com.tangosol.net.security
Class DefaultController

java.lang.Object
  com.tangosol.util.Base
      com.tangosol.net.security.DefaultController

All Implemented Interfaces:

AccessController

public final class DefaultController
extends Base
implements AccessController

The default implementation of the AccessController interface.

Note: The DefaultController requires only a read access to the keystore file, and does not check the integrity of the keystore. The modifications to the keystore at a file system level as well as by the keystore tool (which requires a keystore password) must be controlled by external means (OS user management, ACL, etc.)

Since:

Coherence 2.5

Author:

gg 2004.06.02

Field Summary

static String	KEYSTORE_TYPE KeyStore type used by this implementation.
static String	PROPERTY_CONFIG The name of the system property that can be used to override the location of the DefaultController configuration file.
static String	SIGNATURE_ALGORITHM Digital signature algorithm used by this implementation.
static Signature	SIGNATURE_ENGINE The Signature object used by this implementation.

Constructor Summary

DefaultController(File fileKeyStore, File filePermits)
Construct DefaultController for the specified key store file and permissions description (XML) file.

Method Summary

void	checkPermission(ClusterPermission permission, Subject subject) Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor).
protected Object	decrypt(SignedObject so, PublicKey keyPublic) Decrypt the specified SignedObject using the specified public key.
Object	decrypt(SignedObject so, Subject subjEncryptor, Subject subjDecryptor) Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually assosiated with the current thread.
SignedObject	encrypt(Object o, Subject subjEncryptor) Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually assosiated with the current thread.
protected SignedObject	encrypt(Serializable o, PrivateKey keyPrivate) Encrypt the specified object using the specified private key.
protected boolean	equalsMostly(Subject subject1, Subject subject2) Check whether the specified Subject objects have the same set of principals and public credentials.
protected Set	extractCertificates(Set setPubCreds) Extract a set of Certificate objects from the set of public credentials.
protected Set	extractPublicKeys(Set setPubCreds) Extract a set of PublicKeys from the set of public credentials.
protected Set	findPublicKeys(Subject subject) Find a set of public keys for the specified Subject.
protected Permissions	getClusterPermissions(Principal principal) Obtain the permissions for the specified principal.
XmlElement	getPermissionsConfig() Obtain the permission configuration descriptor.
static void	main(String[] asArg) Standalone permission check utility.

Field Detail

PROPERTY_CONFIG

public static final String PROPERTY_CONFIG

The name of the system property that can be used to override the location of the DefaultController configuration file.

The value of this property must be the name of a resource that contains an XML document with the structure defined in the /com/tangosol/net/security/DefaultController.xml configuration descriptor.

See Also:

Constant Field Values

KEYSTORE_TYPE

public static final String KEYSTORE_TYPE

KeyStore type used by this implementation.

See Also:

Keystore Types

SIGNATURE_ALGORITHM

public static final String SIGNATURE_ALGORITHM

Digital signature algorithm used by this implementation.

See Also:

Digital Signature Algorithms

SIGNATURE_ENGINE

public static final Signature SIGNATURE_ENGINE

The Signature object used by this implementation.

See Also:

Signature.getInstance()

Constructor Detail

DefaultController

public DefaultController(File fileKeyStore,
                         File filePermits)
                  throws IOException,
                         AccessControlException

Construct DefaultController for the specified key store file and permissions description (XML) file.

Throws:

IOException

AccessControlException

Method Detail

checkPermission

public void checkPermission(ClusterPermission permission,
                            Subject subject)

Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor).

This method quietly returns if the access request is permitted, or throws a suitable AccessControlException if the specified authentication is invalid or insufficient.

Specified by:

checkPermission in interface AccessController

Parameters:

permission - the permission object that represents access to a clustered resource

subject - the Subject object representing the requestor

Throws:

AccessControlException - if the specified permission is not permitted, based on the current security policy

encrypt

public SignedObject encrypt(Object o,
                            Subject subjEncryptor)
                     throws IOException,
                            GeneralSecurityException

Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually assosiated with the current thread.

Specified by:

encrypt in interface AccessController

Parameters:

o - the Object to encrypt

subjEncryptor - the Subject object whose credentials are being used to do the encryption

Returns:

the SignedObject

Throws:

IOException - if an error occurs during serialization

GeneralSecurityException - if the signing fails

decrypt

public Object decrypt(SignedObject so,
                      Subject subjEncryptor,
                      Subject subjDecryptor)
               throws ClassNotFoundException,
                      IOException,
                      GeneralSecurityException

Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually assosiated with the current thread.

Specified by:

decrypt in interface AccessController

Parameters:

so - the SignedObject to decrypt

subjEncryptor - the Subject object whose credentials were used to do the encryption

subjDecryptor - the Subject object whose credentials might be used to do the decryption (optional)

Returns:

the decrypted Object

Throws:

ClassNotFoundException - if a necessary class cannot be found during deserialization

IOException - if an error occurs during deserialization

GeneralSecurityException - if the verification fails

getPermissionsConfig

public XmlElement getPermissionsConfig()

Obtain the permission configuration descriptor.

Returns:

the XmlElement with the "permissions" element as a root

getClusterPermissions

protected Permissions getClusterPermissions(Principal principal)

Obtain the permissions for the specified principal.

Parameters:

principal - the Principal object

Returns:

an array of Permission objects for the specified principal or null if no such principal exists

encrypt

protected SignedObject encrypt(Serializable o,
                               PrivateKey keyPrivate)
                        throws IOException,
                               GeneralSecurityException

Encrypt the specified object using the specified private key.

Parameters:

o - the Serializable object to encrypt

keyPrivate - the PrivateKey object to use for encryption

Returns:

the SignedObject

Throws:

IOException

GeneralSecurityException

decrypt

protected Object decrypt(SignedObject so,
                         PublicKey keyPublic)
                  throws ClassNotFoundException,
                         IOException,
                         GeneralSecurityException

Decrypt the specified SignedObject using the specified public key.

Parameters:

so - the SignedObject to decrypt

keyPublic - the PublicKey object to use for decryption

Returns:

the decrypted Object

Throws:

ClassNotFoundException

IOException

GeneralSecurityException

equalsMostly

protected boolean equalsMostly(Subject subject1,
                               Subject subject2)

Check whether the specified Subject objects have the same set of principals and public credentials.

Returns:

true iff the subjects have the same set of principals and public credentials

extractPublicKeys

protected Set extractPublicKeys(Set setPubCreds)

Extract a set of PublicKeys from the set of public credentials.

Parameters:

setPubCreds - set of public credentials

Returns:

a set of PublicKey objects

extractCertificates

protected Set extractCertificates(Set setPubCreds)

Extract a set of Certificate objects from the set of public credentials.

Parameters:

setPubCreds - set of public credentials

Returns:

a set of Certificate objects

findPublicKeys

protected Set findPublicKeys(Subject subject)
                      throws GeneralSecurityException

Find a set of public keys for the specified Subject.

Note: We need to prevent a security hole when a caller would construct and send the responder a Subject object with a Principal object that have a high security clearance, but provide a valid cerificate representing a low security clearance Principal. To deal with this after we find the caller's cerificate in the key store, the principal match must be verified.

Parameters:

subject - the Subject object

Returns:

a set of PublicKey objects

Throws:

GeneralSecurityException - if a keystore exception occurs

main

public static void main(String[] asArg)
                 throws Exception

Standalone permission check utility.

   java com.tangosol.net.security DefaultController [-<option>]* <target> <action>

 where options include:
   -keystore:<keystore path>   the path to the keystore
   -module:<name>              the login module name
   -permits:<permits path>     the path to permissions file
   -requestor:<name!password>  the requestor's name/password pair
   -responder:<name!password>  the responder's name/password pair
 

Throws:

Exception