Package org.jboss.as.controller.security
Class ControllerPermission
- java.lang.Object
-
- java.security.Permission
-
- java.security.BasicPermission
-
- org.jboss.as.controller.security.ControllerPermission
-
- All Implemented Interfaces:
Serializable
,Guard
public class ControllerPermission extends BasicPermission
This class is for WildFly Controller's permissions. A permission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.
The target name is the name of the permission. The following table lists all the possible
ControllerPermission
target names, and for each provides a description of what the permission allows.Permission Target Name What the Permission Allows canAccessImmutableManagementResourceRegistration Creation of ImmutableManagementResourceRegistration
, or invoke one of its methodscanAccessModelController Access a ModelController
, or to invoke its methodscreateCaller Create a org.jboss.as.controller.access.Caller
with respect to access control decisiongetCallerSubject Retrieve the Subject
associated with aorg.jboss.as.controller.access.Caller
getCurrentAccessAuditContext Retrieves current AccessAuditContext
The permission name may also be an asterisk, to signify a wildcard match.
- Author:
- Eduardo Martins
- See Also:
- Serialized Form
-
-
Field Summary
Fields Modifier and Type Field Description static ControllerPermission
CAN_ACCESS_IMMUTABLE_MANAGEMENT_RESOURCE_REGISTRATION
The Controller Permission named canAccessImmutableManagementResourceRegistration, which should be used to create aImmutableManagementResourceRegistration
, or invoke one of its methodsstatic String
CAN_ACCESS_IMMUTABLE_MANAGEMENT_RESOURCE_REGISTRATION_NAME
static ControllerPermission
CAN_ACCESS_MODEL_CONTROLLER
The Controller Permission named canAccessModelController, which should be used to access aModelController
, or to invoke its methods.static String
CAN_ACCESS_MODEL_CONTROLLER_NAME
static ControllerPermission
CREATE_CALLER
The Controller Permission named createCaller, which should be used to create aorg.jboss.as.controller.access.Caller
, with respect to access control decision.static String
CREATE_CALLER_NAME
static ControllerPermission
GET_CALLER_SECURITY_IDENTITY
The Controller Permission named getCallerSubject, which should be used to retrieve theSecurityIdentity
associated with aorg.jboss.as.controller.access.Caller
.static String
GET_CALLER_SECURITY_IDENTITY_NAME
static ControllerPermission
GET_CALLER_SUBJECT
The Controller Permission named getCallerSubject, which should be used to retrieve theSubject
associated with aorg.jboss.as.controller.access.Caller
.static String
GET_CALLER_SUBJECT_NAME
static ControllerPermission
GET_CURRENT_ACCESS_AUDIT_CONTEXT
The Controller Permission named getCurrentAccessAuditContext, which should be used to retrieve currentAccessAuditContext
.static String
GET_CURRENT_ACCESS_AUDIT_CONTEXT_NAME
static ControllerPermission
GET_IN_VM_CALL_STATE
The Controller Permission named getInVmCallStateName, which should be used to retrieve in-vm call state.static String
GET_IN_VM_CALL_STATE_NAME
static ControllerPermission
INFLOW_SECURITY_IDENTITY
The Controller Permission named inflowSecurityIdentity, which is required where a SecurityIdentity is inflowed as-is bypassing local security.static String
INFLOW_SECURITY_IDENTITY_NAME
static ControllerPermission
PERFORM_IN_VM_CALL
The Controller Permission named performInVmCall, which should be used to perform an in-vm call.static String
PERFORM_IN_VM_CALL_NAME
-
Constructor Summary
Constructors Constructor Description ControllerPermission(String name)
Creates a new permission with the specified name.ControllerPermission(String name, String actions)
Creates a new permission object with the specified name.
-
Method Summary
-
Methods inherited from class java.security.BasicPermission
equals, getActions, hashCode, implies, newPermissionCollection
-
Methods inherited from class java.security.Permission
checkGuard, getName, toString
-
-
-
-
Field Detail
-
CAN_ACCESS_IMMUTABLE_MANAGEMENT_RESOURCE_REGISTRATION_NAME
public static final String CAN_ACCESS_IMMUTABLE_MANAGEMENT_RESOURCE_REGISTRATION_NAME
- See Also:
- Constant Field Values
-
CAN_ACCESS_MODEL_CONTROLLER_NAME
public static final String CAN_ACCESS_MODEL_CONTROLLER_NAME
- See Also:
- Constant Field Values
-
CREATE_CALLER_NAME
public static final String CREATE_CALLER_NAME
- See Also:
- Constant Field Values
-
GET_CALLER_SUBJECT_NAME
public static final String GET_CALLER_SUBJECT_NAME
- See Also:
- Constant Field Values
-
GET_CALLER_SECURITY_IDENTITY_NAME
public static final String GET_CALLER_SECURITY_IDENTITY_NAME
- See Also:
- Constant Field Values
-
GET_CURRENT_ACCESS_AUDIT_CONTEXT_NAME
public static final String GET_CURRENT_ACCESS_AUDIT_CONTEXT_NAME
- See Also:
- Constant Field Values
-
GET_IN_VM_CALL_STATE_NAME
public static final String GET_IN_VM_CALL_STATE_NAME
- See Also:
- Constant Field Values
-
INFLOW_SECURITY_IDENTITY_NAME
public static final String INFLOW_SECURITY_IDENTITY_NAME
- See Also:
- Constant Field Values
-
PERFORM_IN_VM_CALL_NAME
public static final String PERFORM_IN_VM_CALL_NAME
- See Also:
- Constant Field Values
-
CAN_ACCESS_IMMUTABLE_MANAGEMENT_RESOURCE_REGISTRATION
public static final ControllerPermission CAN_ACCESS_IMMUTABLE_MANAGEMENT_RESOURCE_REGISTRATION
The Controller Permission named canAccessImmutableManagementResourceRegistration, which should be used to create aImmutableManagementResourceRegistration
, or invoke one of its methods
-
CAN_ACCESS_MODEL_CONTROLLER
public static final ControllerPermission CAN_ACCESS_MODEL_CONTROLLER
The Controller Permission named canAccessModelController, which should be used to access aModelController
, or to invoke its methods.
-
CREATE_CALLER
public static final ControllerPermission CREATE_CALLER
The Controller Permission named createCaller, which should be used to create aorg.jboss.as.controller.access.Caller
, with respect to access control decision.
-
GET_CALLER_SUBJECT
public static final ControllerPermission GET_CALLER_SUBJECT
The Controller Permission named getCallerSubject, which should be used to retrieve theSubject
associated with aorg.jboss.as.controller.access.Caller
.
-
GET_CALLER_SECURITY_IDENTITY
public static final ControllerPermission GET_CALLER_SECURITY_IDENTITY
The Controller Permission named getCallerSubject, which should be used to retrieve theSecurityIdentity
associated with aorg.jboss.as.controller.access.Caller
.
-
GET_CURRENT_ACCESS_AUDIT_CONTEXT
public static final ControllerPermission GET_CURRENT_ACCESS_AUDIT_CONTEXT
The Controller Permission named getCurrentAccessAuditContext, which should be used to retrieve currentAccessAuditContext
.
-
GET_IN_VM_CALL_STATE
public static final ControllerPermission GET_IN_VM_CALL_STATE
The Controller Permission named getInVmCallStateName, which should be used to retrieve in-vm call state.
-
INFLOW_SECURITY_IDENTITY
public static final ControllerPermission INFLOW_SECURITY_IDENTITY
The Controller Permission named inflowSecurityIdentity, which is required where a SecurityIdentity is inflowed as-is bypassing local security.
-
PERFORM_IN_VM_CALL
public static final ControllerPermission PERFORM_IN_VM_CALL
The Controller Permission named performInVmCall, which should be used to perform an in-vm call.
-
-
Constructor Detail
-
ControllerPermission
public ControllerPermission(String name)
Creates a new permission with the specified name. The name is the symbolic name of the permission, such as "createCaller", "getCurrentAccessAuditContext", etc.- Parameters:
name
- the name of the permission.- Throws:
NullPointerException
- ifname
isnull
.IllegalArgumentException
- ifname
is not valid.
-
ControllerPermission
public ControllerPermission(String name, String actions)
Creates a new permission object with the specified name. The name is the symbolic name of the permission, and the actions String is currently unused and should be null.- Parameters:
name
- the name of the permission.actions
- should be null.- Throws:
NullPointerException
- ifname
isnull
.IllegalArgumentException
- ifname
and/oractions
are not valid.
-
-