|
CoherenceTM v3.3 Copyright© 2000-2007 by Oracle Corporation |
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface AccessController
The AccessController interface is used by the cluster services to verify whether or not a caller has sufficient rights to access protected clustered resources.
The implementing class is declared by the "security-config/access-controller" element in the tangosol-coherence.xml configuration descriptor and used to control access to protected clustered resources.
DefaultController
,
Security
Method Summary | |
---|---|
void |
checkPermission(ClusterPermission permission,
Subject subject)
Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor). |
Object |
decrypt(SignedObject so,
Subject subjEncryptor,
Subject subjDecryptor)
Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually assosiated with the current thread. |
SignedObject |
encrypt(Object o,
Subject subjEncryptor)
Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually assosiated with the current thread. |
Method Detail |
---|
void checkPermission(ClusterPermission permission, Subject subject)
This method quietly returns if the access request is permitted, or throws a suitable AccessControlException if the specified authentication is invalid or insufficient.
permission
- the permission object that represents access
to a clustered resourcesubject
- the Subject object representing the requestor
AccessControlException
- if the specified permission
is not permitted, based on the current security policySignedObject encrypt(Object o, Subject subjEncryptor) throws IOException, GeneralSecurityException
o
- the Object to encryptsubjEncryptor
- the Subject object whose credentials are being
used to do the encryption
IOException
- if an error occurs during serialization
GeneralSecurityException
- if the signing failsObject decrypt(SignedObject so, Subject subjEncryptor, Subject subjDecryptor) throws ClassNotFoundException, IOException, GeneralSecurityException
Note: the encryptor Subject usually represents a remote called and comes without any private credentials. Moreover, even the public credentials it provides may not be fully trusted and have to be verified as matching to the set of the encryptor's principals.
so
- the SignedObject to decryptsubjEncryptor
- the Subject object whose credentials were used
to do the encryptionsubjDecryptor
- the Subject object whose credentials might be
used to do the decryption; for example, in a
request/response model, the decryptor for a
response is the encryptor for the original
request
ClassNotFoundException
- if a necessary class cannot be found
during deserialization
IOException
- if an error occurs during deserialization
GeneralSecurityException
- if the verification fails
|
CoherenceTM v3.3 Copyright© 2000-2007 by Oracle Corporation |
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |