org.jboss.as.controller.access.management

Class DelegatingConfigurableAuthorizer

java.lang.Object

org.jboss.as.controller.access.management.DelegatingConfigurableAuthorizer

All Implemented Interfaces:

Authorizer, JmxAuthorizer

public final class DelegatingConfigurableAuthorizer
extends Object
implements JmxAuthorizer

A Authorizer that delegates to another. Used for initial boot to allow an instance of this class to be provided to the ModelController but then have the functional implementation swapped out when boot proceeds to the point where the user-configured authorizer is available.

Author:

Brian Stansberry (c) 2013 Red Hat Inc.

Nested Class Summary

Nested classes/interfaces inherited from interface org.jboss.as.controller.access.Authorizer

Authorizer.AuthorizerDescription

Constructor Summary

Constructors

Constructor and Description
DelegatingConfigurableAuthorizer()

Method Summary

Modifier and Type	Method and Description
AuthorizationResult	authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute target) Authorize a management operation affecting an individual attribute.
AuthorizationResult	authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource target) Authorize a management operation affecting an entire resource.
AuthorizationResult	authorizeJmxOperation(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target) Authorize a JMX operation.
Set<String>	getCallerRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> runAsRoles) Gets the set of roles the caller can run as taking into account any requested 'run as' roles.
Authorizer.AuthorizerDescription	getDescription() Gets a description of the characteristics of this authorizer
WritableAuthorizerConfiguration	getWritableAuthorizerConfiguration()
boolean	isNonFacadeMBeansSensitive() Gets whether JMX calls to non-facade mbeans (i.e.
void	setDelegate(Authorizer delegate)
void	setNonFacadeMBeansSensitive(boolean sensitive) Sets whether JMX calls to non-facade mbeans (i.e.
void	shutdown()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DelegatingConfigurableAuthorizer

public DelegatingConfigurableAuthorizer()

Method Detail

getWritableAuthorizerConfiguration

public WritableAuthorizerConfiguration getWritableAuthorizerConfiguration()

setDelegate

public void setDelegate(Authorizer delegate)

getCallerRoles

public Set<String> getCallerRoles(org.wildfly.security.auth.server.SecurityIdentity identity,
                                  Environment callEnvironment,
                                  Set<String> runAsRoles)

Description copied from interface: Authorizer

Gets the set of roles the caller can run as taking into account any requested 'run as' roles.

Specified by:

getCallerRoles in interface Authorizer

Parameters:

identity - the caller identity. Cannot be null

callEnvironment - the call environment. Cannot be null

runAsRoles - any requested 'run as' roles. May be null

Returns:

The set of roles assigned to the caller; an empty set will be returned if no roles are assigned or null will be returned if the access control provider does not support role mapping.

getDescription

public Authorizer.AuthorizerDescription getDescription()

Description copied from interface: Authorizer

Gets a description of the characteristics of this authorizer

Specified by:

getDescription in interface Authorizer

Returns:

the description. Cannot be null

authorize

public AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity,
                                     Environment callEnvironment,
                                     Action action,
                                     TargetAttribute target)

Description copied from interface: Authorizer

Authorize a management operation affecting an individual attribute.

Specified by:

authorize in interface Authorizer

Parameters:

identity - the caller identity. Cannot be null

callEnvironment - the call environment. Cannot be null

action - the action being authorized. Cannot be null

target - the target of the action. Cannot be null

Returns:

the authorization result. Will not be null

authorize

public AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity,
                                     Environment callEnvironment,
                                     Action action,
                                     TargetResource target)

Description copied from interface: Authorizer

Authorize a management operation affecting an entire resource.

Specified by:

authorize in interface Authorizer

Parameters:

identity - the identity. Cannot be null

callEnvironment - the call environment. Cannot be null

action - the action being authorized. Cannot be null

target - the target of the action. Cannot be null

Returns:

the authorization result. Will not be null

authorizeJmxOperation

public AuthorizationResult authorizeJmxOperation(org.wildfly.security.auth.server.SecurityIdentity identity,
                                                 Environment callEnvironment,
                                                 JmxAction action,
                                                 JmxTarget target)

Description copied from interface: Authorizer

Authorize a JMX operation. This operation should NOT be called for the management facade MBeans

Specified by:

authorizeJmxOperation in interface Authorizer

Parameters:

identity - the caller identity. Cannot be null

callEnvironment - the call environment. Cannot be null

action - the action being authorized. Cannot be null

target - the target of the action. Cannot be null

Returns:

the authorization result. Will not be null

setNonFacadeMBeansSensitive

public void setNonFacadeMBeansSensitive(boolean sensitive)

Description copied from interface: JmxAuthorizer

Sets whether JMX calls to non-facade mbeans (i.e. those that result in invocations to Authorizer#authorizeJmxOperation(org.jboss.as.controller.access.Caller, org.jboss.as.controller.access.Environment, org.jboss.as.controller.access.JmxAction, org.jboss.as.controller.access.JmxTarget)) should be treated as 'sensitive'.

Specified by:

setNonFacadeMBeansSensitive in interface JmxAuthorizer

Parameters:

sensitive - true if non-facade mbean calls are sensitive; false otherwise

shutdown

public void shutdown()

isNonFacadeMBeansSensitive

public boolean isNonFacadeMBeansSensitive()

Description copied from interface: JmxAuthorizer

Gets whether JMX calls to non-facade mbeans (i.e. those that result in invocations to Authorizer#authorizeJmxOperation(org.jboss.as.controller.access.Caller, org.jboss.as.controller.access.Environment, org.jboss.as.controller.access.JmxAction, org.jboss.as.controller.access.JmxTarget)) should be treated as 'sensitive'.

Specified by:

isNonFacadeMBeansSensitive in interface JmxAuthorizer

Returns:

true if non-facade mbean calls are sensitive; false otherwise