Package org.apache.geode.security

Interface AccessControl

  • All Superinterfaces:
    CacheCallback, Declarable
    @Deprecated
public interface AccessControl
extends CacheCallback
    Deprecated.
    since Geode 1.0, use SecurityManager instead
    Specifies the interface to authorize operations at the cache or region level for clients or servers. Implementations should register name of the static creation function as the security-client-accessor system property with all the servers uniformly in the distributed system for client authorization. When the security-client-accessor-pp property is set then the callback mentioned is invoked after the operation completes successfully and when sending notifications. When the registration has been done for a client/peer then an object of this class is created for each connection from the client/peer and the authorizeOperation method invoked before/after each operation.
    Since:
    GemFire 5.5

    • Method Detail

      • init

        void init​(java.security.Principal principal,
          DistributedMember remoteMember,
          Cache cache)
   throws NotAuthorizedException
        Deprecated.
        Initialize the callback for a client/peer having the given principal. This is invoked when a new connection from a client/peer is created with the host. The callback is expected to store authentication information of the given principal for the different regions for maximum efficiency when invoking authorizeOperation in each operation.
        Parameters:
        principal - the principal associated with the authenticated client or peer; a null principal implies an unauthenticated client which should be handled properly by implementations
        remoteMember - the DistributedMember object for the remote authenticated client or peer
        cache - reference to the cache object
        Throws:
        NotAuthorizedException - if some exception condition happens during the initialization; in such a case all subsequent client operations on that connection will throw NotAuthorizedException

      • authorizeOperation

        boolean authorizeOperation​(java.lang.String regionName,
                           OperationContext context)
        Deprecated.
        Check if the given operation is allowed for the cache/region. This method is invoked in each cache and region level operation. It is, therefore, expected that as far as possible relevant information has been cached in the init call made when the connection was established so that this call is as quick as possible.
        Parameters:
        regionName - When null then it indicates a cache-level operation (i.e. one of OperationContext.OperationCode.REGION_DESTROY or OperationContext.OperationCode.QUERY, else the name of the region for the operation.
        context - When invoked before the operation then the data required by the operation. When invoked as a post-process filter then it contains the result of the operation. The data in the context can be possibly modified by the method.
        Returns:
        true if the operation is authorized and false otherwise