Package org.wildfly.security.authz

Class SimplePermissionMapper

java.lang.Object

org.wildfly.security.authz.SimplePermissionMapper

All Implemented Interfaces:

PermissionMapper

public class SimplePermissionMapper
extends Object
implements PermissionMapper

A simple PermissionMapper implementation that maps to pre-defined PermissionVerifier instances. This PermissionMapper is constructed using a SimplePermissionMapper.Builder which is used to construct an ordered list of PermissionVerifier instances along with a set of principal names and a list of principal names. At the time mapPermissions(PermissionMappable, Roles) is called this list is iterated to find corresponding definitions where either the name of the Principal within the PermissionMappable is contained within the mapping or the Roles in the mapPermission call contain at least one of the roles in the mapping then the associated PermissionVerifier will be used. It is possible that multiple mappings could be matched during the call to mapPermissions(PermissionMappable, Roles) and this is why the ordering is important, by default only the first match will be used however this can be overridden by calling SimplePermissionMapper.Builder.setMappingMode(SimplePermissionMapper.MappingMode) to choose a different mode to combine the resulting PermissionVerifier instances.

Author:

Darran Lofthouse

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	SimplePermissionMapper.Builder	A builder for simple permission mappers.
static enum	SimplePermissionMapper.MappingMode	Mode defining behaviour when multiple mappings are found.

Field Summary

Fields inherited from interface org.wildfly.security.authz.PermissionMapper

EMPTY_PERMISSION_MAPPER

Method Summary

Modifier and Type	Method	Description
static SimplePermissionMapper.Builder	builder()	Construct a new SimplePermissionMapper.Builder for creating the PermissionMapper.
PermissionVerifier	mapPermissions(PermissionMappable permissionMappable, Roles roles)	Returns a PermissionVerifier with all the permissions associated with the given information.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.wildfly.security.authz.PermissionMapper

and, or, unless, xor

Method Details

mapPermissions

public PermissionVerifier mapPermissions(PermissionMappable permissionMappable,
 Roles roles)

Description copied from interface: PermissionMapper

Returns a PermissionVerifier with all the permissions associated with the given information.

Once returned, client code can use the PermissionVerifier.implies(Permission) to check if a given permission is granted or not to the given principal. Implementors must make sure that the returned collection is immutable.

Specified by:

mapPermissions in interface PermissionMapper

Parameters:

permissionMappable - the object to which permissions can be mapped (must not be null)

roles - a set of effective roles after all role mapping was applied by security domain (may be null)

Returns:

a permission verifier (not null)

builder

public static SimplePermissionMapper.Builder builder()

Construct a new SimplePermissionMapper.Builder for creating the PermissionMapper.

Returns:

a new SimplePermissionMapper.Builder for creating the PermissionMapper.