        Specified by:
        preExecute in interface GraphHook
        Parameters:
        context - the Context containing the user to authorise.
        opChain - the operation chain.

      • postExecute

        public <T> T postExecute​(T result,
                         OperationChain<?> opChain,
                         Context context)
        Description copied from interface: GraphHook
        Called from Graph after an OperationChain is executed.
        Specified by:
        postExecute in interface GraphHook
        Type Parameters:
        T - the result type
        Parameters:
        result - the result from the operation chain
        opChain - the OperationChain that was executed. This can be modified/optimised in any GraphHook.
        context - the Context in which the operation chain was executed. The context also holds a reference to the original operation chain.
        Returns:
        result object

      • onFailure

        public <T> T onFailure​(T result,
                       OperationChain<?> opChain,
                       Context context,
                       Exception e)
        Description copied from interface: GraphHook
        Called from Graph if an error occurs whilst executing the OperationChain.
        Specified by:
        onFailure in interface GraphHook
        Type Parameters:
        T - the result type
        Parameters:
        result - the result from the operation chain - likely to be null.
        opChain - the OperationChain that was executed. This can be modified/optimised in any GraphHook.
        context - the Context in which the operation chain was executed. The context also holds a reference to the original operation chain.
        e - the exception
        Returns:
        result object

      • setAuthScores

        public void setAuthScores​(Map<String,​Integer> authScores)