Package org.jboss.as.controller.access
Interface Authorizer
-
- All Known Subinterfaces:
CustomAuthorizer,JmxAuthorizer
- All Known Implementing Classes:
DelegatingConfigurableAuthorizer,ManagementPermissionAuthorizer,StandardRBACAuthorizer
public interface AuthorizerInterface exposed by the enforcement point in a WildFly access control system.- Author:
- Brian Stansberry (c) 2013 Red Hat Inc.
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static interfaceAuthorizer.AuthorizerDescriptionDescription of standard information about the custom authorizer.
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description AuthorizationResultauthorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute target)Authorize a management operation affecting an individual attribute.AuthorizationResultauthorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource target)Authorize a management operation affecting an entire resource.AuthorizationResultauthorizeJmxOperation(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)Authorize a JMX operation.Set<String>getCallerRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> runAsRoles)Gets the set of roles the caller can run as taking into account any requested 'run as' roles.Authorizer.AuthorizerDescriptiongetDescription()Gets a description of the characteristics of this authorizer
-
-
-
Method Detail
-
getDescription
Authorizer.AuthorizerDescription getDescription()
Gets a description of the characteristics of this authorizer- Returns:
- the description. Cannot be
null
-
authorize
AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute target)
Authorize a management operation affecting an individual attribute.- Parameters:
identity- the caller identity. Cannot benullcallEnvironment- the call environment. Cannot benullaction- the action being authorized. Cannot benulltarget- the target of the action. Cannot benull- Returns:
- the authorization result. Will not be
null
-
authorize
AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource target)
Authorize a management operation affecting an entire resource.- Parameters:
identity- the identity. Cannot benullcallEnvironment- the call environment. Cannot benullaction- the action being authorized. Cannot benulltarget- the target of the action. Cannot benull- Returns:
- the authorization result. Will not be
null
-
authorizeJmxOperation
AuthorizationResult authorizeJmxOperation(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
Authorize a JMX operation. This operation should NOT be called for the management facade MBeans- Parameters:
identity- the caller identity. Cannot benullcallEnvironment- the call environment. Cannot benullaction- the action being authorized. Cannot benulltarget- the target of the action. Cannot benull- Returns:
- the authorization result. Will not be
null
-
getCallerRoles
Set<String> getCallerRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> runAsRoles)
Gets the set of roles the caller can run as taking into account any requested 'run as' roles.- Parameters:
identity- the caller identity. Cannot benullcallEnvironment- the call environment. Cannot benullrunAsRoles- any requested 'run as' roles. May benull- Returns:
- The set of roles assigned to the caller; an empty set will be returned if no roles are assigned or
nullwill be returned if the access control provider does not support role mapping.
-
-