com.tangosol.net.security

Class DefaultController

java.lang.Object

com.tangosol.util.Base

com.tangosol.net.security.DefaultController

All Implemented Interfaces:

AccessController

public final class DefaultController
extends Base
implements AccessController

The default implementation of the AccessController interface.

Note: The DefaultController requires only a read access to the keystore file, and does not check the integrity of the keystore. The modifications to the keystore at a file system level as well as by the keystore tool (which requires a keystore password) must be controlled by external means (OS user management, ACL, etc.)

Since:

Coherence 2.5

Author:

gg 2004.06.02

Nested Class Summary

Nested classes/interfaces inherited from class com.tangosol.util.Base

Base.LoggingWriter, Base.StackFrame

Field Summary

Fields

Modifier and Type	Field and Description
static String	KEYSTORE_TYPE KeyStore type used by this implementation.
static String	PROPERTY_CONFIG The name of the system property that can be used to override the location of the DefaultController configuration file.
static String	SIGNATURE_ALGORITHM Digital signature algorithm used by this implementation.
static Signature	SIGNATURE_ENGINE The Signature object used by this implementation.

Fields inherited from class com.tangosol.util.Base

LOG_ALWAYS, LOG_DEBUG, LOG_ERR, LOG_INFO, LOG_MAX, LOG_MIN, LOG_QUIET, LOG_WARN, POWER_0, POWER_G, POWER_K, POWER_M, POWER_T, UNIT_D, UNIT_H, UNIT_M, UNIT_MS, UNIT_NS, UNIT_S, UNIT_US

Constructor Summary

Constructors

Constructor and Description
DefaultController(File fileKeyStore, File filePermits) Construct DefaultController for the specified key store file and permissions description (XML) file.
DefaultController(File fileKeyStore, File filePermits, boolean fAudit) Construct DefaultController for the specified key store file, permissions description (XML) file and the audit flag.
DefaultController(File fileKeyStore, File filePermits, boolean fAudit, PasswordProvider pwdProvider) Construct DefaultController for the specified key store file, permissions description (XML) file, the audit flag, and key store password provider.
DefaultController(File fileKeyStore, File filePermits, boolean fAudit, String sPwd) Construct DefaultController for the specified key store file, permissions description (XML) file, the audit flag, and key store password.

Method Summary

Modifier and Type	Method and Description
void	checkPermission(ClusterPermission permission, Subject subject) Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor).
protected Object	decrypt(SignedObject so, PublicKey keyPublic) Decrypt the specified SignedObject using the specified public key.
Object	decrypt(SignedObject so, Subject subjEncryptor, Subject subjDecryptor) Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually associated with the current thread.
SignedObject	encrypt(Object o, Subject subjEncryptor) Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually associated with the current thread.
protected SignedObject	encrypt(Serializable o, PrivateKey keyPrivate) Encrypt the specified object using the specified private key.
protected boolean	equalsMostly(Subject subject1, Subject subject2) Check whether the specified Subject objects have the same set of principals and public credentials.
protected Set	extractCertificates(Set setPubCreds) Extract a set of Certificate objects from the set of public credentials.
protected Set	extractPublicKeys(Set setPubCreds) Extract a set of PublicKeys from the set of public credentials.
protected Set	findPublicKeys(Subject subject) Find a set of public keys for the specified Subject.
protected Permissions	getClusterPermissions(Principal principal) Obtain the permissions for the specified principal.
XmlElement	getPermissionsConfig() Obtain the permission configuration descriptor.
protected void	logPermissionRequest(ClusterPermission permission, Subject subject, boolean fAllowed) Log the authorization request.
static void	main(String[] asArg) Standalone permission check utility.

Methods inherited from class com.tangosol.util.Base

azzert, azzert, azzert, azzertFailed, breakLines, breakLines, capitalize, checkNotEmpty, checkNotNull, checkRange, computeSafeWaitTime, decimalValue, dup, dup, ensureBigDecimal, ensureClassLoader, ensureRuntimeException, ensureRuntimeException, equals, equalsDeep, err, err, err, err, err, escape, formatDateTime, getCallerStackFrame, getCommonMonitor, getCommonMonitor, getCommonMonitor, getContextClassLoader, getContextClassLoader, getDeepMessage, getErr, getLastSafeTimeMillis, getLog, getMaxDecDigits, getMaxHexDigits, getOriginalException, getOut, getRandom, getRandomBinary, getRandomBinary, getRandomString, getSafeTimeMillis, getStackFrame, getStackFrames, getStackTrace, getStackTrace, getStackTrace, getThreadFactory, getTimeZone, getUpTimeMillis, hashCode, hexValue, indentString, indentString, isDecimal, isHex, isLogEcho, isOctal, log, log, log, log, log, makeInteger, makeLong, makeThread, mergeArray, mergeBooleanArray, mergeByteArray, mergeCharArray, mergeDoubleArray, mergeFloatArray, mergeIntArray, mergeLongArray, mod, mod, octalValue, out, out, out, out, out, pad, parseBandwidth, parseBandwidth, parseDelimitedString, parseHex, parseHex, parseMemorySize, parseMemorySize, parsePercentage, parseTime, parseTime, parseTimeNanos, parseTimeNanos, printStackTrace, randomize, randomize, randomize, randomize, read, read, read, read, read, read, read, replace, setErr, setLog, setLogEcho, setOut, sleep, toBandwidthString, toBandwidthString, toCharEscape, toCrc, toCrc, toCrc, toCrc, toCrc, toDecString, toDelimitedString, toDelimitedString, toDelimitedString, toDelimitedString, toHex, toHex, toHexDump, toHexEscape, toHexEscape, toHexEscape, toHexEscape, toHexString, toMemorySizeString, toMemorySizeString, toQuotedCharEscape, toQuotedStringEscape, toSqlString, toString, toString, toStringEscape, toUnicodeEscape, trace, trace, trace, trace, trace, trace, trace, trace, trace, truncateString, truncateString, wait

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PROPERTY_CONFIG

public static final String PROPERTY_CONFIG

The name of the system property that can be used to override the location of the DefaultController configuration file.

The value of this property must be the name of a resource that contains an XML document with the structure defined in the /com/tangosol/net/security/DefaultController.xml configuration descriptor.

See Also:

Constant Field Values

KEYSTORE_TYPE

public static final String KEYSTORE_TYPE

KeyStore type used by this implementation.

See Also:

Keystore Types

SIGNATURE_ALGORITHM

public static final String SIGNATURE_ALGORITHM

Digital signature algorithm used by this implementation.

See Also:

Digital Signature Algorithms

SIGNATURE_ENGINE

public static final Signature SIGNATURE_ENGINE

The Signature object used by this implementation.

See Also:

Signature.getInstance()

Constructor Detail

DefaultController

public DefaultController(File fileKeyStore,
                         File filePermits)
                  throws IOException,
                         AccessControlException

Construct DefaultController for the specified key store file and permissions description (XML) file.

Parameters:

fileKeyStore - the key store

filePermits - the permissions file

Throws:

IOException - if an I/O error occurs

AccessControlException - if an access control error occurs

DefaultController

public DefaultController(File fileKeyStore,
                         File filePermits,
                         boolean fAudit)
                  throws IOException,
                         AccessControlException

Construct DefaultController for the specified key store file, permissions description (XML) file and the audit flag.

Parameters:

fileKeyStore - the key store

filePermits - the permissions file

fAudit - the audit flag; if true, log all the access requests

Throws:

IOException - if an I/O error occurs

AccessControlException - if an access control error occurs

DefaultController

public DefaultController(File fileKeyStore,
                         File filePermits,
                         boolean fAudit,
                         PasswordProvider pwdProvider)
                  throws IOException,
                         AccessControlException

Construct DefaultController for the specified key store file, permissions description (XML) file, the audit flag, and key store password provider.

Parameters:

fileKeyStore - the key store

filePermits - the permissions file

fAudit - the audit flag; if true, log all the access requests

pwdProvider - the key store password provider

Throws:

IOException - if an I/O error occurs

AccessControlException - if an access control error occurs

Since:

12.2.1.4.13

DefaultController

public DefaultController(File fileKeyStore,
                         File filePermits,
                         boolean fAudit,
                         String sPwd)
                  throws IOException,
                         AccessControlException

Construct DefaultController for the specified key store file, permissions description (XML) file, the audit flag, and key store password.

Parameters:

fileKeyStore - the key store

filePermits - the permissions file

fAudit - the audit flag; if true, log all the access requests

sPwd - the key store password

Throws:

IOException - if an I/O error occurs

AccessControlException - if an access control error occurs

Since:

12.2.1.4.0

Method Detail

checkPermission

public void checkPermission(ClusterPermission permission,
                            Subject subject)

Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor).

This method quietly returns if the access request is permitted, or throws a suitable AccessControlException if the specified authentication is invalid or insufficient.

Specified by:

checkPermission in interface AccessController

Parameters:

permission - the permission object that represents access to a clustered resource

subject - the Subject object representing the requestor

Throws:

AccessControlException - if the specified permission is not permitted, based on the current security policy

encrypt

public SignedObject encrypt(Object o,
                            Subject subjEncryptor)
                     throws IOException,
                            GeneralSecurityException

Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually associated with the current thread.

Specified by:

encrypt in interface AccessController

Parameters:

o - the Object to encrypt

subjEncryptor - the Subject object whose credentials are being used to do the encryption

Returns:

the SignedObject

Throws:

IOException - if an error occurs during serialization

GeneralSecurityException - if the signing fails

decrypt

public Object decrypt(SignedObject so,
                      Subject subjEncryptor,
                      Subject subjDecryptor)
               throws ClassNotFoundException,
                      IOException,
                      GeneralSecurityException

Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually associated with the current thread.

Specified by:

decrypt in interface AccessController

Parameters:

so - the SignedObject to decrypt

subjEncryptor - the Subject object whose credentials were used to do the encryption

subjDecryptor - the Subject object whose credentials might be used to do the decryption (optional)

Returns:

the decrypted Object

Throws:

ClassNotFoundException - if a necessary class cannot be found during deserialization

IOException - if an error occurs during deserialization

GeneralSecurityException - if the verification fails

getPermissionsConfig

public XmlElement getPermissionsConfig()

Obtain the permission configuration descriptor.

Returns:

the XmlElement with the "permissions" element as a root

getClusterPermissions

protected Permissions getClusterPermissions(Principal principal)

Obtain the permissions for the specified principal.

Parameters:

principal - the Principal object

Returns:

an array of Permission objects for the specified principal or null if no such principal exists

encrypt

protected SignedObject encrypt(Serializable o,
                               PrivateKey keyPrivate)
                        throws IOException,
                               GeneralSecurityException

Encrypt the specified object using the specified private key.

Parameters:

o - the Serializable object to encrypt

keyPrivate - the PrivateKey object to use for encryption

Returns:

the SignedObject

Throws:

IOException - if an I/O error occurs

GeneralSecurityException - if a security error occurs

decrypt

protected Object decrypt(SignedObject so,
                         PublicKey keyPublic)
                  throws ClassNotFoundException,
                         IOException,
                         GeneralSecurityException

Decrypt the specified SignedObject using the specified public key.

Parameters:

so - the SignedObject to decrypt

keyPublic - the PublicKey object to use for decryption

Returns:

the decrypted Object

Throws:

ClassNotFoundException - if the class of a de-serialized object could not be found

IOException - if an I/O error occurs

GeneralSecurityException - if a security error occurs

equalsMostly

protected boolean equalsMostly(Subject subject1,
                               Subject subject2)

Check whether the specified Subject objects have the same set of principals and public credentials.

Parameters:

subject1 - a subject

subject2 - the subject to be compared with subject1

Returns:

true iff the subjects have the same set of principals and public credentials

extractPublicKeys

protected Set extractPublicKeys(Set setPubCreds)

Extract a set of PublicKeys from the set of public credentials.

Parameters:

setPubCreds - set of public credentials

Returns:

a set of PublicKey objects

extractCertificates

protected Set extractCertificates(Set setPubCreds)

Extract a set of Certificate objects from the set of public credentials.

Parameters:

setPubCreds - set of public credentials

Returns:

a set of Certificate objects

findPublicKeys

protected Set findPublicKeys(Subject subject)
                      throws GeneralSecurityException

Find a set of public keys for the specified Subject.

Note: We need to prevent a security hole when a caller would construct and send the responder a Subject object with a Principal object that have a high security clearance, but provide a valid certificate representing a low security clearance Principal. To deal with this after we find the caller's certificate in the key store, the principal match must be verified.

Parameters:

subject - the Subject object

Returns:

a set of PublicKey objects

Throws:

GeneralSecurityException - if a keystore exception occurs

logPermissionRequest

protected void logPermissionRequest(ClusterPermission permission,
                                    Subject subject,
                                    boolean fAllowed)

Log the authorization request.

Parameters:

permission - the permission checked

subject - the Subject

fAllowed - the boolean indicated whether it is allowed

main

public static void main(String[] asArg)
                 throws Exception

Standalone permission check utility.

   java com.tangosol.net.security DefaultController [-<option>]* <target> <action>

 where options include:
   -keystore:<keystore path>   the path to the keystore
   -module:<name>              the login module name
   -permits:<permits path>     the path to permissions file
   -requestor:<name!password>  the requestor's name/password pair
   -responder:<name!password>  the responder's name/password pair
 

Parameters:

asArg - the command line arguments

Throws:

Exception - if there is an error