org.gcube.common.core.security.impl
Class GCUBESimpleServiceSecurityManager

java.lang.Object
  org.gcube.common.core.security.impl.GCUBESimpleServiceSecurityManager

All Implemented Interfaces:

GCUBESecurityManager, GCUBEServiceSecurityManager

Direct Known Subclasses:

GCUBEServiceSecurityManagerImpl

public class GCUBESimpleServiceSecurityManager
extends Object
implements GCUBEServiceSecurityManager

Simple security manager: it does nothing. To be used in the non-sec infrastructure or for testing purposes

Author:

Ciro Formisano

Nested Class Summary

Nested classes/interfaces inherited from interface org.gcube.common.core.security.GCUBEServiceSecurityManager

GCUBEServiceSecurityManager.LifetimeConsumer, GCUBEServiceSecurityManager.LifetimeEvent, GCUBEServiceSecurityManager.LifetimeTopic

Nested classes/interfaces inherited from interface org.gcube.common.core.security.GCUBESecurityManager

GCUBESecurityManager.AuthMethod, GCUBESecurityManager.AuthMode, GCUBESecurityManager.DelegationMode

Constructor Summary

GCUBESimpleServiceSecurityManager()

Method Summary

void	authoriseCall(GCUBECall authzRequest)
SecurityCredentials	getCallerCredentials() If security is enabled, it extracts credentials from the current request.
SecurityCredentials	getCredentials() It returns the credentials for outgoing calls currently set in the current thread.
GCUBEAuthzPolicy	getPolicy() Returns the current authorisation policy.
SecurityCredentials	getServiceCredentials() If security is enabled, it returns the service credentials.
void	initialise(GCUBEServiceContext ctxt) Initialise the manager with the context of the associated service.
boolean	isSecurityEnabled() Indicates whether the manager is operating in a secure context.
boolean	needServiceCredentials() Indicates whether the service makes use of service credentials.
void	propagateCallerCredentials(boolean propagateCallerCredentials) Indicates whether the service, without any further configurationm, makes use of caller credentials: by default is true and, if false, the service will use its own credentials (without further configuration) to perform calls
void	setAuthMethod(GCUBESecurityManager.AuthMethod m) Adds an authentication method to be used in this security context
void	setSecurity(Remote s, GCUBESecurityManager.AuthMode e, GCUBESecurityManager.DelegationMode d) If security is enabled, sets the desired level of encryption and the mode of credential delegation on the stub of a remote porttype.
void	subscribe(GCUBEServiceSecurityManager.LifetimeConsumer c, GCUBEServiceSecurityManager.LifetimeTopic... topics) Subscribes a GCUBEServiceSecurityManager.LifetimeConsumer.
void	unsubscribe(GCUBEServiceSecurityManager.LifetimeConsumer c, GCUBEServiceSecurityManager.LifetimeTopic... topics) Unsubscribes a GCUBEServiceSecurityManager.LifetimeConsumer.
void	useCredentials(GSSCredential credentials) Deprecated.
void	useCredentials(SecurityCredentials credentials) If security is enabled, it sets given credentials for outgoing calls in the current thread.
void	useCredentials(Thread thread, GSSCredential... credentials) Deprecated.
void	useCredentials(Thread thread, SecurityCredentials... credentials) If security is enabled, it sets given credentials for outgoing calls in a given thread.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

GCUBESimpleServiceSecurityManager

public GCUBESimpleServiceSecurityManager()

Method Detail

authoriseCall

public void authoriseCall(GCUBECall authzRequest)
                   throws GCUBEException

Throws:

GCUBEException

getPolicy

public GCUBEAuthzPolicy getPolicy()

Description copied from interface: GCUBEServiceSecurityManager

Returns the current authorisation policy.

Specified by:

getPolicy in interface GCUBEServiceSecurityManager

Returns:

the policy

initialise

public void initialise(GCUBEServiceContext ctxt)
                throws Exception

Description copied from interface: GCUBEServiceSecurityManager

Initialise the manager with the context of the associated service.

Specified by:

initialise in interface GCUBEServiceSecurityManager

Parameters:

ctxt - the context.

Throws:

Exception

needServiceCredentials

public boolean needServiceCredentials()

Description copied from interface: GCUBEServiceSecurityManager

Indicates whether the service makes use of service credentials.

Specified by:

needServiceCredentials in interface GCUBEServiceSecurityManager

Returns:

true if it does, false if it does not.

subscribe

public void subscribe(GCUBEServiceSecurityManager.LifetimeConsumer c,
                      GCUBEServiceSecurityManager.LifetimeTopic... topics)

Description copied from interface: GCUBEServiceSecurityManager

Subscribes a GCUBEServiceSecurityManager.LifetimeConsumer.

Specified by:

subscribe in interface GCUBEServiceSecurityManager

Parameters:

c - the consumer.

unsubscribe

public void unsubscribe(GCUBEServiceSecurityManager.LifetimeConsumer c,
                        GCUBEServiceSecurityManager.LifetimeTopic... topics)

Description copied from interface: GCUBEServiceSecurityManager

Unsubscribes a GCUBEServiceSecurityManager.LifetimeConsumer.

Specified by:

unsubscribe in interface GCUBEServiceSecurityManager

Parameters:

c - the consumer.

isSecurityEnabled

public boolean isSecurityEnabled()

Description copied from interface: GCUBESecurityManager

Indicates whether the manager is operating in a secure context. If not, invoking its methods will have no effect.

Specified by:

isSecurityEnabled in interface GCUBESecurityManager

Returns:

true if security is enabled, false otherwise.

setSecurity

public void setSecurity(Remote s,
                        GCUBESecurityManager.AuthMode e,
                        GCUBESecurityManager.DelegationMode d)
                 throws Exception

Description copied from interface: GCUBESecurityManager

If security is enabled, sets the desired level of encryption and the mode of credential delegation on the stub of a remote porttype. It has no effect otherwise.

Specified by:

setSecurity in interface GCUBESecurityManager

Parameters:

s - the stub.

e - the encryption level.

d - the delegation mode.

Throws:

Exception - if the settings could not be enforced.

useCredentials

@Deprecated
public void useCredentials(GSSCredential credentials)
                    throws Exception

Deprecated.

Specified by:

useCredentials in interface GCUBESecurityManager

Parameters:

credentials - the credentials.

Throws:

Exception - if security is enabled, but credentials are corrupt.

useCredentials

@Deprecated
public void useCredentials(Thread thread,
                                      GSSCredential... credentials)
                    throws Exception

Deprecated.

Throws:

Exception

useCredentials

public void useCredentials(SecurityCredentials credentials)
                    throws Exception

Description copied from interface: GCUBESecurityManager

If security is enabled, it sets given credentials for outgoing calls in the current thread. It has no effect otherwise.

Specified by:

useCredentials in interface GCUBESecurityManager

Parameters:

credentials - the credentials.

Throws:

Exception - if security is enabled, but credentials are corrupt.

useCredentials

public void useCredentials(Thread thread,
                           SecurityCredentials... credentials)
                    throws Exception

Description copied from interface: GCUBESecurityManager

If security is enabled, it sets given credentials for outgoing calls in a given thread.

Specified by:

useCredentials in interface GCUBESecurityManager

Parameters:

thread - the thread.

credentials - (optional) the credentials. If omitted, it delegates the credentials used for the current thread to the given thread.

Throws:

Exception - if security is enabled, but credentials are corrupt.

setAuthMethod

public void setAuthMethod(GCUBESecurityManager.AuthMethod m)

Description copied from interface: GCUBESecurityManager

Adds an authentication method to be used in this security context

Specified by:

setAuthMethod in interface GCUBESecurityManager

Parameters:

m - the authentication method

propagateCallerCredentials

public void propagateCallerCredentials(boolean propagateCallerCredentials)

Description copied from interface: GCUBEServiceSecurityManager

Indicates whether the service, without any further configurationm, makes use of caller credentials: by default is true and, if false, the service will use its own credentials (without further configuration) to perform calls

Specified by:

propagateCallerCredentials in interface GCUBEServiceSecurityManager

getCredentials

public SecurityCredentials getCredentials()

Description copied from interface: GCUBESecurityManager

It returns the credentials for outgoing calls currently set in the current thread.

Specified by:

getCredentials in interface GCUBESecurityManager

Returns:

the credentials.

getServiceCredentials

public SecurityCredentials getServiceCredentials()
                                          throws Exception

Description copied from interface: GCUBEServiceSecurityManager

If security is enabled, it returns the service credentials.

Specified by:

getServiceCredentials in interface GCUBEServiceSecurityManager

Returns:

the credentials, or null if security is not enabled.

Throws:

Exception - if security is enabled, but service credentials could not be produced.

getCallerCredentials

public SecurityCredentials getCallerCredentials()
                                         throws Exception

Description copied from interface: GCUBEServiceSecurityManager

If security is enabled, it extracts credentials from the current request.

Specified by:

getCallerCredentials in interface GCUBEServiceSecurityManager

Returns:

the credentials, of null if security is not enabled.

Throws:

Exception - if security is enabled, but credentials could not be extracted from incoming call.