Package com.hazelcast.config.security
Class KerberosIdentityConfig
java.lang.Object
com.hazelcast.config.security.KerberosIdentityConfig
- All Implemented Interfaces:
IdentityConfig
This class configures the Kerberos identity. Based on this configuration, service tickets are retrieved from Kerberos KDC
(Key Distribution Center).
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionConverts current configuration to aICredentialsFactoryinstance.copy()Makes a copy (or clone) of the config object.booleangetRealm()getSpn()inthashCode()setKeytabFile(String keytabFile) Allows (together with thesetPrincipal(String)) simplification of security realm configuration.setPrincipal(String principal) Allows (together with thesetKeytabFile(String)) simplification of security realm configuration.Defines Kerberos realm name (e.g.setSecurityRealm(String securityRealm) Configures a reference to Security realm name in Hazelcast configuration.setServiceNamePrefix(String serviceNamePrefix) Defines prefix of the Service Principal name.Allows to configure static service principal name (SPN).setUseCanonicalHostname(Boolean useCanonicalHostname) Allows using fully qualified domain name instead of IP address when the SPN is constructed from a prefix and realm name.toString()
-
Constructor Details
-
KerberosIdentityConfig
public KerberosIdentityConfig()
-
-
Method Details
-
getSpn
-
setSpn
Allows to configure static service principal name (SPN). It's meant for use cases where all members share a single Kerberos identity. -
getServiceNamePrefix
-
setServiceNamePrefix
Defines prefix of the Service Principal name. It's default value is"hz/". By default, the member's principal name (for which this credentials factory asks the service ticket) is in form "[servicePrefix][memberIpAddress]@[REALM]" (e.g. "hz/192.168.1.1@ACME.COM"). -
getRealm
-
setRealm
Defines Kerberos realm name (e.g. "ACME.COM"). -
getKeytabFile
-
setKeytabFile
Allows (together with thesetPrincipal(String)) simplification of security realm configuration. For basic scenarios you don't need to usesetSecurityRealm(String), but you can instead define directly kerberos principal name and keytab file path with credentials for given principal.This configuration is only used when there is no
securityRealmconfigured. -
getPrincipal
-
setPrincipal
Allows (together with thesetKeytabFile(String)) simplification of security realm configuration. For basic scenarios you don't need to usesetSecurityRealm(String), but you can instead define directly kerberos principal name and keytab file path with credentials for given principal.This configuration is only used when there is no
securityRealmconfigured. -
getSecurityRealm
-
setSecurityRealm
Configures a reference to Security realm name in Hazelcast configuration. The realm's authentication configuration (when defined) is used to populate the user object with Kerberos credentials (e.g. TGT). -
getUseCanonicalHostname
-
setUseCanonicalHostname
Allows using fully qualified domain name instead of IP address when the SPN is constructed from a prefix and realm name. For instance, when settrue, the SPN"hz/192.168.1.1@ACME.COM"could become"hz/member1.acme.com@ACME.COM"(given the reverse DNS lookup for 192.168.1.1 returns the "member1.acme.com" hostname). -
asCredentialsFactory
Description copied from interface:IdentityConfigConverts current configuration to aICredentialsFactoryinstance.- Specified by:
asCredentialsFactoryin interfaceIdentityConfig- Parameters:
cl- class loader to be used if the credentials factory class has to be constructed.- Returns:
ICredentialsFactoryinstance
-
copy
Description copied from interface:IdentityConfigMakes a copy (or clone) of the config object.- Specified by:
copyin interfaceIdentityConfig
-
hashCode
public int hashCode() -
equals
-
toString
-