org.apache.geode.cache.query.security

Class RestrictedMethodAuthorizer

java.lang.Object

org.apache.geode.cache.query.security.RestrictedMethodAuthorizer

All Implemented Interfaces:

MethodInvocationAuthorizer

public final class RestrictedMethodAuthorizer
extends Object
implements MethodInvocationAuthorizer

The default, immutable and thread-safe MethodInvocationAuthorizer used by Geode to determine whether a Method is allowed to be executed on a specific Object instance.

This authorizer addresses the four known security risks: Java Reflection, Cache Modification, Region Modification and Region Entry Modification.

Custom applications can delegate to this class and use it as the starting point for providing use case specific authorizers.

See Also:

Cache, MethodInvocationAuthorizer

Field Summary

Fields

Modifier and Type	Field and Description
static String	UNAUTHORIZED_STRING

Constructor Summary

Constructors

Constructor and Description
RestrictedMethodAuthorizer(Cache cache) Creates a RestrictedMethodAuthorizer object and initializes it so it can be safely used in a multi-threaded environment.

Method Summary

Modifier and Type	Method and Description
boolean	authorize(Method method, Object target) Executes the authorization logic to determine whether the method is allowed to be executed on the target object instance.
boolean	isAllowedGeodeMethod(Method method, Object target) Executes the verification logic to determine whether the target object instance belongs to Geode and whether the method on the target object instance is considered to be safe according to Geode security rules.
boolean	isPermanentlyForbiddenMethod(Method method, Object target) Executes the verification logic to determine whether the method on the target object instance is considered to be non safe according to Geode security rules.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.geode.cache.query.security.MethodInvocationAuthorizer

initialize

Field Detail

UNAUTHORIZED_STRING

public static final String UNAUTHORIZED_STRING

See Also:

Constant Field Values

Constructor Detail

RestrictedMethodAuthorizer

public RestrictedMethodAuthorizer(Cache cache)

Creates a RestrictedMethodAuthorizer object and initializes it so it can be safely used in a multi-threaded environment.

If the Cache instance passed as parameter was previously created by Geode, the authorizer will use the security service already configured in order to determine whether a specific user has read privileges upon a particular region. If the Cache instance passed as parameter is a wrapper created by external frameworks, the authorizer will create a new instance of the security service using the configuration properties used to initialize the cache.

Applications can also use this constructor as part of the initialization for custom authorizers (see Declarable.initialize(Cache, Properties)), when using a declarative approach.

Parameters:

cache - the Cache instance that owns this authorizer, required in order to configure the security rules used.

Method Detail

isAllowedGeodeMethod

public boolean isAllowedGeodeMethod(Method method,
                                    Object target)

Executes the verification logic to determine whether the target object instance belongs to Geode and whether the method on the target object instance is considered to be safe according to Geode security rules. If the target object is an instance of Region, this methods also ensures that the user has the DATA:READ permission granted for the target Region.

Parameters:

method - the Method that should be verified.

target - the Object on which the Method will be executed.

Returns:

true if and only if the target object instance belongs to Geode and the method is considered safe to be executed on the target object instance according to the Geode security rules, false otherwise.

isPermanentlyForbiddenMethod

public boolean isPermanentlyForbiddenMethod(Method method,
                                            Object target)

Executes the verification logic to determine whether the method on the target object instance is considered to be non safe according to Geode security rules.

The following methods are currently considered non safe, no matter what the target object is:

• getClass
• readObject
• readResolve
• readObjectNoData
• writeObject
• writeReplace

Parameters:

method - the Method that should be verified.

target - the Object on which the Method will be executed.

Returns:

true if the method is considered non safe to be executed on the target instance according to the Geode security rules, false otherwise.

authorize

public boolean authorize(Method method,
                         Object target)

Executes the authorization logic to determine whether the method is allowed to be executed on the target object instance. If the target object is an instance of Region, this methods also ensures that the user has the DATA:READ permission granted for the target Region.

Specified by:

authorize in interface MethodInvocationAuthorizer

Parameters:

method - the Method that should be authorized.

target - the Object on which the Method will be executed.

Returns:

true if the method can be executed on on the target instance, false otherwise.

See Also:

MethodInvocationAuthorizer