Package org.apache.geode.examples.security

Class ExampleSecurityManager

  • java.lang.Object
    • org.apache.geode.examples.security.ExampleSecurityManager
  • All Implemented Interfaces:
    SecurityManager
    public class ExampleSecurityManager
extends java.lang.Object
implements SecurityManager
    This class provides a sample implementation of SecurityManager for authentication and authorization initialized from data provided as JSON.

    A Geode member must be configured with the following:

    security-manager = org.apache.geode.examples.security.ExampleSecurityManager

    The class can be initialized with from a JSON resource called security.json. This file must exist on the classpath, so members should be started with an appropriate --classpath option.

    The format of the JSON for configuration is as follows: 

     
 {
   "roles": [
     {
       "name": "admin",
       "operationsAllowed": [
         "CLUSTER:MANAGE",
         "DATA:MANAGE"
       ]
     },
     {
       "name": "readRegionA",
       "operationsAllowed": [
         "DATA:READ"
       ],
       "regions": ["RegionA", "RegionB"]
     }
   ],
   "users": [
     {
       "name": "admin",
       "password": "secret",
       "roles": ["admin"]
     },
     {
       "name": "guest",
       "password": "guest",
       "roles": ["readRegionA"]
     }
   ]
 }

    • Field Detail

      • DEFAULT_JSON_FILE_NAME

        protected static final java.lang.String DEFAULT_JSON_FILE_NAME
        See Also:
        Constant Field Values

    • Constructor Detail

      • ExampleSecurityManager

        public ExampleSecurityManager()

    • Method Detail

      • authorize

        public boolean authorize​(java.lang.Object principal,
                         ResourcePermission context)
        Description copied from interface: SecurityManager
        Authorize the ResourcePermission for a given Principal
        Specified by:
        authorize in interface SecurityManager
        Parameters:
        principal - The principal that's requesting the permission
        context - The permission requested
        Returns:
        true if authorized, false if not

      • authenticate

        public java.lang.Object authenticate​(java.util.Properties credentials)
                              throws AuthenticationFailedException
        Description copied from interface: SecurityManager
        Verify the credentials provided in the properties Your security manager needs to validate credentials coming from all communication channels. If you use AuthInitialize to generate your client/peer credentials, then the input of this method is the output of your AuthInitialize.getCredentials method. But remember that this method will also need to validate credentials coming from gfsh/jmx/rest client, the framework is putting the username/password under security-username and security-password keys in the property, so your securityManager implementation needs to validate these kind of properties as well. if a channel supports token-based-authentication, the token will be passed to the security manager in the property with the key "security-token".
        Specified by:
        authenticate in interface SecurityManager
        Parameters:
        credentials - it contains the security-username, security-password or security-token, as keys of the properties, also the properties generated by your AuthInitialize interface
        Returns:
        a serializable principal object
        Throws:
        AuthenticationFailedException - if the credentials are invalid, this exception will be seen by the client.

      • initializeFromJsonResource

        public boolean initializeFromJsonResource​(java.lang.String jsonResource)