Package org.jboss.as.controller.access.management

Class DelegatingConfigurableAuthorizer

  • All Implemented Interfaces:
    Authorizer, JmxAuthorizer
    public final class DelegatingConfigurableAuthorizer
extends Object
implements JmxAuthorizer
    A Authorizer that delegates to another. Used for initial boot to allow an instance of this class to be provided to the ModelController but then have the functional implementation swapped out when boot proceeds to the point where the user-configured authorizer is available.
    Author:
    Brian Stansberry (c) 2013 Red Hat Inc.

    • Constructor Detail

      • DelegatingConfigurableAuthorizer

        public DelegatingConfigurableAuthorizer()

    • Method Detail

      • setDelegate

        public void setDelegate​(Authorizer delegate)

      • getCallerRoles

        public Set<String> getCallerRoles​(org.wildfly.security.auth.server.SecurityIdentity identity,
                                  Environment callEnvironment,
                                  Set<String> runAsRoles)
        Description copied from interface: Authorizer
        Gets the set of roles the caller can run as taking into account any requested 'run as' roles.
        Specified by:
        getCallerRoles in interface Authorizer
        Parameters:
        identity - the caller identity. Cannot be null
        callEnvironment - the call environment. Cannot be null
        runAsRoles - any requested 'run as' roles. May be null
        Returns:
        The set of roles assigned to the caller; an empty set will be returned if no roles are assigned or null will be returned if the access control provider does not support role mapping.

      • authorize

        public AuthorizationResult authorize​(org.wildfly.security.auth.server.SecurityIdentity identity,
                                     Environment callEnvironment,
                                     Action action,
                                     TargetAttribute target)
        Description copied from interface: Authorizer
        Authorize a management operation affecting an individual attribute.
        Specified by:
        authorize in interface Authorizer
        Parameters:
        identity - the caller identity. Cannot be null
        callEnvironment - the call environment. Cannot be null
        action - the action being authorized. Cannot be null
        target - the target of the action. Cannot be null
        Returns:
        the authorization result. Will not be null

      • authorize

        public AuthorizationResult authorize​(org.wildfly.security.auth.server.SecurityIdentity identity,
                                     Environment callEnvironment,
                                     Action action,
                                     TargetResource target)
        Description copied from interface: Authorizer
        Authorize a management operation affecting an entire resource.
        Specified by:
        authorize in interface Authorizer
        Parameters:
        identity - the identity. Cannot be null
        callEnvironment - the call environment. Cannot be null
        action - the action being authorized. Cannot be null
        target - the target of the action. Cannot be null
        Returns:
        the authorization result. Will not be null

      • authorizeJmxOperation

        public AuthorizationResult authorizeJmxOperation​(org.wildfly.security.auth.server.SecurityIdentity identity,
                                                 Environment callEnvironment,
                                                 JmxAction action,
                                                 JmxTarget target)
        Description copied from interface: Authorizer
        Authorize a JMX operation. This operation should NOT be called for the management facade MBeans
        Specified by:
        authorizeJmxOperation in interface Authorizer
        Parameters:
        identity - the caller identity. Cannot be null
        callEnvironment - the call environment. Cannot be null
        action - the action being authorized. Cannot be null
        target - the target of the action. Cannot be null
        Returns:
        the authorization result. Will not be null

      • setNonFacadeMBeansSensitive

        public void setNonFacadeMBeansSensitive​(boolean sensitive)
        Description copied from interface: JmxAuthorizer
        Sets whether JMX calls to non-facade mbeans (i.e. those that result in invocations to Authorizer#authorizeJmxOperation(org.jboss.as.controller.access.Caller, org.jboss.as.controller.access.Environment, org.jboss.as.controller.access.JmxAction, org.jboss.as.controller.access.JmxTarget)) should be treated as 'sensitive'.
        Specified by:
        setNonFacadeMBeansSensitive in interface JmxAuthorizer
        Parameters:
        sensitive - true if non-facade mbean calls are sensitive; false otherwise

      • shutdown

        public void shutdown()

      • isNonFacadeMBeansSensitive

        public boolean isNonFacadeMBeansSensitive()
        Description copied from interface: JmxAuthorizer
        Gets whether JMX calls to non-facade mbeans (i.e. those that result in invocations to Authorizer#authorizeJmxOperation(org.jboss.as.controller.access.Caller, org.jboss.as.controller.access.Environment, org.jboss.as.controller.access.JmxAction, org.jboss.as.controller.access.JmxTarget)) should be treated as 'sensitive'.
        Specified by:
        isNonFacadeMBeansSensitive in interface JmxAuthorizer
        Returns:
        true if non-facade mbean calls are sensitive; false otherwise