Class CedarlingAdapter

  • All Implemented Interfaces:
    java.lang.AutoCloseable

    
    public class CedarlingAdapter
     implements AutoCloseable
                        

    High-level wrapper around the Cedarling UniFFI binding.

    This adapter hides the UniFFI-generated types from application code by providing convenience methods that accept standard Java types (Map, String, JSONObject). The lower-level overloads that accept EntityData and TokenInput directly are still available for advanced use cases.

    The legacy authorize(Map<String,String> tokens, ...) method has been replaced by two dedicated methods:

    • Constructor Detail

      • CedarlingAdapter

        CedarlingAdapter()
    • Method Detail

      • authorizeMultiIssuer

         MultiIssuerAuthorizeResult authorizeMultiIssuer(Map<String, String> tokens, String action, JSONObject resource, JSONObject context)

        Authorize using JWT tokens from multiple issuers.

        This is the recommended replacement for the removed authorize(Map&lt;String,String&gt;, ...) method. Each map entry is a token mapping name (e.g. "Jans::Access_Token") to the raw JWT string.

        Parameters:
        tokens - mapping name → JWT string (must not be null; no null keys or values)
        action - Cedar action (e.g.
        resource - resource as JSONObject (must not be null)
        context - context as JSONObject (may be null; sent as empty JSON object to the engine)
        Returns:

        authorization result

      • authorizeUnsigned

         AuthorizeResult authorizeUnsigned(String principalJson, String action, JSONObject resource, JSONObject context)

        Authorize with an optional principal provided as a JSON string.

        This is the simplest way to call authorizeUnsigned without importing any UniFFI types. When principalJson is non-null it is parsed into EntityData; when null, the engine runs without an asserted principal (partial evaluation / Cedar partial mode), matching core RequestUnsigned.principal == None.

        Parameters:
        principalJson - principal as a JSON string, or null for no asserted principal
        action - Cedar action
        resource - resource as JSONObject (must not be null)
        context - context as JSONObject (may be null; sent as empty JSON object to the engine)
        Returns:

        authorization result

      • authorizeUnsignedEntity

         AuthorizeResult authorizeUnsignedEntity(EntityData principal, String action, JSONObject resource, JSONObject context)

        Authorize with an optional pre-built EntityData principal.

        Use this when you already have an EntityData instance (e.g. from UniFFI or advanced integration code). Pass null for principal when no asserted principal should be supplied. A null context is sent as an empty JSON object to the engine.

        This method is named authorizeUnsignedEntity (rather than an overload of authorizeUnsigned) so that a null principal does not make overload resolution ambiguous in Java.

        Parameters:
        principal - optional principal entity, or null for partial evaluation without one
        resource - resource as JSONObject (must not be null)
      • pushDataCtx

         void pushDataCtx(String key, JSONObject value, Long ttlSecs)

        Push a value into the data store with an optional TTL. If the key already exists, the value will be replaced. If TTL is not provided, the default TTL from configuration is used.

        Parameters:
        key - The key for the data entry
        value - The value to store (as JSONObject)
        ttlSecs - Optional TTL in seconds (null uses default from config)
      • pushDataCtx

         void pushDataCtx(String key, String value, Long ttlSecs)

        Push a value into the data store with an optional TTL. If the key already exists, the value will be replaced. If TTL is not provided, the default TTL from configuration is used.

        Parameters:
        key - The key for the data entry
        value - The value to store (as JSON string)
        ttlSecs - Optional TTL in seconds (null uses default from config)
      • pushDataCtx

         void pushDataCtx(String key, JSONObject value)

        Push a value into the data store without TTL (uses default from config).

        Parameters:
        key - The key for the data entry
        value - The value to store (as JSONObject)
      • pushDataCtx

         void pushDataCtx(String key, String value)

        Push a value into the data store without TTL (uses default from config).

        Parameters:
        key - The key for the data entry
        value - The value to store (as JSON string)
      • getDataCtx

         Object getDataCtx(String key)

        Get a value from the data store by key. Returns null if the key doesn't exist or the entry has expired.

        Parameters:
        key - The key to retrieve
        Returns:

        The value as an Object (JSONObject, JSONArray, String, Number, Boolean, or null), or null if not found

      • getDataEntryCtx

         DataEntry getDataEntryCtx(String key)

        Get a data entry with full metadata by key. Returns null if the key doesn't exist or the entry has expired.

        Parameters:
        key - The key to retrieve
        Returns:

        A DataEntry object with metadata, or null if not found

      • removeDataCtx

         boolean removeDataCtx(String key)

        Remove a value from the data store by key.

        Parameters:
        key - The key to remove
        Returns:

        True if the key existed and was removed, False otherwise

      • clearDataCtx

         void clearDataCtx()

        Clear all entries from the data store.