Package org.jboss.as.controller.access.permission

Class ManagementPermissionAuthorizer

java.lang.Object

org.jboss.as.controller.access.permission.ManagementPermissionAuthorizer

All Implemented Interfaces:

Authorizer

Direct Known Subclasses:

StandardRBACAuthorizer

public class ManagementPermissionAuthorizer
extends Object
implements Authorizer

Authorizer based on ManagementPermissions configured by a PermissionFactory.

Author:

Brian Stansberry (c) 2013 Red Hat Inc.

Nested Class Summary

Nested classes/interfaces inherited from interface org.jboss.as.controller.access.Authorizer

Authorizer.AuthorizerDescription

Constructor Summary

Constructors

Constructor	Description
ManagementPermissionAuthorizer(PermissionFactory permissionFactory)

Method Summary

Modifier and Type	Method	Description
AuthorizationResult	authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute target)	Authorize a management operation affecting an individual attribute.
AuthorizationResult	authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource target)	Authorize a management operation affecting an entire resource.
AuthorizationResult	authorizeJmxOperation(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)	Authorize a JMX operation.
Set<String>	getCallerRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> runAsRoles)	Gets the set of roles the caller can run as taking into account any requested 'run as' roles.
Authorizer.AuthorizerDescription	getDescription()	Gets a description of the characteristics of this authorizer

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ManagementPermissionAuthorizer

public ManagementPermissionAuthorizer(PermissionFactory permissionFactory)

Method Detail

getDescription

public Authorizer.AuthorizerDescription getDescription()

Description copied from interface: Authorizer

Gets a description of the characteristics of this authorizer

Specified by:

getDescription in interface Authorizer

Returns:

the description. Cannot be null

authorize

public AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity,
                                     Environment callEnvironment,
                                     Action action,
                                     TargetAttribute target)

Description copied from interface: Authorizer

Authorize a management operation affecting an individual attribute.

Specified by:

authorize in interface Authorizer

Parameters:

identity - the caller identity. Cannot be null

callEnvironment - the call environment. Cannot be null

action - the action being authorized. Cannot be null

target - the target of the action. Cannot be null

Returns:

the authorization result. Will not be null

authorize

public AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity,
                                     Environment callEnvironment,
                                     Action action,
                                     TargetResource target)

Description copied from interface: Authorizer

Authorize a management operation affecting an entire resource.

Specified by:

authorize in interface Authorizer

Parameters:

identity - the identity. Cannot be null

callEnvironment - the call environment. Cannot be null

action - the action being authorized. Cannot be null

target - the target of the action. Cannot be null

Returns:

the authorization result. Will not be null

authorizeJmxOperation

public AuthorizationResult authorizeJmxOperation(org.wildfly.security.auth.server.SecurityIdentity identity,
                                                 Environment callEnvironment,
                                                 JmxAction action,
                                                 JmxTarget target)

Description copied from interface: Authorizer

Authorize a JMX operation. This operation should NOT be called for the management facade MBeans

Specified by:

authorizeJmxOperation in interface Authorizer

Parameters:

identity - the caller identity. Cannot be null

callEnvironment - the call environment. Cannot be null

action - the action being authorized. Cannot be null

target - the target of the action. Cannot be null

Returns:

the authorization result. Will not be null

getCallerRoles

public Set<String> getCallerRoles(org.wildfly.security.auth.server.SecurityIdentity identity,
                                  Environment callEnvironment,
                                  Set<String> runAsRoles)

Description copied from interface: Authorizer

Gets the set of roles the caller can run as taking into account any requested 'run as' roles.

Specified by:

getCallerRoles in interface Authorizer

Parameters:

identity - the caller identity. Cannot be null

callEnvironment - the call environment. Cannot be null

runAsRoles - any requested 'run as' roles. May be null

Returns:

The set of roles assigned to the caller; an empty set will be returned if no roles are assigned or null will be returned if the access control provider does not support role mapping.