Class AccessRequired.AccessCheck<T>
- java.lang.Object
-
- org.glassfish.api.admin.AccessRequired.AccessCheck<T>
-
- Enclosing class:
- AccessRequired
public static class AccessRequired.AccessCheck<T> extends Object
Represents an authorization check: a resource and an action to be authorized on that resource.Note that the resource can be identified in one of several ways:
- with the resource name
- with a resource
ConfigBean
- with a
ConfigBean
parent and a child type
Secure admin submits each
AccessCheck
to the authorization service separately and records the result asisSuccessful
which can be retrieved by commands that prepare their own access checks.A command which prepares its own access checks can also indicate if a failure of the access check should or should not be fatal to the overall authorization operation. This is useful, for example, in attempting to list all tenants. The command could prepare an
AccessCheck
for each tenant of interest, marking each as non-fatal. Because secure admin records the success of each access check, the "list tenantexecute
command can check each of its customAccessCheck
s and report on only those accounts whose access checks succeeded.Often, commands which prepare their own access checks need to associate an object of some type with the access check. As a convenience such classes can optionally pass the related object to one of the constructors which accepts it and then retrieve it later. This helps avoid having to extend AccessCheck as a private inner class in a command so as to link a given AccessCheck with a given object of interest in the command.
-
-
Constructor Summary
Constructors Constructor Description AccessCheck(String resourceName, String action)
Creates a newAccessCheck
.AccessCheck(String resourceName, String action, boolean isFailureFinal)
Creates a newAccessCheck
.AccessCheck(String resourceName, String action, String note)
Creates a newAccessCheck
.AccessCheck(String resourceName, String action, String note, boolean isFailureFinal)
Creates a newAccessCheck
.AccessCheck(ConfigBeanProxy parent, Class<? extends ConfigBeanProxy> childType, String action)
Creates a newAccessCheck
.AccessCheck(ConfigBeanProxy parent, Class<? extends ConfigBeanProxy> childType, String action, boolean isFailureFinal)
Creates a newAccessCheck
.AccessCheck(ConfigBeanProxy parent, Class<? extends ConfigBeanProxy> childType, String childName, String action)
Creates a newAccessCheck
(typically for an existing target child)AccessCheck(ConfigBeanProxy parent, Class<? extends ConfigBeanProxy> childType, String action, String note, boolean isFailureFinal)
Creates a newAccessCheck
.AccessCheck(ConfigBeanProxy parent, Class<? extends ConfigBeanProxy> childType, String childName, String action, String note, boolean isFailureFinal)
AccessCheck(ConfigBeanProxy resource, String action, boolean isFailureFatal)
Creates a newAccessCheck
.AccessCheck(T relatedObject, String resourceName, String action, boolean isFailureFinal)
Creates a newAccessCheck
with the specified related object.AccessCheck(T relatedObject, String resourceName, String action, String note, boolean isFailureFinal)
Creates a new AccessCheck object linked with a given related object that is of interest to the caller (typically a command).
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description String
action()
Returns the action for the access check.Class<? extends ConfigBeanProxy>
childType()
Returns the type of the child to be added as part of a create-style operation, as set when the access check was created.boolean
isFailureFinal()
Returns whether a failure of this access check would automatically trigger a failure of the entire authorization operation of which it is a part.boolean
isSuccessful()
Returns whether the access check succeeded.String
note()
Returns the note associated with the access check.ConfigBeanProxy
parent()
Returns the parent config bean to which a child was to be added.T
relatedObject()
static <U> Collection<U>
relatedObjects(Collection<AccessRequired.AccessCheck<U>> accessChecks)
Returns an immutable collection of the related objects associated with all of the specified access checks provided that the associated access check was successful.static <U> Collection<U>
relatedObjects(Collection<AccessRequired.AccessCheck<U>> accessChecks, boolean successfulOnly)
Returns an immutable collection of the related objects associated with all of the specified access checks, regardless of whether the access was granted for each.ConfigBeanProxy
resource()
Returns the config bean to be acted uponString
resourceName()
Returns the resource name, if any was set when the access check was created.void
setSuccessful(boolean passed)
Invoked by secure admin to record the result of performing the access check; command developers should not typically use this method themselves.String
toString()
Formats the access check as a human-friendly string.
-
-
-
Constructor Detail
-
AccessCheck
public AccessCheck(T relatedObject, String resourceName, String action, String note, boolean isFailureFinal)
Creates a new AccessCheck object linked with a given related object that is of interest to the caller (typically a command).- Parameters:
relatedObject
- the related object to which this AccessCheck is linkedresourceName
- the resource being acted uponaction
- the action performed on the resourcenote
- a note related to this resource/action pairisFailureFinal
- if a failure of this AccessCheck should cause the entire authorization to fail
-
AccessCheck
public AccessCheck(String resourceName, String action, String note, boolean isFailureFinal)
Creates a newAccessCheck
.- Parameters:
resourceName
- the resource to be checkedaction
- the action on the resourcenote
- descriptive note about the access check; used during loggingisFailureFinal
- whether a failure of this access check should cause the entire authorization to fail
-
AccessCheck
public AccessCheck(String resourceName, String action, String note)
Creates a newAccessCheck
.- Parameters:
resourceName
- the name of the resource to be checkedaction
- the action on the resourcenote
- descriptive note about the access check; used during logging
-
AccessCheck
public AccessCheck(String resourceName, String action, boolean isFailureFinal)
Creates a newAccessCheck
.- Parameters:
resourceName
- the name of the resource to be checkedaction
- the action on the resourceisFailureFinal
- whether a failure of this access check should force a failure of the entire authorization operation
-
AccessCheck
public AccessCheck(T relatedObject, String resourceName, String action, boolean isFailureFinal)
Creates a newAccessCheck
with the specified related object.- Parameters:
relatedObject
- an object the commmand wants to associate with this AccessCheckresourceName
- the resource to be checkedaction
- the action on the resourceisFailureFinal
- whether a failure of this access check should force a failure of the entire authorization
-
AccessCheck
public AccessCheck(ConfigBeanProxy resource, String action, boolean isFailureFatal)
Creates a newAccessCheck
.- Parameters:
resource
- the config bean that is the resource to checkaction
- the action on the resourceisFailureFatal
- whether a failure of this access check should force a failure of the entire authorization operation
-
AccessCheck
public AccessCheck(String resourceName, String action)
Creates a newAccessCheck
.- Parameters:
resourceName
- the resource to be checkedaction
- the action on the resource
-
AccessCheck
public AccessCheck(ConfigBeanProxy parent, Class<? extends ConfigBeanProxy> childType, String action, String note, boolean isFailureFinal)
Creates a newAccessCheck
.- Parameters:
parent
- the config bean of the parent resource to which a child is to be addedchildType
- the type of the child to be addedaction
- the action on the resource (typically "create")note
- descriptive note about the access check; used during loggingisFailureFinal
- whether a failure of this access check should force a failure of the entire authorization operation
-
AccessCheck
public AccessCheck(ConfigBeanProxy parent, Class<? extends ConfigBeanProxy> childType, String childName, String action, String note, boolean isFailureFinal)
-
AccessCheck
public AccessCheck(ConfigBeanProxy parent, Class<? extends ConfigBeanProxy> childType, String action, boolean isFailureFinal)
Creates a newAccessCheck
.- Parameters:
parent
- the config bean of the parent resource to which a child is to be addedchildType
- the type of the child to be addedaction
- the action on the resource (typically "create")isFailureFinal
- whether a failure of this access check should force a failure of the entire authorization operation
-
AccessCheck
public AccessCheck(ConfigBeanProxy parent, Class<? extends ConfigBeanProxy> childType, String action)
Creates a newAccessCheck
.- Parameters:
parent
- the config bean of the parent resource to which a child is to be addedchildType
- the type of the child to be addedaction
- the action on the resource (typically "create")
-
AccessCheck
public AccessCheck(ConfigBeanProxy parent, Class<? extends ConfigBeanProxy> childType, String childName, String action)
Creates a newAccessCheck
(typically for an existing target child)- Parameters:
parent
- the parent of the config bean to be accessedchildType
- the type of the child config beanchildName
- the name of the child config beanaction
- the action on the resource
-
-
Method Detail
-
relatedObjects
public static <U> Collection<U> relatedObjects(Collection<AccessRequired.AccessCheck<U>> accessChecks)
Returns an immutable collection of the related objects associated with all of the specified access checks provided that the associated access check was successful.- Type Parameters:
U
-- Parameters:
accessChecks
- the collection of access checks (with related objects) to process- Returns:
-
relatedObjects
public static <U> Collection<U> relatedObjects(Collection<AccessRequired.AccessCheck<U>> accessChecks, boolean successfulOnly)
Returns an immutable collection of the related objects associated with all of the specified access checks, regardless of whether the access was granted for each.- Type Parameters:
U
-- Parameters:
accessChecks
- the collection of access checks (with related objects) to processsuccessfulOnly
- whether to return the related objects for only the successful checks or for all checks- Returns:
-
relatedObject
public T relatedObject()
-
resourceName
public String resourceName()
Returns the resource name, if any was set when the access check was created.- Returns:
-
action
public String action()
Returns the action for the access check.- Returns:
-
childType
public Class<? extends ConfigBeanProxy> childType()
Returns the type of the child to be added as part of a create-style operation, as set when the access check was created.- Returns:
-
parent
public ConfigBeanProxy parent()
Returns the parent config bean to which a child was to be added.- Returns:
-
note
public String note()
Returns the note associated with the access check.- Returns:
-
resource
public ConfigBeanProxy resource()
Returns the config bean to be acted upon- Returns:
-
isFailureFinal
public boolean isFailureFinal()
Returns whether a failure of this access check would automatically trigger a failure of the entire authorization operation of which it is a part.- Returns:
-
setSuccessful
public void setSuccessful(boolean passed)
Invoked by secure admin to record the result of performing the access check; command developers should not typically use this method themselves.- Parameters:
passed
-
-
isSuccessful
public boolean isSuccessful()
Returns whether the access check succeeded.- Returns:
-
-