Interface RoleMapper
-
- All Known Implementing Classes:
RunAsRoleMapper
,StandardRoleMapper
,SuperUserRoleMapper
public interface RoleMapper
Determines the set of roles applicable for a management request.- Author:
- Brian Stansberry (c) 2013 Red Hat Inc.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description boolean
canRunAs(Set<String> mappedRoles, String runAsRole)
Gets whether the given set of mapped roles provides a caller with the privilege to run as the given "runAsRole
".Set<String>
mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> operationHeaderRoles)
Determine the roles available for the caller without reference to a particular action or target.Set<String>
mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute attribute)
Determine the roles available for the caller for a management operation affecting an individual attribute.Set<String>
mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource resource)
Determine the roles available for the caller for a management operation affecting an entire resource.Set<String>
mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.
-
-
-
Method Detail
-
mapRoles
Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute attribute)
Determine the roles available for the caller for a management operation affecting an individual attribute.- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
attribute
- the target of the action. Cannot benull
- Returns:
- the roles. Will not be
null
, but may be an empty set
-
mapRoles
Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource resource)
Determine the roles available for the caller for a management operation affecting an entire resource.- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
resource
- the target of the action. Cannot benull
- Returns:
- the roles. Will not be
null
, but may be an empty set
-
mapRoles
Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
target
- the target of the action. Cannot benull
- Returns:
- the roles. Will not be
null
, but may be an empty set
-
mapRoles
Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> operationHeaderRoles)
Determine the roles available for the caller without reference to a particular action or target. Note that actually mapping a caller to roles without reference to a particular action or target is not required.- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
operationHeaderRoles
- any roles specified as headers in the operation. May benull
- Returns:
- the roles. Will not be
null
, but may be an empty set
-
canRunAs
boolean canRunAs(Set<String> mappedRoles, String runAsRole)
Gets whether the given set of mapped roles provides a caller with the privilege to run as the given "runAsRole
".- Parameters:
mappedRoles
- a set of roles obtained from a call to one of this mapper'smapRoles
methodsrunAsRole
- the role the caller wishes to run as- Returns:
true
if running asrunAsRole
is allowed- Throws:
UnknowRoleException
- when therunAsRole
isn't defined.
-
-