grn 是graylog 的资源名称,属于一种urn,从功能上类似aws 的 arn 主要用来进行权限以及资源分配管理
参考格式
grn:<cluster>:<tenant>:<scope>:<type>:<entity>
graylog 解析处理
核心是slit,然后拆分处理
static GRN parse(String grn, GRNRegistry grnRegistry) {
final List<String> tokens = SPLITTER.splitToList(grn.toLowerCase(Locale.ENGLISH));
if (tokens.size() != 6) {
throw new IllegalArgumentException(String.format(Locale.US, "<%s> is not a valid GRN string", grn));
}
if (!tokens.get(0).equals("grn")) {
throw new IllegalArgumentException(String.format(Locale.US, "<%s> is not a grn scheme", tokens.get(0)));
}
final String type = tokens.get(4);
final Builder builder = grnRegistry.newGRNBuilder(type)
.cluster(tokens.get(1))
.tenant(tokens.get(2))
.scope(tokens.get(3))
.entity(tokens.get(5));
return builder.build();
}
权限部分对于type 的使用
public boolean isPermissionApplicable(String permission) {
// ENTITY_OWN is applicable to any target
return permission.startsWith(RestPermissions.ENTITY_OWN) ||
permission.startsWith(grnType().permissionPrefix()) ||
// TODO Dashboard code still uses `view:` permissions
(grnType().equals(GRNTypes.DASHBOARD) && permission.startsWith(GRNTypes.SEARCH.permissionPrefix()));
}
说明
基于urn 的权限管理是一个很不错的选择,比如shiro 就基于了urn 但是扩展了不少,graylog 好多东西都基于了此能力
参考资料
https://github.com/Graylog2/graylog2-server/tree/master/graylog2-server/src/main/java/org/graylog/grn
https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
https://github.com/Graylog2/graylog2-server/blob/626be1f0d80506705b5ba41fbea33c2ec0164bc0/graylog2-server/src/main/java/org/graylog2/shared/security/RestPermissions.java
https://github.com/Graylog2/graylog2-server/blob/626be1f0d80506705b5ba41fbea33c2ec0164bc0/graylog2-server/src/main/java/org/graylog/grn/GRNTypes.java
https://github.com/Graylog2/graylog2-server/blob/626be1f0d80506705b5ba41fbea33c2ec0164bc0/graylog2-server/src/main/java/org/graylog/security/permissions/GRNPermission.java
https://shiro.apache.org/permissions.html