@Override public Constraint getRequiredConstraint(Action.ActionEffect actionEffect, JmxAction action, JmxTarget target) { return (action.getImpact() == JmxAction.Impact.CLASSLOADING || target.isNonFacadeMBeansSensitive()) ? SENSITIVE : NOT_SENSITIVE; } }
@Override public boolean isInVmCall() { return InVmAccess.isInVmCall(); } };
/** * This method returns the set of roles already associated with the caller. * * Note: This is the realm mapping of roles and does not automatically mean that these roles will be used for management * access control decisions. * * @return The {@link Set} of associated roles or an empty set if none. */ public Set<String> getAssociatedRoles() { return getAssociatedGroups(); }
private void addAttributeAuthorizationResult(ModelNode result, String attributeName, ResourceAuthorization authResp, ActionEffect actionEffect) { AuthorizationResult authorizationResult = authResp.getAttributeResult(attributeName, actionEffect); if (authorizationResult != null) { result.get(actionEffect == ActionEffect.READ_CONFIG || actionEffect == ActionEffect.READ_RUNTIME ? READ : WRITE).set(authorizationResult.getDecision() == Decision.PERMIT); } }
@Override public Caller getCaller(Caller currentCaller, SecurityIdentity securityIdentity) { // This is deliberately checking the Subject is the exact same instance. if (currentCaller == null || securityIdentity != currentCaller.getSecurityIdentity()) { return Caller.createCaller(securityIdentity); } return currentCaller; }
@Override public OperationResponse apply(DomainModelControllerService controllerService) { return InVmAccess.runInVm((PrivilegedAction<OperationResponse>) () -> controllerService.internalExecute(operation, handler, control, step)); } };
/** * Obtain the {@link Subject} used to create this caller. * * @return The {@link Subject} used to create this caller. */ public Subject getSubject() { checkPermission(GET_SUBJECT_PERMISSION); return subject; }
@Override Set<String> getRolesList() { return authorizerConfiguration.getAllRoles(); } }
@Override public Subject getSubject(Caller caller) { return caller.getSubject(); } };
@Override Set<String> getRolesList() { return authorizerConfiguration.getStandardRoles(); } }
@Override public OperationResponse apply(DomainModelControllerService controllerService) { return InVmAccess.runInVm((PrivilegedAction<OperationResponse>) () -> controllerService.internalExecute(operation, handler, control, step)); } };
@Override public Constraint getRequiredConstraint(Action.ActionEffect actionEffect, JmxAction action, JmxTarget target) { return (action.getImpact() == JmxAction.Impact.CLASSLOADING || target.isNonFacadeMBeansSensitive()) ? SENSITIVE : NOT_SENSITIVE; } }
/** * Obtain the {@link Subject} used to create this caller. * * This method will always return {@code null} as this is now backed by a {@link SecurityIdentity} this method remains * however for binary compatibility. * * @return The {@link Subject} used to create this caller. */ public Subject getSubject() { checkPermission(ControllerPermission.GET_CALLER_SUBJECT); return null; }
/** * This method returns the set of roles already associated with the caller. * * Note: This is the realm mapping of roles and does not automatically mean that these roles will be used for management * access control decisions. * * @return The {@link Set} of associated roles or an empty set if none. */ public Set<String> getAssociatedRoles() { return getAssociatedGroups(); }
@Override public boolean isInVmCall() { return InVmAccess.isInVmCall(); } };
@Override public OperationResponse apply(DomainModelControllerService controllerService) { return InVmAccess.runInVm((PrivilegedAction<OperationResponse>) () -> controllerService.internalExecute(operation, handler, control, step, true)); } };
/** * Obtain the {@link SecurityIdentity} to create this {@link Caller}. * * @return the {@link SecurityIdentity} to create this {@link Caller}. */ public SecurityIdentity getSecurityIdentity() { checkPermission(ControllerPermission.GET_CALLER_SECURITY_IDENTITY); return securityIdentity; }
@Override public boolean isInVmCall() { return InVmAccess.isInVmCall(); } };
/** * Obtain the {@link SecurityIdentity} to create this {@link Caller}. * * @return the {@link SecurityIdentity} to create this {@link Caller}. */ public SecurityIdentity getSecurityIdentity() { checkPermission(ControllerPermission.GET_CALLER_SECURITY_IDENTITY); return securityIdentity; }
@Override public boolean isInVmCall() { return InVmAccess.isInVmCall(); } };