SimpleTestSecurityManager.java example

Explorer
geode-master
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
 * agreements. See the NOTICE file distributed with this work for additional information regarding
 * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance with the License. You may obtain a
 * copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed under the License
 * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
 * or implied. See the License for the specific language governing permissions and limitations under
 * the License.
 */

package org.apache.geode.security;

import java.util.Properties;

/**
 * This class provides a simple implementation of {@link SecurityManager} for authentication and
 * authorization solely based on the username and password provided.
 *
 * It is meant for demo purpose, not for production.
 *
 * Authentiation: All users whose password matches the username are authenticated. e.g.
 * username/password = test/test, user/user, admin/admin
 *
 * Authorization: users whose username is a substring (case insensitive) of the permission required
 * are authorized. e.g. username = data: is authorized for all data operations: data; data:manage
 * data:read data:write username = dataWrite: is authorized for data writes on all regions:
 * data:write data:write:regionA username = cluster: authorized for all cluster operations username
 * = cluserRead: authorzed for all cluster read operations
 *
 * a user could be a comma separated list of roles as well.
 */
public class SimpleTestSecurityManager implements SecurityManager {
  @Override
  public void init(final Properties securityProps) {}

  @Override
  public Object authenticate(final Properties credentials) throws AuthenticationFailedException {
    String username = credentials.getProperty("security-username");
    String password = credentials.getProperty("security-password");
    if (username != null && username.equals(password)) {
      return username;
    }
    throw new AuthenticationFailedException("invalid username/password");
  }

  @Override
  public boolean authorize(final Object principal, final ResourcePermission permission) {
    String[] principals = principal.toString().toLowerCase().split(",");
    for (String role : principals) {
      String permissionString = permission.toString().replace(":", "").toLowerCase();
      if (permissionString.startsWith(role))
        return true;
    }
    return false;
  }

  @Override
  public void close() {}
}