org.apache.geode.security.templates

Class SimpleAccessController

java.lang.Object

org.apache.geode.security.templates.SimpleAccessController

All Implemented Interfaces:

CacheCallback, Declarable, AccessControl

public class SimpleAccessController
extends java.lang.Object
implements AccessControl

A test implementation of the legacy AccessControl, mirroring the structure of SimpleSecurityManager. An authenticated user's permissions are defined by the username itself, e.g., user "dataRead" has permissions DATA:READ and user "data,cluster" has permissions DATA and CLUSTER.

Constructor Summary

Constructors

Constructor and Description
SimpleAccessController()

Method Summary

Modifier and Type	Method and Description
boolean	authorizeOperation(java.lang.String regionName, OperationContext context) Check if the given operation is allowed for the cache/region.
void	close() Called when the region containing this callback is closed or destroyed, when the cache is closed, or when a callback is removed from a region using an AttributesMutator.
static AccessControl	create()
void	init(java.security.Principal principal, DistributedMember remoteMember, Cache cache) Initialize the callback for a client/peer having the given principal.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.geode.security.AccessControl

init, init

Methods inherited from interface org.apache.geode.cache.Declarable

init, initialize

Constructor Detail

SimpleAccessController

public SimpleAccessController()

Method Detail

init

public void init(java.security.Principal principal,
                 DistributedMember remoteMember,
                 Cache cache)
          throws NotAuthorizedException

Description copied from interface: AccessControl

Initialize the callback for a client/peer having the given principal. This is invoked when a new connection from a client/peer is created with the host. The callback is expected to store authentication information of the given principal for the different regions for maximum efficiency when invoking authorizeOperation in each operation.

Specified by:

init in interface AccessControl

Parameters:

principal - the principal associated with the authenticated client or peer; a null principal implies an unauthenticated client which should be handled properly by implementations

remoteMember - the DistributedMember object for the remote authenticated client or peer

cache - reference to the cache object

Throws:

NotAuthorizedException - if some exception condition happens during the initialization; in such a case all subsequent client operations on that connection will throw NotAuthorizedException

create

public static AccessControl create()

authorizeOperation

public boolean authorizeOperation(java.lang.String regionName,
                                  OperationContext context)

Description copied from interface: AccessControl

Check if the given operation is allowed for the cache/region. This method is invoked in each cache and region level operation. It is, therefore, expected that as far as possible relevant information has been cached in the init call made when the connection was established so that this call is as quick as possible.

Specified by:

authorizeOperation in interface AccessControl

Parameters:

regionName - When null then it indicates a cache-level operation (i.e. one of OperationContext.OperationCode.REGION_DESTROY or OperationContext.OperationCode.QUERY, else the name of the region for the operation.

context - When invoked before the operation then the data required by the operation. When invoked as a post-process filter then it contains the result of the operation. The data in the context can be possibly modified by the method.

Returns:

true if the operation is authorized and false otherwise

close

public void close()

Description copied from interface: CacheCallback

Called when the region containing this callback is closed or destroyed, when the cache is closed, or when a callback is removed from a region using an AttributesMutator.

Implementations should cleanup any external resources such as database connections. Any runtime exceptions this method throws will be logged.

It is possible for this method to be called multiple times on a single callback instance, so implementations must be tolerant of this.

Specified by:

close in interface CacheCallback

See Also:

RegionService.close(), Region.close(), Region.localDestroyRegion(), Region.destroyRegion(), AttributesMutator