Package com.hazelcast.config.security

Class KerberosAuthenticationConfig

java.lang.Object

com.hazelcast.config.security.AbstractClusterLoginConfig<KerberosAuthenticationConfig>

com.hazelcast.config.security.KerberosAuthenticationConfig

All Implemented Interfaces:

AuthenticationConfig

public class KerberosAuthenticationConfig
extends AbstractClusterLoginConfig<KerberosAuthenticationConfig>

Typed authentication configuration for Kerberos tickets verification.

Constructor Summary

Constructors

Constructor	Description
KerberosAuthenticationConfig()

Method Summary

Modifier and Type	Method	Description
LoginModuleConfig[]	asLoginModuleConfigs()	Converts current configuration to stack of login modules.
boolean	equals(Object obj)
String	getKeytabFile()
LdapAuthenticationConfig	getLdapAuthenticationConfig()
String	getPrincipal()
Boolean	getRelaxFlagsCheck()
String	getSecurityRealm()
Boolean	getUseNameWithoutRealm()
int	hashCode()
protected Properties	initLoginModuleProperties()
protected KerberosAuthenticationConfig	self()
KerberosAuthenticationConfig	setKeytabFile(String keytabFile)	Allows (together with the setPrincipal(String)) simplification of security realm configuration.
KerberosAuthenticationConfig	setLdapAuthenticationConfig(LdapAuthenticationConfig ldapAuthenticationConfig)	Allows specifying LDAP authentication configuration which is then used after the Kerberos authentication successfully finishes.
KerberosAuthenticationConfig	setPrincipal(String principal)	Allows (together with the setKeytabFile(String)) simplification of security realm configuration.
KerberosAuthenticationConfig	setRelaxFlagsCheck(Boolean relaxFlagsCheck)	Allows disabling some of the checks on incoming token (e.g. passes authentication even if the mutual authentication is required by the token).
KerberosAuthenticationConfig	setSecurityRealm(String securityRealm)	References Security realm name in Hazelcast configuration.
KerberosAuthenticationConfig	setUseNameWithoutRealm(Boolean useNameWithoutRealm)	Allows cutting off the Kerberos realm part from authenticated name.
String	toString()

Methods inherited from class com.hazelcast.config.security.AbstractClusterLoginConfig

getSkipEndpoint, getSkipIdentity, getSkipRole, setIfConfigured, setIfConfigured, setIfConfigured, setSkipEndpoint, setSkipIdentity, setSkipRole

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details

KerberosAuthenticationConfig

public KerberosAuthenticationConfig()

Method Details

getRelaxFlagsCheck

public Boolean getRelaxFlagsCheck()

setRelaxFlagsCheck

public KerberosAuthenticationConfig setRelaxFlagsCheck(Boolean relaxFlagsCheck)

Allows disabling some of the checks on incoming token (e.g. passes authentication even if the mutual authentication is required by the token).

getSecurityRealm

public String getSecurityRealm()

setUseNameWithoutRealm

public KerberosAuthenticationConfig setUseNameWithoutRealm(Boolean useNameWithoutRealm)

Allows cutting off the Kerberos realm part from authenticated name. When set to true, the '@REALM' part is removed from the name (e.g. jduke@ACME.COM becomes jduke).

getUseNameWithoutRealm

public Boolean getUseNameWithoutRealm()

setSecurityRealm

public KerberosAuthenticationConfig setSecurityRealm(String securityRealm)

References Security realm name in Hazelcast configuration. The realm's authentication configuration (when defined) will be used to fill the user object with Kerberos credentials (e.g. KeyTab entry).

getLdapAuthenticationConfig

public LdapAuthenticationConfig getLdapAuthenticationConfig()

setLdapAuthenticationConfig

public KerberosAuthenticationConfig setLdapAuthenticationConfig(LdapAuthenticationConfig ldapAuthenticationConfig)

Allows specifying LDAP authentication configuration which is then used after the Kerberos authentication successfully finishes.

getKeytabFile

public String getKeytabFile()

setKeytabFile

public KerberosAuthenticationConfig setKeytabFile(String keytabFile)

Allows (together with the setPrincipal(String)) simplification of security realm configuration. For basic scenarios you don't need to use setSecurityRealm(String), but you can instead define directly kerberos principal name and keytab file path with credentials for given principal.

This configuration is only used when there is no securityRealm configured.

getPrincipal

public String getPrincipal()

setPrincipal

public KerberosAuthenticationConfig setPrincipal(String principal)

Allows (together with the setKeytabFile(String)) simplification of security realm configuration. For basic scenarios you don't need to use setSecurityRealm(String), but you can instead define directly kerberos principal name and keytab file path with credentials for given principal.

This configuration is only used when there is no securityRealm configured.

initLoginModuleProperties

protected Properties initLoginModuleProperties()

Overrides:

initLoginModuleProperties in class AbstractClusterLoginConfig<KerberosAuthenticationConfig>

asLoginModuleConfigs

public LoginModuleConfig[] asLoginModuleConfigs()

Description copied from interface: AuthenticationConfig

Converts current configuration to stack of login modules.

Returns:

login modules stack

hashCode

public int hashCode()

Overrides:

hashCode in class AbstractClusterLoginConfig<KerberosAuthenticationConfig>

equals

public boolean equals(Object obj)

Overrides:

equals in class AbstractClusterLoginConfig<KerberosAuthenticationConfig>

toString

public String toString()

Overrides:

toString in class Object

self

protected KerberosAuthenticationConfig self()

Specified by:

self in class AbstractClusterLoginConfig<KerberosAuthenticationConfig>