com.gigaspaces.security.service

Class SecurityInterceptor

java.lang.Object

com.gigaspaces.security.service.SecurityInterceptor

public class SecurityInterceptor
extends Object

Server-side security interceptor, responsible for authentication against the underlying SecurityManager, handing of authentication tokens to authenticated users, and intercepting any access to resources.

Since:

7.0.1

Author:

Moran Avigdor

Constructor Summary

Constructors

Constructor and Description
SecurityInterceptor(String component)
SecurityInterceptor(String component, Properties props, boolean useMinusDLast) Construct an interceptor for this component, applying any additional properties provided.

Method Summary

Modifier and Type	Method and Description
SecurityContext	authenticate(SecurityContext securityContext) Authenticates the users' details (username and password) specified as part of the security-context against the underlying SecurityManager.
UserDetails	getUserDetails(AuthenticationToken authenticationToken) Retrieve user details by the authentication token to allow login into first-time cluster member proxies.
void	intercept(SecurityContext securityContext, Privilege privilege, String className) Intercepts any requests against the provided authentication token and the privilege needed to access the resource.
boolean	isTrusted(UserDetails userDetails)
boolean	shouldBypassFilter(SecurityContext securityContext) If security context should not be passed to the filter or audit.
SpaceContext	trustContext(SpaceContext spaceContext) Extract the original security context and create a trusted security context wrapper.
void	trustProxy(IJSpace proxy) Internal (VM) trust mechanism; acquires a trusted token and sets the internal proxy.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SecurityInterceptor

public SecurityInterceptor(String component)

SecurityInterceptor

public SecurityInterceptor(String component,
                           Properties props,
                           boolean useMinusDLast)

Construct an interceptor for this component, applying any additional properties provided. A SecurityManager can be injected through this properties object.

Parameters:

component - component name (can be null)

props - custom properties provided.

useMinusDLast - true if should first find security properties file matching the component name, and if not found, resolve by matching the sys-prop provided name. Usually when running inside a container. false if should first resolve by matching the sys-prop provided name.

Method Detail

authenticate

public SecurityContext authenticate(SecurityContext securityContext)

Authenticates the users' details (username and password) specified as part of the security-context against the underlying SecurityManager. An authenticated user is given a token for subsequent usage. Audit successful/failed authentication requests.

Parameters:

securityContext - The security context holding the user details.

Returns:

an authenticated security context holding the authentication token.

isTrusted

public boolean isTrusted(UserDetails userDetails)

trustProxy

public void trustProxy(IJSpace proxy)
                throws RemoteException

Internal (VM) trust mechanism; acquires a trusted token and sets the internal proxy.

Throws:

RemoteException

intercept

public void intercept(SecurityContext securityContext,
                      Privilege privilege,
                      String className)

Intercepts any requests against the provided authentication token and the privilege needed to access the resource.

Parameters:

privilege - The privilege required to access the resource.

className - The class name to intercept if an operation filter was provided.

Throws:

AuthenticationException - if the authentication token provided is invalid.

AccessDeniedException - if the authenticated user lacks privileges required by the accessed resource.

getUserDetails

public UserDetails getUserDetails(AuthenticationToken authenticationToken)

Retrieve user details by the authentication token to allow login into first-time cluster member proxies.

Parameters:

authenticationToken - a token

Returns:

the user details corresponding to this token.

Throws:

AuthenticationException - if the authentication token is invalid.

trustContext

public SpaceContext trustContext(SpaceContext spaceContext)

Extract the original security context and create a trusted security context wrapper.

Parameters:

spaceContext - The space context

Returns:

a space context holding a trusted security context wrapping the original security context.

shouldBypassFilter

public boolean shouldBypassFilter(SecurityContext securityContext)

If security context should not be passed to the filter or audit.

Returns:

true if should bypass the filter.