Package com.hazelcast.config.security

Class KerberosAuthenticationConfig

    • Constructor Detail

      • KerberosAuthenticationConfig

        public KerberosAuthenticationConfig()

    • Method Detail

      • getRelaxFlagsCheck

        public java.lang.Boolean getRelaxFlagsCheck()

      • setRelaxFlagsCheck

        public KerberosAuthenticationConfig setRelaxFlagsCheck​(java.lang.Boolean relaxFlagsCheck)
        Allows disabling some of the checks on incoming token (e.g. passes authentication even if the mutual authentication is required by the token).

      • getSecurityRealm

        public java.lang.String getSecurityRealm()

      • setUseNameWithoutRealm

        public KerberosAuthenticationConfig setUseNameWithoutRealm​(java.lang.Boolean useNameWithoutRealm)
        Allows cutting off the Kerberos realm part from authenticated name. When set to true, the '@REALM' part is removed from the name (e.g. jduke@ACME.COM becomes jduke).

      • getUseNameWithoutRealm

        public java.lang.Boolean getUseNameWithoutRealm()

      • setSecurityRealm

        public KerberosAuthenticationConfig setSecurityRealm​(java.lang.String securityRealm)
        References Security realm name in Hazelcast configuration. The realm's authentication configuration (when defined) will be used to fill the user object with Kerberos credentials (e.g. KeyTab entry).

      • setLdapAuthenticationConfig

        public KerberosAuthenticationConfig setLdapAuthenticationConfig​(LdapAuthenticationConfig ldapAuthenticationConfig)
        Allows specifying LDAP authentication configuration which is then used after the Kerberos authentication successfully finishes.

      • getKeytabFile

        public java.lang.String getKeytabFile()

      • setKeytabFile

        public KerberosAuthenticationConfig setKeytabFile​(java.lang.String keytabFile)
        Allows (together with the setPrincipal(String)) simplification of security realm configuration. For basic scenarios you don't need to use setSecurityRealm(String), but you can instead define directly kerberos principal name and keytab file path with credentials for given principal.

        This configuration is only used when there is no securityRealm configured.

      • getPrincipal

        public java.lang.String getPrincipal()

      • setPrincipal

        public KerberosAuthenticationConfig setPrincipal​(java.lang.String principal)
        Allows (together with the setKeytabFile(String)) simplification of security realm configuration. For basic scenarios you don't need to use setSecurityRealm(String), but you can instead define directly kerberos principal name and keytab file path with credentials for given principal.

        This configuration is only used when there is no securityRealm configured.

      • asLoginModuleConfigs

        public LoginModuleConfig[] asLoginModuleConfigs()
        Description copied from interface: AuthenticationConfig
        Converts current configuration to stack of login modules.
        Returns:
        login modules stack

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object