Package org.jboss.as.controller.access.permission

Class ManagementPermissionAuthorizer

java.lang.Object
org.jboss.as.controller.access.permission.ManagementPermissionAuthorizer
All Implemented Interfaces:
Authorizer
Direct Known Subclasses:
StandardRBACAuthorizer
public class ManagementPermissionAuthorizer extends Object implements Authorizer
Authorizer based on ManagementPermissions configured by a PermissionFactory.
Author:
Brian Stansberry (c) 2013 Red Hat Inc.

  • Constructor Details

    • ManagementPermissionAuthorizer

      public ManagementPermissionAuthorizer(PermissionFactory permissionFactory)

  • Method Details

    • getDescription

      public Authorizer.AuthorizerDescription getDescription()
      Description copied from interface: Authorizer
      Gets a description of the characteristics of this authorizer
      Specified by:
      getDescription in interface Authorizer
      Returns:
      the description. Cannot be null

    • authorize

      public AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute target)
      Description copied from interface: Authorizer
      Authorize a management operation affecting an individual attribute.
      Specified by:
      authorize in interface Authorizer
      Parameters:
      identity - the caller identity. Cannot be null
      callEnvironment - the call environment. Cannot be null
      action - the action being authorized. Cannot be null
      target - the target of the action. Cannot be null
      Returns:
      the authorization result. Will not be null

    • authorize

      public AuthorizationResult authorize(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource target)
      Description copied from interface: Authorizer
      Authorize a management operation affecting an entire resource.
      Specified by:
      authorize in interface Authorizer
      Parameters:
      identity - the identity. Cannot be null
      callEnvironment - the call environment. Cannot be null
      action - the action being authorized. Cannot be null
      target - the target of the action. Cannot be null
      Returns:
      the authorization result. Will not be null

    • authorizeJmxOperation

      public AuthorizationResult authorizeJmxOperation(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
      Description copied from interface: Authorizer
      Authorize a JMX operation. This operation should NOT be called for the management facade MBeans
      Specified by:
      authorizeJmxOperation in interface Authorizer
      Parameters:
      identity - the caller identity. Cannot be null
      callEnvironment - the call environment. Cannot be null
      action - the action being authorized. Cannot be null
      target - the target of the action. Cannot be null
      Returns:
      the authorization result. Will not be null

    • getCallerRoles

      public Set<String> getCallerRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> runAsRoles)
      Description copied from interface: Authorizer
      Gets the set of roles the caller can run as taking into account any requested 'run as' roles.
      Specified by:
      getCallerRoles in interface Authorizer
      Parameters:
      identity - the caller identity. Cannot be null
      callEnvironment - the call environment. Cannot be null
      runAsRoles - any requested 'run as' roles. May be null
      Returns:
      The set of roles assigned to the caller; an empty set will be returned if no roles are assigned or null will be returned if the access control provider does not support role mapping.