Package com.hazelcast.security
Interface SecurityContext
public interface SecurityContext
SecurityContext is responsible for managing lifecycle of security object such as
ICredentialsFactory
, IPermissionPolicy
etc, to creating LoginContext
es
for member and client authentications and checking permissions for client operations.-
Method Summary
Modifier and TypeMethodDescriptionvoid
checkPermission
(Subject subject, Permission permission) Checks whether currentSubject
has been granted specified permission or not.createClientLoginContext
(String clusterName, Credentials credentials, com.hazelcast.internal.nio.Connection connection) Creates clientLoginContext
.createLoginConfigurationForRealm
(String realmName) Creates JAAS loginConfiguration
from given Security Realm configuration.createLoginContext
(Configuration configuration, String clusterName, Credentials credentials, InetAddress remoteAddress) CreatesLoginContext
from given JAAS Configuration.createMemberLoginContext
(String clusterName, Credentials credentials, com.hazelcast.internal.nio.Connection connection) Creates memberLoginContext
.<V> SecureCallable<?>
createSecureCallable
(Subject subject, Runnable runnable) Creates secure callable that runs in a sandbox.<V> SecureCallable<V>
createSecureCallable
(Subject subject, Callable<V> callable) Creates secure callable that runs in a sandbox.com.hazelcast.sql.impl.security.SqlSecurityContext
createSqlContext
(Subject subject) void
destroy()
DestroysSecurityContext
and all security elements.Returns currentICredentialsFactory
.void
interceptAfter
(Credentials credentials, String serviceName, String objectName, String methodName) intercepts a request after process if anySecurityInterceptor
configured Any exception thrown during interception will be ignoredvoid
interceptBefore
(Credentials credentials, String serviceName, String objectName, String methodName, Object[] parameters) intercepts a request before process if anySecurityInterceptor
configuredvoid
refreshPermissions
(Set<PermissionConfig> permissionConfigs)
-
Method Details
-
createMemberLoginContext
LoginContext createMemberLoginContext(String clusterName, Credentials credentials, com.hazelcast.internal.nio.Connection connection) throws LoginException Creates memberLoginContext
.- Parameters:
clusterName
- cluster name received from the connecting membercredentials
- member credentialsconnection
- member connection- Returns:
LoginContext
- Throws:
LoginException
- in case of any exceptional case
-
createClientLoginContext
LoginContext createClientLoginContext(String clusterName, Credentials credentials, com.hazelcast.internal.nio.Connection connection) throws LoginException Creates clientLoginContext
.- Parameters:
clusterName
- cluster name reported on the client protocolcredentials
- client credentialsconnection
- client connection- Returns:
LoginContext
- Throws:
LoginException
- in case of any exceptional case
-
createLoginConfigurationForRealm
Creates JAAS loginConfiguration
from given Security Realm configuration.- Parameters:
realmName
- security realm name- Returns:
Configuration
for given realm (or default authentication configuration if the realm doesn't exist).
-
createLoginContext
LoginContext createLoginContext(@Nonnull Configuration configuration, String clusterName, Credentials credentials, InetAddress remoteAddress) throws LoginException CreatesLoginContext
from given JAAS Configuration.- Parameters:
configuration
- JAAS configuration objectclusterName
- cluster namecredentials
- credentialsremoteAddress
- address of the HTTP client- Returns:
LoginContext
- Throws:
LoginException
- in case of any exceptional case
-
getCredentialsFactory
ICredentialsFactory getCredentialsFactory()Returns currentICredentialsFactory
.- Returns:
ICredentialsFactory
-
checkPermission
Checks whether currentSubject
has been granted specified permission or not.- Parameters:
subject
- the current subjectpermission
- the specified permission for the subject- Throws:
AccessControlException
- if the specified permission has not been granted to the subject
-
interceptBefore
void interceptBefore(Credentials credentials, String serviceName, String objectName, String methodName, Object[] parameters) throws AccessControlException intercepts a request before process if anySecurityInterceptor
configured- Parameters:
credentials
-serviceName
-objectName
-methodName
-parameters
-- Throws:
AccessControlException
- if access is denied
-
interceptAfter
void interceptAfter(Credentials credentials, String serviceName, String objectName, String methodName) intercepts a request after process if anySecurityInterceptor
configured Any exception thrown during interception will be ignored- Parameters:
credentials
-serviceName
-objectName
-methodName
-
-
createSecureCallable
Creates secure callable that runs in a sandbox.- Type Parameters:
V
- return type of callable- Parameters:
subject
-callable
-- Returns:
- result of callable
-
createSecureCallable
Creates secure callable that runs in a sandbox.- Type Parameters:
V
- return type of callable- Parameters:
subject
-runnable
-- Returns:
- Will always return null after
Runnable
finishes running.
-
destroy
void destroy()DestroysSecurityContext
and all security elements. -
refreshPermissions
-
createSqlContext
-