org.apache.geode.examples

Class SimpleSecurityManager

java.lang.Object

org.apache.geode.examples.SimpleSecurityManager

All Implemented Interfaces:

SecurityManager

public class SimpleSecurityManager
extends Object
implements SecurityManager

Intended for example and demo purpose, this class authenticates a user when the username matches the password, which also represents the permissions the user is granted. It also validate an auth token if it's present

Field Summary

Fields

Modifier and Type	Field and Description
static String	VALID_TOKEN the valid token string that will be authenticated.

Fields inherited from interface org.apache.geode.security.SecurityManager

PASSWORD, TOKEN, USER_NAME

Constructor Summary

Constructors

Constructor and Description
SimpleSecurityManager()

Method Summary

Modifier and Type	Method and Description
Object	authenticate(Properties credentials) Verify the credentials provided in the properties Your security manager needs to validate credentials coming from all communication channels.
boolean	authorize(Object principal, ResourcePermission permission) Authorize the ResourcePermission for a given Principal
void	close() Close any resources used by the SecurityManager, called when a cache is closed.
void	init(Properties securityProps) Initialize the SecurityManager.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

VALID_TOKEN

public static final String VALID_TOKEN

the valid token string that will be authenticated. Any other token string will be rejected.

See Also:

Constant Field Values

Constructor Detail

SimpleSecurityManager

public SimpleSecurityManager()

Method Detail

init

public void init(Properties securityProps)

Description copied from interface: SecurityManager

Initialize the SecurityManager. This is invoked when a cache is created

Specified by:

init in interface SecurityManager

Parameters:

securityProps - the security properties obtained using a call to DistributedSystem.getSecurityProperties()

authenticate

public Object authenticate(Properties credentials)
                    throws AuthenticationFailedException

Description copied from interface: SecurityManager

Verify the credentials provided in the properties Your security manager needs to validate credentials coming from all communication channels. If you use AuthInitialize to generate your client/peer credentials, then the input of this method is the output of your AuthInitialize.getCredentials method. But remember that this method will also need to validate credentials coming from gfsh/jmx/rest client, the framework is putting the username/password under security-username and security-password keys in the property, so your securityManager implementation needs to validate these kind of properties as well. if a channel supports token-based-authentication, the token will be passed to the security manager in the property with the key "security-token".

Specified by:

authenticate in interface SecurityManager

Parameters:

credentials - it contains the security-username, security-password or security-token, as keys of the properties, also the properties generated by your AuthInitialize interface

Returns:

a serializable principal object

Throws:

AuthenticationFailedException - if the credentials are invalid, this exception will be seen by the client.

authorize

public boolean authorize(Object principal,
                         ResourcePermission permission)

Description copied from interface: SecurityManager

Authorize the ResourcePermission for a given Principal

Specified by:

authorize in interface SecurityManager

Parameters:

principal - The principal that's requesting the permission

permission - The permission requested

Returns:

true if authorized, false if not

close

public void close()

Description copied from interface: SecurityManager

Close any resources used by the SecurityManager, called when a cache is closed.

Specified by:

close in interface SecurityManager