Skip navigation links

com.tangosol.net.security
Class Security

java.lang.Object
com.tangosol.util.Base
com.tangosol.net.security.Security

public abstract class Security

extends Base

The Security class is used to assosiate client's identity with an action that requires access to protected clustered resources.

Consider the following code example:

    Subject subject = Security.login(sPrincipal, acPassword);
    PrivilegedAction action =
        new PrivilegedAction()
            {
            public Object run()
                {
                return CacheFactory.getCache(sCacheName);
                }
            };
    NamedCache cache = (NamedCache) Security.runAs(subject, action);
 

The implementation of the run() method in PrivilegedAction does not have to be an immediate CacheFactory related call; it could be any sequence of code. Any calls that made within that context will be excecuted with the same privileges.

If a call that accesses a protected clustered resource is made outside of the "runAs" scope, the AccessController will instantiate and use a CallbackHandler specified in the tangosol-coherence.xml descriptor. If it is not specified and security is enabled the resource access request will be rejected.

A SecurityException is thrown if the caller does not have permission to call a particular method; the controlling permissions are instances of javax.security.auth.AuthPermission with corresponding target names such as "coherence.login" or "coherence.runAs".

Since:

Coherence 2.5

Author:

gg 2004.06.02

Field Summary

static boolean	ENABLED Indicates if security is enabled by the operational configuration.
static boolean	SUBJECT_SCOPED Indicates if subject scope is enabled by the operational configuration.

Constructor Summary

Security()

Method Summary

static void	checkPermission(Cluster cluster, java.lang.String sServiceName, java.lang.String sCacheName, java.lang.String sAction) Check if the current user has permission to perform the action against "clustered resources", such as clustered services and caches.
static javax.security.auth.Subject	login(javax.security.auth.callback.CallbackHandler handler) Perform the authentication.
static javax.security.auth.Subject	login(java.lang.String sName, char[] acPassword) Perform the authentication.
static java.lang.Object	runAs(javax.security.auth.Subject subject, java.security.PrivilegedAction action) Executes a privileged action on behalf of the user identity.
static java.lang.Object	runAs(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction action) Executes a privileged exception action on behalf of the user identity.

Field Detail

ENABLED

public static final boolean ENABLED

Indicates if security is enabled by the operational configuration.

SUBJECT_SCOPED

public static final boolean SUBJECT_SCOPED

Indicates if subject scope is enabled by the operational configuration.

Constructor Detail

Security

public Security()

Method Detail

login

public static javax.security.auth.Subject login(java.lang.String sName,
                                                char[] acPassword)

Perform the authentication. This method does nothing and returns null if Coherence security is disabled.

Parameters:

sName - the user name to use for authentication

acPassword - the password to use for authentication

Returns:

the authenticated Subject object that has assosiated Principals and Credentials; null if security is disabled

Throws:

java.lang.SecurityException - if authentication fails

login

public static javax.security.auth.Subject login(javax.security.auth.callback.CallbackHandler handler)

Perform the authentication. This method does nothing and returns null if Coherence security is disabled.

Parameters:

handler - the CallbackHandler to be used for authentication

Returns:

the authenticated Subject object that has assosiated Principals and Credentials; null if security is disabled

Throws:

java.lang.SecurityException - if authentication fails

runAs

public static java.lang.Object runAs(javax.security.auth.Subject subject,
                                     java.security.PrivilegedAction action)

Executes a privileged action on behalf of the user identity. If Coherence security is disabled the subject parameter is ignored and this method behaves effectively as "return action.run()"

Parameters:

subject - the identity to perform action on behalf of

action - the privileged action to perform

runAs

public static java.lang.Object runAs(javax.security.auth.Subject subject,
                                     java.security.PrivilegedExceptionAction action)
                              throws java.security.PrivilegedActionException

Executes a privileged exception action on behalf of the user identity. If Coherence security is disabled the subject parameter is ignored and this method behaves effectively as "return action.run()"

Parameters:

subject - the identity to perform action on behalf of

action - the privileged exception action to perform

Throws:

java.security.PrivilegedActionException - if the specified action's run method threw a checked exception

checkPermission

public static void checkPermission(Cluster cluster,
                                   java.lang.String sServiceName,
                                   java.lang.String sCacheName,
                                   java.lang.String sAction)

Check if the current user has permission to perform the action against "clustered resources", such as clustered services and caches.

Parameters:

cluster - the Cluster object

sServiceName - the name of the Service

sCacheName - the name of the Cache

sAction - the action to be performed (for example, "create", "destroy", "join")

Throws:

java.lang.SecurityException - if permission is denied

Skip navigation links