- Enclosing class:
- SimpleAuthorizationProviderImpl
protected class SimpleAuthorizationProviderImpl.Decider
extends Object
Chooses what authorization decision to render.
We always require that the user be an administrator, established
(for open-source) by having a Principal with name asadmin.
Beyond that, there are historical requirements for authenticated admin access:
- "External" users (CLI, browser, JMX)
- can perform all actions locally on the DAS
- can perform all actions remotely on the DAS if secure admin has been enabled [1]
- JMX users can perform read-only actions on a non-DAS instance,
remotely if secure admin has been enabled and always locally
- Selected local commands can act locally on the local DAS or local instance
using the local password mechanism (stop-local-instance, for example)
- A server in the same domain can perform all actions in a local or remote server
- A client (typically run in a shell created by the DAS) can perform all actions
on a local or remote DAS if it uses the admin token mechanism to authenticate
[1] Note that any attempted remote access that is not permitted has
already been rejected during authentication.
For enforcing read-only access we assume that any action other than the literal "read"
makes some change in the system.