Interface SecurityContext


public interface SecurityContext
SecurityContext is responsible for managing lifecycle of security object such as ICredentialsFactory, IPermissionPolicy etc, to creating LoginContextes for member and client authentications and checking permissions for client operations.
  • Method Details

    • createMemberLoginContext

      LoginContext createMemberLoginContext(String clusterName, Credentials credentials, com.hazelcast.internal.nio.Connection connection) throws LoginException
      Creates member LoginContext.
      Parameters:
      clusterName - cluster name received from the connecting member
      credentials - member credentials
      connection - member connection
      Returns:
      LoginContext
      Throws:
      LoginException - in case of any exceptional case
    • createClientLoginContext

      LoginContext createClientLoginContext(String clusterName, Credentials credentials, com.hazelcast.internal.nio.Connection connection) throws LoginException
      Creates client LoginContext.
      Parameters:
      clusterName - cluster name reported on the client protocol
      credentials - client credentials
      connection - client connection
      Returns:
      LoginContext
      Throws:
      LoginException - in case of any exceptional case
    • createLoginConfigurationForRealm

      Configuration createLoginConfigurationForRealm(String realmName)
      Creates JAAS login Configuration from given Security Realm configuration.
      Parameters:
      realmName - security realm name
      Returns:
      Configuration for given realm (or default authentication configuration if the realm doesn't exist).
    • createLoginContext

      LoginContext createLoginContext(@Nonnull Configuration configuration, String clusterName, Credentials credentials, InetAddress remoteAddress) throws LoginException
      Creates LoginContext from given JAAS Configuration.
      Parameters:
      configuration - JAAS configuration object
      clusterName - cluster name
      credentials - credentials
      remoteAddress - address of the HTTP client
      Returns:
      LoginContext
      Throws:
      LoginException - in case of any exceptional case
    • getCredentialsFactory

      ICredentialsFactory getCredentialsFactory()
      Returns current ICredentialsFactory.
      Returns:
      ICredentialsFactory
    • checkPermission

      void checkPermission(Subject subject, Permission permission) throws AccessControlException
      Checks whether current Subject has been granted specified permission or not.
      Parameters:
      subject - the current subject
      permission - the specified permission for the subject
      Throws:
      AccessControlException - if the specified permission has not been granted to the subject
    • interceptBefore

      void interceptBefore(Credentials credentials, String serviceName, String objectName, String methodName, Object[] parameters) throws AccessControlException
      intercepts a request before process if any SecurityInterceptor configured
      Parameters:
      credentials -
      serviceName -
      objectName -
      methodName -
      parameters -
      Throws:
      AccessControlException - if access is denied
    • interceptAfter

      void interceptAfter(Credentials credentials, String serviceName, String objectName, String methodName)
      intercepts a request after process if any SecurityInterceptor configured Any exception thrown during interception will be ignored
      Parameters:
      credentials -
      serviceName -
      objectName -
      methodName -
    • createSecureCallable

      <V> SecureCallable<V> createSecureCallable(Subject subject, Callable<V> callable)
      Creates secure callable that runs in a sandbox.
      Type Parameters:
      V - return type of callable
      Parameters:
      subject -
      callable -
      Returns:
      result of callable
    • createSecureCallable

      <V> SecureCallable<?> createSecureCallable(Subject subject, Runnable runnable)
      Creates secure callable that runs in a sandbox.
      Type Parameters:
      V - return type of callable
      Parameters:
      subject -
      runnable -
      Returns:
      Will always return null after Runnable finishes running.
    • destroy

      void destroy()
      Destroys SecurityContext and all security elements.
    • refreshPermissions

      void refreshPermissions(Set<PermissionConfig> permissionConfigs)
    • createSqlContext

      com.hazelcast.sql.impl.security.SqlSecurityContext createSqlContext(Subject subject)