Class KerberosIdentityConfig

java.lang.Object
com.hazelcast.config.security.KerberosIdentityConfig
All Implemented Interfaces:
IdentityConfig

public class KerberosIdentityConfig extends Object implements IdentityConfig
This class configures the Kerberos identity. Based on this configuration, service tickets are retrieved from Kerberos KDC (Key Distribution Center).
  • Constructor Details

    • KerberosIdentityConfig

      public KerberosIdentityConfig()
  • Method Details

    • getSpn

      public String getSpn()
    • setSpn

      public KerberosIdentityConfig setSpn(String spn)
      Allows to configure static service principal name (SPN). It's meant for usecases where all members share a single Kerberos identity.
    • getServiceNamePrefix

      public String getServiceNamePrefix()
    • setServiceNamePrefix

      public KerberosIdentityConfig setServiceNamePrefix(String serviceNamePrefix)
      Defines prefix of the Service Principal name. It's default value is "hz/". By default the member's principal name (for which this credentials factory asks the service ticket) is in form "[servicePrefix][memberIpAddress]@[REALM]" (e.g. "hz/192.168.1.1@ACME.COM").
    • getRealm

      public String getRealm()
    • setRealm

      public KerberosIdentityConfig setRealm(String realm)
      Defines Kerberos realm name (e.g. "ACME.COM").
    • getKeytabFile

      public String getKeytabFile()
    • setKeytabFile

      public KerberosIdentityConfig setKeytabFile(String keytabFile)
      Allows (together with the setPrincipal(String)) simplification of security realm configuration. For basic scenarios you don't need to use setSecurityRealm(String), but you can instead define directly kerberos principal name and keytab file path with credentials for given principal.

      This configuration is only used when there is no securityRealm configured.

    • getPrincipal

      public String getPrincipal()
    • setPrincipal

      public KerberosIdentityConfig setPrincipal(String principal)
      Allows (together with the setKeytabFile(String)) simplification of security realm configuration. For basic scenarios you don't need to use setSecurityRealm(String), but you can instead define directly kerberos principal name and keytab file path with credentials for given principal.

      This configuration is only used when there is no securityRealm configured.

    • getSecurityRealm

      public String getSecurityRealm()
    • setSecurityRealm

      public KerberosIdentityConfig setSecurityRealm(String securityRealm)
      Configures a reference to Security realm name in Hazelcast configuration. The realm's authentication configuration (when defined) is used to populate the user object with Kerberos credentials (e.g. TGT).
    • getUseCanonicalHostname

      public Boolean getUseCanonicalHostname()
    • setUseCanonicalHostname

      public KerberosIdentityConfig setUseCanonicalHostname(Boolean useCanonicalHostname)
      Allows using fully qualified domain name instead of IP address when the SPN is constructed from a prefix and realm name. For instance, when set true, the SPN "hz/192.168.1.1@ACME.COM" could become "hz/member1.acme.com@ACME.COM" (given the reverse DNS lookup for 192.168.1.1 returns the "member1.acme.com" hostname).
    • asCredentialsFactory

      public ICredentialsFactory asCredentialsFactory(ClassLoader cl)
      Description copied from interface: IdentityConfig
      Converts current configuration to a ICredentialsFactory instance.
      Specified by:
      asCredentialsFactory in interface IdentityConfig
      Parameters:
      cl - class loader to be used if the credentials factory class has to be constructed.
      Returns:
      ICredentialsFactory instance
    • copy

      public IdentityConfig copy()
      Description copied from interface: IdentityConfig
      Makes a copy (or clone) of the config object.
      Specified by:
      copy in interface IdentityConfig
    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object
    • equals

      public boolean equals(Object obj)
      Overrides:
      equals in class Object
    • toString

      public String toString()
      Overrides:
      toString in class Object