Package org.yamcs.security

Class RemoteUserAuthModule

java.lang.Object
org.yamcs.security.AbstractHttpRequestAuthModule
org.yamcs.security.RemoteUserAuthModule
All Implemented Interfaces:
AuthModule
public class RemoteUserAuthModule extends AbstractHttpRequestAuthModule
AuthModule that identifies users based on an HTTP header property. This can be used when Yamcs is well-protected from spoofing attempts and authentication is done on a reverse proxy, like Apache or Nginx.

  • Field Details

  • Constructor Details

    • RemoteUserAuthModule

      public RemoteUserAuthModule()

  • Method Details

    • getSpec

      public Spec getSpec()
      Description copied from interface: AuthModule
      Returns the valid configuration of the input args of this AuthModule.
      Returns:
      the argument specification.

    • getHeader

      public String getHeader()

    • init

      public void init(YConfiguration args) throws InitException
      Description copied from interface: AuthModule
      Initialize this AuthModule.
      Parameters:
      args - The configured arguments for this AuthModule. If AuthModule.getSpec() is implemented then this contains the arguments after being validated (including any defaults).
      Throws:
      InitException - When something goes wrong during the execution of this method.

    • handles

      public boolean handles(io.netty.channel.ChannelHandlerContext ctx, io.netty.handler.codec.http.HttpRequest request)
      Description copied from class: AbstractHttpRequestAuthModule
      Returns true if this AuthModule is capable of handling the given HTTP request.
      Specified by:
      handles in class AbstractHttpRequestAuthModule

    • getAuthenticationInfo

      public AuthenticationInfo getAuthenticationInfo(io.netty.channel.ChannelHandlerContext ctx, io.netty.handler.codec.http.HttpRequest request) throws AuthenticationException
      Specified by:
      getAuthenticationInfo in class AbstractHttpRequestAuthModule
      Throws:
      AuthenticationException

    • getAuthorizationInfo

      public AuthorizationInfo getAuthorizationInfo(AuthenticationInfo authenticationInfo) throws AuthorizationException
      Description copied from interface: AuthModule
      Retrieve access control information based on the given AuthenticationInfo. This AuthenticationInfo may have been generated by a different AuthModule.
      Returns:
      an info object containing role/privilege information of the subject
      Throws:
      AuthorizationException

    • verifyValidity

      public boolean verifyValidity(AuthenticationInfo authenticationInfo)
      Description copied from interface: AuthModule
      Verify if previously generated authentication info is (still) valid. For example, if the authentication info references an externally issued expiring ticket, this can be validated here.

      This method is called very frequently, so implementations must take care to limit external requests.

      Parameters:
      authenticationInfo - information relevant to the authentication process
      Returns:
      true if the authentication info is valid, false otherwise