Skip to content

Commit

Permalink
Create ScopedRoleResourceDefinition to encapsulate common role attrib…
Browse files Browse the repository at this point in the history 
…ute definition creation/registration.
  • Loading branch information
@pferraro
pferraro committed Jul 7, 2023
1 parent 2d0d9d2 commit 6fe5603
Show file tree
Hide file tree
Showing 7 changed files with 106 additions and 88 deletions.
2 changes: 1 addition & 1 deletion domain-management/src/main/java/org/jboss/as/domain/management/access/HostScopedRoleAdd.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ class HostScopedRoleAdd extends ScopedRoleAddHandler {
private final WritableAuthorizerConfiguration authorizerConfiguration;

HostScopedRoleAdd(Map<String, HostEffectConstraint> constraintMap, WritableAuthorizerConfiguration authorizerConfiguration) {
super(authorizerConfiguration, HostScopedRolesResourceDefinition.BASE_ROLE, HostScopedRolesResourceDefinition.HOSTS);
super(authorizerConfiguration);
this.constraintMap = constraintMap;
this.authorizerConfiguration = authorizerConfiguration;
}
Expand Down
21 changes: 6 additions & 15 deletions ...rc/main/java/org/jboss/as/domain/management/access/HostScopedRolesResourceDefinition.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,13 +35,11 @@
import org.jboss.as.controller.AttributeMarshaller;
import org.jboss.as.controller.ListAttributeDefinition;
import org.jboss.as.controller.OperationDefinition;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.ReloadRequiredWriteAttributeHandler;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleListAttributeDefinition;
import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.access.constraint.HostEffectConstraint;
import org.jboss.as.controller.access.management.WritableAuthorizerConfiguration;
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
Expand All @@ -58,16 +56,10 @@
*
* @author Brian Stansberry (c) 2013 Red Hat Inc.
*/
public class HostScopedRolesResourceDefinition extends SimpleResourceDefinition {
public class HostScopedRolesResourceDefinition extends ScopedRoleResourceDefinition {

public static final PathElement PATH_ELEMENT = PathElement.pathElement(HOST_SCOPED_ROLE);

public static final SimpleAttributeDefinition BASE_ROLE =
new SimpleAttributeDefinitionBuilder(ModelDescriptionConstants.BASE_ROLE, ModelType.STRING)
.setRestartAllServices()
.build();


public static final ListAttributeDefinition HOSTS = SimpleListAttributeDefinition.Builder.of(ModelDescriptionConstants.HOSTS,
new SimpleAttributeDefinitionBuilder(HOST, ModelType.STRING)
.setAttributeMarshaller(new AttributeMarshaller() {
Expand All @@ -81,12 +73,12 @@ public void marshallAsElement(AttributeDefinition attribute, ModelNode resourceM
.setWrapXmlList(false)
.build();

private final HostScopedRoleAdd addHandler;
private final HostScopedRoleRemove removeHandler;
private final HostScopedRoleWriteAttributeHandler writeAttributeHandler;
private final OperationStepHandler addHandler;
private final OperationStepHandler removeHandler;
private final OperationStepHandler writeAttributeHandler;

public HostScopedRolesResourceDefinition(WritableAuthorizerConfiguration authorizerConfiguration) {
super(PATH_ELEMENT, DomainManagementResolver.getResolver("core.access-control.host-scoped-role"));
super(PATH_ELEMENT, DomainManagementResolver.getResolver("core.access-control.host-scoped-role"), authorizerConfiguration);

Map<String, HostEffectConstraint> constraintMap = new HashMap<String, HostEffectConstraint>();
this.addHandler = new HostScopedRoleAdd(constraintMap, authorizerConfiguration);
Expand All @@ -106,7 +98,6 @@ public void registerOperations(ManagementResourceRegistration resourceRegistrati
public void registerAttributes(ManagementResourceRegistration resourceRegistration) {
super.registerAttributes(resourceRegistration);

resourceRegistration.registerReadWriteAttribute(BASE_ROLE, null, new ReloadRequiredWriteAttributeHandler(BASE_ROLE));
resourceRegistration.registerReadWriteAttribute(HOSTS, null, writeAttributeHandler);
}
}
55 changes: 1 addition & 54 deletions ...-management/src/main/java/org/jboss/as/domain/management/access/ScopedRoleAddHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,27 +21,18 @@
*/
package org.jboss.as.domain.management.access;

import org.jboss.as.controller.ParameterCorrector;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.HOST_SCOPED_ROLE;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.OP_ADDR;
import static org.jboss.as.controller.descriptions.ModelDescriptionConstants.SERVER_GROUP_SCOPED_ROLE;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Set;

import org.jboss.as.controller.AbstractAddStepHandler;
import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationContext;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.PathAddress;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.access.management.WritableAuthorizerConfiguration;
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
import org.jboss.as.controller.operations.validation.ParameterValidator;
import org.jboss.as.controller.registry.Resource;
import org.jboss.as.domain.management.CoreManagementResourceDefinition;
import org.jboss.as.domain.management.logging.DomainManagementLogger;
Expand All @@ -61,54 +52,10 @@ abstract class ScopedRoleAddHandler extends AbstractAddStepHandler {
AccessAuthorizationResourceDefinition.PATH_ELEMENT);
private final WritableAuthorizerConfiguration authorizerConfiguration;

ScopedRoleAddHandler(final WritableAuthorizerConfiguration authorizerConfiguration, AttributeDefinition... attributes) {
super(enhanceAttributes(authorizerConfiguration, attributes));
ScopedRoleAddHandler(final WritableAuthorizerConfiguration authorizerConfiguration) {
this.authorizerConfiguration = authorizerConfiguration;
}

private static Collection<? extends AttributeDefinition> enhanceAttributes(
final WritableAuthorizerConfiguration authorizerConfiguration, AttributeDefinition... attributes) {
List<AttributeDefinition> enhanced = new ArrayList<AttributeDefinition>(attributes.length);
for (AttributeDefinition current : attributes) {
if (current.getName().equals(ModelDescriptionConstants.BASE_ROLE)) {
assert current instanceof SimpleAttributeDefinition;
enhanced.add(new SimpleAttributeDefinitionBuilder((SimpleAttributeDefinition)current)
.setValidator(new ParameterValidator() {
@Override
public void validateParameter(String parameterName, ModelNode value) throws OperationFailedException {
Set<String> standardRoles = authorizerConfiguration.getStandardRoles();
String specifiedRole = value.asString();
for (String current : standardRoles) {
if (specifiedRole.equalsIgnoreCase(current)) {
return;
}
}

throw DomainManagementLogger.ROOT_LOGGER.badBaseRole(specifiedRole);
}
}).setCorrector(new ParameterCorrector() {
@Override
public ModelNode correct(ModelNode newValue, ModelNode currentValue) {
Set<String> standardRoles = authorizerConfiguration.getStandardRoles();
String specifiedRole = newValue.asString();

for (String current : standardRoles) {
if (specifiedRole.equalsIgnoreCase(current) && specifiedRole.equals(current) == false) {
return new ModelNode(current);
}
}

return newValue;
}
}).build());
} else {
enhanced.add(current);
}
}

return enhanced;
}

@Override
public void execute(OperationContext context, ModelNode operation) throws OperationFailedException {
PathAddress address = PathAddress.pathAddress(operation.get(OP_ADDR));
Expand Down
88 changes: 88 additions & 0 deletions ...ent/src/main/java/org/jboss/as/domain/management/access/ScopedRoleResourceDefinition.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
/*
* Copyright 2023 Red Hat, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

package org.jboss.as.domain.management.access;

import java.util.Set;

import org.jboss.as.controller.AttributeDefinition;
import org.jboss.as.controller.OperationFailedException;
import org.jboss.as.controller.ParameterCorrector;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.ReloadRequiredWriteAttributeHandler;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.access.management.WritableAuthorizerConfiguration;
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
import org.jboss.as.controller.descriptions.ResourceDescriptionResolver;
import org.jboss.as.controller.operations.validation.ParameterValidator;
import org.jboss.as.controller.registry.ManagementResourceRegistration;
import org.jboss.as.domain.management.logging.DomainManagementLogger;
import org.jboss.dmr.ModelNode;
import org.jboss.dmr.ModelType;

/**
* Base {@link org.jboss.as.controller.ResourceDefinition} for scoped roles
*/
public abstract class ScopedRoleResourceDefinition extends SimpleResourceDefinition {

public static final SimpleAttributeDefinition BASE_ROLE =
new SimpleAttributeDefinitionBuilder(ModelDescriptionConstants.BASE_ROLE, ModelType.STRING)
.setRestartAllServices()
.build();

private final AttributeDefinition roleAttribute;

protected ScopedRoleResourceDefinition(PathElement path, ResourceDescriptionResolver resolver, WritableAuthorizerConfiguration authorizerConfiguration) {
super(path, resolver);
this.roleAttribute = new SimpleAttributeDefinitionBuilder(BASE_ROLE)
.setValidator(new ParameterValidator() {
@Override
public void validateParameter(String parameterName, ModelNode value) throws OperationFailedException {
Set<String> standardRoles = authorizerConfiguration.getStandardRoles();
String specifiedRole = value.asString();
for (String current : standardRoles) {
if (specifiedRole.equalsIgnoreCase(current)) {
return;
}
}

throw DomainManagementLogger.ROOT_LOGGER.badBaseRole(specifiedRole);
}
}).setCorrector(new ParameterCorrector() {
@Override
public ModelNode correct(ModelNode newValue, ModelNode currentValue) {
Set<String> standardRoles = authorizerConfiguration.getStandardRoles();
String specifiedRole = newValue.asString();

for (String current : standardRoles) {
if (specifiedRole.equalsIgnoreCase(current) && specifiedRole.equals(current) == false) {
return new ModelNode(current);
}
}

return newValue;
}
})
.build();
}

@Override
public void registerAttributes(ManagementResourceRegistration registration) {
registration.registerReadWriteAttribute(this.roleAttribute, null, ReloadRequiredWriteAttributeHandler.INSTANCE);
}
}
2 changes: 1 addition & 1 deletion ...agement/src/main/java/org/jboss/as/domain/management/access/ServerGroupScopedRoleAdd.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ class ServerGroupScopedRoleAdd extends ScopedRoleAddHandler {

ServerGroupScopedRoleAdd(Map<String, ServerGroupEffectConstraint> constraintMap,
WritableAuthorizerConfiguration authorizerConfiguration) {
super(authorizerConfiguration, ServerGroupScopedRoleResourceDefinition.BASE_ROLE, ServerGroupScopedRoleResourceDefinition.SERVER_GROUPS);
super(authorizerConfiguration);
this.constraintMap = constraintMap;
this.authorizerConfiguration = authorizerConfiguration;
}
Expand Down
21 changes: 6 additions & 15 deletions ...n/java/org/jboss/as/domain/management/access/ServerGroupScopedRoleResourceDefinition.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,13 +35,11 @@
import org.jboss.as.controller.AttributeMarshaller;
import org.jboss.as.controller.ListAttributeDefinition;
import org.jboss.as.controller.OperationDefinition;
import org.jboss.as.controller.OperationStepHandler;
import org.jboss.as.controller.PathElement;
import org.jboss.as.controller.ReloadRequiredWriteAttributeHandler;
import org.jboss.as.controller.SimpleAttributeDefinition;
import org.jboss.as.controller.SimpleAttributeDefinitionBuilder;
import org.jboss.as.controller.SimpleListAttributeDefinition;
import org.jboss.as.controller.SimpleOperationDefinitionBuilder;
import org.jboss.as.controller.SimpleResourceDefinition;
import org.jboss.as.controller.access.constraint.ServerGroupEffectConstraint;
import org.jboss.as.controller.access.management.WritableAuthorizerConfiguration;
import org.jboss.as.controller.descriptions.ModelDescriptionConstants;
Expand All @@ -58,16 +56,10 @@
*
* @author Brian Stansberry (c) 2013 Red Hat Inc.
*/
public class ServerGroupScopedRoleResourceDefinition extends SimpleResourceDefinition {
public class ServerGroupScopedRoleResourceDefinition extends ScopedRoleResourceDefinition {

public static final PathElement PATH_ELEMENT = PathElement.pathElement(SERVER_GROUP_SCOPED_ROLE);

public static final SimpleAttributeDefinition BASE_ROLE =
new SimpleAttributeDefinitionBuilder(ModelDescriptionConstants.BASE_ROLE, ModelType.STRING)
.setRestartAllServices()
.build();


public static final ListAttributeDefinition SERVER_GROUPS =
SimpleListAttributeDefinition.Builder.of(ModelDescriptionConstants.SERVER_GROUPS,
new SimpleAttributeDefinitionBuilder(SERVER_GROUP, ModelType.STRING)
Expand All @@ -83,12 +75,12 @@ public void marshallAsElement(AttributeDefinition attribute, ModelNode resourceM
.setWrapXmlList(false)
.build();

private final ServerGroupScopedRoleAdd addHandler;
private final ServerGroupScopedRoleRemove removeHandler;
private final ServerGroupScopedRoleWriteAttributeHandler writeAttributeHandler;
private final OperationStepHandler addHandler;
private final OperationStepHandler removeHandler;
private final OperationStepHandler writeAttributeHandler;

public ServerGroupScopedRoleResourceDefinition(WritableAuthorizerConfiguration authorizerConfiguration) {
super(PATH_ELEMENT, DomainManagementResolver.getResolver("core.access-control.server-group-scoped-role"));
super(PATH_ELEMENT, DomainManagementResolver.getResolver("core.access-control.server-group-scoped-role"), authorizerConfiguration);

Map<String, ServerGroupEffectConstraint> constraintMap = new HashMap<String, ServerGroupEffectConstraint>();
this.addHandler = new ServerGroupScopedRoleAdd(constraintMap, authorizerConfiguration);
Expand All @@ -108,7 +100,6 @@ public void registerOperations(ManagementResourceRegistration resourceRegistrati
public void registerAttributes(ManagementResourceRegistration resourceRegistration) {
super.registerAttributes(resourceRegistration);

resourceRegistration.registerReadWriteAttribute(BASE_ROLE, null, new ReloadRequiredWriteAttributeHandler(BASE_ROLE));
resourceRegistration.registerReadWriteAttribute(SERVER_GROUPS, null, writeAttributeHandler);
}
}
5 changes: 3 additions & 2 deletions domain-management/src/main/java/org/jboss/as/domain/management/parsing/AccessControlXml.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@
import org.jboss.as.domain.management.access.HostScopedRolesResourceDefinition;
import org.jboss.as.domain.management.access.PrincipalResourceDefinition;
import org.jboss.as.domain.management.access.RoleMappingResourceDefinition;
import org.jboss.as.domain.management.access.ScopedRoleResourceDefinition;
import org.jboss.as.domain.management.access.SensitivityClassificationTypeResourceDefinition;
import org.jboss.as.domain.management.access.SensitivityResourceDefinition;
import org.jboss.as.domain.management.access.ServerGroupScopedRoleResourceDefinition;
Expand Down Expand Up @@ -157,7 +158,7 @@ public void parseServerGroupScopedRoles(final XMLExtendedStreamReader reader, fi
switch (element) {
case ROLE: {
parseScopedRole(reader, address, list, scopedRoleType, Element.SERVER_GROUP,
ServerGroupScopedRoleResourceDefinition.BASE_ROLE, ServerGroupScopedRoleResourceDefinition.SERVER_GROUPS, true);
ScopedRoleResourceDefinition.BASE_ROLE, ServerGroupScopedRoleResourceDefinition.SERVER_GROUPS, true);
break;
}
default: {
Expand All @@ -179,7 +180,7 @@ public void parseHostScopedRoles(final XMLExtendedStreamReader reader, final Mod
switch (element) {
case ROLE: {
parseScopedRole(reader, address, list, scopedRoleType, Element.HOST,
HostScopedRolesResourceDefinition.BASE_ROLE, HostScopedRolesResourceDefinition.HOSTS, false);
ScopedRoleResourceDefinition.BASE_ROLE, HostScopedRolesResourceDefinition.HOSTS, false);
break;
}
default: {
Expand Down

0 comments on commit 6fe5603

Please sign in to comment.