VMware GemFire Java API Reference
Package org.apache.geode.security
Interface SecurityManager
- 
- All Known Implementing Classes:
- ExampleSecurityManager,- SimpleSecurityManager
 
 public interface SecurityManagerUser implementation of a authentication/authorization logic for Integrated Security. The implementation will guard client/server, JMX, Pulse, GFSH commands- Since:
- Geode 1.0
 
- 
- 
Field SummaryFields Modifier and Type Field Description static java.lang.StringPASSWORDproperty name of the password passed in the Properties in authenticate methodstatic java.lang.StringTOKENproperty name of the token passed in the Properties in authenticate methodstatic java.lang.StringUSER_NAMEproperty name of the username passed in the Properties in authenticate method
 - 
Method SummaryAll Methods Instance Methods Abstract Methods Default Methods Modifier and Type Method Description java.lang.Objectauthenticate(java.util.Properties credentials)Verify the credentials provided in the properties Your security manager needs to validate credentials coming from all communication channels.default booleanauthorize(java.lang.Object principal, ResourcePermission permission)Authorize the ResourcePermission for a given Principaldefault voidclose()Close any resources used by the SecurityManager, called when a cache is closed.default voidinit(java.util.Properties securityProps)Initialize the SecurityManager.
 
- 
- 
- 
Field Detail- 
USER_NAMEstatic final java.lang.String USER_NAME property name of the username passed in the Properties in authenticate method- See Also:
- Constant Field Values
 
 - 
PASSWORDstatic final java.lang.String PASSWORD property name of the password passed in the Properties in authenticate method- See Also:
- Constant Field Values
 
 - 
TOKENstatic final java.lang.String TOKEN property name of the token passed in the Properties in authenticate method- See Also:
- Constant Field Values
 
 
- 
 - 
Method Detail- 
initdefault void init(java.util.Properties securityProps) Initialize the SecurityManager. This is invoked when a cache is created- Parameters:
- securityProps- the security properties obtained using a call to- DistributedSystem.getSecurityProperties()
 
 - 
authenticatejava.lang.Object authenticate(java.util.Properties credentials) throws AuthenticationFailedException, AuthenticationExpiredExceptionVerify the credentials provided in the properties Your security manager needs to validate credentials coming from all communication channels. If you use AuthInitialize to generate your client/peer credentials, then the input of this method is the output of your AuthInitialize.getCredentials method. But remember that this method will also need to validate credentials coming from gfsh/jmx/rest client, the framework is putting the username/password under security-username and security-password keys in the property, so your securityManager implementation needs to validate these kind of properties as well. if a channel supports token-based-authentication, the token will be passed to the security manager in the property with the key "security-token".- Parameters:
- credentials- it contains the security-username, security-password or security-token, as keys of the properties, also the properties generated by your AuthInitialize interface
- Returns:
- a serializable principal object
- Throws:
- AuthenticationFailedException- if the credentials are invalid, this exception will be seen by the client.
- AuthenticationExpiredException- if credentials have expired, this will give the client a second chance to gather new credentials and try login again once more.
 
 - 
authorizedefault boolean authorize(java.lang.Object principal, ResourcePermission permission) throws AuthenticationExpiredExceptionAuthorize the ResourcePermission for a given Principal- Parameters:
- principal- The principal that's requesting the permission
- permission- The permission requested
- Returns:
- true if authorized, false if not
- Throws:
- AuthenticationExpiredException- if the principal has expired.
 
 - 
closedefault void close() Close any resources used by the SecurityManager, called when a cache is closed.
 
- 
 
- 
