diff --git a/README.md b/README.md
index 531919f9..a67edbfd 100644
--- a/README.md
+++ b/README.md
@@ -49,95 +49,100 @@ RBAC-based And Policy-based Multi-Tenant Reactive Security Framework.
 
 ```json
 {
-  "id": "2",
-  "name": "auth",
-  "category": "auth",
-  "description": "",
+  "id": "id",
+  "name": "name",
+  "category": "category",
+  "description": "description",
   "type": "global",
-  "tenantId": "1",
+  "tenantId": "tenantId",
   "statements": [
     {
+      "name": "Anonymous",
       "effect": "allow",
       "actions": [
         {
-          "type": "all"
+          "type": "path",
+          "pattern": "/auth/register"
         },
         {
-          "type": "none"
-        },
+          "type": "path",
+          "pattern": "/auth/login"
+        }
+      ]
+    },
+    {
+      "name": "UserScope",
+      "effect": "allow",
+      "actions": [
         {
           "type": "path",
-          "methods": [
-            "GET",
-            "POST",
-            "PUT",
-            "DELETE"
-          ],
-          "pattern": "/user/{userId}/*"
+          "pattern": "/user/#{principal.id}/*"
         }
       ],
       "conditions": [
         {
           "type": "authenticated"
-        },
+        }
+      ]
+    },
+    {
+      "name": "Developer",
+      "effect": "allow",
+      "actions": [
+        {
+          "type": "all"
+        }
+      ],
+      "conditions": [
         {
           "type": "in",
           "part": "context.principal.id",
           "in": [
-            "userId"
+            "developerId"
           ]
         }
       ]
     },
     {
+      "name": "RequestOriginDeny",
       "effect": "deny",
       "actions": [
         {
-          "type": "all",
-          "methods": [
-            "GET"
-          ]
-        },
-        {
-          "type": "none"
-        },
-        {
-          "type": "path",
-          "pattern": ".*"
-        },
-        {
-          "type": "path",
-          "pattern": "#{principal.id}.*"
-        },
+          "type": "all"
+        }
+      ],
+      "conditions": [
         {
           "type": "reg",
-          "pattern": ".*"
-        },
+          "negate": true,
+          "part": "request.origin",
+          "pattern": "^(http|https)://github.com"
+        }
+      ]
+    },
+    {
+      "name": "IpBlacklist",
+      "effect": "deny",
+      "actions": [
         {
-          "type": "reg",
-          "pattern": "#{principal.id}.*"
+          "type": "all"
         }
       ],
       "conditions": [
         {
-          "type": "all"
-        },
-        {
-          "type": "none"
-        },
-        {
-          "type": "spel",
-          "pattern": "context.principal.id=='1'"
-        },
-        {
-          "type": "ognl",
-          "pattern": "path == \"auth/login\""
+          "type": "path",
+          "part": "request.remoteIp",
+          "path": {
+            "caseSensitive": false,
+            "separator": ".",
+            "decodeAndParseSegments": false
+          },
+          "pattern": "192.168.0.*"
         }
       ]
     }
   ]
 }
-
 ```
 
 ## Thanks
diff --git a/README.zh-CN.md b/README.zh-CN.md
index 1a85701e..bdc9c443 100644
--- a/README.zh-CN.md
+++ b/README.zh-CN.md
@@ -49,95 +49,100 @@
 
 ```json
 {
-  "id": "2",
-  "name": "auth",
-  "category": "auth",
-  "description": "",
+  "id": "id",
+  "name": "name",
+  "category": "category",
+  "description": "description",
   "type": "global",
-  "tenantId": "1",
+  "tenantId": "tenantId",
   "statements": [
     {
+      "name": "Anonymous",
       "effect": "allow",
       "actions": [
         {
-          "type": "all"
+          "type": "path",
+          "pattern": "/auth/register"
         },
         {
-          "type": "none"
-        },
+          "type": "path",
+          "pattern": "/auth/login"
+        }
+      ]
+    },
+    {
+      "name": "UserScope",
+      "effect": "allow",
+      "actions": [
         {
           "type": "path",
-          "methods": [
-            "GET",
-            "POST",
-            "PUT",
-            "DELETE"
-          ],
-          "pattern": "/user/{userId}/*"
+          "pattern": "/user/#{principal.id}/*"
         }
       ],
       "conditions": [
         {
           "type": "authenticated"
-        },
+        }
+      ]
+    },
+    {
+      "name": "Developer",
+      "effect": "allow",
+      "actions": [
+        {
+          "type": "all"
+        }
+      ],
+      "conditions": [
         {
           "type": "in",
           "part": "context.principal.id",
           "in": [
-            "userId"
+            "developerId"
           ]
         }
       ]
     },
     {
+      "name": "RequestOriginDeny",
       "effect": "deny",
       "actions": [
         {
-          "type": "all",
-          "methods": [
-            "GET"
-          ]
-        },
-        {
-          "type": "none"
-        },
-        {
-          "type": "path",
-          "pattern": ".*"
-        },
-        {
-          "type": "path",
-          "pattern": "#{principal.id}.*"
-        },
+          "type": "all"
+        }
+      ],
+      "conditions": [
         {
           "type": "reg",
-          "pattern": ".*"
-        },
+          "negate": true,
+          "part": "request.origin",
+          "pattern": "^(http|https)://github.com"
+        }
+      ]
+    },
+    {
+      "name": "IpBlacklist",
+      "effect": "deny",
+      "actions": [
         {
-          "type": "reg",
-          "pattern": "#{principal.id}.*"
+          "type": "all"
         }
       ],
       "conditions": [
         {
-          "type": "all"
-        },
-        {
-          "type": "none"
-        },
-        {
-          "type": "spel",
-          "pattern": "context.principal.id=='1'"
-        },
-        {
-          "type": "ognl",
-          "pattern": "path == \"auth/login\""
+          "type": "path",
+          "part": "request.remoteIp",
+          "path": {
+            "caseSensitive": false,
+            "separator": ".",
+            "decodeAndParseSegments": false
+          },
+          "pattern": "192.168.0.*"
         }
       ]
     }
   ]
 }
-
 ```
 
 ## 感谢
diff --git a/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/Policy.kt b/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/Policy.kt
index 5354b3f1..997bd944 100644
--- a/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/Policy.kt
+++ b/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/Policy.kt
@@ -24,5 +24,5 @@ interface Policy : Named, Tenant {
     val category: String
     val description: String
     val type: PolicyType
-    val statements: Set<Statement>
+    val statements: List<Statement>
 }
diff --git a/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/Statement.kt b/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/Statement.kt
index 01fb1e07..4d5f24a1 100644
--- a/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/Statement.kt
+++ b/cosec-api/src/main/kotlin/me/ahoo/cosec/api/policy/Statement.kt
@@ -13,13 +13,15 @@
 
 package me.ahoo.cosec.api.policy
 
+import me.ahoo.cosec.api.Named
 import me.ahoo.cosec.api.context.SecurityContext
 import me.ahoo.cosec.api.context.request.Request
 
-interface Statement : PermissionVerifier {
+interface Statement : Named, PermissionVerifier {
+    override val name: String
     val effect: Effect
-    val actions: Set<ActionMatcher>
-    val conditions: Set<ConditionMatcher>
+    val actions: List<ActionMatcher>
+    val conditions: List<ConditionMatcher>
 
     override fun verify(request: Request, securityContext: SecurityContext): VerifyResult {
         conditions.all {
diff --git a/cosec-core/src/main/kotlin/me/ahoo/cosec/authorization/SimpleAuthorization.kt b/cosec-core/src/main/kotlin/me/ahoo/cosec/authorization/SimpleAuthorization.kt
index 1eaae72d..b4af3e96 100644
--- a/cosec-core/src/main/kotlin/me/ahoo/cosec/authorization/SimpleAuthorization.kt
+++ b/cosec-core/src/main/kotlin/me/ahoo/cosec/authorization/SimpleAuthorization.kt
@@ -39,11 +39,13 @@ class SimpleAuthorization(private val policyRepository: PolicyRepository) : Auth
         policies.forEach { policy: Policy ->
             policy.statements.filter { statement: Statement ->
                 statement.effect == Effect.DENY
-            }.forEach { statement: Statement ->
+            }.forEachIndexed { index, statement ->
                 val verifyResult = statement.verify(request, context)
                 if (verifyResult == VerifyResult.EXPLICIT_DENY) {
                     if (log.isDebugEnabled) {
-                        log.debug("Verify [$request] [$context] matched Policy[${policy.id}] - [Explicit Deny].")
+                        log.debug(
+                            "Verify [$request] [$context] matched Policy[${policy.id}] Statement[$index][${statement.name}] - [Explicit Deny]."
+                        )
                     }
                     return VerifyResult.EXPLICIT_DENY
                 }
@@ -53,11 +55,13 @@ class SimpleAuthorization(private val policyRepository: PolicyRepository) : Auth
         policies.forEach { policy: Policy ->
             policy.statements.filter { statement: Statement ->
                 statement.effect == Effect.ALLOW
-            }.forEach { statement: Statement ->
+            }.forEachIndexed { index, statement ->
                 val verifyResult = statement.verify(request, context)
                 if (verifyResult == VerifyResult.ALLOW) {
                     if (log.isDebugEnabled) {
-                        log.debug("Verify [$request] [$context] matched Policy[${policy.id}] - [Allow].")
+                        log.debug(
+                            "Verify [$request] [$context] matched Policy[${policy.id}] Statement[$index][${statement.name}] - [Allow]."
+                        )
                     }
                     return VerifyResult.ALLOW
                 }
diff --git a/cosec-core/src/main/kotlin/me/ahoo/cosec/policy/PolicyData.kt b/cosec-core/src/main/kotlin/me/ahoo/cosec/policy/PolicyData.kt
index fbcd6ff8..cf9b9a9e 100644
--- a/cosec-core/src/main/kotlin/me/ahoo/cosec/policy/PolicyData.kt
+++ b/cosec-core/src/main/kotlin/me/ahoo/cosec/policy/PolicyData.kt
@@ -17,12 +17,31 @@ import me.ahoo.cosec.api.policy.Policy
 import me.ahoo.cosec.api.policy.PolicyType
 import me.ahoo.cosec.api.policy.Statement
 
-data class PolicyData(
+class PolicyData(
     override val id: String,
     override val category: String,
     override val name: String,
     override val description: String,
     override val type: PolicyType,
     override val tenantId: String,
-    override val statements: Set<Statement> = emptySet()
-) : Policy
+    override val statements: List<Statement> = listOf()
+) : Policy {
+
+    override fun equals(other: Any?): Boolean {
+        if (this === other) return true
+        if (javaClass != other?.javaClass) return false
+
+        other as PolicyData
+
+        if (id != other.id) return false
+        if (tenantId != other.tenantId) return false
+
+        return true
+    }
+
+    override fun hashCode(): Int {
+        var result = id.hashCode()
+        result = 31 * result + tenantId.hashCode()
+        return result
+    }
+}
diff --git a/cosec-core/src/main/kotlin/me/ahoo/cosec/policy/StatementData.kt b/cosec-core/src/main/kotlin/me/ahoo/cosec/policy/StatementData.kt
index ddaf682f..20fd5dfe 100644
--- a/cosec-core/src/main/kotlin/me/ahoo/cosec/policy/StatementData.kt
+++ b/cosec-core/src/main/kotlin/me/ahoo/cosec/policy/StatementData.kt
@@ -19,7 +19,8 @@ import me.ahoo.cosec.api.policy.Effect
 import me.ahoo.cosec.api.policy.Statement
 
 data class StatementData(
+    override val name: String = "",
     override val effect: Effect = Effect.ALLOW,
-    override val actions: Set<ActionMatcher> = emptySet(),
-    override val conditions: Set<ConditionMatcher> = emptySet()
+    override val actions: List<ActionMatcher> = listOf(),
+    override val conditions: List<ConditionMatcher> = listOf()
 ) : Statement
diff --git a/cosec-core/src/main/kotlin/me/ahoo/cosec/serialization/JsonPolicySerializer.kt b/cosec-core/src/main/kotlin/me/ahoo/cosec/serialization/JsonPolicySerializer.kt
index dd8e8dba..5d076e61 100644
--- a/cosec-core/src/main/kotlin/me/ahoo/cosec/serialization/JsonPolicySerializer.kt
+++ b/cosec-core/src/main/kotlin/me/ahoo/cosec/serialization/JsonPolicySerializer.kt
@@ -56,23 +56,30 @@ object JsonPolicySerializer : StdSerializer<Policy>(Policy::class.java) {
 object JsonPolicyDeserializer : StdDeserializer<Policy>(Policy::class.java) {
     override fun deserialize(p: JsonParser, ctxt: DeserializationContext): Policy {
         val jsonNode = p.codec.readTree<JsonNode>(p)
-        val statements = jsonNode.has(POLICY_STATEMENTS_KEY).let { hasStatements ->
-            if (hasStatements) {
-                jsonNode.get(POLICY_STATEMENTS_KEY).map {
-                    it.traverse(p.codec).readValueAs(Statement::class.java)
-                }.toSet()
-            } else {
-                emptySet()
-            }
-        }
+
+        val statements = jsonNode.get(POLICY_STATEMENTS_KEY)?.map {
+            it.traverse(p.codec).readValueAs(Statement::class.java)
+        }.orEmpty()
 
         return PolicyData(
-            id = jsonNode.get(POLICY_ID_KEY).asText(),
-            name = jsonNode.get(POLICY_NAME_KEY).asText(),
-            category = jsonNode.get(POLICY_CATEGORY_KEY).asText(),
-            description = jsonNode.get(POLICY_DESCRIPTION_KEY).asText(),
-            type = jsonNode.get(POLICY_TYPE_KEY).traverse(p.codec).readValueAs(PolicyType::class.java),
-            tenantId = jsonNode.get(TENANT_ID_KEY).asText(),
+            id = requireNotNull(jsonNode.get(POLICY_ID_KEY)) {
+                "$POLICY_ID_KEY is required!"
+            }.asText(),
+            name = requireNotNull(jsonNode.get(POLICY_NAME_KEY)) {
+                "$POLICY_NAME_KEY is required!"
+            }.asText(),
+            category = requireNotNull(jsonNode.get(POLICY_CATEGORY_KEY)) {
+                "$POLICY_CATEGORY_KEY is required!"
+            }.asText(),
+            description = requireNotNull(jsonNode.get(POLICY_DESCRIPTION_KEY)) {
+                "$POLICY_DESCRIPTION_KEY is required!"
+            }.asText(),
+            type = requireNotNull(jsonNode.get(POLICY_TYPE_KEY)) {
+                "$POLICY_TYPE_KEY is required!"
+            }.traverse(p.codec).readValueAs(PolicyType::class.java),
+            tenantId = requireNotNull(jsonNode.get(TENANT_ID_KEY)) {
+                "$TENANT_ID_KEY is required!"
+            }.asText(),
             statements = statements
         )
     }
diff --git a/cosec-core/src/main/kotlin/me/ahoo/cosec/serialization/JsonStatementSerializer.kt b/cosec-core/src/main/kotlin/me/ahoo/cosec/serialization/JsonStatementSerializer.kt
index 1b9f464f..02a48e8e 100644
--- a/cosec-core/src/main/kotlin/me/ahoo/cosec/serialization/JsonStatementSerializer.kt
+++ b/cosec-core/src/main/kotlin/me/ahoo/cosec/serialization/JsonStatementSerializer.kt
@@ -26,6 +26,7 @@ import me.ahoo.cosec.api.policy.Effect
 import me.ahoo.cosec.api.policy.Statement
 import me.ahoo.cosec.policy.StatementData
 
+const val STATEMENT_NAME = "name"
 const val STATEMENT_EFFECT_KEY = "effect"
 const val STATEMENT_ACTIONS_KEY = "actions"
 const val STATEMENT_CONDITIONS_KEY = "conditions"
@@ -33,6 +34,7 @@ const val STATEMENT_CONDITIONS_KEY = "conditions"
 object JsonStatementSerializer : StdSerializer<Statement>(Statement::class.java) {
     override fun serialize(value: Statement, gen: JsonGenerator, provider: SerializerProvider) {
         gen.writeStartObject()
+        gen.writeStringField(STATEMENT_NAME, value.name)
         gen.writePOJOField(STATEMENT_EFFECT_KEY, value.effect)
         if (value.actions.isNotEmpty()) {
             gen.writeArrayFieldStart(STATEMENT_ACTIONS_KEY)
@@ -55,27 +57,19 @@ object JsonStatementSerializer : StdSerializer<Statement>(Statement::class.java)
 object JsonStatementDeserializer : StdDeserializer<Statement>(Statement::class.java) {
     override fun deserialize(p: JsonParser, ctxt: DeserializationContext): Statement {
         val jsonNode = p.codec.readTree<JsonNode>(p)
-        val actions = jsonNode.has(STATEMENT_ACTIONS_KEY).let { hasActions ->
-            if (hasActions) {
-                jsonNode.get(STATEMENT_ACTIONS_KEY).map {
-                    it.traverse(p.codec).readValueAs(ActionMatcher::class.java)
-                }.toSet()
-            } else {
-                emptySet()
-            }
-        }
-        val conditions = jsonNode.has(STATEMENT_CONDITIONS_KEY).let { hasConditions ->
-            if (hasConditions) {
-                jsonNode.get(STATEMENT_CONDITIONS_KEY).map {
-                    it.traverse(p.codec).readValueAs(ConditionMatcher::class.java)
-                }.toSet()
-            } else {
-                emptySet()
-            }
-        }
+        val actions = jsonNode.get(STATEMENT_ACTIONS_KEY)?.map {
+            it.traverse(p.codec).readValueAs(ActionMatcher::class.java)
+        }.orEmpty()
+
+        val conditions = jsonNode.get(STATEMENT_CONDITIONS_KEY)?.map {
+            it.traverse(p.codec).readValueAs(ConditionMatcher::class.java)
+        }.orEmpty()
 
         return StatementData(
-            effect = jsonNode.get(STATEMENT_EFFECT_KEY).traverse(p.codec).readValueAs(Effect::class.java),
+            name = jsonNode.get(STATEMENT_NAME)?.asText().orEmpty(),
+            effect = requireNotNull(jsonNode.get(STATEMENT_EFFECT_KEY)) {
+                "$STATEMENT_EFFECT_KEY is required!"
+            }.traverse(p.codec).readValueAs(Effect::class.java),
             actions = actions,
             conditions = conditions
         )
diff --git a/cosec-core/src/test/kotlin/me/ahoo/cosec/authorization/SimpleAuthorizationTest.kt b/cosec-core/src/test/kotlin/me/ahoo/cosec/authorization/SimpleAuthorizationTest.kt
index e579d531..c77d07e3 100644
--- a/cosec-core/src/test/kotlin/me/ahoo/cosec/authorization/SimpleAuthorizationTest.kt
+++ b/cosec-core/src/test/kotlin/me/ahoo/cosec/authorization/SimpleAuthorizationTest.kt
@@ -65,10 +65,10 @@ internal class SimpleAuthorizationTest {
     fun authorizeWhenGlobalPolicyIsAllowAll() {
         val globalPolicy = mockk<Policy>() {
             every { id } returns "globalPolicy"
-            every { statements } returns setOf(
+            every { statements } returns listOf(
                 StatementData(
                     effect = Effect.ALLOW,
-                    actions = setOf(AllActionMatcher(JsonConfiguration.EMPTY))
+                    actions = listOf(AllActionMatcher(JsonConfiguration.EMPTY))
                 )
             )
         }
@@ -91,10 +91,10 @@ internal class SimpleAuthorizationTest {
     fun authorizeWhenGlobalPolicyIsDenyAll() {
         val globalPolicy = mockk<Policy>() {
             every { id } returns "globalPolicy"
-            every { statements } returns setOf(
+            every { statements } returns listOf(
                 StatementData(
                     effect = Effect.DENY,
-                    actions = setOf(AllActionMatcher(JsonConfiguration.EMPTY))
+                    actions = listOf(AllActionMatcher(JsonConfiguration.EMPTY))
                 )
             )
         }
@@ -116,10 +116,10 @@ internal class SimpleAuthorizationTest {
     fun authorizeWhenGlobalPolicyIsEmptyAndPrincipalIsAllowAll() {
         val principalPolicy = mockk<Policy>() {
             every { id } returns "policyId"
-            every { statements } returns setOf(
+            every { statements } returns listOf(
                 StatementData(
                     effect = Effect.ALLOW,
-                    actions = setOf(AllActionMatcher(JsonConfiguration.EMPTY))
+                    actions = listOf(AllActionMatcher(JsonConfiguration.EMPTY))
                 )
             )
         }
@@ -147,10 +147,10 @@ internal class SimpleAuthorizationTest {
     fun authorizeWhenGlobalPolicyIsEmptyAndPrincipalIsDenyAll() {
         val principalPolicy = mockk<Policy>() {
             every { id } returns "policyId"
-            every { statements } returns setOf(
+            every { statements } returns listOf(
                 StatementData(
                     effect = Effect.DENY,
-                    actions = setOf(AllActionMatcher(JsonConfiguration.EMPTY))
+                    actions = listOf(AllActionMatcher(JsonConfiguration.EMPTY))
                 )
             )
         }
@@ -178,10 +178,10 @@ internal class SimpleAuthorizationTest {
     fun authorizeWhenGlobalAndPrincipalPolicyIsEmptyAndRoleIsAllowAll() {
         val rolePolicy = mockk<Policy>() {
             every { id } returns "policyId"
-            every { statements } returns setOf(
+            every { statements } returns listOf(
                 StatementData(
                     effect = Effect.ALLOW,
-                    actions = setOf(AllActionMatcher(JsonConfiguration.EMPTY))
+                    actions = listOf(AllActionMatcher(JsonConfiguration.EMPTY))
                 )
             )
         }
@@ -210,10 +210,10 @@ internal class SimpleAuthorizationTest {
     fun authorizeWhenGlobalAndPrincipalPolicyIsEmptyAndRoleIsDenyAll() {
         val rolePolicy = mockk<Policy>() {
             every { id } returns "policyId"
-            every { statements } returns setOf(
+            every { statements } returns listOf(
                 StatementData(
                     effect = Effect.DENY,
-                    actions = setOf(AllActionMatcher(JsonConfiguration.EMPTY))
+                    actions = listOf(AllActionMatcher(JsonConfiguration.EMPTY))
                 )
             )
         }
diff --git a/cosec-core/src/test/kotlin/me/ahoo/cosec/policy/StatementDataTest.kt b/cosec-core/src/test/kotlin/me/ahoo/cosec/policy/StatementDataTest.kt
index 9e9cbbe0..23cf4a56 100644
--- a/cosec-core/src/test/kotlin/me/ahoo/cosec/policy/StatementDataTest.kt
+++ b/cosec-core/src/test/kotlin/me/ahoo/cosec/policy/StatementDataTest.kt
@@ -33,13 +33,17 @@ internal class StatementDataTest {
     @Test
     fun verifyDefault() {
         val statementData = StatementData()
+        assertThat(statementData.name, equalTo(""))
+        assertThat(statementData.effect, equalTo(Effect.ALLOW))
+        assertThat(statementData.actions, equalTo(listOf()))
+        assertThat(statementData.conditions, equalTo(listOf()))
         assertThat(statementData.verify(mockk(), mockk()), `is`(VerifyResult.IMPLICIT_DENY))
     }
 
     @Test
     fun verify() {
         val statementData = StatementData(
-            actions = setOf(
+            actions = listOf(
                 PathActionMatcherFactory().create(
                     mapOf(
                         MATCHER_PATTERN_KEY to "auth/*"
@@ -56,14 +60,14 @@ internal class StatementDataTest {
     @Test
     fun verifyWithCondition() {
         val statementData = StatementData(
-            actions = setOf(
+            actions = listOf(
                 PathActionMatcherFactory().create(
                     mapOf(
                         MATCHER_PATTERN_KEY to "order/#{principal.id}/*"
                     ).asConfiguration()
                 )
             ),
-            conditions = setOf(
+            conditions = listOf(
                 SpelConditionMatcherFactory().create(
                     mapOf(
                         MATCHER_PATTERN_KEY to "context.principal.authenticated()"
@@ -95,7 +99,7 @@ internal class StatementDataTest {
     fun verifyDeny() {
         val statementData = StatementData(
             effect = Effect.DENY,
-            actions = setOf(AllActionMatcher(JsonConfiguration.EMPTY))
+            actions = listOf(AllActionMatcher(JsonConfiguration.EMPTY))
         )
         assertThat(statementData.verify(mockk(), mockk()), `is`(VerifyResult.EXPLICIT_DENY))
     }
diff --git a/cosec-core/src/test/kotlin/me/ahoo/cosec/serialization/CoSecJsonSerializerTest.kt b/cosec-core/src/test/kotlin/me/ahoo/cosec/serialization/CoSecJsonSerializerTest.kt
index 0d2a887e..b0b3e20e 100644
--- a/cosec-core/src/test/kotlin/me/ahoo/cosec/serialization/CoSecJsonSerializerTest.kt
+++ b/cosec-core/src/test/kotlin/me/ahoo/cosec/serialization/CoSecJsonSerializerTest.kt
@@ -51,6 +51,16 @@ import kotlin.streams.toList
 
 internal class CoSecJsonSerializerTest {
 
+    @Test
+    fun serializeTestResource() {
+        val testPolicy = requireNotNull(javaClass.classLoader.getResource("test-policy.json")).let { resource ->
+            resource.openStream().use {
+                CoSecJsonSerializer.readValue(it, Policy::class.java)
+            }
+        }
+        assertThat(testPolicy, `is`(notNullValue()))
+    }
+
     @ParameterizedTest
     @MethodSource("serializeActionMatcherProvider")
     fun serializeActionMatcher(actionMatcher: ActionMatcher) {
@@ -108,7 +118,7 @@ internal class CoSecJsonSerializerTest {
     @Test
     fun serializePolicySet() {
         val policySetType = object : TypeReference<Set<Policy>>() {}
-        val policySet = serializePolicyProvider().toList().toSet()
+        val policySet = serializePolicyProvider().toList()
         val output = CoSecJsonSerializer.writeValueAsString(policySet)
         val input = CoSecJsonSerializer.readValue(
             output,
@@ -252,8 +262,8 @@ internal class CoSecJsonSerializerTest {
                 StatementData(),
                 StatementData(
                     effect = Effect.DENY,
-                    actions = serializeActionMatcherProvider().toList().toSet(),
-                    conditions = serializeConditionMatcherProvider().toList().toSet()
+                    actions = serializeActionMatcherProvider().toList(),
+                    conditions = serializeConditionMatcherProvider().toList()
                 )
             )
         }
@@ -268,7 +278,7 @@ internal class CoSecJsonSerializerTest {
                     description = "",
                     type = PolicyType.CUSTOM,
                     tenantId = "1",
-                    statements = emptySet()
+                    statements = listOf()
                 ),
                 PolicyData(
                     id = "2",
@@ -277,7 +287,7 @@ internal class CoSecJsonSerializerTest {
                     description = "",
                     type = PolicyType.SYSTEM,
                     tenantId = "1",
-                    statements = serializeStatementProvider().toList().toSet()
+                    statements = serializeStatementProvider().toList()
                 )
             )
         }
diff --git a/cosec-core/src/test/resources/policy.json b/cosec-core/src/test/resources/test-policy.json
similarity index 50%
rename from cosec-core/src/test/resources/policy.json
rename to cosec-core/src/test/resources/test-policy.json
index dc9612f1..1bb622c8 100644
--- a/cosec-core/src/test/resources/policy.json
+++ b/cosec-core/src/test/resources/test-policy.json
@@ -1,97 +1,93 @@
 {
-  "id": "2",
-  "name": "auth",
-  "category": "auth",
-  "description": "",
+  "id": "id",
+  "name": "name",
+  "category": "category",
+  "description": "description",
   "type": "global",
-  "tenantId": "1",
+  "tenantId": "tenantId",
   "statements": [
     {
+      "name": "Anonymous",
       "effect": "allow",
       "actions": [
         {
-          "type": "all"
+          "type": "path",
+          "pattern": "/auth/register"
         },
         {
-          "type": "none"
-        },
+          "type": "path",
+          "pattern": "/auth/login"
+        }
+      ]
+    },
+    {
+      "name": "UserScope",
+      "effect": "allow",
+      "actions": [
         {
           "type": "path",
-          "methods": [
-            "GET",
-            "POST",
-            "PUT",
-            "DELETE"
-          ],
-          "pattern": "/user/{userId}/*"
+          "pattern": "/user/#{principal.id}/*"
         }
       ],
       "conditions": [
         {
           "type": "authenticated"
-        },
+        }
+      ]
+    },
+    {
+      "name": "Developer",
+      "effect": "allow",
+      "actions": [
+        {
+          "type": "all"
+        }
+      ],
+      "conditions": [
         {
           "type": "in",
           "part": "context.principal.id",
           "in": [
-            "userId"
+            "developerId"
           ]
-        },
-        {
-          "type": "path",
-          "part": "request.remoteIp",
-          "path": {
-            "caseSensitive": false,
-            "separator": ".",
-            "decodeAndParseSegments": false
-          },
-          "pattern": "192.168.0.*"
         }
       ]
     },
     {
+      "name": "RequestOriginDeny",
       "effect": "deny",
       "actions": [
         {
-          "type": "all",
-          "methods": [
-            "GET"
-          ]
-        },
-        {
-          "type": "none"
-        },
-        {
-          "type": "path",
-          "pattern": ".*"
-        },
-        {
-          "type": "path",
-          "pattern": "#{principal.id}.*"
-        },
+          "type": "all"
+        }
+      ],
+      "conditions": [
         {
           "type": "reg",
-          "pattern": ".*"
-        },
+          "negate": true,
+          "part": "request.origin",
+          "pattern": "^(http|https)://github.com"
+        }
+      ]
+    },
+    {
+      "name": "IpBlacklist",
+      "effect": "deny",
+      "actions": [
         {
-          "type": "reg",
-          "pattern": "#{principal.id}.*"
+          "type": "all"
         }
       ],
       "conditions": [
         {
-          "type": "all"
-        },
-        {
-          "type": "none"
-        },
-        {
-          "type": "spel",
-          "pattern": "context.principal.id=='1'"
-        },
-        {
-          "type": "ognl",
-          "pattern": "path == \"auth/login\""
+          "type": "path",
+          "part": "request.remoteIp",
+          "path": {
+            "caseSensitive": false,
+            "separator": ".",
+            "decodeAndParseSegments": false
+          },
+          "pattern": "192.168.0.*"
         }
       ]
     }
diff --git a/cosec-gateway-server/src/main/resources/application.yaml b/cosec-gateway-server/src/main/resources/application.yaml
index 0702ee88..106b29d6 100644
--- a/cosec-gateway-server/src/main/resources/application.yaml
+++ b/cosec-gateway-server/src/main/resources/application.yaml
@@ -52,3 +52,4 @@ cosec:
 logging:
   level:
     root: info
+    me.ahoo.cosec.authorization.SimpleAuthorization: debug
diff --git a/cosec-redis/src/test/kotlin/me/ahoo/cosec/redis/PolicyCodecExecutorTest.kt b/cosec-redis/src/test/kotlin/me/ahoo/cosec/redis/PolicyCodecExecutorTest.kt
index 31d06b7a..5964e398 100644
--- a/cosec-redis/src/test/kotlin/me/ahoo/cosec/redis/PolicyCodecExecutorTest.kt
+++ b/cosec-redis/src/test/kotlin/me/ahoo/cosec/redis/PolicyCodecExecutorTest.kt
@@ -63,7 +63,7 @@ internal class PolicyCodecExecutorTest {
             description = "",
             type = PolicyType.SYSTEM,
             tenantId = "1",
-            statements = setOf(StatementData())
+            statements = listOf(StatementData())
         )
         val roleId = MockIdGenerator.INSTANCE.generateAsString()
         val cacheValue: CacheValue<Policy> = CacheValue.forever(policy)
diff --git a/cosec-redis/src/test/kotlin/me/ahoo/cosec/redis/RedisPolicyRepositoryTest.kt b/cosec-redis/src/test/kotlin/me/ahoo/cosec/redis/RedisPolicyRepositoryTest.kt
index d1e51779..e967ab71 100644
--- a/cosec-redis/src/test/kotlin/me/ahoo/cosec/redis/RedisPolicyRepositoryTest.kt
+++ b/cosec-redis/src/test/kotlin/me/ahoo/cosec/redis/RedisPolicyRepositoryTest.kt
@@ -29,7 +29,7 @@ internal class RedisPolicyRepositoryTest {
         "policyType",
         PolicyType.SYSTEM,
         "tenantId",
-        emptySet()
+        listOf()
     )
 
     @Test
diff --git a/document/cosec-policy.schema.json b/document/cosec-policy.schema.json
index da960f48..194ffe35 100644
--- a/document/cosec-policy.schema.json
+++ b/document/cosec-policy.schema.json
@@ -211,6 +211,10 @@
     "statement": {
       "type": "object",
       "properties": {
+        "name": {
+          "description": "The name of the Statement",
+          "type": "string"
+        },
         "effect": {
           "$ref": "#/definitions/effect"
         },
diff --git a/document/design/assets/Modeling.svg b/document/design/assets/Modeling.svg
index 1ac60ee1..eb7c1713 100644
--- a/document/design/assets/Modeling.svg
+++ b/document/design/assets/Modeling.svg
@@ -11,62 +11,62 @@
   - limitations under the License.
   -->
 
-<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentStyleType="text/css" height="818px" preserveAspectRatio="none" style="width:2984px;height:818px;background:#FFFFFF;" version="1.1" viewBox="0 0 2984 818" width="2984px" zoomAndPan="magnify"><defs/><g><a href="https://github.com/Ahoo-Wang/CoSec" target="_top" title="https://github.com/Ahoo-Wang/CoSec" xlink:actuate="onRequest" xlink:href="https://github.com/Ahoo-Wang/CoSec" xlink:show="new" xlink:title="https://github.com/Ahoo-Wang/CoSec" xlink:type="simple"><text fill="#808080" font-family="sans-serif" font-size="10" lengthAdjust="spacing" text-decoration="underline" textLength="189" x="2781" y="9.668">https://github.com/Ahoo-Wang/CoSec</text></a><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="224" x="1373" y="36.3125">CoSec Modeling Class Diagram</text><!--MD5=[158ea172665500f9d1b87622b0f57e22]
-cluster tenant--><g id="cluster_tenant"><path d="M138.5,64.2656 L185.5,64.2656 A3.75,3.75 0 0 1 188,66.7656 L195,86.7539 L561.5,86.7539 A2.5,2.5 0 0 1 564,89.2539 L564,350.7656 A2.5,2.5 0 0 1 561.5,353.2656 L138.5,353.2656 A2.5,2.5 0 0 1 136,350.7656 L136,66.7656 A2.5,2.5 0 0 1 138.5,64.2656 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="136" x2="195" y1="86.7539" y2="86.7539"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="46" x="140" y="79.8008">tenant</text></g><!--MD5=[73372e1614ca5de955321ff74365eabf]
-cluster policy--><g id="cluster_policy"><path d="M1933.5,56.2656 L1977.5,56.2656 A3.75,3.75 0 0 1 1980,58.7656 L1987,78.7539 L2974.5,78.7539 A2.5,2.5 0 0 1 2977,81.2539 L2977,789.7656 A2.5,2.5 0 0 1 2974.5,792.2656 L1933.5,792.2656 A2.5,2.5 0 0 1 1931,789.7656 L1931,58.7656 A2.5,2.5 0 0 1 1933.5,56.2656 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="1931" x2="1987" y1="78.7539" y2="78.7539"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="43" x="1935" y="71.8008">policy</text></g><!--MD5=[d119c4a9d5e0dd9c185bd0ddda62ab2d]
-cluster principal--><g id="cluster_principal"><path d="M627.5,213.2656 L691.5,213.2656 A3.75,3.75 0 0 1 694,215.7656 L701,235.7539 L1241.5,235.7539 A2.5,2.5 0 0 1 1244,238.2539 L1244,533.2656 A2.5,2.5 0 0 1 1241.5,535.7656 L627.5,535.7656 A2.5,2.5 0 0 1 625,533.2656 L625,215.7656 A2.5,2.5 0 0 1 627.5,213.2656 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="625" x2="701" y1="235.7539" y2="235.7539"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="63" x="629" y="228.8008">principal</text></g><!--MD5=[67892945c51b45dfa1cd11fc454571f7]
-cluster java.security--><g id="cluster_java.security"><path d="M762.5,72.7656 L852.5,72.7656 A3.75,3.75 0 0 1 855,75.2656 L862,95.2539 L917.5,95.2539 A2.5,2.5 0 0 1 920,97.7539 L920,185.2656 A2.5,2.5 0 0 1 917.5,187.7656 L762.5,187.7656 A2.5,2.5 0 0 1 760,185.2656 L760,75.2656 A2.5,2.5 0 0 1 762.5,72.7656 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="760" x2="862" y1="95.2539" y2="95.2539"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="89" x="764" y="88.3008">java.security</text></g><!--MD5=[7f1db14b27b7629509c802e44e13c9c4]
-cluster context--><g id="cluster_context"><path d="M8.5,387.2656 L62.5,387.2656 A3.75,3.75 0 0 1 65,389.7656 L72,409.7539 L598.5,409.7539 A2.5,2.5 0 0 1 601,412.2539 L601,582.7656 A2.5,2.5 0 0 1 598.5,585.2656 L8.5,585.2656 A2.5,2.5 0 0 1 6,582.7656 L6,389.7656 A2.5,2.5 0 0 1 8.5,387.2656 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="6" x2="72" y1="409.7539" y2="409.7539"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="53" x="10" y="402.8008">context</text></g><!--MD5=[df81d8a983ce68ee9869115533ee282f]
-cluster authorization--><g id="cluster_authorization"><path d="M74.5,627.2656 L172.5,627.2656 A3.75,3.75 0 0 1 175,629.7656 L182,649.7539 L745.5,649.7539 A2.5,2.5 0 0 1 748,652.2539 L748,756.7656 A2.5,2.5 0 0 1 745.5,759.2656 L74.5,759.2656 A2.5,2.5 0 0 1 72,756.7656 L72,629.7656 A2.5,2.5 0 0 1 74.5,627.2656 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="72" x2="182" y1="649.7539" y2="649.7539"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="97" x="76" y="642.8008">authorization</text></g><!--MD5=[9866a4850b67e61c0bb8154df9df1072]
-cluster authentication--><g id="cluster_authentication"><path d="M1270.5,246.2656 L1375.5,246.2656 A3.75,3.75 0 0 1 1378,248.7656 L1385,268.7539 L1904.5,268.7539 A2.5,2.5 0 0 1 1907,271.2539 L1907,582.7656 A2.5,2.5 0 0 1 1904.5,585.2656 L1270.5,585.2656 A2.5,2.5 0 0 1 1268,582.7656 L1268,248.7656 A2.5,2.5 0 0 1 1270.5,246.2656 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="1268" x2="1385" y1="268.7539" y2="268.7539"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="104" x="1272" y="261.8008">authentication</text></g><!--MD5=[a8904d412b6bac905c960d0a15a57f60]
-class Tenant--><g id="elem_Tenant"><rect codeLine="10" fill="#F1F1F1" height="80.9766" id="Tenant" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="167" x="380.5" y="99.2656"/><ellipse cx="435.75" cy="115.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M431.6777,111.0308 L431.6777,108.8726 L439.0571,108.8726 L439.0571,111.0308 L436.5918,111.0308 L436.5918,119.1074 L439.0571,119.1074 L439.0571,121.2656 L431.6777,121.2656 L431.6777,119.1074 L434.1431,119.1074 L434.1431,111.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="48" x="456.25" y="120.5566">Tenant</text><line style="stroke:#181818;stroke-width:0.5;" x1="381.5" x2="546.5" y1="131.2656" y2="131.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="129" x="386.5" y="148.8008">val tenantId: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="155" x="386.5" y="165.2891">val isPlatform: Boolean</text><line style="stroke:#181818;stroke-width:0.5;" x1="381.5" x2="546.5" y1="172.2422" y2="172.2422"/></g><!--MD5=[2ee7de80ccb219b57973144fcb0a9e81]
-class TenantCapable--><g id="elem_TenantCapable"><rect codeLine="14" fill="#F1F1F1" height="64.4883" id="TenantCapable" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="136" x="396" y="273.2656"/><ellipse cx="411" cy="289.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M406.9277,285.0308 L406.9277,282.8726 L414.3071,282.8726 L414.3071,285.0308 L411.8418,285.0308 L411.8418,293.1074 L414.3071,293.1074 L414.3071,295.2656 L406.9277,295.2656 L406.9277,293.1074 L409.3931,293.1074 L409.3931,285.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="104" x="425" y="294.5566">TenantCapable</text><line style="stroke:#181818;stroke-width:0.5;" x1="397" x2="531" y1="305.2656" y2="305.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="123" x="402" y="322.8008">val tenant: Tenant</text><line style="stroke:#181818;stroke-width:0.5;" x1="397" x2="531" y1="329.7539" y2="329.7539"/></g><path d="M152.5,122.2656 L152.5,147.5762 A0,0 0 0 0 152.5,147.5762 L345.5,147.5762 A0,0 0 0 0 345.5,147.5762 L345.5,140.2656 L384.5,159.998 L345.5,132.2656 L345.5,132.2656 L335.5,122.2656 L152.5,122.2656 A0,0 0 0 0 152.5,122.2656 " fill="#FEFFDD" style="stroke:#181818;stroke-width:0.5;"/><path d="M335.5,122.2656 L335.5,132.2656 L345.5,132.2656 L335.5,122.2656 " fill="#FEFFDD" style="stroke:#181818;stroke-width:0.5;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="172" x="158.5" y="139.834">Is it a root platform tenant?</text><!--MD5=[891844a5ce18d50d477bdacc29a03b64]
-class PolicyType--><g id="elem_PolicyType"><rect codeLine="26" fill="#F1F1F1" height="97.4648" id="PolicyType" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="104" x="2674" y="447.2656"/><ellipse cx="2689" cy="463.2656" fill="#EB937F" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2693.1143,469.2656 L2685.3945,469.2656 L2685.3945,456.8726 L2693.1143,456.8726 L2693.1143,459.0308 L2687.8433,459.0308 L2687.8433,461.7036 L2692.6162,461.7036 L2692.6162,463.8618 L2687.8433,463.8618 L2687.8433,467.1074 L2693.1143,467.1074 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="72" x="2703" y="468.5566">PolicyType</text><line style="stroke:#181818;stroke-width:0.5;" x1="2675" x2="2777" y1="479.2656" y2="479.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="54" x="2680" y="496.8008">SYSTEM</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="60" x="2680" y="513.2891">CUSTOM</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="53" x="2680" y="529.7773">GLOBAL</text><line style="stroke:#181818;stroke-width:0.5;" x1="2675" x2="2777" y1="536.7305" y2="536.7305"/></g><!--MD5=[9445d644bbe92584b3fa45e77778917b]
-class Policy--><g id="elem_Policy"><rect codeLine="31" fill="#F1F1F1" height="146.9297" id="Policy" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="230" x="2497" y="629.2656"/><ellipse cx="2588.25" cy="645.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2584.1777,641.0308 L2584.1777,638.8726 L2591.5571,638.8726 L2591.5571,641.0308 L2589.0918,641.0308 L2589.0918,649.1074 L2591.5571,649.1074 L2591.5571,651.2656 L2584.1777,651.2656 L2584.1777,649.1074 L2586.6431,649.1074 L2586.6431,641.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="39" x="2608.75" y="650.5566">Policy</text><line style="stroke:#181818;stroke-width:0.5;" x1="2498" x2="2726" y1="661.2656" y2="661.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="85" x="2503" y="678.8008">val id: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="110" x="2503" y="695.2891">val name: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="132" x="2503" y="711.7773">val type: PolicyType</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="149" x="2503" y="728.2656">val description: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="125" x="2503" y="744.7539">val tenantId:String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="218" x="2503" y="761.2422">val statements: Set&lt;Statement&gt;</text><line style="stroke:#181818;stroke-width:0.5;" x1="2498" x2="2726" y1="768.1953" y2="768.1953"/></g><!--MD5=[354ba6fe2710e9f7c691253c66156a32]
-class Effect--><g id="elem_Effect"><rect codeLine="39" fill="#F1F1F1" height="80.9766" id="Effect" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="70" x="2349" y="264.7656"/><ellipse cx="2364" cy="280.7656" fill="#EB937F" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2368.1143,286.7656 L2360.3945,286.7656 L2360.3945,274.3726 L2368.1143,274.3726 L2368.1143,276.5308 L2362.8433,276.5308 L2362.8433,279.2036 L2367.6162,279.2036 L2367.6162,281.3618 L2362.8433,281.3618 L2362.8433,284.6074 L2368.1143,284.6074 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="38" x="2378" y="286.0566">Effect</text><line style="stroke:#181818;stroke-width:0.5;" x1="2350" x2="2418" y1="296.7656" y2="296.7656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="47" x="2355" y="314.3008">ALLOW</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="37" x="2355" y="330.7891">DENY</text><line style="stroke:#181818;stroke-width:0.5;" x1="2350" x2="2418" y1="337.7422" y2="337.7422"/></g><!--MD5=[dd3a6102b68975fd8f1a6314072b340a]
-class RequestMatcher--><g id="elem_RequestMatcher"><rect codeLine="43" fill="#F1F1F1" height="64.4883" id="RequestMatcher" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="295" x="2665.5" y="107.7656"/><ellipse cx="2753.75" cy="123.7656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2749.6777,119.5308 L2749.6777,117.3726 L2757.0571,117.3726 L2757.0571,119.5308 L2754.5918,119.5308 L2754.5918,127.6074 L2757.0571,127.6074 L2757.0571,129.7656 L2749.6777,129.7656 L2749.6777,127.6074 L2752.1431,127.6074 L2752.1431,119.5308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="110" x="2774.25" y="129.0566">RequestMatcher</text><line style="stroke:#181818;stroke-width:0.5;" x1="2666.5" x2="2959.5" y1="139.7656" y2="139.7656"/><line style="stroke:#181818;stroke-width:0.5;" x1="2666.5" x2="2959.5" y1="147.7656" y2="147.7656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="283" x="2671.5" y="165.3008">match(Request,SecurityContext): Boolean</text></g><!--MD5=[226a4eef5279541003c62db16c270ea5]
-class ActionMatcher--><g id="elem_ActionMatcher"><rect codeLine="46" fill="#F1F1F1" height="48" id="ActionMatcher" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="131" x="2182.5" y="281.2656"/><ellipse cx="2197.5" cy="297.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2193.4277,293.0308 L2193.4277,290.8726 L2200.8071,290.8726 L2200.8071,293.0308 L2198.3418,293.0308 L2198.3418,301.1074 L2200.8071,301.1074 L2200.8071,303.2656 L2193.4277,303.2656 L2193.4277,301.1074 L2195.8931,301.1074 L2195.8931,293.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="99" x="2211.5" y="302.5566">ActionMatcher</text><line style="stroke:#181818;stroke-width:0.5;" x1="2183.5" x2="2312.5" y1="313.2656" y2="313.2656"/><line style="stroke:#181818;stroke-width:0.5;" x1="2183.5" x2="2312.5" y1="321.2656" y2="321.2656"/></g><!--MD5=[ce15d4ae5e7b4627c02fd240cc319742]
-class ConditionMatcher--><g id="elem_ConditionMatcher"><rect codeLine="47" fill="#F1F1F1" height="48" id="ConditionMatcher" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="155" x="2805.5" y="281.2656"/><ellipse cx="2820.5" cy="297.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2816.4277,293.0308 L2816.4277,290.8726 L2823.8071,290.8726 L2823.8071,293.0308 L2821.3418,293.0308 L2821.3418,301.1074 L2823.8071,301.1074 L2823.8071,303.2656 L2816.4277,303.2656 L2816.4277,301.1074 L2818.8931,301.1074 L2818.8931,293.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="123" x="2834.5" y="302.5566">ConditionMatcher</text><line style="stroke:#181818;stroke-width:0.5;" x1="2806.5" x2="2959.5" y1="313.2656" y2="313.2656"/><line style="stroke:#181818;stroke-width:0.5;" x1="2806.5" x2="2959.5" y1="321.2656" y2="321.2656"/></g><!--MD5=[a5f8f54a8c595155ff6d10bcb2300aea]
-class VerifyResult--><g id="elem_VerifyResult"><rect codeLine="48" fill="#F1F1F1" height="97.4648" id="VerifyResult" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="115" x="2515.5" y="91.2656"/><ellipse cx="2531.4" cy="107.2656" fill="#EB937F" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2535.5143,113.2656 L2527.7945,113.2656 L2527.7945,100.8726 L2535.5143,100.8726 L2535.5143,103.0308 L2530.2433,103.0308 L2530.2433,105.7036 L2535.0162,105.7036 L2535.0162,107.8618 L2530.2433,107.8618 L2530.2433,111.1074 L2535.5143,111.1074 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="81" x="2545.6" y="112.5566">VerifyResult</text><line style="stroke:#181818;stroke-width:0.5;" x1="2516.5" x2="2629.5" y1="123.2656" y2="123.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="47" x="2521.5" y="140.8008">ALLOW</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="103" x="2521.5" y="157.2891">EXPLICIT_DENY</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="102" x="2521.5" y="173.7773">IMPLICIT_DENY</text><line style="stroke:#181818;stroke-width:0.5;" x1="2516.5" x2="2629.5" y1="180.7305" y2="180.7305"/></g><!--MD5=[a61a298976b7d1d94498f45c2ebfa10b]
-class Statement--><g id="elem_Statement"><rect codeLine="53" fill="#F1F1F1" height="97.4648" id="Statement" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="281" x="2357.5" y="447.2656"/><ellipse cx="2459.25" cy="463.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2455.1777,459.0308 L2455.1777,456.8726 L2462.5571,456.8726 L2462.5571,459.0308 L2460.0918,459.0308 L2460.0918,467.1074 L2462.5571,467.1074 L2462.5571,469.2656 L2455.1777,469.2656 L2455.1777,467.1074 L2457.6431,467.1074 L2457.6431,459.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="69" x="2479.75" y="468.5566">Statement</text><line style="stroke:#181818;stroke-width:0.5;" x1="2358.5" x2="2637.5" y1="479.2656" y2="479.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="107" x="2363.5" y="496.8008">val effect: Effect</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="222" x="2363.5" y="513.2891">val actions: Set&lt;ActionMatcher&gt;</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="269" x="2363.5" y="529.7773">val conditions: Set&lt;ConditionMatcher&gt;</text><line style="stroke:#181818;stroke-width:0.5;" x1="2358.5" x2="2637.5" y1="536.7305" y2="536.7305"/></g><!--MD5=[25907446179e7e8284c1a5a6eb221e77]
-class PermissionVerifier--><g id="elem_PermissionVerifier"><rect codeLine="59" fill="#F1F1F1" height="64.4883" id="PermissionVerifier" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="316" x="2454" y="273.2656"/><ellipse cx="2545.25" cy="289.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2541.1777,285.0308 L2541.1777,282.8726 L2548.5571,282.8726 L2548.5571,285.0308 L2546.0918,285.0308 L2546.0918,293.1074 L2548.5571,293.1074 L2548.5571,295.2656 L2541.1777,295.2656 L2541.1777,293.1074 L2543.6431,293.1074 L2543.6431,285.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="125" x="2565.75" y="294.5566">PermissionVerifier</text><line style="stroke:#181818;stroke-width:0.5;" x1="2455" x2="2769" y1="305.2656" y2="305.2656"/><line style="stroke:#181818;stroke-width:0.5;" x1="2455" x2="2769" y1="313.2656" y2="313.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="304" x="2460" y="330.8008">verify(Request,SecurityContext): VerifyResult</text></g><!--MD5=[4a8e06406f0c0425d99e01150b1292e5]
-class PolicyEvaluator--><g id="elem_PolicyEvaluator"><rect codeLine="62" fill="#F1F1F1" height="64.4883" id="PolicyEvaluator" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="135" x="2012.5" y="273.2656"/><ellipse cx="2027.5" cy="289.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2023.4277,285.0308 L2023.4277,282.8726 L2030.8071,282.8726 L2030.8071,285.0308 L2028.3418,285.0308 L2028.3418,293.1074 L2030.8071,293.1074 L2030.8071,295.2656 L2023.4277,295.2656 L2023.4277,293.1074 L2025.8931,293.1074 L2025.8931,285.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="103" x="2041.5" y="294.5566">PolicyEvaluator</text><line style="stroke:#181818;stroke-width:0.5;" x1="2013.5" x2="2146.5" y1="305.2656" y2="305.2656"/><line style="stroke:#181818;stroke-width:0.5;" x1="2013.5" x2="2146.5" y1="313.2656" y2="313.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="106" x="2018.5" y="330.8008">evaluate(Policy)</text></g><!--MD5=[79431584796416a68bc6cb91e9d847cd]
-class PolicyCapable--><g id="elem_PolicyCapable"><rect codeLine="65" fill="#F1F1F1" height="64.4883" id="PolicyCapable" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="179" x="1947.5" y="107.7656"/><ellipse cx="1985.9" cy="123.7656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M1981.8277,119.5308 L1981.8277,117.3726 L1989.2071,117.3726 L1989.2071,119.5308 L1986.7418,119.5308 L1986.7418,127.6074 L1989.2071,127.6074 L1989.2071,129.7656 L1981.8277,129.7656 L1981.8277,127.6074 L1984.2931,127.6074 L1984.2931,119.5308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="95" x="2005.1" y="129.0566">PolicyCapable</text><line style="stroke:#181818;stroke-width:0.5;" x1="1948.5" x2="2125.5" y1="139.7656" y2="139.7656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="167" x="1953.5" y="157.3008">val policies: Set&lt;String&gt;</text><line style="stroke:#181818;stroke-width:0.5;" x1="1948.5" x2="2125.5" y1="164.2539" y2="164.2539"/></g><g id="elem_GMN29"><path d="M2162,127.2656 L2162,152.5762 L2480,152.5762 L2480,137.2656 L2470,127.2656 L2162,127.2656 " fill="#FEFFDD" style="stroke:#181818;stroke-width:0.5;"/><path d="M2470,127.2656 L2470,137.2656 L2480,137.2656 L2470,127.2656 " fill="#FEFFDD" style="stroke:#181818;stroke-width:1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="297" x="2168" y="144.834">Used to evaluate the effectiveness of the Policy</text></g><!--MD5=[52681581877b3e7248987c87e027ce58]
-class RoleCapable--><g id="elem_RoleCapable"><rect codeLine="86" fill="#F1F1F1" height="64.4883" id="RoleCapable" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="161" x="926.5" y="273.2656"/><ellipse cx="960.85" cy="289.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M956.7777,285.0308 L956.7777,282.8726 L964.1571,282.8726 L964.1571,285.0308 L961.6918,285.0308 L961.6918,293.1074 L964.1571,293.1074 L964.1571,295.2656 L956.7777,295.2656 L956.7777,293.1074 L959.2431,293.1074 L959.2431,285.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="86" x="979.15" y="294.5566">RoleCapable</text><line style="stroke:#181818;stroke-width:0.5;" x1="927.5" x2="1086.5" y1="305.2656" y2="305.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="149" x="932.5" y="322.8008">val roles: Set&lt;String&gt;</text><line style="stroke:#181818;stroke-width:0.5;" x1="927.5" x2="1086.5" y1="329.7539" y2="329.7539"/></g><!--MD5=[05e3ec1b6d12f04f2c7c7eb2dc3e534b]
-class CoSecPrincipal--><g id="elem_CoSecPrincipal"><rect codeLine="89" fill="#F1F1F1" height="113.9531" id="CoSecPrincipal" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="250" x="641" y="248.2656"/><ellipse cx="711.25" cy="264.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M707.1777,260.0308 L707.1777,257.8726 L714.5571,257.8726 L714.5571,260.0308 L712.0918,260.0308 L712.0918,268.1074 L714.5571,268.1074 L714.5571,270.2656 L707.1777,270.2656 L707.1777,268.1074 L709.6431,268.1074 L709.6431,260.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="101" x="731.75" y="269.5566">CoSecPrincipal</text><line style="stroke:#181818;stroke-width:0.5;" x1="642" x2="890" y1="280.2656" y2="280.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="85" x="647" y="297.8008">val id: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="238" x="647" y="314.2891">val attributes: Map&lt;String, String&gt;</text><line style="stroke:#181818;stroke-width:0.5;" x1="642" x2="890" y1="321.2422" y2="321.2422"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="153" x="647" y="338.7773">anonymous(): Boolean</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="167" x="647" y="355.2656">authenticated(): Boolean</text></g><!--MD5=[dcd1c42ae96b3f450c53e1d5a4b38ac2]
-class TenantPrincipal--><g id="elem_TenantPrincipal"><rect codeLine="95" fill="#F1F1F1" height="48" id="TenantPrincipal" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="139" x="696.5" y="471.7656"/><ellipse cx="711.5" cy="487.7656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M707.4277,483.5308 L707.4277,481.3726 L714.8071,481.3726 L714.8071,483.5308 L712.3418,483.5308 L712.3418,491.6074 L714.8071,491.6074 L714.8071,493.7656 L707.4277,493.7656 L707.4277,491.6074 L709.8931,491.6074 L709.8931,483.5308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="107" x="725.5" y="493.0566">TenantPrincipal</text><line style="stroke:#181818;stroke-width:0.5;" x1="697.5" x2="834.5" y1="503.7656" y2="503.7656"/><line style="stroke:#181818;stroke-width:0.5;" x1="697.5" x2="834.5" y1="511.7656" y2="511.7656"/></g><path d="M1122.5,287.7656 L1122.5,296.4209 L1081.5,317.5098 L1122.5,304.4209 L1122.5,313.0762 A0,0 0 0 0 1122.5,313.0762 L1227.5,313.0762 A0,0 0 0 0 1227.5,313.0762 L1227.5,297.7656 L1217.5,287.7656 L1122.5,287.7656 A0,0 0 0 0 1122.5,287.7656 " fill="#FEFFDD" style="stroke:#181818;stroke-width:0.5;"/><path d="M1217.5,287.7656 L1217.5,297.7656 L1227.5,297.7656 L1217.5,287.7656 " fill="#FEFFDD" style="stroke:#181818;stroke-width:0.5;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="84" x="1128.5" y="305.334">A set of roles</text><!--MD5=[e2dc22e8225a918eadd77002df418415]
-class java.security.Principal--><g id="elem_java.security.Principal"><rect codeLine="83" fill="#F1F1F1" height="64.4883" id="java.security.Principal" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="128" x="776" y="107.7656"/><ellipse cx="807.65" cy="123.7656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M803.5777,119.5308 L803.5777,117.3726 L810.9571,117.3726 L810.9571,119.5308 L808.4918,119.5308 L808.4918,127.6074 L810.9571,127.6074 L810.9571,129.7656 L803.5777,129.7656 L803.5777,127.6074 L806.0431,127.6074 L806.0431,119.5308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="59" x="825.35" y="129.0566">Principal</text><line style="stroke:#181818;stroke-width:0.5;" x1="777" x2="903" y1="139.7656" y2="139.7656"/><line style="stroke:#181818;stroke-width:0.5;" x1="777" x2="903" y1="147.7656" y2="147.7656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="116" x="782" y="165.3008">getName():String</text></g><!--MD5=[86b30c3e0fe779331a576db045bd0856]
-class SecurityContext--><g id="elem_SecurityContext"><rect codeLine="108" fill="#F1F1F1" height="113.9531" id="SecurityContext" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="313" x="271.5" y="438.7656"/><ellipse cx="369.25" cy="454.7656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M365.1777,450.5308 L365.1777,448.3726 L372.5571,448.3726 L372.5571,450.5308 L370.0918,450.5308 L370.0918,458.6074 L372.5571,458.6074 L372.5571,460.7656 L365.1777,460.7656 L365.1777,458.6074 L367.6431,458.6074 L367.6431,450.5308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="109" x="389.75" y="460.0566">SecurityContext</text><line style="stroke:#181818;stroke-width:0.5;" x1="272.5" x2="583.5" y1="470.7656" y2="470.7656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="192" x="277.5" y="488.3008">val principal: CoSecPrincipal</text><line style="stroke:#181818;stroke-width:0.5;" x1="272.5" x2="583.5" y1="495.2539" y2="495.2539"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="301" x="277.5" y="512.7891">setAttribute(String, Object): SecurityContext</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="157" x="277.5" y="529.2773">getAttribute(String): T?</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="213" x="277.5" y="545.7656">getRequiredAttribute(String): T</text></g><!--MD5=[0851f84a889f989e7bb0bebc385d0f09]
-class Request--><g id="elem_Request"><rect codeLine="117" fill="#F1F1F1" height="146.9297" id="Request" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="214" x="22" y="422.2656"/><ellipse cx="97.25" cy="438.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M93.1777,434.0308 L93.1777,431.8726 L100.5571,431.8726 L100.5571,434.0308 L98.0918,434.0308 L98.0918,442.1074 L100.5571,442.1074 L100.5571,444.2656 L93.1777,444.2656 L93.1777,442.1074 L95.6431,442.1074 L95.6431,434.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="55" x="117.75" y="443.5566">Request</text><line style="stroke:#181818;stroke-width:0.5;" x1="23" x2="235" y1="454.2656" y2="454.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="103" x="28" y="471.8008">val path: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="125" x="28" y="488.2891">val method: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="134" x="28" y="504.7773">val remoteIp: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="113" x="28" y="521.2656">val origin: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="119" x="28" y="537.7539">val referer: String</text><line style="stroke:#181818;stroke-width:0.5;" x1="23" x2="235" y1="544.707" y2="544.707"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="202" x="28" y="562.2422">getHeader(key: String): String</text></g><!--MD5=[eaab7d2ddd4405c2c7244fd25dd0c172]
-class AuthorizeResult--><g id="elem_AuthorizeResult"><rect codeLine="128" fill="#F1F1F1" height="80.9766" id="AuthorizeResult" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="173" x="558.5" y="662.2656"/><ellipse cx="587.45" cy="678.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M583.3777,674.0308 L583.3777,671.8726 L590.7571,671.8726 L590.7571,674.0308 L588.2918,674.0308 L588.2918,682.1074 L590.7571,682.1074 L590.7571,684.2656 L583.3777,684.2656 L583.3777,682.1074 L585.8431,682.1074 L585.8431,674.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="110" x="604.55" y="683.5566">AuthorizeResult</text><line style="stroke:#181818;stroke-width:0.5;" x1="559.5" x2="730.5" y1="694.2656" y2="694.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="161" x="564.5" y="711.8008">val authorized: Boolean</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="119" x="564.5" y="728.2891">val reason: String</text><line style="stroke:#181818;stroke-width:0.5;" x1="559.5" x2="730.5" y1="735.2422" y2="735.2422"/></g><!--MD5=[16baea6be49bb9991e615d76903392b3]
-class Authorization--><g id="elem_Authorization"><rect codeLine="132" fill="#F1F1F1" height="64.4883" id="Authorization" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="435" x="88.5" y="670.7656"/><ellipse cx="254.25" cy="686.7656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M250.1777,682.5308 L250.1777,680.3726 L257.5571,680.3726 L257.5571,682.5308 L255.0918,682.5308 L255.0918,690.6074 L257.5571,690.6074 L257.5571,692.7656 L250.1777,692.7656 L250.1777,690.6074 L252.6431,690.6074 L252.6431,682.5308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="95" x="274.75" y="692.0566">Authorization</text><line style="stroke:#181818;stroke-width:0.5;" x1="89.5" x2="522.5" y1="702.7656" y2="702.7656"/><line style="stroke:#181818;stroke-width:0.5;" x1="89.5" x2="522.5" y1="710.7656" y2="710.7656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="423" x="94.5" y="728.3008">authorize(Request,SecurityContext): Mono&lt;AuthorizeResult&gt;</text></g><!--MD5=[63e7a34560323ddebc94de26bb3dfe24]
-class Credentials--><g id="elem_Credentials"><rect codeLine="140" fill="#F1F1F1" height="48" id="Credentials" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="110" x="1385" y="281.2656"/><ellipse cx="1400" cy="297.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M1395.9277,293.0308 L1395.9277,290.8726 L1403.3071,290.8726 L1403.3071,293.0308 L1400.8418,293.0308 L1400.8418,301.1074 L1403.3071,301.1074 L1403.3071,303.2656 L1395.9277,303.2656 L1395.9277,301.1074 L1398.3931,301.1074 L1398.3931,293.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="78" x="1414" y="302.5566">Credentials</text><line style="stroke:#181818;stroke-width:0.5;" x1="1386" x2="1494" y1="313.2656" y2="313.2656"/><line style="stroke:#181818;stroke-width:0.5;" x1="1386" x2="1494" y1="321.2656" y2="321.2656"/></g><!--MD5=[a139e992f8a77546bf37c14edd197f06]
-class Authentication--><g id="elem_Authentication"><rect codeLine="141" fill="#F1F1F1" height="80.9766" id="Authentication" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="312" x="1284" y="455.2656"/><ellipse cx="1299" cy="471.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M1294.9277,467.0308 L1294.9277,464.8726 L1302.3071,464.8726 L1302.3071,467.0308 L1299.8418,467.0308 L1299.8418,475.1074 L1302.3071,475.1074 L1302.3071,477.2656 L1294.9277,477.2656 L1294.9277,475.1074 L1297.3931,475.1074 L1297.3931,467.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="101" x="1313" y="476.5566">Authentication</text><rect fill="#FFFFFF" height="16.1328" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" width="177" x="1422" y="452.2656"/><text fill="#000000" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="175" x="1423" y="464.8672">C:Credentials,P:CoSecPrincipal</text><line style="stroke:#181818;stroke-width:0.5;" x1="1285" x2="1595" y1="487.2656" y2="487.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="208" x="1290" y="504.8008">supportCredentials: Class&lt;C&gt;</text><line style="stroke:#181818;stroke-width:0.5;" x1="1285" x2="1595" y1="511.7539" y2="511.7539"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="182" x="1290" y="529.2891">authenticate(C): Mono&lt;P&gt;</text></g><!--MD5=[f074fdee743888442a4f97901e556f9c]
-class AuthenticationProvider--><g id="elem_AuthenticationProvider"><rect codeLine="145" fill="#F1F1F1" height="146.9297" id="AuthenticationProvider" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="260" x="1631" y="422.2656"/><ellipse cx="1677.75" cy="438.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M1673.6777,434.0308 L1673.6777,431.8726 L1681.0571,431.8726 L1681.0571,434.0308 L1678.5918,434.0308 L1678.5918,442.1074 L1681.0571,442.1074 L1681.0571,444.2656 L1673.6777,444.2656 L1673.6777,442.1074 L1676.1431,442.1074 L1676.1431,434.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="158" x="1698.25" y="443.5566">AuthenticationProvider</text><line style="stroke:#181818;stroke-width:0.5;" x1="1632" x2="1890" y1="454.2656" y2="454.2656"/><line style="stroke:#181818;stroke-width:0.5;" x1="1632" x2="1890" y1="462.2656" y2="462.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="192" x="1637" y="479.8008">get(Class&lt;Credentials&gt;): A?</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="248" x="1637" y="496.2891">getRequired(Class&lt;Credentials&gt;): A</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="109" x="1637" y="512.7773">register(A): Unit</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="185" x="1637" y="529.2656">register(Class&lt;C&gt;, A): Unit</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="109" x="1637" y="545.7539">register(A): Unit</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="248" x="1637" y="562.2422">getRequired(Class&lt;Credentials&gt;): A</text></g><!--MD5=[7c5c88a606935469d5f89b0b5794816c]
-class Named--><g id="elem_Named"><rect codeLine="5" fill="#F1F1F1" height="64.4883" id="Named" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="99" x="641.5" y="107.7656"/><ellipse cx="665.05" cy="123.7656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M660.9777,119.5308 L660.9777,117.3726 L668.3571,117.3726 L668.3571,119.5308 L665.8918,119.5308 L665.8918,127.6074 L668.3571,127.6074 L668.3571,129.7656 L660.9777,129.7656 L660.9777,127.6074 L663.4431,127.6074 L663.4431,119.5308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="48" x="680.95" y="129.0566">Named</text><line style="stroke:#181818;stroke-width:0.5;" x1="642.5" x2="739.5" y1="139.7656" y2="139.7656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="87" x="647.5" y="157.3008">name: String</text><line style="stroke:#181818;stroke-width:0.5;" x1="642.5" x2="739.5" y1="164.2539" y2="164.2539"/></g><!--MD5=[d3fc1cb30f7bdcc9e19e497f9b6ed3e8]
-link Tenant to TenantCapable--><g id="link_Tenant_TenantCapable"><path codeLine="18" d="M464,195.0056 C464,215.6056 464,259.3556 464,259.3556 " fill="none" id="Tenant-TenantCapable" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="464,182.2756,460,191.2756,464,187.2756,468,191.2756,464,182.2756" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="464" x2="464" y1="187.2756" y2="195.2756"/><polygon fill="#181818" points="464,271.3556,468,265.3556,464,259.3556,460,265.3556,464,271.3556" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[3a61d607afa5f9046415286ff45a7e54]
-reverse link RequestMatcher to ActionMatcher--><g id="link_RequestMatcher_ActionMatcher"><path codeLine="68" d="M2714.32,178.8456 C2692.76,185.6956 2669.85,191.8856 2648,195.7656 C2613.42,201.9156 2363.65,190.0256 2332,205.2656 C2298.89,221.2056 2273.89,256.9756 2260.1,280.8756 " fill="none" id="RequestMatcher-backto-ActionMatcher" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="2711.86,172.2856,2733.05,172.6056,2716.29,185.5656,2711.86,172.2856" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[bdb7cf9e45c1a2c85396bf792a7d7532]
-reverse link RequestMatcher to ConditionMatcher--><g id="link_RequestMatcher_ConditionMatcher"><path codeLine="69" d="M2834.64,191.3156 C2847.44,221.2056 2863.04,257.6556 2873,280.9056 " fill="none" id="RequestMatcher-backto-ConditionMatcher" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="2828.36,194.4356,2826.93,173.2956,2841.23,188.9256,2828.36,194.4356" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[99bd1ab024ee26fc6b7c63d9677fdb72]
-reverse link PermissionVerifier to Statement--><g id="link_PermissionVerifier_Statement"><path codeLine="70" d="M2582.15,355.6256 C2565.09,383.8256 2543.8,419.0256 2526.91,446.9656 " fill="none" id="PermissionVerifier-backto-Statement" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="2576.05,352.1756,2592.39,338.6856,2588.03,359.4256,2576.05,352.1756" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[e4eaaab51f62ef0fd17f62ea5476519c]
-link Effect to Statement--><g id="link_Effect_Statement"><path codeLine="71" d="M2415.57,358.4756 C2429.88,382.1256 2462.0154,435.2702 2462.0154,435.2702 " fill="none" id="Effect-Statement" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="2408.96,347.5356,2410.1936,357.3069,2411.547,351.8143,2417.0396,353.1677,2408.96,347.5356" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="2411.547" x2="2415.685" y1="351.8143" y2="358.6606"/><polygon fill="#181818" points="2468.23,445.5356,2468.5445,438.3314,2462.0154,435.2702,2461.7009,442.4745,2468.23,445.5356" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[421c707edf9dcb67c653879c9588b357]
-link ActionMatcher to Statement--><g id="link_ActionMatcher_Statement"><path codeLine="72" d="M2290.74,338.4956 C2326.99,365.8256 2423.6574,438.7124 2423.6574,438.7124 " fill="none" id="ActionMatcher-Statement" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="2280.37,330.6656,2285.1435,339.2804,2284.3607,333.6779,2289.9632,332.8952,2280.37,330.6656" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="2284.3607" x2="2290.75" y1="333.6779" y2="338.4956"/><polygon fill="#181818" points="2433.24,445.9356,2430.8564,439.1298,2423.6574,438.7124,2426.041,445.5182,2433.24,445.9356" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[04f4abb29adabcf38a547a8eb9430c3b]
-link ConditionMatcher to Statement--><g id="link_ConditionMatcher_Statement"><path codeLine="73" d="M2838.93,337.2456 C2823.48,346.7256 2805.57,356.2256 2788,362.2656 C2732.47,381.3356 2711.55,357.5656 2657,379.2656 C2622.45,393.0156 2560.3726,438.2699 2560.3726,438.2699 " fill="none" id="ConditionMatcher-Statement" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="2849.48,330.5256,2839.7408,331.9911,2845.264,333.2136,2844.0415,338.7367,2849.48,330.5256" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="2845.264" x2="2838.515" y1="333.2136" y2="337.5106"/><polygon fill="#181818" points="2551.05,445.8256,2558.2299,445.1553,2560.3726,438.2699,2553.1928,438.9402,2551.05,445.8256" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[e3680ece5eb6e2539ae6dce9363554de]
-link PolicyType to Policy--><g id="link_PolicyType_Policy"><path codeLine="74" d="M2692.47,557.0556 C2682.15,575.6256 2659.0611,617.1276 2659.0611,617.1276 " fill="none" id="PolicyType-Policy" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="2698.68,545.8956,2690.8107,551.8179,2696.2504,550.2656,2697.8027,555.7053,2698.68,545.8956" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="2696.2504" x2="2692.365" y1="550.2656" y2="557.2556"/><polygon fill="#181818" points="2653.23,627.6156,2659.6415,624.3153,2659.0611,617.1276,2652.6495,620.4279,2653.23,627.6156" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[a7b3af78aa4d03cb0e67dc6b5e1b33d1]
-link Statement to Policy--><g id="link_Statement_Policy"><path codeLine="75" d="M2531.53,557.0556 C2541.85,575.6256 2564.9389,617.1276 2564.9389,617.1276 " fill="none" id="Statement-Policy" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="2525.32,545.8956,2526.1973,555.7053,2527.7496,550.2656,2533.1893,551.8179,2525.32,545.8956" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="2527.7496" x2="2531.635" y1="550.2656" y2="557.2556"/><polygon fill="#181818" points="2570.77,627.6156,2571.3505,620.4279,2564.9389,617.1276,2564.3585,624.3153,2570.77,627.6156" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[f6501252c65be42b38a34c7ff3f78362]
-link GMN29 to PolicyEvaluator--><g id="link_GMN29_PolicyEvaluator"><path d="M2277.52,152.6756 C2244.58,163.0856 2199.3,180.4256 2165,205.2656 C2139.31,223.8656 2116.3,251.7256 2100.72,273.1656 " fill="none" id="GMN29-PolicyEvaluator" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/></g><!--MD5=[017c10c76ce2d36bd60f0dc62a4a72a8]
-reverse link java.security.Principal to CoSecPrincipal--><g id="link_java.security.Principal_CoSecPrincipal"><path codeLine="96" d="M817.12,191.3256 C808.98,209.3056 799.76,229.6656 791.42,248.0956 " fill="none" id="java.security.Principal-backto-CoSecPrincipal" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="810.66,188.6156,825.28,173.2856,823.41,194.3856,810.66,188.6156" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[5b5054689bf2020954aca84a99bf32ab]
-reverse link TenantCapable to TenantPrincipal--><g id="link_TenantCapable_TenantPrincipal"><path codeLine="97" d="M545.46,347.5856 C563.96,357.5456 583.35,368.4456 601,379.2656 C649.29,408.8856 702.54,447.2656 735.13,471.4656 " fill="none" id="TenantCapable-backto-TenantPrincipal" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="542.34,353.8556,527.95,338.3056,548.9,341.4856,542.34,353.8556" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[e7f6508ff043c461a5f165263bc71b5b]
-reverse link CoSecPrincipal to TenantPrincipal--><g id="link_CoSecPrincipal_TenantPrincipal"><path codeLine="98" d="M766,383.8456 C766,415.4456 766,449.6256 766,471.5656 " fill="none" id="CoSecPrincipal-backto-TenantPrincipal" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="759,384.0756,766,364.0756,773,384.0756,759,384.0756" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[c7c8313ddc0bad273885a8234da768c1]
-reverse link Named to CoSecPrincipal--><g id="link_Named_CoSecPrincipal"><path codeLine="99" d="M714.19,191.3256 C722.44,209.3056 731.78,229.6656 740.23,248.0956 " fill="none" id="Named-backto-CoSecPrincipal" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="707.89,194.3756,705.91,173.2756,720.62,188.5356,707.89,194.3756" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[903468ed3f54634ff2089a3230707525]
-reverse link RoleCapable to TenantPrincipal--><g id="link_RoleCapable_TenantPrincipal"><path codeLine="100" d="M950.08,350.7856 C901.74,388.5956 834.27,441.3656 795.87,471.3956 " fill="none" id="RoleCapable-backto-TenantPrincipal" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="945.67,345.3456,965.74,338.5356,954.3,356.3756,945.67,345.3456" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[2e9dd4d24c620f4ef4c09958d90dc0d9]
-reverse link PolicyCapable to CoSecPrincipal--><g id="link_PolicyCapable_CoSecPrincipal"><path codeLine="101" d="M1925.68,143.7056 C1659.89,151.2156 1003.32,172.8156 909,205.2656 C881.45,214.7456 854.35,231.1456 831.27,247.9056 " fill="none" id="PolicyCapable-backto-CoSecPrincipal" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="1925.45,136.7056,1945.63,143.1456,1925.84,150.7056,1925.45,136.7056" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[b1a9f71c494fe876e4b85e22ffb61b43]
-reverse link TenantCapable to SecurityContext--><g id="link_TenantCapable_SecurityContext"><path codeLine="114" d="M454.09,358.1856 C449.33,383.0956 443.62,412.9856 438.76,438.4456 " fill="none" id="TenantCapable-backto-SecurityContext" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="447.14,357.2156,457.77,338.8756,460.9,359.8356,447.14,357.2156" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[0c4cc86a4eab11f0ad45d9e81ff75b78]
-link CoSecPrincipal to SecurityContext--><g id="link_CoSecPrincipal_SecurityContext"><path codeLine="115" d="M655.63,362.6956 C645.24,368.2256 634.9,373.8056 625,379.2656 C595.23,395.6856 563.3,414.0656 534,431.2456 " fill="none" id="CoSecPrincipal-to-SecurityContext" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="522.92,437.7556,530.1194,438.1665,533.2676,431.6789,526.0682,431.268,522.92,437.7556" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[30076c0053eee824d8d2442e12969676]
-reverse link Request to Authorization--><g id="link_Request_Authorization"><path codeLine="135" d="M196.12,574.5056 C224.88,607.8156 256.84,644.8356 278.85,670.3156 " fill="none" id="Request-backto-Authorization" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="192.89,570.7656,195.7481,580.1907,196.1592,574.5488,201.8011,574.9599,192.89,570.7656" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[7ca05d895fd4d3e3cb6ad83c182c7856]
-reverse link SecurityContext to Authorization--><g id="link_SecurityContext_Authorization"><path codeLine="136" d="M391.3,558.4356 C369.32,595.3656 342.31,640.7456 324.65,670.4256 " fill="none" id="SecurityContext-backto-Authorization" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="393.73,554.3556,385.6835,560.0348,391.1681,558.6494,392.5535,564.134,393.73,554.3556" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[6b6dcf69d22c7b7e80e54001a420a613]
-reverse link CoSecPrincipal to Authentication--><g id="link_CoSecPrincipal_Authentication"><path codeLine="153" d="M897.38,359.5256 C901.27,360.5156 905.15,361.4356 909,362.2656 C1054.74,393.6356 1101.21,336.4056 1244,379.2656 C1296.96,395.1656 1350.61,428.2156 1388.36,454.9056 " fill="none" id="CoSecPrincipal-backto-Authentication" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="892.71,358.2856,900.3777,364.4667,897.5416,359.5722,902.4362,356.7361,892.71,358.2856" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[615981591744dbfd257bd758771ab80b]
-reverse link Credentials to Authentication--><g id="link_Credentials_Authentication"><path codeLine="154" d="M1440,335.9056 C1440,367.9456 1440,419.2156 1440,454.8056 " fill="none" id="Credentials-backto-Authentication" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="1440,331.2756,1436,340.2756,1440,336.2756,1444,340.2756,1440,331.2756" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[40d5522495084d761aba8f9786b248b8]
-link Authentication to AuthenticationProvider--><g id="link_Authentication_AuthenticationProvider"><path codeLine="155" d="M1610.93,495.7656 C1612.8,495.7656 1617.3,495.7656 1617.3,495.7656 " fill="none" id="Authentication-AuthenticationProvider" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="1597.94,495.7656,1606.94,499.7656,1602.94,495.7656,1606.94,491.7656,1597.94,495.7656" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="1602.94" x2="1610.94" y1="495.7656" y2="495.7656"/><polygon fill="#181818" points="1629.3,495.7656,1623.3,491.7656,1617.3,495.7656,1623.3,499.7656,1629.3,495.7656" style="stroke:#181818;stroke-width:1.0;"/></g><a href="https://github.com/Ahoo-Wang/CoSec" target="_top" title="https://github.com/Ahoo-Wang/CoSec" xlink:actuate="onRequest" xlink:href="https://github.com/Ahoo-Wang/CoSec" xlink:show="new" xlink:title="https://github.com/Ahoo-Wang/CoSec" xlink:type="simple"><text fill="#808080" font-family="sans-serif" font-size="10" lengthAdjust="spacing" text-decoration="underline" textLength="189" x="1390.5" y="807.9336">https://github.com/Ahoo-Wang/CoSec</text></a><!--MD5=[48f5b95d9c005b3b03a37183ca709b71]
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" contentStyleType="text/css" height="835px" preserveAspectRatio="none" style="width:2984px;height:835px;background:#FFFFFF;" version="1.1" viewBox="0 0 2984 835" width="2984px" zoomAndPan="magnify"><defs/><g><a href="https://github.com/Ahoo-Wang/CoSec" target="_top" title="https://github.com/Ahoo-Wang/CoSec" xlink:actuate="onRequest" xlink:href="https://github.com/Ahoo-Wang/CoSec" xlink:show="new" xlink:title="https://github.com/Ahoo-Wang/CoSec" xlink:type="simple"><text fill="#808080" font-family="sans-serif" font-size="10" lengthAdjust="spacing" text-decoration="underline" textLength="189" x="2781" y="9.668">https://github.com/Ahoo-Wang/CoSec</text></a><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="224" x="1373" y="36.3125">CoSec Modeling Class Diagram</text><!--MD5=[158ea172665500f9d1b87622b0f57e22]
+cluster tenant--><g id="cluster_tenant"><path d="M102.5,56.2656 L149.5,56.2656 A3.75,3.75 0 0 1 152,58.7656 L159,78.7539 L573.5,78.7539 A2.5,2.5 0 0 1 576,81.2539 L576,367.7656 A2.5,2.5 0 0 1 573.5,370.2656 L102.5,370.2656 A2.5,2.5 0 0 1 100,367.7656 L100,58.7656 A2.5,2.5 0 0 1 102.5,56.2656 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="100" x2="159" y1="78.7539" y2="78.7539"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="46" x="104" y="71.8008">tenant</text></g><!--MD5=[73372e1614ca5de955321ff74365eabf]
+cluster policy--><g id="cluster_policy"><path d="M1933.5,64.7656 L1977.5,64.7656 A3.75,3.75 0 0 1 1980,67.2656 L1987,87.2539 L2974.5,87.2539 A2.5,2.5 0 0 1 2977,89.7539 L2977,806.7656 A2.5,2.5 0 0 1 2974.5,809.2656 L1933.5,809.2656 A2.5,2.5 0 0 1 1931,806.7656 L1931,67.2656 A2.5,2.5 0 0 1 1933.5,64.7656 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="1931" x2="1987" y1="87.2539" y2="87.2539"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="43" x="1935" y="80.3008">policy</text></g><!--MD5=[d119c4a9d5e0dd9c185bd0ddda62ab2d]
+cluster principal--><g id="cluster_principal"><path d="M627.5,230.2656 L691.5,230.2656 A3.75,3.75 0 0 1 694,232.7656 L701,252.7539 L1241.5,252.7539 A2.5,2.5 0 0 1 1244,255.2539 L1244,550.2656 A2.5,2.5 0 0 1 1241.5,552.7656 L627.5,552.7656 A2.5,2.5 0 0 1 625,550.2656 L625,232.7656 A2.5,2.5 0 0 1 627.5,230.2656 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="625" x2="701" y1="252.7539" y2="252.7539"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="63" x="629" y="245.8008">principal</text></g><!--MD5=[67892945c51b45dfa1cd11fc454571f7]
+cluster java.security--><g id="cluster_java.security"><path d="M788.5,81.2656 L878.5,81.2656 A3.75,3.75 0 0 1 881,83.7656 L888,103.7539 L943.5,103.7539 A2.5,2.5 0 0 1 946,106.2539 L946,193.7656 A2.5,2.5 0 0 1 943.5,196.2656 L788.5,196.2656 A2.5,2.5 0 0 1 786,193.7656 L786,83.7656 A2.5,2.5 0 0 1 788.5,81.2656 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="786" x2="888" y1="103.7539" y2="103.7539"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="89" x="790" y="96.8008">java.security</text></g><!--MD5=[7f1db14b27b7629509c802e44e13c9c4]
+cluster context--><g id="cluster_context"><path d="M8.5,404.2656 L62.5,404.2656 A3.75,3.75 0 0 1 65,406.7656 L72,426.7539 L598.5,426.7539 A2.5,2.5 0 0 1 601,429.2539 L601,599.7656 A2.5,2.5 0 0 1 598.5,602.2656 L8.5,602.2656 A2.5,2.5 0 0 1 6,599.7656 L6,406.7656 A2.5,2.5 0 0 1 8.5,404.2656 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="6" x2="72" y1="426.7539" y2="426.7539"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="53" x="10" y="419.8008">context</text></g><!--MD5=[df81d8a983ce68ee9869115533ee282f]
+cluster authorization--><g id="cluster_authorization"><path d="M74.5,644.2656 L172.5,644.2656 A3.75,3.75 0 0 1 175,646.7656 L182,666.7539 L745.5,666.7539 A2.5,2.5 0 0 1 748,669.2539 L748,773.7656 A2.5,2.5 0 0 1 745.5,776.2656 L74.5,776.2656 A2.5,2.5 0 0 1 72,773.7656 L72,646.7656 A2.5,2.5 0 0 1 74.5,644.2656 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="72" x2="182" y1="666.7539" y2="666.7539"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="97" x="76" y="659.8008">authorization</text></g><!--MD5=[9866a4850b67e61c0bb8154df9df1072]
+cluster authentication--><g id="cluster_authentication"><path d="M1270.5,263.2656 L1375.5,263.2656 A3.75,3.75 0 0 1 1378,265.7656 L1385,285.7539 L1904.5,285.7539 A2.5,2.5 0 0 1 1907,288.2539 L1907,599.7656 A2.5,2.5 0 0 1 1904.5,602.2656 L1270.5,602.2656 A2.5,2.5 0 0 1 1268,599.7656 L1268,265.7656 A2.5,2.5 0 0 1 1270.5,263.2656 " fill="none" style="stroke:#000000;stroke-width:1.5;"/><line style="stroke:#000000;stroke-width:1.5;" x1="1268" x2="1385" y1="285.7539" y2="285.7539"/><text fill="#000000" font-family="sans-serif" font-size="14" font-weight="bold" lengthAdjust="spacing" textLength="104" x="1272" y="278.8008">authentication</text></g><!--MD5=[a8904d412b6bac905c960d0a15a57f60]
+class Tenant--><g id="elem_Tenant"><rect codeLine="10" fill="#F1F1F1" height="113.9531" id="Tenant" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="215" x="344.5" y="91.2656"/><ellipse cx="423.75" cy="107.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M419.6777,103.0308 L419.6777,100.8726 L427.0571,100.8726 L427.0571,103.0308 L424.5918,103.0308 L424.5918,111.1074 L427.0571,111.1074 L427.0571,113.2656 L419.6777,113.2656 L419.6777,111.1074 L422.1431,111.1074 L422.1431,103.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="48" x="444.25" y="112.5566">Tenant</text><line style="stroke:#181818;stroke-width:0.5;" x1="345.5" x2="558.5" y1="123.2656" y2="123.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="129" x="350.5" y="140.8008">val tenantId: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="203" x="350.5" y="157.2891">val isPlatformTenant: Boolean</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="194" x="350.5" y="173.7773">val isDefaultTenant: Boolean</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="176" x="350.5" y="190.2656">val isUserTenant: Boolean</text><line style="stroke:#181818;stroke-width:0.5;" x1="345.5" x2="558.5" y1="197.2188" y2="197.2188"/></g><!--MD5=[2ee7de80ccb219b57973144fcb0a9e81]
+class TenantCapable--><g id="elem_TenantCapable"><rect codeLine="16" fill="#F1F1F1" height="64.4883" id="TenantCapable" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="136" x="384" y="290.2656"/><ellipse cx="399" cy="306.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M394.9277,302.0308 L394.9277,299.8726 L402.3071,299.8726 L402.3071,302.0308 L399.8418,302.0308 L399.8418,310.1074 L402.3071,310.1074 L402.3071,312.2656 L394.9277,312.2656 L394.9277,310.1074 L397.3931,310.1074 L397.3931,302.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="104" x="413" y="311.5566">TenantCapable</text><line style="stroke:#181818;stroke-width:0.5;" x1="385" x2="519" y1="322.2656" y2="322.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="123" x="390" y="339.8008">val tenant: Tenant</text><line style="stroke:#181818;stroke-width:0.5;" x1="385" x2="519" y1="346.7539" y2="346.7539"/></g><path d="M116.5,130.7656 L116.5,156.0762 A0,0 0 0 0 116.5,156.0762 L309.5,156.0762 A0,0 0 0 0 309.5,156.0762 L309.5,148.7656 L348.5,151.998 L309.5,140.7656 L309.5,140.7656 L299.5,130.7656 L116.5,130.7656 A0,0 0 0 0 116.5,130.7656 " fill="#FEFFDD" style="stroke:#181818;stroke-width:0.5;"/><path d="M299.5,130.7656 L299.5,140.7656 L309.5,140.7656 L299.5,130.7656 " fill="#FEFFDD" style="stroke:#181818;stroke-width:0.5;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="172" x="122.5" y="148.334">Is it a root platform tenant?</text><!--MD5=[891844a5ce18d50d477bdacc29a03b64]
+class PolicyType--><g id="elem_PolicyType"><rect codeLine="28" fill="#F1F1F1" height="97.4648" id="PolicyType" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="104" x="2674" y="464.2656"/><ellipse cx="2689" cy="480.2656" fill="#EB937F" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2693.1143,486.2656 L2685.3945,486.2656 L2685.3945,473.8726 L2693.1143,473.8726 L2693.1143,476.0308 L2687.8433,476.0308 L2687.8433,478.7036 L2692.6162,478.7036 L2692.6162,480.8618 L2687.8433,480.8618 L2687.8433,484.1074 L2693.1143,484.1074 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="72" x="2703" y="485.5566">PolicyType</text><line style="stroke:#181818;stroke-width:0.5;" x1="2675" x2="2777" y1="496.2656" y2="496.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="54" x="2680" y="513.8008">SYSTEM</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="60" x="2680" y="530.2891">CUSTOM</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="53" x="2680" y="546.7773">GLOBAL</text><line style="stroke:#181818;stroke-width:0.5;" x1="2675" x2="2777" y1="553.7305" y2="553.7305"/></g><!--MD5=[9445d644bbe92584b3fa45e77778917b]
+class Policy--><g id="elem_Policy"><rect codeLine="33" fill="#F1F1F1" height="146.9297" id="Policy" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="230" x="2497" y="646.2656"/><ellipse cx="2588.25" cy="662.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2584.1777,658.0308 L2584.1777,655.8726 L2591.5571,655.8726 L2591.5571,658.0308 L2589.0918,658.0308 L2589.0918,666.1074 L2591.5571,666.1074 L2591.5571,668.2656 L2584.1777,668.2656 L2584.1777,666.1074 L2586.6431,666.1074 L2586.6431,658.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="39" x="2608.75" y="667.5566">Policy</text><line style="stroke:#181818;stroke-width:0.5;" x1="2498" x2="2726" y1="678.2656" y2="678.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="85" x="2503" y="695.8008">val id: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="110" x="2503" y="712.2891">val name: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="132" x="2503" y="728.7773">val type: PolicyType</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="149" x="2503" y="745.2656">val description: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="125" x="2503" y="761.7539">val tenantId:String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="218" x="2503" y="778.2422">val statements: Set&lt;Statement&gt;</text><line style="stroke:#181818;stroke-width:0.5;" x1="2498" x2="2726" y1="785.1953" y2="785.1953"/></g><!--MD5=[354ba6fe2710e9f7c691253c66156a32]
+class Effect--><g id="elem_Effect"><rect codeLine="41" fill="#F1F1F1" height="80.9766" id="Effect" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="70" x="2349" y="281.7656"/><ellipse cx="2364" cy="297.7656" fill="#EB937F" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2368.1143,303.7656 L2360.3945,303.7656 L2360.3945,291.3726 L2368.1143,291.3726 L2368.1143,293.5308 L2362.8433,293.5308 L2362.8433,296.2036 L2367.6162,296.2036 L2367.6162,298.3618 L2362.8433,298.3618 L2362.8433,301.6074 L2368.1143,301.6074 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="38" x="2378" y="303.0566">Effect</text><line style="stroke:#181818;stroke-width:0.5;" x1="2350" x2="2418" y1="313.7656" y2="313.7656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="47" x="2355" y="331.3008">ALLOW</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="37" x="2355" y="347.7891">DENY</text><line style="stroke:#181818;stroke-width:0.5;" x1="2350" x2="2418" y1="354.7422" y2="354.7422"/></g><!--MD5=[dd3a6102b68975fd8f1a6314072b340a]
+class RequestMatcher--><g id="elem_RequestMatcher"><rect codeLine="45" fill="#F1F1F1" height="64.4883" id="RequestMatcher" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="295" x="2665.5" y="116.2656"/><ellipse cx="2753.75" cy="132.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2749.6777,128.0308 L2749.6777,125.8726 L2757.0571,125.8726 L2757.0571,128.0308 L2754.5918,128.0308 L2754.5918,136.1074 L2757.0571,136.1074 L2757.0571,138.2656 L2749.6777,138.2656 L2749.6777,136.1074 L2752.1431,136.1074 L2752.1431,128.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="110" x="2774.25" y="137.5566">RequestMatcher</text><line style="stroke:#181818;stroke-width:0.5;" x1="2666.5" x2="2959.5" y1="148.2656" y2="148.2656"/><line style="stroke:#181818;stroke-width:0.5;" x1="2666.5" x2="2959.5" y1="156.2656" y2="156.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="283" x="2671.5" y="173.8008">match(Request,SecurityContext): Boolean</text></g><!--MD5=[226a4eef5279541003c62db16c270ea5]
+class ActionMatcher--><g id="elem_ActionMatcher"><rect codeLine="48" fill="#F1F1F1" height="48" id="ActionMatcher" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="131" x="2182.5" y="298.2656"/><ellipse cx="2197.5" cy="314.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2193.4277,310.0308 L2193.4277,307.8726 L2200.8071,307.8726 L2200.8071,310.0308 L2198.3418,310.0308 L2198.3418,318.1074 L2200.8071,318.1074 L2200.8071,320.2656 L2193.4277,320.2656 L2193.4277,318.1074 L2195.8931,318.1074 L2195.8931,310.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="99" x="2211.5" y="319.5566">ActionMatcher</text><line style="stroke:#181818;stroke-width:0.5;" x1="2183.5" x2="2312.5" y1="330.2656" y2="330.2656"/><line style="stroke:#181818;stroke-width:0.5;" x1="2183.5" x2="2312.5" y1="338.2656" y2="338.2656"/></g><!--MD5=[ce15d4ae5e7b4627c02fd240cc319742]
+class ConditionMatcher--><g id="elem_ConditionMatcher"><rect codeLine="49" fill="#F1F1F1" height="48" id="ConditionMatcher" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="155" x="2805.5" y="298.2656"/><ellipse cx="2820.5" cy="314.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2816.4277,310.0308 L2816.4277,307.8726 L2823.8071,307.8726 L2823.8071,310.0308 L2821.3418,310.0308 L2821.3418,318.1074 L2823.8071,318.1074 L2823.8071,320.2656 L2816.4277,320.2656 L2816.4277,318.1074 L2818.8931,318.1074 L2818.8931,310.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="123" x="2834.5" y="319.5566">ConditionMatcher</text><line style="stroke:#181818;stroke-width:0.5;" x1="2806.5" x2="2959.5" y1="330.2656" y2="330.2656"/><line style="stroke:#181818;stroke-width:0.5;" x1="2806.5" x2="2959.5" y1="338.2656" y2="338.2656"/></g><!--MD5=[a5f8f54a8c595155ff6d10bcb2300aea]
+class VerifyResult--><g id="elem_VerifyResult"><rect codeLine="50" fill="#F1F1F1" height="97.4648" id="VerifyResult" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="115" x="2515.5" y="99.7656"/><ellipse cx="2531.4" cy="115.7656" fill="#EB937F" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2535.5143,121.7656 L2527.7945,121.7656 L2527.7945,109.3726 L2535.5143,109.3726 L2535.5143,111.5308 L2530.2433,111.5308 L2530.2433,114.2036 L2535.0162,114.2036 L2535.0162,116.3618 L2530.2433,116.3618 L2530.2433,119.6074 L2535.5143,119.6074 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="81" x="2545.6" y="121.0566">VerifyResult</text><line style="stroke:#181818;stroke-width:0.5;" x1="2516.5" x2="2629.5" y1="131.7656" y2="131.7656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="47" x="2521.5" y="149.3008">ALLOW</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="103" x="2521.5" y="165.7891">EXPLICIT_DENY</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="102" x="2521.5" y="182.2773">IMPLICIT_DENY</text><line style="stroke:#181818;stroke-width:0.5;" x1="2516.5" x2="2629.5" y1="189.2305" y2="189.2305"/></g><!--MD5=[a61a298976b7d1d94498f45c2ebfa10b]
+class Statement--><g id="elem_Statement"><rect codeLine="55" fill="#F1F1F1" height="113.9531" id="Statement" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="281" x="2357.5" y="455.7656"/><ellipse cx="2459.25" cy="471.7656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2455.1777,467.5308 L2455.1777,465.3726 L2462.5571,465.3726 L2462.5571,467.5308 L2460.0918,467.5308 L2460.0918,475.6074 L2462.5571,475.6074 L2462.5571,477.7656 L2455.1777,477.7656 L2455.1777,475.6074 L2457.6431,475.6074 L2457.6431,467.5308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="69" x="2479.75" y="477.0566">Statement</text><line style="stroke:#181818;stroke-width:0.5;" x1="2358.5" x2="2637.5" y1="487.7656" y2="487.7656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="110" x="2363.5" y="505.3008">val name: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="107" x="2363.5" y="521.7891">val effect: Effect</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="222" x="2363.5" y="538.2773">val actions: Set&lt;ActionMatcher&gt;</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="269" x="2363.5" y="554.7656">val conditions: Set&lt;ConditionMatcher&gt;</text><line style="stroke:#181818;stroke-width:0.5;" x1="2358.5" x2="2637.5" y1="561.7188" y2="561.7188"/></g><!--MD5=[25907446179e7e8284c1a5a6eb221e77]
+class PermissionVerifier--><g id="elem_PermissionVerifier"><rect codeLine="62" fill="#F1F1F1" height="64.4883" id="PermissionVerifier" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="316" x="2454" y="290.2656"/><ellipse cx="2545.25" cy="306.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2541.1777,302.0308 L2541.1777,299.8726 L2548.5571,299.8726 L2548.5571,302.0308 L2546.0918,302.0308 L2546.0918,310.1074 L2548.5571,310.1074 L2548.5571,312.2656 L2541.1777,312.2656 L2541.1777,310.1074 L2543.6431,310.1074 L2543.6431,302.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="125" x="2565.75" y="311.5566">PermissionVerifier</text><line style="stroke:#181818;stroke-width:0.5;" x1="2455" x2="2769" y1="322.2656" y2="322.2656"/><line style="stroke:#181818;stroke-width:0.5;" x1="2455" x2="2769" y1="330.2656" y2="330.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="304" x="2460" y="347.8008">verify(Request,SecurityContext): VerifyResult</text></g><!--MD5=[4a8e06406f0c0425d99e01150b1292e5]
+class PolicyEvaluator--><g id="elem_PolicyEvaluator"><rect codeLine="65" fill="#F1F1F1" height="64.4883" id="PolicyEvaluator" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="135" x="2012.5" y="290.2656"/><ellipse cx="2027.5" cy="306.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M2023.4277,302.0308 L2023.4277,299.8726 L2030.8071,299.8726 L2030.8071,302.0308 L2028.3418,302.0308 L2028.3418,310.1074 L2030.8071,310.1074 L2030.8071,312.2656 L2023.4277,312.2656 L2023.4277,310.1074 L2025.8931,310.1074 L2025.8931,302.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="103" x="2041.5" y="311.5566">PolicyEvaluator</text><line style="stroke:#181818;stroke-width:0.5;" x1="2013.5" x2="2146.5" y1="322.2656" y2="322.2656"/><line style="stroke:#181818;stroke-width:0.5;" x1="2013.5" x2="2146.5" y1="330.2656" y2="330.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="106" x="2018.5" y="347.8008">evaluate(Policy)</text></g><!--MD5=[79431584796416a68bc6cb91e9d847cd]
+class PolicyCapable--><g id="elem_PolicyCapable"><rect codeLine="68" fill="#F1F1F1" height="64.4883" id="PolicyCapable" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="179" x="1947.5" y="116.2656"/><ellipse cx="1985.9" cy="132.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M1981.8277,128.0308 L1981.8277,125.8726 L1989.2071,125.8726 L1989.2071,128.0308 L1986.7418,128.0308 L1986.7418,136.1074 L1989.2071,136.1074 L1989.2071,138.2656 L1981.8277,138.2656 L1981.8277,136.1074 L1984.2931,136.1074 L1984.2931,128.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="95" x="2005.1" y="137.5566">PolicyCapable</text><line style="stroke:#181818;stroke-width:0.5;" x1="1948.5" x2="2125.5" y1="148.2656" y2="148.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="167" x="1953.5" y="165.8008">val policies: Set&lt;String&gt;</text><line style="stroke:#181818;stroke-width:0.5;" x1="1948.5" x2="2125.5" y1="172.7539" y2="172.7539"/></g><g id="elem_GMN29"><path d="M2162,135.7656 L2162,161.0762 L2480,161.0762 L2480,145.7656 L2470,135.7656 L2162,135.7656 " fill="#FEFFDD" style="stroke:#181818;stroke-width:0.5;"/><path d="M2470,135.7656 L2470,145.7656 L2480,145.7656 L2470,135.7656 " fill="#FEFFDD" style="stroke:#181818;stroke-width:1.0;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="297" x="2168" y="153.334">Used to evaluate the effectiveness of the Policy</text></g><!--MD5=[52681581877b3e7248987c87e027ce58]
+class RoleCapable--><g id="elem_RoleCapable"><rect codeLine="89" fill="#F1F1F1" height="64.4883" id="RoleCapable" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="161" x="926.5" y="290.2656"/><ellipse cx="960.85" cy="306.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M956.7777,302.0308 L956.7777,299.8726 L964.1571,299.8726 L964.1571,302.0308 L961.6918,302.0308 L961.6918,310.1074 L964.1571,310.1074 L964.1571,312.2656 L956.7777,312.2656 L956.7777,310.1074 L959.2431,310.1074 L959.2431,302.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="86" x="979.15" y="311.5566">RoleCapable</text><line style="stroke:#181818;stroke-width:0.5;" x1="927.5" x2="1086.5" y1="322.2656" y2="322.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="149" x="932.5" y="339.8008">val roles: Set&lt;String&gt;</text><line style="stroke:#181818;stroke-width:0.5;" x1="927.5" x2="1086.5" y1="346.7539" y2="346.7539"/></g><!--MD5=[05e3ec1b6d12f04f2c7c7eb2dc3e534b]
+class CoSecPrincipal--><g id="elem_CoSecPrincipal"><rect codeLine="92" fill="#F1F1F1" height="113.9531" id="CoSecPrincipal" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="250" x="641" y="265.2656"/><ellipse cx="711.25" cy="281.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M707.1777,277.0308 L707.1777,274.8726 L714.5571,274.8726 L714.5571,277.0308 L712.0918,277.0308 L712.0918,285.1074 L714.5571,285.1074 L714.5571,287.2656 L707.1777,287.2656 L707.1777,285.1074 L709.6431,285.1074 L709.6431,277.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="101" x="731.75" y="286.5566">CoSecPrincipal</text><line style="stroke:#181818;stroke-width:0.5;" x1="642" x2="890" y1="297.2656" y2="297.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="85" x="647" y="314.8008">val id: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="238" x="647" y="331.2891">val attributes: Map&lt;String, String&gt;</text><line style="stroke:#181818;stroke-width:0.5;" x1="642" x2="890" y1="338.2422" y2="338.2422"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="153" x="647" y="355.7773">anonymous(): Boolean</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="167" x="647" y="372.2656">authenticated(): Boolean</text></g><!--MD5=[dcd1c42ae96b3f450c53e1d5a4b38ac2]
+class TenantPrincipal--><g id="elem_TenantPrincipal"><rect codeLine="98" fill="#F1F1F1" height="48" id="TenantPrincipal" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="139" x="696.5" y="488.7656"/><ellipse cx="711.5" cy="504.7656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M707.4277,500.5308 L707.4277,498.3726 L714.8071,498.3726 L714.8071,500.5308 L712.3418,500.5308 L712.3418,508.6074 L714.8071,508.6074 L714.8071,510.7656 L707.4277,510.7656 L707.4277,508.6074 L709.8931,508.6074 L709.8931,500.5308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="107" x="725.5" y="510.0566">TenantPrincipal</text><line style="stroke:#181818;stroke-width:0.5;" x1="697.5" x2="834.5" y1="520.7656" y2="520.7656"/><line style="stroke:#181818;stroke-width:0.5;" x1="697.5" x2="834.5" y1="528.7656" y2="528.7656"/></g><path d="M1122.5,304.7656 L1122.5,313.4209 L1081.5,334.5098 L1122.5,321.4209 L1122.5,330.0762 A0,0 0 0 0 1122.5,330.0762 L1227.5,330.0762 A0,0 0 0 0 1227.5,330.0762 L1227.5,314.7656 L1217.5,304.7656 L1122.5,304.7656 A0,0 0 0 0 1122.5,304.7656 " fill="#FEFFDD" style="stroke:#181818;stroke-width:0.5;"/><path d="M1217.5,304.7656 L1217.5,314.7656 L1227.5,314.7656 L1217.5,304.7656 " fill="#FEFFDD" style="stroke:#181818;stroke-width:0.5;"/><text fill="#000000" font-family="sans-serif" font-size="13" lengthAdjust="spacing" textLength="84" x="1128.5" y="322.334">A set of roles</text><!--MD5=[e2dc22e8225a918eadd77002df418415]
+class java.security.Principal--><g id="elem_java.security.Principal"><rect codeLine="86" fill="#F1F1F1" height="64.4883" id="java.security.Principal" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="128" x="802" y="116.2656"/><ellipse cx="833.65" cy="132.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M829.5777,128.0308 L829.5777,125.8726 L836.9571,125.8726 L836.9571,128.0308 L834.4918,128.0308 L834.4918,136.1074 L836.9571,136.1074 L836.9571,138.2656 L829.5777,138.2656 L829.5777,136.1074 L832.0431,136.1074 L832.0431,128.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="59" x="851.35" y="137.5566">Principal</text><line style="stroke:#181818;stroke-width:0.5;" x1="803" x2="929" y1="148.2656" y2="148.2656"/><line style="stroke:#181818;stroke-width:0.5;" x1="803" x2="929" y1="156.2656" y2="156.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="116" x="808" y="173.8008">getName():String</text></g><!--MD5=[86b30c3e0fe779331a576db045bd0856]
+class SecurityContext--><g id="elem_SecurityContext"><rect codeLine="111" fill="#F1F1F1" height="113.9531" id="SecurityContext" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="313" x="271.5" y="455.7656"/><ellipse cx="369.25" cy="471.7656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M365.1777,467.5308 L365.1777,465.3726 L372.5571,465.3726 L372.5571,467.5308 L370.0918,467.5308 L370.0918,475.6074 L372.5571,475.6074 L372.5571,477.7656 L365.1777,477.7656 L365.1777,475.6074 L367.6431,475.6074 L367.6431,467.5308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="109" x="389.75" y="477.0566">SecurityContext</text><line style="stroke:#181818;stroke-width:0.5;" x1="272.5" x2="583.5" y1="487.7656" y2="487.7656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="192" x="277.5" y="505.3008">val principal: CoSecPrincipal</text><line style="stroke:#181818;stroke-width:0.5;" x1="272.5" x2="583.5" y1="512.2539" y2="512.2539"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="301" x="277.5" y="529.7891">setAttribute(String, Object): SecurityContext</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="157" x="277.5" y="546.2773">getAttribute(String): T?</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="213" x="277.5" y="562.7656">getRequiredAttribute(String): T</text></g><!--MD5=[0851f84a889f989e7bb0bebc385d0f09]
+class Request--><g id="elem_Request"><rect codeLine="120" fill="#F1F1F1" height="146.9297" id="Request" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="214" x="22" y="439.2656"/><ellipse cx="97.25" cy="455.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M93.1777,451.0308 L93.1777,448.8726 L100.5571,448.8726 L100.5571,451.0308 L98.0918,451.0308 L98.0918,459.1074 L100.5571,459.1074 L100.5571,461.2656 L93.1777,461.2656 L93.1777,459.1074 L95.6431,459.1074 L95.6431,451.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="55" x="117.75" y="460.5566">Request</text><line style="stroke:#181818;stroke-width:0.5;" x1="23" x2="235" y1="471.2656" y2="471.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="103" x="28" y="488.8008">val path: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="125" x="28" y="505.2891">val method: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="134" x="28" y="521.7773">val remoteIp: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="113" x="28" y="538.2656">val origin: String</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="119" x="28" y="554.7539">val referer: String</text><line style="stroke:#181818;stroke-width:0.5;" x1="23" x2="235" y1="561.707" y2="561.707"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="202" x="28" y="579.2422">getHeader(key: String): String</text></g><!--MD5=[eaab7d2ddd4405c2c7244fd25dd0c172]
+class AuthorizeResult--><g id="elem_AuthorizeResult"><rect codeLine="131" fill="#F1F1F1" height="80.9766" id="AuthorizeResult" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="173" x="558.5" y="679.2656"/><ellipse cx="587.45" cy="695.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M583.3777,691.0308 L583.3777,688.8726 L590.7571,688.8726 L590.7571,691.0308 L588.2918,691.0308 L588.2918,699.1074 L590.7571,699.1074 L590.7571,701.2656 L583.3777,701.2656 L583.3777,699.1074 L585.8431,699.1074 L585.8431,691.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="110" x="604.55" y="700.5566">AuthorizeResult</text><line style="stroke:#181818;stroke-width:0.5;" x1="559.5" x2="730.5" y1="711.2656" y2="711.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="161" x="564.5" y="728.8008">val authorized: Boolean</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="119" x="564.5" y="745.2891">val reason: String</text><line style="stroke:#181818;stroke-width:0.5;" x1="559.5" x2="730.5" y1="752.2422" y2="752.2422"/></g><!--MD5=[16baea6be49bb9991e615d76903392b3]
+class Authorization--><g id="elem_Authorization"><rect codeLine="135" fill="#F1F1F1" height="64.4883" id="Authorization" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="435" x="88.5" y="687.7656"/><ellipse cx="254.25" cy="703.7656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M250.1777,699.5308 L250.1777,697.3726 L257.5571,697.3726 L257.5571,699.5308 L255.0918,699.5308 L255.0918,707.6074 L257.5571,707.6074 L257.5571,709.7656 L250.1777,709.7656 L250.1777,707.6074 L252.6431,707.6074 L252.6431,699.5308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="95" x="274.75" y="709.0566">Authorization</text><line style="stroke:#181818;stroke-width:0.5;" x1="89.5" x2="522.5" y1="719.7656" y2="719.7656"/><line style="stroke:#181818;stroke-width:0.5;" x1="89.5" x2="522.5" y1="727.7656" y2="727.7656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="423" x="94.5" y="745.3008">authorize(Request,SecurityContext): Mono&lt;AuthorizeResult&gt;</text></g><!--MD5=[63e7a34560323ddebc94de26bb3dfe24]
+class Credentials--><g id="elem_Credentials"><rect codeLine="143" fill="#F1F1F1" height="48" id="Credentials" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="110" x="1385" y="298.2656"/><ellipse cx="1400" cy="314.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M1395.9277,310.0308 L1395.9277,307.8726 L1403.3071,307.8726 L1403.3071,310.0308 L1400.8418,310.0308 L1400.8418,318.1074 L1403.3071,318.1074 L1403.3071,320.2656 L1395.9277,320.2656 L1395.9277,318.1074 L1398.3931,318.1074 L1398.3931,310.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="78" x="1414" y="319.5566">Credentials</text><line style="stroke:#181818;stroke-width:0.5;" x1="1386" x2="1494" y1="330.2656" y2="330.2656"/><line style="stroke:#181818;stroke-width:0.5;" x1="1386" x2="1494" y1="338.2656" y2="338.2656"/></g><!--MD5=[a139e992f8a77546bf37c14edd197f06]
+class Authentication--><g id="elem_Authentication"><rect codeLine="144" fill="#F1F1F1" height="80.9766" id="Authentication" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="312" x="1284" y="472.2656"/><ellipse cx="1299" cy="488.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M1294.9277,484.0308 L1294.9277,481.8726 L1302.3071,481.8726 L1302.3071,484.0308 L1299.8418,484.0308 L1299.8418,492.1074 L1302.3071,492.1074 L1302.3071,494.2656 L1294.9277,494.2656 L1294.9277,492.1074 L1297.3931,492.1074 L1297.3931,484.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="101" x="1313" y="493.5566">Authentication</text><rect fill="#FFFFFF" height="16.1328" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:2.0,2.0;" width="177" x="1422" y="469.2656"/><text fill="#000000" font-family="sans-serif" font-size="12" font-style="italic" lengthAdjust="spacing" textLength="175" x="1423" y="481.8672">C:Credentials,P:CoSecPrincipal</text><line style="stroke:#181818;stroke-width:0.5;" x1="1285" x2="1595" y1="504.2656" y2="504.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="208" x="1290" y="521.8008">supportCredentials: Class&lt;C&gt;</text><line style="stroke:#181818;stroke-width:0.5;" x1="1285" x2="1595" y1="528.7539" y2="528.7539"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="182" x="1290" y="546.2891">authenticate(C): Mono&lt;P&gt;</text></g><!--MD5=[f074fdee743888442a4f97901e556f9c]
+class AuthenticationProvider--><g id="elem_AuthenticationProvider"><rect codeLine="148" fill="#F1F1F1" height="146.9297" id="AuthenticationProvider" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="260" x="1631" y="439.2656"/><ellipse cx="1677.75" cy="455.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M1673.6777,451.0308 L1673.6777,448.8726 L1681.0571,448.8726 L1681.0571,451.0308 L1678.5918,451.0308 L1678.5918,459.1074 L1681.0571,459.1074 L1681.0571,461.2656 L1673.6777,461.2656 L1673.6777,459.1074 L1676.1431,459.1074 L1676.1431,451.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="158" x="1698.25" y="460.5566">AuthenticationProvider</text><line style="stroke:#181818;stroke-width:0.5;" x1="1632" x2="1890" y1="471.2656" y2="471.2656"/><line style="stroke:#181818;stroke-width:0.5;" x1="1632" x2="1890" y1="479.2656" y2="479.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="192" x="1637" y="496.8008">get(Class&lt;Credentials&gt;): A?</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="248" x="1637" y="513.2891">getRequired(Class&lt;Credentials&gt;): A</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="109" x="1637" y="529.7773">register(A): Unit</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="185" x="1637" y="546.2656">register(Class&lt;C&gt;, A): Unit</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="109" x="1637" y="562.7539">register(A): Unit</text><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="248" x="1637" y="579.2422">getRequired(Class&lt;Credentials&gt;): A</text></g><!--MD5=[7c5c88a606935469d5f89b0b5794816c]
+class Named--><g id="elem_Named"><rect codeLine="5" fill="#F1F1F1" height="64.4883" id="Named" rx="2.5" ry="2.5" style="stroke:#181818;stroke-width:0.5;" width="99" x="667.5" y="116.2656"/><ellipse cx="691.05" cy="132.2656" fill="#B4A7E5" rx="11" ry="11" style="stroke:#181818;stroke-width:1.0;"/><path d="M686.9777,128.0308 L686.9777,125.8726 L694.3571,125.8726 L694.3571,128.0308 L691.8918,128.0308 L691.8918,136.1074 L694.3571,136.1074 L694.3571,138.2656 L686.9777,138.2656 L686.9777,136.1074 L689.4431,136.1074 L689.4431,128.0308 Z " fill="#000000"/><text fill="#000000" font-family="sans-serif" font-size="14" font-style="italic" lengthAdjust="spacing" textLength="48" x="706.95" y="137.5566">Named</text><line style="stroke:#181818;stroke-width:0.5;" x1="668.5" x2="765.5" y1="148.2656" y2="148.2656"/><text fill="#000000" font-family="sans-serif" font-size="14" lengthAdjust="spacing" textLength="87" x="673.5" y="165.8008">name: String</text><line style="stroke:#181818;stroke-width:0.5;" x1="668.5" x2="765.5" y1="172.7539" y2="172.7539"/></g><!--MD5=[d3fc1cb30f7bdcc9e19e497f9b6ed3e8]
+link Tenant to TenantCapable--><g id="link_Tenant_TenantCapable"><path codeLine="20" d="M452,220.0456 C452,238.7556 452,276.4156 452,276.4156 " fill="none" id="Tenant-TenantCapable" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="452,207.0956,448,216.0956,452,212.0956,456,216.0956,452,207.0956" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="452" x2="452" y1="212.0956" y2="220.0956"/><polygon fill="#181818" points="452,288.4156,456,282.4156,452,276.4156,448,282.4156,452,288.4156" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[3a61d607afa5f9046415286ff45a7e54]
+reverse link RequestMatcher to ActionMatcher--><g id="link_RequestMatcher_ActionMatcher"><path codeLine="71" d="M2714.62,187.5356 C2692.97,194.5756 2669.95,201.0356 2648,205.2656 C2578.95,218.5756 2395,191.0156 2332,222.2656 C2299.09,238.5956 2274.03,274.2656 2260.17,298.0256 " fill="none" id="RequestMatcher-backto-ActionMatcher" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="2712.25,180.9456,2733.44,181.1456,2716.75,194.2056,2712.25,180.9456" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[bdb7cf9e45c1a2c85396bf792a7d7532]
+reverse link RequestMatcher to ConditionMatcher--><g id="link_RequestMatcher_ConditionMatcher"><path codeLine="72" d="M2833.75,200.2556 C2846.9,232.5756 2863.29,272.8356 2873.45,297.8056 " fill="none" id="RequestMatcher-backto-ConditionMatcher" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="2827.3,202.9756,2826.25,181.8156,2840.27,197.7056,2827.3,202.9756" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[99bd1ab024ee26fc6b7c63d9677fdb72]
+reverse link PermissionVerifier to Statement--><g id="link_PermissionVerifier_Statement"><path codeLine="73" d="M2582.2,372.5456 C2566.83,397.9656 2548.01,429.0756 2532.06,455.4456 " fill="none" id="PermissionVerifier-backto-Statement" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="2576.05,369.1756,2592.39,355.6856,2588.03,376.4256,2576.05,369.1756" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[e4eaaab51f62ef0fd17f62ea5476519c]
+link Effect to Statement--><g id="link_Effect_Statement"><path codeLine="74" d="M2415.51,375.3756 C2428.2,396.3456 2456.9154,443.8402 2456.9154,443.8402 " fill="none" id="Effect-Statement" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="2408.96,364.5356,2410.1936,374.3069,2411.547,368.8143,2417.0396,370.1677,2408.96,364.5356" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="2411.547" x2="2415.685" y1="368.8143" y2="375.6606"/><polygon fill="#181818" points="2463.13,454.1056,2463.4445,446.9014,2456.9154,443.8402,2456.6009,451.0445,2463.13,454.1056" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[421c707edf9dcb67c653879c9588b357]
+link ActionMatcher to Statement--><g id="link_ActionMatcher_Statement"><path codeLine="75" d="M2290.3,355.1656 C2323.45,380.1556 2412.2974,447.1424 2412.2974,447.1424 " fill="none" id="ActionMatcher-Statement" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="2280.37,347.6656,2285.1435,356.2804,2284.3607,350.6779,2289.9632,349.8952,2280.37,347.6656" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="2284.3607" x2="2290.75" y1="350.6779" y2="355.4956"/><polygon fill="#181818" points="2421.88,454.3656,2419.4964,447.5598,2412.2974,447.1424,2414.681,453.9482,2421.88,454.3656" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[04f4abb29adabcf38a547a8eb9430c3b]
+link ConditionMatcher to Statement--><g id="link_ConditionMatcher_Statement"><path codeLine="76" d="M2838.93,354.2456 C2823.48,363.7256 2805.57,373.2256 2788,379.2656 C2732.47,398.3356 2711.55,374.5656 2657,396.2656 C2626.76,408.2956 2570.8164,447.1766 2570.8164,447.1766 " fill="none" id="ConditionMatcher-Statement" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="2849.48,347.5256,2839.7408,348.9911,2845.264,350.2136,2844.0415,355.7367,2849.48,347.5256" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="2845.264" x2="2838.515" y1="350.2136" y2="354.5106"/><polygon fill="#181818" points="2561.33,454.5256,2568.5229,454.0133,2570.8164,447.1766,2563.6235,447.689,2561.33,454.5256" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[e3680ece5eb6e2539ae6dce9363554de]
+link PolicyType to Policy--><g id="link_PolicyType_Policy"><path codeLine="77" d="M2692.47,574.0556 C2682.15,592.6256 2659.0611,634.1276 2659.0611,634.1276 " fill="none" id="PolicyType-Policy" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="2698.68,562.8956,2690.8107,568.8179,2696.2504,567.2656,2697.8027,572.7053,2698.68,562.8956" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="2696.2504" x2="2692.365" y1="567.2656" y2="574.2556"/><polygon fill="#181818" points="2653.23,644.6156,2659.6415,641.3153,2659.0611,634.1276,2652.6495,637.4279,2653.23,644.6156" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[a7b3af78aa4d03cb0e67dc6b5e1b33d1]
+link Statement to Policy--><g id="link_Statement_Policy"><path codeLine="78" d="M2536.21,582.4856 C2545.36,598.9256 2564.9889,634.2532 2564.9889,634.2532 " fill="none" id="Statement-Policy" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="2530.04,571.3756,2530.9173,581.1853,2532.4696,575.7456,2537.9093,577.2979,2530.04,571.3756" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="2532.4696" x2="2536.355" y1="575.7456" y2="582.7356"/><polygon fill="#181818" points="2570.83,644.7356,2571.4036,637.5474,2564.9889,634.2532,2564.4153,641.4415,2570.83,644.7356" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[f6501252c65be42b38a34c7ff3f78362]
+link GMN29 to PolicyEvaluator--><g id="link_GMN29_PolicyEvaluator"><path d="M2284.87,161.1856 C2251.63,173.2556 2202.03,194.1456 2165,222.2656 C2139.92,241.3056 2117.02,268.8556 2101.32,290.0656 " fill="none" id="GMN29-PolicyEvaluator" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/></g><!--MD5=[017c10c76ce2d36bd60f0dc62a4a72a8]
+reverse link java.security.Principal to CoSecPrincipal--><g id="link_java.security.Principal_CoSecPrincipal"><path codeLine="99" d="M837.11,198.9556 C825.11,219.6056 811.12,243.6656 798.74,264.9556 " fill="none" id="java.security.Principal-backto-CoSecPrincipal" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="831.03,195.4956,847.13,181.7256,843.13,202.5256,831.03,195.4956" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[5b5054689bf2020954aca84a99bf32ab]
+reverse link TenantCapable to TenantPrincipal--><g id="link_TenantCapable_TenantPrincipal"><path codeLine="100" d="M539.53,363.3356 C560.02,373.4856 581.54,384.7856 601,396.2656 C649.93,425.1456 703.23,463.8956 735.63,488.3556 " fill="none" id="TenantCapable-backto-TenantPrincipal" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="536.58,369.6856,521.66,354.6456,542.7,357.0956,536.58,369.6856" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[e7f6508ff043c461a5f165263bc71b5b]
+reverse link CoSecPrincipal to TenantPrincipal--><g id="link_CoSecPrincipal_TenantPrincipal"><path codeLine="101" d="M766,400.8456 C766,432.4456 766,466.6256 766,488.5656 " fill="none" id="CoSecPrincipal-backto-TenantPrincipal" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="759,401.0756,766,381.0756,773,401.0756,759,401.0756" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[c7c8313ddc0bad273885a8234da768c1]
+reverse link Named to CoSecPrincipal--><g id="link_Named_CoSecPrincipal"><path codeLine="102" d="M731.7,200.8856 C737.46,221.0856 744.08,244.3256 749.96,264.9556 " fill="none" id="Named-backto-CoSecPrincipal" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="725.04,203.0256,726.29,181.8656,738.5,199.1856,725.04,203.0256" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[903468ed3f54634ff2089a3230707525]
+reverse link RoleCapable to TenantPrincipal--><g id="link_RoleCapable_TenantPrincipal"><path codeLine="103" d="M950.08,367.7856 C901.74,405.5956 834.27,458.3656 795.87,488.3956 " fill="none" id="RoleCapable-backto-TenantPrincipal" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="945.67,362.3456,965.74,355.5356,954.3,373.3756,945.67,362.3456" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[2e9dd4d24c620f4ef4c09958d90dc0d9]
+reverse link PolicyCapable to CoSecPrincipal--><g id="link_PolicyCapable_CoSecPrincipal"><path codeLine="104" d="M1926.06,148.9556 C1679.77,149.4556 1094.52,157.6656 909,222.2656 C881.48,231.8456 854.39,248.2756 831.31,265.0256 " fill="none" id="PolicyCapable-backto-CoSecPrincipal" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="1925.89,141.9556,1945.9,148.9256,1925.9,155.9556,1925.89,141.9556" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[b1a9f71c494fe876e4b85e22ffb61b43]
+reverse link TenantCapable to SecurityContext--><g id="link_TenantCapable_SecurityContext"><path codeLine="117" d="M445.34,375.5556 C442.18,400.3956 438.4,430.1156 435.17,455.4456 " fill="none" id="TenantCapable-backto-SecurityContext" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="none" points="438.38,374.8456,447.85,355.8956,452.26,376.6156,438.38,374.8456" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[0c4cc86a4eab11f0ad45d9e81ff75b78]
+link CoSecPrincipal to SecurityContext--><g id="link_CoSecPrincipal_SecurityContext"><path codeLine="118" d="M655.63,379.6956 C645.24,385.2256 634.9,390.8056 625,396.2656 C595.23,412.6856 563.3,431.0656 534,448.2456 " fill="none" id="CoSecPrincipal-to-SecurityContext" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="522.92,454.7556,530.1194,455.1665,533.2676,448.6789,526.0682,448.268,522.92,454.7556" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[30076c0053eee824d8d2442e12969676]
+reverse link Request to Authorization--><g id="link_Request_Authorization"><path codeLine="138" d="M196.12,591.5056 C224.88,624.8156 256.84,661.8356 278.85,687.3156 " fill="none" id="Request-backto-Authorization" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="192.89,587.7656,195.7481,597.1907,196.1592,591.5488,201.8011,591.9599,192.89,587.7656" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[7ca05d895fd4d3e3cb6ad83c182c7856]
+reverse link SecurityContext to Authorization--><g id="link_SecurityContext_Authorization"><path codeLine="139" d="M391.3,575.4356 C369.32,612.3656 342.31,657.7456 324.65,687.4256 " fill="none" id="SecurityContext-backto-Authorization" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="393.73,571.3556,385.6835,577.0348,391.1681,575.6494,392.5535,581.134,393.73,571.3556" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[6b6dcf69d22c7b7e80e54001a420a613]
+reverse link CoSecPrincipal to Authentication--><g id="link_CoSecPrincipal_Authentication"><path codeLine="156" d="M897.38,376.5256 C901.27,377.5156 905.15,378.4356 909,379.2656 C1054.74,410.6356 1101.21,353.4056 1244,396.2656 C1296.96,412.1656 1350.61,445.2156 1388.36,471.9056 " fill="none" id="CoSecPrincipal-backto-Authentication" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="892.71,375.2856,900.3777,381.4667,897.5416,376.5722,902.4362,373.7361,892.71,375.2856" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[615981591744dbfd257bd758771ab80b]
+reverse link Credentials to Authentication--><g id="link_Credentials_Authentication"><path codeLine="157" d="M1440,352.9056 C1440,384.9456 1440,436.2156 1440,471.8056 " fill="none" id="Credentials-backto-Authentication" style="stroke:#181818;stroke-width:1.0;stroke-dasharray:7.0,7.0;"/><polygon fill="#181818" points="1440,348.2756,1436,357.2756,1440,353.2756,1444,357.2756,1440,348.2756" style="stroke:#181818;stroke-width:1.0;"/></g><!--MD5=[40d5522495084d761aba8f9786b248b8]
+link Authentication to AuthenticationProvider--><g id="link_Authentication_AuthenticationProvider"><path codeLine="158" d="M1610.93,512.7656 C1612.8,512.7656 1617.3,512.7656 1617.3,512.7656 " fill="none" id="Authentication-AuthenticationProvider" style="stroke:#181818;stroke-width:1.0;"/><polygon fill="#181818" points="1597.94,512.7656,1606.94,516.7656,1602.94,512.7656,1606.94,508.7656,1597.94,512.7656" style="stroke:#181818;stroke-width:1.0;"/><line style="stroke:#181818;stroke-width:1.0;" x1="1602.94" x2="1610.94" y1="512.7656" y2="512.7656"/><polygon fill="#181818" points="1629.3,512.7656,1623.3,508.7656,1617.3,512.7656,1623.3,516.7656,1629.3,512.7656" style="stroke:#181818;stroke-width:1.0;"/></g><a href="https://github.com/Ahoo-Wang/CoSec" target="_top" title="https://github.com/Ahoo-Wang/CoSec" xlink:actuate="onRequest" xlink:href="https://github.com/Ahoo-Wang/CoSec" xlink:show="new" xlink:title="https://github.com/Ahoo-Wang/CoSec" xlink:type="simple"><text fill="#808080" font-family="sans-serif" font-size="10" lengthAdjust="spacing" text-decoration="underline" textLength="189" x="1390.5" y="824.9336">https://github.com/Ahoo-Wang/CoSec</text></a><!--MD5=[7795edae75c4d4dfed5a78e91966cc05]
 @startuml
 !include layout.puml
 
@@ -79,7 +79,9 @@ interface Named{
 package tenant{
     interface Tenant {
        val tenantId: String
-       val isPlatform: Boolean
+       val isPlatformTenant: Boolean
+       val isDefaultTenant: Boolean
+       val isUserTenant: Boolean
     }
     interface TenantCapable {
         val tenant: Tenant
@@ -121,6 +123,7 @@ package policy{
         IMPLICIT_DENY
     }
     interface Statement{
+        val name: String
         val effect: Effect
         val actions: Set<ActionMatcher>
         val conditions: Set<ConditionMatcher>
@@ -247,7 +250,9 @@ interface Named{
 package tenant{
     interface Tenant {
        val tenantId: String
-       val isPlatform: Boolean
+       val isPlatformTenant: Boolean
+       val isDefaultTenant: Boolean
+       val isUserTenant: Boolean
     }
     interface TenantCapable {
         val tenant: Tenant
@@ -289,6 +294,7 @@ package policy{
         IMPLICIT_DENY
     }
     interface Statement{
+        val name: String
         val effect: Effect
         val actions: Set<ActionMatcher>
         val conditions: Set<ConditionMatcher>
diff --git a/document/design/uml/modeling.puml b/document/design/uml/modeling.puml
index e7c3a57a..d4268893 100644
--- a/document/design/uml/modeling.puml
+++ b/document/design/uml/modeling.puml
@@ -10,7 +10,9 @@ interface Named{
 package tenant{
     interface Tenant {
        val tenantId: String
-       val isPlatform: Boolean
+       val isPlatformTenant: Boolean
+       val isDefaultTenant: Boolean
+       val isUserTenant: Boolean
     }
     interface TenantCapable {
         val tenant: Tenant
@@ -52,6 +54,7 @@ package policy{
         IMPLICIT_DENY
     }
     interface Statement{
+        val name: String
         val effect: Effect
         val actions: Set<ActionMatcher>
         val conditions: Set<ConditionMatcher>
diff --git a/gradle.properties b/gradle.properties
index 4e447a5c..6939f0bf 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -11,7 +11,7 @@
 # limitations under the License.
 #
 group=me.ahoo.cosec
-version=1.8.8
+version=1.8.9
 description=RBAC-based And Policy-based Multi-Tenant Reactive Security Framework
 website=https://github.com/Ahoo-Wang/CoSec
 issues=https://github.com/Ahoo-Wang/CoSec/issues