GCUBEServiceSecurityManager (The gCube Application Framework 1.6.0-SNAPSHOT API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.gcube.common.core.security
Interface GCUBEServiceSecurityManager

All Superinterfaces:: GCUBESecurityManager

All Known Implementing Classes:: GCUBEServiceContext, GCUBEServiceSecurityManagerImpl, GCUBESimpleServiceSecurityManager

public interface GCUBEServiceSecurityManager
extends GCUBESecurityManager
extends GCUBESecurityManager

An extension of GCUBESecurityManager which operates in a service context, where client and service credentials must be distinguished and where authorisation becomes relevant.

A service security manager authorises incoming calls, extracts caller credentials from them, and retrieves service credentials to use for outgoing calls.

Author:: Fabio Simeoni (University of Strathclyde), Ciro Formisano (ENG)

Nested Class Summary
`static class`	`GCUBEServiceSecurityManager.LifetimeConsumer` Lifetime event consumer
`static class`	`GCUBEServiceSecurityManager.LifetimeEvent` Lifetime event.
`static class`	`GCUBEServiceSecurityManager.LifetimeTopic` Lifetime topic enumeration.

Nested classes/interfaces inherited from interface org.gcube.common.core.security.GCUBESecurityManager
`GCUBESecurityManager.AuthMethod, GCUBESecurityManager.AuthMode, GCUBESecurityManager.DelegationMode`

Method Summary
`SecurityCredentials`	`getCallerCredentials()` If security is enabled, it extracts credentials from the current request.
`GCUBEAuthzPolicy`	`getPolicy()` Returns the current authorisation policy.
`SecurityCredentials`	`getServiceCredentials()` If security is enabled, it returns the service credentials.
`void`	`initialise(GCUBEServiceContext ctxt)` Initialise the manager with the context of the associated service.
`boolean`	`needServiceCredentials()` Indicates whether the service makes use of service credentials.
`void`	`propagateCallerCredentials(boolean propagateCallerCredentials)` Indicates whether the service, without any further configurationm, makes use of caller credentials: by default is true and, if false, the service will use its own credentials (without further configuration) to perform calls
`void`	`subscribe(GCUBEServiceSecurityManager.LifetimeConsumer c, GCUBEServiceSecurityManager.LifetimeTopic... topics)` Subscribes a `GCUBEServiceSecurityManager.LifetimeConsumer`.
`void`	`unsubscribe(GCUBEServiceSecurityManager.LifetimeConsumer c, GCUBEServiceSecurityManager.LifetimeTopic... topics)` Unsubscribes a `GCUBEServiceSecurityManager.LifetimeConsumer`.

Methods inherited from interface org.gcube.common.core.security.GCUBESecurityManager
`getCredentials, isSecurityEnabled, setAuthMethod, setSecurity, useCredentials, useCredentials, useCredentials`

Method Detail

initialise

void initialise(GCUBEServiceContext ctxt)
                throws Exception

Initialise the manager with the context of the associated service.

Parameters:: ctxt - the context.
Throws:: Exception

void subscribe(GCUBEServiceSecurityManager.LifetimeConsumer c,
               GCUBEServiceSecurityManager.LifetimeTopic... topics)

Subscribes a GCUBEServiceSecurityManager.LifetimeConsumer.

Parameters:: c - the consumer.

unsubscribe

void unsubscribe(GCUBEServiceSecurityManager.LifetimeConsumer c,
                 GCUBEServiceSecurityManager.LifetimeTopic... topics)

Unsubscribes a GCUBEServiceSecurityManager.LifetimeConsumer.

Parameters:: c - the consumer.

getServiceCredentials

SecurityCredentials getServiceCredentials()
                                          throws Exception

If security is enabled, it returns the service credentials.

Returns:: the credentials, or null if security is not enabled.
Throws:: Exception - if security is enabled, but service credentials could not be produced.

getCallerCredentials

SecurityCredentials getCallerCredentials()
                                         throws Exception

If security is enabled, it extracts credentials from the current request.

Returns:: the credentials, of null if security is not enabled.
Throws:: Exception - if security is enabled, but credentials could not be extracted from incoming call.

getPolicy

GCUBEAuthzPolicy getPolicy()

Returns the current authorisation policy.

Returns:: the policy

needServiceCredentials

boolean needServiceCredentials()

Indicates whether the service makes use of service credentials.

Returns:: true if it does, false if it does not.

propagateCallerCredentials

void propagateCallerCredentials(boolean propagateCallerCredentials)

Indicates whether the service, without any further configurationm, makes use of caller credentials: by default is true and, if false, the service will use its own credentials (without further configuration) to perform calls