Package org.jboss.as.controller.security

Class ControllerPermission

  • All Implemented Interfaces:
    Serializable, Guard
    public class ControllerPermission
extends BasicPermission

    This class is for WildFly Controller's permissions. A permission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.

    The target name is the name of the permission. The following table lists all the possible ControllerPermission target names, and for each provides a description of what the permission allows.

    Permission Target Name What the Permission Allows
    canAccessImmutableManagementResourceRegistration Creation of ImmutableManagementResourceRegistration, or invoke one of its methods
    canAccessModelController Access a ModelController, or to invoke its methods
    createCaller Create a org.jboss.as.controller.access.Caller with respect to access control decision
    getCallerSubject Retrieve the Subject associated with a org.jboss.as.controller.access.Caller
    getCurrentAccessAuditContext Retrieves current AccessAuditContext

    The permission name may also be an asterisk, to signify a wildcard match.

    Author:
    Eduardo Martins
    See Also:
    Serialized Form

    • Field Detail

      • CAN_ACCESS_IMMUTABLE_MANAGEMENT_RESOURCE_REGISTRATION_NAME

        public static final String CAN_ACCESS_IMMUTABLE_MANAGEMENT_RESOURCE_REGISTRATION_NAME
        See Also:
        Constant Field Values

      • GET_CURRENT_ACCESS_AUDIT_CONTEXT_NAME

        public static final String GET_CURRENT_ACCESS_AUDIT_CONTEXT_NAME
        See Also:
        Constant Field Values

      • CAN_ACCESS_IMMUTABLE_MANAGEMENT_RESOURCE_REGISTRATION

        public static final ControllerPermission CAN_ACCESS_IMMUTABLE_MANAGEMENT_RESOURCE_REGISTRATION
        The Controller Permission named canAccessImmutableManagementResourceRegistration, which should be used to create a ImmutableManagementResourceRegistration, or invoke one of its methods

      • CAN_ACCESS_MODEL_CONTROLLER

        public static final ControllerPermission CAN_ACCESS_MODEL_CONTROLLER
        The Controller Permission named canAccessModelController, which should be used to access a ModelController, or to invoke its methods.

      • CREATE_CALLER

        public static final ControllerPermission CREATE_CALLER
        The Controller Permission named createCaller, which should be used to create a org.jboss.as.controller.access.Caller, with respect to access control decision.

      • GET_CALLER_SUBJECT

        public static final ControllerPermission GET_CALLER_SUBJECT
        The Controller Permission named getCallerSubject, which should be used to retrieve the Subject associated with a org.jboss.as.controller.access.Caller.

      • GET_CALLER_SECURITY_IDENTITY

        public static final ControllerPermission GET_CALLER_SECURITY_IDENTITY
        The Controller Permission named getCallerSubject, which should be used to retrieve the SecurityIdentity associated with a org.jboss.as.controller.access.Caller.

      • GET_CURRENT_ACCESS_AUDIT_CONTEXT

        public static final ControllerPermission GET_CURRENT_ACCESS_AUDIT_CONTEXT
        The Controller Permission named getCurrentAccessAuditContext, which should be used to retrieve current AccessAuditContext.

      • GET_IN_VM_CALL_STATE

        public static final ControllerPermission GET_IN_VM_CALL_STATE
        The Controller Permission named getInVmCallStateName, which should be used to retrieve in-vm call state.

      • INFLOW_SECURITY_IDENTITY

        public static final ControllerPermission INFLOW_SECURITY_IDENTITY
        The Controller Permission named inflowSecurityIdentity, which is required where a SecurityIdentity is inflowed as-is bypassing local security.

      • PERFORM_IN_VM_CALL

        public static final ControllerPermission PERFORM_IN_VM_CALL
        The Controller Permission named performInVmCall, which should be used to perform an in-vm call.

    • Constructor Detail

      • ControllerPermission

        public ControllerPermission​(String name)
        Creates a new permission with the specified name. The name is the symbolic name of the permission, such as "createCaller", "getCurrentAccessAuditContext", etc.
        Parameters:
        name - the name of the permission.
        Throws:
        NullPointerException - if name is null.
        IllegalArgumentException - if name is not valid.

      • ControllerPermission

        public ControllerPermission​(String name,
                            String actions)
        Creates a new permission object with the specified name. The name is the symbolic name of the permission, and the actions String is currently unused and should be null.
        Parameters:
        name - the name of the permission.
        actions - should be null.
        Throws:
        NullPointerException - if name is null.
        IllegalArgumentException - if name and/or actions are not valid.