public abstract class AuthzCredentialGenerator
extends java.lang.Object
| Modifier and Type | Class and Description |
|---|---|
static class |
AuthzCredentialGenerator.ClassCode
Enumeration for various
AuthzCredentialGenerator implementations. |
| Modifier and Type | Field and Description |
|---|---|
protected CredentialGenerator |
generator
The
CredentialGenerator being used. |
| Constructor and Description |
|---|
AuthzCredentialGenerator() |
| Modifier and Type | Method and Description |
|---|---|
abstract AuthzCredentialGenerator.ClassCode |
classCode()
The
AuthzCredentialGenerator.ClassCode of the particular implementation. |
static AuthzCredentialGenerator |
create(AuthzCredentialGenerator.ClassCode classCode)
A factory method to create a new instance of an
AuthzCredentialGenerator for the given
AuthzCredentialGenerator.ClassCode. |
java.util.Properties |
getAllowedCredentials(OperationContext.OperationCode[] opCodes,
java.lang.String[] regionNames,
int index)
Get a set of credentials generated using the given index allowed to perform the given
OperationContext.OperationCodes for the given regions. |
protected abstract java.security.Principal |
getAllowedPrincipal(OperationContext.OperationCode[] opCodes,
java.lang.String[] regionNames,
int index)
Get a
Principal generated using the given index allowed to perform the given
OperationContext.OperationCodes for the given region. |
abstract java.lang.String |
getAuthorizationCallback()
The name of the
AccessControl factory function that should be used as the authorization
module on the server side. |
CredentialGenerator |
getCredentialGenerator()
Get the
CredentialGenerator being used by this instance. |
java.util.Properties |
getDisallowedCredentials(OperationContext.OperationCode[] opCodes,
java.lang.String[] regionNames,
int index)
Get a set of credentials generated using the given index not allowed to perform the given
OperationContext.OperationCodes for the given regions. |
protected abstract java.security.Principal |
getDisallowedPrincipal(OperationContext.OperationCode[] opCodes,
java.lang.String[] regionNames,
int index)
Get a
Principal generated using the given index not allowed to perform the given
OperationContext.OperationCodes for the given region. |
protected abstract int |
getNumPrincipalTries(OperationContext.OperationCode[] opCodes,
java.lang.String[] regionNames)
Get the number of tries to be done for obtaining valid credentials for the given operations in
the given region.
|
java.util.Properties |
getSystemProperties() |
protected abstract java.util.Properties |
init()
Initialize the authorized credential generator.
|
boolean |
init(CredentialGenerator generator)
Initialize the authorized credential generator.
|
protected CredentialGenerator generator
CredentialGenerator being used.public static AuthzCredentialGenerator create(AuthzCredentialGenerator.ClassCode classCode)
AuthzCredentialGenerator for the given
AuthzCredentialGenerator.ClassCode. Caller is supposed to invoke init(org.apache.geode.security.generator.CredentialGenerator)
immediately after obtaining the instance.classCode - the ClassCode of the AuthzCredentialGenerator implementationAuthzCredentialGenerator for the given class codepublic boolean init(CredentialGenerator generator)
generator - an instance of CredentialGenerator of the credential implementation
for which to obtain authorized/unauthorized credentials.CredentialGenerator is incompatible with this
authorization module.public java.util.Properties getSystemProperties()
public CredentialGenerator getCredentialGenerator()
CredentialGenerator being used by this instance.protected abstract java.util.Properties init()
throws java.lang.IllegalArgumentException
java.lang.IllegalArgumentException - when the CredentialGenerator is incompatible with this
authorization module.public abstract AuthzCredentialGenerator.ClassCode classCode()
AuthzCredentialGenerator.ClassCode of the particular implementation.ClassCodepublic abstract java.lang.String getAuthorizationCallback()
AccessControl factory function that should be used as the authorization
module on the server side.AccessControl factory functionpublic java.util.Properties getAllowedCredentials(OperationContext.OperationCode[] opCodes, java.lang.String[] regionNames, int index)
OperationContext.OperationCodes for the given regions.opCodes - the list of OperationContext.OperationCodes of the operations requiring authorization;
should not be nullregionNames - list of the region names requiring authorization; a value of null indicates
all regionsindex - used to generate multiple such credentials by passing different values for thispublic java.util.Properties getDisallowedCredentials(OperationContext.OperationCode[] opCodes, java.lang.String[] regionNames, int index)
OperationContext.OperationCodes for the given regions. The credentials are required to be valid for
authentication.opCodes - the OperationContext.OperationCodes of the operations requiring authorization failure;
should not be nullregionNames - list of the region names requiring authorization failure; a value of null
indicates all regionsindex - used to generate multiple such credentials by passing different values for thisprotected abstract int getNumPrincipalTries(OperationContext.OperationCode[] opCodes, java.lang.String[] regionNames)
getAllowedPrincipal(org.apache.geode.cache.operations.OperationContext.OperationCode[], java.lang.String[], int) method returns valid
principals for values of index from 0 through (n-1) where n is the value
returned by this method. It is recommended that the principals so returned be unique for
efficiency.
This will be used by getAllowedCredentials(org.apache.geode.cache.operations.OperationContext.OperationCode[], java.lang.String[], int) to step through different principals and
obtain a set of valid credentials.
Required to be implemented by concrete classes that implement this abstract class.opCodes - the OperationContext.OperationCodes of the operations requiring authorizationregionNames - list of the region names requiring authorization; a value of null indicates
all regionsprotected abstract java.security.Principal getAllowedPrincipal(OperationContext.OperationCode[] opCodes, java.lang.String[] regionNames, int index)
Principal generated using the given index allowed to perform the given
OperationContext.OperationCodes for the given region.
Required to be implemented by concrete classes that implement this abstract class.opCodes - the OperationContext.OperationCodes of the operations requiring authorizationregionNames - list of the region names requiring authorization; a value of null indicates
all regionsindex - used to generate multiple such principals by passing different values for thisPrincipal authorized to perform the given operation in the given regionprotected abstract java.security.Principal getDisallowedPrincipal(OperationContext.OperationCode[] opCodes, java.lang.String[] regionNames, int index)
Principal generated using the given index not allowed to perform the given
OperationContext.OperationCodes for the given region.
Required to be implemented by concrete classes that implement this abstract class.opCodes - the OperationContext.OperationCodes of the operations requiring authorization failureregionNames - list of the region names requiring authorization failure; a value of null
indicates all regionsindex - used to generate multiple such principals by passing different values for thisPrincipal not authorized to perform the given operation in the given region