com.gigaspaces.security

Interface SecurityManager

All Known Implementing Classes:

FileSecurityManager, OpenIdSecurityManager, SpringSecurityManager

public interface SecurityManager

Interface for authentication and creating of the directory manager. The SecurityManager can be obtained by the SecurityFactory. The properties represent the service specific properties that will be used to initialize the SecurityManager instance.

Since:

7.0.1

Author:

Moran Avigdor

Field Summary

Fields

Modifier and Type	Field and Description
static String	SECURITY_MANAGER_CLASS_PROPERTY_KEY The property key identifying the security manager in a properties file/object

Method Summary

Modifier and Type	Method and Description
Authentication	authenticate(UserDetails userDetails) Attempts to authenticate the passed user represented by UserDetails, returning a fully populated UserDetails object (including granted authorities) if successful.
void	close() Closes any excess resource kept by the security manager; e.g.
DirectoryManager	createDirectoryManager(UserDetails userDetails) Attempts to authenticate the passed user represented by UserDetails, granting access only for users that are allowed to manage the directory.
void	init(Properties properties) Initializes this security manager instance with implementation specific properties, and any resource creation/access needed.

Field Detail

SECURITY_MANAGER_CLASS_PROPERTY_KEY

static final String SECURITY_MANAGER_CLASS_PROPERTY_KEY

The property key identifying the security manager in a properties file/object

See Also:

Constant Field Values

Method Detail

init

void init(Properties properties)
   throws SecurityException

Initializes this security manager instance with implementation specific properties, and any resource creation/access needed.

Parameters:

properties - properties to use configure this instance.

Throws:

SecurityException

authenticate

Authentication authenticate(UserDetails userDetails)
                     throws AuthenticationException

Attempts to authenticate the passed user represented by UserDetails, returning a fully populated UserDetails object (including granted authorities) if successful.

Parameters:

userDetails - the user request object

Returns:

a fully authenticated object including authorities

Throws:

AuthenticationException - if authentication fails

createDirectoryManager

DirectoryManager createDirectoryManager(UserDetails userDetails)
                                 throws AuthenticationException,
                                        AccessDeniedException

Attempts to authenticate the passed user represented by UserDetails, granting access only for users that are allowed to manage the directory.

Creates a directory manager for managing of users and roles, granting access only for users that are allowed to manage, but may be restrictive (to read-only) based on their privileges.

If the directory is to be managed by an external tool, implementors may wish to throw DirectoryAccessDeniedException to deny access to the API (e.g. from UI).

Parameters:

userDetails - the user request object

Returns:

a directory manager instance

Throws:

AuthenticationException - if authentication fails for the specified user

AccessDeniedException - if not granted sufficient access required to manage role details

DirectoryAccessDeniedException - if the directory should not be managed by API.

close

void close()

Closes any excess resource kept by the security manager; e.g. connection to a data-source.