public final class SecurityIdentity extends Object implements PermissionVerifier, PermissionMappable, Supplier<SecurityIdentity>, Scoped
ALL, NONE
Modifier and Type | Method and Description |
---|---|
FlexibleIdentityAssociation |
createFlexibleAssociation()
Create a new flexible identity association, initializing it with this identity.
|
SecurityIdentity |
createRunAsAnonymous()
Attempt to create a new identity that can be used to run as an anonymous user.
|
SecurityIdentity |
createRunAsAnonymous(boolean authorize)
Attempt to create a new identity that can be used to run as an anonymous user
Calling with enabled security manager requires
setRunAsPrincipal ElytronPermission . |
SecurityIdentity |
createRunAsIdentity(Principal principal,
boolean authorize)
Attempt to create a new identity that can be used to run as a user with the given principal.
|
SecurityIdentity |
createRunAsIdentity(String name)
Attempt to create a new identity that can be used to run as a user with the given name.
|
SecurityIdentity |
createRunAsIdentity(String name,
boolean authorize)
Attempt to create a new identity that can be used to run as a user with the given name.
|
SecurityIdentity |
get()
Get this identity.
|
Attributes |
getAttributes()
Get the attributes associated with this identity.
|
Instant |
getCreationTime()
Get the creation time of this identity, which is the time that the initial authentication occurred.
|
Principal |
getPrincipal()
Get the principal of this identity.
|
IdentityCredentials |
getPrivateCredentials()
Get the private credentials of this identity.
|
IdentityCredentials |
getPublicCredentials()
Get the public credentials of this identity.
|
Roles |
getRoles()
Get the roles associated with this identity.
|
Roles |
getRoles(String category)
Get the mapped roles associated with this identity.
|
Roles |
getRoles(String category,
boolean fallbackToDefault)
Get the mapped roles associated with this identity.
|
boolean |
implies(Permission permission)
Determine if the permission is verified by this object.
|
SecurityIdentity |
intersectWith(PermissionVerifier verifier)
Create a new security identity which is the same as this one, but which limits authorization privileges to the
intersection of the current privileges and the given verifier.
|
boolean |
isAnonymous()
Convenience method to determine if this identity is anonymous.
|
<T,P> T |
runAs(P parameter,
ParametricPrivilegedAction<T,P> action)
Deprecated.
Use
Scoped.runAsFunction(Function, Object) instead. |
<T,P> T |
runAs(P parameter,
ParametricPrivilegedExceptionAction<T,P> action)
Deprecated.
Use
Scoped.runAsFunctionEx(ExceptionFunction, Object) instead. |
<T> T |
runAs(PrivilegedAction<T> action)
Deprecated.
Use
Scoped.runAsSupplier(Supplier) instead. |
<T> T |
runAs(PrivilegedExceptionAction<T> action)
Deprecated.
Use
Scoped.runAsSupplierEx(ExceptionSupplier) instead. |
static <T> T |
runAsAll(PrivilegedExceptionAction<T> action,
SecurityIdentity... identities)
Run an action under a series of identities.
|
<T,U> boolean |
runAsBiPredicate(BiPredicate<T,U> action,
T parameter1,
U parameter2)
Run an action under this identity.
|
<T,U> void |
runAsConsumer(BiConsumer<T,U> action,
T parameter1,
U parameter2)
Run an action under this identity.
|
<T,U,E extends Exception> |
runAsConsumerEx(org.wildfly.common.function.ExceptionBiConsumer<T,U,E> action,
T parameter1,
U parameter2)
Run an action under this identity.
|
<T,U,E extends Exception> |
runAsExBiPredicate(org.wildfly.common.function.ExceptionBiPredicate<T,U,E> action,
T parameter1,
U parameter2)
Run an action under this identity.
|
<T,U,R> R |
runAsFunction(BiFunction<T,U,R> action,
T parameter1,
U parameter2)
Run an action under this identity.
|
<T,U,R,E extends Exception> |
runAsFunctionEx(org.wildfly.common.function.ExceptionBiFunction<T,U,R,E> action,
T parameter1,
U parameter2)
Run an action under this identity.
|
<T> void |
runAsObjIntConsumer(ObjIntConsumer<T> action,
T parameter1,
int parameter2)
Run an action under this identity.
|
<T,E extends Exception> |
runAsObjIntConsumerEx(org.wildfly.common.function.ExceptionObjIntConsumer<T,E> action,
T parameter1,
int parameter2)
Run an action under this identity.
|
String |
toString() |
SecurityIdentity |
withPrivateCredential(Credential credential)
Create a new security identity which is the same as this one, but which includes the given credential as a
private credential.
|
SecurityIdentity |
withPrivateCredentials(IdentityCredentials credentials)
Create a new security identity which is the same as this one, but which includes the given credentials as
private credentials.
|
SecurityIdentity |
withPublicCredential(Credential credential)
Create a new security identity which is the same as this one, but which includes the given credential as a
public credential.
|
SecurityIdentity |
withPublicCredentials(IdentityCredentials credentials)
Create a new security identity which is the same as this one, but which includes the given credentials as
public credentials.
|
SecurityIdentity |
withRoleMapper(String category,
RoleMapper roleMapper)
Attempt to create a new identity which replaces a role mapper category on the current identity.
|
SecurityIdentity |
withSecurityIdentity(SecurityIdentity securityIdentity)
Attempt to create a new identity that is the same as this identity but with an additional identity from a different
security domain that will be associated with all 'run' calls.
|
SecurityIdentity |
withSecurityIdentitySupplier(Supplier<SecurityIdentity[]> securityIdentities)
Attempt to create a new identity that is the same as this identity but with a
Supplier to supply identities that will be associated with all 'run' calls. |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
and, checkPermission, from, from, from, from, not, or, toPermissionCollection, unless, xor
runAs, runAs, runAsAction, runAsConsumer, runAsConsumerEx, runAsExceptionAction, runAsExIntFunction, runAsExLongFunction, runAsExPredicate, runAsFunction, runAsFunctionEx, runAsIntFunction, runAsLongFunction, runAsPredicate, runAsSupplier, runAsSupplierEx
@Deprecated public <T> T runAs(PrivilegedAction<T> action)
Scoped.runAsSupplier(Supplier)
instead.T
- the action return typeaction
- the action to runnull
)@Deprecated public <T> T runAs(PrivilegedExceptionAction<T> action) throws PrivilegedActionException
Scoped.runAsSupplierEx(ExceptionSupplier)
instead.T
- the action return typeaction
- the action to runnull
)PrivilegedActionException
- if the action fails@Deprecated public <T,P> T runAs(P parameter, ParametricPrivilegedAction<T,P> action)
Scoped.runAsFunction(Function, Object)
instead.T
- the action return typeP
- the action parameter typeparameter
- the parameter to pass to the actionaction
- the action to runnull
)@Deprecated public <T,P> T runAs(P parameter, ParametricPrivilegedExceptionAction<T,P> action) throws PrivilegedActionException
Scoped.runAsFunctionEx(ExceptionFunction, Object)
instead.T
- the action return typeP
- the action parameter typeparameter
- the parameter to pass to the actionaction
- the action to runnull
)PrivilegedActionException
- if the action failspublic <T,U,R> R runAsFunction(BiFunction<T,U,R> action, T parameter1, U parameter2)
runAsFunction
in interface Scoped
R
- the action return typeT
- the action first parameter typeU
- the action second parameter typeparameter1
- the first parameter to pass to the actionparameter2
- the second parameter to pass to the actionaction
- the action to runnull
)public <T,U> void runAsConsumer(BiConsumer<T,U> action, T parameter1, U parameter2)
runAsConsumer
in interface Scoped
T
- the action first parameter typeU
- the action second parameter typeparameter1
- the first parameter to pass to the actionparameter2
- the second parameter to pass to the actionaction
- the action to runpublic <T> void runAsObjIntConsumer(ObjIntConsumer<T> action, T parameter1, int parameter2)
runAsObjIntConsumer
in interface Scoped
T
- the action first parameter typeparameter1
- the first parameter to pass to the actionparameter2
- the second parameter to pass to the actionaction
- the action to runpublic <T,U,R,E extends Exception> R runAsFunctionEx(org.wildfly.common.function.ExceptionBiFunction<T,U,R,E> action, T parameter1, U parameter2) throws E extends Exception
runAsFunctionEx
in interface Scoped
R
- the action return typeT
- the action first parameter typeU
- the action second parameter typeE
- the action exception typeparameter1
- the first parameter to pass to the actionparameter2
- the second parameter to pass to the actionaction
- the action to runnull
)E
- if the action throws this exceptionE extends Exception
public <T,U,E extends Exception> void runAsConsumerEx(org.wildfly.common.function.ExceptionBiConsumer<T,U,E> action, T parameter1, U parameter2) throws E extends Exception
runAsConsumerEx
in interface Scoped
T
- the action first parameter typeU
- the action second parameter typeE
- the action exception typeparameter1
- the first parameter to pass to the actionparameter2
- the second parameter to pass to the actionaction
- the action to runE
- if the action throws this exceptionE extends Exception
public <T,E extends Exception> void runAsObjIntConsumerEx(org.wildfly.common.function.ExceptionObjIntConsumer<T,E> action, T parameter1, int parameter2) throws E extends Exception
runAsObjIntConsumerEx
in interface Scoped
T
- the action first parameter typeE
- the action exception typeparameter1
- the first parameter to pass to the actionparameter2
- the second parameter to pass to the actionaction
- the action to runE
- if the action throws this exceptionE extends Exception
public <T,U> boolean runAsBiPredicate(BiPredicate<T,U> action, T parameter1, U parameter2)
runAsBiPredicate
in interface Scoped
T
- the action first parameter typeU
- the action second parameter typeparameter1
- the first parameter to pass to the actionparameter2
- the second parameter to pass to the actionaction
- the action to runnull
)public <T,U,E extends Exception> boolean runAsExBiPredicate(org.wildfly.common.function.ExceptionBiPredicate<T,U,E> action, T parameter1, U parameter2) throws E extends Exception
runAsExBiPredicate
in interface Scoped
T
- the action first parameter typeU
- the action second parameter typeE
- the action exception typeparameter1
- the first parameter to pass to the actionparameter2
- the second parameter to pass to the actionaction
- the action to runnull
)E
- if the action throws this exceptionE extends Exception
public static <T> T runAsAll(PrivilegedExceptionAction<T> action, SecurityIdentity... identities) throws PrivilegedActionException
T
- the action return typeaction
- the action to runidentities
- the identities to set upnull
)PrivilegedActionException
- if the action failspublic Roles getRoles()
public Roles getRoles(String category)
category
- the role mapping categorypublic SecurityIdentity withSecurityIdentitySupplier(Supplier<SecurityIdentity[]> securityIdentities)
Supplier
to supply identities that will be associated with all 'run' calls.
Any existing individual identities associated with this identity will be dropped.
The supplier will be called for each run call so were possible should handle it's own optimisation.securityIdentities
- a Supplier
for identities to be associated with every run call.IllegalArgumentException
- if the supplied identitypublic SecurityIdentity withSecurityIdentity(SecurityIdentity securityIdentity)
Supplier
has previously been associated with this identity it will be dropped.securityIdentity
- the SecurityIdentity
to also be associated with all run calls made to this identity.IllegalArgumentException
- if the supplied identitypublic Roles getRoles(String category, boolean fallbackToDefault)
category
- the role mapping categoryfallbackToDefault
- true
if the default roles associated with this identity should be returned if no
role mapping exists for the given category, false
otherwisepublic SecurityIdentity withRoleMapper(String category, RoleMapper roleMapper)
category
- the category nameroleMapper
- the role mapper to useSecurityException
- if the calling class is not granted the ChangeRoleMapperPermission
for the given
category namepublic SecurityIdentity createRunAsIdentity(String name) throws SecurityException
setRunAsPrincipal
ElytronPermission
.
Regardless security manager is enabled, RunAsPrincipalPermission
for given name is required.name
- the name to attempt to run asSecurityException
- if the operation authorization failed for any reasonpublic SecurityIdentity createRunAsIdentity(String name, boolean authorize) throws SecurityException
setRunAsPrincipal
ElytronPermission
.name
- the name to attempt to run asauthorize
- whether to check the current identity is authorized to run as a user
with the given principal (has RunAsPrincipalPermission
)SecurityException
- if the caller does not have the setRunAsPrincipal
ElytronPermission
or if the operation authorization failed for any other reasonpublic SecurityIdentity createRunAsIdentity(Principal principal, boolean authorize) throws SecurityException
setRunAsPrincipal
ElytronPermission
.principal
- the principal to attempt to run asauthorize
- whether to check the current identity is authorized to run as a user
with the given principal (has RunAsPrincipalPermission
)SecurityException
- if the caller does not have the setRunAsPrincipal
ElytronPermission
or if the operation authorization failed for any other reasonpublic SecurityIdentity createRunAsAnonymous() throws SecurityException
setRunAsPrincipal
ElytronPermission
.
LoginPermission
granted to the anonymous identity will be required.SecurityException
- if the operation authorization failed for any reasonpublic SecurityIdentity createRunAsAnonymous(boolean authorize) throws SecurityException
setRunAsPrincipal
ElytronPermission
.authorize
- whether to check the anonymous identity is authorized to log in
(has LoginPermission
)SecurityException
- if the caller does not have the setRunAsPrincipal
ElytronPermission
or if the operation authorization failed for any other reasonpublic SecurityIdentity intersectWith(PermissionVerifier verifier)
verifier
- the restricted verifier (must not be null
)public boolean implies(Permission permission)
PermissionVerifier
implies
in interface PermissionVerifier
permission
- the permission to verify (must not be null
)true
if the permission is implied by this verifier, false
otherwisepublic Attributes getAttributes()
getAttributes
in interface PermissionMappable
Attributes
with all attributes associated with this identitypublic Principal getPrincipal()
getPrincipal
in interface PermissionMappable
public Instant getCreationTime()
getCreationTime
in interface PermissionMappable
null
)public IdentityCredentials getPublicCredentials()
getPublicCredentials
in interface PermissionMappable
null
)public boolean isAnonymous()
true
if the identity is anonymous, false
otherwisepublic SecurityIdentity withPublicCredential(Credential credential)
credential
- the credential (must not be null
)public SecurityIdentity withPublicCredentials(IdentityCredentials credentials)
credentials
- the credential set (must not be null
)public SecurityIdentity withPrivateCredential(Credential credential)
credential
- the credential (must not be null
)public SecurityIdentity withPrivateCredentials(IdentityCredentials credentials)
credentials
- the credential set (must not be null
)public IdentityCredentials getPrivateCredentials()
getPrivateCredentials
ElytronPermission
.null
)public SecurityIdentity get()
get
in interface Supplier<SecurityIdentity>
public FlexibleIdentityAssociation createFlexibleAssociation()
null
)Copyright © 2019 JBoss by Red Hat. All rights reserved.