Class CedarlingAdapter
-
- All Implemented Interfaces:
-
java.lang.AutoCloseable
public class CedarlingAdapter implements AutoCloseable
High-level wrapper around the Cedarling UniFFI binding.
This adapter hides the UniFFI-generated types from application code by providing convenience methods that accept standard Java types (
Map,String,JSONObject). The lower-level overloads that accept EntityData and TokenInput directly are still available for advanced use cases.The legacy
authorize(Map<String,String> tokens, ...)method has been replaced by two dedicated methods:- authorizeMultiIssuer – drop-in replacement that takes a token map, validates JWTs, and evaluates policies.
- authorizeUnsigned and authorizeUnsignedEntity – for pre-validated / unsigned entity data (omit the principal or pass null for partial evaluation when no asserted principal is supplied).
-
-
Constructor Summary
Constructors Constructor Description CedarlingAdapter()
-
Method Summary
Modifier and Type Method Description CedarlinggetCedarling()voidloadFromJson(String bootstrapConfigJson)voidloadFromFile(String path)MultiIssuerAuthorizeResultauthorizeMultiIssuer(Map<String, String> tokens, String action, JSONObject resource, JSONObject context)Authorize using JWT tokens from multiple issuers. MultiIssuerAuthorizeResultauthorizeMultiIssuer(List<TokenInput> tokens, String action, JSONObject resource, JSONObject context)Authorize using pre-built TokenInput objects. AuthorizeResultauthorizeUnsigned(String principalJson, String action, JSONObject resource, JSONObject context)Authorize with an optional principal provided as a JSON string. AuthorizeResultauthorizeUnsignedEntity(EntityData principal, String action, JSONObject resource, JSONObject context)Authorize with an optional pre-built EntityData principal. StringgetLogById(String id)List<String>getLogIds()List<String>getLogsByRequestId(String requestId)List<String>getLogsByRequestIdAndTag(String requestId, String tag)List<String>getLogsByTag(String tag)List<String>popLogs()voidpushDataCtx(String key, JSONObject value, Long ttlSecs)Push a value into the data store with an optional TTL. voidpushDataCtx(String key, String value, Long ttlSecs)Push a value into the data store with an optional TTL. voidpushDataCtx(String key, JSONObject value)Push a value into the data store without TTL (uses default from config). voidpushDataCtx(String key, String value)Push a value into the data store without TTL (uses default from config). ObjectgetDataCtx(String key)Get a value from the data store by key. DataEntrygetDataEntryCtx(String key)Get a data entry with full metadata by key. booleanremoveDataCtx(String key)Remove a value from the data store by key. voidclearDataCtx()Clear all entries from the data store. List<DataEntry>listDataCtx()List all entries with their metadata. DataStoreStatsgetStatsCtx()Get statistics about the data store. voidclose()booleanisTrustedIssuerLoadedByName(String issuerId)booleanisTrustedIssuerLoadedByIss(String issClaim)longtotalIssuers()longloadedTrustedIssuersCount()List<String>loadedTrustedIssuerIds()List<String>failedTrustedIssuerIds()-
-
Method Detail
-
getCedarling
Cedarling getCedarling()
-
loadFromJson
void loadFromJson(String bootstrapConfigJson)
-
loadFromFile
void loadFromFile(String path)
-
authorizeMultiIssuer
MultiIssuerAuthorizeResult authorizeMultiIssuer(Map<String, String> tokens, String action, JSONObject resource, JSONObject context)
Authorize using JWT tokens from multiple issuers.
This is the recommended replacement for the removed
authorize(Map<String,String>, ...)method. Each map entry is a token mapping name (e.g."Jans::Access_Token") to the raw JWT string.- Parameters:
tokens- mapping name → JWT string (must not be null; no null keys or values)action- Cedar action (e.g.resource- resource as JSONObject (must not be null)context- context as JSONObject (may be null; sent as empty JSON object to the engine)- Returns:
authorization result
-
authorizeMultiIssuer
MultiIssuerAuthorizeResult authorizeMultiIssuer(List<TokenInput> tokens, String action, JSONObject resource, JSONObject context)
Authorize using pre-built TokenInput objects.
- Parameters:
resource- resource as JSONObject (must not be null)
-
authorizeUnsigned
AuthorizeResult authorizeUnsigned(String principalJson, String action, JSONObject resource, JSONObject context)
Authorize with an optional principal provided as a JSON string.
This is the simplest way to call
authorizeUnsignedwithout importing any UniFFI types. WhenprincipalJsonis non-null it is parsed into EntityData; when null, the engine runs without an asserted principal (partial evaluation / Cedar partial mode), matching coreRequestUnsigned.principal == None.- Parameters:
principalJson- principal as a JSON string, or null for no asserted principalaction- Cedar actionresource- resource as JSONObject (must not be null)context- context as JSONObject (may be null; sent as empty JSON object to the engine)- Returns:
authorization result
-
authorizeUnsignedEntity
AuthorizeResult authorizeUnsignedEntity(EntityData principal, String action, JSONObject resource, JSONObject context)
Authorize with an optional pre-built EntityData principal.
Use this when you already have an EntityData instance (e.g. from UniFFI or advanced integration code). Pass null for
principalwhen no asserted principal should be supplied. A nullcontextis sent as an empty JSON object to the engine.This method is named
authorizeUnsignedEntity(rather than an overload of authorizeUnsigned) so that a null principal does not make overload resolution ambiguous in Java.- Parameters:
principal- optional principal entity, or null for partial evaluation without oneresource- resource as JSONObject (must not be null)
-
getLogById
String getLogById(String id)
-
getLogsByRequestId
List<String> getLogsByRequestId(String requestId)
-
getLogsByRequestIdAndTag
List<String> getLogsByRequestIdAndTag(String requestId, String tag)
-
getLogsByTag
List<String> getLogsByTag(String tag)
-
pushDataCtx
void pushDataCtx(String key, JSONObject value, Long ttlSecs)
Push a value into the data store with an optional TTL. If the key already exists, the value will be replaced. If TTL is not provided, the default TTL from configuration is used.
- Parameters:
key- The key for the data entryvalue- The value to store (as JSONObject)ttlSecs- Optional TTL in seconds (null uses default from config)
-
pushDataCtx
void pushDataCtx(String key, String value, Long ttlSecs)
Push a value into the data store with an optional TTL. If the key already exists, the value will be replaced. If TTL is not provided, the default TTL from configuration is used.
- Parameters:
key- The key for the data entryvalue- The value to store (as JSON string)ttlSecs- Optional TTL in seconds (null uses default from config)
-
pushDataCtx
void pushDataCtx(String key, JSONObject value)
Push a value into the data store without TTL (uses default from config).
- Parameters:
key- The key for the data entryvalue- The value to store (as JSONObject)
-
pushDataCtx
void pushDataCtx(String key, String value)
Push a value into the data store without TTL (uses default from config).
- Parameters:
key- The key for the data entryvalue- The value to store (as JSON string)
-
getDataCtx
Object getDataCtx(String key)
Get a value from the data store by key. Returns null if the key doesn't exist or the entry has expired.
- Parameters:
key- The key to retrieve- Returns:
The value as an Object (JSONObject, JSONArray, String, Number, Boolean, or null), or null if not found
-
getDataEntryCtx
DataEntry getDataEntryCtx(String key)
Get a data entry with full metadata by key. Returns null if the key doesn't exist or the entry has expired.
- Parameters:
key- The key to retrieve- Returns:
A DataEntry object with metadata, or null if not found
-
removeDataCtx
boolean removeDataCtx(String key)
Remove a value from the data store by key.
- Parameters:
key- The key to remove- Returns:
True if the key existed and was removed, False otherwise
-
clearDataCtx
void clearDataCtx()
Clear all entries from the data store.
-
listDataCtx
List<DataEntry> listDataCtx()
List all entries with their metadata.
- Returns:
A list of DataEntry objects
-
getStatsCtx
DataStoreStats getStatsCtx()
Get statistics about the data store.
- Returns:
A DataStoreStats object
-
close
void close()
-
isTrustedIssuerLoadedByName
boolean isTrustedIssuerLoadedByName(String issuerId)
-
isTrustedIssuerLoadedByIss
boolean isTrustedIssuerLoadedByIss(String issClaim)
-
totalIssuers
long totalIssuers()
-
loadedTrustedIssuersCount
long loadedTrustedIssuersCount()
-
loadedTrustedIssuerIds
List<String> loadedTrustedIssuerIds()
-
failedTrustedIssuerIds
List<String> failedTrustedIssuerIds()
-
-
-
-