Class JBossAuthorizationManager

    • Constructor Detail

      • JBossAuthorizationManager

        public JBossAuthorizationManager​(String securityDomainName)
    • Method Detail

      • doesUserHaveRole

        public boolean doesUserHaveRole​(Principal principal,
                                        Set<Principal> rolePrincipals)
        Does the current Subject have a role(a Principal) that equates to one of the role names. This method obtains the Group named 'Roles' from the principal set of the currently authenticated Subject as determined by the SecurityAssociation.getSubject() method and then creates a SimplePrincipal for each name in roleNames. If the role is a member of the Roles group, then the user has the role. This requires that the caller establish the correct SecurityAssociation subject prior to calling this method. In the past this was done as a side-effect of an isValid() call, but this is no longer the case.
        Specified by:
        doesUserHaveRole in interface AuthorizationManager
        Parameters:
        principal - - ignored. The current authenticated Subject determines the active user and assigned user roles.
        rolePrincipals - - a Set of Principals for the roles to check.
        Returns:
        true if the principal has at least one of the roles in the roles set, false otherwise.
        See Also:
        Subject.getPrincipals()
      • doesUserHaveRole

        public boolean doesUserHaveRole​(Principal principal,
                                        Principal role)
        Does the current Subject have a role(a Principal) that equates to one of the role names.
        Parameters:
        principal - - ignored. The current authenticated Subject determines the active user and assigned user roles.
        role - - the application domain role that the principal is to be validated against.
        Returns:
        true if the active principal has the role, false otherwise.
        See Also:
        doesUserHaveRole(Principal, Set)
      • getUserRoles

        public Set<Principal> getUserRoles​(Principal principal)
        Return the set of domain roles the current active Subject 'Roles' group found in the subject Principals set.
        Specified by:
        getUserRoles in interface AuthorizationManager
        Parameters:
        principal - - ignored. The current authenticated Subject determines the active user and assigned user roles.
        Returns:
        The Set for the application domain roles that the principal has been assigned.
      • doesRoleGroupHaveRole

        protected boolean doesRoleGroupHaveRole​(Principal role,
                                                RoleGroup userRoles)
        Check that the indicated application domain role is a member of the user's assigned roles. This handles the special AnybodyPrincipal and NobodyPrincipal independent of the Group implementation.
        Parameters:
        role - , the application domain role required for access
        userRoles - , the set of roles assigned to the user
        Returns:
        true if role is in userRoles or an AnybodyPrincipal instance, false if role is a NobodyPrincipal or no a member of userRoles
      • setAuthorizationContext

        public void setAuthorizationContext​(AuthorizationContext authorizationContext)
        Set the AuthorizationContext
      • getSecurityDomain

        public String getSecurityDomain()
        Description copied from interface: BaseSecurityManager
        Get the security domain from which the security manager is from. Every security manager belongs to a named domain. The meaning of the security domain name depends on the implementation. Examples range from as fine grained as the name of EJBs to J2EE application names to DNS domain names.
        Specified by:
        getSecurityDomain in interface BaseSecurityManager
        Returns:
        the security domain name. May be null in which case the security manager belongs to the logical default domain.
      • getTargetRoles

        public Group getTargetRoles​(Principal targetPrincipal,
                                    Map<String,​Object> contextMap)
        Description copied from interface: AuthorizationManager
        Trust usecases may have a need to determine the roles of the target principal which has been derived via a principal from another domain by the Authentication Manager An implementation of this interface may have to contact a trust provider for additional information about the principal
        Specified by:
        getTargetRoles in interface AuthorizationManager
        Parameters:
        targetPrincipal - Principal applicable in current domain
        contextMap - Read-Only Contextual Information that may be useful for the implementation in determining the roles.
        Returns:
        roles from the target domain
        See Also:
        AuthorizationManager.getTargetRoles(Principal, Map)