亚马逊云科技开源 PBAC 领域特定语言 Cedar

pub fn is_authorized(    &self,    principal: impl AsRef<EntityUid>,    action: impl AsRef<EntityUid>,    resource: impl AsRef<EntityUid>,) -> Result<()> {    let es = self.entities.as_entities();    let q = Request::new(        Some(principal.as_ref().clone().into()),        Some(action.as_ref().clone().into()),        Some(resource.as_ref().clone().into()),        Context::empty(),    );    info!(        "is_authorized request: principal: {}, action: {}, resource: {}",        principal.as_ref(),        action.as_ref(),        resource.as_ref()    );    let response = self.authorizer.is_authorized(&q, &self.policies, &es);    info!("Auth response: {:?}", response);    match response.decision() {        Decision::Allow => Ok(()),        Decision::Deny => Err(Error::AuthDenied(response.diagnostics().clone())),    }}

private Set<Policy> buildPolicySlice() {   Set<Policy> ps = new HashSet<>();   String fullPolicy = "permit(principal == User::\"Alice\", action == Action::\"View_Photo\", resource in Album::\"Vacation\");";   ps.add(new Policy(fullPolicy, "p1"));   return ps;}

public boolean sampleMethod() throws AuthException {    AuthorizationEngine ae = new WrapperAuthorizationEngine();    AuthorizationQuery q = new AuthorizationQuery("User::\"Alice\"", "Action::\"View_Photo\"", "Photo::\"pic01\"");    return ae.isAuthorized(q, buildSlice()).isAllowed();}