Package org.apache.geode.security

Interface AuthInitialize

  • All Superinterfaces:
    CacheCallback, Declarable
    public interface AuthInitialize
extends CacheCallback
    Specifies the mechanism to obtain credentials for a client or peer. It is mandatory for clients and peers when running in secure mode and a SecurityManager has been configured on the server/locator side respectively. Implementations should register name of the static creation function (that returns an object of the class) as the security-peer-auth-init system property on peers and as the security-client-auth-init system property on clients.
    Since:
    GemFire 5.5

    • Method Detail

      • init

        default void init​(LogWriter systemLogger,
                  LogWriter securityLogger)
           throws AuthenticationFailedException
        Initialize the callback for a client/peer. This is invoked when a new connection from a client/peer is created with the host. For future implementations, do not use these loggers, use log4j logger directly.
        Parameters:
        systemLogger - LogWriter for system logs
        securityLogger - LogWriter for security logs
        Throws:
        AuthenticationFailedException - if some exception occurs during the initialization

      • getCredentials

        java.util.Properties getCredentials​(java.util.Properties securityProps,
                                    DistributedMember server,
                                    boolean isPeer)
                             throws AuthenticationFailedException
        Initialize with the given set of security properties and return the credentials for the peer/client as properties. This method can modify the given set of properties. For example it may invoke external agents or even interact with the user. Normally it is expected that implementations will filter out security-* properties that are needed for credentials and return only those.
        Parameters:
        securityProps - the security properties obtained using a call to DistributedSystem.getSecurityProperties() that will be used for obtaining the credentials
        server - the DistributedMember object of the server/group-coordinator to which connection is being attempted
        isPeer - true when this is invoked for peer initialization and false when invoked for client initialization
        Returns:
        the credentials to be used for the given server It needs to contain "security-username" and "security-password" if you use username/password combination as credentials When using Integrated security, all members, peer/client will use the same credentials. but we still need to use these params to support the old authenticator
        Throws:
        AuthenticationFailedException - in case of failure to obtain the credentials