Annotation Type SecuredEntity


  • @Inherited
    @Retention(RUNTIME)
    public @interface SecuredEntity
    The SecuredEntity annotation can be used on gateway network service objects (services, service methods, intents) to secure access in a way that plays into the generic security configuration system in the gateway. All registered service objects are scanned for annotations. Anything with this annotation defined will be registered with the gateway security manager, and will be made configurable though the Security section of the gateway.

    This system provides a great deal of functionality. If nothing else is specified, the user will be able to Allow or Deny access to the class, method, or intent that this is applied to.

    If this annotation provides a configPropDescriptionFactory, that will be used to build a UI based on DescriptiveProperties for options that can be set for the particular Identity. Then, when a call is made from that identity, the user configured settings will be built into a map, and included in the SecurityContext of the call. If a configFactory is specified, that will be used to build a configuration object instead of a simple map. This can be very convenient for the service implementation, because it can do things like call "myCustomObject.verifyAccess(...call specific parameters...)", instead of having to implement the logic itself. This allows better reuse of security code across different method calls.

    • Required Element Summary

      Required Elements 
      Modifier and Type Required Element Description
      java.lang.String id
      An id that is used to link this annotated object to its configuration.
      • KEY_CLASS_CONFIG

        static final java.lang.String KEY_CLASS_CONFIG
        The configuration of a security entity is stored in the Security Context under this key.
      • KEY_METHOD_CONFIG

        static final java.lang.String KEY_METHOD_CONFIG
    • Element Detail

      • id

        java.lang.String id
        An id that is used to link this annotated object to its configuration. Usually is unique throughout the system, though entities that share the same id will share the same settings. However, only one instance of the config is used, so the best practice is to define the SecuredEntity on a marker interface, and then have all of the objects implement it, so that there is only a single actual definition. Is not displayed, so may be a UUID or other non-friendly string.
      • nameKey

        java.lang.String nameKey
        Bundle key for the name of this restriction. If not specified, a name will automatically be generated.
        Default:
        ""
      • descKey

        java.lang.String descKey
        Bundle key for a description of this restriction. If not specified, no description will be shown.
        Default:
        ""
      • configPropDescriptionFactory

        java.lang.Class<? extends SecuredEntity.ConfigPropDescriptionFactory> configPropDescriptionFactory
        If this entity has config properties that can be set, this class generates the description of them.
        Default:
        com.inductiveautomation.ignition.gateway.gan.security.SecuredEntity.DefaultConfigPropDescriptionFactory.class
      • configFactory

        java.lang.Class<? extends SecuredEntity.ConfigFactory> configFactory
        If specified, this factory will be used to create a configuration object out of the defined properties that will be set on the security context. If not specified, the configured properties will be set on the SecurityContext as a map.
        Default:
        com.inductiveautomation.ignition.gateway.gan.security.SecuredEntity.DefaultConfigFactory.class
      • defaultAccessLevel

        SecuredEntity.AccessLevel defaultAccessLevel
        Defines the default access level for the entity, which can be overridden in the security settings.
        Default:
        com.inductiveautomation.ignition.gateway.gan.security.SecuredEntity.AccessLevel.Allow