Authorities and Privileges for XAP Service Grid
Authority refers to a grouping of privileges. A Privilege (permission) is a granted right to perform an operation/action on a resource. For example, a user may have a read privileges to access data.
public interface Authority {
/**
* @return a representation of the granted authority
*/
String getAuthority();
}
For information about Authentication, Authorization and Security Roles (Privileges) refer to the Security Overview page.
Class Filter
When you grant a privilege you are allowing the user to perform the operation on the space. If you wish to restrict the operation to certain classes, a "Class-Filter' may be defined.
Restricting of privileges
A "Class-Filter' allows or denies operations on certain classes based on their fully qualified name, package name, or wild-card manipulation. For example, you may define a user with Read privileges for Class com.gigaspaces.office.Employee
, Write privileges for Package com.gigaspaces.vacations.\*
and Take privileges for a match of com.gigaspaces.sickdays*
. You may also define a user which is denied of reading com.gigaspaces.salary.*
.
Class-Filter matching using Hierarchy
When performing a matching operation (e.g. space read), a template is supplied. Matches can be returned also from subclasses of this template. Take for example, the following hierarchy:
- Shape
- Circle
- Rectangle
- Square
- Triangle
When we read using a Shape
template, a Shape
, Circle
, Rectangle
, Triangle
and even Square
are part of the result set.
But if we read using a Rectangle
template, only it and its subclass Square
are part of a result set.
This should be considered when you allow a Class-Filter for matching operations (Read, Take, Alter).
But, when you deny a Class more caution should be taken. If you deny a Rectangle
Class from being read it means you can't perform read with this class. But it does not mean you cannot perform read with Square
. Moreover, it does not mean that Rectangle
won't be returned in the result set when performing read with Shape
. If your packages are flexible you can deny using wildcard matching or package matching. Otherwise you need to deny all classes in the hierarchy.
Example
The UserDetails.getAuthorities()
method lists the granted authorities of a user. An Authority
represents a grouping of privileges. For example, a SpaceAuthority
consists of write, read, execute privileges. Each of these can be specifically assigned to a user. These authorities are populated upon a user's authentication process.
Here is a simple user with read + write privileges construction:
UserDetails user = new User("John Smith", "password",
new SpaceAuthority(SpacePrivilege.READ),
new SpaceAuthority(SpacePrivilege.WRITE));
The SecurityManager interface provides an extension to a user defined DirectoryManager
. This allows you to connect to any storage to manage users and roles.
This method is not mandatory, and implementors can throw DirectoryAccessDeniedException
if management should be done via external user management tools.
See Users and Roles section for more details.
interface SecurityManager {
...
DirectoryManager createDirectoryManager(UserDetails userDetails) throws AuthenticationException,
AccessDeniedException;
...
}
Role Authority
The RoleAuthrority
represents a logical name for a role. This provides an authorities-to-role grouping. The RoleDetails
defines the authorities belonging to a specific role.
For example, lets define a guest role with read privileges assigned to an anonymous user:
RoleDetails role = new Role("guest", new SpaceAuthority(SpacePrivilege.READ));
UserDetails user = new User("anonymous", new RoleAuthority("guest"));
And define a contributor, with read and write privileges:
RoleDetails role = new Role("contributor", new SpaceAuthority(SpacePrivilege.READ), new SpaceAuthority(SpacePrivilege.WRITE));
UserDetails user = new User("gigaspacer", new RoleAuthority("contributor"));
This separation between users and roles allows to store the RoleDetails
independent to the UserDetails
.