Package com.hazelcast.config.security
Class KerberosIdentityConfig
java.lang.Object
com.hazelcast.config.security.KerberosIdentityConfig
- All Implemented Interfaces:
IdentityConfig
This class configures the Kerberos identity. Based on this configuration, service tickets are retrieved from Kerberos KDC
(Key Distribution Center).
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionConverts current configuration to aICredentialsFactory
instance.copy()
Makes a copy (or clone) of the config object.boolean
getRealm()
getSpn()
int
hashCode()
setKeytabFile
(String keytabFile) Allows (together with thesetPrincipal(String)
) simplification of security realm configuration.setPrincipal
(String principal) Allows (together with thesetKeytabFile(String)
) simplification of security realm configuration.Defines Kerberos realm name (e.g.setSecurityRealm
(String securityRealm) Configures a reference to Security realm name in Hazelcast configuration.setServiceNamePrefix
(String serviceNamePrefix) Defines prefix of the Service Principal name.Allows to configure static service principal name (SPN).setUseCanonicalHostname
(Boolean useCanonicalHostname) Allows using fully qualified domain name instead of IP address when the SPN is constructed from a prefix and realm name.toString()
-
Constructor Details
-
KerberosIdentityConfig
public KerberosIdentityConfig()
-
-
Method Details
-
getSpn
-
setSpn
Allows to configure static service principal name (SPN). It's meant for use cases where all members share a single Kerberos identity. -
getServiceNamePrefix
-
setServiceNamePrefix
Defines prefix of the Service Principal name. It's default value is"hz/"
. By default, the member's principal name (for which this credentials factory asks the service ticket) is in form "[servicePrefix][memberIpAddress]@[REALM]" (e.g. "hz/192.168.1.1@ACME.COM"). -
getRealm
-
setRealm
Defines Kerberos realm name (e.g. "ACME.COM"). -
getKeytabFile
-
setKeytabFile
Allows (together with thesetPrincipal(String)
) simplification of security realm configuration. For basic scenarios you don't need to usesetSecurityRealm(String)
, but you can instead define directly kerberos principal name and keytab file path with credentials for given principal.This configuration is only used when there is no
securityRealm
configured. -
getPrincipal
-
setPrincipal
Allows (together with thesetKeytabFile(String)
) simplification of security realm configuration. For basic scenarios you don't need to usesetSecurityRealm(String)
, but you can instead define directly kerberos principal name and keytab file path with credentials for given principal.This configuration is only used when there is no
securityRealm
configured. -
getSecurityRealm
-
setSecurityRealm
Configures a reference to Security realm name in Hazelcast configuration. The realm's authentication configuration (when defined) is used to populate the user object with Kerberos credentials (e.g. TGT). -
getUseCanonicalHostname
-
setUseCanonicalHostname
Allows using fully qualified domain name instead of IP address when the SPN is constructed from a prefix and realm name. For instance, when settrue
, the SPN"hz/192.168.1.1@ACME.COM"
could become"hz/member1.acme.com@ACME.COM"
(given the reverse DNS lookup for 192.168.1.1 returns the "member1.acme.com" hostname). -
asCredentialsFactory
Description copied from interface:IdentityConfig
Converts current configuration to aICredentialsFactory
instance.- Specified by:
asCredentialsFactory
in interfaceIdentityConfig
- Parameters:
cl
- class loader to be used if the credentials factory class has to be constructed.- Returns:
ICredentialsFactory
instance
-
copy
Description copied from interface:IdentityConfig
Makes a copy (or clone) of the config object.- Specified by:
copy
in interfaceIdentityConfig
-
hashCode
public int hashCode() -
equals
-
toString
-