Class WritableAuthorizerConfiguration
java.lang.Object
org.jboss.as.controller.access.management.WritableAuthorizerConfiguration
- All Implemented Interfaces:
AuthorizerConfiguration,AccessConstraintUtilizationRegistry
public class WritableAuthorizerConfiguration
extends Object
implements AuthorizerConfiguration, AccessConstraintUtilizationRegistry
Standard
AuthorizerConfiguration implementation that also exposes mutator APIs for use by
the WildFly management layer.- Author:
- Brian Stansberry (c) 2013 Red Hat Inc.
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic enumTypes of matching strategies used inorg.jboss.as.controller.access.CallertoAuthorizerConfiguration.RoleMappingmapping.Nested classes/interfaces inherited from interface org.jboss.as.controller.access.AuthorizerConfiguration
AuthorizerConfiguration.MappingPrincipal, AuthorizerConfiguration.PrincipalType, AuthorizerConfiguration.RoleMapping, AuthorizerConfiguration.ScopedRole, AuthorizerConfiguration.ScopedRoleListener -
Constructor Summary
ConstructorsConstructorDescriptionWritableAuthorizerConfiguration(Authorizer.AuthorizerDescription authorizerDescription) -
Method Summary
Modifier and TypeMethodDescriptionvoidaddRoleMapping(String roleName) Adds a new role to the list of defined roles.voidaddRoleMappingImmediate(String roleName) booleanaddRoleMappingPrincipal(String roleName, AuthorizerConfiguration.PrincipalType principalType, WritableAuthorizerConfiguration.MatchType matchType, String name, String realm, boolean immediate) voidcreatePrincipal(AuthorizerConfiguration.PrincipalType principalType, String name, String realm) getAccessConstraintUtilizations(AccessConstraintKey accessConstraintKey) Gets the names of the all roles used by the authorizer, including both built-in roles and roles added via end user configuration.Gets the policy for combining access control permissions when the configuration grants the user more than one type of permission for a given action.Gets the configured role mappings, keyed by the name of the role.Gets the configured scoped roles, keyed by the name of the role.Gets the names of the "standard" "built-in" roles used by the authorizer.booleanGets whether the currentset of rolescontains the given role, with the check performed using a case-insensitive algorithm.booleanGets whether role mapping should use roles obtained from theSecurityIdentity.booleanGets whether JMX calls to non-facade mbeans (i.e. those that result in invocations toAuthorizer#authorizeJmxOperation(Caller, Environment, JmxAction)) should be treated as 'sensitive'.booleanGets whether the authorizer uses a role-based authorization mechanism.voidregisterAccessConstraintAttributeUtilization(AccessConstraintKey key, PathAddress address, String attribute) voidregisterAccessConstraintOperationUtilization(AccessConstraintKey key, PathAddress address, String operation) voidvoidRegister a listener for changes in the configured scoped roles.removeRoleMapping(String roleName) Remove a role from the list of defined roles.booleanremoveRoleMappingPrincipal(String roleName, AuthorizerConfiguration.PrincipalType principalType, WritableAuthorizerConfiguration.MatchType matchType, String name, String realm) voidremoveScopedRole(String toRemove) voidreset()Reset the internal state of this object back to what it originally was.voidsetPermissionCombinationPolicy(CombinationPolicy combinationPolicy) voidsetRoleMappingIncludeAll(String roleName, boolean includeAll) voidsetUseIdentityRoles(boolean useIdentityRoles) booleanundoRoleMappingRemove(Object removalKey) Undo a prior removal using the supplied undo key.voidvoidUnregister a listener for changes in the configured scoped roles.
-
Constructor Details
-
WritableAuthorizerConfiguration
-
-
Method Details
-
reset
public void reset()Reset the internal state of this object back to what it originally was. Used then reloading a server or in a slave host controller following a post-boot reconnect to the master. -
registerScopedRoleListener
Description copied from interface:AuthorizerConfigurationRegister a listener for changes in the configured scoped roles.- Specified by:
registerScopedRoleListenerin interfaceAuthorizerConfiguration- Parameters:
listener- the listener. Cannot benull
-
unregisterScopedRoleListener
Description copied from interface:AuthorizerConfigurationUnregister a listener for changes in the configured scoped roles.- Specified by:
unregisterScopedRoleListenerin interfaceAuthorizerConfiguration- Parameters:
listener- the listener. Cannot benull
-
getPermissionCombinationPolicy
Description copied from interface:AuthorizerConfigurationGets the policy for combining access control permissions when the configuration grants the user more than one type of permission for a given action. For example, in the standard WildFly access control system, a user may map to more than one role. This property would control how the permissions associated with those roles should be combined to make access control decisions.- Specified by:
getPermissionCombinationPolicyin interfaceAuthorizerConfiguration- Returns:
- the combination policy. Will not be
null.
-
isRoleBased
public boolean isRoleBased()Description copied from interface:AuthorizerConfigurationGets whether the authorizer uses a role-based authorization mechanism.- Specified by:
isRoleBasedin interfaceAuthorizerConfiguration- Returns:
trueif a role-based mechanism is used;falseif not
-
isMapUsingIdentityRoles
public boolean isMapUsingIdentityRoles()Description copied from interface:AuthorizerConfigurationGets whether role mapping should use roles obtained from theSecurityIdentity. Any configured exclusions are still checked. The configured inclusions will also be checked meaning additional roles may also be granted.- Specified by:
isMapUsingIdentityRolesin interfaceAuthorizerConfiguration- Returns:
trueif role
-
getStandardRoles
Description copied from interface:AuthorizerConfigurationGets the names of the "standard" "built-in" roles used by the authorizer. A built-in role requires no end user configuration.- Specified by:
getStandardRolesin interfaceAuthorizerConfiguration- Returns:
- the standard role names. Will not be
null, but may be an empty set if roles are not used or no built-in roles are used.
-
getScopedRoles
Description copied from interface:AuthorizerConfigurationGets the configured scoped roles, keyed by the name of the role.- Specified by:
getScopedRolesin interfaceAuthorizerConfiguration- Returns:
- the scoped roles. Will not be
null
-
getAllRoles
Description copied from interface:AuthorizerConfigurationGets the names of the all roles used by the authorizer, including both built-in roles and roles added via end user configuration.- Specified by:
getAllRolesin interfaceAuthorizerConfiguration- Returns:
- the role names. Will not be
null, but may be an empty set if roles are not used or no built-in roles are used and no end user configured roles exist.
-
hasRole
Description copied from interface:AuthorizerConfigurationGets whether the currentset of rolescontains the given role, with the check performed using a case-insensitive algorithm.- Specified by:
hasRolein interfaceAuthorizerConfiguration- Parameters:
roleName- the name of the role- Returns:
trueif the current role set includes an item thatequals ignoring casethe givenroleName
-
getRoleMappings
Description copied from interface:AuthorizerConfigurationGets the configured role mappings, keyed by the name of the role.- Specified by:
getRoleMappingsin interfaceAuthorizerConfiguration- Returns:
- the role mappings. Will not be
null
-
setUseIdentityRoles
public void setUseIdentityRoles(boolean useIdentityRoles) -
addScopedRole
-
removeScopedRole
-
isNonFacadeMBeansSensitive
public boolean isNonFacadeMBeansSensitive()Description copied from interface:AuthorizerConfigurationGets whether JMX calls to non-facade mbeans (i.e. those that result in invocations toAuthorizer#authorizeJmxOperation(Caller, Environment, JmxAction)) should be treated as 'sensitive'.- Specified by:
isNonFacadeMBeansSensitivein interfaceAuthorizerConfiguration- Returns:
trueif non-facade mbean calls are sensitive;falseotherwise
-
addRoleMappingImmediate
-
addRoleMapping
Adds a new role to the list of defined roles.- Parameters:
roleName- - The name of the role being added.
-
removeRoleMapping
Remove a role from the list of defined roles.- Parameters:
roleName- - The name of the role to be removed.- Returns:
- A key that can be used to undo the removal.
-
undoRoleMappingRemove
Undo a prior removal using the supplied undo key.- Parameters:
removalKey- - The key returned from the call to removeRoleMapping.- Returns:
- true if the undo was successful, false otherwise.
-
setRoleMappingIncludeAll
-
addRoleMappingPrincipal
public boolean addRoleMappingPrincipal(String roleName, AuthorizerConfiguration.PrincipalType principalType, WritableAuthorizerConfiguration.MatchType matchType, String name, String realm, boolean immediate) -
removeRoleMappingPrincipal
public boolean removeRoleMappingPrincipal(String roleName, AuthorizerConfiguration.PrincipalType principalType, WritableAuthorizerConfiguration.MatchType matchType, String name, String realm) -
createPrincipal
public AuthorizerConfiguration.MappingPrincipal createPrincipal(AuthorizerConfiguration.PrincipalType principalType, String name, String realm) -
setPermissionCombinationPolicy
-
getAccessConstraintUtilizations
public Map<PathAddress,AccessConstraintUtilization> getAccessConstraintUtilizations(AccessConstraintKey accessConstraintKey) - Specified by:
getAccessConstraintUtilizationsin interfaceAccessConstraintUtilizationRegistry
-
registerAccessConstraintResourceUtilization
public void registerAccessConstraintResourceUtilization(AccessConstraintKey key, PathAddress address) - Specified by:
registerAccessConstraintResourceUtilizationin interfaceAccessConstraintUtilizationRegistry
-
registerAccessConstraintAttributeUtilization
public void registerAccessConstraintAttributeUtilization(AccessConstraintKey key, PathAddress address, String attribute) - Specified by:
registerAccessConstraintAttributeUtilizationin interfaceAccessConstraintUtilizationRegistry
-
registerAccessConstraintOperationUtilization
public void registerAccessConstraintOperationUtilization(AccessConstraintKey key, PathAddress address, String operation) - Specified by:
registerAccessConstraintOperationUtilizationin interfaceAccessConstraintUtilizationRegistry
-
unregisterAccessConstraintUtilizations
- Specified by:
unregisterAccessConstraintUtilizationsin interfaceAccessConstraintUtilizationRegistry
-