Package org.jboss.as.controller.access.rbac

Class SuperUserRoleMapper

java.lang.Object

org.jboss.as.controller.access.rbac.SuperUserRoleMapper

All Implemented Interfaces:

RoleMapper

public class SuperUserRoleMapper
extends Object
implements RoleMapper

A RoleMapper that always maps the user to the role SUPERUSER.

Author:

Darran Lofthouse

Constructor Summary

Constructors

Constructor	Description
SuperUserRoleMapper(AuthorizerConfiguration configuration)

Method Summary

Modifier and Type	Method	Description
boolean	canRunAs(Set<String> mappedRoles, String runAsRole)	Gets whether the given set of mapped roles provides a caller with the privilege to run as the given "runAsRole".
Set<String>	mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> operationHeaderRoles)	Determine the roles available for the caller without reference to a particular action or target.
Set<String>	mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute attribute)	Determine the roles available for the caller for a management operation affecting an individual attribute.
Set<String>	mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource resource)	Determine the roles available for the caller for a management operation affecting an entire resource.
Set<String>	mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)	Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SuperUserRoleMapper

public SuperUserRoleMapper(AuthorizerConfiguration configuration)

Method Detail

mapRoles

public Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity,
                            Environment callEnvironment,
                            Action action,
                            TargetAttribute attribute)

Description copied from interface: RoleMapper

Determine the roles available for the caller for a management operation affecting an individual attribute.

Specified by:

mapRoles in interface RoleMapper

Parameters:

identity - the caller identity. Cannot be null

callEnvironment - the call environment. Cannot be null

action - the action being authorized. Cannot be null

attribute - the target of the action. Cannot be null

Returns:

the roles. Will not be null, but may be an empty set

mapRoles

public Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity,
                            Environment callEnvironment,
                            Action action,
                            TargetResource resource)

Description copied from interface: RoleMapper

Determine the roles available for the caller for a management operation affecting an entire resource.

Specified by:

mapRoles in interface RoleMapper

Parameters:

identity - the caller identity. Cannot be null

callEnvironment - the call environment. Cannot be null

action - the action being authorized. Cannot be null

resource - the target of the action. Cannot be null

Returns:

the roles. Will not be null, but may be an empty set

mapRoles

public Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity,
                            Environment callEnvironment,
                            JmxAction action,
                            JmxTarget target)

Description copied from interface: RoleMapper

Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.

Specified by:

mapRoles in interface RoleMapper

Parameters:

identity - the caller identity. Cannot be null

callEnvironment - the call environment. Cannot be null

action - the action being authorized. Cannot be null

target - the target of the action. Cannot be null

Returns:

the roles. Will not be null, but may be an empty set

mapRoles

public Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity,
                            Environment callEnvironment,
                            Set<String> operationHeaderRoles)

Description copied from interface: RoleMapper

Determine the roles available for the caller without reference to a particular action or target. Note that actually mapping a caller to roles without reference to a particular action or target is not required.

Specified by:

mapRoles in interface RoleMapper

Parameters:

identity - the caller identity. Cannot be null

callEnvironment - the call environment. Cannot be null

operationHeaderRoles - any roles specified as headers in the operation. May be null

Returns:

the roles. Will not be null, but may be an empty set

canRunAs

public boolean canRunAs(Set<String> mappedRoles,
                        String runAsRole)

Description copied from interface: RoleMapper

Gets whether the given set of mapped roles provides a caller with the privilege to run as the given "runAsRole".

Specified by:

canRunAs in interface RoleMapper

Parameters:

mappedRoles - a set of roles obtained from a call to one of this mapper's mapRoles methods

runAsRole - the role the caller wishes to run as

Returns:

true if running as runAsRole is allowed