Package org.jboss.as.controller.access.rbac

Class StandardRoleMapper

    • Method Detail

      • mapRoles

        public Set<String> mapRoles​(org.wildfly.security.auth.server.SecurityIdentity identity,
                            Environment callEnvironment,
                            Action action,
                            TargetAttribute attribute)
        Description copied from interface: RoleMapper
        Determine the roles available for the caller for a management operation affecting an individual attribute.
        Specified by:
        mapRoles in interface RoleMapper
        Parameters:
        identity - the caller identity. Cannot be null
        callEnvironment - the call environment. Cannot be null
        action - the action being authorized. Cannot be null
        attribute - the target of the action. Cannot be null
        Returns:
        the roles. Will not be null, but may be an empty set

      • mapRoles

        public Set<String> mapRoles​(org.wildfly.security.auth.server.SecurityIdentity identity,
                            Environment callEnvironment,
                            Action action,
                            TargetResource resource)
        Description copied from interface: RoleMapper
        Determine the roles available for the caller for a management operation affecting an entire resource.
        Specified by:
        mapRoles in interface RoleMapper
        Parameters:
        identity - the caller identity. Cannot be null
        callEnvironment - the call environment. Cannot be null
        action - the action being authorized. Cannot be null
        resource - the target of the action. Cannot be null
        Returns:
        the roles. Will not be null, but may be an empty set

      • mapRoles

        public Set<String> mapRoles​(org.wildfly.security.auth.server.SecurityIdentity identity,
                            Environment callEnvironment,
                            JmxAction action,
                            JmxTarget target)
        Description copied from interface: RoleMapper
        Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.
        Specified by:
        mapRoles in interface RoleMapper
        Parameters:
        identity - the caller identity. Cannot be null
        callEnvironment - the call environment. Cannot be null
        action - the action being authorized. Cannot be null
        target - the target of the action. Cannot be null
        Returns:
        the roles. Will not be null, but may be an empty set

      • mapRoles

        public Set<String> mapRoles​(org.wildfly.security.auth.server.SecurityIdentity identity,
                            Environment callEnvironment,
                            Set<String> operationHeaderRoles)
        Description copied from interface: RoleMapper
        Determine the roles available for the caller without reference to a particular action or target. Note that actually mapping a caller to roles without reference to a particular action or target is not required.
        Specified by:
        mapRoles in interface RoleMapper
        Parameters:
        identity - the caller identity. Cannot be null
        callEnvironment - the call environment. Cannot be null
        operationHeaderRoles - any roles specified as headers in the operation. May be null
        Returns:
        the roles. Will not be null, but may be an empty set

      • canRunAs

        public boolean canRunAs​(Set<String> mappedRoles,
                        String runAsRole)
        Description copied from interface: RoleMapper
        Gets whether the given set of mapped roles provides a caller with the privilege to run as the given "runAsRole".
        Specified by:
        canRunAs in interface RoleMapper
        Parameters:
        mappedRoles - a set of roles obtained from a call to one of this mapper's mapRoles methods
        runAsRole - the role the caller wishes to run as
        Returns:
        true if running as runAsRole is allowed