CoherenceTM v3.4
Copyright© 2000-2008 by Oracle Corporation

com.tangosol.net.security
Class DefaultController

java.lang.Object
  extended by com.tangosol.util.Base
      extended by com.tangosol.net.security.DefaultController
All Implemented Interfaces:
AccessController

public final class DefaultController
extends Base
implements AccessController

The default implementation of the AccessController interface.

Note: The DefaultController requires only a read access to the keystore file, and does not check the integrity of the keystore. The modifications to the keystore at a file system level as well as by the keystore tool (which requires a keystore password) must be controlled by external means (OS user management, ACL, etc.)

Since:
Coherence 2.5
Author:
gg 2004.06.02

Field Summary
static java.lang.String KEYSTORE_TYPE
          KeyStore type used by this implementation.
static java.lang.String PROPERTY_CONFIG
          The name of the system property that can be used to override the location of the DefaultController configuration file.
static java.lang.String SIGNATURE_ALGORITHM
          Digital signature algorithm used by this implementation.
static java.security.Signature SIGNATURE_ENGINE
          The Signature object used by this implementation.
 
Constructor Summary
DefaultController(java.io.File fileKeyStore, java.io.File filePermits)
          Construct DefaultController for the specified key store file and permissions description (XML) file.
 
Method Summary
 void checkPermission(ClusterPermission permission, javax.security.auth.Subject subject)
          Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor).
protected  java.lang.Object decrypt(java.security.SignedObject so, java.security.PublicKey keyPublic)
          Decrypt the specified SignedObject using the specified public key.
 java.lang.Object decrypt(java.security.SignedObject so, javax.security.auth.Subject subjEncryptor, javax.security.auth.Subject subjDecryptor)
          Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually assosiated with the current thread.
 java.security.SignedObject encrypt(java.lang.Object o, javax.security.auth.Subject subjEncryptor)
          Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually assosiated with the current thread.
protected  java.security.SignedObject encrypt(java.io.Serializable o, java.security.PrivateKey keyPrivate)
          Encrypt the specified object using the specified private key.
protected  boolean equalsMostly(javax.security.auth.Subject subject1, javax.security.auth.Subject subject2)
          Check whether the specified Subject objects have the same set of principals and public credentials.
protected  java.util.Set extractCertificates(java.util.Set setPubCreds)
          Extract a set of Certificate objects from the set of public credentials.
protected  java.util.Set extractPublicKeys(java.util.Set setPubCreds)
          Extract a set of PublicKeys from the set of public credentials.
protected  java.util.Set findPublicKeys(javax.security.auth.Subject subject)
          Find a set of public keys for the specified Subject.
protected  java.security.Permissions getClusterPermissions(java.security.Principal principal)
          Obtain the permissions for the specified principal.
 XmlElement getPermissionsConfig()
          Obtain the permission configuration descriptor.
static void main(java.lang.String[] asArg)
          Standalone permission check utility.
 

Field Detail

PROPERTY_CONFIG

public static final java.lang.String PROPERTY_CONFIG
The name of the system property that can be used to override the location of the DefaultController configuration file.

The value of this property must be the name of a resource that contains an XML document with the structure defined in the /com/tangosol/net/security/DefaultController.xml configuration descriptor.

See Also:
Constant Field Values

KEYSTORE_TYPE

public static final java.lang.String KEYSTORE_TYPE
KeyStore type used by this implementation.

See Also:
Keystore Types

SIGNATURE_ALGORITHM

public static final java.lang.String SIGNATURE_ALGORITHM
Digital signature algorithm used by this implementation.

See Also:
Digital Signature Algorithms

SIGNATURE_ENGINE

public static final java.security.Signature SIGNATURE_ENGINE
The Signature object used by this implementation.

See Also:
Signature.getInstance()
Constructor Detail

DefaultController

public DefaultController(java.io.File fileKeyStore,
                         java.io.File filePermits)
                  throws java.io.IOException,
                         java.security.AccessControlException
Construct DefaultController for the specified key store file and permissions description (XML) file.

Throws:
java.io.IOException
java.security.AccessControlException
Method Detail

checkPermission

public void checkPermission(ClusterPermission permission,
                            javax.security.auth.Subject subject)
Determine whether the cluster access request indicated by the specified permission should be allowed or denied for a given Subject (requestor).

This method quietly returns if the access request is permitted, or throws a suitable AccessControlException if the specified authentication is invalid or insufficient.

Specified by:
checkPermission in interface AccessController
Parameters:
permission - the permission object that represents access to a clustered resource
subject - the Subject object representing the requestor
Throws:
java.security.AccessControlException - if the specified permission is not permitted, based on the current security policy

encrypt

public java.security.SignedObject encrypt(java.lang.Object o,
                                          javax.security.auth.Subject subjEncryptor)
                                   throws java.io.IOException,
                                          java.security.GeneralSecurityException
Encrypt the specified object using the private credentials for the given Subject (encryptor), which is usually assosiated with the current thread.

Specified by:
encrypt in interface AccessController
Parameters:
o - the Object to encrypt
subjEncryptor - the Subject object whose credentials are being used to do the encryption
Returns:
the SignedObject
Throws:
java.io.IOException - if an error occurs during serialization
java.security.GeneralSecurityException - if the signing fails

decrypt

public java.lang.Object decrypt(java.security.SignedObject so,
                                javax.security.auth.Subject subjEncryptor,
                                javax.security.auth.Subject subjDecryptor)
                         throws java.lang.ClassNotFoundException,
                                java.io.IOException,
                                java.security.GeneralSecurityException
Decrypt the specified SignedObject using the public credentials for a given encryptor Subject in a context represented by the decryptor Subject which is usually assosiated with the current thread.

Specified by:
decrypt in interface AccessController
Parameters:
so - the SignedObject to decrypt
subjEncryptor - the Subject object whose credentials were used to do the encryption
subjDecryptor - the Subject object whose credentials might be used to do the decryption (optional)
Returns:
the decrypted Object
Throws:
java.lang.ClassNotFoundException - if a necessary class cannot be found during deserialization
java.io.IOException - if an error occurs during deserialization
java.security.GeneralSecurityException - if the verification fails

getPermissionsConfig

public XmlElement getPermissionsConfig()
Obtain the permission configuration descriptor.

Returns:
the XmlElement with the "permissions" element as a root

getClusterPermissions

protected java.security.Permissions getClusterPermissions(java.security.Principal principal)
Obtain the permissions for the specified principal.

Parameters:
principal - the Principal object
Returns:
an array of Permission objects for the specified principal or null if no such principal exists

encrypt

protected java.security.SignedObject encrypt(java.io.Serializable o,
                                             java.security.PrivateKey keyPrivate)
                                      throws java.io.IOException,
                                             java.security.GeneralSecurityException
Encrypt the specified object using the specified private key.

Parameters:
o - the Serializable object to encrypt
keyPrivate - the PrivateKey object to use for encryption
Returns:
the SignedObject
Throws:
java.io.IOException
java.security.GeneralSecurityException

decrypt

protected java.lang.Object decrypt(java.security.SignedObject so,
                                   java.security.PublicKey keyPublic)
                            throws java.lang.ClassNotFoundException,
                                   java.io.IOException,
                                   java.security.GeneralSecurityException
Decrypt the specified SignedObject using the specified public key.

Parameters:
so - the SignedObject to decrypt
keyPublic - the PublicKey object to use for decryption
Returns:
the decrypted Object
Throws:
java.lang.ClassNotFoundException
java.io.IOException
java.security.GeneralSecurityException

equalsMostly

protected boolean equalsMostly(javax.security.auth.Subject subject1,
                               javax.security.auth.Subject subject2)
Check whether the specified Subject objects have the same set of principals and public credentials.

Returns:
true iff the subjects have the same set of principals and public credentials

extractPublicKeys

protected java.util.Set extractPublicKeys(java.util.Set setPubCreds)
Extract a set of PublicKeys from the set of public credentials.

Parameters:
setPubCreds - set of public credentials
Returns:
a set of PublicKey objects

extractCertificates

protected java.util.Set extractCertificates(java.util.Set setPubCreds)
Extract a set of Certificate objects from the set of public credentials.

Parameters:
setPubCreds - set of public credentials
Returns:
a set of Certificate objects

findPublicKeys

protected java.util.Set findPublicKeys(javax.security.auth.Subject subject)
                                throws java.security.GeneralSecurityException
Find a set of public keys for the specified Subject.

Note: We need to prevent a security hole when a caller would construct and send the responder a Subject object with a Principal object that have a high security clearance, but provide a valid cerificate representing a low security clearance Principal. To deal with this after we find the caller's cerificate in the key store, the principal match must be verified.

Parameters:
subject - the Subject object
Returns:
a set of PublicKey objects
Throws:
java.security.GeneralSecurityException - if a keystore exception occurs

main

public static void main(java.lang.String[] asArg)
                 throws java.lang.Exception
Standalone permission check utility.
   java com.tangosol.net.security DefaultController [-<option>]* <target> <action>

 where options include:
   -keystore:<keystore path>   the path to the keystore
   -module:<name>              the login module name
   -permits:<permits path>     the path to permissions file
   -requestor:<name!password>  the requestor's name/password pair
   -responder:<name!password>  the responder's name/password pair
 

Throws:
java.lang.Exception

CoherenceTM v3.4
Copyright© 2000-2008 by Oracle Corporation