|
Oracle® Fusion Middleware Java API Reference for Oracle Coherence 12c (12.1.3.0.0) E47890-01 |
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface AccessController
The AccessController interface is used by the cluster services to verify whether or not a caller has sufficient rights to access protected clustered resources.
The implementing class is declared by the "security-config/access-controller" element in the tangosol-coherence.xml configuration descriptor and used to control access to protected clustered resources.
DefaultController
, Security
Method Summary | |
---|---|
void |
checkPermission(ClusterPermission permission, javax.security.auth.Subject subject) Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor). |
java.lang.Object |
decrypt(java.security.SignedObject so, javax.security.auth.Subject subjEncryptor, javax.security.auth.Subject subjDecryptor) Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually associated with the current thread. |
java.security.SignedObject |
encrypt(java.lang.Object o, javax.security.auth.Subject subjEncryptor) Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually associated with the current thread. |
Method Detail |
---|
void checkPermission(ClusterPermission permission, javax.security.auth.Subject subject)
This method quietly returns if the access request is permitted, or throws a suitable AccessControlException if the specified authentication is invalid or insufficient.
permission
- the permission object that represents access to a clustered resourcesubject
- the Subject object representing the requestorjava.security.AccessControlException
- if the specified permission is not permitted, based on the current security policyjava.security.SignedObject encrypt(java.lang.Object o, javax.security.auth.Subject subjEncryptor) throws java.io.IOException, java.security.GeneralSecurityException
o
- the Object to encryptsubjEncryptor
- the Subject object whose credentials are being used to do the encryptionjava.io.IOException
- if an error occurs during serializationjava.security.GeneralSecurityException
- if the signing failsjava.lang.Object decrypt(java.security.SignedObject so, javax.security.auth.Subject subjEncryptor, javax.security.auth.Subject subjDecryptor) throws java.lang.ClassNotFoundException, java.io.IOException, java.security.GeneralSecurityException
Note: the encryptor Subject usually represents a remote called and comes without any private credentials. Moreover, even the public credentials it provides may not be fully trusted and have to be verified as matching to the set of the encryptor's principals.
so
- the SignedObject to decryptsubjEncryptor
- the Subject object whose credentials were used to do the encryptionsubjDecryptor
- the Subject object whose credentials might be used to do the decryption; for example, in a request/response model, the decryptor for a response is the encryptor for the original requestjava.lang.ClassNotFoundException
- if a necessary class cannot be found during deserializationjava.io.IOException
- if an error occurs during deserializationjava.security.GeneralSecurityException
- if the verification fails
|
Oracle® Fusion Middleware Java API Reference for Oracle Coherence 12c (12.1.3.0.0) E47890-01 |
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |