Package org.yamcs.security

Class RemoteUserAuthModule

java.lang.Object

org.yamcs.security.RemoteUserAuthModule

All Implemented Interfaces:

AuthModule

public class RemoteUserAuthModule
extends Object
implements AuthModule

AuthModule that identifies users based on an HTTP header property. This can be used when Yamcs is well-protected from spoofing attempts and authentication is done on a reverse proxy, like Apache or Nginx.

Constructor Summary

Constructors

Constructor	Description
RemoteUserAuthModule()

Method Summary

Modifier and Type	Method	Description
AuthenticationInfo	getAuthenticationInfo(AuthenticationToken token)	Identify the subject based on the given information.
AuthorizationInfo	getAuthorizationInfo(AuthenticationInfo authenticationInfo)	Retrieve access control information based on the given AuthenticationInfo.
String	getHeader()
Spec	getSpec()	Returns the valid configuration of the input args of this AuthModule.
void	init(YConfiguration args)	Initialize this AuthModule.
boolean	verifyValidity(AuthenticationInfo authenticationInfo)	Verify if previously generated authentication info is (still) valid.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.yamcs.security.AuthModule

authenticationSucceeded

Constructor Detail

RemoteUserAuthModule

public RemoteUserAuthModule()

Method Detail

getSpec

public Spec getSpec()

Description copied from interface: AuthModule

Returns the valid configuration of the input args of this AuthModule.

Specified by:

getSpec in interface AuthModule

Returns:

the argument specification.

getHeader

public String getHeader()

init

public void init(YConfiguration args)
          throws InitException

Description copied from interface: AuthModule

Initialize this AuthModule.

Specified by:

init in interface AuthModule

Parameters:

args - The configured arguments for this AuthModule. If AuthModule.getSpec() is implemented then this contains the arguments after being validated (including any defaults).

Throws:

InitException - When something goes wrong during the execution of this method.

getAuthenticationInfo

public AuthenticationInfo getAuthenticationInfo(AuthenticationToken token)
                                         throws AuthenticationException

Description copied from interface: AuthModule

Identify the subject based on the given information.

Specified by:

getAuthenticationInfo in interface AuthModule

Returns:

an info object containing the principal of the subject, or null if the login failed

Throws:

AuthenticationException

getAuthorizationInfo

public AuthorizationInfo getAuthorizationInfo(AuthenticationInfo authenticationInfo)
                                       throws AuthorizationException

Description copied from interface: AuthModule

Retrieve access control information based on the given AuthenticationInfo. This AuthenticationInfo may have been generated by a different AuthModule.

Specified by:

getAuthorizationInfo in interface AuthModule

Returns:

an info object containing role/privilege information of the subject

Throws:

AuthorizationException

verifyValidity

public boolean verifyValidity(AuthenticationInfo authenticationInfo)

Description copied from interface: AuthModule

Verify if previously generated authentication info is (still) valid. For example, if the authentication info references an externally issued expiring ticket, this can be validated here.

This method is called very frequently, so implementations must take care to limit external requests.

Specified by:

verifyValidity in interface AuthModule

Parameters:

authenticationInfo - information relevant to the authentication process

Returns:

true if the authentication info is valid, false otherwise