geode-docs/managing/security/authentication_examples.html.md.erb - geode - Git at Google

 ---
 title:  Authentication Example
 ---

 <!--
 Licensed to the Apache Software Foundation (ASF) under one or more
 contributor license agreements.  See the NOTICE file distributed with
 this work for additional information regarding copyright ownership.
 The ASF licenses this file to You under the Apache License, Version 2.0
 (the "License"); you may not use this file except in compliance with
 the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 -->

 This example demonstrates the basics of an implementation of the
 `SecurityManager.authenticate` method.
 The remainder of the example may be found in the <%=vars.product_name_long%>
 source code in the
 `geode-core/src/main/java/org/apache/geode/examples/security` directory.

 Of course, the security implementation of every installation is unique,
 so this example cannot be used in a production environment.
 Its use of the user name as a returned principal upon successful
 authentication is a particularly poor design choice,
 as any attacker that discovers the implementation can potentially
 spoof the system.

 This example assumes that a set of user name and password pairs
 representing users that may be successfully authenticated
 has been read into a data structure upon intialization.
 Any component that presents the correct password for a user name
 successfully authenticates,
 and its identity is verified as that user.
 Therefore, the implementation of the `authenticate` method
 checks that the user name provided within the `credentials` parameter
  is in its data structure.
 If the user name is present,
 then the password provided within the `credentials` parameter
 is compared to the data structure's known password for that user name.
 Upon a match, the authentication is successful.

 ``` pre
 public Object authenticate(final Properties credentials)
          throws AuthenticationFailedException {
     String user = credentials.getProperty(ResourceConstants.USER_NAME);
     String password = credentials.getProperty(ResourceConstants.PASSWORD);

     User userObj = this.userNameToUser.get(user);
     if (userObj == null) {
         throw new AuthenticationFailedException(
                       "SampleSecurityManager: wrong username/password");
     }

     if (user != null
         && !userObj.password.equals(password)
         && !"".equals(user)) {
         throw new AuthenticationFailedException(
                       "SampleSecurityManager: wrong username/password");
     }

     return user;
 }
 ```
	---
	title: Authentication Example
	---

	<!--
	Licensed to the Apache Software Foundation (ASF) under one or more
	contributor license agreements. See the NOTICE file distributed with
	this work for additional information regarding copyright ownership.
	The ASF licenses this file to You under the Apache License, Version 2.0
	(the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->

	This example demonstrates the basics of an implementation of the
	`SecurityManager.authenticate` method.
	The remainder of the example may be found in the <%=vars.product_name_long%>
	source code in the
	`geode-core/src/main/java/org/apache/geode/examples/security` directory.

	Of course, the security implementation of every installation is unique,
	so this example cannot be used in a production environment.
	Its use of the user name as a returned principal upon successful
	authentication is a particularly poor design choice,
	as any attacker that discovers the implementation can potentially
	spoof the system.

	This example assumes that a set of user name and password pairs
	representing users that may be successfully authenticated
	has been read into a data structure upon intialization.
	Any component that presents the correct password for a user name
	successfully authenticates,
	and its identity is verified as that user.
	Therefore, the implementation of the `authenticate` method
	checks that the user name provided within the `credentials` parameter
	is in its data structure.
	If the user name is present,
	then the password provided within the `credentials` parameter
	is compared to the data structure's known password for that user name.
	Upon a match, the authentication is successful.

	``` pre
	public Object authenticate(final Properties credentials)
	throws AuthenticationFailedException {
	String user = credentials.getProperty(ResourceConstants.USER_NAME);
	String password = credentials.getProperty(ResourceConstants.PASSWORD);

	User userObj = this.userNameToUser.get(user);
	if (userObj == null) {
	throw new AuthenticationFailedException(
	"SampleSecurityManager: wrong username/password");
	}

	if (user != null
	&& !userObj.password.equals(password)
	&& !"".equals(user)) {
	throw new AuthenticationFailedException(
	"SampleSecurityManager: wrong username/password");
	}

	return user;
	}
	```