Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

Chapter 14. JBoss Authorization Manager

The default implementation includes an authorization manager interface, JBossAuthorizationManager, which obtains fine-grained and pluggable authorization via authorization modules. This interface also provides support for the PolicyRegistration interface.
The interface resembles the following: 
package org.jboss.security.plugins;
...
import static org.jboss.security.SecurityConstants.ROLES_IDENTIFIER; 

/**
 *  Authorization Manager implementation 
 */
public class JBossAuthorizationManager 
implements AuthorizationManager,PolicyRegistration
{  
   private String securityDomain; 
   
   private Map contextIdToPolicy = new HashMap();  
   protected boolean trace = log.isTraceEnabled();

   private CallbackHandler callbackHandler = null;
   
   public JBossAuthorizationManager(String securityDomainName)
   { 
   }
   
   public JBossAuthorizationManager(String securityDomainName, CallbackHandler cbh)
   { 
   }
   
   /**
    * @see AuthorizationManager#authorize(Resource)
    */
   public int authorize(Resource resource) throws AuthorizationException
   {
      String SUBJECT_CONTEXT_KEY = SecurityConstants.SUBJECT_CONTEXT_KEY;
      Subject subject = null;
      try
      {
         subject = (Subject) PolicyContext.getContext(SUBJECT_CONTEXT_KEY);
      }
      catch (PolicyContextException e)
      {
         log.error("Error obtaining AuthenticatedSubject:",e);
      }
      AuthorizationContext ac = new JBossAuthorizationContext(this.securityDomain,subject,
            this.callbackHandler ); 
      return ac.authorize(resource);
   }  
   
   /** Determines whether the Subject has a role (Principal) that matches
    *  a defined role name. This method obtains the "Roles" Group from the
    *  principal set of the currently-authenticated Subject (as determined
    *  by the SecurityAssociation.getSubject() method). It then creates a
    *  SimplePrincipal for each name in roleNames. If the Subject's role
    *  can be matched to a role in the "Roles" Group, then the user has that
    *  role. The caller must therefore establish the correct
    *  SecurityAssociation Subject before this method is called.
    *  (This is no longer a side-effect of the isValid() call.)
    *  
    *  @param principal - ignored. The current authenticated Subject determines
    *  the active user and assigned user roles.
    *  
    *  @param rolePrincipals - a Set of Principals for the roles to check.
    *  
    *  @see java.security.acl.Group;
    *  @see Subject#getPrincipals()
    */
   public boolean doesUserHaveRole(Principal principal, Set rolePrincipals)
   { 
   }
   
   /** Determines whether the current Subject has a role (Principal) that
    *  matches one of the role names.
    *  
    *  @see #doesUserHaveRole(Principal, Set)
    *  
    *  @param principal - ignored. The currently-authenticated Subject
    *  determines the active user and assigned user roles.
    *  @param role - the application domain role that the principal is
    *  validated against.
    *  @return true if the active principal has the role, false otherwise.
    */
   public boolean doesUserHaveRole(Principal principal, Principal role)
   { 
   } 
   
   /** Returns the set of domain roles that were found by the current active
    *  Subject "Roles" Group, in the Subject Principals Set.
    *  
    *  @param principal - ignored. The current authenticated Subject determines
    *  the active user and assigned user roles.
    *  @return The Set<Principal> for the application domain roles that the
    *  principal has been assigned.
    */
   public Set getUserRoles(Principal principal)
   {  
   }  
     
   
   /** Checks that the indicated application domain role belongs to the
    *  group of roles assigned to the user. This handles the special
    *  AnybodyPrincipal and NobodyPrincipal independent of the Group
    *  implementation.
    *  
    *  @param role - the application domain role required for access
    *  @param userRoles - the set of roles assigned to the user
    *  @return true - if role is in userRoles or an AnybodyPrincipal instance, false
    *  if role is a NobodyPrincipal or no a member of userRoles
    */
   protected boolean doesRoleGroupHaveRole(Principal role, Group userRoles)
   { 
   } 

   /**
    * @see PolicyRegistration#registerPolicy(String, URL)
    */
   public void registerPolicy(String contextID, URL location) 
   { 
   }
   
   /**
    * @see PolicyRegistration#registerPolicy(String, InputStream)
    */
   public void registerPolicy(String contextID, InputStream stream) 
   { 
   }

   /**
    * @see PolicyRegistration#deRegisterPolicy(String)
    */
   public void deRegisterPolicy(String contextID)
   {  
   }

   /**
    * @see PolicyRegistration#getPolicy(String, Map)
    */
   public Object getPolicy(String contextID, Map contextMap)
   { 
   } 

   /**
    * @see AuthorizationManager#getTargetRoles(Principal, Map)
    */
   public Group getTargetRoles(Principal targetPrincipal, Map contextMap)
   {
      throw new RuntimeException("Not implemented");
   } 
}
Copy to Clipboard Toggle word wrap
Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat