Package com.tangosol.net.security
Class Security
- java.lang.Object
- 
- com.tangosol.util.Base
- 
- com.tangosol.net.security.Security
 
 
- 
 public abstract class Security extends Base The Security class is used to associate client's identity with an action that requires access to protected clustered resources.Consider the following code example: Subject subject = Security.login(sPrincipal, acPassword); PrivilegedAction action = new PrivilegedAction() { public Object run() { return CacheFactory.getCache(sCacheName); } }; NamedCache cache = (NamedCache) Security.runAs(subject, action);The implementation of the run() method in PrivilegedAction does not have to be an immediate CacheFactory related call; it could be any sequence of code. Any calls that made within that context will be executed with the same privileges.If a call that accesses a protected clustered resource is made outside of the "runAs" scope, the AccessController will instantiate and use a CallbackHandler specified in the tangosol-coherence.xml descriptor. If it is not specified and security is enabled the resource access request will be rejected. A SecurityException is thrown if the caller does not have permission to call a particular method; the controlling permissions are instances of javax.security.auth.AuthPermission with corresponding target names such as "coherence.login" or "coherence.runAs". - Since:
- Coherence 2.5
- Author:
- gg 2004.06.02
 
- 
- 
Nested Class Summary- 
Nested classes/interfaces inherited from class com.tangosol.util.BaseBase.LoggingWriter
 
- 
 - 
Field SummaryFields Modifier and Type Field Description static booleanENABLEDIndicates if security is enabled by the operational configuration.static booleanSUBJECT_SCOPEDIndicates if subject scope is enabled by the operational configuration.
 - 
Constructor SummaryConstructors Constructor Description Security()
 - 
Method SummaryAll Methods Static Methods Concrete Methods Modifier and Type Method Description static voidcheckPermission(Cluster cluster, String sServiceName, String sCacheName, String sAction)Check if the current user has permission to perform the action against "clustered resources", such as clustered services and caches.static Subjectlogin(String sName, char[] acPassword)Perform the authentication.static Subjectlogin(CallbackHandler handler)Perform the authentication.static ObjectrunAs(Subject subject, PrivilegedAction action)Executes a privileged action on behalf of the user identity.static ObjectrunAs(Subject subject, PrivilegedExceptionAction action)Executes a privileged exception action on behalf of the user identity.- 
Methods inherited from class com.tangosol.util.Baseazzert, azzert, azzert, azzertFailed, breakLines, breakLines, capitalize, checkNotEmpty, checkNotNull, checkRange, computeSafeWaitTime, decimalValue, dup, dup, ensureBigDecimal, ensureClassLoader, ensureRuntimeException, ensureRuntimeException, equals, equalsDeep, err, err, err, err, err, escape, formatDateTime, getCallerStackFrame, getCommonMonitor, getCommonMonitor, getCommonMonitor, getContextClassLoader, getContextClassLoader, getDeepMessage, getErr, getLastSafeTimeMillis, getLog, getMaxDecDigits, getMaxHexDigits, getOriginalException, getOut, getProcessRandom, getRandom, getRandomBinary, getRandomBinary, getRandomString, getSafeTimeMillis, getStackFrame, getStackFrames, getStackTrace, getStackTrace, getStackTrace, getThreadFactory, getTimeZone, getUpTimeMillis, hashCode, hexValue, indentString, indentString, isDecimal, isHex, isLogEcho, isOctal, log, log, log, log, log, makeInteger, makeLong, makeThread, mergeArray, mergeBooleanArray, mergeByteArray, mergeCharArray, mergeDoubleArray, mergeFloatArray, mergeIntArray, mergeLongArray, mod, mod, newHashMap, newHashMap, newHashSet, newHashSet, octalValue, out, out, out, out, out, pad, parseBandwidth, parseBandwidth, parseDelimitedString, parseHex, parseHex, parseMemorySize, parseMemorySize, parsePercentage, parseTime, parseTime, parseTimeNanos, parseTimeNanos, printStackTrace, randomize, randomize, randomize, randomize, read, read, read, read, read, read, read, replace, setErr, setLog, setLogEcho, setOut, sleep, toBandwidthString, toBandwidthString, toCharEscape, toCrc, toCrc, toCrc, toCrc, toCrc, toDecString, toDelimitedString, toDelimitedString, toDelimitedString, toDelimitedString, toHex, toHex, toHexDump, toHexEscape, toHexEscape, toHexEscape, toHexEscape, toHexString, toMemorySizeString, toMemorySizeString, toQuotedCharEscape, toQuotedStringEscape, toSqlString, toString, toString, toStringEscape, toUnicodeEscape, trace, trace, trace, trace, trace, trace, trace, trace, trace, truncateString, truncateString, wait
 
- 
 
- 
- 
- 
Method Detail- 
loginpublic static Subject login(String sName, char[] acPassword) Perform the authentication. This method does nothing and returns null if Coherence security is disabled.- Parameters:
- sName- the user name to use for authentication
- acPassword- the password to use for authentication
- Returns:
- the authenticated Subject object that has associated Principals and Credentials; null if security is disabled
- Throws:
- SecurityException- if authentication fails
 
 - 
loginpublic static Subject login(CallbackHandler handler) Perform the authentication. This method does nothing and returns null if Coherence security is disabled.- Parameters:
- handler- the CallbackHandler to be used for authentication
- Returns:
- the authenticated Subject object that has associated Principals and Credentials; null if security is disabled
- Throws:
- SecurityException- if authentication fails
 
 - 
runAspublic static Object runAs(Subject subject, PrivilegedAction action) Executes a privileged action on behalf of the user identity. If Coherence security is disabled the subject parameter is ignored and this method behaves effectively as "return action.run()"- Parameters:
- subject- the identity to perform action on behalf of
- action- the privileged action to perform
- Returns:
- the result of the action
 
 - 
runAspublic static Object runAs(Subject subject, PrivilegedExceptionAction action) throws PrivilegedActionException Executes a privileged exception action on behalf of the user identity. If Coherence security is disabled the subject parameter is ignored and this method behaves effectively as "return action.run()"- Parameters:
- subject- the identity to perform action on behalf of
- action- the privileged exception action to perform
- Returns:
- the result of the action
- Throws:
- PrivilegedActionException- if the specified action's run method threw a checked exception
 
 - 
checkPermissionpublic static void checkPermission(Cluster cluster, String sServiceName, String sCacheName, String sAction) Check if the current user has permission to perform the action against "clustered resources", such as clustered services and caches.- Parameters:
- cluster- the Cluster object
- sServiceName- the name of the Service
- sCacheName- the name of the Cache
- sAction- the action to be performed (for example, "create", "destroy", "join")
- Throws:
- SecurityException- if permission is denied
 
 
- 
 
-