Package uk.gov.gchq.gaffer.graph.hook
Class OperationChainLimiter
- java.lang.Object
-
- uk.gov.gchq.gaffer.graph.hook.OperationChainLimiter
-
- All Implemented Interfaces:
GraphHook
public class OperationChainLimiter extends Object implements GraphHook
AnOperationChainLimiter
is aGraphHook
that checks a user is authorised to execute an operation chain based on that user's maximum chain score and the configured score value for each operation in the chain. This class requires a map of operation scores. When using a properties file the last entry in the file that an operation can be assigned to will be the score that is used for that operation. containing the operations and the score. E.g if you put gaffer.operation.impl.add.AddElements = 8 And then gaffer.operation.impl.add = 1 The add elements will have a score of 1 not 8. So make sure to write your properties file in class hierarchical order. This class also requires a map of authorisation scores, this is the score value someone with that auth can have, the maximum score value of a users auths is used. The class delegates the logic toScoreOperationChainHandler
. If you wish to use theScoreOperationChain
operation and this graph hook, then both need to have the same score configuration.
-
-
Constructor Summary
Constructors Constructor Description OperationChainLimiter(String cacheServiceNameSuffix)
-
Method Summary
-
-
-
Constructor Detail
-
OperationChainLimiter
public OperationChainLimiter(String cacheServiceNameSuffix)
-
-
Method Detail
-
getSuffixNamedOperationCacheName
public String getSuffixNamedOperationCacheName()
-
preExecute
public void preExecute(OperationChain<?> opChain, Context context)
Checks theOperationChain
is allowed to be executed by the user. This is done by checking the user's auths against the auth scores getting the users maximum score limit value. Then checking the operation score of all operations in the chain and comparing the total score value of the chain against a users maximum score limit. If an operation cannot be executed then anIllegalAccessError
is thrown.- Specified by:
preExecute
in interfaceGraphHook
- Parameters:
context
- the Context containing the user to authorise.opChain
- the operation chain.
-
postExecute
public <T> T postExecute(T result, OperationChain<?> opChain, Context context)
Description copied from interface:GraphHook
Called fromGraph
after anOperationChain
is executed.- Specified by:
postExecute
in interfaceGraphHook
- Type Parameters:
T
- the result type- Parameters:
result
- the result from the operation chainopChain
- theOperationChain
that was executed. This can be modified/optimised in any GraphHook.context
- theContext
in which the operation chain was executed. The context also holds a reference to the original operation chain.- Returns:
- result object
-
onFailure
public <T> T onFailure(T result, OperationChain<?> opChain, Context context, Exception e)
Description copied from interface:GraphHook
Called fromGraph
if an error occurs whilst executing theOperationChain
.- Specified by:
onFailure
in interfaceGraphHook
- Type Parameters:
T
- the result type- Parameters:
result
- the result from the operation chain - likely to be null.opChain
- theOperationChain
that was executed. This can be modified/optimised in any GraphHook.context
- theContext
in which the operation chain was executed. The context also holds a reference to the original operation chain.e
- the exception- Returns:
- result object
-
setOpScoresFromStrings
public void setOpScoresFromStrings(Map<String,Integer> opScores) throws ClassNotFoundException
- Throws:
ClassNotFoundException
-
getScoreResolvers
public Map<Class<? extends Operation>,ScoreResolver> getScoreResolvers()
-
setScoreResolvers
public void setScoreResolvers(Map<Class<? extends Operation>,ScoreResolver> resolvers)
-
-