Mercurial > hg > release > thermostat-0.5

view storage/core/src/main/java/com/redhat/thermostat/storage/core/SecureStorage.java @ 929:ccac9bcabaa0

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update copyright year of source code review-thread: http://icedtea.classpath.org/pipermail/thermostat/2013-January/005295.html reviewed-by: vanaltj
author Mario Torre <neugens.limasoftware@gmail.com>
date Wed, 23 Jan 2013 16:49:27 +0100
parents 6cd46e3563ce
children
line wrap: on
line source

/*
 * Copyright 2012, 2013 Red Hat, Inc.
 *
 * This file is part of Thermostat.
 *
 * Thermostat is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published
 * by the Free Software Foundation; either version 2, or (at your
 * option) any later version.
 *
 * Thermostat is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Thermostat; see the file COPYING.  If not see
 * <http://www.gnu.org/licenses/>.
 *
 * Linking this code with other modules is making a combined work
 * based on this code.  Thus, the terms and conditions of the GNU
 * General Public License cover the whole combination.
 *
 * As a special exception, the copyright holders of this code give
 * you permission to link this code with independent modules to
 * produce an executable, regardless of the license terms of these
 * independent modules, and to copy and distribute the resulting
 * executable under terms of your choice, provided that you also
 * meet, for each linked independent module, the terms and conditions
 * of the license of that module.  An independent module is a module
 * which is not derived from or based on this code.  If you modify
 * this code, you may extend this exception to your version of the
 * library, but you are not obligated to do so.  If you do not wish
 * to do so, delete this exception statement from your version.
 */


package com.redhat.thermostat.storage.core;

/**
 * Provides authentication service to the command channel API.
 *
 * The protocol works as follows:
 *
 * <ol>
 * <li> The client asks the SecureStorage for an authentication token using {@link #generateToken()}.
 *      This should happen over an authenticated and secured connection, thus authenticating the client
 *      in the storage. The returned AuthToken will carry a client-token (that has been generated by the
 *      client) and an auth-token (generated by the storage). If authentication fails at this stage
 *      (e.g. because the client does not have the necessary privileges/roles), a StorageException is
 *      thrown.
 * </li>
 * <li> The AuthToken (both parts, client and auth token), are sent together with the command request to
 *      the command receiver (usually an agent).
 * </li>
 * <li> The agent takes the tokens, and calls the SecureStorage's {@link #verifyToken(AuthToken)} to
 *      verify the validity of the tokens. Again, this needs to happen through an authenticated and
 *      secured connection, thus authenticating the receiver. The storage verifies that it generated
 *      the same token for an authenticated client before, and replies with true if it succeeds, and
 *      false otherwise.
 */
public interface SecureStorage {

    /**
     * Generates a token in the storage that can be used to authenticate cmd channel requests.
     *
     * @throws StorageException if authentication fails at this point
     */
    AuthToken generateToken() throws StorageException;

    /**
     * Verifies the specified token in the storage.
     * 
     * @return <code>true</code> if authentication succeeded, <code>false</code> otherwise
     */
    boolean verifyToken(AuthToken token);
}