org.jboss.as.controller.access

Interface AuthorizerConfiguration

All Known Implementing Classes:

WritableAuthorizerConfiguration

public interface AuthorizerConfiguration

Encapsulates the current configuration of all aspects of the access control system that are available to Authorizer implementations.

The results of changes to the access control configuration made via the WildFly management layer will be made available here.

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static interface	AuthorizerConfiguration.MappingPrincipal Encapsulates the notion of a principal used in Caller to AuthorizerConfiguration.RoleMapping mapping.
static class	AuthorizerConfiguration.PrincipalType Types of AuthorizerConfiguration.MappingPrincipals used in Caller to AuthorizerConfiguration.RoleMapping mapping.
static interface	AuthorizerConfiguration.RoleMapping Encapsulates the notion of a role to which a caller can be mapped.
static class	AuthorizerConfiguration.ScopedRole Encapsulates configuration information for a scoped role.
static interface	AuthorizerConfiguration.ScopedRoleListener Listener for changes to the configured scoped roles.

Method Summary

Modifier and Type	Method and Description
Set<String>	getAllRoles() Gets the names of the all roles used by the authorizer, including both built-in roles and roles added via end user configuration.
CombinationPolicy	getPermissionCombinationPolicy() Gets the policy for combining access control permissions when the configuration grants the user more than one type of permission for a given action.
Map<String,AuthorizerConfiguration.RoleMapping>	getRoleMappings() Gets the configured role mappings, keyed by the name of the role.
Map<String,AuthorizerConfiguration.ScopedRole>	getScopedRoles() Gets the configured scoped roles, keyed by the name of the role.
Set<String>	getStandardRoles() Gets the names of the "standard" "built-in" roles used by the authorizer.
boolean	hasRole(String roleName) Gets whether the current set of roles contains the given role, with the check performed using a case-insensitive algorithm.
boolean	isMapUsingIdentityRoles() Gets whether role mapping should use roles obtained from the security realm and associated with the Caller.
boolean	isNonFacadeMBeansSensitive() Gets whether JMX calls to non-facade mbeans (i.e.
boolean	isRoleBased() Gets whether the authorizer uses a role-based authorization mechanism.
void	registerScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener) Register a listener for changes in the configured scoped roles.
void	unregisterScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener) Unregister a listener for changes in the configured scoped roles.

Method Detail

getPermissionCombinationPolicy

CombinationPolicy getPermissionCombinationPolicy()

Gets the policy for combining access control permissions when the configuration grants the user more than one type of permission for a given action. For example, in the standard WildFly access control system, a user may map to more than one role. This property would control how the permissions associated with those roles should be combined to make access control decisions.

Returns:

the combination policy. Will not be null.

isRoleBased

boolean isRoleBased()

Gets whether the authorizer uses a role-based authorization mechanism.

Returns:

true if a role-based mechanism is used; false if not

getStandardRoles

Set<String> getStandardRoles()

Gets the names of the "standard" "built-in" roles used by the authorizer. A built-in role requires no end user configuration.

Returns:

the standard role names. Will not be null, but may be an empty set if roles are not used or no built-in roles are used.

getScopedRoles

Map<String,AuthorizerConfiguration.ScopedRole> getScopedRoles()

Gets the configured scoped roles, keyed by the name of the role.

Returns:

the scoped roles. Will not be null

getAllRoles

Set<String> getAllRoles()

Gets the names of the all roles used by the authorizer, including both built-in roles and roles added via end user configuration.

Returns:

the role names. Will not be null, but may be an empty set if roles are not used or no built-in roles are used and no end user configured roles exist.

hasRole

boolean hasRole(String roleName)

Gets whether the current set of roles contains the given role, with the check performed using a case-insensitive algorithm.

Parameters:

roleName - the name of the role

Returns:

true if the current role set includes an item that equals ignoring case the given roleName

getRoleMappings

Map<String,AuthorizerConfiguration.RoleMapping> getRoleMappings()

Gets the configured role mappings, keyed by the name of the role.

Returns:

the role mappings. Will not be null

isMapUsingIdentityRoles

boolean isMapUsingIdentityRoles()

Gets whether role mapping should use roles obtained from the security realm and associated with the Caller.

Returns:

true if role

isNonFacadeMBeansSensitive

boolean isNonFacadeMBeansSensitive()

Gets whether JMX calls to non-facade mbeans (i.e. those that result in invocations to Authorizer#authorizeJmxOperation(Caller, Environment, JmxAction)) should be treated as 'sensitive'.

Returns:

true if non-facade mbean calls are sensitive; false otherwise

registerScopedRoleListener

void registerScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)

Register a listener for changes in the configured scoped roles.

Parameters:

listener - the listener. Cannot be null

unregisterScopedRoleListener

void unregisterScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)

Unregister a listener for changes in the configured scoped roles.

Parameters:

listener - the listener. Cannot be null