public class SampleSecurityManager extends java.lang.Object implements SecurityManager
SecurityManager for
authentication and authorization initialized from data provided as JSON.
A Geode member must be configured with the following:
security-manager = org.apache.geode.security.examples.SampleSecurityManager
The class can be initialized with from a JSON resource called
security.json. This file must exist on the classpath, so members
should be started with an appropriate --classpath option.
The format of the JSON for configuration is as follows:
{
"roles": [
{
"name": "admin",
"operationsAllowed": [
"CLUSTER:MANAGE",
"DATA:MANAGE"
]
},
{
"name": "readRegionA",
"operationsAllowed": [
"DATA:READ"
],
"regions": ["RegionA", "RegionB"]
}
],
"users": [
{
"name": "admin",
"password": "secret",
"roles": ["admin"]
},
{
"name": "guest",
"password": "guest",
"roles": ["readRegionA"]
}
]
}
| Modifier and Type | Field and Description |
|---|---|
protected static java.lang.String |
DEFAULT_JSON_FILE_NAME |
static java.lang.String |
SECURITY_JSON |
| Constructor and Description |
|---|
SampleSecurityManager() |
| Modifier and Type | Method and Description |
|---|---|
java.lang.Object |
authenticate(java.util.Properties credentials)
Verify the credentials provided in the properties
|
boolean |
authorize(java.lang.Object principal,
ResourcePermission context)
Authorize the ResourcePermission for a given Principal
|
void |
init(java.util.Properties securityProperties)
Initialize the SecurityManager.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitclosepublic static final java.lang.String SECURITY_JSON
protected static final java.lang.String DEFAULT_JSON_FILE_NAME
public boolean authorize(java.lang.Object principal,
ResourcePermission context)
SecurityManagerauthorize in interface SecurityManagerprincipal - The principal that's requesting the permissioncontext - The permission requestedpublic void init(java.util.Properties securityProperties)
throws NotAuthorizedException
SecurityManagerinit in interface SecurityManagersecurityProperties - the security properties obtained using a call to
DistributedSystem.getSecurityProperties()NotAuthorizedExceptionpublic java.lang.Object authenticate(java.util.Properties credentials)
throws AuthenticationFailedException
SecurityManagerauthenticate in interface SecurityManagercredentials - it contains the security-username and security-password as keys of the propertiesAuthenticationFailedException