private boolean isAttributeDenied(Map<ActionEffect, AuthorizationResult> attributeResults, Set<ActionEffect> actionEffects) { for (ActionEffect actionEffect : actionEffects) { AuthorizationResult ar = attributeResults.get(actionEffect); if (ar != null && ar.getDecision() == Decision.DENY) { return true; } } return false; }
private boolean isAttributeDenied(Map<ActionEffect, AuthorizationResult> attributeResults, Set<ActionEffect> actionEffects) { for (ActionEffect actionEffect : actionEffects) { AuthorizationResult ar = attributeResults.get(actionEffect); if (ar != null && ar.getDecision() == Decision.DENY) { return true; } } return false; }
private boolean isAttributeDenied(Map<ActionEffect, AuthorizationResult> attributeResults, Set<ActionEffect> actionEffects) { for (ActionEffect actionEffect : actionEffects) { AuthorizationResult ar = attributeResults.get(actionEffect); if (ar != null && ar.getDecision() == Decision.DENY) { return true; } } return false; }
private void addAttributeAuthorizationResult(ModelNode result, String attributeName, ResourceAuthorization authResp, ActionEffect actionEffect) { AuthorizationResult authorizationResult = authResp.getAttributeResult(attributeName, actionEffect); if (authorizationResult != null) { result.get(actionEffect == ActionEffect.READ_CONFIG || actionEffect == ActionEffect.READ_RUNTIME ? READ : WRITE).set(authorizationResult.getDecision() == Decision.PERMIT); } }
private boolean isAccessPermitted(OperationContext context, ModelNode address) { ModelNode fakeOperation = new ModelNode(); fakeOperation.get(OP).set(READ_RESOURCE_OPERATION); fakeOperation.get(OP_ADDR).set(address); AuthorizationResult authResult = context.authorize(fakeOperation, READ_EFFECT); return (authResult.getDecision() == AuthorizationResult.Decision.PERMIT); }
private void addAttributeAuthorizationResult(ModelNode result, String attributeName, ResourceAuthorization authResp, ActionEffect actionEffect) { AuthorizationResult authorizationResult = authResp.getAttributeResult(attributeName, actionEffect); if (authorizationResult != null) { result.get(actionEffect == ActionEffect.READ_CONFIG || actionEffect == ActionEffect.READ_RUNTIME ? READ : WRITE).set(authorizationResult.getDecision() == Decision.PERMIT); } }
private void addOperationAuthorizationResult(OperationContext context, ModelNode result, ModelNode operation, String operationName) { AuthorizationResult authorizationResult = context.authorizeOperation(operation); result.get(EXECUTE).set(authorizationResult.getDecision() == Decision.PERMIT); }
private boolean isAccessPermitted(OperationContext context, ModelNode address) { ModelNode fakeOperation = new ModelNode(); fakeOperation.get(OP).set(READ_RESOURCE_OPERATION); fakeOperation.get(OP_ADDR).set(address); AuthorizationResult authResult = context.authorize(fakeOperation, READ_EFFECT); return (authResult.getDecision() == AuthorizationResult.Decision.PERMIT); }
private boolean isAccessPermitted(OperationContext context, ModelNode address) { ModelNode fakeOperation = new ModelNode(); fakeOperation.get(OP).set(READ_RESOURCE_OPERATION); fakeOperation.get(OP_ADDR).set(address); AuthorizationResult authResult = context.authorize(fakeOperation, READ_EFFECT); return (authResult.getDecision() == AuthorizationResult.Decision.PERMIT); }
private void addAttributeAuthorizationResult(ModelNode result, String attributeName, ResourceAuthorization authResp, ActionEffect actionEffect) { AuthorizationResult authorizationResult = authResp.getAttributeResult(attributeName, actionEffect); if (authorizationResult != null) { result.get(actionEffect == ActionEffect.READ_CONFIG || actionEffect == ActionEffect.READ_RUNTIME ? READ : WRITE).set(authorizationResult.getDecision() == Decision.PERMIT); } }
private boolean canReadFailureDescription(OperationContext context, ModelNode bootError) { ModelNode completeOPeration = bootError.get(COMPLETE_OP); OperationEntry operationEntry = context.getRootResourceRegistration().getOperationEntry( PathAddress.pathAddress(completeOPeration.get(OP_ADDR)), completeOPeration.get(OP).asString()); Set<Action.ActionEffect> effects = getEffects(operationEntry); return context.authorize(bootError.get(COMPLETE_OP), effects).getDecision() == AuthorizationResult.Decision.PERMIT; }
private boolean canReadFailureDescription(OperationContext context, ModelNode bootError) { ModelNode completeOPeration = bootError.get(COMPLETE_OP); OperationEntry operationEntry = context.getRootResourceRegistration().getOperationEntry( PathAddress.pathAddress(completeOPeration.get(OP_ADDR)), completeOPeration.get(OP).asString()); Set<Action.ActionEffect> effects = getEffects(operationEntry); return context.authorize(bootError.get(COMPLETE_OP), effects).getDecision() == AuthorizationResult.Decision.PERMIT; }
@Override public AuthorizationResult authorize(ModelNode operation, String attribute, ModelNode currentValue, Set<Action.ActionEffect> effects) { OperationId opId = new OperationId(operation); AuthorizationResult resourceResult = authorize(opId, operation, false, effects); if (resourceResult.getDecision() == AuthorizationResult.Decision.DENY) { return resourceResult; } return authorize(opId, attribute, currentValue, effects); }
@Override public AuthorizationResult authorize(ModelNode operation, String attribute, ModelNode currentValue, Set<Action.ActionEffect> effects) { OperationId opId = new OperationId(operation); AuthorizationResult resourceResult = authorize(opId, operation, false, effects); if (resourceResult.getDecision() == AuthorizationResult.Decision.DENY) { return resourceResult; } return authorize(opId, attribute, currentValue, effects); }
@Override public AuthorizationResult authorize(ModelNode operation, String attribute, ModelNode currentValue, Set<Action.ActionEffect> effects) { OperationId opId = new OperationId(operation); AuthorizationResult resourceResult = authorize(opId, operation, false, effects); if (resourceResult.getDecision() == AuthorizationResult.Decision.DENY) { return resourceResult; } return authorize(opId, attribute, currentValue, effects); }
boolean authorizeSuperUserOrAdministrator(String methodName) throws MBeanException { if (authorizer != null) { //TODO populate the 'environment' variable AuthorizationResult authorizationResult = authorizer.authorizeJmxOperation(createCaller(), null, new JmxAction(methodName, JmxAction.Impact.EXTRA_SENSITIVE)); if (authorizationResult.getDecision() != Decision.PERMIT) { throw JmxMessages.MESSAGES.unauthorized(); } } return true; }
private void doExecuteInternal(OperationContext context, ModelNode operation) throws OperationFailedException { ModelNode value = context.hasResult() ? context.getResult().clone() : new ModelNode(); AuthorizationResult authorizationResult = context.authorize(operation, operation.require(NAME).asString(), value); if (authorizationResult.getDecision() == AuthorizationResult.Decision.DENY) { context.getResult().clear(); throw ControllerMessages.MESSAGES.unauthorized(operation.require(OP).asString(), PathAddress.pathAddress(operation.get(OP_ADDR)), authorizationResult.getExplanation()); } context.stepCompleted(); } }
private void doExecuteInternal(OperationContext context, ModelNode operation) throws OperationFailedException { ModelNode value = context.hasResult() ? context.getResult().clone() : new ModelNode(); AuthorizationResult authorizationResult = context.authorize(operation, operation.require(NAME).asString(), value); if (authorizationResult.getDecision() == AuthorizationResult.Decision.DENY) { context.getResult().clear(); throw ControllerLogger.ROOT_LOGGER.unauthorized(operation.require(OP).asString(), context.getCurrentAddress(), authorizationResult.getExplanation()); } } }
private void authorizeClassloadingOperation(MBeanServerPlugin delegate, ObjectName objectName, String methodName) throws MBeanException { if (authorizer != null && delegate.shouldAuthorize()) { JmxTarget target = new JmxTarget(methodName, objectName, isNonFacadeMBeansSensitive(), jmxEffect, jmxEffect); JmxAction action = new JmxAction(methodName, JmxAction.Impact.CLASSLOADING); //TODO populate the 'environment' variable SecurityIdentity securityIdentity = securityIdentitySupplier != null ? securityIdentitySupplier.get() : null; AuthorizationResult authorizationResult = authorizer.authorizeJmxOperation(createCaller(securityIdentity), null, action, target); if (authorizationResult.getDecision() != Decision.PERMIT) { throw JmxLogger.ROOT_LOGGER.unauthorized(); } } }
private void doExecuteInternal(OperationContext context, ModelNode operation) throws OperationFailedException { ModelNode value = context.hasResult() ? context.getResult().clone() : new ModelNode(); AuthorizationResult authorizationResult = context.authorize(operation, operation.require(NAME).asString(), value); if (authorizationResult.getDecision() == AuthorizationResult.Decision.DENY) { context.getResult().clear(); throw ControllerLogger.ROOT_LOGGER.unauthorized(operation.require(OP).asString(), context.getCurrentAddress(), authorizationResult.getExplanation()); } } }