Interface AccessController

All Known Implementing Classes:
DefaultController

public interface AccessController
The AccessController interface is used by the cluster services to verify whether or not a caller has sufficient rights to access protected clustered resources.

The implementing class is declared by the "security-config/access-controller" element in the tangosol-coherence.xml configuration descriptor and used to control access to protected clustered resources.

Since:
Coherence 2.5
Author:
gg 2004.05.28
See Also:
  • Method Summary

    Modifier and Type
    Method
    Description
    void
    Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor).
    decrypt(SignedObject so, Subject subjEncryptor, Subject subjDecryptor)
    Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually associated with the current thread.
    encrypt(Object o, Subject subjEncryptor)
    Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually associated with the current thread.
  • Method Details

    • checkPermission

      void checkPermission(ClusterPermission permission, Subject subject)
      Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor).

      This method quietly returns if the access request is permitted, or throws a suitable AccessControlException if the specified authentication is invalid or insufficient.

      Parameters:
      permission - the permission object that represents access to a clustered resource
      subject - the Subject object representing the requestor
      Throws:
      AccessControlException - if the specified permission is not permitted, based on the current security policy
    • encrypt

      SignedObject encrypt(Object o, Subject subjEncryptor) throws IOException, GeneralSecurityException
      Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually associated with the current thread.
      Parameters:
      o - the Object to encrypt
      subjEncryptor - the Subject object whose credentials are being used to do the encryption
      Returns:
      the SignedObject
      Throws:
      IOException - if an error occurs during serialization
      GeneralSecurityException - if the signing fails
    • decrypt

      Object decrypt(SignedObject so, Subject subjEncryptor, Subject subjDecryptor) throws ClassNotFoundException, IOException, GeneralSecurityException
      Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually associated with the current thread.

      Note: the encryptor Subject usually represents a remote called and comes without any private credentials. Moreover, even the public credentials it provides may not be fully trusted and have to be verified as matching to the set of the encryptor's principals.

      Parameters:
      so - the SignedObject to decrypt
      subjEncryptor - the Subject object whose credentials were used to do the encryption
      subjDecryptor - the Subject object whose credentials might be used to do the decryption; for example, in a request/response model, the decryptor for a response is the encryptor for the original request
      Returns:
      the decrypted Object
      Throws:
      ClassNotFoundException - if a necessary class cannot be found during deserialization
      IOException - if an error occurs during deserialization
      GeneralSecurityException - if the verification fails