Package org.apache.geode.examples

Class SimpleSecurityManager

  • java.lang.Object
    • org.apache.geode.examples.SimpleSecurityManager
  • All Implemented Interfaces:
    SecurityManager
    public class SimpleSecurityManager
extends java.lang.Object
implements SecurityManager
    Intended for example and demo purpose, this class authenticates a user when the username matches the password, which also represents the permissions the user is granted. It also validate an auth token if it's present

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      java.lang.Object authenticate​(java.util.Properties credentials)
      Verify the credentials provided in the properties Your security manager needs to validate credentials coming from all communication channels.
      boolean authorize​(java.lang.Object principal, ResourcePermission permission)
      Authorize the ResourcePermission for a given Principal
      void close()
      Close any resources used by the SecurityManager, called when a cache is closed.
      void init​(java.util.Properties securityProps)
      Initialize the SecurityManager.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • VALID_TOKEN

        public static final java.lang.String VALID_TOKEN
        the valid token string that will be authenticated. Any other token string will be rejected.
        See Also:
        Constant Field Values

    • Constructor Detail

      • SimpleSecurityManager

        public SimpleSecurityManager()

    • Method Detail

      • authenticate

        public java.lang.Object authenticate​(java.util.Properties credentials)
                              throws AuthenticationFailedException
        Description copied from interface: SecurityManager
        Verify the credentials provided in the properties Your security manager needs to validate credentials coming from all communication channels. If you use AuthInitialize to generate your client/peer credentials, then the input of this method is the output of your AuthInitialize.getCredentials method. But remember that this method will also need to validate credentials coming from gfsh/jmx/rest client, the framework is putting the username/password under security-username and security-password keys in the property, so your securityManager implementation needs to validate these kind of properties as well. if a channel supports token-based-authentication, the token will be passed to the security manager in the property with the key "security-token".
        Specified by:
        authenticate in interface SecurityManager
        Parameters:
        credentials - it contains the security-username, security-password or security-token, as keys of the properties, also the properties generated by your AuthInitialize interface
        Returns:
        a serializable principal object
        Throws:
        AuthenticationFailedException - if the credentials are invalid, this exception will be seen by the client.

      • authorize

        public boolean authorize​(java.lang.Object principal,
                         ResourcePermission permission)
        Description copied from interface: SecurityManager
        Authorize the ResourcePermission for a given Principal
        Specified by:
        authorize in interface SecurityManager
        Parameters:
        principal - The principal that's requesting the permission
        permission - The permission requested
        Returns:
        true if authorized, false if not

      • close

        public void close()
        Description copied from interface: SecurityManager
        Close any resources used by the SecurityManager, called when a cache is closed.
        Specified by:
        close in interface SecurityManager