|
Oracle® Coherence Java API Reference Release 3.7.1.0 E22843-01 |
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object
com.tangosol.util.Base
com.tangosol.net.security.Security
public abstract class Security
The Security class is used to assosiate client's identity with an action that requires access to protected clustered resources.
Consider the following code example:
Subject subject = Security.login(sPrincipal, acPassword); PrivilegedAction action = new PrivilegedAction() { public Object run() { return CacheFactory.getCache(sCacheName); } }; NamedCache cache = (NamedCache) Security.runAs(subject, action);
The implementation of the run() method in PrivilegedAction does not have to be an immediate CacheFactory related call; it could be any sequence of code. Any calls that made within that context will be excecuted with the same privileges.
If a call that accesses a protected clustered resource is made outside of the "runAs" scope, the AccessController will instantiate and use a CallbackHandler specified in the tangosol-coherence.xml descriptor. If it is not specified and security is enabled the resource access request will be rejected.
A SecurityException is thrown if the caller does not have permission to call a particular method; the controlling permissions are instances of javax.security.auth.AuthPermission with corresponding target names such as "coherence.login" or "coherence.runAs".
Field Summary | |
---|---|
static boolean |
ENABLED Indicates if security is enabled by the operational configuration. |
static boolean |
SUBJECT_SCOPED Indicates if subject scope is enabled by the operational configuration. |
Constructor Summary | |
---|---|
Security() |
Method Summary | |
---|---|
static void |
checkPermission(Cluster cluster, java.lang.String sServiceName, java.lang.String sCacheName, java.lang.String sAction) Check if the current user has permission to perform the action against "clustered resources", such as clustered services and caches. |
static javax.security.auth.Subject |
login(javax.security.auth.callback.CallbackHandler handler) Perform the authentication. |
static javax.security.auth.Subject |
login(java.lang.String sName, char[] acPassword) Perform the authentication. |
static java.lang.Object |
runAs(javax.security.auth.Subject subject, java.security.PrivilegedAction action) Executes a privileged action on behalf of the user identity. |
static java.lang.Object |
runAs(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction action) Executes a privileged exception action on behalf of the user identity. |
Field Detail |
---|
public static final boolean ENABLED
public static final boolean SUBJECT_SCOPED
Constructor Detail |
---|
public Security()
Method Detail |
---|
public static javax.security.auth.Subject login(java.lang.String sName, char[] acPassword)
sName
- the user name to use for authenticationacPassword
- the password to use for authenticationjava.lang.SecurityException
- if authentication failspublic static javax.security.auth.Subject login(javax.security.auth.callback.CallbackHandler handler)
handler
- the CallbackHandler to be used for authenticationjava.lang.SecurityException
- if authentication failspublic static java.lang.Object runAs(javax.security.auth.Subject subject, java.security.PrivilegedAction action)
subject
- the identity to perform action on behalf ofaction
- the privileged action to performpublic static java.lang.Object runAs(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction action) throws java.security.PrivilegedActionException
subject
- the identity to perform action on behalf ofaction
- the privileged exception action to performjava.security.PrivilegedActionException
- if the specified action's run method threw a checked exceptionpublic static void checkPermission(Cluster cluster, java.lang.String sServiceName, java.lang.String sCacheName, java.lang.String sAction)
cluster
- the Cluster objectsServiceName
- the name of the ServicesCacheName
- the name of the CachesAction
- the action to be performed (for example, "create", "destroy", "join")java.lang.SecurityException
- if permission is denied
|
Oracle® Coherence Java API Reference Release 3.7.1.0 E22843-01 |
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |