Package org.jboss.as.controller.access
Interface Authorizer
-
- All Known Subinterfaces:
CustomAuthorizer
,JmxAuthorizer
- All Known Implementing Classes:
DelegatingConfigurableAuthorizer
,ManagementPermissionAuthorizer
,StandardRBACAuthorizer
public interface Authorizer
Interface exposed by the enforcement point in a WildFly access control system.- Author:
- Brian Stansberry (c) 2013 Red Hat Inc.
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static interface
Authorizer.AuthorizerDescription
Description of standard information about the custom authorizer.
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description AuthorizationResult
authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute target)
Authorize a management operation affecting an individual attribute.AuthorizationResult
authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource target)
Authorize a management operation affecting an entire resource.AuthorizationResult
authorizeJmxOperation(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
Authorize a JMX operation.Set<String>
getCallerRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> runAsRoles)
Gets the set of roles the caller can run as taking into account any requested 'run as' roles.Authorizer.AuthorizerDescription
getDescription()
Gets a description of the characteristics of this authorizer
-
-
-
Method Detail
-
getDescription
Authorizer.AuthorizerDescription getDescription()
Gets a description of the characteristics of this authorizer- Returns:
- the description. Cannot be
null
-
authorize
AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute target)
Authorize a management operation affecting an individual attribute.- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
target
- the target of the action. Cannot benull
- Returns:
- the authorization result. Will not be
null
-
authorize
AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource target)
Authorize a management operation affecting an entire resource.- Parameters:
identity
- the identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
target
- the target of the action. Cannot benull
- Returns:
- the authorization result. Will not be
null
-
authorizeJmxOperation
AuthorizationResult authorizeJmxOperation(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
Authorize a JMX operation. This operation should NOT be called for the management facade MBeans- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
target
- the target of the action. Cannot benull
- Returns:
- the authorization result. Will not be
null
-
getCallerRoles
Set<String> getCallerRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> runAsRoles)
Gets the set of roles the caller can run as taking into account any requested 'run as' roles.- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
runAsRoles
- any requested 'run as' roles. May benull
- Returns:
- The set of roles assigned to the caller; an empty set will be returned if no roles are assigned or
null
will be returned if the access control provider does not support role mapping.
-
-