public class RunAsRoleMapper extends Object implements RoleMapper
RoleMapper
that allows clients to specify the roles they desire to run as. By default this RoleMapper
Reads
the set of roles from a request headers in the operation, allowing the client to completely control the mapping. Roles are
stored as a ModelNode of type ModelType.LIST, elements of ModelType.STRING, under operation.get("operation-headers",
"roles"). If no such header is found, the user is SUPERUSER. IF the list is empty, the user has no permissions.
This RoleMapper
can be extended to allow the ability to run as different roles to be checked.Constructor and Description |
---|
RunAsRoleMapper(RoleMapper realRoleMapper) |
Modifier and Type | Method and Description |
---|---|
boolean |
canRunAs(Set<String> mappedRoles,
String runAsRole)
Gets whether the given set of mapped roles provides a caller with the privilege to run as the given
"
runAsRole ". |
static Set<String> |
getOperationHeaderRoles(org.jboss.dmr.ModelNode operation) |
Set<String> |
mapRoles(Caller caller,
Environment callEnvironment,
Action action,
TargetAttribute attribute)
Determine the roles available for the caller for a management operation affecting an individual attribute.
|
Set<String> |
mapRoles(Caller caller,
Environment callEnvironment,
Action action,
TargetResource resource)
Determine the roles available for the caller for a management operation affecting an entire resource.
|
Set<String> |
mapRoles(Caller caller,
Environment callEnvironment,
JmxAction action,
JmxTarget target)
Determine the roles available for the caller for a JMX invocation unrelated to the management facade MBeans.
|
Set<String> |
mapRoles(Caller caller,
Environment callEnvironment,
Set<String> operationHeaderRoles)
Determine the roles available for the caller without reference to a particular action or target.
|
public RunAsRoleMapper(RoleMapper realRoleMapper)
public Set<String> mapRoles(Caller caller, Environment callEnvironment, Action action, TargetAttribute attribute)
RoleMapper
mapRoles
in interface RoleMapper
caller
- the caller. Cannot be null
callEnvironment
- the call environment. Cannot be null
action
- the action being authorized. Cannot be null
attribute
- the target of the action. Cannot be null
null
, but may be an empty setpublic Set<String> mapRoles(Caller caller, Environment callEnvironment, Action action, TargetResource resource)
RoleMapper
mapRoles
in interface RoleMapper
caller
- the caller. Cannot be null
callEnvironment
- the call environment. Cannot be null
action
- the action being authorized. Cannot be null
resource
- the target of the action. Cannot be null
null
, but may be an empty setpublic Set<String> mapRoles(Caller caller, Environment callEnvironment, JmxAction action, JmxTarget target)
RoleMapper
mapRoles
in interface RoleMapper
caller
- the caller. Cannot be null
callEnvironment
- the call environment. Cannot be null
action
- the action being authorized. Cannot be null
target
- the target of the action. Cannot be null
null
, but may be an empty setpublic Set<String> mapRoles(Caller caller, Environment callEnvironment, Set<String> operationHeaderRoles)
RoleMapper
mapRoles
in interface RoleMapper
caller
- the caller. Cannot be null
callEnvironment
- the call environment. Cannot be null
operationHeaderRoles
- any roles specified as headers in the operation. May be null
null
, but may be an empty setpublic boolean canRunAs(Set<String> mappedRoles, String runAsRole)
RoleMapper
runAsRole
".canRunAs
in interface RoleMapper
mappedRoles
- a set of roles obtained from a call to one of this mapper's mapRoles
methodsrunAsRole
- the role the caller wishes to run astrue
if running as runAsRole
is allowedCopyright © 2023 JBoss by Red Hat. All rights reserved.