RoleClosureIteratorpublic class RoleClosureIteratorImpl extends java.lang.Object implements RoleClosureIterator
GRANT role-a TO role-b, or its inverse.
The graph is represented as a HashMap where the key is
the node and the value is a List grant descriptors representing
outgoing arcs. The set constructed depends on whether inverse
was specified in the constructor.
RoleClosureIterator| Modifier and Type | Field | Description |
|---|---|---|
private java.util.Iterator<RoleGrantDescriptor> |
currNodeIter |
Last node returned by next; a logical pointer into the arcs
list of a node we are currently processing.
|
private DataDictionaryImpl |
dd |
DataDictionaryImpl used to get closure graph
|
private java.util.HashMap<java.lang.String,java.util.List<RoleGrantDescriptor>> |
graph |
Holds the grant graph.
|
private boolean |
initial |
true before next is called the first time
|
private boolean |
inverse |
true if closure is inverse of GRANT role-a TO role-b.
|
private java.util.List<RoleGrantDescriptor> |
lifo |
Holds discovered, but not yet handed out, roles in the closure.
|
private java.lang.String |
root |
The role for which we compute the closure.
|
private java.util.HashMap<java.lang.String,java.lang.Object> |
seenSoFar |
Holds roles seen so far when computing the closure.
|
private TransactionController |
tc |
TransactionController used to get closure graph
|
| Constructor | Description |
|---|---|
RoleClosureIteratorImpl(java.lang.String root,
boolean inverse,
DataDictionaryImpl dd,
TransactionController tc) |
Constructor (package private).
|
| Modifier and Type | Method | Description |
|---|---|---|
java.lang.String |
next() |
Returns the next (as yet unreturned) role in the transitive closure of
the grant or grant-1 relation.
|
private final boolean inverse
private java.util.HashMap<java.lang.String,java.lang.Object> seenSoFar
inverse, the
key represents and is compared against roleName()
or grantee() of role descriptors visited.private java.util.HashMap<java.lang.String,java.util.List<RoleGrantDescriptor>> graph
RoleGrantDescriptor, making up outgoing arcs
in graphprivate java.util.List<RoleGrantDescriptor> lifo
private java.util.Iterator<RoleGrantDescriptor> currNodeIter
private DataDictionaryImpl dd
private TransactionController tc
private java.lang.String root
private boolean initial
RoleClosureIteratorImpl(java.lang.String root,
boolean inverse,
DataDictionaryImpl dd,
TransactionController tc)
createRoleClosureIterator to obtain an instance.root - The role name for which to compute the closureinverse - If true, graph represents the
grant-1 relation.dd - data dictionarytc - transaction controllerDataDictionary.createRoleClosureIterator(org.apache.derby.iapi.store.access.TransactionController, java.lang.String, boolean)public java.lang.String next()
throws StandardException
RoleClosureIterator
Example:
Assume a set of created roles forming nodes:
{a1, a2, a3, b, c, d, e, f, h, j}
Assume a set of GRANT statements forming arcs:
GRANT a1 TO b; GRANT b TO e; GRANT e TO h;
GRANT a1 TO c; GRANT e TO f;
GRANT a2 TO c; GRANT c TO f; GRANT f TO h;
GRANT a3 TO d; GRANT d TO f; GRANT a1 to j;
a1 a2 a3
/ | \ | |
/ b +--------> c d
j | \ /
e---+ \ /
\ \ \ /
\ \---------+ \ /
\ \_ f
\ /
\ /
\ /
\ /
\ /
\ /
h
An iterator on the inverse relation starting at h for the above
grant graph will return:
closure(h, grant-inv) = {h, e, b, a1, f, c, a2, d, a3}
An iterator on normal (not inverse) relation starting at a1 for the above grant graph will return:
closure(a1, grant) = {a1, b, j, e, h, f, c}
next in interface RoleClosureIteratorStandardExceptionApache Derby V10.14 Internals - Copyright © 2004,2018 The Apache Software Foundation. All Rights Reserved.