DelegatingConfigurableAuthorizer.java example

Explorer
wildfly-core-master
/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2013, Red Hat, Inc., and individual contributors
 * as indicated by the @author tags. See the copyright.txt file in the
 * distribution for a full listing of individual contributors.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */

package org.jboss.as.controller.access.management;

import java.util.Set;

import org.jboss.as.controller.access.Action;
import org.jboss.as.controller.access.AuthorizationResult;
import org.jboss.as.controller.access.Authorizer;
import org.jboss.as.controller.access.Caller;
import org.jboss.as.controller.access.CustomAuthorizer;
import org.jboss.as.controller.access.Environment;
import org.jboss.as.controller.access.JmxAction;
import org.jboss.as.controller.access.JmxTarget;
import org.jboss.as.controller.access.TargetAttribute;
import org.jboss.as.controller.access.TargetResource;
import org.jboss.as.controller.access.rbac.StandardRBACAuthorizer;
import org.jboss.as.controller.access.rbac.SuperUserRoleMapper;

/**
 * A {@link org.jboss.as.controller.access.Authorizer} that delegates to another. Used for initial boot to allow
 * an instance of this class to be provided to the {@code ModelController} but then have the
 * functional implementation swapped out when boot proceeds to the point where the user-configured
 * authorizer is available.
 *
 * @author Brian Stansberry (c) 2013 Red Hat Inc.
 */
public final class DelegatingConfigurableAuthorizer implements JmxAuthorizer {

    private final WritableAuthorizerConfiguration writableAuthorizerConfiguration;
    private volatile Authorizer delegate;

    public DelegatingConfigurableAuthorizer() {
        this.writableAuthorizerConfiguration =
                new WritableAuthorizerConfiguration(StandardRBACAuthorizer.AUTHORIZER_DESCRIPTION);
        this.delegate = StandardRBACAuthorizer.create(writableAuthorizerConfiguration,
                new SuperUserRoleMapper(writableAuthorizerConfiguration));
    }

    public WritableAuthorizerConfiguration getWritableAuthorizerConfiguration() {
        return writableAuthorizerConfiguration;
    }

    public void setDelegate(Authorizer delegate) {
        assert delegate != null : "null delegate";
        Authorizer currentDelegate = this.delegate;
        if (delegate instanceof CustomAuthorizer) {
            AuthorizerDescription description = ((CustomAuthorizer) delegate).setAuthorizerConfiguration(writableAuthorizerConfiguration);
            writableAuthorizerConfiguration.setAuthorizerDescription(description);
        } else {
            writableAuthorizerConfiguration.setAuthorizerDescription(delegate.getDescription());
        }
        this.delegate = delegate;

        if (currentDelegate instanceof CustomAuthorizer) {
            ((CustomAuthorizer) currentDelegate).shutdown();
        } else if (currentDelegate instanceof StandardRBACAuthorizer) {
            ((StandardRBACAuthorizer) currentDelegate).shutdown();
        }
    }

    @Override
    public Set<String> getCallerRoles(Caller caller, Environment callEnvironment, Set<String> runAsRoles) {
        return delegate.getCallerRoles(caller, callEnvironment, runAsRoles);
    }

    @Override
    public AuthorizerDescription getDescription() {
        return delegate.getDescription();
    }

    @Override
    public AuthorizationResult authorize(Caller caller, Environment callEnvironment, Action action, TargetAttribute target) {
        return delegate.authorize(caller, callEnvironment, action, target);
    }

    @Override
    public AuthorizationResult authorize(Caller caller, Environment callEnvironment, Action action, TargetResource target) {
        return delegate.authorize(caller, callEnvironment, action, target);
    }

    @Override
    public AuthorizationResult authorizeJmxOperation(Caller caller, Environment callEnvironment, JmxAction action, JmxTarget target) {
        return delegate.authorizeJmxOperation(caller, callEnvironment, action, target);
    }

    @Override
    public void setNonFacadeMBeansSensitive(boolean sensitive) {
        writableAuthorizerConfiguration.setNonFacadeMBeansSensitive(sensitive);
    }

    public void shutdown() {
        if (delegate instanceof CustomAuthorizer) {
            ((CustomAuthorizer) delegate).shutdown();
        } else if (delegate instanceof StandardRBACAuthorizer) {
            ((StandardRBACAuthorizer) delegate).shutdown();
        }
    }

    @Override
    public boolean isNonFacadeMBeansSensitive() {
        return writableAuthorizerConfiguration.isNonFacadeMBeansSensitive();
    }

}