@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { AuthorizationResult authorizationResult = context.authorize(operation); if (authorizationResult.getDecision() == AuthorizationResult.Decision.DENY) { throw ControllerMessages.MESSAGES.unauthorized(operation.get(OP).asString(), PathAddress.pathAddress(operation.get(OP_ADDR)), authorizationResult.getExplanation()); } String name = operation.require(ModelDescriptionConstants.NAME).asString(); try { persister.deleteSnapshot(name); } catch (Exception e) { throw new OperationFailedException(e); } context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER); }
@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { AuthorizationResult authorizationResult = context.authorize(operation); if (authorizationResult.getDecision() == AuthorizationResult.Decision.DENY) { throw ControllerMessages.MESSAGES.unauthorized(operation.get(OP).asString(), PathAddress.pathAddress(operation.get(OP_ADDR)), authorizationResult.getExplanation()); } try { String name = persister.snapshot(); context.getResult().set(name); } catch (ConfigurationPersistenceException e) { throw new OperationFailedException(e); } context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER); }
private void authorizeAdd(boolean runtimeOnly) { AuthorizationResult accessResult = authorize(activeStep.operationId, activeStep.operation, false, ADDRESS); if (accessResult.getDecision() == AuthorizationResult.Decision.DENY) { throw ControllerMessages.MESSAGES.managementResourceNotFound(activeStep.address); } final Set<Action.ActionEffect> writeEffect = runtimeOnly ? WRITE_RUNTIME : WRITE_CONFIG; AuthorizationResult authResult = authorize(activeStep.operationId, activeStep.operation, true, writeEffect); if (authResult.getDecision() == AuthorizationResult.Decision.DENY) { AuthorizationResponseImpl authResp = authorizations.get(activeStep.operationId); assert authResp != null : "no AuthorizationResponse"; String opName = activeStep.operation.get(OP).asString(); authResp.addOperationResult(opName, authResult); authResult = authResp.validateAddAttributeEffects(opName, writeEffect, activeStep.operation); authResp.addOperationResult(opName, authResult); if (authResult.getDecision() == AuthorizationResult.Decision.DENY) { throw ControllerMessages.MESSAGES.unauthorized(activeStep.operationId.name, activeStep.address, authResult.getExplanation()); } } }
@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { AuthorizationResult authorizationResult = context.authorize(operation); if (authorizationResult.getDecision() == AuthorizationResult.Decision.DENY) { throw ControllerMessages.MESSAGES.unauthorized(operation.get(OP).asString(), PathAddress.pathAddress(operation.get(OP_ADDR)), authorizationResult.getExplanation()); } try { SnapshotInfo info = persister.listSnapshots(); ModelNode result = context.getResult(); result.get(ModelDescriptionConstants.DIRECTORY).set(info.getSnapshotDirectory()); result.get(ModelDescriptionConstants.NAMES).setEmptyList(); for (String name : info.names()) { result.get(ModelDescriptionConstants.NAMES).add(name); } } catch (Exception e) { throw new OperationFailedException(e); } context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER); }
private void authorize(boolean allAttributes, Set<Action.ActionEffect> actionEffects) { AuthorizationResult accessResult = authorize(activeStep.operationId, activeStep.operation, false, ADDRESS); if (accessResult.getDecision() == AuthorizationResult.Decision.DENY) { if (activeStep.address.size() > 0) { throw ControllerMessages.MESSAGES.managementResourceNotFound(activeStep.address); } else { // WFLY-2037 -- the root resource isn't hidden; if we hit this it means the user isn't authorized throw ControllerMessages.MESSAGES.unauthorized(activeStep.operationId.name, activeStep.address, accessResult.getExplanation()); } } AuthorizationResult authResult = authorize(activeStep.operationId, activeStep.operation, allAttributes, actionEffects); if (authResult.getDecision() == AuthorizationResult.Decision.DENY) { throw ControllerMessages.MESSAGES.unauthorized(activeStep.operationId.name, activeStep.address, authResult.getExplanation()); } }
private void doExecuteInternal(OperationContext context, ModelNode operation) throws OperationFailedException { ModelNode value = context.hasResult() ? context.getResult().clone() : new ModelNode(); AuthorizationResult authorizationResult = context.authorize(operation, operation.require(NAME).asString(), value); if (authorizationResult.getDecision() == AuthorizationResult.Decision.DENY) { context.getResult().clear(); throw ControllerMessages.MESSAGES.unauthorized(operation.require(OP).asString(), PathAddress.pathAddress(operation.get(OP_ADDR)), authorizationResult.getExplanation()); } context.stepCompleted(); } }
throw ControllerMessages.MESSAGES.unauthorized(operation.require(OP).asString(), pa, authResult.getExplanation());
/** * {@inheritDoc} */ @Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { try { attribute.validateOperation(operation); // Trigger authz AuthorizationResult authorizationResult = context.authorize(operation, ACTION_EFFECT_SET); if (authorizationResult.getDecision() == AuthorizationResult.Decision.DENY) { throw ControllerMessages.MESSAGES.unauthorized(operation.get(ModelDescriptionConstants.OP).asString(), PathAddress.pathAddress(operation.get(ModelDescriptionConstants.OP_ADDR)), authorizationResult.getExplanation()); } InputStream is = getContentInputStream(context, operation); try { byte[] hash = contentRepository.addContent(is); context.getResult().set(hash); } finally { safeClose(is); } } catch (IOException e) { throw ServerMessages.MESSAGES.caughtIOExceptionUploadingContent(e); } context.stepCompleted(); }
@Override public void execute(final OperationContext context, final ModelNode operation) throws OperationFailedException { final ModelNode address; final PathAddress pa = PathAddress.pathAddress(PathAddress.pathAddress(operation.require(OP_ADDR))); AuthorizationResult authResult = context.authorize(operation, DESCRIBE_EFFECTS); if (authResult.getDecision() != AuthorizationResult.Decision.PERMIT) { throw ControllerMessages.MESSAGES.unauthorized(operation.require(OP).asString(), pa, authResult.getExplanation()); } if (pa.size() > 0) { address = new ModelNode().add(pa.getLastElement().getKey(), pa.getLastElement().getValue()); } else { address = new ModelNode().setEmptyList(); } final Resource resource = context.readResource(PathAddress.EMPTY_ADDRESS); final ModelNode result = context.getResult(); describe(resource, address, result, context.getResourceRegistration()); context.stepCompleted(); }
throw ControllerMessages.MESSAGES.unauthorized(operation.require(OP).asString(), PathAddress.pathAddress(operation.get(OP_ADDR)), authorizationResult.getExplanation());
throw ControllerMessages.MESSAGES.managementResourceNotFound(activeStep.address); throw ControllerMessages.MESSAGES.unauthorized(activeStep.operationId.name, activeStep.address, authResult.getExplanation());