Package com.hazelcast.config.security

Class KerberosIdentityConfig

  • All Implemented Interfaces:
    IdentityConfig
    public class KerberosIdentityConfig
extends java.lang.Object
implements IdentityConfig
    This class configures the Kerberos identity. Based on this configuration, service tickets are retrieved from Kerberos KDC (Key Distribution Center).

    • Constructor Detail

      • KerberosIdentityConfig

        public KerberosIdentityConfig()

    • Method Detail

      • getSpn

        public java.lang.String getSpn()

      • setSpn

        public KerberosIdentityConfig setSpn​(java.lang.String spn)
        Allows to configure static service principal name (SPN). It's meant for usecases where all members share a single Kerberos identity.

      • getServiceNamePrefix

        public java.lang.String getServiceNamePrefix()

      • setServiceNamePrefix

        public KerberosIdentityConfig setServiceNamePrefix​(java.lang.String serviceNamePrefix)
        Defines prefix of the Service Principal name. It's default value is "hz/". By default the member's principal name (for which this credentials factory asks the service ticket) is in form "[servicePrefix][memberIpAddress]@[REALM]" (e.g. "hz/192.168.1.1@ACME.COM").

      • getRealm

        public java.lang.String getRealm()

      • setRealm

        public KerberosIdentityConfig setRealm​(java.lang.String realm)
        Defines Kerberos realm name (e.g. "ACME.COM").

      • getKeytabFile

        public java.lang.String getKeytabFile()

      • setKeytabFile

        public KerberosIdentityConfig setKeytabFile​(java.lang.String keytabFile)
        Allows (together with the setPrincipal(String)) simplification of security realm configuration. For basic scenarios you don't need to use setSecurityRealm(String), but you can instead define directly kerberos principal name and keytab file path with credentials for given principal.

        This configuration is only used when there is no securityRealm configured.

      • getPrincipal

        public java.lang.String getPrincipal()

      • setPrincipal

        public KerberosIdentityConfig setPrincipal​(java.lang.String principal)
        Allows (together with the setKeytabFile(String)) simplification of security realm configuration. For basic scenarios you don't need to use setSecurityRealm(String), but you can instead define directly kerberos principal name and keytab file path with credentials for given principal.

        This configuration is only used when there is no securityRealm configured.

      • getSecurityRealm

        public java.lang.String getSecurityRealm()

      • setSecurityRealm

        public KerberosIdentityConfig setSecurityRealm​(java.lang.String securityRealm)
        Configures a reference to Security realm name in Hazelcast configuration. The realm's authentication configuration (when defined) is used to populate the user object with Kerberos credentials (e.g. TGT).

      • getUseCanonicalHostname

        public java.lang.Boolean getUseCanonicalHostname()

      • setUseCanonicalHostname

        public KerberosIdentityConfig setUseCanonicalHostname​(java.lang.Boolean useCanonicalHostname)
        Allows using fully qualified domain name instead of IP address when the SPN is constructed from a prefix and realm name. For instance, when set true, the SPN "hz/192.168.1.1@ACME.COM" could become "hz/member1.acme.com@ACME.COM" (given the reverse DNS lookup for 192.168.1.1 returns the "member1.acme.com" hostname).

      • hashCode

        public int hashCode()
        Overrides:
        hashCode in class java.lang.Object

      • equals

        public boolean equals​(java.lang.Object obj)
        Overrides:
        equals in class java.lang.Object

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object