Package org.jboss.as.controller
Class AccessAuditContext
- java.lang.Object
-
- org.jboss.as.controller.AccessAuditContext
-
public class AccessAuditContext extends Object
The context used to store state related to access control and auditing for the current invocation.- Author:
- Darran Lofthouse
-
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description static AccessAuditContext
currentAccessAuditContext()
Deprecated.Internal use, will be changed without warning at any time.static <T> T
doAs(boolean inflowed, org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedAction<T> action)
Perform work with a newAccessAuditContext
as a particularSecurityIdentity
static <T> T
doAs(boolean inflowed, org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedExceptionAction<T> action)
Perform work with a newAccessAuditContext
as a particularSecurityIdentity
static <T> T
doAs(org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedAction<T> action)
Perform work with a newAccessAuditContext
as a particularSecurityIdentity
static <T> T
doAs(org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedExceptionAction<T> action)
Perform work with a newAccessAuditContext
as a particularSecurityIdentity
AccessMechanism
getAccessMechanism()
Gets the mechanism via which the user initiated the access.String
getDomainUuid()
Gets the unique identifier for a multi-domain-process operation.InetAddress
getRemoteAddress()
Get the remote address of the caller.org.wildfly.security.auth.server.SecurityIdentity
getSecurityIdentity()
Get theSecurityIdentity
associated with thisAccessAuditContext
.boolean
isDomainRollout()
Gets whether this context relates to a secondary request initiated by a remote Host Controller process as part of its rollout of an operation initiated on that process.boolean
isInflowed()
Get if the currentSecurityIdentity
was inflowed from another process.void
setAccessMechanism(AccessMechanism accessMechanism)
void
setDomainRollout(boolean domainRollout)
void
setDomainUuid(String domainUuid)
-
-
-
Method Detail
-
getSecurityIdentity
public org.wildfly.security.auth.server.SecurityIdentity getSecurityIdentity()
Get theSecurityIdentity
associated with thisAccessAuditContext
. This provides a way for theSecurityIdentity
to be passed without the underlyingSecurityDomain
being known.- Returns:
- the
SecurityIdentity
associated with thisAccessAuditContext
.
-
isInflowed
public boolean isInflowed()
Get if the currentSecurityIdentity
was inflowed from another process. This is a special case where we want to use it without attempting to inflow into a configured security domain.- Returns:
true
if the identity was inflowed,false
otherwise.
-
getRemoteAddress
public InetAddress getRemoteAddress()
Get the remote address of the caller.- Returns:
- the remote address of the caller.
-
getDomainUuid
public String getDomainUuid()
Gets the unique identifier for a multi-domain-process operation.- Returns:
- the identifier, or
null
if this context does not relate to a multi-domain-process operation
-
setDomainUuid
public void setDomainUuid(String domainUuid)
-
getAccessMechanism
public AccessMechanism getAccessMechanism()
Gets the mechanism via which the user initiated the access.- Returns:
- the mechanism, or
null
if the access was initiated internally
-
setAccessMechanism
public void setAccessMechanism(AccessMechanism accessMechanism)
-
isDomainRollout
public boolean isDomainRollout()
Gets whether this context relates to a secondary request initiated by a remote Host Controller process as part of its rollout of an operation initiated on that process.- Returns:
true
if this context relates to a remotely coordinated multi-process domain operation
-
setDomainRollout
public void setDomainRollout(boolean domainRollout)
-
currentAccessAuditContext
@Deprecated public static AccessAuditContext currentAccessAuditContext()
Deprecated.Internal use, will be changed without warning at any time.Obtain the currentAccessAuditContext
ornull
if none currently set.- Returns:
- The current
AccessAuditContext
-
doAs
public static <T> T doAs(org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedAction<T> action)
Perform work with a newAccessAuditContext
as a particularSecurityIdentity
- Type Parameters:
T
- the type of teh return value- Parameters:
securityIdentity
- theSecurityIdentity
that the specifiedaction
will run as. May benull
remoteAddress
- the remote address of the caller.action
- the work to perform. Cannot benull
- Returns:
- the value returned by the PrivilegedAction's
run
method - Throws:
NullPointerException
- if the specifiedPrivilegedExceptionAction
isnull
.SecurityException
- if the caller does not have permission to invoke this method.
-
doAs
public static <T> T doAs(boolean inflowed, org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedAction<T> action)
Perform work with a newAccessAuditContext
as a particularSecurityIdentity
- Type Parameters:
T
- the type of teh return value- Parameters:
inflowed
- was the identity inflowed from a remote process?securityIdentity
- theSecurityIdentity
that the specifiedaction
will run as. May benull
remoteAddress
- the remote address of the caller.action
- the work to perform. Cannot benull
- Returns:
- the value returned by the PrivilegedAction's
run
method - Throws:
NullPointerException
- if the specifiedPrivilegedExceptionAction
isnull
.SecurityException
- if the caller does not have permission to invoke this method.
-
doAs
public static <T> T doAs(org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedExceptionAction<T> action) throws PrivilegedActionException
Perform work with a newAccessAuditContext
as a particularSecurityIdentity
- Type Parameters:
T
- the type of teh return value- Parameters:
securityIdentity
- theSecurityIdentity
that the specifiedaction
will run as. May benull
remoteAddress
- the remote address of the caller.action
- the work to perform. Cannot benull
- Returns:
- the value returned by the PrivilegedAction's
run
method - Throws:
PrivilegedActionException
- if thePrivilegedExceptionAction.run
method throws a checked exception.NullPointerException
- if the specifiedPrivilegedExceptionAction
isnull
.SecurityException
- if the caller does not have permission to invoke this method.
-
doAs
public static <T> T doAs(boolean inflowed, org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedExceptionAction<T> action) throws PrivilegedActionException
Perform work with a newAccessAuditContext
as a particularSecurityIdentity
- Type Parameters:
T
- the type of teh return value- Parameters:
inflowed
- was the identity inflowed from a remote process?securityIdentity
- theSecurityIdentity
that the specifiedaction
will run as. May benull
remoteAddress
- the remote address of the caller.action
- the work to perform. Cannot benull
- Returns:
- the value returned by the PrivilegedAction's
run
method - Throws:
PrivilegedActionException
- if thePrivilegedExceptionAction.run
method throws a checked exception.NullPointerException
- if the specifiedPrivilegedExceptionAction
isnull
.SecurityException
- if the caller does not have permission to invoke this method.
-
-