Package org.jboss.as.controller
Interface ModelControllerClientFactory
-
public interface ModelControllerClientFactory
Factory for obtaining aModelControllerClient
for use in the same VM as the targetModelController
.- Author:
- Brian Stansberry
-
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description LocalModelControllerClient
createClient(Executor executor)
Create an in-VM client whose operations are executed with authorization checks performed based on the security identity that is associated with the calling thread when the client is invoked.default LocalModelControllerClient
createSuperUserClient(Executor executor)
Create an in-VM client whose operations are executed as if they were invoked by a user in the RBACSuperUser
role, regardless of any security identity that is or isn't associated with the calling thread when the client is invoked.LocalModelControllerClient
createSuperUserClient(Executor executor, boolean forUserCalls)
Create an in-VM client whose operations are executed as if they were invoked by a user in the RBACSuperUser
role, regardless of any security identity that is or isn't associated with the calling thread when the client is invoked.
-
-
-
Method Detail
-
createClient
LocalModelControllerClient createClient(Executor executor)
Create an in-VM client whose operations are executed with authorization checks performed based on the security identity that is associated with the calling thread when the client is invoked. Operations are not automatically treated as if invoked by a user in the RBACSuperUser
role, and thus may be rejected due to failed authorization checks.- Parameters:
executor
- the executor to use for asynchronous operation execution. Cannot benull
- Returns:
- the client. Will not return
null
- Throws:
SecurityException
- if the caller does not have theCAN_ACCESS_MODEL_CONTROLLER
permission
-
createSuperUserClient
default LocalModelControllerClient createSuperUserClient(Executor executor)
Create an in-VM client whose operations are executed as if they were invoked by a user in the RBACSuperUser
role, regardless of any security identity that is or isn't associated with the calling thread when the client is invoked. This client generally should not be used to handle requests from external callers, and if it is used great care should be taken to ensure such use is not suborning the intended access control scheme.In a VM with a
SecurityManager
installed, invocations against the returned client can only occur from a calling context with thePERFORM_IN_VM_CALL
permission. Without this permission aSecurityException
will be thrown.Calling this method is equivalent to a call to
createSuperUserClient(executor, false)
.- Parameters:
executor
- the executor to use for asynchronous operation execution. Cannot benull
- Returns:
- the client. Will not return
null
- Throws:
SecurityException
- if the caller does not have theCAN_ACCESS_MODEL_CONTROLLER
permission
-
createSuperUserClient
LocalModelControllerClient createSuperUserClient(Executor executor, boolean forUserCalls)
Create an in-VM client whose operations are executed as if they were invoked by a user in the RBACSuperUser
role, regardless of any security identity that is or isn't associated with the calling thread when the client is invoked. This client generally should not be used to handle requests from external callers, and if it is used great care should be taken to ensure such use is not suborning the intended access control scheme.In a VM with a
SecurityManager
installed, invocations against the returned client can only occur from a calling context with thePERFORM_IN_VM_CALL
permission. Without this permission aSecurityException
will be thrown.- Parameters:
executor
- the executor to use for asynchronous operation execution. Cannot benull
forUserCalls
- iftrue
the operation executed by this client should be regarded as coming from an end user. For example, such operations cannot targetOperationEntry.EntryType.PRIVATE
operations- Returns:
- the client. Will not return
null
- Throws:
SecurityException
- if the caller does not have theCAN_ACCESS_MODEL_CONTROLLER
permission
-
-