Package com.hazelcast.config.security
Class KerberosAuthenticationConfig
java.lang.Object
com.hazelcast.config.security.AbstractClusterLoginConfig<KerberosAuthenticationConfig>
com.hazelcast.config.security.KerberosAuthenticationConfig
- All Implemented Interfaces:
AuthenticationConfig
public class KerberosAuthenticationConfig
extends AbstractClusterLoginConfig<KerberosAuthenticationConfig>
Typed authentication configuration for Kerberos tickets verification.
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionConverts current configuration to stack of login modules.boolean
int
hashCode()
protected Properties
protected KerberosAuthenticationConfig
self()
setKeytabFile
(String keytabFile) Allows (together with thesetPrincipal(String)
) simplification of security realm configuration.setLdapAuthenticationConfig
(LdapAuthenticationConfig ldapAuthenticationConfig) Allows specifying LDAP authentication configuration which is then used after the Kerberos authentication successfully finishes.setPrincipal
(String principal) Allows (together with thesetKeytabFile(String)
) simplification of security realm configuration.setRelaxFlagsCheck
(Boolean relaxFlagsCheck) Allows disabling some of the checks on incoming token (e.g.setSecurityRealm
(String securityRealm) References Security realm name in Hazelcast configuration.setUseNameWithoutRealm
(Boolean useNameWithoutRealm) Allows cutting off the Kerberos realm part from authenticated name.toString()
Methods inherited from class com.hazelcast.config.security.AbstractClusterLoginConfig
getSkipEndpoint, getSkipIdentity, getSkipRole, setIfConfigured, setIfConfigured, setIfConfigured, setSkipEndpoint, setSkipIdentity, setSkipRole
-
Constructor Details
-
KerberosAuthenticationConfig
public KerberosAuthenticationConfig()
-
-
Method Details
-
getRelaxFlagsCheck
-
setRelaxFlagsCheck
Allows disabling some of the checks on incoming token (e.g. passes authentication even if the mutual authentication is required by the token). -
getSecurityRealm
-
setUseNameWithoutRealm
Allows cutting off the Kerberos realm part from authenticated name. When set totrue
, the'@REALM'
part is removed from the name (e.g.jduke@ACME.COM
becomesjduke
). -
getUseNameWithoutRealm
-
setSecurityRealm
References Security realm name in Hazelcast configuration. The realm's authentication configuration (when defined) will be used to fill the user object with Kerberos credentials (e.g. KeyTab entry). -
getLdapAuthenticationConfig
-
setLdapAuthenticationConfig
public KerberosAuthenticationConfig setLdapAuthenticationConfig(LdapAuthenticationConfig ldapAuthenticationConfig) Allows specifying LDAP authentication configuration which is then used after the Kerberos authentication successfully finishes. -
getKeytabFile
-
setKeytabFile
Allows (together with thesetPrincipal(String)
) simplification of security realm configuration. For basic scenarios you don't need to usesetSecurityRealm(String)
, but you can instead define directly kerberos principal name and keytab file path with credentials for given principal.This configuration is only used when there is no
securityRealm
configured. -
getPrincipal
-
setPrincipal
Allows (together with thesetKeytabFile(String)
) simplification of security realm configuration. For basic scenarios you don't need to usesetSecurityRealm(String)
, but you can instead define directly kerberos principal name and keytab file path with credentials for given principal.This configuration is only used when there is no
securityRealm
configured. -
initLoginModuleProperties
- Overrides:
initLoginModuleProperties
in classAbstractClusterLoginConfig<KerberosAuthenticationConfig>
-
asLoginModuleConfigs
Description copied from interface:AuthenticationConfig
Converts current configuration to stack of login modules.- Returns:
- login modules stack
-
hashCode
public int hashCode()- Overrides:
hashCode
in classAbstractClusterLoginConfig<KerberosAuthenticationConfig>
-
equals
- Overrides:
equals
in classAbstractClusterLoginConfig<KerberosAuthenticationConfig>
-
toString
-
self
- Specified by:
self
in classAbstractClusterLoginConfig<KerberosAuthenticationConfig>
-