Skip navigation links

Oracle® Coherence Java API Reference
Release 3.7.0.0

E18683-01


com.tangosol.net.security
Class Security

java.lang.Object
  extended by com.tangosol.util.Base
      extended by com.tangosol.net.security.Security


public abstract class Security
extends Base

The Security class is used to assosiate client's identity with an action that requires access to protected clustered resources.

Consider the following code example:

    Subject subject = Security.login(sPrincipal, acPassword);
    PrivilegedAction action =
        new PrivilegedAction()
            {
            public Object run()
                {
                return CacheFactory.getCache(sCacheName);
                }
            };
    NamedCache cache = (NamedCache) Security.runAs(subject, action);
 

The implementation of the run() method in PrivilegedAction does not have to be an immediate CacheFactory related call; it could be any sequence of code. Any calls that made within that context will be excecuted with the same privileges.

If a call that accesses a protected clustered resource is made outside of the "runAs" scope, the AccessController will instantiate and use a CallbackHandler specified in the tangosol-coherence.xml descriptor. If it is not specified and security is enabled the resource access request will be rejected.

A SecurityException is thrown if the caller does not have permission to call a particular method; the controlling permissions are instances of javax.security.auth.AuthPermission with corresponding target names such as "coherence.login" or "coherence.runAs".

Since:
Coherence 2.5
Author:
gg 2004.06.02

Field Summary
static boolean ENABLED
          Indicates if security is enabled by the operational configuration.
static boolean SUBJECT_SCOPED
          Indicates if subject scope is enabled by the operational configuration.

 

Constructor Summary
Security()
           

 

Method Summary
static void checkPermission(Cluster cluster, java.lang.String sServiceName, java.lang.String sCacheName, java.lang.String sAction)
          Check if the current user has permission to perform the action against "clustered resources", such as clustered services and caches.
static javax.security.auth.Subject login(javax.security.auth.callback.CallbackHandler handler)
          Perform the authentication.
static javax.security.auth.Subject login(java.lang.String sName, char[] acPassword)
          Perform the authentication.
static java.lang.Object runAs(javax.security.auth.Subject subject, java.security.PrivilegedAction action)
          Executes a privileged action on behalf of the user identity.
static java.lang.Object runAs(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction action)
          Executes a privileged exception action on behalf of the user identity.

 

Field Detail

ENABLED

public static final boolean ENABLED
Indicates if security is enabled by the operational configuration.

SUBJECT_SCOPED

public static final boolean SUBJECT_SCOPED
Indicates if subject scope is enabled by the operational configuration.

Constructor Detail

Security

public Security()

Method Detail

login

public static javax.security.auth.Subject login(java.lang.String sName,
                                                char[] acPassword)
Perform the authentication. This method does nothing and returns null if Coherence security is disabled.
Parameters:
sName - the user name to use for authentication
acPassword - the password to use for authentication
Returns:
the authenticated Subject object that has assosiated Principals and Credentials; null if security is disabled
Throws:
java.lang.SecurityException - if authentication fails

login

public static javax.security.auth.Subject login(javax.security.auth.callback.CallbackHandler handler)
Perform the authentication. This method does nothing and returns null if Coherence security is disabled.
Parameters:
handler - the CallbackHandler to be used for authentication
Returns:
the authenticated Subject object that has assosiated Principals and Credentials; null if security is disabled
Throws:
java.lang.SecurityException - if authentication fails

runAs

public static java.lang.Object runAs(javax.security.auth.Subject subject,
                                     java.security.PrivilegedAction action)
Executes a privileged action on behalf of the user identity. If Coherence security is disabled the subject parameter is ignored and this method behaves effectively as "return action.run()"
Parameters:
subject - the identity to perform action on behalf of
action - the privileged action to perform

runAs

public static java.lang.Object runAs(javax.security.auth.Subject subject,
                                     java.security.PrivilegedExceptionAction action)
                              throws java.security.PrivilegedActionException
Executes a privileged exception action on behalf of the user identity. If Coherence security is disabled the subject parameter is ignored and this method behaves effectively as "return action.run()"
Parameters:
subject - the identity to perform action on behalf of
action - the privileged exception action to perform
Throws:
java.security.PrivilegedActionException - if the specified action's run method threw a checked exception

checkPermission

public static void checkPermission(Cluster cluster,
                                   java.lang.String sServiceName,
                                   java.lang.String sCacheName,
                                   java.lang.String sAction)
Check if the current user has permission to perform the action against "clustered resources", such as clustered services and caches.
Parameters:
cluster - the Cluster object
sServiceName - the name of the Service
sCacheName - the name of the Cache
sAction - the action to be performed (for example, "create", "destroy", "join")
Throws:
java.lang.SecurityException - if permission is denied

Skip navigation links

Oracle® Coherence Java API Reference
Release 3.7.0.0

E18683-01


Copyright © 2000, 2011, Oracle and/or its affiliates. All rights reserved.