Package com.tangosol.net.security
Interface AccessController
- All Known Implementing Classes:
DefaultController
public interface AccessController
The AccessController interface is used by the cluster services to verify
whether or not a caller has sufficient rights to access protected clustered
resources.
The implementing class is declared by the "security-config/access-controller" element in the tangosol-coherence.xml configuration descriptor and used to control access to protected clustered resources.
- Since:
- Coherence 2.5
- Author:
- gg 2004.05.28
- See Also:
-
Method Summary
Modifier and TypeMethodDescriptionvoid
checkPermission
(ClusterPermission permission, Subject subject) Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor).decrypt
(SignedObject so, Subject subjEncryptor, Subject subjDecryptor) Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually associated with the current thread.Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually associated with the current thread.
-
Method Details
-
checkPermission
Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor).This method quietly returns if the access request is permitted, or throws a suitable AccessControlException if the specified authentication is invalid or insufficient.
- Parameters:
permission
- the permission object that represents access to a clustered resourcesubject
- the Subject object representing the requestor- Throws:
AccessControlException
- if the specified permission is not permitted, based on the current security policy
-
encrypt
Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually associated with the current thread.- Parameters:
o
- the Object to encryptsubjEncryptor
- the Subject object whose credentials are being used to do the encryption- Returns:
- the SignedObject
- Throws:
IOException
- if an error occurs during serializationGeneralSecurityException
- if the signing fails
-
decrypt
Object decrypt(SignedObject so, Subject subjEncryptor, Subject subjDecryptor) throws ClassNotFoundException, IOException, GeneralSecurityException Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually associated with the current thread.Note: the encryptor Subject usually represents a remote called and comes without any private credentials. Moreover, even the public credentials it provides may not be fully trusted and have to be verified as matching to the set of the encryptor's principals.
- Parameters:
so
- the SignedObject to decryptsubjEncryptor
- the Subject object whose credentials were used to do the encryptionsubjDecryptor
- the Subject object whose credentials might be used to do the decryption; for example, in a request/response model, the decryptor for a response is the encryptor for the original request- Returns:
- the decrypted Object
- Throws:
ClassNotFoundException
- if a necessary class cannot be found during deserializationIOException
- if an error occurs during deserializationGeneralSecurityException
- if the verification fails
-