public class PermissionsValidationProcessor extends Object implements DeploymentUnitProcessor
DeploymentUnitProcessor that validates the security permissions that have been granted
to the deployments. The permissions granted via subsystem (minimum-set) combined with those granted via deployment
descriptors (permissions.xml and jboss-permissions.xml) must be implied by the maximum-set.
Permissions that are internally granted by the container are ignored as those are always granted irrespective of the
maximum-set configuration.
This processor must be installed into Phase.POST_MODULE because it needs the
deployment module's ClassLoader to load the permissions from the descriptors and that is only available after
the module has been created.| Constructor and Description |
|---|
PermissionsValidationProcessor(List<org.jboss.modules.security.PermissionFactory> maxPermissions)
Creates an instance of this
DeploymentUnitProcessor. |
| Modifier and Type | Method and Description |
|---|---|
void |
deploy(DeploymentPhaseContext phaseContext) |
void |
undeploy(DeploymentUnit context) |
public PermissionsValidationProcessor(List<org.jboss.modules.security.PermissionFactory> maxPermissions)
DeploymentUnitProcessor.maxPermissions - a List containing the maximum set of configurable permissions a deployment can have.
In other words, all permissions in the minimum set plus the permissions parsed in
META-INF/permissions.xml (or jboss-permissions.xml) must be implied by the maximum set.public void deploy(DeploymentPhaseContext phaseContext) throws DeploymentUnitProcessingException
deploy in interface DeploymentUnitProcessorDeploymentUnitProcessingExceptionpublic void undeploy(DeploymentUnit context)
undeploy in interface DeploymentUnitProcessorCopyright © 2019 JBoss by Red Hat. All rights reserved.