Package org.glassfish.api.admin

Class AccessRequired.AccessCheck<T>

java.lang.Object
org.glassfish.api.admin.AccessRequired.AccessCheck<T>
Enclosing class:
AccessRequired
public static class AccessRequired.AccessCheck<T> extends Object
Represents an authorization check: a resource and an action to be authorized on that resource.

Note that the resource can be identified in one of several ways:

  • with the resource name
  • with a resource ConfigBean
  • with a ConfigBean parent and a child type

Secure admin submits each AccessCheck to the authorization service separately and records the result as isSuccessful which can be retrieved by commands that prepare their own access checks.

A command which prepares its own access checks can also indicate if a failure of the access check should or should not be fatal to the overall authorization operation. This is useful, for example, in attempting to list all tenants. The command could prepare an AccessCheck for each tenant of interest, marking each as non-fatal. Because secure admin records the success of each access check, the "list tenant execute command can check each of its custom AccessChecks and report on only those accounts whose access checks succeeded.

Often, commands which prepare their own access checks need to associate an object of some type with the access check. As a convenience such classes can optionally pass the related object to one of the constructors which accepts it and then retrieve it later. This helps avoid having to extend AccessCheck as a private inner class in a command so as to link a given AccessCheck with a given object of interest in the command.

  • Constructor Summary

    Constructors
    Constructor
    Description
    AccessCheck(String resourceName, String action)
    Creates a new AccessCheck.
    AccessCheck(String resourceName, String action, boolean isFailureFinal)
    Creates a new AccessCheck.
    AccessCheck(String resourceName, String action, String note)
    Creates a new AccessCheck.
    AccessCheck(String resourceName, String action, String note, boolean isFailureFinal)
    Creates a new AccessCheck.
    AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String action)
    Creates a new AccessCheck.
    AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String action, boolean isFailureFinal)
    Creates a new AccessCheck.
    AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String childName, String action)
    Creates a new AccessCheck (typically for an existing target child)
    AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String action, String note, boolean isFailureFinal)
    Creates a new AccessCheck.
    AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String childName, String action, String note, boolean isFailureFinal)
     
    AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy resource, String action, boolean isFailureFatal)
    Creates a new AccessCheck.
    AccessCheck(T relatedObject, String resourceName, String action, boolean isFailureFinal)
    Creates a new AccessCheck with the specified related object.
    AccessCheck(T relatedObject, String resourceName, String action, String note, boolean isFailureFinal)
    Creates a new AccessCheck object linked with a given related object that is of interest to the caller (typically a command).

  • Method Summary

    Modifier and Type
    Method
    Description
    String
    action()
    Returns the action for the access check.
    Class<? extends org.jvnet.hk2.config.ConfigBeanProxy>
    childType()
    Returns the type of the child to be added as part of a create-style operation, as set when the access check was created.
    boolean
    isFailureFinal()
    Returns whether a failure of this access check would automatically trigger a failure of the entire authorization operation of which it is a part.
    boolean
    isSuccessful()
    Returns whether the access check succeeded.
    String
    note()
    Returns the note associated with the access check.
    org.jvnet.hk2.config.ConfigBeanProxy
    parent()
    Returns the parent config bean to which a child was to be added.
    T
    relatedObject()
     
    static <U> Collection<U>
    relatedObjects(Collection<AccessRequired.AccessCheck<U>> accessChecks)
    Returns an immutable collection of the related objects associated with all of the specified access checks provided that the associated access check was successful.
    static <U> Collection<U>
    relatedObjects(Collection<AccessRequired.AccessCheck<U>> accessChecks, boolean successfulOnly)
    Returns an immutable collection of the related objects associated with all of the specified access checks, regardless of whether the access was granted for each.
    org.jvnet.hk2.config.ConfigBeanProxy
    resource()
    Returns the config bean to be acted upon
    String
    resourceName()
    Returns the resource name, if any was set when the access check was created.
    void
    setSuccessful(boolean passed)
    Invoked by secure admin to record the result of performing the access check; command developers should not typically use this method themselves.
    String
    toString()
    Formats the access check as a human-friendly string.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

  • Constructor Details

    • AccessCheck

      public AccessCheck(T relatedObject, String resourceName, String action, String note, boolean isFailureFinal)
      Creates a new AccessCheck object linked with a given related object that is of interest to the caller (typically a command).
      Parameters:
      relatedObject - the related object to which this AccessCheck is linked
      resourceName - the resource being acted upon
      action - the action performed on the resource
      note - a note related to this resource/action pair
      isFailureFinal - if a failure of this AccessCheck should cause the entire authorization to fail

    • AccessCheck

      public AccessCheck(String resourceName, String action, String note, boolean isFailureFinal)
      Creates a new AccessCheck.
      Parameters:
      resourceName - the resource to be checked
      action - the action on the resource
      note - descriptive note about the access check; used during logging
      isFailureFinal - whether a failure of this access check should cause the entire authorization to fail

    • AccessCheck

      public AccessCheck(String resourceName, String action, String note)
      Creates a new AccessCheck.
      Parameters:
      resourceName - the name of the resource to be checked
      action - the action on the resource
      note - descriptive note about the access check; used during logging

    • AccessCheck

      public AccessCheck(String resourceName, String action, boolean isFailureFinal)
      Creates a new AccessCheck.
      Parameters:
      resourceName - the name of the resource to be checked
      action - the action on the resource
      isFailureFinal - whether a failure of this access check should force a failure of the entire authorization operation

    • AccessCheck

      public AccessCheck(T relatedObject, String resourceName, String action, boolean isFailureFinal)
      Creates a new AccessCheck with the specified related object.
      Parameters:
      relatedObject - an object the commmand wants to associate with this AccessCheck
      resourceName - the resource to be checked
      action - the action on the resource
      isFailureFinal - whether a failure of this access check should force a failure of the entire authorization

    • AccessCheck

      public AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy resource, String action, boolean isFailureFatal)
      Creates a new AccessCheck.
      Parameters:
      resource - the config bean that is the resource to check
      action - the action on the resource
      isFailureFatal - whether a failure of this access check should force a failure of the entire authorization operation

    • AccessCheck

      public AccessCheck(String resourceName, String action)
      Creates a new AccessCheck.
      Parameters:
      resourceName - the resource to be checked
      action - the action on the resource

    • AccessCheck

      public AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String action, String note, boolean isFailureFinal)
      Creates a new AccessCheck.
      Parameters:
      parent - the config bean of the parent resource to which a child is to be added
      childType - the type of the child to be added
      action - the action on the resource (typically "create")
      note - descriptive note about the access check; used during logging
      isFailureFinal - whether a failure of this access check should force a failure of the entire authorization operation

    • AccessCheck

      public AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String childName, String action, String note, boolean isFailureFinal)

    • AccessCheck

      public AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String action, boolean isFailureFinal)
      Creates a new AccessCheck.
      Parameters:
      parent - the config bean of the parent resource to which a child is to be added
      childType - the type of the child to be added
      action - the action on the resource (typically "create")
      isFailureFinal - whether a failure of this access check should force a failure of the entire authorization operation

    • AccessCheck

      public AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String action)
      Creates a new AccessCheck.
      Parameters:
      parent - the config bean of the parent resource to which a child is to be added
      childType - the type of the child to be added
      action - the action on the resource (typically "create")

    • AccessCheck

      public AccessCheck(org.jvnet.hk2.config.ConfigBeanProxy parent, Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType, String childName, String action)
      Creates a new AccessCheck (typically for an existing target child)
      Parameters:
      parent - the parent of the config bean to be accessed
      childType - the type of the child config bean
      childName - the name of the child config bean
      action - the action on the resource

  • Method Details

    • relatedObjects

      public static <U> Collection<U> relatedObjects(Collection<AccessRequired.AccessCheck<U>> accessChecks)
      Returns an immutable collection of the related objects associated with all of the specified access checks provided that the associated access check was successful.
      Type Parameters:
      U -
      Parameters:
      accessChecks - the collection of access checks (with related objects) to process
      Returns:

    • relatedObjects

      public static <U> Collection<U> relatedObjects(Collection<AccessRequired.AccessCheck<U>> accessChecks, boolean successfulOnly)
      Returns an immutable collection of the related objects associated with all of the specified access checks, regardless of whether the access was granted for each.
      Type Parameters:
      U -
      Parameters:
      accessChecks - the collection of access checks (with related objects) to process
      successfulOnly - whether to return the related objects for only the successful checks or for all checks
      Returns:

    • relatedObject

      public T relatedObject()

    • resourceName

      public String resourceName()
      Returns the resource name, if any was set when the access check was created.
      Returns:

    • action

      public String action()
      Returns the action for the access check.
      Returns:

    • childType

      public Class<? extends org.jvnet.hk2.config.ConfigBeanProxy> childType()
      Returns the type of the child to be added as part of a create-style operation, as set when the access check was created.
      Returns:

    • parent

      public org.jvnet.hk2.config.ConfigBeanProxy parent()
      Returns the parent config bean to which a child was to be added.
      Returns:

    • note

      public String note()
      Returns the note associated with the access check.
      Returns:

    • resource

      public org.jvnet.hk2.config.ConfigBeanProxy resource()
      Returns the config bean to be acted upon
      Returns:

    • isFailureFinal

      public boolean isFailureFinal()
      Returns whether a failure of this access check would automatically trigger a failure of the entire authorization operation of which it is a part.
      Returns:

    • setSuccessful

      public void setSuccessful(boolean passed)
      Invoked by secure admin to record the result of performing the access check; command developers should not typically use this method themselves.
      Parameters:
      passed -

    • isSuccessful

      public boolean isSuccessful()
      Returns whether the access check succeeded.
      Returns:

    • toString

      public String toString()
      Formats the access check as a human-friendly string.
      Overrides:
      toString in class Object
      Returns: