• Home
• io.snappydata
• gemfire-core
• 2.0-BETA
• source code
• AccessControl.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.gemstone.gemfire.security.AccessControl Maven / Gradle / Ivy

/*
 * Copyright (c) 2010-2015 Pivotal Software, Inc. All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you
 * may not use this file except in compliance with the License. You
 * may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
 * implied. See the License for the specific language governing
 * permissions and limitations under the License. See accompanying
 * LICENSE file.
 */

package com.gemstone.gemfire.security;

import java.security.Principal;
import com.gemstone.gemfire.cache.Cache;
import com.gemstone.gemfire.cache.CacheCallback;
import com.gemstone.gemfire.cache.operations.OperationContext;
import com.gemstone.gemfire.distributed.DistributedMember;

/**
 * Specifies the interface to authorize operations at the cache or region level
 * for clients or servers. Implementations should register name of the static
 * creation function as the security-client-accessor system
 * property with all the servers uniformly in the distributed system for client
 * authorization. When the security-client-accessor-pp property
 * is set then the callback mentioned is invoked after the operation completes
 * successfully and when sending notifications.
 * 
 * When the registration has been done for a client/peer then an object of this
 * class is created for each connection from the client/peer and the
 * authorizeOperation method invoked before/after each operation.
 * 
 * @author Sumedh Wale
 * @since 5.5
 */
public interface AccessControl extends CacheCallback {

  /**
   * Initialize the callback for a client/peer having the given principal.
   * 
   * This is invoked when a new connection from a client/peer is created with
   * the host. The callback is expected to store authentication information of
   * the given principal for the different regions for maximum efficiency when
   * invoking authorizeOperation in each operation.
   * 
   * @param principal
   *                the principal associated with the authenticated client or
   *                peer; a null principal implies an unauthenticated client
   *                which should be handled properly by implementations
   * @param remoteMember
   *                the {@link DistributedMember} object for the remote
   *                authenticated client or peer
   * @param cache
   *                reference to the cache object
   * 
   * @throws NotAuthorizedException
   *                 if some exception condition happens during the
   *                 initialization; in such a case all subsequent client
   *                 operations on that connection will throw
   *                 NotAuthorizedException
   */
  public void init(Principal principal, DistributedMember remoteMember,
      Cache cache) throws NotAuthorizedException;

  /**
   * Check if the given operation is allowed for the cache/region.
   * 
   * This method is invoked in each cache and region level operation. It is,
   * therefore, expected that as far as possible relevant information has been
   * cached in the init call made when the connection was
   * established so that this call is as quick as possible.
   * 
   * @param regionName
   *                When null then it indicates a cache-level operation (i.e.
   *                one of {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#REGION_DESTROY} or
   *                {@link com.gemstone.gemfire.cache.operations.OperationContext.OperationCode#QUERY}, else the name of the region
   *                for the operation.
   * @param context
   *                When invoked before the operation then the data required by
   *                the operation. When invoked as a post-process filter then it
   *                contains the result of the operation. The data in the
   *                context can be possibly modified by the method.
   * 
   * @return true if the operation is authorized and false otherwise
   * 
   */
  public boolean authorizeOperation(String regionName, OperationContext context);

}