public class RunAsRoleMapper extends Object implements RoleMapper
RoleMapper that allows clients to specify the roles they desire to run as. By default this RoleMapper Reads
the set of roles from a request headers in the operation, allowing the client to completely control the mapping. Roles are
stored as a ModelNode of type ModelType.LIST, elements of ModelType.STRING, under operation.get("operation-headers",
"roles"). If no such header is found, the user is SUPERUSER. IF the list is empty, the user has no permissions.
This RoleMapper can be extended to allow the ability to run as different roles to be checked.| Constructor and Description |
|---|
RunAsRoleMapper(RoleMapper realRoleMapper) |
| Modifier and Type | Method and Description |
|---|---|
boolean |
canRunAs(Set<String> mappedRoles,
String runAsRole)
Gets whether the given set of mapped roles provides a caller with the privilege to run as the given
"
runAsRole". |
static Set<String> |
getOperationHeaderRoles(org.jboss.dmr.ModelNode operation) |
Set<String> |
mapRoles(Caller caller,
Environment callEnvironment,
Action action,
TargetAttribute attribute)
Determine the roles available for the caller for a management operation affecting an individual attribute.
|
Set<String> |
mapRoles(Caller caller,
Environment callEnvironment,
Action action,
TargetResource resource)
Determine the roles available for the caller for a management operation affecting an entire resource.
|
Set<String> |
mapRoles(Caller caller,
Environment callEnvironment,
JmxAction action,
JmxTarget target)
Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.
|
Set<String> |
mapRoles(Caller caller,
Environment callEnvironment,
Set<String> operationHeaderRoles)
Determine the roles available for the caller without reference to a particular action or target.
|
public RunAsRoleMapper(RoleMapper realRoleMapper)
public Set<String> mapRoles(Caller caller, Environment callEnvironment, Action action, TargetAttribute attribute)
RoleMappermapRoles in interface RoleMappercaller - the caller. Cannot be nullcallEnvironment - the call environment. Cannot be nullaction - the action being authorized. Cannot be nullattribute - the target of the action. Cannot be nullnull, but may be an empty setpublic Set<String> mapRoles(Caller caller, Environment callEnvironment, Action action, TargetResource resource)
RoleMappermapRoles in interface RoleMappercaller - the caller. Cannot be nullcallEnvironment - the call environment. Cannot be nullaction - the action being authorized. Cannot be nullresource - the target of the action. Cannot be nullnull, but may be an empty setpublic Set<String> mapRoles(Caller caller, Environment callEnvironment, JmxAction action, JmxTarget target)
RoleMappermapRoles in interface RoleMappercaller - the caller. Cannot be nullcallEnvironment - the call environment. Cannot be nullaction - the action being authorized. Cannot be nulltarget - the target of the action. Cannot be nullnull, but may be an empty setpublic Set<String> mapRoles(Caller caller, Environment callEnvironment, Set<String> operationHeaderRoles)
RoleMappermapRoles in interface RoleMappercaller - the caller. Cannot be nullcallEnvironment - the call environment. Cannot be nulloperationHeaderRoles - any roles specified as headers in the operation. May be nullnull, but may be an empty setpublic boolean canRunAs(Set<String> mappedRoles, String runAsRole)
RoleMapperrunAsRole".canRunAs in interface RoleMappermappedRoles - a set of roles obtained from a call to one of this mapper's mapRoles methodsrunAsRole - the role the caller wishes to run astrue if running as runAsRole is allowedCopyright © 2017 JBoss by Red Hat. All rights reserved.