Package org.yamcs.security
Class SecurityStore
java.lang.Object
org.yamcs.security.SecurityStore
Responsible for Identity and Access Management (IAM).
Some security properties can be tweaked in security.yaml
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
addObjectPrivilegeType
(ObjectPrivilegeType privilegeType) void
addSystemPrivilege
(SystemPrivilege privilege) generateApiKey
(String username) int
Returns the lifespan of access tokens (in milliseconds)<T extends AuthModule>
TgetAuthModule
(Class<T> clazz) Returns the system user.getUserFromCache
(String username) getUsernameForApiKey
(String apiKey) boolean
Returns true if security features are activated.login
(AuthenticationToken token) Performs the login process.void
removeApiKey
(String apiKey) boolean
verifyValidity
(AuthenticationInfo authenticationInfo)
-
Constructor Details
-
SecurityStore
- Throws:
InitException
-
-
Method Details
-
isEnabled
public boolean isEnabled()Returns true if security features are activated. -
addSystemPrivilege
-
addObjectPrivilegeType
-
getDirectory
-
getSessionManager
-
getAuthModules
-
getAuthModule
-
getSystemPrivileges
-
getObjectPrivilegeTypes
-
getAccessTokenLifespan
public int getAccessTokenLifespan()Returns the lifespan of access tokens (in milliseconds) -
getSystemUser
Returns the system user. This user object is only intended for internal use when actions require a user, yet cannot be linked to an actual user. The System user is granted all privileges. -
getGuestUser
-
login
Performs the login process. Depending on how Yamcs is configured, this may involve reaching out to an external identity provider. If the login attempt is successful, the associated user is imported or resynchronized in the Yamcs internal user database.This method does not return a
User
object. UsegetDirectory()
.- Returns:
- a future that resolves to the
AuthenticationInfo
when the login was successful. This contains the username as well as any other principals or credentials specific to a custom identity provider.
-
getUserFromCache
-
verifyValidity
-
getUsernameForApiKey
-
generateApiKey
-
removeApiKey
-