This repository contains the source code for a Java package CedarJava that supports using the Cedar policy language. It also contains source code for a Rust crate CedarJavaFFI that enables calling Cedar library functions (written in Rust) from Java.
Cedar is a language for writing and enforcing authorization policies in your applications. Using Cedar, you can write policies that specify your applications' fine-grained permissions. Your applications then authorize access requests by calling Cedar's authorization engine. Because Cedar policies are separate from application code, they can be independently authored, updated, analyzed, and audited. You can use Cedar's validator to check that Cedar policies are consistent with a declared schema which defines your application's authorization model.
CedarJava is available as a maven package. You can add CedarJava as a dependency to your build file.
Example (Gradle):
dependencies{
implementation 'com.cedarpolicy:cedar-java:4.2.3:uber'
}
We highly recommend using the *-uber.jar as it also contains the shared library from CedarJavaFFI.
See https://central.sonatype.com/artifact/com.cedarpolicy/cedar-java for more details.
The CedarJavaFFI and CedarJava directories contain detailed instructions on building the individual modules.
The CedarJava module uses Gradle to build both modules and run integration tests. It stores the shared library from CedarJavaFFI in the -uber.jar. The following commands provide general usage for getting started.
cd CedarJava
./gradlew buildHere is a small snippet on how to perform isAuthorized() call using CedarJava
package com.mypackage;
import com.cedarpolicy.AuthorizationEngine;
import com.cedarpolicy.BasicAuthorizationEngine;
import com.cedarpolicy.model.AuthorizationRequest;
import com.cedarpolicy.model.AuthorizationResponse;
import com.cedarpolicy.model.Context;
import com.cedarpolicy.model.entity.Entities;
import com.cedarpolicy.model.entity.Entity;
import com.cedarpolicy.model.policy.PolicySet;
import com.cedarpolicy.value.EntityUID;
public class SimpleAuthorization {
public static void main(String[] args) throws Exception {
// Build entities
Entity principal = new Entity(EntityUID.parse("User::\"Alice\"").get());
Entity action = new Entity(EntityUID.parse("Action::\"view\"").get());
Entity resource = new Entity(EntityUID.parse("Photo::\"alice_photo\"").get());
// Build policies
PolicySet policySet = PolicySet.parsePolicies("""
permit(
principal == User::"Alice",
action == Action::"view",
resource == Photo::"alice_photo"
);
forbid(
principal == User::"Alice",
action == Action::"view",
resource == Photo::"bob_photo"
);
""");
// Authorization request
AuthorizationEngine ae = new BasicAuthorizationEngine();
Entities entities = new Entities();
Context context = new Context();
AuthorizationRequest request = new AuthorizationRequest(principal, action, resource, context);
AuthorizationResponse authorizationResponse = ae.isAuthorized(request, policySet, entities);
}
}Explore our sample applications in cedar-examples:
- cedar-java-hello-world: Demonstrates basic authorization calls using Cedar-Java
- cedar-java-partial-evaluation: Illustrates partial evaluation capabilities in Cedar-Java
For a list of changes and version updates, see CHANGELOG.md.
CedarJava requires JDK 17 or later.
Cedar is primarily developed in Rust (in the cedar repository). As such, CedarJava typically lags behind the newest Cedar features.
The main branch of this repository is kept up-to-date with the development version of the Rust code (available in the main branch of cedar). Unless you plan to build the Rust code locally, please use the latest release/x.x.x branch instead.
See CONTRIBUTING for more information.
This project is licensed under the Apache-2.0 License.