Class RoleClosureIteratorImpl

  • All Implemented Interfaces:
    RoleClosureIterator

    public class RoleClosureIteratorImpl
    extends java.lang.Object
    implements RoleClosureIterator
    Allows iterator over the role grant closure defined by the relation GRANT role-a TO role-b, or its inverse.

    The graph is represented as a HashMap where the key is the node and the value is a List grant descriptors representing outgoing arcs. The set constructed depends on whether inverse was specified in the constructor.

    See Also:
    RoleClosureIterator
    • Field Summary

      Fields 
      Modifier and Type Field Description
      private java.util.Iterator<RoleGrantDescriptor> currNodeIter
      Last node returned by next; a logical pointer into the arcs list of a node we are currently processing.
      private DataDictionaryImpl dd
      DataDictionaryImpl used to get closure graph
      private java.util.HashMap<java.lang.String,​java.util.List<RoleGrantDescriptor>> graph
      Holds the grant graph.
      private boolean initial
      true before next is called the first time
      private boolean inverse
      true if closure is inverse of GRANT role-a TO role-b.
      private java.util.List<RoleGrantDescriptor> lifo
      Holds discovered, but not yet handed out, roles in the closure.
      private java.lang.String root
      The role for which we compute the closure.
      private java.util.HashMap<java.lang.String,​java.lang.Object> seenSoFar
      Holds roles seen so far when computing the closure.
      private TransactionController tc
      TransactionController used to get closure graph
    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.String next()
      Returns the next (as yet unreturned) role in the transitive closure of the grant or grant-1 relation.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • inverse

        private final boolean inverse
        true if closure is inverse of GRANT role-a TO role-b.
      • seenSoFar

        private java.util.HashMap<java.lang.String,​java.lang.Object> seenSoFar
        Holds roles seen so far when computing the closure.
        • Key: role name. Depending on value of inverse, the key represents and is compared against roleName() or grantee() of role descriptors visited.
        • Value: none
      • graph

        private java.util.HashMap<java.lang.String,​java.util.List<RoleGrantDescriptor>> graph
        Holds the grant graph.
        • key: role name
        • value: list of RoleGrantDescriptor, making up outgoing arcs in graph
      • lifo

        private java.util.List<RoleGrantDescriptor> lifo
        Holds discovered, but not yet handed out, roles in the closure.
      • currNodeIter

        private java.util.Iterator<RoleGrantDescriptor> currNodeIter
        Last node returned by next; a logical pointer into the arcs list of a node we are currently processing.
      • root

        private java.lang.String root
        The role for which we compute the closure.
      • initial

        private boolean initial
        true before next is called the first time
    • Method Detail

      • next

        public java.lang.String next()
                              throws StandardException
        Description copied from interface: RoleClosureIterator
        Returns the next (as yet unreturned) role in the transitive closure of the grant or grant-1 relation. The grant relation forms a DAG (directed acyclic graph).
         Example:
              Assume a set of created roles forming nodes:
                    {a1, a2, a3, b, c, d, e, f, h, j}
        
              Assume a set of GRANT statements forming arcs:
        
              GRANT a1 TO b;   GRANT b TO e;  GRANT e TO h;
              GRANT a1 TO c;                  GRANT e TO f;
              GRANT a2 TO c;   GRANT c TO f;  GRANT f TO h;
              GRANT a3 TO d;   GRANT d TO f;  GRANT a1 to j;
        
        
                  a1            a2         a3
                 / | \           |          |
                /  b  +--------> c          d
               j   |              \        /
                   e---+           \      /
                    \   \           \    /
                     \   \---------+ \  /
                      \             \_ f
                       \             /
                        \           /
                         \         /
                          \       /
                           \     /
                            \   /
                              h
         
        An iterator on the inverse relation starting at h for the above grant graph will return:
               closure(h, grant-inv) = {h, e, b, a1, f, c, a2, d, a3}
         

        An iterator on normal (not inverse) relation starting at a1 for the above grant graph will return:

               closure(a1, grant)    = {a1, b, j, e, h, f, c}
         
        Specified by:
        next in interface RoleClosureIterator
        Returns:
        a role name identifying a yet unseen node, or null if the closure is exhausted. The order in which the nodes are returned is not defined, except that the root is always returned first (h and a1 in the above examples).
        Throws:
        StandardException