Package org.apache.geode.cache.query.security

Class JavaBeanAccessorMethodAuthorizer

  • java.lang.Object
    • org.apache.geode.cache.query.security.JavaBeanAccessorMethodAuthorizer
  • All Implemented Interfaces:
    MethodInvocationAuthorizer
    public final class JavaBeanAccessorMethodAuthorizer
extends java.lang.Object
implements MethodInvocationAuthorizer
    An immutable and thread-safe MethodInvocationAuthorizer that allows any method execution that follows the design patterns for accessor methods described in the JavaBean specification 1.01; that is, any method whose name begins with 'get' or 'is'. For additional security, only methods belonging to classes in user-specified packages will be allowed. If a method does not match the user-specified parameters, or belongs to the 'org.apache.geode' package, then the decision of whether to authorize or not will be delegated to the default RestrictedMethodAuthorizer.

    Some known dangerous methods, like Object.getClass(), are also rejected by this authorizer implementation (see RestrictedMethodAuthorizer.isPermanentlyForbiddenMethod(Method, Object)).

    When used as intended, with all region entries and OQL bind parameters following the JavaBean specification 1.01, this authorizer implementation addresses all four of the known security risks: Java Reflection, Cache Modification, Region Modification and Region Entry Modification.

    It should be noted that the Region Entry Modification security risk still potentially exists: users with the DATA:READ:RegionName privilege will be able to execute any method whose name starts with 'is' or 'get' on the objects stored within the region and on instances used as bind parameters of the OQL, providing they are in the specified packages. If those methods do not fully follow the JavaBean 1.01 specification that accessors do not modify the instance's state then entry modifications are possible.

    Usage of this authorizer implementation is only recommended for secured clusters on which the Operator has full confidence that all objects stored in regions and used as OQL bind parameters follow JavaBean specification 1.01. It might also be used on clusters on which the entries stored are immutable.

    See Also:
    Cache, MethodInvocationAuthorizer, RestrictedMethodAuthorizer

    • Constructor Summary

      Constructors 
      Constructor Description
      JavaBeanAccessorMethodAuthorizer​(Cache cache, java.util.Set<java.lang.String> allowedPackages)
      Creates a JavaBeanAccessorMethodAuthorizer object and initializes it so it can be safely used in a multi-threaded environment.
      JavaBeanAccessorMethodAuthorizer​(RestrictedMethodAuthorizer restrictedMethodAuthorizer, java.util.Set<java.lang.String> allowedPackages)
      Creates a JavaBeanAccessorMethodAuthorizer object and initializes it so it can be safely used in a multi-threaded environment.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean authorize​(java.lang.reflect.Method method, java.lang.Object target)
      Executes the authorization logic to determine whether the method is allowed to be executed on the target object instance.
      java.util.Set<java.lang.String> getAllowedPackages()
      Returns an unmodifiable view of the allowed packages for this authorizer.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • JavaBeanAccessorMethodAuthorizer

        public JavaBeanAccessorMethodAuthorizer​(Cache cache,
                                        java.util.Set<java.lang.String> allowedPackages)
        Creates a JavaBeanAccessorMethodAuthorizer object and initializes it so it can be safely used in a multi-threaded environment.

        Applications can use this constructor as part of the initialization for custom authorizers (see Declarable.initialize(Cache, Properties)), when using a declarative approach.

        Parameters:
        cache - the Cache instance that owns this authorizer, required in order to configure the default RestrictedMethodAuthorizer.
        allowedPackages - the packages containing classes for which 'is' and 'get' methods will be authorized.

      • JavaBeanAccessorMethodAuthorizer

        public JavaBeanAccessorMethodAuthorizer​(RestrictedMethodAuthorizer restrictedMethodAuthorizer,
                                        java.util.Set<java.lang.String> allowedPackages)
        Creates a JavaBeanAccessorMethodAuthorizer object and initializes it so it can be safely used in a multi-threaded environment.

        Parameters:
        restrictedMethodAuthorizer - the default RestrictedMethodAuthorizer to use.
        allowedPackages - the packages containing classes for which 'is' and 'get' methods will be authorized.

    • Method Detail

      • authorize

        public boolean authorize​(java.lang.reflect.Method method,
                         java.lang.Object target)
        Executes the authorization logic to determine whether the method is allowed to be executed on the target object instance. If the target object is an instance of Region, this methods also ensures that the user has the DATA:READ permission granted for the target Region.

        Specified by:
        authorize in interface MethodInvocationAuthorizer
        Parameters:
        method - the Method that should be authorized.
        target - the Object on which the Method will be executed.
        Returns:
        true if the method can be executed on on the target instance, false otherwise.
        See Also:
        MethodInvocationAuthorizer

      • getAllowedPackages

        public java.util.Set<java.lang.String> getAllowedPackages()
        Returns an unmodifiable view of the allowed packages for this authorizer. This method can be used to get "read-only" access to the set containing the packages specified as allowed on construction of this authorizer.
        Returns:
        an unmodifiable view of the allowed packages for this authorizer.