private AuthorizationResult authorize(Set<String> callerRoles, StandardRole... roles) {
for (StandardRole role : roles) {
if (callerRoles.contains(role.toString())) {
return AuthorizationResult.PERMITTED;
}
}
return new AuthorizationResult(Decision.DENY);
}
@Override
protected void addBootOperations(List<ModelNode> bootOperations) {
if (enableRbac) {
for (StandardRole standardRole : EnumSet.allOf(StandardRole.class)) {
ModelNode addRoleMappingOp =
Util.createAddOperation(
PathAddress.pathAddress(
CoreManagementResourceDefinition.PATH_ELEMENT,
AccessAuthorizationResourceDefinition.PATH_ELEMENT,
PathElement.pathElement(
RoleMappingResourceDefinition.PATH_KEY, standardRole.getFormalName())));
bootOperations.add(addRoleMappingOp);
ModelNode addIncludeUserOp =
Util.createAddOperation(
PathAddress.pathAddress(
CoreManagementResourceDefinition.PATH_ELEMENT,
AccessAuthorizationResourceDefinition.PATH_ELEMENT,
PathElement.pathElement(
RoleMappingResourceDefinition.PATH_KEY, standardRole.getFormalName()),
PathElement.pathElement(
ModelDescriptionConstants.INCLUDE,
"user-" + roleToUserName(standardRole))));
addIncludeUserOp
.get(PrincipalResourceDefinition.NAME.getName())
.set(roleToUserName(standardRole));
addIncludeUserOp
.get(PrincipalResourceDefinition.TYPE.getName())
.set(PrincipalResourceDefinition.Type.USER.toString());
bootOperations.add(addIncludeUserOp);
}
ModelNode enableRbacOp =
Util.getWriteAttributeOperation(
PathAddress.pathAddress(
CoreManagementResourceDefinition.PATH_ELEMENT,
AccessAuthorizationResourceDefinition.PATH_ELEMENT),
AccessAuthorizationResourceDefinition.PROVIDER.getName(),
new ModelNode(AccessAuthorizationResourceDefinition.Provider.RBAC.toString()));
bootOperations.add(enableRbacOp);
}
ModelNode addOp =
Util.createAddOperation(
PathAddress.pathAddress(
ModelDescriptionConstants.SUBSYSTEM, JMXExtension.SUBSYSTEM_NAME));
bootOperations.add(addOp);
}
private String roleToUserName(StandardRole role) {
return TEST_USER + "_" + role.toString();
}