Package org.jgroups.protocols
Class AUTH
- java.lang.Object
-
- org.jgroups.stack.Protocol
-
- org.jgroups.protocols.AUTH
-
- All Implemented Interfaces:
Lifecycle
public class AUTH extends Protocol
The AUTH protocol adds a layer of authentication to JGroups. It intercepts join and merge requests and rejects them if the joiner or merger is not permitted to join a or merge into a cluster. AUTH should be placed right belowGMS
in the configuration.
Note that some of the AuthTokens (such as MD5Token, SimpleToken etc) cannot prevent rogue members from joining a cluster, and are thus deprecated. Read the manual for a detailed description of why.- Author:
- Chris Mills, Bela Ban
-
-
Field Summary
Fields Modifier and Type Field Description protected AuthToken
auth_token
Used on the coordinator to authentication joining member requests againstprotected boolean
authenticate_coord
protected static short
GMS_ID
-
Fields inherited from class org.jgroups.stack.Protocol
after_creation_hook, down_prot, ergonomics, id, local_addr, log, policies, stack, stats, up_prot
-
-
Constructor Summary
Constructors Constructor Description AUTH()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description void
destroy()
This method is called on aJChannel.close()
.java.lang.Object
down(Message msg)
A message is sent down the stack.java.lang.String
getAuthClass()
AuthToken
getAuthToken()
protected static GMS.GmsHeader
getGMSHeader(Message msg)
protected static JoinRsp
getJoinResponse(Message msg)
PhysicalAddress
getPhysicalAddress()
protected boolean
handleAuthHeader(GMS.GmsHeader gms_hdr, AuthHeader auth_hdr, Message msg)
Handles a GMS headervoid
init()
Called after a protocol has been created and before the protocol is started.protected boolean
needsAuthentication(Message msg, GMS.GmsHeader hdr)
protected void
sendJoinRejectionMessage(Address dest, java.lang.String error_msg)
protected void
sendMergeRejectionMessage(Address dest)
protected void
sendRejectionMessage(byte type, Address dest, java.lang.String error_msg)
void
setAuthClass(java.lang.String class_name)
AUTH
setAuthCoord(boolean authenticateCoord)
AUTH
setAuthToken(AuthToken token)
void
start()
This method is called on aJChannel.connect(String)
; starts work.void
stop()
Called on aJChannel.disconnect()
; stops work (e.g.java.lang.Object
up(Message msg)
An event was received from the layer below.void
up(MessageBatch batch)
Sends up a multiple messages in aMessageBatch
.-
Methods inherited from class org.jgroups.stack.Protocol
accept, addPolicy, addr, addr, afterCreationHook, down, down, enableStats, getAddress, getComponents, getDownProtocol, getDownServices, getId, getIdsAbove, getLevel, getLog, getName, getPolicies, getProtocolStack, getSocketFactory, getThreadFactory, getTransport, getUpProtocol, getUpServices, getValue, isErgonomics, level, parse, policies, providedDownServices, providedUpServices, removePolicy, requiredDownServices, requiredUpServices, resetStatistics, resetStats, setAddress, setDownProtocol, setErgonomics, setId, setLevel, setPolicies, setProtocolStack, setSocketFactory, setUpProtocol, setValue, statsEnabled, toString, up
-
-
-
-
Field Detail
-
GMS_ID
protected static final short GMS_ID
-
auth_token
protected AuthToken auth_token
Used on the coordinator to authentication joining member requests against
-
authenticate_coord
protected volatile boolean authenticate_coord
-
-
Method Detail
-
setAuthCoord
public AUTH setAuthCoord(boolean authenticateCoord)
-
setAuthClass
public void setAuthClass(java.lang.String class_name) throws java.lang.Exception
- Throws:
java.lang.Exception
-
getAuthClass
public java.lang.String getAuthClass()
-
getAuthToken
public AuthToken getAuthToken()
-
getPhysicalAddress
public PhysicalAddress getPhysicalAddress()
-
init
public void init() throws java.lang.Exception
Description copied from class:Protocol
Called after a protocol has been created and before the protocol is started. Attributes are already set. Other protocols are not yet connected and events cannot yet be sent.
-
start
public void start() throws java.lang.Exception
Description copied from class:Protocol
This method is called on aJChannel.connect(String)
; starts work. Protocols are connected ready to receive events. Will be called from bottom to top.- Specified by:
start
in interfaceLifecycle
- Overrides:
start
in classProtocol
- Throws:
java.lang.Exception
- Thrown if protocol cannot be started successfully. This will cause the ProtocolStack to fail, soJChannel.connect(String)
will throw an exception
-
stop
public void stop()
Description copied from class:Protocol
Called on aJChannel.disconnect()
; stops work (e.g. by closing multicast socket). Will be called from top to bottom.
-
destroy
public void destroy()
Description copied from class:Protocol
This method is called on aJChannel.close()
. Does some cleanup; after the call, the VM will terminate
-
up
public java.lang.Object up(Message msg)
An event was received from the layer below. Usually the current layer will want to examine the event type and - depending on its type - perform some computation (e.g. removing headers from a MSG event type, or updating the internal membership list when receiving a VIEW_CHANGE event). Finally the event is either a) discarded, or b) an event is sent down the stack usingdown_prot.down()
or c) the event (or another event) is sent up the stack usingup_prot.up()
.
-
up
public void up(MessageBatch batch)
Description copied from class:Protocol
Sends up a multiple messages in aMessageBatch
. The sender of the batch is always the same, and so is the destination (null == multicast messages). Messages in a batch can be OOB messages, regular messages, or mixed messages, although the transport itself will create initial MessageBatches that contain only either OOB or regular messages. The default processing below sends messages up the stack individually, based on a matching criteria (callingProtocol.accept(Message)
), and - if true - callsProtocol.up(org.jgroups.Event)
for that message and removes the message. If the batch is not empty, it is passed up, or else it is dropped. Subclasses should check if there are any messages destined for them (e.g. usingMessageBatch.iterator(Predicate)
), then possibly remove and process them and finally pass the batch up to the next protocol. Protocols can also modify messages in place, e.g. ENCRYPT could decrypt all encrypted messages in the batch, not remove them, and pass the batch up when done.
-
down
public java.lang.Object down(Message msg)
Description copied from class:Protocol
A message is sent down the stack. Protocols may examine the message and do something (e.g. add a header) with it, before passing it down.
-
needsAuthentication
protected boolean needsAuthentication(Message msg, GMS.GmsHeader hdr)
-
handleAuthHeader
protected boolean handleAuthHeader(GMS.GmsHeader gms_hdr, AuthHeader auth_hdr, Message msg)
Handles a GMS header- Returns:
- true if the message should be processed (= passed up), or else false
-
sendRejectionMessage
protected void sendRejectionMessage(byte type, Address dest, java.lang.String error_msg)
-
sendJoinRejectionMessage
protected void sendJoinRejectionMessage(Address dest, java.lang.String error_msg)
-
sendMergeRejectionMessage
protected void sendMergeRejectionMessage(Address dest)
-
getGMSHeader
protected static GMS.GmsHeader getGMSHeader(Message msg)
-
-