public final class StandardRBACAuthorizer extends ManagementPermissionAuthorizer
Authorizer
implementation that uses a provided
RoleMapper
to construct a DefaultPermissionFactory
, with that permission factory
used for the permissions used by the superclass implementation
.
Also supports the allowed roles being specified via a roles
operation-header in the top level operation
whose value is the name of a role or a DMR list of strings each of which is the name of a role.
This operation-header based approach is only secure to the extent the clients using it are secure. To use this
approach the client must authenticate, and the underlying.
So, by adding the roles
operation-header to the request the client can only reduce its privileges,
not increase them.
Authorizer.AuthorizerDescription
Modifier and Type | Field and Description |
---|---|
static Authorizer.AuthorizerDescription |
AUTHORIZER_DESCRIPTION |
Modifier and Type | Method and Description |
---|---|
static StandardRBACAuthorizer |
create(AuthorizerConfiguration configuration,
RoleMapper roleMapper) |
Set<String> |
getCallerRoles(Caller caller,
Environment callEnvironment,
Set<String> runAsRoles)
Gets the set of roles the caller can run as taking into account any requested 'run as' roles.
|
Authorizer.AuthorizerDescription |
getDescription()
Gets a description of the characteristics of this authorizer
|
void |
shutdown() |
authorize, authorize, authorizeJmxOperation
public static final Authorizer.AuthorizerDescription AUTHORIZER_DESCRIPTION
public static StandardRBACAuthorizer create(AuthorizerConfiguration configuration, RoleMapper roleMapper)
public Set<String> getCallerRoles(Caller caller, Environment callEnvironment, Set<String> runAsRoles)
Authorizer
getCallerRoles
in interface Authorizer
getCallerRoles
in class ManagementPermissionAuthorizer
caller
- the caller. Cannot be null
callEnvironment
- the call environment. Cannot be null
runAsRoles
- any requested 'run as' roles. May be null
null
will be returned if the access control provider does not support role mapping.public Authorizer.AuthorizerDescription getDescription()
Authorizer
getDescription
in interface Authorizer
getDescription
in class ManagementPermissionAuthorizer
null
public void shutdown()
Copyright © 2023 JBoss by Red Hat. All rights reserved.