Package com.inductiveautomation.ignition.gateway.gan.security

Annotation Interface SecuredEntity

@Inherited @Retention(RUNTIME) public @interface SecuredEntity
The SecuredEntity annotation can be used on gateway network service objects (services, service methods, intents) to secure access in a way that plays into the generic security configuration system in the gateway. All registered service objects are scanned for annotations. Anything with this annotation defined will be registered with the gateway security manager, and will be made configurable though the Security section of the gateway.

This system provides a great deal of functionality. If nothing else is specified, the user will be able to Allow or Deny access to the class, method, or intent that this is applied to.

If this annotation provides a configPropDescriptionFactory, that will be used to build a UI based on DescriptiveProperties for options that can be set for the particular Identity. Then, when a call is made from that identity, the user configured settings will be built into a map, and included in the SecurityContext of the call. If a configFactory is specified, that will be used to build a configuration object instead of a simple map. This can be very convenient for the service implementation, because it can do things like call "myCustomObject.verifyAccess(...call specific parameters...)", instead of having to implement the logic itself. This allows better reuse of security code across different method calls.

  • Field Details

  • Element Details

    • id

      String id
      An id that is used to link this annotated object to its configuration. Usually is unique throughout the system, though entities that share the same id will share the same settings. However, only one instance of the config is used, so the best practice is to define the SecuredEntity on a marker interface, and then have all of the objects implement it, so that there is only a single actual definition. Is not displayed, so may be a UUID or other non-friendly string.

    • nameKey

      String nameKey
      Bundle key for the name of this restriction. If not specified, a name will automatically be generated.
      Default:
      ""

    • descKey

      String descKey
      Bundle key for a description of this restriction. If not specified, no description will be shown.
      Default:
      ""

    • configPropDescriptionFactory

      Class<? extends SecuredEntity.ConfigPropDescriptionFactory> configPropDescriptionFactory
      If this entity has config properties that can be set, this class generates the description of them.
      Default:
      com.inductiveautomation.ignition.gateway.gan.security.SecuredEntity.DefaultConfigPropDescriptionFactory.class

    • configFactory

      Class<? extends SecuredEntity.ConfigFactory> configFactory
      If specified, this factory will be used to create a configuration object out of the defined properties that will be set on the security context. If not specified, the configured properties will be set on the SecurityContext as a map.
      Default:
      com.inductiveautomation.ignition.gateway.gan.security.SecuredEntity.DefaultConfigFactory.class

    • defaultAccessLevel

      SecuredEntity.AccessLevel defaultAccessLevel
      Defines the default access level for the entity, which can be overridden in the security settings.
      Default:
      Allow