Package org.apache.geode.cache.query.security

Class RestrictedMethodAuthorizer

java.lang.Object
org.apache.geode.cache.query.security.RestrictedMethodAuthorizer
All Implemented Interfaces:
MethodInvocationAuthorizer
public final class RestrictedMethodAuthorizer extends Object implements MethodInvocationAuthorizer
The default, immutable and thread-safe MethodInvocationAuthorizer used by Geode to determine whether a Method is allowed to be executed on a specific Object instance.

This authorizer addresses the four known security risks: Java Reflection, Cache Modification, Region Modification and Region Entry Modification.

Custom applications can delegate to this class and use it as the starting point for providing use case specific authorizers.

See Also:

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    static final String
    UNAUTHORIZED_STRING
     

  • Constructor Summary

    Constructors
    Constructor
    Description
    RestrictedMethodAuthorizer(Cache cache)
    Creates a RestrictedMethodAuthorizer object and initializes it so it can be safely used in a multi-threaded environment.

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    authorize(Method method, Object target)
    Executes the authorization logic to determine whether the method is allowed to be executed on the target object instance.
    boolean
    isAllowedGeodeMethod(Method method, Object target)
    Executes the verification logic to determine whether the target object instance belongs to Geode and whether the method on the target object instance is considered to be safe according to Geode security rules.
    boolean
    isPermanentlyForbiddenMethod(Method method, Object target)
    Executes the verification logic to determine whether the method on the target object instance is considered to be non safe according to Geode security rules.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface org.apache.geode.cache.query.security.MethodInvocationAuthorizer

    initialize

  • Field Details

  • Constructor Details

    • RestrictedMethodAuthorizer

      public RestrictedMethodAuthorizer(Cache cache)
      Creates a RestrictedMethodAuthorizer object and initializes it so it can be safely used in a multi-threaded environment.

      If the Cache instance passed as parameter was previously created by Geode, the authorizer will use the security service already configured in order to determine whether a specific user has read privileges upon a particular region. If the Cache instance passed as parameter is a wrapper created by external frameworks, the authorizer will create a new instance of the security service using the configuration properties used to initialize the cache.

      Applications can also use this constructor as part of the initialization for custom authorizers (see Declarable.initialize(Cache, Properties)), when using a declarative approach.

      Parameters:
      cache - the Cache instance that owns this authorizer, required in order to configure the security rules used.

  • Method Details

    • isAllowedGeodeMethod

      public boolean isAllowedGeodeMethod(Method method, Object target)
      Executes the verification logic to determine whether the target object instance belongs to Geode and whether the method on the target object instance is considered to be safe according to Geode security rules. If the target object is an instance of Region, this methods also ensures that the user has the DATA:READ permission granted for the target Region.

      Parameters:
      method - the Method that should be verified.
      target - the Object on which the Method will be executed.
      Returns:
      true if and only if the target object instance belongs to Geode and the method is considered safe to be executed on the target object instance according to the Geode security rules, false otherwise.

    • isPermanentlyForbiddenMethod

      public boolean isPermanentlyForbiddenMethod(Method method, Object target)
      Executes the verification logic to determine whether the method on the target object instance is considered to be non safe according to Geode security rules.

      The following methods are currently considered non safe, no matter what the target object is:

      • getClass
      • readObject
      • readResolve
      • readObjectNoData
      • writeObject
      • writeReplace

      Parameters:
      method - the Method that should be verified.
      target - the Object on which the Method will be executed.
      Returns:
      true if the method is considered non safe to be executed on the target instance according to the Geode security rules, false otherwise.

    • authorize

      public boolean authorize(Method method, Object target)
      Executes the authorization logic to determine whether the method is allowed to be executed on the target object instance. If the target object is an instance of Region, this methods also ensures that the user has the DATA:READ permission granted for the target Region.

      Specified by:
      authorize in interface MethodInvocationAuthorizer
      Parameters:
      method - the Method that should be authorized.
      target - the Object on which the Method will be executed.
      Returns:
      true if the method can be executed on on the target instance, false otherwise.
      See Also: