Package org.jboss.as.controller.access.rbac

Class StandardRoleMapper

java.lang.Object
org.jboss.as.controller.access.rbac.StandardRoleMapper
All Implemented Interfaces:
RoleMapper
public class StandardRoleMapper extends Object implements RoleMapper
A RoleMapper that supports configuration from the WildFly management API.
Author:
Darran Lofthouse

  • Constructor Details

  • Method Details

    • mapRoles

      public Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetAttribute attribute)
      Description copied from interface: RoleMapper
      Determine the roles available for the caller for a management operation affecting an individual attribute.
      Specified by:
      mapRoles in interface RoleMapper
      Parameters:
      identity - the caller identity. Cannot be null
      callEnvironment - the call environment. Cannot be null
      action - the action being authorized. Cannot be null
      attribute - the target of the action. Cannot be null
      Returns:
      the roles. Will not be null, but may be an empty set

    • mapRoles

      public Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Action action, TargetResource resource)
      Description copied from interface: RoleMapper
      Determine the roles available for the caller for a management operation affecting an entire resource.
      Specified by:
      mapRoles in interface RoleMapper
      Parameters:
      identity - the caller identity. Cannot be null
      callEnvironment - the call environment. Cannot be null
      action - the action being authorized. Cannot be null
      resource - the target of the action. Cannot be null
      Returns:
      the roles. Will not be null, but may be an empty set

    • mapRoles

      public Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, JmxAction action, JmxTarget target)
      Description copied from interface: RoleMapper
      Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.
      Specified by:
      mapRoles in interface RoleMapper
      Parameters:
      identity - the caller identity. Cannot be null
      callEnvironment - the call environment. Cannot be null
      action - the action being authorized. Cannot be null
      target - the target of the action. Cannot be null
      Returns:
      the roles. Will not be null, but may be an empty set

    • mapRoles

      public Set<String> mapRoles(org.wildfly.security.auth.server.SecurityIdentity identity, Environment callEnvironment, Set<String> operationHeaderRoles)
      Description copied from interface: RoleMapper
      Determine the roles available for the caller without reference to a particular action or target. Note that actually mapping a caller to roles without reference to a particular action or target is not required.
      Specified by:
      mapRoles in interface RoleMapper
      Parameters:
      identity - the caller identity. Cannot be null
      callEnvironment - the call environment. Cannot be null
      operationHeaderRoles - any roles specified as headers in the operation. May be null
      Returns:
      the roles. Will not be null, but may be an empty set

    • canRunAs

      public boolean canRunAs(Set<String> mappedRoles, String runAsRole)
      Description copied from interface: RoleMapper
      Gets whether the given set of mapped roles provides a caller with the privilege to run as the given "runAsRole".
      Specified by:
      canRunAs in interface RoleMapper
      Parameters:
      mappedRoles - a set of roles obtained from a call to one of this mapper's mapRoles methods
      runAsRole - the role the caller wishes to run as
      Returns:
      true if running as runAsRole is allowed