Google Git
Sign in
apache / geode-site / e34feab93a412b3a69cbf8fa62066688ee68dae4 / . / releases / latest / javadoc / org / apache / geode / cache / query / security / UnrestrictedMethodAuthorizer.html
blob: 6d328ab77a99a5e9f001bbcdacc3a22805b5a017 [file] [log] [blame]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc -->
<title>UnrestrictedMethodAuthorizer (Apache Geode 1.15.1)</title>
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
<script type="text/javascript" src="../../../../../../script.js"></script>
</head>
<body>
<script type="text/javascript"><!--
try {
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="UnrestrictedMethodAuthorizer (Apache Geode 1.15.1)";
}
}
catch(err) {
}
//-->
var methods = {"i0":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a name="navbar.top">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a name="navbar.top.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../overview-summary.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../../../org/apache/geode/cache/query/security/RestrictedMethodAuthorizer.html" title="class in org.apache.geode.cache.query.security"><span class="typeNameLink">Prev&nbsp;Class</span></a></li>
<li>Next&nbsp;Class</li>
</ul>
<ul class="navList">
<li><a href="../../../../../../index.html?org/apache/geode/cache/query/security/UnrestrictedMethodAuthorizer.html" target="_top">Frames</a></li>
<li><a href="UnrestrictedMethodAuthorizer.html" target="_top">No&nbsp;Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../../allclasses-noframe.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a name="skip.navbar.top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
<!-- ======== START OF CLASS DATA ======== -->
<div class="header">
<div class="subTitle">org.apache.geode.cache.query.security</div>
<h2 title="Class UnrestrictedMethodAuthorizer" class="title">Class UnrestrictedMethodAuthorizer</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">java.lang.Object</a></li>
<li>
<ul class="inheritance">
<li>org.apache.geode.cache.query.security.UnrestrictedMethodAuthorizer</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><a href="../../../../../../org/apache/geode/cache/query/security/MethodInvocationAuthorizer.html" title="interface in org.apache.geode.cache.query.security">MethodInvocationAuthorizer</a></dd>
</dl>
<hr>
<br>
<pre>public final class <span class="typeNameLabel">UnrestrictedMethodAuthorizer</span>
extends <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a>
implements <a href="../../../../../../org/apache/geode/cache/query/security/MethodInvocationAuthorizer.html" title="interface in org.apache.geode.cache.query.security">MethodInvocationAuthorizer</a></pre>
<div class="block">An immutable and thread-safe <a href="../../../../../../org/apache/geode/cache/query/security/MethodInvocationAuthorizer.html" title="interface in org.apache.geode.cache.query.security"><code>MethodInvocationAuthorizer</code></a> that allows any method execution
as long as the target object does not belong to a Geode package, or does belong but it's marked
as safe (see <a href="../../../../../../org/apache/geode/cache/query/security/RestrictedMethodAuthorizer.html#isAllowedGeodeMethod-java.lang.reflect.Method-java.lang.Object-"><code>RestrictedMethodAuthorizer.isAllowedGeodeMethod(Method, Object)</code></a>).
<p>
Some known dangerous methods, like <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass--" title="class or interface in java.lang"><code>Object.getClass()</code></a>, are also rejected by this
authorizer implementation, no matter whether the target object belongs to Geode or not
(see <a href="../../../../../../org/apache/geode/cache/query/security/RestrictedMethodAuthorizer.html#isPermanentlyForbiddenMethod-java.lang.reflect.Method-java.lang.Object-"><code>RestrictedMethodAuthorizer.isPermanentlyForbiddenMethod(Method, Object)</code></a>).
<p>
This authorizer implementation addresses only three of the four known security risks:
<code>Java Reflection</code>, <code>Cache Modification</code> and <code>Region Modification</code>.
<p>
The <code>Region Entry Modification</code> security risk still exists: users with the
<code>DATA:READ:RegionName</code> privilege will be able to execute ANY method (even mutators) on the
objects stored within the region and on instances used as bind parameters of the OQL, so this
authorizer implementation must be used with extreme care.
<p>
Usage of this authorizer implementation is only recommended for secured clusters on which only
trusted users and applications have access to the OQL engine. It might also be used on clusters
on which the entries stored are immutable.</div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../../org/apache/geode/cache/Cache.html" title="interface in org.apache.geode.cache"><code>Cache</code></a>,
<a href="../../../../../../org/apache/geode/cache/query/security/MethodInvocationAuthorizer.html" title="interface in org.apache.geode.cache.query.security"><code>MethodInvocationAuthorizer</code></a>,
<a href="../../../../../../org/apache/geode/cache/query/security/RestrictedMethodAuthorizer.html" title="class in org.apache.geode.cache.query.security"><code>RestrictedMethodAuthorizer</code></a></dd>
</dl>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- ======== CONSTRUCTOR SUMMARY ======== -->
<ul class="blockList">
<li class="blockList"><a name="constructor.summary">
<!-- -->
</a>
<h3>Constructor Summary</h3>
<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Constructor Summary table, listing constructors, and an explanation">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colOne" scope="col">Constructor and Description</th>
</tr>
<tr class="altColor">
<td class="colOne"><code><span class="memberNameLink"><a href="../../../../../../org/apache/geode/cache/query/security/UnrestrictedMethodAuthorizer.html#UnrestrictedMethodAuthorizer-org.apache.geode.cache.Cache-">UnrestrictedMethodAuthorizer</a></span>(<a href="../../../../../../org/apache/geode/cache/Cache.html" title="interface in org.apache.geode.cache">Cache</a>&nbsp;cache)</code>
<div class="block">Creates a <code>UnrestrictedMethodAuthorizer</code> object and initializes it so it can be safely
used in a multi-threaded environment.</div>
</td>
</tr>
<tr class="rowColor">
<td class="colOne"><code><span class="memberNameLink"><a href="../../../../../../org/apache/geode/cache/query/security/UnrestrictedMethodAuthorizer.html#UnrestrictedMethodAuthorizer-org.apache.geode.cache.query.security.RestrictedMethodAuthorizer-">UnrestrictedMethodAuthorizer</a></span>(<a href="../../../../../../org/apache/geode/cache/query/security/RestrictedMethodAuthorizer.html" title="class in org.apache.geode.cache.query.security">RestrictedMethodAuthorizer</a>&nbsp;restrictedMethodAuthorizer)</code>
<div class="block">Creates a <code>UnrestrictedMethodAuthorizer</code> object and initializes it so it can be safely
used in a multi-threaded environment.</div>
</td>
</tr>
</table>
</li>
</ul>
<!-- ========== METHOD SUMMARY =========== -->
<ul class="blockList">
<li class="blockList"><a name="method.summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colLast" scope="col">Method and Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code>boolean</code></td>
<td class="colLast"><code><span class="memberNameLink"><a href="../../../../../../org/apache/geode/cache/query/security/UnrestrictedMethodAuthorizer.html#authorize-java.lang.reflect.Method-java.lang.Object-">authorize</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/reflect/Method.html?is-external=true" title="class or interface in java.lang.reflect">Method</a>&nbsp;method,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a>&nbsp;target)</code>
<div class="block">Executes the authorization logic to determine whether the <code>method</code> is allowed to be
executed on the <code>target</code> object instance.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a name="methods.inherited.from.class.java.lang.Object">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></h3>
<code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone--" title="class or interface in java.lang">clone</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals-java.lang.Object-" title="class or interface in java.lang">equals</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize--" title="class or interface in java.lang">finalize</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass--" title="class or interface in java.lang">getClass</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#hashCode--" title="class or interface in java.lang">hashCode</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notify--" title="class or interface in java.lang">notify</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notifyAll--" title="class or interface in java.lang">notifyAll</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#toString--" title="class or interface in java.lang">toString</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait--" title="class or interface in java.lang">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait-long-" title="class or interface in java.lang">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait-long-int-" title="class or interface in java.lang">wait</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a name="methods.inherited.from.class.org.apache.geode.cache.query.security.MethodInvocationAuthorizer">
<!-- -->
</a>
<h3>Methods inherited from interface&nbsp;org.apache.geode.cache.query.security.<a href="../../../../../../org/apache/geode/cache/query/security/MethodInvocationAuthorizer.html" title="interface in org.apache.geode.cache.query.security">MethodInvocationAuthorizer</a></h3>
<code><a href="../../../../../../org/apache/geode/cache/query/security/MethodInvocationAuthorizer.html#initialize-org.apache.geode.cache.Cache-java.util.Set-">initialize</a></code></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ========= CONSTRUCTOR DETAIL ======== -->
<ul class="blockList">
<li class="blockList"><a name="constructor.detail">
<!-- -->
</a>
<h3>Constructor Detail</h3>
<a name="UnrestrictedMethodAuthorizer-org.apache.geode.cache.Cache-">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>UnrestrictedMethodAuthorizer</h4>
<pre>public&nbsp;UnrestrictedMethodAuthorizer(<a href="../../../../../../org/apache/geode/cache/Cache.html" title="interface in org.apache.geode.cache">Cache</a>&nbsp;cache)</pre>
<div class="block">Creates a <code>UnrestrictedMethodAuthorizer</code> object and initializes it so it can be safely
used in a multi-threaded environment.
<p>
Applications can use this constructor as part of the initialization for custom authorizers
(see <a href="../../../../../../org/apache/geode/cache/Declarable.html#initialize-org.apache.geode.cache.Cache-java.util.Properties-"><code>Declarable.initialize(Cache, Properties)</code></a>), when using a declarative approach.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>cache</code> - the <code>Cache</code> instance that owns this authorizer, required in order to
configure the default <a href="../../../../../../org/apache/geode/cache/query/security/RestrictedMethodAuthorizer.html" title="class in org.apache.geode.cache.query.security"><code>RestrictedMethodAuthorizer</code></a>.</dd>
</dl>
</li>
</ul>
<a name="UnrestrictedMethodAuthorizer-org.apache.geode.cache.query.security.RestrictedMethodAuthorizer-">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>UnrestrictedMethodAuthorizer</h4>
<pre>public&nbsp;UnrestrictedMethodAuthorizer(<a href="../../../../../../org/apache/geode/cache/query/security/RestrictedMethodAuthorizer.html" title="class in org.apache.geode.cache.query.security">RestrictedMethodAuthorizer</a>&nbsp;restrictedMethodAuthorizer)</pre>
<div class="block">Creates a <code>UnrestrictedMethodAuthorizer</code> object and initializes it so it can be safely
used in a multi-threaded environment.
<p></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>restrictedMethodAuthorizer</code> - the default <code>RestrictedMethodAuthorizer</code> to use.</dd>
</dl>
</li>
</ul>
</li>
</ul>
<!-- ============ METHOD DETAIL ========== -->
<ul class="blockList">
<li class="blockList"><a name="method.detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a name="authorize-java.lang.reflect.Method-java.lang.Object-">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>authorize</h4>
<pre>public&nbsp;boolean&nbsp;authorize(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/reflect/Method.html?is-external=true" title="class or interface in java.lang.reflect">Method</a>&nbsp;method,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a>&nbsp;target)</pre>
<div class="block">Executes the authorization logic to determine whether the <code>method</code> is allowed to be
executed on the <code>target</code> object instance.
If the <code>target</code> object is an instance of <a href="../../../../../../org/apache/geode/cache/Region.html" title="interface in org.apache.geode.cache"><code>Region</code></a>, this methods also ensures that
the user has the <code>DATA:READ</code> permission granted for the target <a href="../../../../../../org/apache/geode/cache/Region.html" title="interface in org.apache.geode.cache"><code>Region</code></a>.
<p></div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../../../../../../org/apache/geode/cache/query/security/MethodInvocationAuthorizer.html#authorize-java.lang.reflect.Method-java.lang.Object-">authorize</a></code>&nbsp;in interface&nbsp;<code><a href="../../../../../../org/apache/geode/cache/query/security/MethodInvocationAuthorizer.html" title="interface in org.apache.geode.cache.query.security">MethodInvocationAuthorizer</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>method</code> - the <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/reflect/Method.html?is-external=true" title="class or interface in java.lang.reflect"><code>Method</code></a> that should be authorized.</dd>
<dd><code>target</code> - the <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang"><code>Object</code></a> on which the <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/reflect/Method.html?is-external=true" title="class or interface in java.lang.reflect"><code>Method</code></a> will be executed.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd><code>true</code> if the <code>method</code> can be executed on on the <code>target</code> instance,
<code>false</code> otherwise.</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../../org/apache/geode/cache/query/security/MethodInvocationAuthorizer.html" title="interface in org.apache.geode.cache.query.security"><code>MethodInvocationAuthorizer</code></a></dd>
</dl>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
</div>
<!-- ========= END OF CLASS DATA ========= -->
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a name="navbar.bottom">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a name="navbar.bottom.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../overview-summary.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList">
<li><a href="../../../../../../org/apache/geode/cache/query/security/RestrictedMethodAuthorizer.html" title="class in org.apache.geode.cache.query.security"><span class="typeNameLink">Prev&nbsp;Class</span></a></li>
<li>Next&nbsp;Class</li>
</ul>
<ul class="navList">
<li><a href="../../../../../../index.html?org/apache/geode/cache/query/security/UnrestrictedMethodAuthorizer.html" target="_top">Frames</a></li>
<li><a href="UnrestrictedMethodAuthorizer.html" target="_top">No&nbsp;Frames</a></li>
</ul>
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../../allclasses-noframe.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a name="skip.navbar.bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</body>
</html>