/** * Gets the effects of this action. * * @return the effects. Will not be {@code null} */ public Set<Action.ActionEffect> getActionEffects() { switch(getImpact()) { case CLASSLOADING: case WRITE: return WRITES; case READ_ONLY: return READS; default: throw new IllegalStateException(); } }
/** * Gets the effects of this action. * * @return the effects. Will not be {@code null} */ public Set<Action.ActionEffect> getActionEffects() { switch(getImpact()) { case CLASSLOADING: case WRITE: return WRITES; case READ_ONLY: return READS; default: throw new IllegalStateException(); } }
@Override public Constraint getRequiredConstraint(Action.ActionEffect actionEffect, JmxAction action, JmxTarget target) { return (action.getImpact() == JmxAction.Impact.CLASSLOADING || target.isNonFacadeMBeansSensitive()) ? SENSITIVE : NOT_SENSITIVE; } }
@Override public Constraint getRequiredConstraint(Action.ActionEffect actionEffect, JmxAction action, JmxTarget target) { return (action.getImpact() == JmxAction.Impact.CLASSLOADING || target.isNonFacadeMBeansSensitive()) ? SENSITIVE : NOT_SENSITIVE; } }
@Override public AuthorizationResult authorizeJmxOperation(Caller caller, Environment callEnvironment, JmxAction action) { Set<String> roles = jmxPermissionFactory.getUserRoles(caller, null, FAKE_JMX_ACTION, (TargetResource) null); if (action.getImpact() == Impact.EXTRA_SENSITIVE) { return authorize(roles, StandardRole.SUPERUSER, StandardRole.ADMINISTRATOR); } else if (jmxPermissionFactory.isNonFacadeMBeansSensitive()) { if (action.getImpact() == Impact.READ_ONLY) { return authorize(roles, StandardRole.SUPERUSER, StandardRole.ADMINISTRATOR, StandardRole.AUDITOR); } else { return authorize(roles, StandardRole.SUPERUSER, StandardRole.ADMINISTRATOR); } } else { if (action.getImpact() == Impact.READ_ONLY) { //Everybody can read mbeans when not sensitive return AuthorizationResult.PERMITTED; //authorize(exception, roles, StandardRole.SUPERUSER, StandardRole.ADMINISTRATOR, StandardRole.OPERATOR, StandardRole.MAINTAINER, StandardRole.AUDITOR, StandardRole.MONITOR, StandardRole.DEPLOYER); } else { return authorize(roles, StandardRole.SUPERUSER, StandardRole.ADMINISTRATOR, StandardRole.OPERATOR, StandardRole.MAINTAINER); } } }