Class ManagementPermissionAuthorizer
- java.lang.Object
-
- org.jboss.as.controller.access.permission.ManagementPermissionAuthorizer
-
- All Implemented Interfaces:
Authorizer
- Direct Known Subclasses:
StandardRBACAuthorizer
public class ManagementPermissionAuthorizer extends Object implements Authorizer
- Author:
- Brian Stansberry (c) 2013 Red Hat Inc.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from interface org.jboss.as.controller.access.Authorizer
Authorizer.AuthorizerDescription
-
-
Constructor Summary
Constructors Constructor Description ManagementPermissionAuthorizer(PermissionFactory permissionFactory)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description AuthorizationResult
authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute target)
Authorize a management operation affecting an individual attribute.AuthorizationResult
authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource target)
Authorize a management operation affecting an entire resource.AuthorizationResult
authorizeJmxOperation(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
Authorize a JMX operation.Set<String>
getCallerRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> runAsRoles)
Gets the set of roles the caller can run as taking into account any requested 'run as' roles.Authorizer.AuthorizerDescription
getDescription()
Gets a description of the characteristics of this authorizer
-
-
-
Constructor Detail
-
ManagementPermissionAuthorizer
public ManagementPermissionAuthorizer(PermissionFactory permissionFactory)
-
-
Method Detail
-
getDescription
public Authorizer.AuthorizerDescription getDescription()
Description copied from interface:Authorizer
Gets a description of the characteristics of this authorizer- Specified by:
getDescription
in interfaceAuthorizer
- Returns:
- the description. Cannot be
null
-
authorize
public AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute target)
Description copied from interface:Authorizer
Authorize a management operation affecting an individual attribute.- Specified by:
authorize
in interfaceAuthorizer
- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
target
- the target of the action. Cannot benull
- Returns:
- the authorization result. Will not be
null
-
authorize
public AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource target)
Description copied from interface:Authorizer
Authorize a management operation affecting an entire resource.- Specified by:
authorize
in interfaceAuthorizer
- Parameters:
identity
- the identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
target
- the target of the action. Cannot benull
- Returns:
- the authorization result. Will not be
null
-
authorizeJmxOperation
public AuthorizationResult authorizeJmxOperation(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
Description copied from interface:Authorizer
Authorize a JMX operation. This operation should NOT be called for the management facade MBeans- Specified by:
authorizeJmxOperation
in interfaceAuthorizer
- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
action
- the action being authorized. Cannot benull
target
- the target of the action. Cannot benull
- Returns:
- the authorization result. Will not be
null
-
getCallerRoles
public Set<String> getCallerRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> runAsRoles)
Description copied from interface:Authorizer
Gets the set of roles the caller can run as taking into account any requested 'run as' roles.- Specified by:
getCallerRoles
in interfaceAuthorizer
- Parameters:
identity
- the caller identity. Cannot benull
callEnvironment
- the call environment. Cannot benull
runAsRoles
- any requested 'run as' roles. May benull
- Returns:
- The set of roles assigned to the caller; an empty set will be returned if no roles are assigned or
null
will be returned if the access control provider does not support role mapping.
-
-