Package com.hazelcast.security
Interface SecurityContext
-
public interface SecurityContext
SecurityContext is responsible for managing lifecycle of security object such asICredentialsFactory
,IPermissionPolicy
etc, to creatingLoginContext
es for member and client authentications and checking permissions for client operations.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
checkPermission(javax.security.auth.Subject subject, java.security.Permission permission)
Checks whether currentSubject
has been granted specified permission or not.javax.security.auth.login.LoginContext
createClientLoginContext(java.lang.String clusterName, Credentials credentials, com.hazelcast.internal.nio.Connection connection)
Creates clientLoginContext
.javax.security.auth.login.LoginContext
createMemberLoginContext(java.lang.String clusterName, Credentials credentials, com.hazelcast.internal.nio.Connection connection)
Creates memberLoginContext
.<V> SecureCallable<?>
createSecureCallable(javax.security.auth.Subject subject, java.lang.Runnable runnable)
Creates secure callable that runs in a sandbox.<V> SecureCallable<V>
createSecureCallable(javax.security.auth.Subject subject, java.util.concurrent.Callable<V> callable)
Creates secure callable that runs in a sandbox.com.hazelcast.sql.impl.security.SqlSecurityContext
createSqlContext(javax.security.auth.Subject subject)
void
destroy()
DestroysSecurityContext
and all security elements.ICredentialsFactory
getCredentialsFactory()
Returns currentICredentialsFactory
.void
interceptAfter(Credentials credentials, java.lang.String serviceName, java.lang.String objectName, java.lang.String methodName)
intercepts a request after process if anySecurityInterceptor
configured Any exception thrown during interception will be ignoredvoid
interceptBefore(Credentials credentials, java.lang.String serviceName, java.lang.String objectName, java.lang.String methodName, java.lang.Object[] parameters)
intercepts a request before process if anySecurityInterceptor
configuredvoid
refreshPermissions(java.util.Set<PermissionConfig> permissionConfigs)
-
-
-
Method Detail
-
createMemberLoginContext
javax.security.auth.login.LoginContext createMemberLoginContext(java.lang.String clusterName, Credentials credentials, com.hazelcast.internal.nio.Connection connection) throws javax.security.auth.login.LoginException
Creates memberLoginContext
.- Parameters:
clusterName
- cluster name received from the connecting membercredentials
- member credentialsconnection
- member connection- Returns:
LoginContext
- Throws:
javax.security.auth.login.LoginException
- in case of any exceptional case
-
createClientLoginContext
javax.security.auth.login.LoginContext createClientLoginContext(java.lang.String clusterName, Credentials credentials, com.hazelcast.internal.nio.Connection connection) throws javax.security.auth.login.LoginException
Creates clientLoginContext
.- Parameters:
clusterName
- cluster name reported on the client protocolcredentials
- client credentialsconnection
- client connection- Returns:
LoginContext
- Throws:
javax.security.auth.login.LoginException
- in case of any exceptional case
-
getCredentialsFactory
ICredentialsFactory getCredentialsFactory()
Returns currentICredentialsFactory
.- Returns:
ICredentialsFactory
-
checkPermission
void checkPermission(javax.security.auth.Subject subject, java.security.Permission permission) throws java.security.AccessControlException
Checks whether currentSubject
has been granted specified permission or not.- Parameters:
subject
- the current subjectpermission
- the specified permission for the subject- Throws:
java.security.AccessControlException
- if the specified permission has not been granted to the subject
-
interceptBefore
void interceptBefore(Credentials credentials, java.lang.String serviceName, java.lang.String objectName, java.lang.String methodName, java.lang.Object[] parameters) throws java.security.AccessControlException
intercepts a request before process if anySecurityInterceptor
configured- Parameters:
credentials
-serviceName
-objectName
-methodName
-parameters
-- Throws:
java.security.AccessControlException
- if access is denied
-
interceptAfter
void interceptAfter(Credentials credentials, java.lang.String serviceName, java.lang.String objectName, java.lang.String methodName)
intercepts a request after process if anySecurityInterceptor
configured Any exception thrown during interception will be ignored- Parameters:
credentials
-serviceName
-objectName
-methodName
-
-
createSecureCallable
<V> SecureCallable<V> createSecureCallable(javax.security.auth.Subject subject, java.util.concurrent.Callable<V> callable)
Creates secure callable that runs in a sandbox.- Type Parameters:
V
- return type of callable- Parameters:
subject
-callable
-- Returns:
- result of callable
-
createSecureCallable
<V> SecureCallable<?> createSecureCallable(javax.security.auth.Subject subject, java.lang.Runnable runnable)
Creates secure callable that runs in a sandbox.- Type Parameters:
V
- return type of callable- Parameters:
subject
-runnable
-- Returns:
- Will always return null after
Runnable
finishes running.
-
destroy
void destroy()
DestroysSecurityContext
and all security elements.
-
refreshPermissions
void refreshPermissions(java.util.Set<PermissionConfig> permissionConfigs)
-
createSqlContext
com.hazelcast.sql.impl.security.SqlSecurityContext createSqlContext(javax.security.auth.Subject subject)
-
-