Class WritableAuthorizerConfiguration
- java.lang.Object
-
- org.jboss.as.controller.access.management.WritableAuthorizerConfiguration
-
- All Implemented Interfaces:
AuthorizerConfiguration,AccessConstraintUtilizationRegistry
public class WritableAuthorizerConfiguration extends Object implements AuthorizerConfiguration, AccessConstraintUtilizationRegistry
StandardAuthorizerConfigurationimplementation that also exposes mutator APIs for use by the WildFly management layer.- Author:
- Brian Stansberry (c) 2013 Red Hat Inc.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static classWritableAuthorizerConfiguration.MatchTypeTypes of matching strategies used inorg.jboss.as.controller.access.CallertoAuthorizerConfiguration.RoleMappingmapping.-
Nested classes/interfaces inherited from interface org.jboss.as.controller.access.AuthorizerConfiguration
AuthorizerConfiguration.MappingPrincipal, AuthorizerConfiguration.PrincipalType, AuthorizerConfiguration.RoleMapping, AuthorizerConfiguration.ScopedRole, AuthorizerConfiguration.ScopedRoleListener
-
-
Constructor Summary
Constructors Constructor Description WritableAuthorizerConfiguration(Authorizer.AuthorizerDescription authorizerDescription)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddRoleMapping(String roleName)Adds a new role to the list of defined roles.voidaddRoleMappingImmediate(String roleName)booleanaddRoleMappingPrincipal(String roleName, AuthorizerConfiguration.PrincipalType principalType, WritableAuthorizerConfiguration.MatchType matchType, String name, String realm, boolean immediate)voidaddScopedRole(AuthorizerConfiguration.ScopedRole toAdd)AuthorizerConfiguration.MappingPrincipalcreatePrincipal(AuthorizerConfiguration.PrincipalType principalType, String name, String realm)Map<PathAddress,AccessConstraintUtilization>getAccessConstraintUtilizations(AccessConstraintKey accessConstraintKey)Set<String>getAllRoles()Gets the names of the all roles used by the authorizer, including both built-in roles and roles added via end user configuration.CombinationPolicygetPermissionCombinationPolicy()Gets the policy for combining access control permissions when the configuration grants the user more than one type of permission for a given action.Map<String,AuthorizerConfiguration.RoleMapping>getRoleMappings()Gets the configured role mappings, keyed by the name of the role.Map<String,AuthorizerConfiguration.ScopedRole>getScopedRoles()Gets the configured scoped roles, keyed by the name of the role.Set<String>getStandardRoles()Gets the names of the "standard" "built-in" roles used by the authorizer.booleanhasRole(String roleName)Gets whether the currentset of rolescontains the given role, with the check performed using a case-insensitive algorithm.booleanisMapUsingIdentityRoles()Gets whether role mapping should use roles obtained from theSecurityIdentity.booleanisNonFacadeMBeansSensitive()Gets whether JMX calls to non-facade mbeans (i.e.booleanisRoleBased()Gets whether the authorizer uses a role-based authorization mechanism.voidregisterAccessConstraintAttributeUtilization(AccessConstraintKey key, PathAddress address, String attribute)voidregisterAccessConstraintOperationUtilization(AccessConstraintKey key, PathAddress address, String operation)voidregisterAccessConstraintResourceUtilization(AccessConstraintKey key, PathAddress address)voidregisterScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)Register a listener for changes in the configured scoped roles.ObjectremoveRoleMapping(String roleName)Remove a role from the list of defined roles.booleanremoveRoleMappingPrincipal(String roleName, AuthorizerConfiguration.PrincipalType principalType, WritableAuthorizerConfiguration.MatchType matchType, String name, String realm)voidremoveScopedRole(String toRemove)voidreset()Reset the internal state of this object back to what it originally was.voidsetPermissionCombinationPolicy(CombinationPolicy combinationPolicy)voidsetRoleMappingIncludeAll(String roleName, boolean includeAll)voidsetUseIdentityRoles(boolean useIdentityRoles)booleanundoRoleMappingRemove(Object removalKey)Undo a prior removal using the supplied undo key.voidunregisterAccessConstraintUtilizations(PathAddress address)voidunregisterScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)Unregister a listener for changes in the configured scoped roles.
-
-
-
Constructor Detail
-
WritableAuthorizerConfiguration
public WritableAuthorizerConfiguration(Authorizer.AuthorizerDescription authorizerDescription)
-
-
Method Detail
-
reset
public void reset()
Reset the internal state of this object back to what it originally was. Used then reloading a server or in a slave host controller following a post-boot reconnect to the master.
-
registerScopedRoleListener
public void registerScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)
Description copied from interface:AuthorizerConfigurationRegister a listener for changes in the configured scoped roles.- Specified by:
registerScopedRoleListenerin interfaceAuthorizerConfiguration- Parameters:
listener- the listener. Cannot benull
-
unregisterScopedRoleListener
public void unregisterScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)
Description copied from interface:AuthorizerConfigurationUnregister a listener for changes in the configured scoped roles.- Specified by:
unregisterScopedRoleListenerin interfaceAuthorizerConfiguration- Parameters:
listener- the listener. Cannot benull
-
getPermissionCombinationPolicy
public CombinationPolicy getPermissionCombinationPolicy()
Description copied from interface:AuthorizerConfigurationGets the policy for combining access control permissions when the configuration grants the user more than one type of permission for a given action. For example, in the standard WildFly access control system, a user may map to more than one role. This property would control how the permissions associated with those roles should be combined to make access control decisions.- Specified by:
getPermissionCombinationPolicyin interfaceAuthorizerConfiguration- Returns:
- the combination policy. Will not be
null.
-
isRoleBased
public boolean isRoleBased()
Description copied from interface:AuthorizerConfigurationGets whether the authorizer uses a role-based authorization mechanism.- Specified by:
isRoleBasedin interfaceAuthorizerConfiguration- Returns:
trueif a role-based mechanism is used;falseif not
-
isMapUsingIdentityRoles
public boolean isMapUsingIdentityRoles()
Description copied from interface:AuthorizerConfigurationGets whether role mapping should use roles obtained from theSecurityIdentity. Any configured exclusions are still checked. The configured inclusions will also be checked meaning additional roles may also be granted.- Specified by:
isMapUsingIdentityRolesin interfaceAuthorizerConfiguration- Returns:
trueif role
-
getStandardRoles
public Set<String> getStandardRoles()
Description copied from interface:AuthorizerConfigurationGets the names of the "standard" "built-in" roles used by the authorizer. A built-in role requires no end user configuration.- Specified by:
getStandardRolesin interfaceAuthorizerConfiguration- Returns:
- the standard role names. Will not be
null, but may be an empty set if roles are not used or no built-in roles are used.
-
getScopedRoles
public Map<String,AuthorizerConfiguration.ScopedRole> getScopedRoles()
Description copied from interface:AuthorizerConfigurationGets the configured scoped roles, keyed by the name of the role.- Specified by:
getScopedRolesin interfaceAuthorizerConfiguration- Returns:
- the scoped roles. Will not be
null
-
getAllRoles
public Set<String> getAllRoles()
Description copied from interface:AuthorizerConfigurationGets the names of the all roles used by the authorizer, including both built-in roles and roles added via end user configuration.- Specified by:
getAllRolesin interfaceAuthorizerConfiguration- Returns:
- the role names. Will not be
null, but may be an empty set if roles are not used or no built-in roles are used and no end user configured roles exist.
-
hasRole
public boolean hasRole(String roleName)
Description copied from interface:AuthorizerConfigurationGets whether the currentset of rolescontains the given role, with the check performed using a case-insensitive algorithm.- Specified by:
hasRolein interfaceAuthorizerConfiguration- Parameters:
roleName- the name of the role- Returns:
trueif the current role set includes an item thatequals ignoring casethe givenroleName
-
getRoleMappings
public Map<String,AuthorizerConfiguration.RoleMapping> getRoleMappings()
Description copied from interface:AuthorizerConfigurationGets the configured role mappings, keyed by the name of the role.- Specified by:
getRoleMappingsin interfaceAuthorizerConfiguration- Returns:
- the role mappings. Will not be
null
-
setUseIdentityRoles
public void setUseIdentityRoles(boolean useIdentityRoles)
-
addScopedRole
public void addScopedRole(AuthorizerConfiguration.ScopedRole toAdd)
-
removeScopedRole
public void removeScopedRole(String toRemove)
-
isNonFacadeMBeansSensitive
public boolean isNonFacadeMBeansSensitive()
Description copied from interface:AuthorizerConfigurationGets whether JMX calls to non-facade mbeans (i.e. those that result in invocations toAuthorizer#authorizeJmxOperation(Caller, Environment, JmxAction)) should be treated as 'sensitive'.- Specified by:
isNonFacadeMBeansSensitivein interfaceAuthorizerConfiguration- Returns:
trueif non-facade mbean calls are sensitive;falseotherwise
-
addRoleMappingImmediate
public void addRoleMappingImmediate(String roleName)
-
addRoleMapping
public void addRoleMapping(String roleName)
Adds a new role to the list of defined roles.- Parameters:
roleName- - The name of the role being added.
-
removeRoleMapping
public Object removeRoleMapping(String roleName)
Remove a role from the list of defined roles.- Parameters:
roleName- - The name of the role to be removed.- Returns:
- A key that can be used to undo the removal.
-
undoRoleMappingRemove
public boolean undoRoleMappingRemove(Object removalKey)
Undo a prior removal using the supplied undo key.- Parameters:
removalKey- - The key returned from the call to removeRoleMapping.- Returns:
- true if the undo was successful, false otherwise.
-
setRoleMappingIncludeAll
public void setRoleMappingIncludeAll(String roleName, boolean includeAll)
-
addRoleMappingPrincipal
public boolean addRoleMappingPrincipal(String roleName, AuthorizerConfiguration.PrincipalType principalType, WritableAuthorizerConfiguration.MatchType matchType, String name, String realm, boolean immediate)
-
removeRoleMappingPrincipal
public boolean removeRoleMappingPrincipal(String roleName, AuthorizerConfiguration.PrincipalType principalType, WritableAuthorizerConfiguration.MatchType matchType, String name, String realm)
-
createPrincipal
public AuthorizerConfiguration.MappingPrincipal createPrincipal(AuthorizerConfiguration.PrincipalType principalType, String name, String realm)
-
setPermissionCombinationPolicy
public void setPermissionCombinationPolicy(CombinationPolicy combinationPolicy)
-
getAccessConstraintUtilizations
public Map<PathAddress,AccessConstraintUtilization> getAccessConstraintUtilizations(AccessConstraintKey accessConstraintKey)
- Specified by:
getAccessConstraintUtilizationsin interfaceAccessConstraintUtilizationRegistry
-
registerAccessConstraintResourceUtilization
public void registerAccessConstraintResourceUtilization(AccessConstraintKey key, PathAddress address)
- Specified by:
registerAccessConstraintResourceUtilizationin interfaceAccessConstraintUtilizationRegistry
-
registerAccessConstraintAttributeUtilization
public void registerAccessConstraintAttributeUtilization(AccessConstraintKey key, PathAddress address, String attribute)
- Specified by:
registerAccessConstraintAttributeUtilizationin interfaceAccessConstraintUtilizationRegistry
-
registerAccessConstraintOperationUtilization
public void registerAccessConstraintOperationUtilization(AccessConstraintKey key, PathAddress address, String operation)
- Specified by:
registerAccessConstraintOperationUtilizationin interfaceAccessConstraintUtilizationRegistry
-
unregisterAccessConstraintUtilizations
public void unregisterAccessConstraintUtilizations(PathAddress address)
- Specified by:
unregisterAccessConstraintUtilizationsin interfaceAccessConstraintUtilizationRegistry
-
-