GCUBEServiceSecurityManager (The gCube Application Framework 1.6.4-SNAPSHOT API)

All Superinterfaces:

GCUBESecurityManager

All Known Implementing Classes:

GCUBEServiceContext, GCUBEServiceSecurityManagerImpl, GCUBESimpleServiceSecurityManager
```
public interface GCUBEServiceSecurityManager
extends GCUBESecurityManager
```
An extension of GCUBESecurityManager which operates in a service context, where client and service credentials must be distinguished and where authorisation becomes relevant.
A service security manager authorises incoming calls, extracts caller credentials from them, and retrieves service credentials to use for outgoing calls.

Author:

Fabio Simeoni (University of Strathclyde), Ciro Formisano (ENG)

Nested Class Summary

Nested Classes
Modifier and Type	Interface and Description
`static class`	`GCUBEServiceSecurityManager.LifetimeConsumer` Lifetime event consumer
`static class`	`GCUBEServiceSecurityManager.LifetimeEvent` Lifetime event.
`static class`	`GCUBEServiceSecurityManager.LifetimeTopic` Lifetime topic enumeration.

Nested classes/interfaces inherited from interface org.gcube.common.core.security.GCUBESecurityManager
GCUBESecurityManager.AuthMethod, GCUBESecurityManager.AuthMode, GCUBESecurityManager.DelegationMode

Method Summary

Methods
Modifier and Type	Method and Description
`SecurityCredentials`	`getCallerCredentials()` If security is enabled, it extracts credentials from the current request.
`GCUBEAuthzPolicy`	`getPolicy()` Returns the current authorisation policy.
`SecurityCredentials`	`getServiceCredentials()` If security is enabled, it returns the service credentials.
`void`	`initialise(GCUBEServiceContext ctxt)` Initialise the manager with the context of the associated service.
`boolean`	`needServiceCredentials()` Indicates whether the service makes use of service credentials.
`void`	`propagateCallerCredentials(boolean propagateCallerCredentials)` Indicates whether the service, without any further configurationm, makes use of caller credentials: by default is true and, if false, the service will use its own credentials (without further configuration) to perform calls
`void`	`subscribe(GCUBEServiceSecurityManager.LifetimeConsumer c, GCUBEServiceSecurityManager.LifetimeTopic... topics)` Subscribes a `GCUBEServiceSecurityManager.LifetimeConsumer`.
`void`	`unsubscribe(GCUBEServiceSecurityManager.LifetimeConsumer c, GCUBEServiceSecurityManager.LifetimeTopic... topics)` Unsubscribes a `GCUBEServiceSecurityManager.LifetimeConsumer`.

Methods inherited from interface org.gcube.common.core.security.GCUBESecurityManager
getCredentials, isSecurityEnabled, setAuthMethod, setSecurity, useCredentials, useCredentials, useCredentials

- Method Detail
  - initialise
```
void initialise(GCUBEServiceContext ctxt)
                throws Exception
```
    Initialise the manager with the context of the associated service.
    
    Parameters:
    ctxt - the context.
    
    Throws:
    
    Exception
  - subscribe
```
void subscribe(GCUBEServiceSecurityManager.LifetimeConsumer c,
             GCUBEServiceSecurityManager.LifetimeTopic... topics)
```
    Subscribes a GCUBEServiceSecurityManager.LifetimeConsumer.
    
    Parameters:
    c - the consumer.
  - unsubscribe
```
void unsubscribe(GCUBEServiceSecurityManager.LifetimeConsumer c,
               GCUBEServiceSecurityManager.LifetimeTopic... topics)
```
    Unsubscribes a GCUBEServiceSecurityManager.LifetimeConsumer.
    
    Parameters:
    c - the consumer.
  - getServiceCredentials
```
SecurityCredentials getServiceCredentials()
                                          throws Exception
```
    If security is enabled, it returns the service credentials.
    
    Returns:
    the credentials, or null if security is not enabled.
    
    Throws:
    
    Exception - if security is enabled, but service credentials could not be produced.
  - getCallerCredentials
```
SecurityCredentials getCallerCredentials()
                                         throws Exception
```
    If security is enabled, it extracts credentials from the current request.
    
    Returns:
    the credentials, of null if security is not enabled.
    
    Throws:
    
    Exception - if security is enabled, but credentials could not be extracted from incoming call.
  - getPolicy
```
GCUBEAuthzPolicy getPolicy()
```
    Returns the current authorisation policy.
    
    Returns:
    the policy
  - needServiceCredentials
```
boolean needServiceCredentials()
```
    Indicates whether the service makes use of service credentials.
    
    Returns:
    true if it does, false if it does not.
  - propagateCallerCredentials
```
void propagateCallerCredentials(boolean propagateCallerCredentials)
```
    Indicates whether the service, without any further configurationm, makes use of caller credentials: by default is true and, if false, the service will use its own credentials (without further configuration) to perform calls

Interface GCUBEServiceSecurityManager

Nested Class Summary

Nested classes/interfaces inherited from interface org.gcube.common.core.security.GCUBESecurityManager

Method Summary

Methods inherited from interface org.gcube.common.core.security.GCUBESecurityManager

Method Detail

initialise

subscribe

unsubscribe

getServiceCredentials

getCallerCredentials

getPolicy

needServiceCredentials

propagateCallerCredentials