co.cask.cdap.security.authorization

Class AuthorizerInstantiator

java.lang.Object

co.cask.cdap.security.authorization.AuthorizerInstantiator

All Implemented Interfaces:

com.google.common.base.Supplier<Authorizer>, Closeable, AutoCloseable

public class AuthorizerInstantiator
extends Object
implements Closeable, com.google.common.base.Supplier<Authorizer>

Class to instantiate Authorizer extensions. Authorization extensions are instantiated using a separate ClassLoader that is built using a bundled jar for the Authorizer extension that contains all its required dependencies. The ClassLoader is created with the parent as the classloader with which the Authorizer interface is instantiated. This parent only has classes required by the cdap-security-spi module. The AuthorizerInstantiator has the following expectations from the extension:

• Authorization is enabled setting the parameter Constants.Security.Authorization#ENABLED to true in cdap-site.xml. When authorization is disabled, an instance of NoOpAuthorizer is returned.
• The path to the extension jar bundled with all its dependencies is read from the setting Constants.Security.Authorization#EXTENSION_JAR_PATH in cdap-site.xml
• The instantiator reads a fully qualified class name specified as the Attributes.Name#MAIN_CLASS attribute in the extension jar's manifest file. This class must implement Authorizer and have a default constructor.
• During get(), the instantiator creates an instance of the Authorizer class and also calls its Authorizer.initialize(AuthorizationContext) method with an AuthorizationContext created using a AuthorizationContextFactory by providing it a Properties object that is populated with all configuration settings from cdap-site.xml that have keys with the prefix Constants.Security.Authorization#EXTENSION_CONFIG_PREFIX.
• During close(), the Authorizer.destroy() method is invoked, and the AuthorizerClassLoader is closed.

Constructor Summary

Constructors

Constructor and Description
AuthorizerInstantiator(CConfiguration cConf, AuthorizationContextFactory authorizationContextFactory)

Method Summary

Methods

Modifier and Type	Method and Description
void	close()
Authorizer	get() Returns an instance of the configured Authorizer extension, or of NoOpAuthorizer, if authorization is disabled.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AuthorizerInstantiator

@Inject
public AuthorizerInstantiator(CConfiguration cConf,
                             AuthorizationContextFactory authorizationContextFactory)

Method Detail

get

public Authorizer get()

Returns an instance of the configured Authorizer extension, or of NoOpAuthorizer, if authorization is disabled.

Specified by:

get in interface com.google.common.base.Supplier<Authorizer>

close

public void close()
           throws IOException

Specified by:

close in interface Closeable

Specified by:

close in interface AutoCloseable

Throws:

IOException