A B C D E F G H I J K L M N O P R S T U V

A

AbstractAuthenticationHandler - Class in co.cask.cdap.security.server

An abstract authentication handler that provides basic functionality including setting of constraints and setting of different required services.

AbstractAuthenticationHandler(CConfiguration) - Constructor for class co.cask.cdap.security.server.AbstractAuthenticationHandler

AbstractAuthorizationService - Class in co.cask.cdap.security.authorization

An AbstractScheduledService that maintains a cache of privileges.

AbstractAuthorizationService(CConfiguration, PrivilegesFetcher, AuthenticationContext, String) - Constructor for class co.cask.cdap.security.authorization.AbstractAuthorizationService

AbstractKeyManager - Class in co.cask.cdap.security.auth

AbstractKeyManager that provides the basic functionality that all key managers share.

AbstractKeyManager(CConfiguration) - Constructor for class co.cask.cdap.security.auth.AbstractKeyManager

An AbstractKeyManager that has common functionality of all keymanagers.

AbstractKeyManager(String, int) - Constructor for class co.cask.cdap.security.auth.AbstractKeyManager

ACCESS_TOKEN - Static variable in class co.cask.cdap.security.server.ExternalAuthenticationServer.ResponseFields

AccessToken - Class in co.cask.cdap.security.auth

Represents a verified identity used for client authentication.

AccessToken(AccessTokenIdentifier, int, byte[]) - Constructor for class co.cask.cdap.security.auth.AccessToken

AccessTokenCodec - Class in co.cask.cdap.security.auth

Utility to encode and decode AccessToken and AccessTokenIdentifier instances to and from byte array representations.

AccessTokenCodec(DatumReaderFactory, DatumWriterFactory) - Constructor for class co.cask.cdap.security.auth.AccessTokenCodec

AccessTokenIdentifier - Class in co.cask.cdap.security.auth

Represents a verified user identity.

AccessTokenIdentifier(String, Collection<String>, long, long) - Constructor for class co.cask.cdap.security.auth.AccessTokenIdentifier

AccessTokenIdentifierCodec - Class in co.cask.cdap.security.auth

Utility to handle serialization and deserialization of AccessTokenIdentifier objects.

AccessTokenIdentifierCodec(DatumReaderFactory, DatumWriterFactory) - Constructor for class co.cask.cdap.security.auth.AccessTokenIdentifierCodec

AccessTokenTransformer - Class in co.cask.cdap.security.auth

It takes the access token and transforms it to Access Token Identifier.

AccessTokenTransformer(Codec<AccessToken>, Codec<AccessTokenIdentifier>) - Constructor for class co.cask.cdap.security.auth.AccessTokenTransformer

AccessTokenTransformer.AccessTokenIdentifierPair - Class in co.cask.cdap.security.auth

Access token identifier pair that has marshalled and unmarshalled access token object

AccessTokenTransformer.AccessTokenIdentifierPair(String, AccessTokenIdentifier) - Constructor for class co.cask.cdap.security.auth.AccessTokenTransformer.AccessTokenIdentifierPair

AccessTokenValidator - Class in co.cask.cdap.security.auth

This class validates the accessToken and returns the different states of accessToken validation.

AccessTokenValidator(TokenManager, Codec<AccessToken>) - Constructor for class co.cask.cdap.security.auth.AccessTokenValidator

addKey(KeyIdentifier) - Method in class co.cask.cdap.security.auth.AbstractKeyManager

Adds a given key instance.

addKey(KeyIdentifier) - Method in class co.cask.cdap.security.auth.DistributedKeyManager

addKey(KeyIdentifier) - Method in class co.cask.cdap.security.auth.MapBackedKeyManager

addListener(ResourceListener<T>) - Method in class co.cask.cdap.security.zookeeper.SharedResourceCache

Adds a ResourceListener to be notified of cache updates.

allKeys - Variable in class co.cask.cdap.security.auth.MapBackedKeyManager

AuditLogHandler - Class in co.cask.cdap.security.server

Handler for audit logging for the ExternalAuthenticationServer.

AuditLogHandler(Logger) - Constructor for class co.cask.cdap.security.server.AuditLogHandler

AUTHENTICATION_HANDLER - Static variable in class co.cask.cdap.security.server.ExternalAuthenticationServer.HandlerType

AuthenticationContextModules - Class in co.cask.cdap.security.auth.context

Exposes the right AuthenticationContext via an AbstractModule based on the context in which it is being invoked.

AuthenticationContextModules() - Constructor for class co.cask.cdap.security.auth.context.AuthenticationContextModules

AuthenticationGuiceServletContextListener - Class in co.cask.cdap.security.server

RestEasy context listener used to bind handlers.

AuthenticationGuiceServletContextListener(Map<String, Object>) - Constructor for class co.cask.cdap.security.server.AuthenticationGuiceServletContextListener

Create an AuthenticationGuiceServletContextListener that binds handlers.

AuthenticationServerMain - Class in co.cask.cdap.security.runtime

Server for authenticating clients accessing CDAP.

AuthenticationServerMain() - Constructor for class co.cask.cdap.security.runtime.AuthenticationServerMain

AuthenticationTestContext - Class in co.cask.cdap.security.auth.context

A dummy AuthenticationContext to be used in tests.

AuthenticationTestContext() - Constructor for class co.cask.cdap.security.auth.context.AuthenticationTestContext

AuthorizationBootstrapper - Class in co.cask.cdap.security.authorization

A class to bootstrap authorization

AuthorizationContextFactory - Interface in co.cask.cdap.security.authorization

Guice factory for creating AuthorizationContext instances

authorizationEnabled - Variable in class co.cask.cdap.security.authorization.AbstractAuthorizationService

AuthorizationEnforcementModule - Class in co.cask.cdap.security.authorization

A module that contains bindings for AuthorizationEnforcementService and PrivilegesFetcher.

AuthorizationEnforcementModule() - Constructor for class co.cask.cdap.security.authorization.AuthorizationEnforcementModule

AuthorizationEnforcementService - Interface in co.cask.cdap.security.authorization

An AuthorizationEnforcer used to enforce authorization policies in programs.

AuthorizerAsPrivilegesManager - Class in co.cask.cdap.security.authorization

A PrivilegesManager that simply delegates to the configured Authorizer.

AuthorizerClassLoader - Class in co.cask.cdap.security.authorization

DirectoryClassLoader for Authorizer extensions.

AuthorizerInstantiator - Class in co.cask.cdap.security.authorization

Class to instantiate Authorizer extensions.

AuthorizerInstantiator(CConfiguration, AuthorizationContextFactory) - Constructor for class co.cask.cdap.security.authorization.AuthorizerInstantiator

B

BaseResourceListener<T> - Class in co.cask.cdap.security.zookeeper

Simple ResourceListener implementation with no-op implementations.

BaseResourceListener() - Constructor for class co.cask.cdap.security.zookeeper.BaseResourceListener

BasicAuthenticationHandler - Class in co.cask.cdap.security.server

Handler for basic authentication of users.

BasicAuthenticationHandler(CConfiguration) - Constructor for class co.cask.cdap.security.server.BasicAuthenticationHandler

bindKeyManager(Binder) - Method in class co.cask.cdap.security.guice.DistributedSecurityModule

bindKeyManager(Binder) - Method in class co.cask.cdap.security.guice.FileBasedSecurityModule

bindKeyManager(Binder) - Method in class co.cask.cdap.security.guice.InMemorySecurityModule

bindKeyManager(Binder) - Method in class co.cask.cdap.security.guice.SecurityModule

C

cacheEnabled - Variable in class co.cask.cdap.security.authorization.AbstractAuthorizationService

callbackHandlerClass - Variable in class co.cask.cdap.security.server.JAASLoginService

close() - Method in class co.cask.cdap.security.authorization.AuthorizerInstantiator

co.cask.cdap.security - package co.cask.cdap.security

Classes to secure CDAP.

co.cask.cdap.security.auth - package co.cask.cdap.security.auth

Classes related to authentication of clients and daemons.

co.cask.cdap.security.auth.context - package co.cask.cdap.security.auth.context

co.cask.cdap.security.authorization - package co.cask.cdap.security.authorization

co.cask.cdap.security.guice - package co.cask.cdap.security.guice

Classes supporting dependency injection bindings of security classes.

co.cask.cdap.security.runtime - package co.cask.cdap.security.runtime

co.cask.cdap.security.server - package co.cask.cdap.security.server

Classes supporting External Authentication for users.

co.cask.cdap.security.store - package co.cask.cdap.security.store

co.cask.cdap.security.tools - package co.cask.cdap.security.tools

co.cask.cdap.security.zookeeper - package co.cask.cdap.security.zookeeper

configuration - Variable in class co.cask.cdap.security.server.AbstractAuthenticationHandler

configuration - Variable in class co.cask.cdap.security.server.JAASLoginService

configure() - Method in class co.cask.cdap.security.guice.SecurityModule

create(Properties) - Method in interface co.cask.cdap.security.authorization.AuthorizationContextFactory

Creates an AuthorizationContext.

create() - Method in class co.cask.cdap.security.tools.SSLHandlerFactory

createDataset(String, String, DatasetProperties) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

createFilter(Principal) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationEnforcementService

createSocket(String, int) - Method in class co.cask.cdap.security.server.LDAPLoginModule.TrustAllSSLSocketFactory

createSocket(InetAddress, int) - Method in class co.cask.cdap.security.server.LDAPLoginModule.TrustAllSSLSocketFactory

createSocket(String, int, InetAddress, int) - Method in class co.cask.cdap.security.server.LDAPLoginModule.TrustAllSSLSocketFactory

createSocket(InetAddress, int, InetAddress, int) - Method in class co.cask.cdap.security.server.LDAPLoginModule.TrustAllSSLSocketFactory

currentKey - Variable in class co.cask.cdap.security.auth.AbstractKeyManager

D

datasetExists(String) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

decode(byte[]) - Method in class co.cask.cdap.security.auth.AccessTokenCodec

decode(byte[]) - Method in class co.cask.cdap.security.auth.AccessTokenIdentifierCodec

decode(byte[]) - Method in class co.cask.cdap.security.auth.KeyIdentifierCodec

DefaultAuthorizationContext - Class in co.cask.cdap.security.authorization

An AuthorizationContext that delegates to the provided DatasetContext, Admin and Transactional.

DefaultAuthorizationContext(Properties, DatasetContext, Admin, Transactional, AuthenticationContext, SecureStore) - Constructor for class co.cask.cdap.security.authorization.DefaultAuthorizationContext

DefaultAuthorizationEnforcementService - Class in co.cask.cdap.security.authorization

Default implementation of AuthorizationEnforcementService.

DefaultPrivilegesManager - Class in co.cask.cdap.security.authorization

A PrivilegesManager that also invalidates privileges caches when privileges are updated.

defaultRoleClassName - Static variable in class co.cask.cdap.security.server.JAASLoginService

defaultRoleClassNames - Static variable in class co.cask.cdap.security.server.JAASLoginService

DefaultSecureStoreService - Class in co.cask.cdap.security.store

Default implementation of the service that manages access to the Secure Store,

defaultUser - Variable in class co.cask.cdap.security.server.JAASLoginService

DELEGATE_SECURE_STORE - Static variable in class co.cask.cdap.security.guice.SecureStoreModules

DELEGATE_SECURE_STORE_MANAGER - Static variable in class co.cask.cdap.security.guice.SecureStoreModules

deleteSecureData(String, String) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

deleteSecureData(String, String) - Method in class co.cask.cdap.security.store.DefaultSecureStoreService

Deletes the key if the user has ADMIN privileges to the key.

deleteSecureData(String, String) - Method in class co.cask.cdap.security.store.DummySecureStore

deleteSecureData(String, String) - Method in class co.cask.cdap.security.store.FileSecureStore

Deletes the element with the given name.

destroy() - Method in class co.cask.cdap.security.runtime.AuthenticationServerMain

destroy() - Method in class co.cask.cdap.security.server.GrantAccessToken

Stop the TokenManager.

discardDataset(Dataset) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

DistributedKeyManager - Class in co.cask.cdap.security.auth

KeyManager implementation that distributes shared secret keys via ZooKeeper to all instances, so that all distributed instances maintain the same local cache of keys.

DistributedKeyManager(CConfiguration, Codec<KeyIdentifier>, ZKClient) - Constructor for class co.cask.cdap.security.auth.DistributedKeyManager

DistributedKeyManager(CConfiguration, Codec<KeyIdentifier>, ZKClient, List<ACL>) - Constructor for class co.cask.cdap.security.auth.DistributedKeyManager

DistributedSecurityModule - Class in co.cask.cdap.security.guice

Configures dependency injection with all security class implementations required to run in a distributed environment.

DistributedSecurityModule() - Constructor for class co.cask.cdap.security.guice.DistributedSecurityModule

doInit() - Method in class co.cask.cdap.security.auth.AbstractKeyManager

Extended classes must override this method to initialize/read the key(s) used for signing tokens.

doInit() - Method in class co.cask.cdap.security.auth.DistributedKeyManager

doInit() - Method in class co.cask.cdap.security.auth.FileBasedKeyManager

doInit() - Method in class co.cask.cdap.security.auth.InMemoryKeyManager

doInvalidate(Predicate<Principal>) - Method in class co.cask.cdap.security.authorization.AbstractAuthorizationService

doStart() - Method in class co.cask.cdap.security.server.JAASLoginService

dropDataset(String) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

DummySecureStore - Class in co.cask.cdap.security.store

A dummy class that is loaded when the user has set the provider to "kms" but the cluster does not have the required libraries.

DummySecureStore() - Constructor for class co.cask.cdap.security.store.DummySecureStore

E

encode(AccessToken) - Method in class co.cask.cdap.security.auth.AccessTokenCodec

encode(AccessTokenIdentifier) - Method in class co.cask.cdap.security.auth.AccessTokenIdentifierCodec

encode(KeyIdentifier) - Method in class co.cask.cdap.security.auth.KeyIdentifierCodec

enforce(EntityId, Principal, Action) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationEnforcementService

enforce(EntityId, Principal, Set<Action>) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationEnforcementService

equals(Object) - Method in class co.cask.cdap.security.auth.AccessToken

equals(Object) - Method in class co.cask.cdap.security.auth.AccessTokenIdentifier

equals(Object) - Method in class co.cask.cdap.security.auth.KeyIdentifier

equals(Object) - Method in class co.cask.cdap.security.zookeeper.SharedResourceCache

execute(TxRunnable) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

executor() - Method in class co.cask.cdap.security.authorization.AbstractAuthorizationService

executor(Service.State) - Method in class co.cask.cdap.security.server.ExternalAuthenticationServer

EXPIRES_IN - Static variable in class co.cask.cdap.security.server.ExternalAuthenticationServer.ResponseFields

extendedToken(HttpServletRequest, HttpServletResponse) - Method in class co.cask.cdap.security.server.GrantAccessToken

Get a long lasting Access Token.

ExternalAuthenticationServer - Class in co.cask.cdap.security.server

Jetty service for External Authentication.

ExternalAuthenticationServer(CConfiguration, SConfiguration, DiscoveryService, Map<String, Object>, AuditLogHandler) - Constructor for class co.cask.cdap.security.server.ExternalAuthenticationServer

ExternalAuthenticationServer.HandlerType - Class in co.cask.cdap.security.server

Constants for Handler types.

ExternalAuthenticationServer.HandlerType() - Constructor for class co.cask.cdap.security.server.ExternalAuthenticationServer.HandlerType

ExternalAuthenticationServer.ResponseFields - Class in co.cask.cdap.security.server

Constants for a valid JSON response.

ExternalAuthenticationServer.ResponseFields() - Constructor for class co.cask.cdap.security.server.ExternalAuthenticationServer.ResponseFields

F

fetchPrivileges(Principal) - Method in class co.cask.cdap.security.authorization.AbstractAuthorizationService

FileBasedKeyManager - Class in co.cask.cdap.security.auth

Maintains secret keys used to sign and validate authentication tokens.

FileBasedKeyManager(CConfiguration, Codec<KeyIdentifier>) - Constructor for class co.cask.cdap.security.auth.FileBasedKeyManager

Create a new FileBasedKeyManager instance that persists keys in a local file.

FileBasedSecurityModule - Class in co.cask.cdap.security.guice

Guice bindings for FileBasedKeyManagers.

FileBasedSecurityModule() - Constructor for class co.cask.cdap.security.guice.FileBasedSecurityModule

FileSecureStore - Class in co.cask.cdap.security.store

File based implementation of secure store.

FileSecureStore(CConfiguration, SConfiguration, NamespaceQueryAdmin) - Constructor for class co.cask.cdap.security.store.FileSecureStore

G

generateKey() - Method in class co.cask.cdap.security.auth.AbstractKeyManager

Generates a new KeyIdentifier and sets that to be the current key being used.

generateMAC(byte[]) - Method in class co.cask.cdap.security.auth.AbstractKeyManager

generateMAC(int, byte[]) - Method in class co.cask.cdap.security.auth.AbstractKeyManager

Computes a digest for the given input message, using the key identified by the given ID.

generateMAC(SecretKey, byte[]) - Method in class co.cask.cdap.security.auth.AbstractKeyManager

generateMAC(byte[]) - Method in interface co.cask.cdap.security.auth.KeyManager

Computes a digest for the given input message, using the current secret key.

get() - Method in class co.cask.cdap.security.authorization.AuthorizerInstantiator

Returns an instance of the configured Authorizer extension, or of NoOpAuthorizer, if authorization is disabled.

get(String) - Method in class co.cask.cdap.security.zookeeper.SharedResourceCache

GET_EXTENDED_TOKEN - Static variable in class co.cask.cdap.security.server.GrantAccessToken.Paths

GET_TOKEN - Static variable in class co.cask.cdap.security.server.GrantAccessToken.Paths

getAccessTokenIdentifierObj() - Method in class co.cask.cdap.security.auth.AccessTokenTransformer.AccessTokenIdentifierPair

getAccessTokenIdentifierStr() - Method in class co.cask.cdap.security.auth.AccessTokenTransformer.AccessTokenIdentifierPair

getDataset(String) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

getDataset(String, String) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

getDataset(String, Map<String, String>) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

getDataset(String, String, Map<String, String>) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

getDatasetProperties(String) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

getDatasetType(String) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

getDefault() - Static method in class co.cask.cdap.security.server.LDAPLoginModule.TrustAllSSLSocketFactory

getDigest() - Method in class co.cask.cdap.security.auth.KeyManager.DigestId

getDigestBytes() - Method in class co.cask.cdap.security.auth.AccessToken

getDigestBytes() - Method in interface co.cask.cdap.security.auth.Signed

Returns the digest generated against the message.

getDistributedModules() - Method in class co.cask.cdap.security.authorization.AuthorizationEnforcementModule

Used by program containers and system services (viz explore service, stream service) that need to enforce authorization in distributed mode.

getDistributedModules() - Method in class co.cask.cdap.security.guice.SecureStoreModules

getDistributedModules() - Method in class co.cask.cdap.security.guice.SecurityModules

getEnvironment() - Method in class co.cask.cdap.security.server.LDAPLoginModule

getExpiration() - Method in class co.cask.cdap.security.auth.KeyIdentifier

getExpireTimestamp() - Method in class co.cask.cdap.security.auth.AccessTokenIdentifier

Returns the timestamp, in milliseconds, when this token will expire.

getExtensionProperties() - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

getGroups() - Method in class co.cask.cdap.security.auth.AccessTokenIdentifier

Returns the list of verified group memberships for this user identity.

getHandlerAuthenticator() - Method in class co.cask.cdap.security.server.AbstractAuthenticationHandler

Get an Authenticator for the handler.

getHandlerAuthenticator() - Method in class co.cask.cdap.security.server.BasicAuthenticationHandler

getHandlerAuthenticator() - Method in class co.cask.cdap.security.server.JAASAuthenticationHandler

getHandlerAuthenticator() - Method in class co.cask.cdap.security.server.JASPIAuthenticationHandler

getHandlerIdentityService() - Method in class co.cask.cdap.security.server.AbstractAuthenticationHandler

Get an IdentityService for the handler.

getHandlerIdentityService() - Method in class co.cask.cdap.security.server.BasicAuthenticationHandler

getHandlerIdentityService() - Method in class co.cask.cdap.security.server.JAASAuthenticationHandler

getHandlerIdentityService() - Method in class co.cask.cdap.security.server.JASPIAuthenticationHandler

getHandlerLoginService() - Method in class co.cask.cdap.security.server.AbstractAuthenticationHandler

Get a LoginService for the handler.

getHandlerLoginService() - Method in class co.cask.cdap.security.server.BasicAuthenticationHandler

getHandlerLoginService() - Method in class co.cask.cdap.security.server.JAASAuthenticationHandler

getHandlerLoginService() - Method in class co.cask.cdap.security.server.JASPIAuthenticationHandler

getId() - Method in class co.cask.cdap.security.auth.KeyManager.DigestId

getIdentifier() - Method in class co.cask.cdap.security.auth.AccessToken

Returns the identity portion of the token (username, group memberships, etc).

getIdentityService() - Method in class co.cask.cdap.security.server.JAASLoginService

Get the identityService.

getIfPresent(Object) - Method in class co.cask.cdap.security.zookeeper.SharedResourceCache

getInMemoryModules() - Method in class co.cask.cdap.security.authorization.AuthorizationEnforcementModule

getInMemoryModules() - Method in class co.cask.cdap.security.guice.SecureStoreModules

getInMemoryModules() - Method in class co.cask.cdap.security.guice.SecurityModules

getIssueTimestamp() - Method in class co.cask.cdap.security.auth.AccessTokenIdentifier

Returns the timestamp, in milliseconds, when this token was issued.

getKey(int) - Method in class co.cask.cdap.security.auth.AbstractKeyManager

Returns the key instance matching a given unique ID.

getKey(int) - Method in class co.cask.cdap.security.auth.DistributedKeyManager

getKey() - Method in class co.cask.cdap.security.auth.KeyIdentifier

getKey(int) - Method in class co.cask.cdap.security.auth.MapBackedKeyManager

getKeyId() - Method in class co.cask.cdap.security.auth.AccessToken

Returns the identifier for the secret key used to sign this token.

getKeyId() - Method in class co.cask.cdap.security.auth.KeyIdentifier

getKeyId() - Method in interface co.cask.cdap.security.auth.Signed

Returns the identifier for the secret key used to compute the message digest.

getKMSSecureStore() - Static method in class co.cask.cdap.security.store.SecureStoreUtils

getLoginContext() - Method in class co.cask.cdap.security.server.JAASUserPrincipal

getLoginModuleConfiguration() - Method in class co.cask.cdap.security.server.AbstractAuthenticationHandler

Get configuration for the LoginModule.

getLoginModuleConfiguration() - Method in class co.cask.cdap.security.server.BasicAuthenticationHandler

getLoginModuleConfiguration() - Method in class co.cask.cdap.security.server.JASPIAuthenticationHandler

Dynamically load the configuration properties set by the user for a JASPI plugin.

getLoginModuleConfiguration() - Method in class co.cask.cdap.security.server.LDAPAuthenticationHandler

Create a configuration from properties.

getMasterModule() - Method in class co.cask.cdap.security.auth.context.AuthenticationContextModules

An AuthenticationContext for HTTP requests in Master.

getMasterModule() - Method in class co.cask.cdap.security.authorization.AuthorizationEnforcementModule

Returns an AbstractModule containing bindings for authorization enforcement to be used in the Master.

getMessage() - Method in class co.cask.cdap.security.auth.AccessToken

getMessage() - Method in interface co.cask.cdap.security.auth.Signed

Returns the message object which was signed.

getModules(ServletContext) - Method in class co.cask.cdap.security.server.AuthenticationGuiceServletContextListener

getMsg() - Method in enum co.cask.cdap.security.auth.TokenState

getName() - Method in class co.cask.cdap.security.server.JAASLoginService

Get the name of the realm.

getName() - Method in class co.cask.cdap.security.server.JAASUserPrincipal

Get the name identifying the user

getNoOpModule() - Method in class co.cask.cdap.security.auth.context.AuthenticationContextModules

An AuthenticationContext for use in tests that do not need authentication/authorization.

getPrincipal() - Method in class co.cask.cdap.security.auth.context.AuthenticationTestContext

getPrincipal() - Method in class co.cask.cdap.security.auth.context.MasterAuthenticationContext

getPrincipal() - Method in class co.cask.cdap.security.auth.context.ProgramContainerAuthenticationContext

getPrincipal() - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

getPrivileges(Principal) - Method in class co.cask.cdap.security.authorization.AbstractAuthorizationService

getProgramContainerModule() - Method in class co.cask.cdap.security.auth.context.AuthenticationContextModules

An AuthenticationContext for use in program containers.

getReason() - Method in exception co.cask.cdap.security.auth.InvalidTokenException

getResources() - Method in class co.cask.cdap.security.zookeeper.SharedResourceCache

Returns a view of all currently set resources.

getRoleClassNames() - Method in class co.cask.cdap.security.server.JAASLoginService

getSecureData(String, String) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

getSecureData(String, String) - Method in class co.cask.cdap.security.store.DefaultSecureStoreService

Checks if the user has access to read the secure key and returns the SecureStoreData associated with the key if they do.

getSecureData(String, String) - Method in class co.cask.cdap.security.store.DummySecureStore

getSecureData(String, String) - Method in class co.cask.cdap.security.store.FileSecureStore

Returns the data stored in the secure store.

getSocketAddress() - Method in class co.cask.cdap.security.server.ExternalAuthenticationServer

Get the InetSocketAddress of the server.

getStandaloneModules() - Method in class co.cask.cdap.security.authorization.AuthorizationEnforcementModule

getStandaloneModules() - Method in class co.cask.cdap.security.guice.SecureStoreModules

getStandaloneModules() - Method in class co.cask.cdap.security.guice.SecurityModules

getSubject() - Method in class co.cask.cdap.security.server.JAASUserPrincipal

Provide access to the Subject

getUsername() - Method in class co.cask.cdap.security.auth.AccessTokenIdentifier

Returns the username for this identity.

grant(EntityId, Principal, Set<Action>) - Method in class co.cask.cdap.security.authorization.AuthorizerAsPrivilegesManager

grant(EntityId, Principal, Set<Action>) - Method in class co.cask.cdap.security.authorization.DefaultPrivilegesManager

grant(EntityId, Principal, Set<Action>) - Method in class co.cask.cdap.security.authorization.RemotePrivilegesManager

GRANT_TOKEN_HANDLER - Static variable in class co.cask.cdap.security.server.ExternalAuthenticationServer.HandlerType

GrantAccessToken - Class in co.cask.cdap.security.server

Generate and grant access token to authorized users.

GrantAccessToken(TokenManager, Codec<AccessToken>, CConfiguration) - Constructor for class co.cask.cdap.security.server.GrantAccessToken

Create a new GrantAccessToken object to generate tokens for authorized users.

GrantAccessToken.Paths - Class in co.cask.cdap.security.server

Paths to get Access Tokens.

GrantAccessToken.Paths() - Constructor for class co.cask.cdap.security.server.GrantAccessToken.Paths

H

handle(String, Request, HttpServletRequest, HttpServletResponse) - Method in class co.cask.cdap.security.server.AuditLogHandler

handle(String, Request, HttpServletRequest, HttpServletResponse) - Method in class co.cask.cdap.security.server.StatusRequestHandler

hashCode() - Method in class co.cask.cdap.security.auth.AccessToken

hashCode() - Method in class co.cask.cdap.security.auth.AccessTokenIdentifier

hashCode() - Method in class co.cask.cdap.security.auth.KeyIdentifier

hasKey(int) - Method in class co.cask.cdap.security.auth.AbstractKeyManager

Returns whether or not a key exists for the given unique ID.

hasKey(int) - Method in class co.cask.cdap.security.auth.DistributedKeyManager

hasKey(int) - Method in class co.cask.cdap.security.auth.MapBackedKeyManager

I

identityService - Variable in class co.cask.cdap.security.server.JAASLoginService

init(String[]) - Method in class co.cask.cdap.security.runtime.AuthenticationServerMain

init() - Method in class co.cask.cdap.security.server.AbstractAuthenticationHandler

Initialize the handler context and other related services.

init() - Method in class co.cask.cdap.security.server.GrantAccessToken

Initialize the TokenManager.

init() - Method in class co.cask.cdap.security.zookeeper.SharedResourceCache

initHandlers() - Method in class co.cask.cdap.security.server.ExternalAuthenticationServer

Initializes the handlers.

InMemoryKeyManager - Class in co.cask.cdap.security.auth

Maintains secret keys in memory and uses them to sign and validate authentication tokens.

InMemoryKeyManager(CConfiguration) - Constructor for class co.cask.cdap.security.auth.InMemoryKeyManager

Create an InMemoryKeyManager that stores keys in memory only.

InMemorySecurityModule - Class in co.cask.cdap.security.guice

Guice bindings for InMemoryKeyManagers.

InMemorySecurityModule() - Constructor for class co.cask.cdap.security.guice.InMemorySecurityModule

invalidate(Predicate<Principal>) - Method in interface co.cask.cdap.security.authorization.AuthorizationEnforcementService

Invalidates cached privileges of all principals that satisfy the specified Predicate.

invalidate(Predicate<Principal>) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationEnforcementService

invalidate(Predicate<Principal>) - Method in interface co.cask.cdap.security.authorization.PrivilegesFetcherProxyService

Invalidates privileges of all principals matching the specified Predicate.

InvalidAuthorizerException - Exception in co.cask.cdap.security.authorization

Thrown when an authorizer extension jar is found to be invalid during inspection.

InvalidAuthorizerException(String) - Constructor for exception co.cask.cdap.security.authorization.InvalidAuthorizerException

InvalidAuthorizerException(String, Throwable) - Constructor for exception co.cask.cdap.security.authorization.InvalidAuthorizerException

InvalidDigestException - Exception in co.cask.cdap.security.auth

Exception thrown if an asserted message digest does not match the recomputed value, using the same secret key.

InvalidDigestException(String) - Constructor for exception co.cask.cdap.security.auth.InvalidDigestException

InvalidTokenException - Exception in co.cask.cdap.security.auth

This exception indicates a failure to validate an issued AccessToken, for example due to token expiration or an invalid token digest.

InvalidTokenException(TokenState, String) - Constructor for exception co.cask.cdap.security.auth.InvalidTokenException

InvalidTokenException(TokenState, String, Throwable) - Constructor for exception co.cask.cdap.security.auth.InvalidTokenException

isFileBacked(CConfiguration) - Static method in class co.cask.cdap.security.store.SecureStoreUtils

isKMSBacked(CConfiguration) - Static method in class co.cask.cdap.security.store.SecureStoreUtils

isKMSCapable() - Static method in class co.cask.cdap.security.store.SecureStoreUtils

isSecurityAuthorizationEnabled() - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationEnforcementService

isValid() - Method in enum co.cask.cdap.security.auth.TokenState

J

JAASAuthenticationHandler - Class in co.cask.cdap.security.server

An abstract authentication handler that supports the JAAS interface for external authentication.

JAASAuthenticationHandler(CConfiguration) - Constructor for class co.cask.cdap.security.server.JAASAuthenticationHandler

JAASLoginService - Class in co.cask.cdap.security.server

JAASLoginService Creates a UserRealm suitable for use with JAAS

JAASLoginService() - Constructor for class co.cask.cdap.security.server.JAASLoginService

Constructor.

JAASLoginService(String) - Constructor for class co.cask.cdap.security.server.JAASLoginService

Constructor.

JAASUserPrincipal - Class in co.cask.cdap.security.server

JAASUserPrincipal

JAASUserPrincipal(String, Subject, LoginContext) - Constructor for class co.cask.cdap.security.server.JAASUserPrincipal

JASPIAuthenticationHandler - Class in co.cask.cdap.security.server

An Authentication handler that supports JASPI plugins for External Authentication.

JASPIAuthenticationHandler(CConfiguration) - Constructor for class co.cask.cdap.security.server.JASPIAuthenticationHandler

Create a new Authentication handler to interface with JASPI plugins.

K

keyAlgo - Variable in class co.cask.cdap.security.auth.AbstractKeyManager

keyExpirationPeriod - Variable in class co.cask.cdap.security.auth.AbstractKeyManager

Time duration (in milliseconds) after which an active secret key should be retired.

keyGenerator - Variable in class co.cask.cdap.security.auth.AbstractKeyManager

KeyIdentifier - Class in co.cask.cdap.security.auth

Represents a secret key to use for message signing, plus a unique random number identifying it.

KeyIdentifier(SecretKey, int, long) - Constructor for class co.cask.cdap.security.auth.KeyIdentifier

KeyIdentifierCodec - Class in co.cask.cdap.security.auth

Utility to encode and decode keys that are shared between keyManagers.

KeyIdentifierCodec(DatumReaderFactory, DatumWriterFactory) - Constructor for class co.cask.cdap.security.auth.KeyIdentifierCodec

keyLength - Variable in class co.cask.cdap.security.auth.AbstractKeyManager

KeyManager - Interface in co.cask.cdap.security.auth

Maintains secret keys used to sign and validate authentication tokens.

keyManager - Variable in class co.cask.cdap.security.auth.TokenManager

KeyManager.DigestId - Class in co.cask.cdap.security.auth

Represents the combination of a digest computed on a message using a secret key, and the ID of the secret key used to compute the digest.

KeyManager.DigestId(int, byte[]) - Constructor for class co.cask.cdap.security.auth.KeyManager.DigestId

L

LDAPAuthenticationHandler - Class in co.cask.cdap.security.server

An Authentication handler that authenticates against a LDAP server instance for External Authentication.

LDAPAuthenticationHandler(CConfiguration) - Constructor for class co.cask.cdap.security.server.LDAPAuthenticationHandler

Create a new Authentication handler to use LDAP for external authentication.

LDAPLoginModule - Class in co.cask.cdap.security.server

A custom LoginModule that does LDAP authentication.

LDAPLoginModule() - Constructor for class co.cask.cdap.security.server.LDAPLoginModule

LDAPLoginModule.TrustAllSSLSocketFactory - Class in co.cask.cdap.security.server

A SocketFactory that trusts all SSL certificates.

leader - Variable in class co.cask.cdap.security.auth.DistributedKeyManager

listSecureData(String) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

listSecureData(String) - Method in class co.cask.cdap.security.store.DefaultSecureStoreService

Lists all the secure keys in the given namespace that the user has access to.

listSecureData(String) - Method in class co.cask.cdap.security.store.DummySecureStore

listSecureData(String) - Method in class co.cask.cdap.security.store.FileSecureStore

List of all the entries in the secure store belonging to the specified namespace.

login(String, Object) - Method in class co.cask.cdap.security.server.JAASLoginService

loginModuleName - Variable in class co.cask.cdap.security.server.JAASLoginService

logout(UserIdentity) - Method in class co.cask.cdap.security.server.JAASLoginService

M

main(String[]) - Static method in class co.cask.cdap.security.runtime.AuthenticationServerMain

MapBackedKeyManager - Class in co.cask.cdap.security.auth

Abstract base class for KeyManager implementations that store all secret keys in an in-memory Map.

MapBackedKeyManager(CConfiguration) - Constructor for class co.cask.cdap.security.auth.MapBackedKeyManager

MasterAuthenticationContext - Class in co.cask.cdap.security.auth.context

An AuthenticationContext for HTTP requests in the Master.

MasterAuthenticationContext() - Constructor for class co.cask.cdap.security.auth.context.MasterAuthenticationContext

N

NAMED_EXTERNAL_AUTH - Static variable in class co.cask.cdap.security.server.ExternalAuthenticationServer

O

onError(String, Throwable) - Method in class co.cask.cdap.security.auth.DistributedKeyManager

onError(String, Throwable) - Method in class co.cask.cdap.security.zookeeper.BaseResourceListener

onError(String, Throwable) - Method in interface co.cask.cdap.security.zookeeper.ResourceListener

Invoked when an error occurs in one of the resource operations.

onResourceDelete(String) - Method in class co.cask.cdap.security.auth.DistributedKeyManager

onResourceDelete(String) - Method in class co.cask.cdap.security.zookeeper.BaseResourceListener

onResourceDelete(String) - Method in interface co.cask.cdap.security.zookeeper.ResourceListener

Invoked when a resource is removed from the shared cache.

onResourceUpdate(String, KeyIdentifier) - Method in class co.cask.cdap.security.auth.DistributedKeyManager

onResourceUpdate(String, T) - Method in class co.cask.cdap.security.zookeeper.BaseResourceListener

onResourceUpdate(String, T) - Method in interface co.cask.cdap.security.zookeeper.ResourceListener

Invoked on an update to an individual resource.

onUpdate() - Method in class co.cask.cdap.security.auth.DistributedKeyManager

onUpdate() - Method in class co.cask.cdap.security.zookeeper.BaseResourceListener

onUpdate() - Method in interface co.cask.cdap.security.zookeeper.ResourceListener

Invoked when the entire set of cached resources has changed.

P

PRIVILEGES_FETCHER_PROXY - Static variable in class co.cask.cdap.security.authorization.AuthorizationEnforcementModule

PRIVILEGES_FETCHER_PROXY_CACHE - Static variable in class co.cask.cdap.security.authorization.AuthorizationEnforcementModule

PrivilegesFetcherProxyService - Interface in co.cask.cdap.security.authorization

A service that runs inside a system service to act as a proxy for requests to list privileges from system services (explore, stream service) or program containers.

ProgramContainerAuthenticationContext - Class in co.cask.cdap.security.auth.context

An AuthenticationContext for use in program containers.

ProgramContainerAuthenticationContext() - Constructor for class co.cask.cdap.security.auth.context.ProgramContainerAuthenticationContext

put(String, T) - Method in class co.cask.cdap.security.zookeeper.SharedResourceCache

putAll(Map<? extends String, ? extends T>) - Method in class co.cask.cdap.security.zookeeper.SharedResourceCache

putSecureData(String, String, String, String, Map<String, String>) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

putSecureData(String, String, String, String, Map<String, String>) - Method in class co.cask.cdap.security.store.DefaultSecureStoreService

Puts the user provided data in the secure store, if the user has write access to the namespace.

putSecureData(String, String, String, String, Map<String, String>) - Method in class co.cask.cdap.security.store.DummySecureStore

putSecureData(String, String, String, String, Map<String, String>) - Method in class co.cask.cdap.security.store.FileSecureStore

Stores an element in the secure store.

R

realmName - Variable in class co.cask.cdap.security.server.JAASLoginService

releaseDataset(Dataset) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

RemotePrivilegesManager - Class in co.cask.cdap.security.authorization

Class that modifies privileges on entities by making HTTP Requests to the Master.

remove(Object) - Method in class co.cask.cdap.security.zookeeper.SharedResourceCache

Removes a resource from the shared cache.

removeListener(ResourceListener<T>) - Method in class co.cask.cdap.security.zookeeper.SharedResourceCache

Removes a previously registered listener from further notifications.

ResourceListener<T> - Interface in co.cask.cdap.security.zookeeper

Allows a client to receive notifications when the resources managed by SharedResourceCache are updated.

revoke(EntityId, Principal, Set<Action>) - Method in class co.cask.cdap.security.authorization.AuthorizerAsPrivilegesManager

revoke(EntityId) - Method in class co.cask.cdap.security.authorization.AuthorizerAsPrivilegesManager

revoke(EntityId, Principal, Set<Action>) - Method in class co.cask.cdap.security.authorization.DefaultPrivilegesManager

revoke(EntityId) - Method in class co.cask.cdap.security.authorization.DefaultPrivilegesManager

revoke(EntityId, Principal, Set<Action>) - Method in class co.cask.cdap.security.authorization.RemotePrivilegesManager

revoke(EntityId) - Method in class co.cask.cdap.security.authorization.RemotePrivilegesManager

roleClassNames - Variable in class co.cask.cdap.security.server.JAASLoginService

run() - Method in class co.cask.cdap.security.authorization.AuthorizationBootstrapper

runOneIteration() - Method in class co.cask.cdap.security.authorization.AbstractAuthorizationService

S

scheduler() - Method in class co.cask.cdap.security.authorization.AbstractAuthorizationService

SecureStoreModules - Class in co.cask.cdap.security.guice

Guice bindings for security store related classes.

SecureStoreModules() - Constructor for class co.cask.cdap.security.guice.SecureStoreModules

SecureStoreUtils - Class in co.cask.cdap.security.store

Utility class for secure store.

SecureStoreUtils() - Constructor for class co.cask.cdap.security.store.SecureStoreUtils

securityEnabled - Variable in class co.cask.cdap.security.authorization.AbstractAuthorizationService

SecurityModule - Class in co.cask.cdap.security.guice

Guice bindings for security related classes.

SecurityModule() - Constructor for class co.cask.cdap.security.guice.SecurityModule

SecurityModules - Class in co.cask.cdap.security.guice

Security guice modules

SecurityModules() - Constructor for class co.cask.cdap.security.guice.SecurityModules

setCallbackHandlerClass(String) - Method in class co.cask.cdap.security.server.JAASLoginService

setConfiguration(Configuration) - Method in class co.cask.cdap.security.server.JAASLoginService

setIdentityService(IdentityService) - Method in class co.cask.cdap.security.server.JAASLoginService

Set the identityService.

setLoginModuleName(String) - Method in class co.cask.cdap.security.server.JAASLoginService

Set the name to use to index into the config file of LoginModules.

setName(String) - Method in class co.cask.cdap.security.server.JAASLoginService

Set the name of the realm

setRoleClassNames(String[]) - Method in class co.cask.cdap.security.server.JAASLoginService

SharedResourceCache<T> - Class in co.cask.cdap.security.zookeeper

ZooKeeper recipe to propagate changes to a shared cache across a number of listeners.

SharedResourceCache(ZKClient, Codec<T>, String, List<ACL>) - Constructor for class co.cask.cdap.security.zookeeper.SharedResourceCache

shutDown() - Method in class co.cask.cdap.security.auth.AccessTokenValidator

shutDown() - Method in class co.cask.cdap.security.auth.DistributedKeyManager

shutDown() - Method in class co.cask.cdap.security.auth.FileBasedKeyManager

shutDown() - Method in class co.cask.cdap.security.auth.InMemoryKeyManager

shutDown() - Method in class co.cask.cdap.security.auth.TokenManager

shutDown() - Method in class co.cask.cdap.security.authorization.AbstractAuthorizationService

shutDown() - Method in class co.cask.cdap.security.server.ExternalAuthenticationServer

Signed<T> - Interface in co.cask.cdap.security.auth

Represents a message signed by a secret key.

signIdentifier(AccessTokenIdentifier) - Method in class co.cask.cdap.security.auth.TokenManager

Generates a signature for the given token value, using the currently active secret key.

size() - Method in class co.cask.cdap.security.zookeeper.SharedResourceCache

SSLHandlerFactory - Class in co.cask.cdap.security.tools

A class that encapsulates SSL Certificate Information

SSLHandlerFactory(File, String, String, String) - Constructor for class co.cask.cdap.security.tools.SSLHandlerFactory

start() - Method in class co.cask.cdap.security.runtime.AuthenticationServerMain

startUp() - Method in class co.cask.cdap.security.auth.AbstractKeyManager

startUp() - Method in class co.cask.cdap.security.auth.AccessTokenValidator

startUp() - Method in class co.cask.cdap.security.auth.TokenManager

startUp() - Method in class co.cask.cdap.security.authorization.AbstractAuthorizationService

startUp() - Method in class co.cask.cdap.security.server.ExternalAuthenticationServer

StatusRequestHandler - Class in co.cask.cdap.security.server

Handles status requests for authentication server

StatusRequestHandler() - Constructor for class co.cask.cdap.security.server.StatusRequestHandler

stop() - Method in class co.cask.cdap.security.runtime.AuthenticationServerMain

T

threadLocalMac - Variable in class co.cask.cdap.security.auth.AbstractKeyManager

token(HttpServletRequest, HttpServletResponse) - Method in class co.cask.cdap.security.server.GrantAccessToken

Get an AccessToken.

TOKEN_TYPE - Static variable in class co.cask.cdap.security.server.ExternalAuthenticationServer.ResponseFields

TOKEN_TYPE_BODY - Static variable in class co.cask.cdap.security.server.ExternalAuthenticationServer.ResponseFields

TokenManager - Class in co.cask.cdap.security.auth

Provides a simple interface to generate and validate AccessTokens.

TokenManager(KeyManager, Codec<AccessTokenIdentifier>) - Constructor for class co.cask.cdap.security.auth.TokenManager

TokenState - Enum in co.cask.cdap.security.auth

Different states attained after validating the token MISSING - the access token is missing in the request INVALID - the token digest did not match the expected value EXPIRED - the token is past the expiration timestamp INTERNAL - another error occurred in processing (represented by the exception "cause") VALID - the token is valid

TokenValidator - Interface in co.cask.cdap.security.auth

Interface TokenValidator to validate the access token.

toString() - Method in class co.cask.cdap.security.auth.AccessToken

toString() - Method in class co.cask.cdap.security.auth.AccessTokenIdentifier

toString() - Method in class co.cask.cdap.security.auth.AccessTokenTransformer.AccessTokenIdentifierPair

toString() - Method in class co.cask.cdap.security.auth.KeyIdentifier

toString() - Method in enum co.cask.cdap.security.auth.TokenState

toString() - Method in class co.cask.cdap.security.server.JAASUserPrincipal

transform(String) - Method in class co.cask.cdap.security.auth.AccessTokenTransformer

truncateDataset(String) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

U

updateDataset(String, DatasetProperties) - Method in class co.cask.cdap.security.authorization.DefaultAuthorizationContext

V

validate(String) - Method in class co.cask.cdap.security.auth.AccessTokenValidator

validate(String) - Method in interface co.cask.cdap.security.auth.TokenValidator

Validates the access token and returns the TokenState describing the cause to be in this state

validate(UserIdentity) - Method in class co.cask.cdap.security.server.JAASLoginService

validateMAC(Codec<T>, Signed<T>) - Method in class co.cask.cdap.security.auth.AbstractKeyManager

validateMAC(Codec<T>, Signed<T>) - Method in interface co.cask.cdap.security.auth.KeyManager

Recomputes the digest for the given message and verifies that it matches the provided value.

validateSecret(AccessToken) - Method in class co.cask.cdap.security.auth.TokenManager

Given an AccessToken instance, checks that the token has not yet expired and that the digest matches the expected value.

valueOf(String) - Static method in enum co.cask.cdap.security.auth.TokenState

Returns the enum constant of this type with the specified name.

values() - Static method in enum co.cask.cdap.security.auth.TokenState

Returns an array containing the constants of this enum type, in the order they are declared.

A B C D E F G H I J K L M N O P R S T U V