| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <!-- NewPage --> |
| <html lang="en"> |
| <head> |
| <!-- Generated by javadoc (1.8.0_272) on Thu Nov 12 16:27:25 PST 2020 --> |
| <title>MethodInvocationAuthorizer (Apache Geode 1.13.1)</title> |
| <meta name="date" content="2020-11-12"> |
| <link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style"> |
| <script type="text/javascript" src="../../../../../../script.js"></script> |
| </head> |
| <body> |
| <script type="text/javascript"><!-- |
| try { |
| if (location.href.indexOf('is-external=true') == -1) { |
| parent.document.title="MethodInvocationAuthorizer (Apache Geode 1.13.1)"; |
| } |
| } |
| catch(err) { |
| } |
| //--> |
| var methods = {"i0":6,"i1":18}; |
| var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],4:["t3","Abstract Methods"],16:["t5","Default Methods"]}; |
| var altColor = "altColor"; |
| var rowColor = "rowColor"; |
| var tableTab = "tableTab"; |
| var activeTableTab = "activeTableTab"; |
| </script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| <!-- ========= START OF TOP NAVBAR ======= --> |
| <div class="topNav"><a name="navbar.top"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.top.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../../../org/apache/geode/cache/query/security/JavaBeanAccessorMethodAuthorizer.html" title="class in org.apache.geode.cache.query.security"><span class="typeNameLink">Prev Class</span></a></li> |
| <li><a href="../../../../../../org/apache/geode/cache/query/security/RegExMethodAuthorizer.html" title="class in org.apache.geode.cache.query.security"><span class="typeNameLink">Next Class</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../../../index.html?org/apache/geode/cache/query/security/MethodInvocationAuthorizer.html" target="_top">Frames</a></li> |
| <li><a href="MethodInvocationAuthorizer.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_top"> |
| <li><a href="../../../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_top"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.top"> |
| <!-- --> |
| </a></div> |
| <!-- ========= END OF TOP NAVBAR ========= --> |
| <!-- ======== START OF CLASS DATA ======== --> |
| <div class="header"> |
| <div class="subTitle">org.apache.geode.cache.query.security</div> |
| <h2 title="Interface MethodInvocationAuthorizer" class="title">Interface MethodInvocationAuthorizer</h2> |
| </div> |
| <div class="contentContainer"> |
| <div class="description"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <dl> |
| <dt>All Known Implementing Classes:</dt> |
| <dd><a href="../../../../../../org/apache/geode/examples/security/ExampleAnnotationBasedMethodInvocationAuthorizer.html" title="class in org.apache.geode.examples.security">ExampleAnnotationBasedMethodInvocationAuthorizer</a>, <a href="../../../../../../org/apache/geode/cache/query/security/JavaBeanAccessorMethodAuthorizer.html" title="class in org.apache.geode.cache.query.security">JavaBeanAccessorMethodAuthorizer</a>, <a href="../../../../../../org/apache/geode/cache/query/security/RegExMethodAuthorizer.html" title="class in org.apache.geode.cache.query.security">RegExMethodAuthorizer</a>, <a href="../../../../../../org/apache/geode/cache/query/security/RestrictedMethodAuthorizer.html" title="class in org.apache.geode.cache.query.security">RestrictedMethodAuthorizer</a>, <a href="../../../../../../org/apache/geode/cache/query/security/UnrestrictedMethodAuthorizer.html" title="class in org.apache.geode.cache.query.security">UnrestrictedMethodAuthorizer</a></dd> |
| </dl> |
| <hr> |
| <br> |
| <pre>public interface <span class="typeNameLabel">MethodInvocationAuthorizer</span></pre> |
| <div class="block">The root interface that should be implemented by method invocation authorizer instances. |
| The authorizer is responsible for determining whether a <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/reflect/Method.html?is-external=true" title="class or interface in java.lang.reflect"><code>Method</code></a> is |
| allowed to be executed on a specific <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang"><code>Object</code></a> instance. Implementations of this |
| interface should provide a no-arg constructor. |
| <p/> |
| |
| There are mainly four security risks when allowing users to execute arbitrary methods in OQL, |
| which should be addressed by implementations of this interface: |
| <p> |
| <ul> |
| <li><code>Java Reflection</code>: do anything through <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass--" title="class or interface in java.lang"><code>Object.getClass()</code></a> or similar. |
| <li><code>Cache Modification</code>: execute <a href="../../../../../../org/apache/geode/cache/Cache.html" title="interface in org.apache.geode.cache"><code>Cache</code></a> operations (close, get regions, etc.). |
| <li><code>Region Modification</code>: execute <a href="../../../../../../org/apache/geode/cache/Region.html" title="interface in org.apache.geode.cache"><code>Region</code></a> operations (destroy, invalidate, etc.). |
| <li><code>Region Entry Modification</code>: execute in-place modifications on the region entries. |
| </ul> |
| </p> |
| |
| Implementations of this interface should be thread-safe: multiple threads might be authorizing |
| several method invocations using the same instance at the same time.</div> |
| </li> |
| </ul> |
| </div> |
| <div class="summary"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ========== METHOD SUMMARY =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method.summary"> |
| <!-- --> |
| </a> |
| <h3>Method Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation"> |
| <caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd"> </span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd"> </span></span><span id="t3" class="tableTab"><span><a href="javascript:show(4);">Abstract Methods</a></span><span class="tabEnd"> </span></span><span id="t5" class="tableTab"><span><a href="javascript:show(16);">Default Methods</a></span><span class="tabEnd"> </span></span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Method and Description</th> |
| </tr> |
| <tr id="i0" class="altColor"> |
| <td class="colFirst"><code>boolean</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/geode/cache/query/security/MethodInvocationAuthorizer.html#authorize-java.lang.reflect.Method-java.lang.Object-">authorize</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/reflect/Method.html?is-external=true" title="class or interface in java.lang.reflect">Method</a> method, |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a> target)</code> |
| <div class="block">Executes the authorization logic to determine whether the <code>method</code> is allowed to be |
| executed on the <code>target</code> object instance.</div> |
| </td> |
| </tr> |
| <tr id="i1" class="rowColor"> |
| <td class="colFirst"><code>default void</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/geode/cache/query/security/MethodInvocationAuthorizer.html#initialize-org.apache.geode.cache.Cache-java.util.Set-">initialize</a></span>(<a href="../../../../../../org/apache/geode/cache/Cache.html" title="interface in org.apache.geode.cache">Cache</a> cache, |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a><<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>> parameters)</code> |
| <div class="block">Initializes the MethodInvocationAuthorizer using a <a href="../../../../../../org/apache/geode/cache/Cache.html" title="interface in org.apache.geode.cache"><code>Cache</code></a> and a <a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util"><code>Set</code></a> of |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang"><code>String</code></a> parameters.</div> |
| </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| <div class="details"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ============ METHOD DETAIL ========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method.detail"> |
| <!-- --> |
| </a> |
| <h3>Method Detail</h3> |
| <a name="initialize-org.apache.geode.cache.Cache-java.util.Set-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>initialize</h4> |
| <pre>default void initialize(<a href="../../../../../../org/apache/geode/cache/Cache.html" title="interface in org.apache.geode.cache">Cache</a> cache, |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util">Set</a><<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a>> parameters)</pre> |
| <div class="block">Initializes the MethodInvocationAuthorizer using a <a href="../../../../../../org/apache/geode/cache/Cache.html" title="interface in org.apache.geode.cache"><code>Cache</code></a> and a <a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util"><code>Set</code></a> of |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang"><code>String</code></a> parameters. |
| <p/> |
| |
| This method exists to allow user-specified method authorizers to be configured and used at |
| runtime. If this method is not overridden in a user-specified authorizer then that authorizer |
| will not be configurable.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>cache</code> - the <a href="../../../../../../org/apache/geode/cache/Cache.html" title="interface in org.apache.geode.cache"><code>Cache</code></a> to which the MethodInvocationAuthorizer will belong</dd> |
| <dd><code>parameters</code> - a <a href="https://docs.oracle.com/javase/8/docs/api/java/util/Set.html?is-external=true" title="class or interface in java.util"><code>Set</code></a> of <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang"><code>String</code></a> that will be used to configure the |
| MethodInvocationAuthorizer</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="authorize-java.lang.reflect.Method-java.lang.Object-"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>authorize</h4> |
| <pre>boolean authorize(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/reflect/Method.html?is-external=true" title="class or interface in java.lang.reflect">Method</a> method, |
| <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a> target)</pre> |
| <div class="block">Executes the authorization logic to determine whether the <code>method</code> is allowed to be |
| executed on the <code>target</code> object instance. |
| <p/> |
| |
| <b>Implementation Note</b>: the query engine will remember whether the method invocation has |
| been already authorized or not for the current query context, so this method will be called |
| once in the lifetime of a query for every new method seen while traversing the objects. |
| Nevertheless, the implementation should be lighting fast as it will be called by the |
| OQL engine in runtime during the query execution.</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>method</code> - the <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/reflect/Method.html?is-external=true" title="class or interface in java.lang.reflect"><code>Method</code></a> that should be authorized.</dd> |
| <dd><code>target</code> - the <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang"><code>Object</code></a> on which the <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/reflect/Method.html?is-external=true" title="class or interface in java.lang.reflect"><code>Method</code></a> will be executed.</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd><code>true</code> if the <code>method</code> can be executed on on the <code>target</code> instance, |
| <code>false</code> otherwise.</dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <!-- ========= END OF CLASS DATA ========= --> |
| <!-- ======= START OF BOTTOM NAVBAR ====== --> |
| <div class="bottomNav"><a name="navbar.bottom"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.bottom.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../../../org/apache/geode/cache/query/security/JavaBeanAccessorMethodAuthorizer.html" title="class in org.apache.geode.cache.query.security"><span class="typeNameLink">Prev Class</span></a></li> |
| <li><a href="../../../../../../org/apache/geode/cache/query/security/RegExMethodAuthorizer.html" title="class in org.apache.geode.cache.query.security"><span class="typeNameLink">Next Class</span></a></li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../../../index.html?org/apache/geode/cache/query/security/MethodInvocationAuthorizer.html" target="_top">Frames</a></li> |
| <li><a href="MethodInvocationAuthorizer.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_bottom"> |
| <li><a href="../../../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_bottom"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li>Field | </li> |
| <li>Constr | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.bottom"> |
| <!-- --> |
| </a></div> |
| <!-- ======== END OF BOTTOM NAVBAR ======= --> |
| </body> |
| </html> |