Package org.apache.geode.examples.security

Class ExampleSecurityManager

java.lang.Object
org.apache.geode.examples.security.ExampleSecurityManager
All Implemented Interfaces:
SecurityManager
public class ExampleSecurityManager extends Object implements SecurityManager
This class provides a sample implementation of SecurityManager for authentication and authorization initialized from data provided as JSON.

A Geode member must be configured with the following:

security-manager = org.apache.geode.examples.security.ExampleSecurityManager

The class can be initialized with from a JSON resource called security.json. This file must exist on the classpath, so members should be started with an appropriate --classpath option.

The format of the JSON for configuration is as follows: 

 
 {
   "roles": [
     {
       "name": "admin",
       "operationsAllowed": [
         "CLUSTER:MANAGE",
         "DATA:MANAGE"
       ]
     },
     {
       "name": "readRegionA",
       "operationsAllowed": [
         "DATA:READ"
       ],
       "regions": ["RegionA", "RegionB"]
     }
   ],
   "users": [
     {
       "name": "admin",
       "password": "secret",
       "roles": ["admin"]
     },
     {
       "name": "guest",
       "password": "guest",
       "roles": ["readRegionA"]
     }
   ]
 }

  • Field Details

  • Constructor Details

    • ExampleSecurityManager

      public ExampleSecurityManager()

  • Method Details

    • authorize

      public boolean authorize(Object principal, ResourcePermission context)
      Description copied from interface: SecurityManager
      Authorize the ResourcePermission for a given Principal
      Specified by:
      authorize in interface SecurityManager
      Parameters:
      principal - The principal that's requesting the permission
      context - The permission requested
      Returns:
      true if authorized, false if not

    • init

      public void init(Properties securityProperties) throws NotAuthorizedException
      Description copied from interface: SecurityManager
      Initialize the SecurityManager. This is invoked when a cache is created
      Specified by:
      init in interface SecurityManager
      Parameters:
      securityProperties - the security properties obtained using a call to DistributedSystem.getSecurityProperties()
      Throws:
      NotAuthorizedException

    • authenticate

      public Object authenticate(Properties credentials) throws AuthenticationFailedException
      Description copied from interface: SecurityManager
      Verify the credentials provided in the properties Your security manager needs to validate credentials coming from all communication channels. If you use AuthInitialize to generate your client/peer credentials, then the input of this method is the output of your AuthInitialize.getCredentials method. But remember that this method will also need to validate credentials coming from gfsh/jmx/rest client, the framework is putting the username/password under security-username and security-password keys in the property, so your securityManager implementation needs to validate these kind of properties as well. if a channel supports token-based-authentication, the token will be passed to the security manager in the property with the key "security-token".
      Specified by:
      authenticate in interface SecurityManager
      Parameters:
      credentials - it contains the security-username, security-password or security-token, as keys of the properties, also the properties generated by your AuthInitialize interface
      Returns:
      a serializable principal object
      Throws:
      AuthenticationFailedException - if the credentials are invalid, this exception will be seen by the client.

    • initializeFromJsonResource

      public boolean initializeFromJsonResource(String jsonResource)

    • getUser

      public ExampleSecurityManager.User getUser(String user)