Java Code Examples for org.jboss.as.controller.OperationContext#authorize()
The following examples show how to use
org.jboss.as.controller.OperationContext#authorize() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
| Source File: LegacyConfigurationChangeResourceDefinition.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
/**
* Secure the operation : - if the caller can address the resource we check if he can see the operation
* parameters. - otherwise we return the operation without its address and parameters.
*
* @param context the operation context.
* @param operation the operation we are securing.
* @return the secured opreation aka trimmed of all sensitive data.
* @throws OperationFailedException
*/
private ModelNode secureOperation(OperationContext context, ModelNode operation) throws OperationFailedException {
PathAddress address = PathAddress.pathAddress(operation.get(OP_ADDR));
for (int i = 0; i < address.size(); i++) {
if (!isAccessPermitted(context, address.subAddress(0, i).toModelNode())) {
return accessDenied(operation);
}
}
ModelNode fakeOperation = new ModelNode();
fakeOperation.get(OP).set(READ_RESOURCE_OPERATION);
fakeOperation.get(OP_ADDR).set(address.toModelNode());
AuthorizationResult authResult = context.authorize(fakeOperation, ADDRESS_EFFECT);
if (authResult.getDecision() == AuthorizationResult.Decision.PERMIT) {
return secureOperationParameters(context, operation);
}
return accessDenied(operation);
}
Example 2
| Source File: AbstractDeploymentUploadHandler.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
/**
* {@inheritDoc}
*/
@Override
public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
if (contentRepository != null) {
// Trigger authz
AuthorizationResult authorizationResult = context.authorize(operation, ACTION_EFFECT_SET);
authorizationResult.failIfDenied(operation, context.getCurrentAddress());
try {
InputStream is = getContentInputStream(context, operation);
try {
byte[] hash = contentRepository.addContent(is);
context.getResult().set(hash);
}
finally {
safeClose(is);
}
}
catch (IOException e) {
throw ROOT_LOGGER.caughtIOExceptionUploadingContent(e);
}
}
// else this is a slave domain controller and we should ignore this operation
}
Example 3
| Source File: ConfigurationPublishHandler.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
AuthorizationResult authorizationResult = context.authorize(operation);
if (authorizationResult.getDecision() == AuthorizationResult.Decision.DENY) {
throw ControllerLogger.ROOT_LOGGER.unauthorized(operation.get(OP).asString(), context.getCurrentAddress(), authorizationResult.getExplanation());
}
String name = null;
if(operation.hasDefined(LOCATION.getName())) {
name = LOCATION.resolveModelAttribute(context, operation).asString();
}
try {
context.getResult().set(persister.publish(name));
} catch (ConfigurationPersistenceException e) {
throw new OperationFailedException(e);
}
context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER);
}
Example 4
| Source File: SnapshotDeleteHandler.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
AuthorizationResult authorizationResult = context.authorize(operation);
if (authorizationResult.getDecision() == AuthorizationResult.Decision.DENY) {
throw ControllerLogger.ROOT_LOGGER.unauthorized(operation.get(OP).asString(), context.getCurrentAddress(), authorizationResult.getExplanation());
}
String name = operation.require(ModelDescriptionConstants.NAME).asString();
try {
persister.deleteSnapshot(name);
} catch (Exception e) {
throw new OperationFailedException(e);
}
context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER);
}
Example 5
| Source File: GenericSubsystemDescribeHandler.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
public void execute(final OperationContext context, final ModelNode operation) throws OperationFailedException {
final ModelNode address;
final PathAddress pa = context.getCurrentAddress();
AuthorizationResult authResult = context.authorize(operation, DESCRIBE_EFFECTS);
if (authResult.getDecision() != AuthorizationResult.Decision.PERMIT) {
throw ControllerLogger.ROOT_LOGGER.unauthorized(operation.require(OP).asString(), pa, authResult.getExplanation());
}
if (pa.size() > 0) {
address = new ModelNode().add(pa.getLastElement().getKey(), pa.getLastElement().getValue());
} else {
address = new ModelNode().setEmptyList();
}
final Resource resource = context.readResource(PathAddress.EMPTY_ADDRESS);
final ModelNode result = context.getResult();
describe(context.getAttachment(OrderedChildTypesAttachment.KEY), resource,
address, result, context.getResourceRegistration());
}
Example 6
| Source File: SnapshotListHandler.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
AuthorizationResult authorizationResult = context.authorize(operation);
if (authorizationResult.getDecision() == AuthorizationResult.Decision.DENY) {
throw ControllerLogger.ROOT_LOGGER.unauthorized(operation.get(OP).asString(), context.getCurrentAddress(), authorizationResult.getExplanation());
}
try {
SnapshotInfo info = persister.listSnapshots();
ModelNode result = context.getResult();
result.get(ModelDescriptionConstants.DIRECTORY).set(info.getSnapshotDirectory());
result.get(ModelDescriptionConstants.NAMES).setEmptyList();
for (String name : info.names()) {
result.get(ModelDescriptionConstants.NAMES).add(name);
}
} catch (Exception e) {
throw new OperationFailedException(e);
}
context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER);
}
Example 7
| Source File: SnapshotTakeHandler.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
@Override
public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
AuthorizationResult authorizationResult = context.authorize(operation);
if (authorizationResult.getDecision() == AuthorizationResult.Decision.DENY) {
throw ControllerLogger.ROOT_LOGGER.unauthorized(operation.get(OP).asString(), context.getCurrentAddress(), authorizationResult.getExplanation());
}
ModelNode commentNode = COMMENT.resolveModelAttribute(context, operation);
ModelNode snapshotNode = SNAPSHOT_NAME.resolveModelAttribute(context, operation);
String comment = commentNode.asStringOrNull();
String snapshot = snapshotNode.asStringOrNull();
try {
String name = persister.snapshot(snapshot, comment);
context.getResult().set(name);
} catch (ConfigurationPersistenceException e) {
throw new OperationFailedException(e);
}
context.completeStep(OperationContext.RollbackHandler.NOOP_ROLLBACK_HANDLER);
}
Example 8
| Source File: AbstractDeploymentUploadHandler.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
/**
* {@inheritDoc}
*/
@Override
public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
try {
attribute.validateOperation(operation);
// Trigger authz
AuthorizationResult authorizationResult = context.authorize(operation, ACTION_EFFECT_SET);
authorizationResult.failIfDenied(operation, context.getCurrentAddress());
InputStream is = getContentInputStream(context, operation);
try {
byte[] hash = contentRepository.addContent(is);
context.getResult().set(hash);
}
finally {
safeClose(is);
}
}
catch (IOException e) {
throw ServerLogger.ROOT_LOGGER.caughtIOExceptionUploadingContent(e);
}
}
Example 9
| Source File: ConfigurationChangeResourceDefinition.java From wildfly-core with GNU Lesser General Public License v2.1 | 6 votes |
|
/**
* Secure the operation : - if the caller can address the resource we check if he can see the operation
* parameters. - otherwise we return the operation without its address and parameters.
*
* @param context the operation context.
* @param operation the operation we are securing.
* @return the secured opreation aka trimmed of all sensitive data.
* @throws OperationFailedException
*/
private ModelNode secureOperation(OperationContext context, ModelNode operation) throws OperationFailedException {
PathAddress address = PathAddress.pathAddress(operation.get(OP_ADDR));
for (int i = 0; i < address.size(); i++) {
if (!isAccessPermitted(context, address.subAddress(0, i).toModelNode())) {
return accessDenied(operation);
}
}
ModelNode fakeOperation = new ModelNode();
fakeOperation.get(OP).set(READ_RESOURCE_OPERATION);
fakeOperation.get(OP_ADDR).set(address.toModelNode());
AuthorizationResult authResult = context.authorize(fakeOperation, ADDRESS_EFFECT);
if (authResult.getDecision() == AuthorizationResult.Decision.PERMIT) {
return secureOperationParameters(context, operation);
}
return accessDenied(operation);
}
Example 10
| Source File: LegacyConfigurationChangeResourceDefinition.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
private boolean isAccessPermitted(OperationContext context, ModelNode address) {
ModelNode fakeOperation = new ModelNode();
fakeOperation.get(OP).set(READ_RESOURCE_OPERATION);
fakeOperation.get(OP_ADDR).set(address);
AuthorizationResult authResult = context.authorize(fakeOperation, READ_EFFECT);
return (authResult.getDecision() == AuthorizationResult.Decision.PERMIT);
}
Example 11
| Source File: ProfileDescribeHandler.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
@Override
public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
final AuthorizationResult authResult = context.authorize(operation, DESCRIBE_EFFECTS);
authResult.failIfDenied(operation, context.getCurrentAddress());
// WFCORE-1353. If this op is being used as part of a server launch, pass that info
// to any subsystem describe handlers.
if (SERVER_LAUNCH.resolveModelAttribute(context, operation).asBoolean()) {
context.attach(GenericSubsystemDescribeHandler.SERVER_LAUNCH_KEY, Boolean.TRUE);
}
super.execute(context, operation);
}
Example 12
| Source File: ReadAttributeHandler.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
private void doExecuteInternal(OperationContext context, ModelNode operation) throws OperationFailedException {
ModelNode value = context.hasResult() ? context.getResult().clone() : new ModelNode();
AuthorizationResult authorizationResult = context.authorize(operation, operation.require(NAME).asString(), value);
if (authorizationResult.getDecision() == AuthorizationResult.Decision.DENY) {
context.getResult().clear();
throw ControllerLogger.ROOT_LOGGER.unauthorized(operation.require(OP).asString(), context.getCurrentAddress(), authorizationResult.getExplanation());
}
}
Example 13
| Source File: AuthorizedAddress.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
public static AuthorizedAddress authorizeAddress(OperationContext context, ModelNode operation) {
ModelNode address = operation.get(ModelDescriptionConstants.OP_ADDR);
ModelNode testOp = new ModelNode();
testOp.get(OP).set(READ_RESOURCE_OPERATION);
testOp.get(OP_ADDR).set(address);
AuthorizationResult authResult = context.authorize(testOp, ADDRESS_EFFECT);
if (authResult.getDecision() == AuthorizationResult.Decision.PERMIT) {
return new AuthorizedAddress(address, false);
}
// Failed. Now we need to see how far we can go
ModelNode partialAddress = new ModelNode().setEmptyList();
ModelNode elidedAddress = new ModelNode().setEmptyList();
for (Property prop : address.asPropertyList()) {
partialAddress.add(prop);
testOp.get(OP_ADDR).set(partialAddress);
authResult = context.authorize(testOp, ADDRESS_EFFECT);
if (authResult.getDecision() == AuthorizationResult.Decision.DENY) {
elidedAddress.add(prop.getName(), HIDDEN);
return new AuthorizedAddress(elidedAddress, true);
} else {
elidedAddress.add(prop);
}
}
// Should not be reachable, but in case of a bug, be conservative and hide data
ModelNode strange = new ModelNode();
strange.add(HIDDEN, HIDDEN);
return new AuthorizedAddress(strange, true);
}
Example 14
| Source File: ConfigurationChangeResourceDefinition.java From wildfly-core with GNU Lesser General Public License v2.1 | 5 votes |
|
private boolean isAccessPermitted(OperationContext context, ModelNode address) {
ModelNode fakeOperation = new ModelNode();
fakeOperation.get(OP).set(READ_RESOURCE_OPERATION);
fakeOperation.get(OP_ADDR).set(address);
AuthorizationResult authResult = context.authorize(fakeOperation, READ_EFFECT);
return (authResult.getDecision() == AuthorizationResult.Decision.PERMIT);
}
Example 15
| Source File: ValidateOperationHandler.java From wildfly-core with GNU Lesser General Public License v2.1 | 4 votes |
|
private AuthorizationResult authorize(OperationContext context, ModelNode authOp, ModelNode opWithHeaders) {
authOp.get(OPERATION_HEADERS).set(opWithHeaders.get(OPERATION_HEADERS));
return context.authorize(authOp, Collections.singleton(ActionEffect.ADDRESS));
}
Example 16
| Source File: ValidateAddressOperationHandler.java From wildfly-core with GNU Lesser General Public License v2.1 | 4 votes |
|
private AuthorizationResult authorize(OperationContext context, PathAddress address, ModelNode operation) {
ModelNode authOp = operation.clone();
authOp.get(OP).set(READ_RESOURCE_OPERATION);
authOp.get(OP_ADDR).set(address.toModelNode());
return context.authorize(authOp, Collections.singleton(ActionEffect.ADDRESS));
}
