Class SuperUserRoleMapper
- java.lang.Object
-
- org.jboss.as.controller.access.rbac.SuperUserRoleMapper
-
- All Implemented Interfaces:
RoleMapper
public class SuperUserRoleMapper extends Object implements RoleMapper
ARoleMapper
that always maps the user to the role SUPERUSER.- Author:
- Darran Lofthouse
-
-
Constructor Summary
Constructors Constructor Description SuperUserRoleMapper(AuthorizerConfiguration configuration)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
canRunAs(Set<String> mappedRoles, String runAsRole)
Gets whether the given set of mapped roles provides a caller with the privilege to run as the given "runAsRole
".Set<String>
mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> operationHeaderRoles)
Determine the roles available for the caller without reference to a particular action or target.Set<String>
mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute attribute)
Determine the roles available for the caller for a management operation affecting an individual attribute.Set<String>
mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource resource)
Determine the roles available for the caller for a management operation affecting an entire resource.Set<String>
mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.
-
-
-
Constructor Detail
-
SuperUserRoleMapper
public SuperUserRoleMapper(AuthorizerConfiguration configuration)
-
-
Method Detail
-
mapRoles
public Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute attribute)
Description copied from interface:RoleMapper
Determine the roles available for the caller for a management operation affecting an individual attribute.- Specified by:
mapRoles
in interfaceRoleMapper
- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
attribute
- the target of the action. Cannot benull
- Returns:
- the roles. Will not be
null
, but may be an empty set
-
mapRoles
public Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource resource)
Description copied from interface:RoleMapper
Determine the roles available for the caller for a management operation affecting an entire resource.- Specified by:
mapRoles
in interfaceRoleMapper
- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
resource
- the target of the action. Cannot benull
- Returns:
- the roles. Will not be
null
, but may be an empty set
-
mapRoles
public Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
Description copied from interface:RoleMapper
Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.- Specified by:
mapRoles
in interfaceRoleMapper
- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
target
- the target of the action. Cannot benull
- Returns:
- the roles. Will not be
null
, but may be an empty set
-
mapRoles
public Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> operationHeaderRoles)
Description copied from interface:RoleMapper
Determine the roles available for the caller without reference to a particular action or target. Note that actually mapping a caller to roles without reference to a particular action or target is not required.- Specified by:
mapRoles
in interfaceRoleMapper
- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
operationHeaderRoles
- any roles specified as headers in the operation. May benull
- Returns:
- the roles. Will not be
null
, but may be an empty set
-
canRunAs
public boolean canRunAs(Set<String> mappedRoles, String runAsRole)
Description copied from interface:RoleMapper
Gets whether the given set of mapped roles provides a caller with the privilege to run as the given "runAsRole
".- Specified by:
canRunAs
in interfaceRoleMapper
- Parameters:
mappedRoles
- a set of roles obtained from a call to one of this mapper'smapRoles
methodsrunAsRole
- the role the caller wishes to run as- Returns:
true
if running asrunAsRole
is allowed
-
-