Package org.jboss.as.controller

Interface ModelControllerClientFactory

    • Method Detail

      • createClient

        LocalModelControllerClient createClient​(Executor executor)
        Create an in-VM client whose operations are executed with authorization checks performed based on the security identity that is associated with the calling thread when the client is invoked. Operations are not automatically treated as if invoked by a user in the RBAC SuperUser role, and thus may be rejected due to failed authorization checks.
        Parameters:
        executor - the executor to use for asynchronous operation execution. Cannot be null
        Returns:
        the client. Will not return null
        Throws:
        SecurityException - if the caller does not have the CAN_ACCESS_MODEL_CONTROLLER permission

      • createSuperUserClient

        default LocalModelControllerClient createSuperUserClient​(Executor executor)
        Create an in-VM client whose operations are executed as if they were invoked by a user in the RBAC SuperUser role, regardless of any security identity that is or isn't associated with the calling thread when the client is invoked. This client generally should not be used to handle requests from external callers, and if it is used great care should be taken to ensure such use is not suborning the intended access control scheme.

        In a VM with a SecurityManager installed, invocations against the returned client can only occur from a calling context with the PERFORM_IN_VM_CALL permission. Without this permission a SecurityException will be thrown.

        Calling this method is equivalent to a call to createSuperUserClient(executor, false).

        Parameters:
        executor - the executor to use for asynchronous operation execution. Cannot be null
        Returns:
        the client. Will not return null
        Throws:
        SecurityException - if the caller does not have the CAN_ACCESS_MODEL_CONTROLLER permission

      • createSuperUserClient

        LocalModelControllerClient createSuperUserClient​(Executor executor,
                                                 boolean forUserCalls)
        Create an in-VM client whose operations are executed as if they were invoked by a user in the RBAC SuperUser role, regardless of any security identity that is or isn't associated with the calling thread when the client is invoked. This client generally should not be used to handle requests from external callers, and if it is used great care should be taken to ensure such use is not suborning the intended access control scheme.

        In a VM with a SecurityManager installed, invocations against the returned client can only occur from a calling context with the PERFORM_IN_VM_CALL permission. Without this permission a SecurityException will be thrown.

        Parameters:
        executor - the executor to use for asynchronous operation execution. Cannot be null
        forUserCalls - if true the operation executed by this client should be regarded as coming from an end user. For example, such operations cannot target OperationEntry.EntryType.PRIVATE operations
        Returns:
        the client. Will not return null
        Throws:
        SecurityException - if the caller does not have the CAN_ACCESS_MODEL_CONTROLLER permission