Package com.sun.enterprise.admin.util
Class CommandSecurityChecker
- java.lang.Object
-
- com.sun.enterprise.admin.util.CommandSecurityChecker
-
- All Implemented Interfaces:
org.glassfish.hk2.api.PostConstruct
@Service @Singleton public class CommandSecurityChecker extends Object implements org.glassfish.hk2.api.PostConstruct
Utility class which checks if the Subject is allowed to execute the specified command.The processing includes
AccessRequired
} annotations, CRUD commands,RestEndpoint
annotations, and if the command class implementsAdminCommandSecurity.AccessCheckProvider
it also invokes the correspondinggetAccessChecks
method. To succeed the overall authorization all access checks - whether inferred from annotations or returned fromgetAccessChecks
- for whichisFailureFatal
is true must pass.- Author:
- tjquinn
-
-
Constructor Summary
Constructors Constructor Description CommandSecurityChecker()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
authorize(Subject subject, Map<String,Object> env, AdminCommand command, AdminCommandContext adminCommandContext)
Reports whether the Subject is allowed to perform the specified admin command.Collection<? extends AccessRequired.AccessCheck>
getAccessChecks(AdminCommand command, Subject subject)
Returns all AccessCheck objects which apply to the specified command.void
postConstruct()
-
-
-
Method Detail
-
postConstruct
public void postConstruct()
- Specified by:
postConstruct
in interfaceorg.glassfish.hk2.api.PostConstruct
-
authorize
public boolean authorize(Subject subject, Map<String,Object> env, AdminCommand command, AdminCommandContext adminCommandContext) throws SecurityException
Reports whether the Subject is allowed to perform the specified admin command.- Parameters:
subject
- Subject for the current user to authorizeenv
- environmental settings that might be used in the resource name expressioncommand
- the admin command the Subject wants to execute- Returns:
- Throws:
SecurityException
-
getAccessChecks
public Collection<? extends AccessRequired.AccessCheck> getAccessChecks(AdminCommand command, Subject subject) throws NoSuchFieldException, IllegalArgumentException, IllegalAccessException
Returns all AccessCheck objects which apply to the specified command.- Parameters:
command
- the AdminCommand for which the AccessChecks are neededsubject
- the Subject resulting from successful authentication- Returns:
- the AccessChecks resulting from analyzing the command
- Throws:
NoSuchFieldException
IllegalArgumentException
IllegalAccessException
-
-