Package org.jboss.as.controller

Class AccessAuditContext

java.lang.Object

org.jboss.as.controller.AccessAuditContext

public class AccessAuditContext
extends Object

The context used to store state related to access control and auditing for the current invocation.

Author:

Darran Lofthouse

Method Summary

Modifier and Type	Method	Description
static AccessAuditContext	currentAccessAuditContext()	Deprecated. Internal use, will be changed without warning at any time.
static <T> T	doAs(boolean inflowed, org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedAction<T> action)	Perform work with a new AccessAuditContext as a particular SecurityIdentity
static <T> T	doAs(boolean inflowed, org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedExceptionAction<T> action)	Perform work with a new AccessAuditContext as a particular SecurityIdentity
static <T> T	doAs(org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedAction<T> action)	Perform work with a new AccessAuditContext as a particular SecurityIdentity
static <T> T	doAs(org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedExceptionAction<T> action)	Perform work with a new AccessAuditContext as a particular SecurityIdentity
AccessMechanism	getAccessMechanism()	Gets the mechanism via which the user initiated the access.
String	getDomainUuid()	Gets the unique identifier for a multi-domain-process operation.
InetAddress	getRemoteAddress()	Get the remote address of the caller.
org.wildfly.security.auth.server.SecurityIdentity	getSecurityIdentity()	Get the SecurityIdentity associated with this AccessAuditContext.
boolean	isDomainRollout()	Gets whether this context relates to a secondary request initiated by a remote Host Controller process as part of its rollout of an operation initiated on that process.
boolean	isInflowed()	Get if the current SecurityIdentity was inflowed from another process.
void	setAccessMechanism(AccessMechanism accessMechanism)
void	setDomainRollout(boolean domainRollout)
void	setDomainUuid(String domainUuid)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Detail

getSecurityIdentity

public org.wildfly.security.auth.server.SecurityIdentity getSecurityIdentity()

Get the SecurityIdentity associated with this AccessAuditContext. This provides a way for the SecurityIdentity to be passed without the underlying SecurityDomain being known.

Returns:

the SecurityIdentity associated with this AccessAuditContext.

isInflowed

public boolean isInflowed()

Get if the current SecurityIdentity was inflowed from another process. This is a special case where we want to use it without attempting to inflow into a configured security domain.

Returns:

true if the identity was inflowed, false otherwise.

getRemoteAddress

public InetAddress getRemoteAddress()

Get the remote address of the caller.

Returns:

the remote address of the caller.

getDomainUuid

public String getDomainUuid()

Gets the unique identifier for a multi-domain-process operation.

Returns:

the identifier, or null if this context does not relate to a multi-domain-process operation

setDomainUuid

public void setDomainUuid(String domainUuid)

getAccessMechanism

public AccessMechanism getAccessMechanism()

Gets the mechanism via which the user initiated the access.

Returns:

the mechanism, or null if the access was initiated internally

setAccessMechanism

public void setAccessMechanism(AccessMechanism accessMechanism)

isDomainRollout

public boolean isDomainRollout()

Gets whether this context relates to a secondary request initiated by a remote Host Controller process as part of its rollout of an operation initiated on that process.

Returns:

true if this context relates to a remotely coordinated multi-process domain operation

setDomainRollout

public void setDomainRollout(boolean domainRollout)

currentAccessAuditContext

@Deprecated
public static AccessAuditContext currentAccessAuditContext()

Deprecated.

Internal use, will be changed without warning at any time.

Obtain the current AccessAuditContext or null if none currently set.

Returns:

The current AccessAuditContext

doAs

public static <T> T doAs(org.wildfly.security.auth.server.SecurityIdentity securityIdentity,
                         InetAddress remoteAddress,
                         PrivilegedAction<T> action)

Perform work with a new AccessAuditContext as a particular SecurityIdentity

Type Parameters:

T - the type of teh return value

Parameters:

securityIdentity - the SecurityIdentity that the specified action will run as. May be null

remoteAddress - the remote address of the caller.

action - the work to perform. Cannot be null

Returns:

the value returned by the PrivilegedAction's run method

Throws:

NullPointerException - if the specified PrivilegedExceptionAction is null.

SecurityException - if the caller does not have permission to invoke this method.

doAs

public static <T> T doAs(boolean inflowed,
                         org.wildfly.security.auth.server.SecurityIdentity securityIdentity,
                         InetAddress remoteAddress,
                         PrivilegedAction<T> action)

Perform work with a new AccessAuditContext as a particular SecurityIdentity

Type Parameters:

T - the type of teh return value

Parameters:

inflowed - was the identity inflowed from a remote process?

securityIdentity - the SecurityIdentity that the specified action will run as. May be null

remoteAddress - the remote address of the caller.

action - the work to perform. Cannot be null

Returns:

the value returned by the PrivilegedAction's run method

Throws:

NullPointerException - if the specified PrivilegedExceptionAction is null.

SecurityException - if the caller does not have permission to invoke this method.

doAs

public static <T> T doAs(org.wildfly.security.auth.server.SecurityIdentity securityIdentity,
                         InetAddress remoteAddress,
                         PrivilegedExceptionAction<T> action)
                  throws PrivilegedActionException

Perform work with a new AccessAuditContext as a particular SecurityIdentity

Type Parameters:

T - the type of teh return value

Parameters:

securityIdentity - the SecurityIdentity that the specified action will run as. May be null

remoteAddress - the remote address of the caller.

action - the work to perform. Cannot be null

Returns:

the value returned by the PrivilegedAction's run method

Throws:

PrivilegedActionException - if the PrivilegedExceptionAction.run method throws a checked exception.

NullPointerException - if the specified PrivilegedExceptionAction is null.

SecurityException - if the caller does not have permission to invoke this method.

doAs

public static <T> T doAs(boolean inflowed,
                         org.wildfly.security.auth.server.SecurityIdentity securityIdentity,
                         InetAddress remoteAddress,
                         PrivilegedExceptionAction<T> action)
                  throws PrivilegedActionException

Perform work with a new AccessAuditContext as a particular SecurityIdentity

Type Parameters:

T - the type of teh return value

Parameters:

inflowed - was the identity inflowed from a remote process?

securityIdentity - the SecurityIdentity that the specified action will run as. May be null

remoteAddress - the remote address of the caller.

action - the work to perform. Cannot be null

Returns:

the value returned by the PrivilegedAction's run method

Throws:

PrivilegedActionException - if the PrivilegedExceptionAction.run method throws a checked exception.

NullPointerException - if the specified PrivilegedExceptionAction is null.

SecurityException - if the caller does not have permission to invoke this method.