Package org.yamcs.security

Class SecurityStore

java.lang.Object

org.yamcs.security.SecurityStore

public class SecurityStore
extends Object

Responsible for Identity and Access Management (IAM).

Some security properties can be tweaked in security.yaml

Constructor Summary

Constructors

Constructor	Description
SecurityStore()

Method Summary

Modifier and Type	Method	Description
void	addObjectPrivilegeType(ObjectPrivilegeType privilegeType)
void	addSystemPrivilege(SystemPrivilege privilege)
String	generateApiKey(String username)
int	getAccessTokenLifespan()	Returns the lifespan of access tokens (in milliseconds)
<T extends AuthModule> T	getAuthModule(Class<T> clazz)
List<AuthModule>	getAuthModules()
Directory	getDirectory()
User	getGuestUser()
Set<ObjectPrivilegeType>	getObjectPrivilegeTypes()
SessionManager	getSessionManager()
Set<SystemPrivilege>	getSystemPrivileges()
User	getSystemUser()	Returns the system user.
User	getUserFromCache(String username)
String	getUsernameForApiKey(String apiKey)
boolean	isEnabled()	Returns true if security features are activated.
CompletableFuture<AuthenticationInfo>	login(AuthenticationToken token)	Performs the login process.
void	removeApiKey(String apiKey)
boolean	verifyValidity(AuthenticationInfo authenticationInfo)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SecurityStore

public SecurityStore()
              throws InitException

Throws:

InitException

Method Details

isEnabled

public boolean isEnabled()

Returns true if security features are activated.

addSystemPrivilege

public void addSystemPrivilege(SystemPrivilege privilege)

addObjectPrivilegeType

public void addObjectPrivilegeType(ObjectPrivilegeType privilegeType)

getDirectory

public Directory getDirectory()

getSessionManager

public SessionManager getSessionManager()

getAuthModules

public List<AuthModule> getAuthModules()

getAuthModule

public <T extends AuthModule> T getAuthModule(Class<T> clazz)

getSystemPrivileges

public Set<SystemPrivilege> getSystemPrivileges()

getObjectPrivilegeTypes

public Set<ObjectPrivilegeType> getObjectPrivilegeTypes()

getAccessTokenLifespan

public int getAccessTokenLifespan()

Returns the lifespan of access tokens (in milliseconds)

getSystemUser

public User getSystemUser()

Returns the system user. This user object is only intended for internal use when actions require a user, yet cannot be linked to an actual user. The System user is granted all privileges.

getGuestUser

public User getGuestUser()

login

public CompletableFuture<AuthenticationInfo> login(AuthenticationToken token)

Performs the login process. Depending on how Yamcs is configured, this may involve reaching out to an external identity provider. If the login attempt is successful, the associated user is imported or resynchronized in the Yamcs internal user database.

This method does not return a User object. Use getDirectory().

Returns:

a future that resolves to the AuthenticationInfo when the login was successful. This contains the username as well as any other principals or credentials specific to a custom identity provider.

getUserFromCache

public User getUserFromCache(String username)

verifyValidity

public boolean verifyValidity(AuthenticationInfo authenticationInfo)

getUsernameForApiKey

public String getUsernameForApiKey(String apiKey)

generateApiKey

public String generateApiKey(String username)

removeApiKey

public void removeApiKey(String apiKey)