Package org.jboss.as.controller.access

Interface AuthorizerConfiguration

  • All Known Implementing Classes:
    WritableAuthorizerConfiguration
    public interface AuthorizerConfiguration
    Encapsulates the current configuration of all aspects of the access control system that are available to Authorizer implementations.

    The results of changes to the access control configuration made via the WildFly management layer will be made available here.

    • Method Detail

      • getPermissionCombinationPolicy

        CombinationPolicy getPermissionCombinationPolicy()
        Gets the policy for combining access control permissions when the configuration grants the user more than one type of permission for a given action. For example, in the standard WildFly access control system, a user may map to more than one role. This property would control how the permissions associated with those roles should be combined to make access control decisions.
        Returns:
        the combination policy. Will not be null.

      • isRoleBased

        boolean isRoleBased()
        Gets whether the authorizer uses a role-based authorization mechanism.
        Returns:
        true if a role-based mechanism is used; false if not

      • getStandardRoles

        Set<String> getStandardRoles()
        Gets the names of the "standard" "built-in" roles used by the authorizer. A built-in role requires no end user configuration.
        Returns:
        the standard role names. Will not be null, but may be an empty set if roles are not used or no built-in roles are used.

      • getAllRoles

        Set<String> getAllRoles()
        Gets the names of the all roles used by the authorizer, including both built-in roles and roles added via end user configuration.
        Returns:
        the role names. Will not be null, but may be an empty set if roles are not used or no built-in roles are used and no end user configured roles exist.

      • hasRole

        boolean hasRole​(String roleName)
        Gets whether the current set of roles contains the given role, with the check performed using a case-insensitive algorithm.
        Parameters:
        roleName - the name of the role
        Returns:
        true if the current role set includes an item that equals ignoring case the given roleName

      • isMapUsingIdentityRoles

        boolean isMapUsingIdentityRoles()
        Gets whether role mapping should use roles obtained from the SecurityIdentity. Any configured exclusions are still checked. The configured inclusions will also be checked meaning additional roles may also be granted.
        Returns:
        true if role

      • isNonFacadeMBeansSensitive

        boolean isNonFacadeMBeansSensitive()
        Gets whether JMX calls to non-facade mbeans (i.e. those that result in invocations to Authorizer#authorizeJmxOperation(Caller, Environment, JmxAction)) should be treated as 'sensitive'.
        Returns:
        true if non-facade mbean calls are sensitive; false otherwise

      • registerScopedRoleListener

        void registerScopedRoleListener​(AuthorizerConfiguration.ScopedRoleListener listener)
        Register a listener for changes in the configured scoped roles.
        Parameters:
        listener - the listener. Cannot be null

      • unregisterScopedRoleListener

        void unregisterScopedRoleListener​(AuthorizerConfiguration.ScopedRoleListener listener)
        Unregister a listener for changes in the configured scoped roles.
        Parameters:
        listener - the listener. Cannot be null