Class AccessRequired.AccessCheck<T>
- Enclosing class:
- AccessRequired
Note that the resource can be identified in one of several ways:
- with the resource name
- with a resource
ConfigBean
- with a
ConfigBean
parent and a child type
Secure admin submits each AccessCheck
to the authorization service separately and records the result as
isSuccessful
which can be retrieved by commands that prepare their own access checks.
A command which prepares its own access checks can also indicate if a failure of the access check should or should
not be fatal to the overall authorization operation. This is useful, for example, in attempting to list all tenants.
The command could prepare an AccessCheck
for each tenant of interest, marking each as non-fatal. Because
secure admin records the success of each access check, the "list tenant execute
command can check each of its
custom AccessCheck
s and report on only those accounts whose access checks succeeded.
Often, commands which prepare their own access checks need to associate an object of some type with the access check. As a convenience such classes can optionally pass the related object to one of the constructors which accepts it and then retrieve it later. This helps avoid having to extend AccessCheck as a private inner class in a command so as to link a given AccessCheck with a given object of interest in the command.
-
Constructor Summary
ConstructorDescriptionAccessCheck
(String resourceName, String action) Creates a newAccessCheck
.AccessCheck
(String resourceName, String action, boolean isFailureFinal) Creates a newAccessCheck
.AccessCheck
(String resourceName, String action, String note) Creates a newAccessCheck
.AccessCheck
(String resourceName, String action, String note, boolean isFailureFinal) Creates a newAccessCheck
.AccessCheck
(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String action) Creates a newAccessCheck
.AccessCheck
(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String action, boolean isFailureFinal) Creates a newAccessCheck
.AccessCheck
(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String childName, String action) Creates a newAccessCheck
(typically for an existing target child)AccessCheck
(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String action, String note, boolean isFailureFinal) Creates a newAccessCheck
.AccessCheck
(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String childName, String action, String note, boolean isFailureFinal) AccessCheck
(org.jvnet.hk2.config.ConfigBeanProxy resource, String action, boolean isFailureFatal) Creates a newAccessCheck
.AccessCheck
(T relatedObject, String resourceName, String action, boolean isFailureFinal) Creates a newAccessCheck
with the specified related object.AccessCheck
(T relatedObject, String resourceName, String action, String note, boolean isFailureFinal) Creates a new AccessCheck object linked with a given related object that is of interest to the caller (typically a command). -
Method Summary
Modifier and TypeMethodDescriptionaction()
Returns the action for the access check.Class<? extends org.jvnet.hk2.config.ConfigBeanProxy>
Returns the type of the child to be added as part of a create-style operation, as set when the access check was created.boolean
Returns whether a failure of this access check would automatically trigger a failure of the entire authorization operation of which it is a part.boolean
Returns whether the access check succeeded.note()
Returns the note associated with the access check.org.jvnet.hk2.config.ConfigBeanProxy
parent()
Returns the parent config bean to which a child was to be added.static <U> Collection<U>
relatedObjects
(Collection<AccessRequired.AccessCheck<U>> accessChecks) Returns an immutable collection of the related objects associated with all of the specified access checks provided that the associated access check was successful.static <U> Collection<U>
relatedObjects
(Collection<AccessRequired.AccessCheck<U>> accessChecks, boolean successfulOnly) Returns an immutable collection of the related objects associated with all of the specified access checks, regardless of whether the access was granted for each.org.jvnet.hk2.config.ConfigBeanProxy
resource()
Returns the config bean to be acted uponReturns the resource name, if any was set when the access check was created.void
setSuccessful
(boolean passed) Invoked by secure admin to record the result of performing the access check; command developers should not typically use this method themselves.toString()
Formats the access check as a human-friendly string.
-
Constructor Details
-
AccessCheck
public AccessCheck(T relatedObject, String resourceName, String action, String note, boolean isFailureFinal) Creates a new AccessCheck object linked with a given related object that is of interest to the caller (typically a command).- Parameters:
relatedObject
- the related object to which this AccessCheck is linkedresourceName
- the resource being acted uponaction
- the action performed on the resourcenote
- a note related to this resource/action pairisFailureFinal
- if a failure of this AccessCheck should cause the entire authorization to fail
-
AccessCheck
Creates a newAccessCheck
.- Parameters:
resourceName
- the resource to be checkedaction
- the action on the resourcenote
- descriptive note about the access check; used during loggingisFailureFinal
- whether a failure of this access check should cause the entire authorization to fail
-
AccessCheck
Creates a newAccessCheck
.- Parameters:
resourceName
- the name of the resource to be checkedaction
- the action on the resourcenote
- descriptive note about the access check; used during logging
-
AccessCheck
Creates a newAccessCheck
.- Parameters:
resourceName
- the name of the resource to be checkedaction
- the action on the resourceisFailureFinal
- whether a failure of this access check should force a failure of the entire authorization operation
-
AccessCheck
Creates a newAccessCheck
with the specified related object.- Parameters:
relatedObject
- an object the commmand wants to associate with this AccessCheckresourceName
- the resource to be checkedaction
- the action on the resourceisFailureFinal
- whether a failure of this access check should force a failure of the entire authorization
-
AccessCheck
public AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy resource, String action, boolean isFailureFatal) Creates a newAccessCheck
.- Parameters:
resource
- the config bean that is the resource to checkaction
- the action on the resourceisFailureFatal
- whether a failure of this access check should force a failure of the entire authorization operation
-
AccessCheck
Creates a newAccessCheck
.- Parameters:
resourceName
- the resource to be checkedaction
- the action on the resource
-
AccessCheck
public AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String action, String note, boolean isFailureFinal) Creates a newAccessCheck
.- Parameters:
parent
- the config bean of the parent resource to which a child is to be addedchildType
- the type of the child to be addedaction
- the action on the resource (typically "create")note
- descriptive note about the access check; used during loggingisFailureFinal
- whether a failure of this access check should force a failure of the entire authorization operation
-
AccessCheck
-
AccessCheck
public AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String action, boolean isFailureFinal) Creates a newAccessCheck
.- Parameters:
parent
- the config bean of the parent resource to which a child is to be addedchildType
- the type of the child to be addedaction
- the action on the resource (typically "create")isFailureFinal
- whether a failure of this access check should force a failure of the entire authorization operation
-
AccessCheck
public AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String action) Creates a newAccessCheck
.- Parameters:
parent
- the config bean of the parent resource to which a child is to be addedchildType
- the type of the child to be addedaction
- the action on the resource (typically "create")
-
AccessCheck
public AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String childName, String action) Creates a newAccessCheck
(typically for an existing target child)- Parameters:
parent
- the parent of the config bean to be accessedchildType
- the type of the child config beanchildName
- the name of the child config beanaction
- the action on the resource
-
-
Method Details
-
resourceName
Returns the resource name, if any was set when the access check was created.- Returns:
-
action
Returns the action for the access check.- Returns:
-
childType
Returns the type of the child to be added as part of a create-style operation, as set when the access check was created.- Returns:
-
parent
public org.jvnet.hk2.config.ConfigBeanProxy parent()Returns the parent config bean to which a child was to be added.- Returns:
-
note
Returns the note associated with the access check.- Returns:
-
resource
public org.jvnet.hk2.config.ConfigBeanProxy resource()Returns the config bean to be acted upon- Returns:
-
isFailureFinal
public boolean isFailureFinal()Returns whether a failure of this access check would automatically trigger a failure of the entire authorization operation of which it is a part.- Returns:
-
setSuccessful
public void setSuccessful(boolean passed) Invoked by secure admin to record the result of performing the access check; command developers should not typically use this method themselves.- Parameters:
passed
-
-
isSuccessful
public boolean isSuccessful()Returns whether the access check succeeded.- Returns:
-
toString
Formats the access check as a human-friendly string.