Interface RoleMapper
- All Known Implementing Classes:
RunAsRoleMapper,StandardRoleMapper,SuperUserRoleMapper
public interface RoleMapper
Determines the set of roles applicable for a management request.
- Author:
- Brian Stansberry (c) 2013 Red Hat Inc.
-
Method Summary
Modifier and TypeMethodDescriptionbooleanGets whether the given set of mapped roles provides a caller with the privilege to run as the given "runAsRole".mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> operationHeaderRoles) Determine the roles available for the caller without reference to a particular action or target.mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute attribute) Determine the roles available for the caller for a management operation affecting an individual attribute.mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource resource) Determine the roles available for the caller for a management operation affecting an entire resource.mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target) Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.
-
Method Details
-
mapRoles
Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute attribute) Determine the roles available for the caller for a management operation affecting an individual attribute.- Parameters:
identity- the caller identity. Cannot benullcallEnvironment- the call environment. Cannot benullaction- the action being authorized. Cannot benullattribute- the target of the action. Cannot benull- Returns:
- the roles. Will not be
null, but may be an empty set
-
mapRoles
Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource resource) Determine the roles available for the caller for a management operation affecting an entire resource.- Parameters:
identity- the caller identity. Cannot benullcallEnvironment- the call environment. Cannot benullaction- the action being authorized. Cannot benullresource- the target of the action. Cannot benull- Returns:
- the roles. Will not be
null, but may be an empty set
-
mapRoles
Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target) Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.- Parameters:
identity- the caller identity. Cannot benullcallEnvironment- the call environment. Cannot benullaction- the action being authorized. Cannot benulltarget- the target of the action. Cannot benull- Returns:
- the roles. Will not be
null, but may be an empty set
-
mapRoles
Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> operationHeaderRoles) Determine the roles available for the caller without reference to a particular action or target. Note that actually mapping a caller to roles without reference to a particular action or target is not required.- Parameters:
identity- the caller identity. Cannot benullcallEnvironment- the call environment. Cannot benulloperationHeaderRoles- any roles specified as headers in the operation. May benull- Returns:
- the roles. Will not be
null, but may be an empty set
-
canRunAs
Gets whether the given set of mapped roles provides a caller with the privilege to run as the given "runAsRole".- Parameters:
mappedRoles- a set of roles obtained from a call to one of this mapper'smapRolesmethodsrunAsRole- the role the caller wishes to run as- Returns:
trueif running asrunAsRoleis allowed- Throws:
UnknowRoleException- when therunAsRoleisn't defined.
-