RbacSanityCheckOperation (WildFly: Domain Management 23.0.3.Final API)

java.lang.Object
- org.jboss.as.domain.management.access.RbacSanityCheckOperation

All Implemented Interfaces:

OperationStepHandler
```
public class RbacSanityCheckOperation
extends Object
implements OperationStepHandler
```
An OperationStepHandler to be executed at the end of stage MODEL to identify SOME situations where configuration would lock out all remote access. Due to role mapping using information from remote stores it is not possible to exhaustively verify that users will still be assigned roles after a configuration change, however there are some configuration permutations where it is guaranteed no roles can be assigned regardless of the user stores and we can detect and reject those configurations.

Author:

Darran Lofthouse

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`static void`	`addOperation(OperationContext context)`	Add the operation at the end of Stage MODEL if this operation has not already been registered.
`void`	`execute(OperationContext context, org.jboss.dmr.ModelNode operation)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Method Detail
  - execute
```
public void execute(OperationContext context,
                    org.jboss.dmr.ModelNode operation)
             throws OperationFailedException
```
    Specified by:
    
    execute in interface OperationStepHandler
    
    Throws:
    
    OperationFailedException
  - addOperation
```
public static void addOperation(OperationContext context)
```
    Add the operation at the end of Stage MODEL if this operation has not already been registered. This operation should be added if any of the following occur: - - The authorization configuration is removed from a security realm. - The rbac provider is changed to rbac. - A role is removed. - An include is removed from a role. - A management interface is removed. Note: This list only includes actions that could invalidate the configuration, actions that would not invalidate the configuration do not need this operation registering. e.g. Adding a role, if the configuration was already valid this could not invalidate it.
    
    Parameters:
    
    context - - The OperationContext to use to register the step.