com.tangosol.net.security
Class Security

java.lang.Object
  com.tangosol.util.Base
      com.tangosol.net.security.Security

public abstract class Security
extends Base

The Security class is used to assosiate client's identity with an action that requires access to protected clustered resources.

Consider the following code example:

    Subject subject = Security.login(sPrincipal, acPassword);
    PrivilegedAction action = 
        new PrivilegedAction() 
            {
            public Object run() 
                {
                return CacheFactory.getCache(sCacheName);
                }
            };
    NamedCache cache = (NamedCache) Security.runAs(subject, action);
 

The implementation of the run() method in PrivilegedAction does not have to be an immediate CacheFactory related call; it could be any sequence of code. Any calls that made within that context will be excecuted with the same privileges.

If a call that accesses a protected clustered resource is made outside of the "runAs" scope, the AccessController will instantiate and use a CallbackHandler specified in the tangosol-coherence.xml descriptor. If it is not specified and security is enabled the resource access request will be rejected.

A SecurityException is thrown if the caller does not have permission to call a particular method; the controlling permissions are instances of javax.security.auth.AuthPermission with corresponding target names such as "coherence.login" or "coherence.runAs".

Since:

Coherence 2.5

Author:

gg 2004.06.02

Constructor Summary

Security()

Method Summary

static Subject	login(CallbackHandler handler) Perform the authentication.
static Subject	login(String sName, char[] acPassword) Perform the authentication.
static Object	runAs(Subject subject, PrivilegedAction action) Executes a privileged action on behalf of the user identity.
static Object	runAs(Subject subject, PrivilegedExceptionAction action) Executes a privileged exception action on behalf of the user identity.

Constructor Detail

Security

public Security()

Method Detail

login

public static Subject login(String sName,
                            char[] acPassword)

Perform the authentication. This method does nothing and returns null if Coherence security is disabled.

Parameters:

sName - the user name to use for authentication

acPassword - the password to use for authentication

Returns:

the authenticated Subject object that has assosiated Principals and Credentials; null if security is disabled

Throws:

SecurityException - if authentication fails

login

public static Subject login(CallbackHandler handler)

Perform the authentication. This method does nothing and returns null if Coherence security is disabled.

Parameters:

handler - the CallbackHandler to be used for authentication

Returns:

the authenticated Subject object that has assosiated Principals and Credentials; null if security is disabled

Throws:

SecurityException - if authentication fails

runAs

public static Object runAs(Subject subject,
                           PrivilegedAction action)

Executes a privileged action on behalf of the user identity. If Coherence security is disabled the subject parameter is ignored and this method behaves effectively as "return action.run()"

Parameters:

subject - the identity to perform action on behalf of

action - the privileged action to perform

runAs

public static Object runAs(Subject subject,
                           PrivilegedExceptionAction action)
                    throws PrivilegedActionException

Executes a privileged exception action on behalf of the user identity. If Coherence security is disabled the subject parameter is ignored and this method behaves effectively as "return action.run()"

Parameters:

subject - the identity to perform action on behalf of

action - the privileged exception action to perform

Throws:

PrivilegedActionException - if the specified action's run method threw a checked exception