com.tangosol.net.security

Class Security

java.lang.Object

com.tangosol.util.Base

com.tangosol.net.security.Security

public abstract class Security
extends Base

The Security class is used to associate client's identity with an action that requires access to protected clustered resources.

Consider the following code example:

    Subject subject = Security.login(sPrincipal, acPassword);
    PrivilegedAction action =
        new PrivilegedAction()
            {
            public Object run()
                {
                return CacheFactory.getCache(sCacheName);
                }
            };
    NamedCache cache = (NamedCache) Security.runAs(subject, action);
 

The implementation of the run() method in PrivilegedAction does not have to be an immediate CacheFactory related call; it could be any sequence of code. Any calls that made within that context will be executed with the same privileges.

If a call that accesses a protected clustered resource is made outside of the "runAs" scope, the AccessController will instantiate and use a CallbackHandler specified in the tangosol-coherence.xml descriptor. If it is not specified and security is enabled the resource access request will be rejected.

A SecurityException is thrown if the caller does not have permission to call a particular method; the controlling permissions are instances of javax.security.auth.AuthPermission with corresponding target names such as "coherence.login" or "coherence.runAs".

Since:

Coherence 2.5

Author:

gg 2004.06.02

Nested Class Summary

Nested classes/interfaces inherited from class com.tangosol.util.Base

Base.LoggingWriter, Base.StackFrame

Field Summary

Fields

Modifier and Type	Field and Description
static boolean	ENABLED Indicates if security is enabled by the operational configuration.
static boolean	SUBJECT_SCOPED Indicates if subject scope is enabled by the operational configuration.

Fields inherited from class com.tangosol.util.Base

LOG_ALWAYS, LOG_DEBUG, LOG_ERR, LOG_INFO, LOG_MAX, LOG_MIN, LOG_QUIET, LOG_WARN, POWER_0, POWER_G, POWER_K, POWER_M, POWER_T, UNIT_D, UNIT_H, UNIT_M, UNIT_MS, UNIT_NS, UNIT_S, UNIT_US

Constructor Summary

Constructors

Constructor and Description
Security()

Method Summary

Modifier and Type	Method and Description
static void	checkPermission(Cluster cluster, String sServiceName, String sCacheName, String sAction) Check if the current user has permission to perform the action against "clustered resources", such as clustered services and caches.
static Subject	login(CallbackHandler handler) Perform the authentication.
static Subject	login(String sName, char[] acPassword) Perform the authentication.
static Object	runAs(Subject subject, PrivilegedAction action) Executes a privileged action on behalf of the user identity.
static Object	runAs(Subject subject, PrivilegedExceptionAction action) Executes a privileged exception action on behalf of the user identity.

Methods inherited from class com.tangosol.util.Base

azzert, azzert, azzert, azzertFailed, breakLines, breakLines, capitalize, checkNotEmpty, checkNotNull, checkRange, computeSafeWaitTime, decimalValue, dup, dup, ensureBigDecimal, ensureClassLoader, ensureRuntimeException, ensureRuntimeException, equals, equalsDeep, err, err, err, err, err, escape, formatDateTime, getCallerStackFrame, getCommonMonitor, getCommonMonitor, getCommonMonitor, getContextClassLoader, getContextClassLoader, getDeepMessage, getErr, getLastSafeTimeMillis, getLog, getMaxDecDigits, getMaxHexDigits, getOriginalException, getOut, getProcessRandom, getRandom, getRandomBinary, getRandomBinary, getRandomString, getSafeTimeMillis, getStackFrame, getStackFrames, getStackTrace, getStackTrace, getThreadFactory, getTimeZone, getUpTimeMillis, hashCode, hexValue, indentString, indentString, isDecimal, isHex, isLogEcho, isOctal, log, log, log, log, log, makeInteger, makeLong, makeThread, mod, mod, octalValue, out, out, out, out, out, pad, parseBandwidth, parseBandwidth, parseDelimitedString, parseHex, parseHex, parseMemorySize, parseMemorySize, parsePercentage, parseTime, parseTime, parseTimeNanos, parseTimeNanos, printStackTrace, randomize, randomize, randomize, randomize, read, read, read, read, read, read, read, replace, setErr, setLog, setLogEcho, setOut, sleep, toBandwidthString, toBandwidthString, toCharEscape, toCrc, toCrc, toCrc, toCrc, toCrc, toDecString, toDelimitedString, toDelimitedString, toDelimitedString, toDelimitedString, toHex, toHex, toHexDump, toHexEscape, toHexEscape, toHexEscape, toHexEscape, toHexString, toMemorySizeString, toMemorySizeString, toQuotedCharEscape, toQuotedStringEscape, toSqlString, toString, toString, toStringEscape, toUnicodeEscape, trace, trace, trace, trace, trace, trace, trace, trace, trace, truncateString, truncateString, wait

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ENABLED

public static final boolean ENABLED

Indicates if security is enabled by the operational configuration.

SUBJECT_SCOPED

public static final boolean SUBJECT_SCOPED

Indicates if subject scope is enabled by the operational configuration.

Constructor Detail

Security

public Security()

Method Detail

login

public static Subject login(String sName,
                            char[] acPassword)

Perform the authentication. This method does nothing and returns null if Coherence security is disabled.

Parameters:

sName - the user name to use for authentication

acPassword - the password to use for authentication

Returns:

the authenticated Subject object that has associated Principals and Credentials; null if security is disabled

Throws:

SecurityException - if authentication fails

login

public static Subject login(CallbackHandler handler)

Perform the authentication. This method does nothing and returns null if Coherence security is disabled.

Parameters:

handler - the CallbackHandler to be used for authentication

Returns:

the authenticated Subject object that has associated Principals and Credentials; null if security is disabled

Throws:

SecurityException - if authentication fails

runAs

public static Object runAs(Subject subject,
                           PrivilegedAction action)

Executes a privileged action on behalf of the user identity. If Coherence security is disabled the subject parameter is ignored and this method behaves effectively as "return action.run()"

Parameters:

subject - the identity to perform action on behalf of

action - the privileged action to perform

Returns:

the result of the action

runAs

public static Object runAs(Subject subject,
                           PrivilegedExceptionAction action)
                    throws PrivilegedActionException

Executes a privileged exception action on behalf of the user identity. If Coherence security is disabled the subject parameter is ignored and this method behaves effectively as "return action.run()"

Parameters:

subject - the identity to perform action on behalf of

action - the privileged exception action to perform

Returns:

the result of the action

Throws:

PrivilegedActionException - if the specified action's run method threw a checked exception

checkPermission

public static void checkPermission(Cluster cluster,
                                   String sServiceName,
                                   String sCacheName,
                                   String sAction)

Check if the current user has permission to perform the action against "clustered resources", such as clustered services and caches.

Parameters:

cluster - the Cluster object

sServiceName - the name of the Service

sCacheName - the name of the Cache

sAction - the action to be performed (for example, "create", "destroy", "join")

Throws:

SecurityException - if permission is denied