RoleMapper (WildFly: Controller Core 17.0.3.Final API)

All Known Implementing Classes:

RunAsRoleMapper, StandardRoleMapper, SuperUserRoleMapper
```
public interface RoleMapper
```
Determines the set of roles applicable for a management request.

Author:

Brian Stansberry (c) 2013 Red Hat Inc.

Method Summary

All Methods Instance Methods Abstract Methods
Modifier and Type	Method and Description
`boolean`	`canRunAs(Set<String> mappedRoles, String runAsRole)` Gets whether the given set of mapped roles provides a caller with the privilege to run as the given "`runAsRole`".
`Set<String>`	`mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute attribute)` Determine the roles available for the caller for a management operation affecting an individual attribute.
`Set<String>`	`mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource resource)` Determine the roles available for the caller for a management operation affecting an entire resource.
`Set<String>`	`mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)` Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.
`Set<String>`	`mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> operationHeaderRoles)` Determine the roles available for the caller without reference to a particular action or target.

- Method Detail
  - mapRoles
```
Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity,
                     Environment callEnvironment,
                     Action action,
                     TargetAttribute attribute)
```
    Determine the roles available for the caller for a management operation affecting an individual attribute.
    
    Parameters:
    
    identity - the caller identity. Cannot be null
    
    callEnvironment - the call environment. Cannot be null
    
    action - the action being authorized. Cannot be null
    
    attribute - the target of the action. Cannot be null
    
    Returns:
    
    the roles. Will not be null, but may be an empty set
  - mapRoles
```
Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity,
                     Environment callEnvironment,
                     Action action,
                     TargetResource resource)
```
    Determine the roles available for the caller for a management operation affecting an entire resource.
    
    Parameters:
    
    identity - the caller identity. Cannot be null
    
    callEnvironment - the call environment. Cannot be null
    
    action - the action being authorized. Cannot be null
    
    resource - the target of the action. Cannot be null
    
    Returns:
    
    the roles. Will not be null, but may be an empty set
  - mapRoles
```
Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity,
                     Environment callEnvironment,
                     JmxAction action,
                     JmxTarget target)
```
    Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.
    
    Parameters:
    
    identity - the caller identity. Cannot be null
    
    callEnvironment - the call environment. Cannot be null
    
    action - the action being authorized. Cannot be null
    
    target - the target of the action. Cannot be null
    
    Returns:
    
    the roles. Will not be null, but may be an empty set
  - mapRoles
```
Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity,
                     Environment callEnvironment,
                     Set<String> operationHeaderRoles)
```
    Determine the roles available for the caller without reference to a particular action or target. Note that actually mapping a caller to roles without reference to a particular action or target is not required.
    
    Parameters:
    
    identity - the caller identity. Cannot be null
    
    callEnvironment - the call environment. Cannot be null
    
    operationHeaderRoles - any roles specified as headers in the operation. May be null
    
    Returns:
    
    the roles. Will not be null, but may be an empty set
  - canRunAs
```
boolean canRunAs(Set<String> mappedRoles,
                 String runAsRole)
```
    Gets whether the given set of mapped roles provides a caller with the privilege to run as the given "runAsRole".
    
    Parameters:
    
    mappedRoles - a set of roles obtained from a call to one of this mapper's mapRoles methods
    
    runAsRole - the role the caller wishes to run as
    
    Returns:
    
    true if running as runAsRole is allowed
    
    Throws:
    
    UnknowRoleException - when the runAsRole isn't defined.

Interface RoleMapper

Method Summary

Method Detail

mapRoles

mapRoles

mapRoles

mapRoles

canRunAs