Package org.jboss.as.controller

Class AccessAuditContext

java.lang.Object
org.jboss.as.controller.AccessAuditContext
public class AccessAuditContext extends Object
The context used to store state related to access control and auditing for the current invocation.
Author:
Darran Lofthouse

  • Method Details

    • getSecurityIdentity

      public org.wildfly.security.auth.server.SecurityIdentity getSecurityIdentity()
      Get the SecurityIdentity associated with this AccessAuditContext. This provides a way for the SecurityIdentity to be passed without the underlying SecurityDomain being known.
      Returns:
      the SecurityIdentity associated with this AccessAuditContext.

    • isInflowed

      public boolean isInflowed()
      Get if the current SecurityIdentity was inflowed from another process. This is a special case where we want to use it without attempting to inflow into a configured security domain.
      Returns:
      true if the identity was inflowed, false otherwise.

    • getRemoteAddress

      public InetAddress getRemoteAddress()
      Get the remote address of the caller.
      Returns:
      the remote address of the caller.

    • getDomainUuid

      public String getDomainUuid()
      Gets the unique identifier for a multi-domain-process operation.
      Returns:
      the identifier, or null if this context does not relate to a multi-domain-process operation

    • setDomainUuid

      public void setDomainUuid(String domainUuid)

    • getAccessMechanism

      public AccessMechanism getAccessMechanism()
      Gets the mechanism via which the user initiated the access.
      Returns:
      the mechanism, or null if the access was initiated internally

    • setAccessMechanism

      public void setAccessMechanism(AccessMechanism accessMechanism)

    • isDomainRollout

      public boolean isDomainRollout()
      Gets whether this context relates to a secondary request initiated by a remote Host Controller process as part of its rollout of an operation initiated on that process.
      Returns:
      true if this context relates to a remotely coordinated multi-process domain operation

    • setDomainRollout

      public void setDomainRollout(boolean domainRollout)

    • currentAccessAuditContext

      @Deprecated(forRemoval=false) public static AccessAuditContext currentAccessAuditContext()
      Deprecated.
      Internal use, will be changed without warning at any time.
      Obtain the current AccessAuditContext or null if none currently set.
      Returns:
      The current AccessAuditContext

    • doAs

      public static <T> T doAs(org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedAction<T> action)
      Perform work with a new AccessAuditContext as a particular SecurityIdentity
      Type Parameters:
      T - the type of teh return value
      Parameters:
      securityIdentity - the SecurityIdentity that the specified action will run as. May be null
      remoteAddress - the remote address of the caller.
      action - the work to perform. Cannot be null
      Returns:
      the value returned by the PrivilegedAction's run method
      Throws:
      NullPointerException - if the specified PrivilegedExceptionAction is null.
      SecurityException - if the caller does not have permission to invoke this method.

    • doAs

      public static <T> T doAs(boolean inflowed, org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedAction<T> action)
      Perform work with a new AccessAuditContext as a particular SecurityIdentity
      Type Parameters:
      T - the type of teh return value
      Parameters:
      inflowed - was the identity inflowed from a remote process?
      securityIdentity - the SecurityIdentity that the specified action will run as. May be null
      remoteAddress - the remote address of the caller.
      action - the work to perform. Cannot be null
      Returns:
      the value returned by the PrivilegedAction's run method
      Throws:
      NullPointerException - if the specified PrivilegedExceptionAction is null.
      SecurityException - if the caller does not have permission to invoke this method.

    • doAs

      public static <T> T doAs(org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedExceptionAction<T> action) throws PrivilegedActionException
      Perform work with a new AccessAuditContext as a particular SecurityIdentity
      Type Parameters:
      T - the type of teh return value
      Parameters:
      securityIdentity - the SecurityIdentity that the specified action will run as. May be null
      remoteAddress - the remote address of the caller.
      action - the work to perform. Cannot be null
      Returns:
      the value returned by the PrivilegedAction's run method
      Throws:
      PrivilegedActionException - if the PrivilegedExceptionAction.run method throws a checked exception.
      NullPointerException - if the specified PrivilegedExceptionAction is null.
      SecurityException - if the caller does not have permission to invoke this method.

    • doAs

      public static <T> T doAs(boolean inflowed, org.wildfly.security.auth.server.SecurityIdentity securityIdentity, InetAddress remoteAddress, PrivilegedExceptionAction<T> action) throws PrivilegedActionException
      Perform work with a new AccessAuditContext as a particular SecurityIdentity
      Type Parameters:
      T - the type of teh return value
      Parameters:
      inflowed - was the identity inflowed from a remote process?
      securityIdentity - the SecurityIdentity that the specified action will run as. May be null
      remoteAddress - the remote address of the caller.
      action - the work to perform. Cannot be null
      Returns:
      the value returned by the PrivilegedAction's run method
      Throws:
      PrivilegedActionException - if the PrivilegedExceptionAction.run method throws a checked exception.
      NullPointerException - if the specified PrivilegedExceptionAction is null.
      SecurityException - if the caller does not have permission to invoke this method.