Package org.apache.geode.cache.query.security

Class RestrictedMethodAuthorizer

  • java.lang.Object
    • org.apache.geode.cache.query.security.RestrictedMethodAuthorizer
  • All Implemented Interfaces:
    MethodInvocationAuthorizer
    public final class RestrictedMethodAuthorizer
extends java.lang.Object
implements MethodInvocationAuthorizer
    The default, immutable and thread-safe MethodInvocationAuthorizer used by Geode to determine whether a Method is allowed to be executed on a specific Object instance.

    This authorizer addresses the four known security risks: Java Reflection, Cache Modification, Region Modification and Region Entry Modification.

    Custom applications can delegate to this class and use it as the starting point for providing use case specific authorizers.

    See Also:
    Cache, MethodInvocationAuthorizer

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static java.lang.String UNAUTHORIZED_STRING  

    • Constructor Summary

      Constructors 
      Constructor Description
      RestrictedMethodAuthorizer​(Cache cache)
      Creates a RestrictedMethodAuthorizer object and initializes it so it can be safely used in a multi-threaded environment.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean authorize​(java.lang.reflect.Method method, java.lang.Object target)
      Executes the authorization logic to determine whether the method is allowed to be executed on the target object instance.
      boolean isAllowedGeodeMethod​(java.lang.reflect.Method method, java.lang.Object target)
      Executes the verification logic to determine whether the target object instance belongs to Geode and whether the method on the target object instance is considered to be safe according to Geode security rules.
      boolean isPermanentlyForbiddenMethod​(java.lang.reflect.Method method, java.lang.Object target)
      Executes the verification logic to determine whether the method on the target object instance is considered to be non safe according to Geode security rules.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Field Detail

      • UNAUTHORIZED_STRING

        public static final java.lang.String UNAUTHORIZED_STRING
        See Also:
        Constant Field Values

    • Constructor Detail

      • RestrictedMethodAuthorizer

        public RestrictedMethodAuthorizer​(Cache cache)
        Creates a RestrictedMethodAuthorizer object and initializes it so it can be safely used in a multi-threaded environment.

        If the Cache instance passed as parameter was previously created by Geode, the authorizer will use the security service already configured in order to determine whether a specific user has read privileges upon a particular region. If the Cache instance passed as parameter is a wrapper created by external frameworks, the authorizer will create a new instance of the security service using the configuration properties used to initialize the cache.

        Applications can also use this constructor as part of the initialization for custom authorizers (see Declarable.initialize(Cache, Properties)), when using a declarative approach.

        Parameters:
        cache - the Cache instance that owns this authorizer, required in order to configure the security rules used.

    • Method Detail

      • isAllowedGeodeMethod

        public boolean isAllowedGeodeMethod​(java.lang.reflect.Method method,
                                    java.lang.Object target)
        Executes the verification logic to determine whether the target object instance belongs to Geode and whether the method on the target object instance is considered to be safe according to Geode security rules. If the target object is an instance of Region, this methods also ensures that the user has the DATA:READ permission granted for the target Region.

        Parameters:
        method - the Method that should be verified.
        target - the Object on which the Method will be executed.
        Returns:
        true if and only if the target object instance belongs to Geode and the method is considered safe to be executed on the target object instance according to the Geode security rules, false otherwise.

      • isPermanentlyForbiddenMethod

        public boolean isPermanentlyForbiddenMethod​(java.lang.reflect.Method method,
                                            java.lang.Object target)
        Executes the verification logic to determine whether the method on the target object instance is considered to be non safe according to Geode security rules.

        The following methods are currently considered non safe, no matter what the target object is:

        • getClass
        • readObject
        • readResolve
        • readObjectNoData
        • writeObject
        • writeReplace

        Parameters:
        method - the Method that should be verified.
        target - the Object on which the Method will be executed.
        Returns:
        true if the method is considered non safe to be executed on the target instance according to the Geode security rules, false otherwise.

      • authorize

        public boolean authorize​(java.lang.reflect.Method method,
                         java.lang.Object target)
        Executes the authorization logic to determine whether the method is allowed to be executed on the target object instance. If the target object is an instance of Region, this methods also ensures that the user has the DATA:READ permission granted for the target Region.

        Specified by:
        authorize in interface MethodInvocationAuthorizer
        Parameters:
        method - the Method that should be authorized.
        target - the Object on which the Method will be executed.
        Returns:
        true if the method can be executed on on the target instance, false otherwise.
        See Also:
        MethodInvocationAuthorizer