Package com.tangosol.net.security

Class DefaultController

java.lang.Object
com.tangosol.util.Base
com.tangosol.net.security.DefaultController
All Implemented Interfaces:
AccessController
public final class DefaultController extends Base implements AccessController
The default implementation of the AccessController interface.

Note: The DefaultController requires only a read access to the keystore file, and does not check the integrity of the keystore. The modifications to the keystore at a file system level as well as by the keystore tool (which requires a keystore password) must be controlled by external means (OS user management, ACL, etc.)

Since:
Coherence 2.5
Author:
gg 2004.06.02

  • Field Details

    • PROPERTY_CONFIG

      public static final String PROPERTY_CONFIG
      The name of the system property that can be used to override the location of the DefaultController configuration file.

      The value of this property must be the name of a resource that contains an XML document with the structure defined in the /com/tangosol/net/security/DefaultController.xml configuration descriptor.

      See Also:

    • KEYSTORE_TYPE

      public static final String KEYSTORE_TYPE
      KeyStore type used by this implementation.
      See Also:

    • SIGNATURE_ALGORITHM

      public static final String SIGNATURE_ALGORITHM
      Digital signature algorithm used by this implementation.
      See Also:

    • SIGNATURE_ENGINE

      public static final Signature SIGNATURE_ENGINE
      The Signature object used by this implementation.
      See Also:

  • Constructor Details

    • DefaultController

      public DefaultController(File fileKeyStore, File filePermits) throws IOException, AccessControlException
      Construct DefaultController for the specified key store file and permissions description (XML) file.
      Parameters:
      fileKeyStore - the key store
      filePermits - the permissions file
      Throws:
      IOException - if an I/O error occurs
      AccessControlException - if an access control error occurs

    • DefaultController

      public DefaultController(File fileKeyStore, File filePermits, boolean fAudit) throws IOException, AccessControlException
      Construct DefaultController for the specified key store file, permissions description (XML) file and the audit flag.
      Parameters:
      fileKeyStore - the key store
      filePermits - the permissions file
      fAudit - the audit flag; if true, log all the access requests
      Throws:
      IOException - if an I/O error occurs
      AccessControlException - if an access control error occurs

    • DefaultController

      public DefaultController(File fileKeyStore, File filePermits, boolean fAudit, PasswordProvider pwdProvider) throws IOException, AccessControlException
      Construct DefaultController for the specified key store file, permissions description (XML) file, the audit flag, and key store password provider.
      Parameters:
      fileKeyStore - the key store
      filePermits - the permissions file
      fAudit - the audit flag; if true, log all the access requests
      pwdProvider - the key store password provider
      Throws:
      IOException - if an I/O error occurs
      AccessControlException - if an access control error occurs
      Since:
      12.2.1.4.13

    • DefaultController

      public DefaultController(File fileKeyStore, File filePermits, boolean fAudit, String sPwd) throws IOException, AccessControlException
      Construct DefaultController for the specified key store file, permissions description (XML) file, the audit flag, and key store password.
      Parameters:
      fileKeyStore - the key store
      filePermits - the permissions file
      fAudit - the audit flag; if true, log all the access requests
      sPwd - the key store password
      Throws:
      IOException - if an I/O error occurs
      AccessControlException - if an access control error occurs
      Since:
      12.2.1.4.0

  • Method Details

    • checkPermission

      public void checkPermission(ClusterPermission permission, Subject subject)
      Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor).

      This method quietly returns if the access request is permitted, or throws a suitable AccessControlException if the specified authentication is invalid or insufficient.

      Specified by:
      checkPermission in interface AccessController
      Parameters:
      permission - the permission object that represents access to a clustered resource
      subject - the Subject object representing the requestor
      Throws:
      AccessControlException - if the specified permission is not permitted, based on the current security policy

    • encrypt

      public SignedObject encrypt(Object o, Subject subjEncryptor) throws IOException, GeneralSecurityException
      Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually associated with the current thread.
      Specified by:
      encrypt in interface AccessController
      Parameters:
      o - the Object to encrypt
      subjEncryptor - the Subject object whose credentials are being used to do the encryption
      Returns:
      the SignedObject
      Throws:
      IOException - if an error occurs during serialization
      GeneralSecurityException - if the signing fails

    • decrypt

      public Object decrypt(SignedObject so, Subject subjEncryptor, Subject subjDecryptor) throws ClassNotFoundException, IOException, GeneralSecurityException
      Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually associated with the current thread.
      Specified by:
      decrypt in interface AccessController
      Parameters:
      so - the SignedObject to decrypt
      subjEncryptor - the Subject object whose credentials were used to do the encryption
      subjDecryptor - the Subject object whose credentials might be used to do the decryption (optional)
      Returns:
      the decrypted Object
      Throws:
      ClassNotFoundException - if a necessary class cannot be found during deserialization
      IOException - if an error occurs during deserialization
      GeneralSecurityException - if the verification fails

    • getPermissionsConfig

      public XmlElement getPermissionsConfig()
      Obtain the permission configuration descriptor.
      Returns:
      the XmlElement with the "permissions" element as a root

    • getClusterPermissions

      protected Permissions getClusterPermissions(Principal principal)
      Obtain the permissions for the specified principal.
      Parameters:
      principal - the Principal object
      Returns:
      an array of Permission objects for the specified principal or null if no such principal exists

    • encrypt

      protected SignedObject encrypt(Serializable o, PrivateKey keyPrivate) throws IOException, GeneralSecurityException
      Encrypt the specified object using the specified private key.
      Parameters:
      o - the Serializable object to encrypt
      keyPrivate - the PrivateKey object to use for encryption
      Returns:
      the SignedObject
      Throws:
      IOException - if an I/O error occurs
      GeneralSecurityException - if a security error occurs

    • decrypt

      protected Object decrypt(SignedObject so, PublicKey keyPublic) throws ClassNotFoundException, IOException, GeneralSecurityException
      Decrypt the specified SignedObject using the specified public key.
      Parameters:
      so - the SignedObject to decrypt
      keyPublic - the PublicKey object to use for decryption
      Returns:
      the decrypted Object
      Throws:
      ClassNotFoundException - if the class of a de-serialized object could not be found
      IOException - if an I/O error occurs
      GeneralSecurityException - if a security error occurs

    • equalsMostly

      protected boolean equalsMostly(Subject subject1, Subject subject2)
      Check whether the specified Subject objects have the same set of principals and public credentials.
      Parameters:
      subject1 - a subject
      subject2 - the subject to be compared with subject1
      Returns:
      true iff the subjects have the same set of principals and public credentials

    • extractPublicKeys

      protected Set extractPublicKeys(Set setPubCreds)
      Extract a set of PublicKeys from the set of public credentials.
      Parameters:
      setPubCreds - set of public credentials
      Returns:
      a set of PublicKey objects

    • extractCertificates

      protected Set extractCertificates(Set setPubCreds)
      Extract a set of Certificate objects from the set of public credentials.
      Parameters:
      setPubCreds - set of public credentials
      Returns:
      a set of Certificate objects

    • findPublicKeys

      protected Set findPublicKeys(Subject subject) throws GeneralSecurityException
      Find a set of public keys for the specified Subject.

      Note: We need to prevent a security hole when a caller would construct and send the responder a Subject object with a Principal object that have a high security clearance, but provide a valid certificate representing a low security clearance Principal. To deal with this after we find the caller's certificate in the key store, the principal match must be verified.

      Parameters:
      subject - the Subject object
      Returns:
      a set of PublicKey objects
      Throws:
      GeneralSecurityException - if a keystore exception occurs

    • logPermissionRequest

      protected void logPermissionRequest(ClusterPermission permission, Subject subject, boolean fAllowed)
      Log the authorization request.
      Parameters:
      permission - the permission checked
      subject - the Subject
      fAllowed - the boolean indicated whether it is allowed

    • main

      public static void main(String[] asArg) throws Exception
      Standalone permission check utility. 
         java com.tangosol.net.security DefaultController [-<option>]* <target> <action>

 where options include:
   -keystore:<keystore path>   the path to the keystore
   -module:<name>              the login module name
   -permits:<permits path>     the path to permissions file
   -requestor:<name!password>  the requestor's name/password pair
   -responder:<name!password>  the responder's name/password pair
      Parameters:
      asArg - the command line arguments
      Throws:
      Exception - if there is an error