Package com.tangosol.net.security

Class AuditingAuthorizer

java.lang.Object

com.tangosol.net.security.AuditingAuthorizer

All Implemented Interfaces:

StorageAccessAuthorizer

public class AuditingAuthorizer
extends Object
implements StorageAccessAuthorizer

Simple StorageAccessAuthorizer implementation that logs the authorization requests and allows operations to proceed.

Author:

gg 2014.09.25

Field Summary

Fields inherited from interface com.tangosol.net.security.StorageAccessAuthorizer

REASON_AGGREGATE, REASON_CLEAR, REASON_ENTRYSET, REASON_GET, REASON_INDEX_ADD, REASON_INDEX_REMOVE, REASON_INTERCEPTOR_ADD, REASON_INTERCEPTOR_REMOVE, REASON_INVOKE, REASON_KEYSET, REASON_LISTENER_ADD, REASON_LISTENER_REMOVE, REASON_PUT, REASON_REMOVE, REASON_TRIGGER_ADD, REASON_TRIGGER_REMOVE, REASON_UNKNOWN, REASON_VALUES

Constructor Summary

Constructors

Constructor	Description
AuditingAuthorizer()	Construct a non-strict AuditingAuthorizer.
AuditingAuthorizer(boolean fStrict)	Construct an AuditingAuthorizer.

Method Summary

Modifier and Type	Method	Description
void	checkRead(BinaryEntry entry, Subject subject, int nReason)	Check if the caller represented by the specified Subject is authorized to a read access for the specified entry.
void	checkReadAny(BackingMapContext context, Subject subject, int nReason)	Check if the caller represented by the specified Subject is authorized to read any data.
void	checkWrite(BinaryEntry entry, Subject subject, int nReason)	Check if the caller represented by the specified Subject is authorized to a write access for the specified entry.
void	checkWriteAny(BackingMapContext context, Subject subject, int nReason)	Check if the caller represented by the specified Subject is authorized to update any data.
protected void	logEntryRequest(BinaryEntry entry, Subject subject, boolean fWrite, int nReason)	Log the entry level authorization request.
protected void	logMapRequest(BackingMapContext context, Subject subject, boolean fWrite, int nReason)	Log the backing map level authorization request.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuditingAuthorizer

public AuditingAuthorizer()

Construct a non-strict AuditingAuthorizer. It will simply log the authorization request and allow the operation to proceed.

AuditingAuthorizer

public AuditingAuthorizer(boolean fStrict)

Construct an AuditingAuthorizer. It will simply log the authorization request and allow the operation to proceed based on the presence of the Subject.

Parameters:

fStrict - if true, a non-null Subject must be presented for the operation to proceed

Method Detail

checkRead

public void checkRead(BinaryEntry entry,
                      Subject subject,
                      int nReason)

Description copied from interface: StorageAccessAuthorizer

Check if the caller represented by the specified Subject is authorized to a read access for the specified entry.

Specified by:

checkRead in interface StorageAccessAuthorizer

Parameters:

entry - the entry

subject - the Subject

nReason - one of the REASON_* constants

checkWrite

public void checkWrite(BinaryEntry entry,
                       Subject subject,
                       int nReason)

Description copied from interface: StorageAccessAuthorizer

Check if the caller represented by the specified Subject is authorized to a write access for the specified entry.

Specified by:

checkWrite in interface StorageAccessAuthorizer

Parameters:

entry - the entry

subject - the Subject

nReason - one of the REASON_* constants

checkReadAny

public void checkReadAny(BackingMapContext context,
                         Subject subject,
                         int nReason)

Description copied from interface: StorageAccessAuthorizer

Check if the caller represented by the specified Subject is authorized to read any data.

For example, this check would be performed to install a map listener (except for lite listeners)

Specified by:

checkReadAny in interface StorageAccessAuthorizer

Parameters:

context - the BackingMapContext

subject - the Subject

nReason - one of the REASON_* constants

checkWriteAny

public void checkWriteAny(BackingMapContext context,
                          Subject subject,
                          int nReason)

Description copied from interface: StorageAccessAuthorizer

Check if the caller represented by the specified Subject is authorized to update any data.

For example, this check would be performed to install a trigger.

Specified by:

checkWriteAny in interface StorageAccessAuthorizer

Parameters:

context - the BackingMapContext

subject - the Subject

nReason - one of the REASON_* constants

logEntryRequest

protected void logEntryRequest(BinaryEntry entry,
                               Subject subject,
                               boolean fWrite,
                               int nReason)

Log the entry level authorization request.

Parameters:

entry - the entry to authorize access to

subject - the Subject

fWrite - true for write operation; read otherwise

nReason - the reason for the check

logMapRequest

protected void logMapRequest(BackingMapContext context,
                             Subject subject,
                             boolean fWrite,
                             int nReason)

Log the backing map level authorization request.

Parameters:

context - the context of the backing map to authorize access to

subject - the Subject

fWrite - true for write operation; read otherwise

nReason - the reason for the check