private RoleMappingResourceDefinition(final DelegatingConfigurableAuthorizer authorizer, final boolean domainMode) { super(PathElement.pathElement(PATH_KEY), DomainManagementResolver.getResolver("core.access-control.role-mapping"), RoleMappingAdd.create(authorizer.getWritableAuthorizerConfiguration(), domainMode), RoleMappingRemove.create(authorizer.getWritableAuthorizerConfiguration())); this.authorizer = authorizer; }
@Override public void registerAttributes(ManagementResourceRegistration resourceRegistration) { WritableAuthorizerConfiguration authorizerConfiguration = authorizer.getWritableAuthorizerConfiguration(); resourceRegistration.registerReadWriteAttribute(INCLUDE_ALL, null, new RoleIncludeAllWriteAttributeHander(authorizerConfiguration)); }
@Override public void registerAttributes(ManagementResourceRegistration resourceRegistration) { WritableAuthorizerConfiguration authorizerConfiguration = authorizer.getWritableAuthorizerConfiguration(); resourceRegistration.registerReadWriteAttribute(INCLUDE_ALL, null, new RoleIncludeAllWriteAttributeHander(authorizerConfiguration)); }
private RoleMappingResourceDefinition(final DelegatingConfigurableAuthorizer authorizer, final boolean domainMode) { super(PathElement.pathElement(PATH_KEY), DomainManagementResolver.getResolver("core.access-control.role-mapping"), RoleMappingAdd.create(authorizer.getWritableAuthorizerConfiguration(), domainMode), RoleMappingRemove.create(authorizer.getWritableAuthorizerConfiguration())); this.authorizer = authorizer; }
static void updateAuthorizer(final ModelNode value, final DelegatingConfigurableAuthorizer configurableAuthorizer) { ModelNode resolvedValue = value.isDefined() ? value : AccessAuthorizationResourceDefinition.PROVIDER.getDefaultValue(); String providerName = resolvedValue.asString().toUpperCase(Locale.ENGLISH); Provider provider = Provider.valueOf(providerName); AuthorizerConfiguration authorizerConfiguration = configurableAuthorizer.getWritableAuthorizerConfiguration(); RoleMapper roleMapper; if (provider == Provider.SIMPLE) { roleMapper = new SuperUserRoleMapper(authorizerConfiguration); } else { roleMapper = new StandardRoleMapper(configurableAuthorizer.getWritableAuthorizerConfiguration()); } Authorizer delegate = StandardRBACAuthorizer.create(configurableAuthorizer.getWritableAuthorizerConfiguration(), roleMapper); configurableAuthorizer.setDelegate(delegate); }
static void updateAuthorizer(final ModelNode value, final DelegatingConfigurableAuthorizer configurableAuthorizer) { ModelNode resolvedValue = value.isDefined() ? value : AccessAuthorizationResourceDefinition.PROVIDER.getDefaultValue(); String providerName = resolvedValue.asString().toUpperCase(Locale.ENGLISH); Provider provider = Provider.valueOf(providerName); AuthorizerConfiguration authorizerConfiguration = configurableAuthorizer.getWritableAuthorizerConfiguration(); RoleMapper roleMapper; if (provider == Provider.SIMPLE) { roleMapper = new SuperUserRoleMapper(authorizerConfiguration); } else { roleMapper = new StandardRoleMapper(configurableAuthorizer.getWritableAuthorizerConfiguration()); } Authorizer delegate = StandardRBACAuthorizer.create(configurableAuthorizer.getWritableAuthorizerConfiguration(), roleMapper); configurableAuthorizer.setDelegate(delegate); }
@Override public void registerChildren(ManagementResourceRegistration resourceRegistration) { WritableAuthorizerConfiguration authorizerConfiguration = authorizer.getWritableAuthorizerConfiguration(); resourceRegistration.registerSubModel(PrincipalResourceDefinition.includeResourceDefinition(authorizerConfiguration)); resourceRegistration.registerSubModel(PrincipalResourceDefinition.excludeResourceDefinition(authorizerConfiguration)); }
@Override public void registerChildren(ManagementResourceRegistration resourceRegistration) { WritableAuthorizerConfiguration authorizerConfiguration = authorizer.getWritableAuthorizerConfiguration(); resourceRegistration.registerSubModel(PrincipalResourceDefinition.includeResourceDefinition(authorizerConfiguration)); resourceRegistration.registerSubModel(PrincipalResourceDefinition.excludeResourceDefinition(authorizerConfiguration)); }
@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { WritableAuthorizerConfiguration authorizerConfiguration = configurableAuthorizer.getWritableAuthorizerConfiguration(); ModelNode provider = AccessAuthorizationResourceDefinition.PROVIDER.resolveModelAttribute(context, model); AccessAuthorizationProviderWriteAttributeHander.updateAuthorizer(provider, configurableAuthorizer); ModelNode combinationPolicy = AccessAuthorizationResourceDefinition.PERMISSION_COMBINATION_POLICY.resolveModelAttribute(context, model); AccessAuthorizationCombinationPolicyWriteAttributeHandler.updateAuthorizer(combinationPolicy, authorizerConfiguration); context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER); } }, OperationContext.Stage.RUNTIME);
@Override public void execute(OperationContext context, ModelNode operation) throws OperationFailedException { WritableAuthorizerConfiguration authorizerConfiguration = configurableAuthorizer.getWritableAuthorizerConfiguration(); ModelNode provider = AccessAuthorizationResourceDefinition.PROVIDER.resolveModelAttribute(context, model); AccessAuthorizationProviderWriteAttributeHander.updateAuthorizer(provider, configurableAuthorizer); ModelNode combinationPolicy = AccessAuthorizationResourceDefinition.PERMISSION_COMBINATION_POLICY.resolveModelAttribute(context, model); AccessAuthorizationCombinationPolicyWriteAttributeHandler.updateAuthorizer(combinationPolicy, authorizerConfiguration); context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER); } }, OperationContext.Stage.RUNTIME);
@Override public void registerAttributes(ManagementResourceRegistration resourceRegistration) { super.registerAttributes(resourceRegistration); WritableAuthorizerConfiguration authorizerConfiguration = configurableAuthorizer.getWritableAuthorizerConfiguration(); resourceRegistration.registerReadWriteAttribute(PROVIDER, null, new AccessAuthorizationProviderWriteAttributeHander(configurableAuthorizer)); resourceRegistration.registerReadWriteAttribute(USE_IDENTITY_ROLES, null, new AccessAuthorizationUseIdentityRolesWriteAttributeHander(configurableAuthorizer.getWritableAuthorizerConfiguration())); resourceRegistration.registerReadWriteAttribute(PERMISSION_COMBINATION_POLICY, null, new AccessAuthorizationCombinationPolicyWriteAttributeHandler(authorizerConfiguration)); resourceRegistration.registerReadOnlyAttribute(STANDARD_ROLE_NAMES, AccessAuthorizationRolesHandler.getStandardRolesHandler(authorizerConfiguration)); resourceRegistration.registerReadOnlyAttribute(ALL_ROLE_NAMES, AccessAuthorizationRolesHandler.getAllRolesHandler(authorizerConfiguration)); }
@Override public void registerAttributes(ManagementResourceRegistration resourceRegistration) { super.registerAttributes(resourceRegistration); WritableAuthorizerConfiguration authorizerConfiguration = configurableAuthorizer.getWritableAuthorizerConfiguration(); resourceRegistration.registerReadWriteAttribute(PROVIDER, null, new AccessAuthorizationProviderWriteAttributeHander(configurableAuthorizer)); resourceRegistration.registerReadWriteAttribute(USE_IDENTITY_ROLES, null, new AccessAuthorizationUseIdentityRolesWriteAttributeHander(configurableAuthorizer.getWritableAuthorizerConfiguration())); resourceRegistration.registerReadWriteAttribute(PERMISSION_COMBINATION_POLICY, null, new AccessAuthorizationCombinationPolicyWriteAttributeHandler(authorizerConfiguration)); resourceRegistration.registerReadOnlyAttribute(STANDARD_ROLE_NAMES, AccessAuthorizationRolesHandler.getStandardRolesHandler(authorizerConfiguration)); resourceRegistration.registerReadOnlyAttribute(ALL_ROLE_NAMES, AccessAuthorizationRolesHandler.getAllRolesHandler(authorizerConfiguration)); }
@Override public void registerChildren(ManagementResourceRegistration resourceRegistration) { // Role Mapping resourceRegistration.registerSubModel(RoleMappingResourceDefinition.create(configurableAuthorizer, isDomain)); // Scoped roles if (isDomain) { WritableAuthorizerConfiguration authorizerConfiguration = configurableAuthorizer.getWritableAuthorizerConfiguration(); resourceRegistration.registerSubModel(new ServerGroupScopedRoleResourceDefinition(authorizerConfiguration)); resourceRegistration.registerSubModel(new HostScopedRolesResourceDefinition(authorizerConfiguration)); } // Constraints // -- Application Type resourceRegistration.registerSubModel(ApplicationClassificationParentResourceDefinition.INSTANCE); // -- Sensitivity Classification resourceRegistration.registerSubModel(SensitivityClassificationParentResourceDefinition.INSTANCE); // -- Vault Expression resourceRegistration.registerSubModel(SensitivityResourceDefinition.createVaultExpressionConfiguration()); }
@Override public void registerChildren(ManagementResourceRegistration resourceRegistration) { // Role Mapping resourceRegistration.registerSubModel(RoleMappingResourceDefinition.create(configurableAuthorizer, isDomain)); // Scoped roles if (isDomain) { WritableAuthorizerConfiguration authorizerConfiguration = configurableAuthorizer.getWritableAuthorizerConfiguration(); resourceRegistration.registerSubModel(new ServerGroupScopedRoleResourceDefinition(authorizerConfiguration)); resourceRegistration.registerSubModel(new HostScopedRolesResourceDefinition(authorizerConfiguration)); } // Constraints // -- Application Type resourceRegistration.registerSubModel(ApplicationClassificationParentResourceDefinition.INSTANCE); // -- Sensitivity Classification resourceRegistration.registerSubModel(SensitivityClassificationParentResourceDefinition.INSTANCE); // -- Vault Expression resourceRegistration.registerSubModel(SensitivityResourceDefinition.createVaultExpressionConfiguration()); }
@Override public void initCoreModel(Resource rootResource, ManagementResourceRegistration rootRegistration, Resource modelControllerResource) { VersionModelInitializer.registerRootResource(rootResource, null); Resource managementResource = Resource.Factory.create(); rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.MANAGEMENT), managementResource); rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.SERVICE_CONTAINER), Resource.Factory.create()); managementResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.ACCESS, ModelDescriptionConstants.AUTHORIZATION), AccessAuthorizationResourceDefinition.createResource(authorizer.getWritableAuthorizerConfiguration())); rootResource.registerChild(ServerEnvironmentResourceDescription.RESOURCE_PATH, Resource.Factory.create()); pathManagerService.addPathManagerResources(rootResource); } }
@Override public void initCoreModel(Resource rootResource, ManagementResourceRegistration rootRegistration, Resource modelControllerResource) { VersionModelInitializer.registerRootResource(rootResource, null); Resource managementResource = Resource.Factory.create(); rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.MANAGEMENT), managementResource); rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.SERVICE_CONTAINER), Resource.Factory.create()); managementResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.ACCESS, ModelDescriptionConstants.AUTHORIZATION), AccessAuthorizationResourceDefinition.createResource(authorizer.getWritableAuthorizerConfiguration())); rootResource.registerChild(ServerEnvironmentResourceDescription.RESOURCE_PATH, Resource.Factory.create()); pathManagerService.addPathManagerResources(rootResource); } }
@Override protected void initModel(Resource rootResource, ManagementResourceRegistration rootRegistration) { // TODO maybe make creating of empty nodes part of the MNR description Resource managementResource = Resource.Factory.create(); // TODO - Can we get a Resource direct from CoreManagementResourceDefinition? rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.MANAGEMENT), managementResource); rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.SERVICE_CONTAINER), Resource.Factory.create()); rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.MODULE_LOADING), Resource.Factory.create()); managementResource.registerChild(AccessAuthorizationResourceDefinition.PATH_ELEMENT, AccessAuthorizationResourceDefinition.createResource(authorizer.getWritableAuthorizerConfiguration())); rootResource.registerChild(ServerEnvironmentResourceDescription.RESOURCE_PATH, Resource.Factory.create()); ((PathManagerService)injectedPathManagerService.getValue()).addPathManagerResources(rootResource); VersionModelInitializer.registerRootResource(rootResource, configuration.getServerEnvironment() != null ? configuration.getServerEnvironment().getProductConfig() : null); // Platform MBeans rootResource.registerChild(PlatformMBeanConstants.ROOT_PATH, new RootPlatformMBeanResource()); }
hostControllerInfo, managementModel.getCapabilityRegistry()); VersionModelInitializer.registerRootResource(managementModel.getRootResource(), environment != null ? environment.getProductConfig() : null); CoreManagementResourceDefinition.registerDomainResource(managementModel.getRootResource(), authorizer.getWritableAuthorizerConfiguration()); this.modelNodeRegistration = managementModel.getRootResourceRegistration();
@Override protected void initModel(ManagementModel managementModel, Resource modelControllerResource) { Resource rootResource = managementModel.getRootResource(); // TODO maybe make creating of empty nodes part of the MNR description Resource managementResource = Resource.Factory.create(); // TODO - Can we get a Resource direct from CoreManagementResourceDefinition? managementResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.SERVICE, ModelDescriptionConstants.MANAGEMENT_OPERATIONS), modelControllerResource); rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.MANAGEMENT), managementResource); rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.SERVICE_CONTAINER), Resource.Factory.create()); rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.MODULE_LOADING), PlaceholderResource.INSTANCE); rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.CAPABILITY_REGISTRY), Resource.Factory.create()); managementResource.registerChild(AccessAuthorizationResourceDefinition.PATH_ELEMENT, AccessAuthorizationResourceDefinition.createResource(authorizer.getWritableAuthorizerConfiguration())); rootResource.registerChild(ServerEnvironmentResourceDescription.RESOURCE_PATH, Resource.Factory.create()); ((PathManagerService)injectedPathManagerService.getValue()).addPathManagerResources(rootResource); VersionModelInitializer.registerRootResource(rootResource, configuration.getServerEnvironment() != null ? configuration.getServerEnvironment().getProductConfig() : null); // Platform MBeans rootResource.registerChild(PlatformMBeanConstants.ROOT_PATH, new RootPlatformMBeanResource()); final RuntimeCapabilityRegistry capabilityRegistry = managementModel.getCapabilityRegistry(); capabilityRegistry.registerCapability( new RuntimeCapabilityRegistration(PATH_MANAGER_CAPABILITY, CapabilityScope.GLOBAL, new RegistrationPoint(PathAddress.EMPTY_ADDRESS, null))); capabilityRegistry.registerCapability( new RuntimeCapabilityRegistration(EXECUTOR_CAPABILITY, CapabilityScope.GLOBAL, new RegistrationPoint(PathAddress.EMPTY_ADDRESS, null))); capabilityRegistry.registerCapability( new RuntimeCapabilityRegistration(SUSPEND_CONTROLLER_CAPABILITY, CapabilityScope.GLOBAL, new RegistrationPoint(PathAddress.EMPTY_ADDRESS, null))); // Record the core capabilities with the root MRR so reads of it will show it as their provider // This also gets them recorded as 'possible capabilities' in the capability registry ManagementResourceRegistration rootRegistration = managementModel.getRootResourceRegistration(); rootRegistration.registerCapability(PATH_MANAGER_CAPABILITY); rootRegistration.registerCapability(EXECUTOR_CAPABILITY); rootRegistration.registerCapability(SUSPEND_CONTROLLER_CAPABILITY); }
@Override protected void initModel(ManagementModel managementModel, Resource modelControllerResource) { Resource rootResource = managementModel.getRootResource(); // TODO maybe make creating of empty nodes part of the MNR description Resource managementResource = Resource.Factory.create(); // TODO - Can we get a Resource direct from CoreManagementResourceDefinition? managementResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.SERVICE, ModelDescriptionConstants.MANAGEMENT_OPERATIONS), modelControllerResource); rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.MANAGEMENT), managementResource); rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.SERVICE_CONTAINER), Resource.Factory.create()); rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.MODULE_LOADING), PlaceholderResource.INSTANCE); rootResource.registerChild(PathElement.pathElement(ModelDescriptionConstants.CORE_SERVICE, ModelDescriptionConstants.CAPABILITY_REGISTRY), Resource.Factory.create()); managementResource.registerChild(AccessAuthorizationResourceDefinition.PATH_ELEMENT, AccessAuthorizationResourceDefinition.createResource(authorizer.getWritableAuthorizerConfiguration())); rootResource.registerChild(ServerEnvironmentResourceDescription.RESOURCE_PATH, Resource.Factory.create()); ((PathManagerService)injectedPathManagerService.getValue()).addPathManagerResources(rootResource); VersionModelInitializer.registerRootResource(rootResource, configuration.getServerEnvironment() != null ? configuration.getServerEnvironment().getProductConfig() : null); // Platform MBeans rootResource.registerChild(PlatformMBeanConstants.ROOT_PATH, new RootPlatformMBeanResource()); final RuntimeCapabilityRegistry capabilityRegistry = managementModel.getCapabilityRegistry(); capabilityRegistry.registerCapability( new RuntimeCapabilityRegistration(PATH_MANAGER_CAPABILITY, CapabilityScope.GLOBAL, new RegistrationPoint(PathAddress.EMPTY_ADDRESS, null))); capabilityRegistry.registerCapability( new RuntimeCapabilityRegistration(EXECUTOR_CAPABILITY, CapabilityScope.GLOBAL, new RegistrationPoint(PathAddress.EMPTY_ADDRESS, null))); capabilityRegistry.registerCapability( new RuntimeCapabilityRegistration(SUSPEND_CONTROLLER_CAPABILITY, CapabilityScope.GLOBAL, new RegistrationPoint(PathAddress.EMPTY_ADDRESS, null))); // Record the core capabilities with the root MRR so reads of it will show it as their provider // This also gets them recorded as 'possible capabilities' in the capability registry ManagementResourceRegistration rootRegistration = managementModel.getRootResourceRegistration(); rootRegistration.registerCapability(PATH_MANAGER_CAPABILITY); rootRegistration.registerCapability(EXECUTOR_CAPABILITY); rootRegistration.registerCapability(SUSPEND_CONTROLLER_CAPABILITY); }