Package org.jboss.as.controller.access.rbac

Interface RoleMapper

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      boolean canRunAs​(Set<String> mappedRoles, String runAsRole)
      Gets whether the given set of mapped roles provides a caller with the privilege to run as the given "runAsRole".
      Set<String> mapRoles​(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> operationHeaderRoles)
      Determine the roles available for the caller without reference to a particular action or target.
      Set<String> mapRoles​(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute attribute)
      Determine the roles available for the caller for a management operation affecting an individual attribute.
      Set<String> mapRoles​(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource resource)
      Determine the roles available for the caller for a management operation affecting an entire resource.
      Set<String> mapRoles​(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
      Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.

    • Method Detail

      • mapRoles

        Set<String> mapRoles​(org.wildfly.security.auth.server.SecurityIdentity identity,
                     Environment callEnvironment,
                     Action action,
                     TargetAttribute attribute)
        Determine the roles available for the caller for a management operation affecting an individual attribute.
        Parameters:
        identity - the caller identity. Cannot be null
        callEnvironment - the call environment. Cannot be null
        action - the action being authorized. Cannot be null
        attribute - the target of the action. Cannot be null
        Returns:
        the roles. Will not be null, but may be an empty set

      • mapRoles

        Set<String> mapRoles​(org.wildfly.security.auth.server.SecurityIdentity identity,
                     Environment callEnvironment,
                     Action action,
                     TargetResource resource)
        Determine the roles available for the caller for a management operation affecting an entire resource.
        Parameters:
        identity - the caller identity. Cannot be null
        callEnvironment - the call environment. Cannot be null
        action - the action being authorized. Cannot be null
        resource - the target of the action. Cannot be null
        Returns:
        the roles. Will not be null, but may be an empty set

      • mapRoles

        Set<String> mapRoles​(org.wildfly.security.auth.server.SecurityIdentity identity,
                     Environment callEnvironment,
                     JmxAction action,
                     JmxTarget target)
        Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.
        Parameters:
        identity - the caller identity. Cannot be null
        callEnvironment - the call environment. Cannot be null
        action - the action being authorized. Cannot be null
        target - the target of the action. Cannot be null
        Returns:
        the roles. Will not be null, but may be an empty set

      • mapRoles

        Set<String> mapRoles​(org.wildfly.security.auth.server.SecurityIdentity identity,
                     Environment callEnvironment,
                     Set<String> operationHeaderRoles)
        Determine the roles available for the caller without reference to a particular action or target. Note that actually mapping a caller to roles without reference to a particular action or target is not required.
        Parameters:
        identity - the caller identity. Cannot be null
        callEnvironment - the call environment. Cannot be null
        operationHeaderRoles - any roles specified as headers in the operation. May be null
        Returns:
        the roles. Will not be null, but may be an empty set

      • canRunAs

        boolean canRunAs​(Set<String> mappedRoles,
                 String runAsRole)
        Gets whether the given set of mapped roles provides a caller with the privilege to run as the given "runAsRole".
        Parameters:
        mappedRoles - a set of roles obtained from a call to one of this mapper's mapRoles methods
        runAsRole - the role the caller wishes to run as
        Returns:
        true if running as runAsRole is allowed
        Throws:
        UnknowRoleException - when the runAsRole isn't defined.