Package org.yamcs.security
package org.yamcs.security
-
ClassDescriptionBase class for an
AuthModule
that identifies users based on an incoming HTTP request.Data holder for passing anHttpRequest
to a login call.AUser
or anServiceAccount
Identifies logins based on an API key, this should be used only for calling programs.Credentials for identifying as an application, for example the singleton application that represents a service account.Thrown when anAuthModule
failed to perform the authentication process (backend not available, password does not match, ...).Data holder for information related to a verified authentication attempt.Tag interface that represent any kind of token submitted during login for identifying an application or user.Interface implemented by the Authentication and Authorization modules.Thrown when anAuthModule
failed to perform the authorization process.Collection of roles, system and/or object privileges.Stores user, group and application information in the Yamcs database.Identifies users and service accounts based on authentication information stored in the YamcsDirectory
.Stores users and groups in the Yamcs DB.A group is way to manage a set of users.An AuthModule that enforces a login of one fixed user account, where the remote IP address must match one of the configured IP address rules.Wrapper around the (weird) JAAS configuration API.Does password-based login against a Kerberos host.An object privilege is the right to perform a particular action on an object.Type qualifier for grouping object privileges.Identifies a user at the Open ID Provider.Identifies a user at the Open ID Provider.AuthModule that identifies users against an external identity provider compliant with OpenID Connect (OIDC).AuthModule that identifies users based on an HTTP header property.Collection of system and object privileges.Responsible for Identity and Access Management (IAM).Represents an non-human service or application registered with Yamcs.Implementation-agnostic session store.An AuthModule that enforces a login of one fixed user accountImplements SPNEGO authentication against an external Kerberos host.A system privilege is the right to perform a particular action or to perform an action on any object of a particular type.SpecialAuthenticationInfo
that can be used byAuthModule
s to identify some access as the System user.Represents a token (or 'authorization_code' in oauth terms) issued by an external identity server.A user contains identifying information and a convenient set of methods to perform access control.A password-based token, usually associated with BASIC AUTH requests (convenient through curl)Covers a user session.