Package org.glassfish.api.admin
Annotation Interface AccessRequired
Allows command developers to declare what resources are affected by the command and what actions must be authorized
on each to allow the command to execute.
Use any or all of the following to control authorization:
- Use the
@AccessRequired
annotation at the class level to declare a resource name and action to be enforced; use@AccessRequired.List
to declare more than one combination of resources and actions. - Use the
@AccessRequired.To
annotation on a field that is a ConfigBean to declare one or more actions to be enforced on the resource derived from that config bean. - Have the command class implement
@AccessRequired.Authorizer
which prescribes theisAuthorized
method that will make authorization decisions internally, without help from the command framework.
@AccessRequired
annotations and subannotations and make sure all of them
pass before allowing the command to proceed.- Author:
- tjquinn
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
Represents an authorization check: a resource and an action to be authorized on that resource.static @interface
static @interface
Declares multiple class-level@AccessRequired
authorization steps, typically each identifying different resources and/or different actionsstatic @interface
Declares access control for creating a new childConfigBean
in a collection on an existingConfigBean
.static @interface
Declares access control on an existing, non-nullConfigBean
.static class
Utility methods used both from AccessCheck and from CommandSecurityChecker. -
Required Element Summary
-
Element Details
-
resource
String[] resourceName(s) of the resource(s) to which access should be checked. The name string can contain one or more tokens of the form ${fieldName} where "fieldName" is a field on the same command class (or a superclass) that contains a non-null value. If the referenced field is a ConfigBean then at runtime the resource name of that ConfigBean replaces the token. Otherwise the field'stoString()
return value replaces the token. -
action
String[] actionOne or more actions to authorize against the named resource.
-