private AuthorizationResult authorize(Set<String> callerRoles, StandardRole... roles) {
   for (StandardRole role : roles) {
     if (callerRoles.contains(role.toString())) {
       return AuthorizationResult.PERMITTED;
     }
   }
   return new AuthorizationResult(Decision.DENY);
 }
Esempio n. 2
0
  @Override
  protected void addBootOperations(List<ModelNode> bootOperations) {
    if (enableRbac) {
      for (StandardRole standardRole : EnumSet.allOf(StandardRole.class)) {
        ModelNode addRoleMappingOp =
            Util.createAddOperation(
                PathAddress.pathAddress(
                    CoreManagementResourceDefinition.PATH_ELEMENT,
                    AccessAuthorizationResourceDefinition.PATH_ELEMENT,
                    PathElement.pathElement(
                        RoleMappingResourceDefinition.PATH_KEY, standardRole.getFormalName())));
        bootOperations.add(addRoleMappingOp);

        ModelNode addIncludeUserOp =
            Util.createAddOperation(
                PathAddress.pathAddress(
                    CoreManagementResourceDefinition.PATH_ELEMENT,
                    AccessAuthorizationResourceDefinition.PATH_ELEMENT,
                    PathElement.pathElement(
                        RoleMappingResourceDefinition.PATH_KEY, standardRole.getFormalName()),
                    PathElement.pathElement(
                        ModelDescriptionConstants.INCLUDE,
                        "user-" + roleToUserName(standardRole))));
        addIncludeUserOp
            .get(PrincipalResourceDefinition.NAME.getName())
            .set(roleToUserName(standardRole));
        addIncludeUserOp
            .get(PrincipalResourceDefinition.TYPE.getName())
            .set(PrincipalResourceDefinition.Type.USER.toString());
        bootOperations.add(addIncludeUserOp);
      }

      ModelNode enableRbacOp =
          Util.getWriteAttributeOperation(
              PathAddress.pathAddress(
                  CoreManagementResourceDefinition.PATH_ELEMENT,
                  AccessAuthorizationResourceDefinition.PATH_ELEMENT),
              AccessAuthorizationResourceDefinition.PROVIDER.getName(),
              new ModelNode(AccessAuthorizationResourceDefinition.Provider.RBAC.toString()));
      bootOperations.add(enableRbacOp);
    }

    ModelNode addOp =
        Util.createAddOperation(
            PathAddress.pathAddress(
                ModelDescriptionConstants.SUBSYSTEM, JMXExtension.SUBSYSTEM_NAME));
    bootOperations.add(addOp);
  }
Esempio n. 3
0
 private String roleToUserName(StandardRole role) {
   return TEST_USER + "_" + role.toString();
 }