VMware GemFire Java API Reference
Package org.apache.geode.security
Interface SecurityManager
-
- All Known Implementing Classes:
ExampleSecurityManager,SimpleSecurityManager
public interface SecurityManagerUser implementation of a authentication/authorization logic for Integrated Security. The implementation will guard client/server, JMX, Pulse, GFSH commands- Since:
- Geode 1.0
-
-
Field Summary
Fields Modifier and Type Field Description static StringPASSWORDproperty name of the password passed in the Properties in authenticate methodstatic StringTOKENproperty name of the token passed in the Properties in authenticate methodstatic StringUSER_NAMEproperty name of the username passed in the Properties in authenticate method
-
Method Summary
All Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description Objectauthenticate(Properties credentials)Verify the credentials provided in the properties Your security manager needs to validate credentials coming from all communication channels.default booleanauthorize(Object principal, ResourcePermission permission)Authorize the ResourcePermission for a given Principaldefault voidclose()Close any resources used by the SecurityManager, called when a cache is closed.default voidinit(Properties securityProps)Initialize the SecurityManager.
-
-
-
Field Detail
-
USER_NAME
static final String USER_NAME
property name of the username passed in the Properties in authenticate method- See Also:
- Constant Field Values
-
PASSWORD
static final String PASSWORD
property name of the password passed in the Properties in authenticate method- See Also:
- Constant Field Values
-
TOKEN
static final String TOKEN
property name of the token passed in the Properties in authenticate method- See Also:
- Constant Field Values
-
-
Method Detail
-
init
default void init(Properties securityProps)
Initialize the SecurityManager. This is invoked when a cache is created- Parameters:
securityProps- the security properties obtained using a call toDistributedSystem.getSecurityProperties()
-
authenticate
Object authenticate(Properties credentials) throws AuthenticationFailedException, AuthenticationExpiredException
Verify the credentials provided in the properties Your security manager needs to validate credentials coming from all communication channels. If you use AuthInitialize to generate your client/peer credentials, then the input of this method is the output of your AuthInitialize.getCredentials method. But remember that this method will also need to validate credentials coming from gfsh/jmx/rest client, the framework is putting the username/password under security-username and security-password keys in the property, so your securityManager implementation needs to validate these kind of properties as well. if a channel supports token-based-authentication, the token will be passed to the security manager in the property with the key "security-token".- Parameters:
credentials- it contains the security-username, security-password or security-token, as keys of the properties, also the properties generated by your AuthInitialize interface- Returns:
- a serializable principal object
- Throws:
AuthenticationFailedException- if the credentials are invalid, this exception will be seen by the client.AuthenticationExpiredException- if credentials have expired, this will give the client a second chance to gather new credentials and try login again once more.
-
authorize
default boolean authorize(Object principal, ResourcePermission permission) throws AuthenticationExpiredException
Authorize the ResourcePermission for a given Principal- Parameters:
principal- The principal that's requesting the permissionpermission- The permission requested- Returns:
- true if authorized, false if not
- Throws:
AuthenticationExpiredException- if the principal has expired.
-
close
default void close()
Close any resources used by the SecurityManager, called when a cache is closed.
-
-