public class JBossAuthorizationManager extends Object implements AuthorizationManager
Constructor and Description |
---|
JBossAuthorizationManager(String securityDomainName) |
Modifier and Type | Method and Description |
---|---|
int |
authorize(Resource resource)
Authorize a resource Note: The implementation will try to derive the authenticated subject by some means
|
int |
authorize(Resource resource,
Subject subject)
Authorize a resource for an authenticated subject
|
int |
authorize(Resource resource,
Subject subject,
Group roleGroup)
Authorize a resource given a Group of Principals representing roles
|
int |
authorize(Resource resource,
Subject subject,
RoleGroup role)
Authorize a resource given a role
|
protected boolean |
doesRoleGroupHaveRole(Principal role,
RoleGroup userRoles)
Check that the indicated application domain role is a member of the
user's assigned roles.
|
boolean |
doesUserHaveRole(Principal principal,
Principal role)
Does the current Subject have a role(a Principal) that equates to one
of the role names.
|
boolean |
doesUserHaveRole(Principal principal,
Set<Principal> rolePrincipals)
Does the current Subject have a role(a Principal) that equates to one
of the role names.
|
String |
getSecurityDomain()
Get the security domain from which the security manager is from.
|
RoleGroup |
getSubjectRoles(Subject authenticatedSubject,
CallbackHandler cbh)
Get the Current Roles for the authenticated Subject The AuthorizationManager will apply role generation and role
mapping logic configured for the security domain
|
Group |
getTargetRoles(Principal targetPrincipal,
Map<String,Object> contextMap)
Trust usecases may have a need to determine the roles of the target principal which has been derived via a
principal from another domain by the Authentication Manager An implementation of this interface may have to
contact a trust provider for additional information about the principal
|
Set<Principal> |
getUserRoles(Principal principal)
Return the set of domain roles the current active Subject 'Roles' group
found in the subject Principals set.
|
void |
setAuthorizationContext(AuthorizationContext authorizationContext)
Set the AuthorizationContext
|
String |
toString() |
public JBossAuthorizationManager(String securityDomainName)
public int authorize(Resource resource) throws AuthorizationException
AuthorizationManager
authorize
in interface AuthorizationManager
resource
- Resource to be authorizedAuthorizationException
AuthorizationManager.authorize(Resource)
public int authorize(Resource resource, Subject subject) throws AuthorizationException
AuthorizationManager
authorize
in interface AuthorizationManager
resource
- Resource to be authorizedsubject
- Authenticated SubjectAuthorizationException
AuthorizationManager.authorize(Resource, Subject)
public int authorize(Resource resource, Subject subject, RoleGroup role) throws AuthorizationException
AuthorizationManager
authorize
in interface AuthorizationManager
subject
- the authenticated subjectrole
- a role (which can be a nested role)AuthorizationException
AuthorizationManager.authorize(Resource, Subject, RoleGroup)
public int authorize(Resource resource, Subject subject, Group roleGroup) throws AuthorizationException
AuthorizationManager
authorize
in interface AuthorizationManager
subject
- the authenticated subjectAuthorizationException
AuthorizationManager.authorize(Resource, Subject, Group)
public boolean doesUserHaveRole(Principal principal, Set<Principal> rolePrincipals)
doesUserHaveRole
in interface AuthorizationManager
principal
- - ignored. The current authenticated Subject determines
the active user and assigned user roles.rolePrincipals
- - a Set of Principals for the roles to check.Group;
,
Subject.getPrincipals()
public boolean doesUserHaveRole(Principal principal, Principal role)
principal
- - ignored. The current authenticated Subject determines
the active user and assigned user roles.role
- - the application domain role that the principal is to be
validated against.doesUserHaveRole(Principal, Set)
public Set<Principal> getUserRoles(Principal principal)
getUserRoles
in interface AuthorizationManager
principal
- - ignored. The current authenticated Subject determines
the active user and assigned user roles.protected boolean doesRoleGroupHaveRole(Principal role, RoleGroup userRoles)
role
- , the application domain role required for accessuserRoles
- , the set of roles assigned to the userpublic void setAuthorizationContext(AuthorizationContext authorizationContext)
public String getSecurityDomain()
BaseSecurityManager
getSecurityDomain
in interface BaseSecurityManager
public Group getTargetRoles(Principal targetPrincipal, Map<String,Object> contextMap)
AuthorizationManager
getTargetRoles
in interface AuthorizationManager
targetPrincipal
- Principal applicable in current domaincontextMap
- Read-Only Contextual Information that may be useful for the implementation in determining the
roles.AuthorizationManager.getTargetRoles(Principal, Map)
public RoleGroup getSubjectRoles(Subject authenticatedSubject, CallbackHandler cbh)
AuthorizationManager
getSubjectRoles
in interface AuthorizationManager
cbh
- a CallbackHandler that can be used by the AuthorizationManager to obtain essentials such as
SecurityContext etcAuthorizationManager.getSubjectRoles(Subject, CallbackHandler)
Copyright © 2016 JBoss by Red Hat. All rights reserved.