org.jboss.as.controller.access

Interface Authorizer

All Known Subinterfaces:

CustomAuthorizer, JmxAuthorizer

All Known Implementing Classes:

DelegatingConfigurableAuthorizer, ManagementPermissionAuthorizer, StandardRBACAuthorizer

public interface Authorizer

Interface exposed by the enforcement point in a WildFly access control system.

Author:

Brian Stansberry (c) 2013 Red Hat Inc.

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static interface	Authorizer.AuthorizerDescription Description of standard information about the custom authorizer.

Method Summary

Methods

Modifier and Type	Method and Description
AuthorizationResult	authorize(Caller caller, Environment callEnvironment, Action action, TargetAttribute target) Authorize a management operation affecting an individual attribute.
AuthorizationResult	authorize(Caller caller, Environment callEnvironment, Action action, TargetResource target) Authorize a management operation affecting an entire resource.
AuthorizationResult	authorizeJmxOperation(Caller caller, Environment callEnvironment, JmxAction action) Authorize a JMX operation.
Set<String>	getCallerRoles(Caller caller, Environment callEnvironment, Set<String> runAsRoles) Gets the set of roles the caller can run as taking into account any requested 'run as' roles.
Authorizer.AuthorizerDescription	getDescription() Gets a description of the characteristics of this authorizer

Method Detail

getDescription

Authorizer.AuthorizerDescription getDescription()

Gets a description of the characteristics of this authorizer

Returns:

the description. Cannot be null

authorize

AuthorizationResult authorize(Caller caller,
                            Environment callEnvironment,
                            Action action,
                            TargetAttribute target)

Authorize a management operation affecting an individual attribute.

Parameters:

caller - the caller. Cannot be null

callEnvironment - the call environment. Cannot be null

action - the action being authorized. Cannot be null

target - the target of the action. Cannot be null

Returns:

the authorization result. Will not be null

authorize

AuthorizationResult authorize(Caller caller,
                            Environment callEnvironment,
                            Action action,
                            TargetResource target)

Authorize a management operation affecting an entire resource.

Parameters:

caller - the caller. Cannot be null

callEnvironment - the call environment. Cannot be null

action - the action being authorized. Cannot be null

target - the target of the action. Cannot be null

Returns:

the authorization result. Will not be null

authorizeJmxOperation

AuthorizationResult authorizeJmxOperation(Caller caller,
                                        Environment callEnvironment,
                                        JmxAction action)

Authorize a JMX operation. This operation should NOT be called for the non-management facade MBeans

Parameters:

caller - the caller. Cannot be null

callEnvironment - the call environment. Cannot be null

action - the action being authorized. Cannot be null

Returns:

the authorization result. Will not be null

getCallerRoles

Set<String> getCallerRoles(Caller caller,
                         Environment callEnvironment,
                         Set<String> runAsRoles)

Gets the set of roles the caller can run as taking into account any requested 'run as' roles.

Parameters:

caller - the caller. Cannot be null

callEnvironment - the call environment. Cannot be null

runAsRoles - any requested 'run as' roles. May be null

Returns:

The set of roles assigned to the caller; an empty set will be returned if no roles are assigned or null will be returned if the access control provider does not support role mapping.