Package org.jboss.as.controller.access

Interface AuthorizerConfiguration

All Known Implementing Classes:
WritableAuthorizerConfiguration
public interface AuthorizerConfiguration
Encapsulates the current configuration of all aspects of the access control system that are available to Authorizer implementations.

The results of changes to the access control configuration made via the WildFly management layer will be made available here.

  • Method Details

    • getPermissionCombinationPolicy

      CombinationPolicy getPermissionCombinationPolicy()
      Gets the policy for combining access control permissions when the configuration grants the user more than one type of permission for a given action. For example, in the standard WildFly access control system, a user may map to more than one role. This property would control how the permissions associated with those roles should be combined to make access control decisions.
      Returns:
      the combination policy. Will not be null.

    • isRoleBased

      boolean isRoleBased()
      Gets whether the authorizer uses a role-based authorization mechanism.
      Returns:
      true if a role-based mechanism is used; false if not

    • getStandardRoles

      Set<String> getStandardRoles()
      Gets the names of the "standard" "built-in" roles used by the authorizer. A built-in role requires no end user configuration.
      Returns:
      the standard role names. Will not be null, but may be an empty set if roles are not used or no built-in roles are used.

    • getScopedRoles

      Map<String,AuthorizerConfiguration.ScopedRole> getScopedRoles()
      Gets the configured scoped roles, keyed by the name of the role.
      Returns:
      the scoped roles. Will not be null

    • getAllRoles

      Set<String> getAllRoles()
      Gets the names of the all roles used by the authorizer, including both built-in roles and roles added via end user configuration.
      Returns:
      the role names. Will not be null, but may be an empty set if roles are not used or no built-in roles are used and no end user configured roles exist.

    • hasRole

      boolean hasRole(String roleName)
      Gets whether the current set of roles contains the given role, with the check performed using a case-insensitive algorithm.
      Parameters:
      roleName - the name of the role
      Returns:
      true if the current role set includes an item that equals ignoring case the given roleName

    • getRoleMappings

      Map<String,AuthorizerConfiguration.RoleMapping> getRoleMappings()
      Gets the configured role mappings, keyed by the name of the role.
      Returns:
      the role mappings. Will not be null

    • isMapUsingIdentityRoles

      boolean isMapUsingIdentityRoles()
      Gets whether role mapping should use roles obtained from the SecurityIdentity. Any configured exclusions are still checked. The configured inclusions will also be checked meaning additional roles may also be granted.
      Returns:
      true if role

    • isNonFacadeMBeansSensitive

      boolean isNonFacadeMBeansSensitive()
      Gets whether JMX calls to non-facade mbeans (i.e. those that result in invocations to Authorizer#authorizeJmxOperation(Caller, Environment, JmxAction)) should be treated as 'sensitive'.
      Returns:
      true if non-facade mbean calls are sensitive; false otherwise

    • registerScopedRoleListener

      void registerScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)
      Register a listener for changes in the configured scoped roles.
      Parameters:
      listener - the listener. Cannot be null

    • unregisterScopedRoleListener

      void unregisterScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)
      Unregister a listener for changes in the configured scoped roles.
      Parameters:
      listener - the listener. Cannot be null