public interface AccessControl extends CacheCallback
security-client-accessor
system
property with all the servers uniformly in the distributed system for client
authorization. When the security-client-accessor-pp
property
is set then the callback mentioned is invoked after the operation completes
successfully and when sending notifications.
When the registration has been done for a client/peer then an object of this
class is created for each connection from the client/peer and the
authorizeOperation
method invoked before/after each operation.Modifier and Type | Method and Description |
---|---|
boolean |
authorizeOperation(String regionName,
OperationContext context)
Check if the given operation is allowed for the cache/region.
|
void |
init(Principal principal,
DistributedMember remoteMember,
Cache cache)
Initialize the callback for a client/peer having the given principal.
|
close
void init(Principal principal, DistributedMember remoteMember, Cache cache) throws NotAuthorizedException
authorizeOperation
in each operation.principal
- the principal associated with the authenticated client or
peer; a null principal implies an unauthenticated client
which should be handled properly by implementationsremoteMember
- the DistributedMember
object for the remote
authenticated client or peercache
- reference to the cache objectNotAuthorizedException
- if some exception condition happens during the
initialization; in such a case all subsequent client
operations on that connection will throw
NotAuthorizedException
boolean authorizeOperation(String regionName, OperationContext context)
init
call made when the connection was
established so that this call is as quick as possible.regionName
- When null then it indicates a cache-level operation (i.e.
one of OperationContext.OperationCode.REGION_DESTROY
or
OperationContext.OperationCode.QUERY
, else the name of the region
for the operation.context
- When invoked before the operation then the data required by
the operation. When invoked as a post-process filter then it
contains the result of the operation. The data in the
context can be possibly modified by the method.Copyright © 1997-2017 Pivotal Software, Inc. All rights reserved.