public class WritableAuthorizerConfiguration extends Object implements AuthorizerConfiguration, AccessConstraintUtilizationRegistry
AuthorizerConfiguration
implementation that also exposes mutator APIs for use by
the WildFly management layer.Modifier and Type | Class and Description |
---|---|
static class |
WritableAuthorizerConfiguration.MatchType
Types of matching strategies used in
Caller to AuthorizerConfiguration.RoleMapping mapping. |
AuthorizerConfiguration.MappingPrincipal, AuthorizerConfiguration.PrincipalType, AuthorizerConfiguration.RoleMapping, AuthorizerConfiguration.ScopedRole, AuthorizerConfiguration.ScopedRoleListener
Constructor and Description |
---|
WritableAuthorizerConfiguration(Authorizer.AuthorizerDescription authorizerDescription) |
Modifier and Type | Method and Description |
---|---|
void |
addRoleMapping(String roleName)
Adds a new role to the list of defined roles.
|
void |
addRoleMappingImmediate(String roleName) |
boolean |
addRoleMappingPrincipal(String roleName,
AuthorizerConfiguration.PrincipalType principalType,
WritableAuthorizerConfiguration.MatchType matchType,
String name,
String realm,
boolean immediate) |
void |
addScopedRole(AuthorizerConfiguration.ScopedRole toAdd) |
AuthorizerConfiguration.MappingPrincipal |
createPrincipal(AuthorizerConfiguration.PrincipalType principalType,
String name,
String realm) |
Map<PathAddress,AccessConstraintUtilization> |
getAccessConstraintUtilizations(AccessConstraintKey accessConstraintKey) |
Set<String> |
getAllRoles()
Gets the names of the all roles used by the authorizer, including both built-in roles and roles added via
end user configuration.
|
CombinationPolicy |
getPermissionCombinationPolicy()
Gets the policy for combining access control permissions when the configuration grants the user
more than one type of permission for a given action.
|
Map<String,AuthorizerConfiguration.RoleMapping> |
getRoleMappings()
Gets the configured role mappings, keyed by the name of the role.
|
Map<String,AuthorizerConfiguration.ScopedRole> |
getScopedRoles()
Gets the configured scoped roles, keyed by the name of the role.
|
Set<String> |
getStandardRoles()
Gets the names of the "standard" "built-in" roles used by the authorizer.
|
boolean |
hasRole(String roleName)
Gets whether the current
set of roles contains the given role, with the
check performed using a case-insensitive algorithm. |
boolean |
isMapUsingRealmRoles()
Gets whether role mapping should use roles obtained from the security realm and associated
with the
Caller . |
boolean |
isNonFacadeMBeansSensitive()
Gets whether JMX calls to non-facade mbeans (i.e.
|
boolean |
isRoleBased()
Gets whether the authorizer uses a role-based authorization mechanism.
|
void |
registerAccessConstraintAttributeUtilization(AccessConstraintKey key,
PathAddress address,
String attribute) |
void |
registerAccessConstraintOperationUtilization(AccessConstraintKey key,
PathAddress address,
String operation) |
void |
registerAccessConstraintResourceUtilization(AccessConstraintKey key,
PathAddress address) |
void |
registerScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)
Register a listener for changes in the configured scoped roles.
|
Object |
removeRoleMapping(String roleName)
Remove a role from the list of defined roles.
|
boolean |
removeRoleMappingPrincipal(String roleName,
AuthorizerConfiguration.PrincipalType principalType,
WritableAuthorizerConfiguration.MatchType matchType,
String name,
String realm) |
void |
removeScopedRole(String toRemove) |
void |
reset()
Reset the internal state of this object back to what it originally was.
|
void |
setPermissionCombinationPolicy(CombinationPolicy combinationPolicy) |
void |
setRoleMappingIncludeAll(String roleName,
boolean includeAll) |
boolean |
undoRoleMappingRemove(Object removalKey)
Undo a prior removal using the supplied undo key.
|
void |
unregisterAccessConstraintUtilizations(PathAddress address) |
void |
unregisterScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)
Unregister a listener for changes in the configured scoped roles.
|
public WritableAuthorizerConfiguration(Authorizer.AuthorizerDescription authorizerDescription)
public void reset()
public void registerScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)
AuthorizerConfiguration
registerScopedRoleListener
in interface AuthorizerConfiguration
listener
- the listener. Cannot be null
public void unregisterScopedRoleListener(AuthorizerConfiguration.ScopedRoleListener listener)
AuthorizerConfiguration
unregisterScopedRoleListener
in interface AuthorizerConfiguration
listener
- the listener. Cannot be null
public CombinationPolicy getPermissionCombinationPolicy()
AuthorizerConfiguration
getPermissionCombinationPolicy
in interface AuthorizerConfiguration
null
.public boolean isRoleBased()
AuthorizerConfiguration
isRoleBased
in interface AuthorizerConfiguration
true
if a role-based mechanism is used; false
if notpublic boolean isMapUsingRealmRoles()
AuthorizerConfiguration
Caller
.isMapUsingRealmRoles
in interface AuthorizerConfiguration
true
if rolepublic Set<String> getStandardRoles()
AuthorizerConfiguration
getStandardRoles
in interface AuthorizerConfiguration
null
, but may be an empty set if roles are not used
or no built-in roles are used.public Map<String,AuthorizerConfiguration.ScopedRole> getScopedRoles()
AuthorizerConfiguration
getScopedRoles
in interface AuthorizerConfiguration
null
public Set<String> getAllRoles()
AuthorizerConfiguration
getAllRoles
in interface AuthorizerConfiguration
null
, but may be an empty set if roles are not used
or no built-in roles are used and no end user configured roles exist.public boolean hasRole(String roleName)
AuthorizerConfiguration
set of roles
contains the given role, with the
check performed using a case-insensitive algorithm.hasRole
in interface AuthorizerConfiguration
roleName
- the name of the roletrue
if the current role set includes an item that
equals ignoring case
the given roleName
public Map<String,AuthorizerConfiguration.RoleMapping> getRoleMappings()
AuthorizerConfiguration
getRoleMappings
in interface AuthorizerConfiguration
null
public void addScopedRole(AuthorizerConfiguration.ScopedRole toAdd)
public void removeScopedRole(String toRemove)
public boolean isNonFacadeMBeansSensitive()
AuthorizerConfiguration
Authorizer#authorizeJmxOperation(Caller, Environment, JmxAction)
) should be treated as 'sensitive'.isNonFacadeMBeansSensitive
in interface AuthorizerConfiguration
true
if non-facade mbean calls are sensitive; false
otherwisepublic void addRoleMappingImmediate(String roleName)
public void addRoleMapping(String roleName)
roleName
- - The name of the role being added.public Object removeRoleMapping(String roleName)
roleName
- - The name of the role to be removed.public boolean undoRoleMappingRemove(Object removalKey)
removalKey
- - The key returned from the call to removeRoleMapping.public void setRoleMappingIncludeAll(String roleName, boolean includeAll)
public boolean addRoleMappingPrincipal(String roleName, AuthorizerConfiguration.PrincipalType principalType, WritableAuthorizerConfiguration.MatchType matchType, String name, String realm, boolean immediate)
public boolean removeRoleMappingPrincipal(String roleName, AuthorizerConfiguration.PrincipalType principalType, WritableAuthorizerConfiguration.MatchType matchType, String name, String realm)
public AuthorizerConfiguration.MappingPrincipal createPrincipal(AuthorizerConfiguration.PrincipalType principalType, String name, String realm)
public void setPermissionCombinationPolicy(CombinationPolicy combinationPolicy)
public Map<PathAddress,AccessConstraintUtilization> getAccessConstraintUtilizations(AccessConstraintKey accessConstraintKey)
getAccessConstraintUtilizations
in interface AccessConstraintUtilizationRegistry
public void registerAccessConstraintResourceUtilization(AccessConstraintKey key, PathAddress address)
registerAccessConstraintResourceUtilization
in interface AccessConstraintUtilizationRegistry
public void registerAccessConstraintAttributeUtilization(AccessConstraintKey key, PathAddress address, String attribute)
registerAccessConstraintAttributeUtilization
in interface AccessConstraintUtilizationRegistry
public void registerAccessConstraintOperationUtilization(AccessConstraintKey key, PathAddress address, String operation)
registerAccessConstraintOperationUtilization
in interface AccessConstraintUtilizationRegistry
public void unregisterAccessConstraintUtilizations(PathAddress address)
unregisterAccessConstraintUtilizations
in interface AccessConstraintUtilizationRegistry
Copyright © 2023 JBoss by Red Hat. All rights reserved.