Package org.jboss.as.controller
Interface ModelControllerClientFactory
public interface ModelControllerClientFactory
Factory for obtaining a
ModelControllerClient
for use in the same VM as the target ModelController.- Author:
- Brian Stansberry
-
Field Summary
FieldsModifier and TypeFieldDescriptionstatic final NullaryServiceDescriptor<ModelControllerClientFactory> -
Method Summary
Modifier and TypeMethodDescriptioncreateClient(Executor executor) Create an in-VM client whose operations are executed with authorization checks performed based on the security identity that is associated with the calling thread when the client is invoked.default LocalModelControllerClientcreateSuperUserClient(Executor executor) Create an in-VM client whose operations are executed as if they were invoked by a user in the RBACSuperUserrole, regardless of any security identity that is or isn't associated with the calling thread when the client is invoked.createSuperUserClient(Executor executor, boolean forUserCalls) Create an in-VM client whose operations are executed as if they were invoked by a user in the RBACSuperUserrole, regardless of any security identity that is or isn't associated with the calling thread when the client is invoked.
-
Field Details
-
SERVICE_DESCRIPTOR
-
-
Method Details
-
createClient
Create an in-VM client whose operations are executed with authorization checks performed based on the security identity that is associated with the calling thread when the client is invoked. Operations are not automatically treated as if invoked by a user in the RBACSuperUserrole, and thus may be rejected due to failed authorization checks.- Parameters:
executor- the executor to use for asynchronous operation execution. Cannot benull- Returns:
- the client. Will not return
null - Throws:
SecurityException- if the caller does not have theCAN_ACCESS_MODEL_CONTROLLERpermission
-
createSuperUserClient
Create an in-VM client whose operations are executed as if they were invoked by a user in the RBACSuperUserrole, regardless of any security identity that is or isn't associated with the calling thread when the client is invoked. This client generally should not be used to handle requests from external callers, and if it is used great care should be taken to ensure such use is not suborning the intended access control scheme.In a VM with a
SecurityManagerinstalled, invocations against the returned client can only occur from a calling context with thePERFORM_IN_VM_CALLpermission. Without this permission aSecurityExceptionwill be thrown.Calling this method is equivalent to a call to
createSuperUserClient(executor, false).- Parameters:
executor- the executor to use for asynchronous operation execution. Cannot benull- Returns:
- the client. Will not return
null - Throws:
SecurityException- if the caller does not have theCAN_ACCESS_MODEL_CONTROLLERpermission
-
createSuperUserClient
Create an in-VM client whose operations are executed as if they were invoked by a user in the RBACSuperUserrole, regardless of any security identity that is or isn't associated with the calling thread when the client is invoked. This client generally should not be used to handle requests from external callers, and if it is used great care should be taken to ensure such use is not suborning the intended access control scheme.In a VM with a
SecurityManagerinstalled, invocations against the returned client can only occur from a calling context with thePERFORM_IN_VM_CALLpermission. Without this permission aSecurityExceptionwill be thrown.- Parameters:
executor- the executor to use for asynchronous operation execution. Cannot benullforUserCalls- iftruethe operation executed by this client should be regarded as coming from an end user. For example, such operations cannot targetOperationEntry.EntryType.PRIVATEoperations- Returns:
- the client. Will not return
null - Throws:
SecurityException- if the caller does not have theCAN_ACCESS_MODEL_CONTROLLERpermission
-