| <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> |
| <!-- NewPage --> |
| <html lang="en"> |
| <head> |
| <!-- Generated by javadoc --> |
| <title>SecurityManager (Apache Geode 1.15.0)</title> |
| <link rel="stylesheet" type="text/css" href="../../../../stylesheet.css" title="Style"> |
| <script type="text/javascript" src="../../../../script.js"></script> |
| </head> |
| <body> |
| <script type="text/javascript"><!-- |
| try { |
| if (location.href.indexOf('is-external=true') == -1) { |
| parent.document.title="SecurityManager (Apache Geode 1.15.0)"; |
| } |
| } |
| catch(err) { |
| } |
| //--> |
| var methods = {"i0":6,"i1":18,"i2":18,"i3":18}; |
| var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],4:["t3","Abstract Methods"],16:["t5","Default Methods"]}; |
| var altColor = "altColor"; |
| var rowColor = "rowColor"; |
| var tableTab = "tableTab"; |
| var activeTableTab = "activeTableTab"; |
| </script> |
| <noscript> |
| <div>JavaScript is disabled on your browser.</div> |
| </noscript> |
| <!-- ========= START OF TOP NAVBAR ======= --> |
| <div class="topNav"><a name="navbar.top"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.top.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../org/apache/geode/security/SecurableCommunicationChannels.html" title="interface in org.apache.geode.security"><span class="typeNameLink">Prev Class</span></a></li> |
| <li>Next Class</li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../index.html?org/apache/geode/security/SecurityManager.html" target="_top">Frames</a></li> |
| <li><a href="SecurityManager.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_top"> |
| <li><a href="../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_top"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li><a href="#field.summary">Field</a> | </li> |
| <li>Constr | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li><a href="#field.detail">Field</a> | </li> |
| <li>Constr | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.top"> |
| <!-- --> |
| </a></div> |
| <!-- ========= END OF TOP NAVBAR ========= --> |
| <!-- ======== START OF CLASS DATA ======== --> |
| <div class="header"> |
| <div class="subTitle">org.apache.geode.security</div> |
| <h2 title="Interface SecurityManager" class="title">Interface SecurityManager</h2> |
| </div> |
| <div class="contentContainer"> |
| <div class="description"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <dl> |
| <dt>All Known Implementing Classes:</dt> |
| <dd><a href="../../../../org/apache/geode/examples/security/ExampleSecurityManager.html" title="class in org.apache.geode.examples.security">ExampleSecurityManager</a>, <a href="../../../../org/apache/geode/examples/SimpleSecurityManager.html" title="class in org.apache.geode.examples">SimpleSecurityManager</a></dd> |
| </dl> |
| <hr> |
| <br> |
| <pre>public interface <span class="typeNameLabel">SecurityManager</span></pre> |
| <div class="block">User implementation of a authentication/authorization logic for Integrated Security. The |
| implementation will guard client/server, JMX, Pulse, GFSH commands</div> |
| <dl> |
| <dt><span class="simpleTagLabel">Since:</span></dt> |
| <dd>Geode 1.0</dd> |
| </dl> |
| </li> |
| </ul> |
| </div> |
| <div class="summary"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- =========== FIELD SUMMARY =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="field.summary"> |
| <!-- --> |
| </a> |
| <h3>Field Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Field Summary table, listing fields, and an explanation"> |
| <caption><span>Fields</span><span class="tabEnd"> </span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Field and Description</th> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/geode/security/SecurityManager.html#PASSWORD">PASSWORD</a></span></code> |
| <div class="block">property name of the password passed in the Properties in authenticate method</div> |
| </td> |
| </tr> |
| <tr class="rowColor"> |
| <td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/geode/security/SecurityManager.html#TOKEN">TOKEN</a></span></code> |
| <div class="block">property name of the token passed in the Properties in authenticate method</div> |
| </td> |
| </tr> |
| <tr class="altColor"> |
| <td class="colFirst"><code>static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/geode/security/SecurityManager.html#USER_NAME">USER_NAME</a></span></code> |
| <div class="block">property name of the username passed in the Properties in authenticate method</div> |
| </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| <!-- ========== METHOD SUMMARY =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method.summary"> |
| <!-- --> |
| </a> |
| <h3>Method Summary</h3> |
| <table class="memberSummary" border="0" cellpadding="3" cellspacing="0" summary="Method Summary table, listing methods, and an explanation"> |
| <caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd"> </span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd"> </span></span><span id="t3" class="tableTab"><span><a href="javascript:show(4);">Abstract Methods</a></span><span class="tabEnd"> </span></span><span id="t5" class="tableTab"><span><a href="javascript:show(16);">Default Methods</a></span><span class="tabEnd"> </span></span></caption> |
| <tr> |
| <th class="colFirst" scope="col">Modifier and Type</th> |
| <th class="colLast" scope="col">Method and Description</th> |
| </tr> |
| <tr id="i0" class="altColor"> |
| <td class="colFirst"><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a></code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/geode/security/SecurityManager.html#authenticate-java.util.Properties-">authenticate</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html?is-external=true" title="class or interface in java.util">Properties</a> credentials)</code> |
| <div class="block">Verify the credentials provided in the properties |
| |
| Your security manager needs to validate credentials coming from all communication channels.</div> |
| </td> |
| </tr> |
| <tr id="i1" class="rowColor"> |
| <td class="colFirst"><code>default boolean</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/geode/security/SecurityManager.html#authorize-java.lang.Object-org.apache.geode.security.ResourcePermission-">authorize</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a> principal, |
| <a href="../../../../org/apache/geode/security/ResourcePermission.html" title="class in org.apache.geode.security">ResourcePermission</a> permission)</code> |
| <div class="block">Authorize the ResourcePermission for a given Principal</div> |
| </td> |
| </tr> |
| <tr id="i2" class="altColor"> |
| <td class="colFirst"><code>default void</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/geode/security/SecurityManager.html#close--">close</a></span>()</code> |
| <div class="block">Close any resources used by the SecurityManager, called when a cache is closed.</div> |
| </td> |
| </tr> |
| <tr id="i3" class="rowColor"> |
| <td class="colFirst"><code>default void</code></td> |
| <td class="colLast"><code><span class="memberNameLink"><a href="../../../../org/apache/geode/security/SecurityManager.html#init-java.util.Properties-">init</a></span>(<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html?is-external=true" title="class or interface in java.util">Properties</a> securityProps)</code> |
| <div class="block">Initialize the SecurityManager.</div> |
| </td> |
| </tr> |
| </table> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| <div class="details"> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <!-- ============ FIELD DETAIL =========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="field.detail"> |
| <!-- --> |
| </a> |
| <h3>Field Detail</h3> |
| <a name="USER_NAME"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>USER_NAME</h4> |
| <pre>static final <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> USER_NAME</pre> |
| <div class="block">property name of the username passed in the Properties in authenticate method</div> |
| <dl> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="../../../../constant-values.html#org.apache.geode.security.SecurityManager.USER_NAME">Constant Field Values</a></dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="PASSWORD"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>PASSWORD</h4> |
| <pre>static final <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> PASSWORD</pre> |
| <div class="block">property name of the password passed in the Properties in authenticate method</div> |
| <dl> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="../../../../constant-values.html#org.apache.geode.security.SecurityManager.PASSWORD">Constant Field Values</a></dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="TOKEN"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>TOKEN</h4> |
| <pre>static final <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang">String</a> TOKEN</pre> |
| <div class="block">property name of the token passed in the Properties in authenticate method</div> |
| <dl> |
| <dt><span class="seeLabel">See Also:</span></dt> |
| <dd><a href="../../../../constant-values.html#org.apache.geode.security.SecurityManager.TOKEN">Constant Field Values</a></dd> |
| </dl> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| <!-- ============ METHOD DETAIL ========== --> |
| <ul class="blockList"> |
| <li class="blockList"><a name="method.detail"> |
| <!-- --> |
| </a> |
| <h3>Method Detail</h3> |
| <a name="init-java.util.Properties-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>init</h4> |
| <pre>default void init(<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html?is-external=true" title="class or interface in java.util">Properties</a> securityProps)</pre> |
| <div class="block">Initialize the SecurityManager. This is invoked when a cache is created</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>securityProps</code> - the security properties obtained using a call to |
| <a href="../../../../org/apache/geode/distributed/DistributedSystem.html#getSecurityProperties--"><code>DistributedSystem.getSecurityProperties()</code></a></dd> |
| <dt><span class="throwsLabel">Throws:</span></dt> |
| <dd><code><a href="../../../../org/apache/geode/security/AuthenticationFailedException.html" title="class in org.apache.geode.security">AuthenticationFailedException</a></code> - if some exception occurs during the initialization</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="authenticate-java.util.Properties-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>authenticate</h4> |
| <pre><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a> authenticate(<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Properties.html?is-external=true" title="class or interface in java.util">Properties</a> credentials) |
| throws <a href="../../../../org/apache/geode/security/AuthenticationFailedException.html" title="class in org.apache.geode.security">AuthenticationFailedException</a>, |
| <a href="../../../../org/apache/geode/security/AuthenticationExpiredException.html" title="class in org.apache.geode.security">AuthenticationExpiredException</a></pre> |
| <div class="block">Verify the credentials provided in the properties |
| |
| Your security manager needs to validate credentials coming from all communication channels. |
| If you use AuthInitialize to generate your client/peer credentials, then the input of this |
| method is the output of your AuthInitialize.getCredentials method. But remember that this |
| method will also need to validate credentials coming from gfsh/jmx/rest client, the framework |
| is putting the username/password under security-username and security-password keys in the |
| property, so your securityManager implementation needs to validate these kind of properties |
| as well. |
| |
| if a channel supports token-based-authentication, the token will be passed to the |
| security manager in the property with the key "security-token".</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>credentials</code> - it contains the security-username, security-password or security-token, |
| as keys of the properties, also the properties generated by your AuthInitialize |
| interface</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>a serializable principal object</dd> |
| <dt><span class="throwsLabel">Throws:</span></dt> |
| <dd><code><a href="../../../../org/apache/geode/security/AuthenticationFailedException.html" title="class in org.apache.geode.security">AuthenticationFailedException</a></code> - if the credentials are invalid, this exception will be |
| seen by the client.</dd> |
| <dd><code><a href="../../../../org/apache/geode/security/AuthenticationExpiredException.html" title="class in org.apache.geode.security">AuthenticationExpiredException</a></code> - if credentials have expired, this will give the |
| client a second chance to gather new credentials and try login again once more.</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="authorize-java.lang.Object-org.apache.geode.security.ResourcePermission-"> |
| <!-- --> |
| </a> |
| <ul class="blockList"> |
| <li class="blockList"> |
| <h4>authorize</h4> |
| <pre>default boolean authorize(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang">Object</a> principal, |
| <a href="../../../../org/apache/geode/security/ResourcePermission.html" title="class in org.apache.geode.security">ResourcePermission</a> permission) |
| throws <a href="../../../../org/apache/geode/security/AuthenticationExpiredException.html" title="class in org.apache.geode.security">AuthenticationExpiredException</a></pre> |
| <div class="block">Authorize the ResourcePermission for a given Principal</div> |
| <dl> |
| <dt><span class="paramLabel">Parameters:</span></dt> |
| <dd><code>principal</code> - The principal that's requesting the permission</dd> |
| <dd><code>permission</code> - The permission requested</dd> |
| <dt><span class="returnLabel">Returns:</span></dt> |
| <dd>true if authorized, false if not</dd> |
| <dt><span class="throwsLabel">Throws:</span></dt> |
| <dd><code><a href="../../../../org/apache/geode/security/AuthenticationExpiredException.html" title="class in org.apache.geode.security">AuthenticationExpiredException</a></code> - if the principal has expired.</dd> |
| </dl> |
| </li> |
| </ul> |
| <a name="close--"> |
| <!-- --> |
| </a> |
| <ul class="blockListLast"> |
| <li class="blockList"> |
| <h4>close</h4> |
| <pre>default void close()</pre> |
| <div class="block">Close any resources used by the SecurityManager, called when a cache is closed.</div> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </li> |
| </ul> |
| </div> |
| </div> |
| <!-- ========= END OF CLASS DATA ========= --> |
| <!-- ======= START OF BOTTOM NAVBAR ====== --> |
| <div class="bottomNav"><a name="navbar.bottom"> |
| <!-- --> |
| </a> |
| <div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div> |
| <a name="navbar.bottom.firstrow"> |
| <!-- --> |
| </a> |
| <ul class="navList" title="Navigation"> |
| <li><a href="../../../../overview-summary.html">Overview</a></li> |
| <li><a href="package-summary.html">Package</a></li> |
| <li class="navBarCell1Rev">Class</li> |
| <li><a href="package-tree.html">Tree</a></li> |
| <li><a href="../../../../deprecated-list.html">Deprecated</a></li> |
| <li><a href="../../../../index-all.html">Index</a></li> |
| <li><a href="../../../../help-doc.html">Help</a></li> |
| </ul> |
| </div> |
| <div class="subNav"> |
| <ul class="navList"> |
| <li><a href="../../../../org/apache/geode/security/SecurableCommunicationChannels.html" title="interface in org.apache.geode.security"><span class="typeNameLink">Prev Class</span></a></li> |
| <li>Next Class</li> |
| </ul> |
| <ul class="navList"> |
| <li><a href="../../../../index.html?org/apache/geode/security/SecurityManager.html" target="_top">Frames</a></li> |
| <li><a href="SecurityManager.html" target="_top">No Frames</a></li> |
| </ul> |
| <ul class="navList" id="allclasses_navbar_bottom"> |
| <li><a href="../../../../allclasses-noframe.html">All Classes</a></li> |
| </ul> |
| <div> |
| <script type="text/javascript"><!-- |
| allClassesLink = document.getElementById("allclasses_navbar_bottom"); |
| if(window==top) { |
| allClassesLink.style.display = "block"; |
| } |
| else { |
| allClassesLink.style.display = "none"; |
| } |
| //--> |
| </script> |
| </div> |
| <div> |
| <ul class="subNavList"> |
| <li>Summary: </li> |
| <li>Nested | </li> |
| <li><a href="#field.summary">Field</a> | </li> |
| <li>Constr | </li> |
| <li><a href="#method.summary">Method</a></li> |
| </ul> |
| <ul class="subNavList"> |
| <li>Detail: </li> |
| <li><a href="#field.detail">Field</a> | </li> |
| <li>Constr | </li> |
| <li><a href="#method.detail">Method</a></li> |
| </ul> |
| </div> |
| <a name="skip.navbar.bottom"> |
| <!-- --> |
| </a></div> |
| <!-- ======== END OF BOTTOM NAVBAR ======= --> |
| </body> |
| </html> |