Package org.jboss.as.controller.security

Class ControllerPermission

java.lang.Object
java.security.Permission
java.security.BasicPermission
org.jboss.as.controller.security.ControllerPermission
All Implemented Interfaces:
Serializable, Guard
public class ControllerPermission extends BasicPermission

This class is for WildFly Controller's permissions. A permission contains a name (also referred to as a "target name") but no actions list; you either have the named permission or you don't.

The target name is the name of the permission. The following table lists all the possible ControllerPermission target names, and for each provides a description of what the permission allows.

Permission Target Name What the Permission Allows
canAccessImmutableManagementResourceRegistration Creation of ImmutableManagementResourceRegistration, or invoke one of its methods
canAccessModelController Access a ModelController, or to invoke its methods
createCaller Create a org.jboss.as.controller.access.Caller with respect to access control decision
getCallerSubject Retrieve the Subject associated with a org.jboss.as.controller.access.Caller
getCurrentAccessAuditContext Retrieves current AccessAuditContext

The permission name may also be an asterisk, to signify a wildcard match.

Author:
Eduardo Martins
See Also:

  • Field Details

    • CAN_ACCESS_IMMUTABLE_MANAGEMENT_RESOURCE_REGISTRATION_NAME

      public static final String CAN_ACCESS_IMMUTABLE_MANAGEMENT_RESOURCE_REGISTRATION_NAME
      See Also:

    • CAN_ACCESS_MODEL_CONTROLLER_NAME

      public static final String CAN_ACCESS_MODEL_CONTROLLER_NAME
      See Also:

    • CREATE_CALLER_NAME

      public static final String CREATE_CALLER_NAME
      See Also:

    • GET_CALLER_SUBJECT_NAME

      public static final String GET_CALLER_SUBJECT_NAME
      See Also:

    • GET_CALLER_SECURITY_IDENTITY_NAME

      public static final String GET_CALLER_SECURITY_IDENTITY_NAME
      See Also:

    • GET_CURRENT_ACCESS_AUDIT_CONTEXT_NAME

      public static final String GET_CURRENT_ACCESS_AUDIT_CONTEXT_NAME
      See Also:

    • GET_IN_VM_CALL_STATE_NAME

      public static final String GET_IN_VM_CALL_STATE_NAME
      See Also:

    • INFLOW_SECURITY_IDENTITY_NAME

      public static final String INFLOW_SECURITY_IDENTITY_NAME
      See Also:

    • PERFORM_IN_VM_CALL_NAME

      public static final String PERFORM_IN_VM_CALL_NAME
      See Also:

    • CAN_ACCESS_IMMUTABLE_MANAGEMENT_RESOURCE_REGISTRATION

      public static final ControllerPermission CAN_ACCESS_IMMUTABLE_MANAGEMENT_RESOURCE_REGISTRATION
      The Controller Permission named canAccessImmutableManagementResourceRegistration, which should be used to create a ImmutableManagementResourceRegistration, or invoke one of its methods

    • CAN_ACCESS_MODEL_CONTROLLER

      public static final ControllerPermission CAN_ACCESS_MODEL_CONTROLLER
      The Controller Permission named canAccessModelController, which should be used to access a ModelController, or to invoke its methods.

    • CREATE_CALLER

      public static final ControllerPermission CREATE_CALLER
      The Controller Permission named createCaller, which should be used to create a org.jboss.as.controller.access.Caller, with respect to access control decision.

    • GET_CALLER_SUBJECT

      public static final ControllerPermission GET_CALLER_SUBJECT
      The Controller Permission named getCallerSubject, which should be used to retrieve the Subject associated with a org.jboss.as.controller.access.Caller.

    • GET_CALLER_SECURITY_IDENTITY

      public static final ControllerPermission GET_CALLER_SECURITY_IDENTITY
      The Controller Permission named getCallerSubject, which should be used to retrieve the SecurityIdentity associated with a org.jboss.as.controller.access.Caller.

    • GET_CURRENT_ACCESS_AUDIT_CONTEXT

      public static final ControllerPermission GET_CURRENT_ACCESS_AUDIT_CONTEXT
      The Controller Permission named getCurrentAccessAuditContext, which should be used to retrieve current AccessAuditContext.

    • GET_IN_VM_CALL_STATE

      public static final ControllerPermission GET_IN_VM_CALL_STATE
      The Controller Permission named getInVmCallStateName, which should be used to retrieve in-vm call state.

    • INFLOW_SECURITY_IDENTITY

      public static final ControllerPermission INFLOW_SECURITY_IDENTITY
      The Controller Permission named inflowSecurityIdentity, which is required where a SecurityIdentity is inflowed as-is bypassing local security.

    • PERFORM_IN_VM_CALL

      public static final ControllerPermission PERFORM_IN_VM_CALL
      The Controller Permission named performInVmCall, which should be used to perform an in-vm call.

  • Constructor Details

    • ControllerPermission

      public ControllerPermission(String name)
      Creates a new permission with the specified name. The name is the symbolic name of the permission, such as "createCaller", "getCurrentAccessAuditContext", etc.
      Parameters:
      name - the name of the permission.
      Throws:
      NullPointerException - if name is null.
      IllegalArgumentException - if name is not valid.

    • ControllerPermission

      public ControllerPermission(String name, String actions)
      Creates a new permission object with the specified name. The name is the symbolic name of the permission, and the actions String is currently unused and should be null.
      Parameters:
      name - the name of the permission.
      actions - should be null.
      Throws:
      NullPointerException - if name is null.
      IllegalArgumentException - if name and/or actions are not valid.