Package org.jboss.as.controller.access

Interface Authorizer

All Known Subinterfaces:
CustomAuthorizer, JmxAuthorizer
All Known Implementing Classes:
DelegatingConfigurableAuthorizer, ManagementPermissionAuthorizer, StandardRBACAuthorizer
public interface Authorizer
Interface exposed by the enforcement point in a WildFly access control system.
Author:
Brian Stansberry (c) 2013 Red Hat Inc.

  • Method Details

    • getDescription

      Authorizer.AuthorizerDescription getDescription()
      Gets a description of the characteristics of this authorizer
      Returns:
      the description. Cannot be null

    • authorize

      AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute target)
      Authorize a management operation affecting an individual attribute.
      Parameters:
      identity - the caller identity. Cannot be null
      callEnvironment - the call environment. Cannot be null
      action - the action being authorized. Cannot be null
      target - the target of the action. Cannot be null
      Returns:
      the authorization result. Will not be null

    • authorize

      AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource target)
      Authorize a management operation affecting an entire resource.
      Parameters:
      identity - the identity. Cannot be null
      callEnvironment - the call environment. Cannot be null
      action - the action being authorized. Cannot be null
      target - the target of the action. Cannot be null
      Returns:
      the authorization result. Will not be null

    • authorizeJmxOperation

      AuthorizationResult authorizeJmxOperation(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
      Authorize a JMX operation. This operation should NOT be called for the management facade MBeans
      Parameters:
      identity - the caller identity. Cannot be null
      callEnvironment - the call environment. Cannot be null
      action - the action being authorized. Cannot be null
      target - the target of the action. Cannot be null
      Returns:
      the authorization result. Will not be null

    • getCallerRoles

      Set<String> getCallerRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> runAsRoles)
      Gets the set of roles the caller can run as taking into account any requested 'run as' roles.
      Parameters:
      identity - the caller identity. Cannot be null
      callEnvironment - the call environment. Cannot be null
      runAsRoles - any requested 'run as' roles. May be null
      Returns:
      The set of roles assigned to the caller; an empty set will be returned if no roles are assigned or null will be returned if the access control provider does not support role mapping.