@Override public Set<String> mapRoles(Caller caller, Environment callEnvironment, Action action, TargetAttribute attribute) { Set<String> runAsRoles = getOperationHeaderRoles(action.getOperation()); return mapRoles(caller, realRoleMapper.mapRoles(caller, callEnvironment, action, attribute), runAsRoles, true); }
public static Set<String> getOperationHeaderRoles(ModelNode operation) { Set<String> result = null; if (operation.hasDefined(ModelDescriptionConstants.OPERATION_HEADERS)) { ModelNode headers = operation.get(ModelDescriptionConstants.OPERATION_HEADERS); if (headers.hasDefined(ModelDescriptionConstants.ROLES)) { ModelNode rolesNode = headers.get(ModelDescriptionConstants.ROLES); if (rolesNode.getType() == ModelType.STRING) { rolesNode = parseRolesString(rolesNode.asString()); } if (rolesNode.getType() == ModelType.STRING) { result = Collections.singleton(getRoleFromText(rolesNode.asString())); } else { result = new HashSet<String>(); for (ModelNode role : rolesNode.asList()) { result.add(getRoleFromText(role.asString())); } } } } return result; }
@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { String roleName = RoleMappingResourceDefinition.getRoleName(operation); if (context.getCurrentStage() == Stage.MODEL) { context.addStep(this, Stage.RUNTIME); } else { ModelNode result = context.getResult(); Set<String> operationHeaderRoles = RunAsRoleMapper.getOperationHeaderRoles(operation); result.set(isCallerInRole(roleName, context.getCaller(), context.getCallEnvironment(), operationHeaderRoles)); } }
public static StandardRBACAuthorizer create(AuthorizerConfiguration configuration, final RoleMapper roleMapper) { final RunAsRoleMapper runAsRoleMapper = new RunAsRoleMapper(roleMapper); final DefaultPermissionFactory permissionFactory = new DefaultPermissionFactory( runAsRoleMapper, configuration); return new StandardRBACAuthorizer(configuration, permissionFactory, runAsRoleMapper); }
@Override public Set<String> mapRoles(Caller caller, Environment callEnvironment, Set<String> operationHeaderRoles) { return mapRoles(caller, realRoleMapper.mapRoles(caller, callEnvironment, null), operationHeaderRoles, false); }
private Set<String> mapRoles(Caller caller, Set<String> currentRoles, Set<String> runAsRoles, boolean sanitized) { Set<String> result = currentRoles; if (runAsRoles != null) { Set<String> roleSet = new HashSet<String>(); for (String role : runAsRoles) { String requestedRole = sanitized ? role : getRoleFromText(role); if (realRoleMapper.canRunAs(currentRoles, requestedRole)) { roleSet.add(requestedRole); } } if (roleSet.isEmpty() == false) { result = Collections.unmodifiableSet(roleSet); if (ACCESS_LOGGER.isTraceEnabled()) { StringBuilder sb = new StringBuilder("User '").append(caller.getName()).append( "' Mapped to requested roles { "); for (String current : result) { sb.append("'").append(current).append("' "); } sb.append("}"); ACCESS_LOGGER.trace(sb.toString()); } } } return result; }
public static Set<String> getOperationHeaderRoles(ModelNode operation) { Set<String> result = null; if (operation.hasDefined(ModelDescriptionConstants.OPERATION_HEADERS)) { ModelNode headers = operation.get(ModelDescriptionConstants.OPERATION_HEADERS); if (headers.hasDefined(ModelDescriptionConstants.ROLES)) { ModelNode rolesNode = headers.get(ModelDescriptionConstants.ROLES); if (rolesNode.getType() == ModelType.STRING) { rolesNode = parseRolesString(rolesNode.asString()); } if (rolesNode.getType() == ModelType.STRING) { result = Collections.singleton(getRoleFromText(rolesNode.asString())); } else { result = new HashSet<String>(); for (ModelNode role : rolesNode.asList()) { result.add(getRoleFromText(role.asString())); } } } } return result; }
@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { String roleName = RoleMappingResourceDefinition.getRoleName(operation); if (context.getCurrentStage() == Stage.MODEL) { context.addStep(this, Stage.RUNTIME); } else { ModelNode result = context.getResult(); Set<String> operationHeaderRoles = RunAsRoleMapper.getOperationHeaderRoles(operation); result.set(isCallerInRole(roleName, context.getCaller(), context.getCallEnvironment(), operationHeaderRoles)); } }
public static StandardRBACAuthorizer create(AuthorizerConfiguration configuration, final RoleMapper roleMapper) { final RunAsRoleMapper runAsRoleMapper = new RunAsRoleMapper(roleMapper); final DefaultPermissionFactory permissionFactory = new DefaultPermissionFactory( runAsRoleMapper, configuration); return new StandardRBACAuthorizer(configuration, permissionFactory, runAsRoleMapper); }
@Override public Set<String> mapRoles(Caller caller, Environment callEnvironment, Set<String> operationHeaderRoles) { return mapRoles(caller, realRoleMapper.mapRoles(caller, callEnvironment, null), operationHeaderRoles, false); }
private Set<String> mapRoles(Caller caller, Set<String> currentRoles, Set<String> runAsRoles, boolean sanitized) { Set<String> result = currentRoles; if (runAsRoles != null) { Set<String> roleSet = new HashSet<String>(); for (String role : runAsRoles) { String requestedRole = sanitized ? role : getRoleFromText(role); if (realRoleMapper.canRunAs(currentRoles, requestedRole)) { roleSet.add(requestedRole); } } if (roleSet.isEmpty() == false) { result = Collections.unmodifiableSet(roleSet); if (ACCESS_LOGGER.isTraceEnabled()) { StringBuilder sb = new StringBuilder("User '").append(caller.getName()).append( "' Mapped to requested roles { "); for (String current : result) { sb.append("'").append(current).append("' "); } sb.append("}"); ACCESS_LOGGER.trace(sb.toString()); } } } return result; }
@Override public Set<String> mapRoles(Caller caller, Environment callEnvironment, Action action, TargetResource resource) { Set<String> runAsRoles = getOperationHeaderRoles(action.getOperation()); return mapRoles(caller, realRoleMapper.mapRoles(caller, callEnvironment, action, resource), runAsRoles, true); }
public static Set<String> getOperationHeaderRoles(ModelNode operation) { Set<String> result = null; if (operation.hasDefined(ModelDescriptionConstants.OPERATION_HEADERS)) { ModelNode headers = operation.get(ModelDescriptionConstants.OPERATION_HEADERS); if (headers.hasDefined(ModelDescriptionConstants.ROLES)) { ModelNode rolesNode = headers.get(ModelDescriptionConstants.ROLES); if (rolesNode.getType() == ModelType.STRING) { rolesNode = parseRolesString(rolesNode.asString()); } if (rolesNode.getType() == ModelType.STRING) { result = Collections.singleton(getRoleFromText(rolesNode.asString())); } else { result = new HashSet<String>(); for (ModelNode role : rolesNode.asList()) { result.add(getRoleFromText(role.asString())); } } } } return result; }
Set<String> mappedRoles = authorizer == null ? null : authorizer.getCallerRoles(context.getCaller(), context.getCallEnvironment(), RunAsRoleMapper.getOperationHeaderRoles(operation)); if (mappedRoles != null) { ModelNode rolesModel = result.get(MAPPED_ROLES);
public static StandardRBACAuthorizer create(AuthorizerConfiguration configuration, final RoleMapper roleMapper) { final RunAsRoleMapper runAsRoleMapper = new RunAsRoleMapper(roleMapper); final DefaultPermissionFactory permissionFactory = new DefaultPermissionFactory( runAsRoleMapper, configuration); return new StandardRBACAuthorizer(configuration, permissionFactory, runAsRoleMapper); }
@Override public Set<String> mapRoles(Caller caller, Environment callEnvironment, Set<String> operationHeaderRoles) { return mapRoles(caller, realRoleMapper.mapRoles(caller, callEnvironment, null), operationHeaderRoles, false); }
private Set<String> mapRoles(Caller caller, Set<String> currentRoles, Set<String> runAsRoles, boolean sanitized) { Set<String> result = currentRoles; if (runAsRoles != null) { Set<String> roleSet = new HashSet<String>(); for (String role : runAsRoles) { String requestedRole = sanitized ? role : getRoleFromText(role); if (realRoleMapper.canRunAs(currentRoles, requestedRole)) { roleSet.add(requestedRole); } } if (roleSet.isEmpty() == false) { result = Collections.unmodifiableSet(roleSet); if (ACCESS_LOGGER.isTraceEnabled()) { StringBuilder sb = new StringBuilder("User '").append(caller.getName()).append( "' Mapped to requested roles { "); for (String current : result) { sb.append("'").append(current).append("' "); } sb.append("}"); ACCESS_LOGGER.trace(sb.toString()); } } } return result; }
@Override public Set<String> mapRoles(Caller caller, Environment callEnvironment, Action action, TargetResource resource) { Set<String> runAsRoles = getOperationHeaderRoles(action.getOperation()); return mapRoles(caller, realRoleMapper.mapRoles(caller, callEnvironment, action, resource), runAsRoles, true); }
Set<String> mappedRoles = authorizer == null ? null : authorizer.getCallerRoles(context.getCaller(), context.getCallEnvironment(), RunAsRoleMapper.getOperationHeaderRoles(operation)); if (mappedRoles != null) { ModelNode rolesModel = result.get(MAPPED_ROLES);
@Override public Set<String> mapRoles(Caller caller, Environment callEnvironment, Action action, TargetAttribute attribute) { Set<String> runAsRoles = getOperationHeaderRoles(action.getOperation()); return mapRoles(caller, realRoleMapper.mapRoles(caller, callEnvironment, action, attribute), runAsRoles, true); }