public final class UnrestrictedMethodAuthorizer extends Object implements MethodInvocationAuthorizer
MethodInvocationAuthorizerthat allows any method execution as long as the target object does not belong to a Geode package, or does belong but it's marked as safe (see
RestrictedMethodAuthorizer.isAllowedGeodeMethod(Method, Object)). Some known dangerous methods, like
Object.getClass(), are also rejected by this authorizer implementation, no matter whether the target object belongs to Geode or not (see
RestrictedMethodAuthorizer.isPermanentlyForbiddenMethod(Method, Object)). This authorizer implementation addresses only three of the four known security risks:
Region Modification. The
Region Entry Modificationsecurity risk still exists: users with the
DATA:READ:RegionNameprivilege will be able to execute ANY method (even mutators) on the objects stored within the region and on instances used as bind parameters of the OQL, so this authorizer implementation must be used with extreme care. Usage of this authorizer implementation is only recommended for secured clusters on which only trusted users and applications have access to the OQL engine. It might also be used on clusters on which the entries stored are immutable.
|Constructor and Description|
|Modifier and Type||Method and Description|
Executes the authorization logic to determine whether the
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
public UnrestrictedMethodAuthorizer(Cache cache)
UnrestrictedMethodAuthorizerobject and initializes it so it can be safely used in a multi-threaded environment. Applications can use this constructor as part of the initialization for custom authorizers (see
Declarable.initialize(Cache, Properties)), when using a declarative approach.
Cacheinstance that owns this authorizer, required in order to configure the default
public UnrestrictedMethodAuthorizer(RestrictedMethodAuthorizer restrictedMethodAuthorizer)
UnrestrictedMethodAuthorizerobject and initializes it so it can be safely used in a multi-threaded environment.
restrictedMethodAuthorizer- the default
methodis allowed to be executed on the
targetobject instance. If the
targetobject is an instance of
Region, this methods also ensures that the user has the
DATA:READpermission granted for the target
Methodthat should be authorized.
Objecton which the
Methodwill be executed.
methodcan be executed on on the