public static StandardRBACAuthorizer create(AuthorizerConfiguration configuration, final RoleMapper roleMapper) { final RunAsRoleMapper runAsRoleMapper = new RunAsRoleMapper(roleMapper); final DefaultPermissionFactory permissionFactory = new DefaultPermissionFactory( runAsRoleMapper, configuration); return new StandardRBACAuthorizer(configuration, permissionFactory, runAsRoleMapper); }
private synchronized PermsHolder configureRolePermissions() { if (!rolePermissionsConfigured) { this.permissionsByRole.clear(); this.permissionsByRole.putAll(configureDefaultPermissions()); for (Map.Entry<String, ScopedBase> entry : scopedBaseMap.entrySet()) { addScopedRoleInternal(entry.getKey(), entry.getValue().base, entry.getValue().constraint); } permsHolder = new PermsHolder(permissionsByRole, constraintFactories); rolePermissionsConfigured = true; } return permsHolder; }
/** * Creates a new {@code DefaultPermissionFactory} * @param roleMapper the role mapper. Cannot be {@code null} * @param authorizerConfiguration the configuration for the {@link org.jboss.as.controller.access.Authorizer} that * is using this factory. Cannot be {@code null} */ public DefaultPermissionFactory(RoleMapper roleMapper, AuthorizerConfiguration authorizerConfiguration) { this(roleMapper, getStandardConstraintFactories(), authorizerConfiguration); }
private PermissionCollection getUserPermissions(Set<String> roles) { PermissionCollection result = checkAllPermissions(roles); if (result != null) { return result; PermsHolder currentPerms = configureRolePermissions(); result = currentPerms.getPermissions(roles); if (result != null) { throw ControllerLogger.ROOT_LOGGER.illegalMultipleRoles(); ManagementPermissionCollection role = currentPerms.permsByRole.get(getOfficialForm(roleName)); if (role == null) { continue; String officialForm = getOfficialForm(roleName); while (permissionEnumeration.hasMoreElements()) { ManagementPermission mperm = (ManagementPermission) permissionEnumeration.nextElement();
@Override public synchronized void scopedRoleAdded(AuthorizerConfiguration.ScopedRole added) { String roleName = added.getName(); String officialForm = getOfficialForm(roleName); if (permissionsByRole.containsKey(officialForm)) { throw ControllerLogger.ROOT_LOGGER.roleIsAlreadyRegistered(roleName); } String baseName = added.getBaseRoleName(); String officialBase = getOfficialForm(baseName); if (rolePermissionsConfigured && !permissionsByRole.containsKey(officialBase)) { throw ControllerLogger.ROOT_LOGGER.unknownBaseRole(baseName); } ScopingConstraint constraint = added.getScopingConstraint(); addConstraintFactory(constraint.getFactory()); scopedBaseMap.put(officialForm, new ScopedBase(StandardRole.valueOf(officialBase), constraint)); rolePermissionsConfigured = false; }
private synchronized void addScopedRoleInternal(String officialForm, StandardRole base, ScopingConstraint scopingConstraint) { ManagementPermissionCollection baseCollection = permissionsByRole.get(getOfficialForm(base)); int constraintIndex = getConstraintIndex(scopingConstraint.getFactory()); ManagementPermissionCollection monitorCollection = permissionsByRole.get(getOfficialForm(StandardRole.MONITOR)); Enumeration<Permission> monitorEnumeration = monitorCollection.elements(); while (monitorEnumeration.hasMoreElements()) { String scopedBaseName = officialForm + " (" + getOfficialForm(base) + " permissions)"; while (permissionEnumeration.hasMoreElements()) { SimpleManagementPermission basePerm = (SimpleManagementPermission) permissionEnumeration.nextElement();
@Override public PermissionCollection getUserPermissions(Caller caller, Environment callEnvironment, Action action, TargetResource target) { return getUserPermissions(roleMapper.mapRoles(caller, callEnvironment, action, target)); }
@Override public PermissionCollection getRequiredPermissions(JmxAction action, JmxTarget target) { PermsHolder currentPerms = configureRolePermissions(); ConstraintFactory[] currentFactories = currentPerms.constraintFactories; ManagementPermissionCollection result = new ManagementPermissionCollection(SimpleManagementPermission.class); for (Action.ActionEffect actionEffect : action.getActionEffects()) { Constraint[] constraints = new Constraint[currentFactories.length]; for (int i = 0; i < constraints.length; i++) { constraints[i] = currentFactories[i].getRequiredConstraint(actionEffect, action, target); } result.add(new SimpleManagementPermission(actionEffect, constraints)); } return result; }
private PermissionCollection getUserPermissions(Set<String> roles) { PermsHolder currentPerms = configureRolePermissions(); PermissionCollection result = currentPerms.getPermissions(roles); if (result != null) { throw ControllerMessages.MESSAGES.illegalMultipleRoles(); ManagementPermissionCollection role = currentPerms.permsByRole.get(getOfficialForm(roleName)); if (role == null) { throw ControllerMessages.MESSAGES.unknownRole(roleName); String officialForm = getOfficialForm(roleName); while (permissionEnumeration.hasMoreElements()) { ManagementPermission mperm = (ManagementPermission) permissionEnumeration.nextElement();
@Override public synchronized void scopedRoleRemoved(AuthorizerConfiguration.ScopedRole removed) { String officialForm = getOfficialForm(removed.getName()); StandardRole standard; try { standard = StandardRole.valueOf(officialForm); } catch (RuntimeException ignored) { // wasn't a standard role standard = null; } if (standard != null) { throw ControllerLogger.ROOT_LOGGER.cannotRemoveStandardRole(standard.toString()); } synchronized (this) { scopedBaseMap.remove(officialForm); rolePermissionsConfigured = false; } }
private PermissionCollection getUserPermissions(Set<String> roles) { PermissionCollection result = checkAllPermissions(roles); if (result != null) { return result; PermsHolder currentPerms = configureRolePermissions(); result = currentPerms.getPermissions(roles); if (result != null) { throw ControllerLogger.ROOT_LOGGER.illegalMultipleRoles(); ManagementPermissionCollection role = currentPerms.permsByRole.get(getOfficialForm(roleName)); if (role == null) { continue; String officialForm = getOfficialForm(roleName); while (permissionEnumeration.hasMoreElements()) { ManagementPermission mperm = (ManagementPermission) permissionEnumeration.nextElement();
@Override public synchronized void scopedRoleAdded(AuthorizerConfiguration.ScopedRole added) { String roleName = added.getName(); String officialForm = getOfficialForm(roleName); if (permissionsByRole.containsKey(officialForm)) { throw ControllerLogger.ROOT_LOGGER.roleIsAlreadyRegistered(roleName); } String baseName = added.getBaseRoleName(); String officialBase = getOfficialForm(baseName); if (rolePermissionsConfigured && !permissionsByRole.containsKey(officialBase)) { throw ControllerLogger.ROOT_LOGGER.unknownBaseRole(baseName); } ScopingConstraint constraint = added.getScopingConstraint(); addConstraintFactory(constraint.getFactory()); scopedBaseMap.put(officialForm, new ScopedBase(StandardRole.valueOf(officialBase), constraint)); rolePermissionsConfigured = false; }
private synchronized void addScopedRoleInternal(String officialForm, StandardRole base, ScopingConstraint scopingConstraint) { ManagementPermissionCollection baseCollection = permissionsByRole.get(getOfficialForm(base)); int constraintIndex = getConstraintIndex(scopingConstraint.getFactory()); ManagementPermissionCollection monitorCollection = permissionsByRole.get(getOfficialForm(StandardRole.MONITOR)); Enumeration<Permission> monitorEnumeration = monitorCollection.elements(); while (monitorEnumeration.hasMoreElements()) { String scopedBaseName = officialForm + " (" + getOfficialForm(base) + " permissions)"; while (permissionEnumeration.hasMoreElements()) { SimpleManagementPermission basePerm = (SimpleManagementPermission) permissionEnumeration.nextElement();
@Override public PermissionCollection getUserPermissions(Caller caller, Environment callEnvironment, Action action, TargetAttribute target) { return getUserPermissions(roleMapper.mapRoles(caller, callEnvironment, action, target)); }
@Override public PermissionCollection getRequiredPermissions(Action action, TargetAttribute target) { PermsHolder currentPerms = configureRolePermissions(); ConstraintFactory[] currentFactories = currentPerms.constraintFactories; ManagementPermissionCollection result = new ManagementPermissionCollection(SimpleManagementPermission.class); for (Action.ActionEffect actionEffect : action.getActionEffects()) { Constraint[] constraints = new Constraint[currentFactories.length]; for (int i = 0; i < constraints.length; i++) { constraints[i] = currentFactories[i].getRequiredConstraint(actionEffect, action, target); } result.add(new SimpleManagementPermission(actionEffect, constraints)); } return result; }
@Override public synchronized void scopedRoleRemoved(AuthorizerConfiguration.ScopedRole removed) { String officialForm = getOfficialForm(removed.getName()); StandardRole standard; try { standard = StandardRole.valueOf(officialForm); } catch (RuntimeException ignored) { // wasn't a standard role standard = null; } if (standard != null) { throw ControllerLogger.ROOT_LOGGER.cannotRemoveStandardRole(standard.toString()); } synchronized (this) { scopedBaseMap.remove(officialForm); rolePermissionsConfigured = false; } }
private synchronized PermsHolder configureRolePermissions() { if (!rolePermissionsConfigured) { this.permissionsByRole.clear(); this.permissionsByRole.putAll(configureDefaultPermissions()); for (Map.Entry<String, ScopedBase> entry : scopedBaseMap.entrySet()) { addScopedRoleInternal(entry.getKey(), entry.getValue().base, entry.getValue().constraint); } permsHolder = new PermsHolder(permissionsByRole, constraintFactories); rolePermissionsConfigured = true; } return permsHolder; }
@Override public synchronized void scopedRoleAdded(AuthorizerConfiguration.ScopedRole added) { String roleName = added.getName(); String officialForm = getOfficialForm(roleName); if (permissionsByRole.containsKey(officialForm)) { throw ControllerMessages.MESSAGES.roleIsAlreadyRegistered(roleName); } String baseName = added.getBaseRoleName(); String officialBase = getOfficialForm(baseName); if (rolePermissionsConfigured && !permissionsByRole.containsKey(officialBase)) { throw ControllerMessages.MESSAGES.unknownBaseRole(baseName); } ScopingConstraint constraint = added.getScopingConstraint(); addConstraintFactory(constraint.getFactory()); scopedBaseMap.put(officialForm, new ScopedBase(StandardRole.valueOf(officialBase), constraint)); rolePermissionsConfigured = false; }
private synchronized void addScopedRoleInternal(String officialForm, StandardRole base, ScopingConstraint scopingConstraint) { ManagementPermissionCollection baseCollection = permissionsByRole.get(getOfficialForm(base)); int constraintIndex = getConstraintIndex(scopingConstraint.getFactory()); ManagementPermissionCollection monitorCollection = permissionsByRole.get(getOfficialForm(StandardRole.MONITOR)); Enumeration<Permission> monitorEnumeration = monitorCollection.elements(); while (monitorEnumeration.hasMoreElements()) { String scopedBaseName = officialForm + " (" + getOfficialForm(base) + " permissions)"; while (permissionEnumeration.hasMoreElements()) { SimpleManagementPermission basePerm = (SimpleManagementPermission) permissionEnumeration.nextElement();
@Override public PermissionCollection getUserPermissions(Caller caller, Environment callEnvironment, Action action, TargetResource target) { return getUserPermissions(roleMapper.mapRoles(caller, callEnvironment, action, target)); }