@Beta
public class Entitlements
extends java.lang.Object
| Modifier and Type | Class and Description |
|---|---|
static class |
Entitlements.EntitlementClassesEnum |
static class |
Entitlements.EntityAndItem<T> |
static class |
Entitlements.FineGrainedEntitlements |
static class |
Entitlements.LifecycleEffectors
These lifecycle operations are currently treated as effectors.
|
| Modifier and Type | Field and Description |
|---|---|
static EntitlementClass<java.lang.Object> |
DEPLOY_APPLICATION
the permission to deploy an application, where parameter is some representation of the app to be deployed (spec instance or yaml plan)
|
static ConfigKey<java.lang.String> |
GLOBAL_ENTITLEMENT_MANAGER |
static EntitlementClass<Entitlements.EntityAndItem<java.lang.String>> |
INVOKE_EFFECTOR |
static EntitlementClass<Entity> |
MODIFY_ENTITY |
static EntitlementClass<java.lang.Void> |
ROOT
permission to run untrusted code or embedded scripts at the server;
secondary check required for any operation which could potentially grant root-level access
|
static EntitlementClass<java.lang.Void> |
SEE_ALL_SERVER_INFO
catch-all for catalog, locations, scripting, usage, etc;
NB1: all users can see HA status;
NB2: this may be refactored and deprecated in future
|
static EntitlementClass<Entity> |
SEE_ENTITY |
static EntitlementClass<Entitlements.EntityAndItem<java.lang.String>> |
SEE_SENSOR |
| Constructor and Description |
|---|
Entitlements() |
| Modifier and Type | Method and Description |
|---|---|
static <T> void |
checkEntitled(EntitlementManager checker,
EntitlementClass<T> permission,
T typeArgument)
throws
NotEntitledException if entitlement not available for current getEntitlementContext() |
static void |
clearEntitlementContext() |
static EntitlementContext |
getEntitlementContext()
Finds the currently applicable
EntitlementContext by examining the current thread
then by investigating the current task, its submitter, etc. |
static <T> boolean |
isEntitled(EntitlementManager checker,
EntitlementClass<T> permission,
T typeArgument) |
static EntitlementManager |
minimal()
always DENY access to anything which requires entitlements
|
static EntitlementManager |
newManager(ResourceUtils loader,
BrooklynProperties brooklynProperties) |
static EntitlementManager |
readOnly()
allow read-only
|
static <T> void |
requireEntitled(EntitlementManager checker,
EntitlementClass<T> permission,
T typeArgument)
Deprecated.
since 0.7.0, use
checkEntitled(EntitlementManager, EntitlementClass, Object);
kept briefly because there is some downstream usage |
static EntitlementManager |
root()
always ALLOW access to everything
|
static void |
setEntitlementContext(EntitlementContext context) |
public static EntitlementClass<Entity> SEE_ENTITY
public static EntitlementClass<Entitlements.EntityAndItem<java.lang.String>> SEE_SENSOR
public static EntitlementClass<Entitlements.EntityAndItem<java.lang.String>> INVOKE_EFFECTOR
public static EntitlementClass<Entity> MODIFY_ENTITY
public static EntitlementClass<java.lang.Object> DEPLOY_APPLICATION
public static EntitlementClass<java.lang.Void> SEE_ALL_SERVER_INFO
public static EntitlementClass<java.lang.Void> ROOT
public static ConfigKey<java.lang.String> GLOBAL_ENTITLEMENT_MANAGER
public static EntitlementManager root()
public static EntitlementManager minimal()
public static EntitlementManager readOnly()
public static EntitlementContext getEntitlementContext()
EntitlementContext by examining the current thread
then by investigating the current task, its submitter, etc.public static void setEntitlementContext(EntitlementContext context)
public static void clearEntitlementContext()
public static <T> boolean isEntitled(EntitlementManager checker, EntitlementClass<T> permission, T typeArgument)
public static <T> void checkEntitled(EntitlementManager checker, EntitlementClass<T> permission, T typeArgument)
NotEntitledException if entitlement not available for current getEntitlementContext()public static <T> void requireEntitled(EntitlementManager checker, EntitlementClass<T> permission, T typeArgument)
checkEntitled(EntitlementManager, EntitlementClass, Object);
kept briefly because there is some downstream usageNotEntitledException if entitlement not available for current getEntitlementContext()public static EntitlementManager newManager(ResourceUtils loader, BrooklynProperties brooklynProperties)