Package org.glassfish.api.admin

Annotation Interface AccessRequired

@Target(TYPE) @Retention(RUNTIME) public @interface AccessRequired
Allows command developers to declare what resources are affected by the command and what actions must be authorized on each to allow the command to execute.

Use any or all of the following to control authorization:

  • Use the @AccessRequired annotation at the class level to declare a resource name and action to be enforced; use @AccessRequired.List to declare more than one combination of resources and actions.
  • Use the @AccessRequired.To annotation on a field that is a ConfigBean to declare one or more actions to be enforced on the resource derived from that config bean.
  • Have the command class implement @AccessRequired.Authorizer which prescribes the isAuthorized method that will make authorization decisions internally, without help from the command framework.
The command processor will find all @AccessRequired annotations and subannotations and make sure all of them pass before allowing the command to proceed.
Author:
tjquinn

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static class 
    AccessRequired.AccessCheck<T>
    Represents an authorization check: a resource and an action to be authorized on that resource.
    static @interface 
    AccessRequired.Delegate
     
    static @interface 
    AccessRequired.List
    Declares multiple class-level @AccessRequired authorization steps, typically each identifying different resources and/or different actions
    static @interface 
    AccessRequired.NewChild
    Declares access control for creating a new child ConfigBean in a collection on an existing ConfigBean.
    static @interface 
    AccessRequired.To
    Declares access control on an existing, non-null ConfigBean.
    static class 
    AccessRequired.Util
    Utility methods used both from AccessCheck and from CommandSecurityChecker.

  • Required Element Summary

    Required Elements
    Modifier and Type
    Required Element
    Description
    String[]
    action
    One or more actions to authorize against the named resource.
    String[]
    resource
    Name(s) of the resource(s) to which access should be checked.

  • Element Details

    • resource

      String[] resource
      Name(s) of the resource(s) to which access should be checked. The name string can contain one or more tokens of the form ${fieldName} where "fieldName" is a field on the same command class (or a superclass) that contains a non-null value. If the referenced field is a ConfigBean then at runtime the resource name of that ConfigBean replaces the token. Otherwise the field's toString() return value replaces the token.

    • action

      String[] action
      One or more actions to authorize against the named resource.