Package com.tangosol.net.security

Class DefaultController

  • All Implemented Interfaces:
    AccessController
    public final class DefaultController
extends Base
implements AccessController
    The default implementation of the AccessController interface.

    Note: The DefaultController requires only a read access to the keystore file, and does not check the integrity of the keystore. The modifications to the keystore at a file system level as well as by the keystore tool (which requires a keystore password) must be controlled by external means (OS user management, ACL, etc.)

    Since:
    Coherence 2.5
    Author:
    gg 2004.06.02

    • Field Detail

      • PROPERTY_CONFIG

        public static final String PROPERTY_CONFIG
        The name of the system property that can be used to override the location of the DefaultController configuration file.

        The value of this property must be the name of a resource that contains an XML document with the structure defined in the /com/tangosol/net/security/DefaultController.xml configuration descriptor.

        See Also:
        Constant Field Values

      • KEYSTORE_TYPE

        public static final String KEYSTORE_TYPE
        KeyStore type used by this implementation.
        See Also:
        Keystore Types

    • Constructor Detail

      • DefaultController

        public DefaultController​(File fileKeyStore,
                         File filePermits)
                  throws IOException,
                         AccessControlException
        Construct DefaultController for the specified key store file and permissions description (XML) file.
        Parameters:
        fileKeyStore - the key store
        filePermits - the permissions file
        Throws:
        IOException - if an I/O error occurs
        AccessControlException - if an access control error occurs

      • DefaultController

        public DefaultController​(File fileKeyStore,
                         File filePermits,
                         boolean fAudit)
                  throws IOException,
                         AccessControlException
        Construct DefaultController for the specified key store file, permissions description (XML) file and the audit flag.
        Parameters:
        fileKeyStore - the key store
        filePermits - the permissions file
        fAudit - the audit flag; if true, log all the access requests
        Throws:
        IOException - if an I/O error occurs
        AccessControlException - if an access control error occurs

      • DefaultController

        public DefaultController​(File fileKeyStore,
                         File filePermits,
                         boolean fAudit,
                         PasswordProvider pwdProvider)
                  throws IOException,
                         AccessControlException
        Construct DefaultController for the specified key store file, permissions description (XML) file, the audit flag, and key store password provider.
        Parameters:
        fileKeyStore - the key store
        filePermits - the permissions file
        fAudit - the audit flag; if true, log all the access requests
        pwdProvider - the key store password provider
        Throws:
        IOException - if an I/O error occurs
        AccessControlException - if an access control error occurs
        Since:
        12.2.1.4.13

      • DefaultController

        public DefaultController​(File fileKeyStore,
                         File filePermits,
                         boolean fAudit,
                         String sPwd)
                  throws IOException,
                         AccessControlException
        Construct DefaultController for the specified key store file, permissions description (XML) file, the audit flag, and key store password.
        Parameters:
        fileKeyStore - the key store
        filePermits - the permissions file
        fAudit - the audit flag; if true, log all the access requests
        sPwd - the key store password
        Throws:
        IOException - if an I/O error occurs
        AccessControlException - if an access control error occurs
        Since:
        12.2.1.4.0

    • Method Detail

      • checkPermission

        public void checkPermission​(ClusterPermission permission,
                            Subject subject)
        Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor).

        This method quietly returns if the access request is permitted, or throws a suitable AccessControlException if the specified authentication is invalid or insufficient.

        Specified by:
        checkPermission in interface AccessController
        Parameters:
        permission - the permission object that represents access to a clustered resource
        subject - the Subject object representing the requestor
        Throws:
        AccessControlException - if the specified permission is not permitted, based on the current security policy

      • decrypt

        public Object decrypt​(SignedObject so,
                      Subject subjEncryptor,
                      Subject subjDecryptor)
               throws ClassNotFoundException,
                      IOException,
                      GeneralSecurityException
        Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually associated with the current thread.
        Specified by:
        decrypt in interface AccessController
        Parameters:
        so - the SignedObject to decrypt
        subjEncryptor - the Subject object whose credentials were used to do the encryption
        subjDecryptor - the Subject object whose credentials might be used to do the decryption (optional)
        Returns:
        the decrypted Object
        Throws:
        ClassNotFoundException - if a necessary class cannot be found during deserialization
        IOException - if an error occurs during deserialization
        GeneralSecurityException - if the verification fails

      • getPermissionsConfig

        public XmlElement getPermissionsConfig()
        Obtain the permission configuration descriptor.
        Returns:
        the XmlElement with the "permissions" element as a root

      • getClusterPermissions

        protected Permissions getClusterPermissions​(Principal principal)
        Obtain the permissions for the specified principal.
        Parameters:
        principal - the Principal object
        Returns:
        an array of Permission objects for the specified principal or null if no such principal exists

      • equalsMostly

        protected boolean equalsMostly​(Subject subject1,
                               Subject subject2)
        Check whether the specified Subject objects have the same set of principals and public credentials.
        Parameters:
        subject1 - a subject
        subject2 - the subject to be compared with subject1
        Returns:
        true iff the subjects have the same set of principals and public credentials

      • extractPublicKeys

        protected Set extractPublicKeys​(Set setPubCreds)
        Extract a set of PublicKeys from the set of public credentials.
        Parameters:
        setPubCreds - set of public credentials
        Returns:
        a set of PublicKey objects

      • extractCertificates

        protected Set extractCertificates​(Set setPubCreds)
        Extract a set of Certificate objects from the set of public credentials.
        Parameters:
        setPubCreds - set of public credentials
        Returns:
        a set of Certificate objects

      • findPublicKeys

        protected Set findPublicKeys​(Subject subject)
                      throws GeneralSecurityException
        Find a set of public keys for the specified Subject.

        Note: We need to prevent a security hole when a caller would construct and send the responder a Subject object with a Principal object that have a high security clearance, but provide a valid certificate representing a low security clearance Principal. To deal with this after we find the caller's certificate in the key store, the principal match must be verified.

        Parameters:
        subject - the Subject object
        Returns:
        a set of PublicKey objects
        Throws:
        GeneralSecurityException - if a keystore exception occurs

      • logPermissionRequest

        protected void logPermissionRequest​(ClusterPermission permission,
                                    Subject subject,
                                    boolean fAllowed)
        Log the authorization request.
        Parameters:
        permission - the permission checked
        subject - the Subject
        fAllowed - the boolean indicated whether it is allowed

      • main

        public static void main​(String[] asArg)
                 throws Exception
        Standalone permission check utility. 
           java com.tangosol.net.security DefaultController [-<option>]* <target> <action>

 where options include:
   -keystore:<keystore path>   the path to the keystore
   -module:<name>              the login module name
   -permits:<permits path>     the path to permissions file
   -requestor:<name!password>  the requestor's name/password pair
   -responder:<name!password>  the responder's name/password pair
        Parameters:
        asArg - the command line arguments
        Throws:
        Exception - if there is an error