Package org.jboss.as.controller.access
Interface AuthorizerConfiguration
-
- All Known Implementing Classes:
WritableAuthorizerConfiguration
public interface AuthorizerConfiguration
Encapsulates the current configuration of all aspects of the access control system that are available toAuthorizer
implementations.The results of changes to the access control configuration made via the WildFly management layer will be made available here.
-
-
Nested Class Summary
Nested Classes Modifier and Type Interface Description static interface
AuthorizerConfiguration.MappingPrincipal
Encapsulates the notion of a principal used inCaller
toAuthorizerConfiguration.RoleMapping
mapping.static class
AuthorizerConfiguration.PrincipalType
Types ofAuthorizerConfiguration.MappingPrincipal
s used inCaller
toAuthorizerConfiguration.RoleMapping
mapping.static interface
AuthorizerConfiguration.RoleMapping
Encapsulates the notion of a role to which a caller can be mapped.static class
AuthorizerConfiguration.ScopedRole
Encapsulates configuration information for a scoped role.static interface
AuthorizerConfiguration.ScopedRoleListener
Listener for changes to the configured scoped roles.
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description Set<String>
getAllRoles()
Gets the names of the all roles used by the authorizer, including both built-in roles and roles added via end user configuration.CombinationPolicy
getPermissionCombinationPolicy()
Gets the policy for combining access control permissions when the configuration grants the user more than one type of permission for a given action.Map<String,AuthorizerConfiguration.RoleMapping>
getRoleMappings()
Gets the configured role mappings, keyed by the name of the role.Map<String,AuthorizerConfiguration.ScopedRole>
getScopedRoles()
Gets the configured scoped roles, keyed by the name of the role.Set<String>
getStandardRoles()
Gets the names of the "standard" "built-in" roles used by the authorizer.boolean
hasRole(String roleName)
Gets whether the currentset of roles
contains the given role, with the check performed using a case-insensitive algorithm.boolean
isMapUsingIdentityRoles()
Gets whether role mapping should use roles obtained from theSecurityIdentity
.boolean
isNonFacadeMBeansSensitive()
Gets whether JMX calls to non-facade mbeans (i.e.boolean
isRoleBased()
Gets whether the authorizer uses a role-based authorization mechanism.void
registerScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)
Register a listener for changes in the configured scoped roles.void
unregisterScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)
Unregister a listener for changes in the configured scoped roles.
-
-
-
Method Detail
-
getPermissionCombinationPolicy
CombinationPolicy getPermissionCombinationPolicy()
Gets the policy for combining access control permissions when the configuration grants the user more than one type of permission for a given action. For example, in the standard WildFly access control system, a user may map to more than one role. This property would control how the permissions associated with those roles should be combined to make access control decisions.- Returns:
- the combination policy. Will not be
null
.
-
isRoleBased
boolean isRoleBased()
Gets whether the authorizer uses a role-based authorization mechanism.- Returns:
true
if a role-based mechanism is used;false
if not
-
getStandardRoles
Set<String> getStandardRoles()
Gets the names of the "standard" "built-in" roles used by the authorizer. A built-in role requires no end user configuration.- Returns:
- the standard role names. Will not be
null
, but may be an empty set if roles are not used or no built-in roles are used.
-
getScopedRoles
Map<String,AuthorizerConfiguration.ScopedRole> getScopedRoles()
Gets the configured scoped roles, keyed by the name of the role.- Returns:
- the scoped roles. Will not be
null
-
getAllRoles
Set<String> getAllRoles()
Gets the names of the all roles used by the authorizer, including both built-in roles and roles added via end user configuration.- Returns:
- the role names. Will not be
null
, but may be an empty set if roles are not used or no built-in roles are used and no end user configured roles exist.
-
hasRole
boolean hasRole(String roleName)
Gets whether the currentset of roles
contains the given role, with the check performed using a case-insensitive algorithm.- Parameters:
roleName
- the name of the role- Returns:
true
if the current role set includes an item thatequals ignoring case
the givenroleName
-
getRoleMappings
Map<String,AuthorizerConfiguration.RoleMapping> getRoleMappings()
Gets the configured role mappings, keyed by the name of the role.- Returns:
- the role mappings. Will not be
null
-
isMapUsingIdentityRoles
boolean isMapUsingIdentityRoles()
Gets whether role mapping should use roles obtained from theSecurityIdentity
. Any configured exclusions are still checked. The configured inclusions will also be checked meaning additional roles may also be granted.- Returns:
true
if role
-
isNonFacadeMBeansSensitive
boolean isNonFacadeMBeansSensitive()
Gets whether JMX calls to non-facade mbeans (i.e. those that result in invocations toAuthorizer#authorizeJmxOperation(Caller, Environment, JmxAction)
) should be treated as 'sensitive'.- Returns:
true
if non-facade mbean calls are sensitive;false
otherwise
-
registerScopedRoleListener
void registerScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)
Register a listener for changes in the configured scoped roles.- Parameters:
listener
- the listener. Cannot benull
-
unregisterScopedRoleListener
void unregisterScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)
Unregister a listener for changes in the configured scoped roles.- Parameters:
listener
- the listener. Cannot benull
-
-