Package org.apache.geode.security

Interface SecurityManager

All Known Implementing Classes:

ExampleSecurityManager, SimpleSecurityManager

public interface SecurityManager

User implementation of a authentication/authorization logic for Integrated Security. The implementation will guard client/server, JMX, Pulse, GFSH commands

Since:

Geode 1.0

Field Summary

Fields

Modifier and Type	Field	Description
static final String	PASSWORD	property name of the password passed in the Properties in authenticate method
static final String	TOKEN	property name of the token passed in the Properties in authenticate method
static final String	USER_NAME	property name of the username passed in the Properties in authenticate method

Method Summary

Modifier and Type	Method	Description
Object	authenticate(Properties credentials)	Verify the credentials provided in the properties Your security manager needs to validate credentials coming from all communication channels.
default boolean	authorize(Object principal, ResourcePermission permission)	Authorize the ResourcePermission for a given Principal
default void	close()	Close any resources used by the SecurityManager, called when a cache is closed.
default void	init(Properties securityProps)	Initialize the SecurityManager.

Field Details

USER_NAME

static final String USER_NAME

property name of the username passed in the Properties in authenticate method

See Also:

• Constant Field Values

PASSWORD

static final String PASSWORD

property name of the password passed in the Properties in authenticate method

See Also:

• Constant Field Values

TOKEN

static final String TOKEN

property name of the token passed in the Properties in authenticate method

See Also:

• Constant Field Values

Method Details

init

default void init(Properties securityProps)

Initialize the SecurityManager. This is invoked when a cache is created

Parameters:

securityProps - the security properties obtained using a call to DistributedSystem.getSecurityProperties()

authenticate

Object authenticate(Properties credentials)
             throws AuthenticationFailedException,
AuthenticationExpiredException

Verify the credentials provided in the properties Your security manager needs to validate credentials coming from all communication channels. If you use AuthInitialize to generate your client/peer credentials, then the input of this method is the output of your AuthInitialize.getCredentials method. But remember that this method will also need to validate credentials coming from gfsh/jmx/rest client, the framework is putting the username/password under security-username and security-password keys in the property, so your securityManager implementation needs to validate these kind of properties as well. if a channel supports token-based-authentication, the token will be passed to the security manager in the property with the key "security-token".

Parameters:

credentials - it contains the security-username, security-password or security-token, as keys of the properties, also the properties generated by your AuthInitialize interface

Returns:

a serializable principal object

Throws:

AuthenticationFailedException - if the credentials are invalid, this exception will be seen by the client.

AuthenticationExpiredException - if credentials have expired, this will give the client a second chance to gather new credentials and try login again once more.

authorize

default boolean authorize(Object principal,
 ResourcePermission permission)
                   throws AuthenticationExpiredException

Authorize the ResourcePermission for a given Principal

Parameters:

principal - The principal that's requesting the permission

permission - The permission requested

Returns:

true if authorized, false if not

Throws:

AuthenticationExpiredException - if the principal has expired.

close

default void close()

Close any resources used by the SecurityManager, called when a cache is closed.