CoherenceTM v3.4
Copyright© 2000-2008 by Oracle Corporation

com.tangosol.net.security
Interface AccessController

All Known Implementing Classes:
DefaultController

public interface AccessController

The AccessController interface is used by the cluster services to verify whether or not a caller has sufficient rights to access protected clustered resources.

The implementing class is declared by the "security-config/access-controller" element in the tangosol-coherence.xml configuration descriptor and used to control access to protected clustered resources.

Since:
Coherence 2.5
Author:
gg 2004.05.28
See Also:
DefaultController, Security

Method Summary
 void checkPermission(ClusterPermission permission, javax.security.auth.Subject subject)
          Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor).
 java.lang.Object decrypt(java.security.SignedObject so, javax.security.auth.Subject subjEncryptor, javax.security.auth.Subject subjDecryptor)
          Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually assosiated with the current thread.
 java.security.SignedObject encrypt(java.lang.Object o, javax.security.auth.Subject subjEncryptor)
          Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually assosiated with the current thread.
 

Method Detail

checkPermission

void checkPermission(ClusterPermission permission,
                     javax.security.auth.Subject subject)
Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor).

This method quietly returns if the access request is permitted, or throws a suitable AccessControlException if the specified authentication is invalid or insufficient.

Parameters:
permission - the permission object that represents access to a clustered resource
subject - the Subject object representing the requestor
Throws:
java.security.AccessControlException - if the specified permission is not permitted, based on the current security policy

encrypt

java.security.SignedObject encrypt(java.lang.Object o,
                                   javax.security.auth.Subject subjEncryptor)
                                   throws java.io.IOException,
                                          java.security.GeneralSecurityException
Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually assosiated with the current thread.

Parameters:
o - the Object to encrypt
subjEncryptor - the Subject object whose credentials are being used to do the encryption
Returns:
the SignedObject
Throws:
java.io.IOException - if an error occurs during serialization
java.security.GeneralSecurityException - if the signing fails

decrypt

java.lang.Object decrypt(java.security.SignedObject so,
                         javax.security.auth.Subject subjEncryptor,
                         javax.security.auth.Subject subjDecryptor)
                         throws java.lang.ClassNotFoundException,
                                java.io.IOException,
                                java.security.GeneralSecurityException
Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually assosiated with the current thread.

Note: the encryptor Subject usually represents a remote called and comes without any private credentials. Moreover, even the public credentials it provides may not be fully trusted and have to be verified as matching to the set of the encryptor's principals.

Parameters:
so - the SignedObject to decrypt
subjEncryptor - the Subject object whose credentials were used to do the encryption
subjDecryptor - the Subject object whose credentials might be used to do the decryption; for example, in a request/response model, the decryptor for a response is the encryptor for the original request
Returns:
the decrypted Object
Throws:
java.lang.ClassNotFoundException - if a necessary class cannot be found during deserialization
java.io.IOException - if an error occurs during deserialization
java.security.GeneralSecurityException - if the verification fails

CoherenceTM v3.4
Copyright© 2000-2008 by Oracle Corporation