Class DelegatingConfigurableAuthorizer
- java.lang.Object
-
- org.jboss.as.controller.access.management.DelegatingConfigurableAuthorizer
-
- All Implemented Interfaces:
Authorizer
,JmxAuthorizer
public final class DelegatingConfigurableAuthorizer extends Object implements JmxAuthorizer
AAuthorizer
that delegates to another. Used for initial boot to allow an instance of this class to be provided to theModelController
but then have the functional implementation swapped out when boot proceeds to the point where the user-configured authorizer is available.- Author:
- Brian Stansberry (c) 2013 Red Hat Inc.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.jboss.as.controller.access.Authorizer
Authorizer.AuthorizerDescription
-
-
Constructor Summary
Constructors Constructor Description DelegatingConfigurableAuthorizer()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AuthorizationResult
authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute target)
Authorize a management operation affecting an individual attribute.AuthorizationResult
authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource target)
Authorize a management operation affecting an entire resource.AuthorizationResult
authorizeJmxOperation(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
Authorize a JMX operation.Set<String>
getCallerRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> runAsRoles)
Gets the set of roles the caller can run as taking into account any requested 'run as' roles.Authorizer.AuthorizerDescription
getDescription()
Gets a description of the characteristics of this authorizerWritableAuthorizerConfiguration
getWritableAuthorizerConfiguration()
boolean
isNonFacadeMBeansSensitive()
Gets whether JMX calls to non-facade mbeans (i.e.void
setDelegate(Authorizer delegate)
void
setNonFacadeMBeansSensitive(boolean sensitive)
Sets whether JMX calls to non-facade mbeans (i.e.void
shutdown()
-
-
-
Method Detail
-
getWritableAuthorizerConfiguration
public WritableAuthorizerConfiguration getWritableAuthorizerConfiguration()
-
setDelegate
public void setDelegate(Authorizer delegate)
-
getCallerRoles
public Set<String> getCallerRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> runAsRoles)
Description copied from interface:Authorizer
Gets the set of roles the caller can run as taking into account any requested 'run as' roles.- Specified by:
getCallerRoles
in interfaceAuthorizer
- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
runAsRoles
- any requested 'run as' roles. May benull
- Returns:
- The set of roles assigned to the caller; an empty set will be returned if no roles are assigned or
null
will be returned if the access control provider does not support role mapping.
-
getDescription
public Authorizer.AuthorizerDescription getDescription()
Description copied from interface:Authorizer
Gets a description of the characteristics of this authorizer- Specified by:
getDescription
in interfaceAuthorizer
- Returns:
- the description. Cannot be
null
-
authorize
public AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute target)
Description copied from interface:Authorizer
Authorize a management operation affecting an individual attribute.- Specified by:
authorize
in interfaceAuthorizer
- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
target
- the target of the action. Cannot benull
- Returns:
- the authorization result. Will not be
null
-
authorize
public AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource target)
Description copied from interface:Authorizer
Authorize a management operation affecting an entire resource.- Specified by:
authorize
in interfaceAuthorizer
- Parameters:
identity
- the identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
target
- the target of the action. Cannot benull
- Returns:
- the authorization result. Will not be
null
-
authorizeJmxOperation
public AuthorizationResult authorizeJmxOperation(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
Description copied from interface:Authorizer
Authorize a JMX operation. This operation should NOT be called for the management facade MBeans- Specified by:
authorizeJmxOperation
in interfaceAuthorizer
- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
target
- the target of the action. Cannot benull
- Returns:
- the authorization result. Will not be
null
-
setNonFacadeMBeansSensitive
public void setNonFacadeMBeansSensitive(boolean sensitive)
Description copied from interface:JmxAuthorizer
Sets whether JMX calls to non-facade mbeans (i.e. those that result in invocations toAuthorizer#authorizeJmxOperation(org.jboss.as.controller.access.Caller, org.jboss.as.controller.access.Environment, org.jboss.as.controller.access.JmxAction, org.jboss.as.controller.access.JmxTarget)
) should be treated as 'sensitive'.- Specified by:
setNonFacadeMBeansSensitive
in interfaceJmxAuthorizer
- Parameters:
sensitive
-true
if non-facade mbean calls are sensitive;false
otherwise
-
shutdown
public void shutdown()
-
isNonFacadeMBeansSensitive
public boolean isNonFacadeMBeansSensitive()
Description copied from interface:JmxAuthorizer
Gets whether JMX calls to non-facade mbeans (i.e. those that result in invocations toAuthorizer#authorizeJmxOperation(org.jboss.as.controller.access.Caller, org.jboss.as.controller.access.Environment, org.jboss.as.controller.access.JmxAction, org.jboss.as.controller.access.JmxTarget)
) should be treated as 'sensitive'.- Specified by:
isNonFacadeMBeansSensitive
in interfaceJmxAuthorizer
- Returns:
true
if non-facade mbean calls are sensitive;false
otherwise
-
-