GridSecurityProcessor (Ignite 2.11.1)

All Superinterfaces:

GridComponent, GridProcessor

All Known Implementing Classes:

IgniteAuthenticationProcessor
```
public interface GridSecurityProcessor
extends GridProcessor
```
This interface is responsible for:
- Node authentication;
- Thin client authentication;
- Providing configuration info whether global node authentication is enabled;
- Keeping and propagating all authenticated security subjects;
- Providing configuration info whether security mode is enabled at all;
- Handling expired sessions;
- Providing configuration info whether sandbox is enabled;
- Keeping and propagating authenticated security subject for thin clients;
- Keeping and propagating authenticated security contexts for nodes and thin clients;
- Authorizing specific operations (cache put, task execute, so on) when session security context is set.

Nested Class Summary
- Nested classes/interfaces inherited from interface org.apache.ignite.internal.GridComponent
  GridComponent.DiscoveryDataExchangeType

Method Summary

All Methods Instance Methods Abstract Methods Default Methods Deprecated Methods
Modifier and Type	Method and Description
`default void`	`alterUser(String login, char[] pwd)` Alters password of user with the specified login.
`SecurityContext`	`authenticate(AuthenticationContext ctx)` Authenticates subject via underlying Authenticator.
`SecuritySubject`	`authenticatedSubject(UUID subjId)` Gets authenticated node subject.
`Collection<SecuritySubject>`	`authenticatedSubjects()` Gets collection of authenticated nodes.
`SecurityContext`	`authenticateNode(ClusterNode node, SecurityCredentials cred)` Authenticates grid node with it's attributes via underlying Authenticator.
`void`	`authorize(String name, SecurityPermission perm, SecurityContext securityCtx)` Authorizes grid operation.
`default void`	`createUser(String login, char[] pwd)` Creates user with the specified login and password.
`default void`	`dropUser(String login)` Drops user with the specified login.
`boolean`	`enabled()` Deprecated. To determine the security mode use `IgniteSecurity.enabled()`.
`boolean`	`isGlobalNodeAuthentication()` Gets flag indicating whether all nodes or coordinator only should run the authentication for joining node.
`void`	`onSessionExpired(UUID subjId)` Callback invoked when subject session got expired.
`default boolean`	`sandboxEnabled()` If this method returns true and `SecurityManager` is installed, then the user-defined code will be run inside the Sandbox.
`default SecurityContext`	`securityContext(UUID subjId)` Gets security context for authenticated nodes and thin clients.

Methods inherited from interface org.apache.ignite.internal.GridComponent
collectGridNodeData, collectJoiningNodeData, discoveryDataType, onDisconnected, onGridDataReceived, onJoiningNodeDataReceived, onKernalStart, onKernalStop, onReconnected, printMemoryStats, start, stop, validateNode, validateNode

- Method Detail
  - authenticateNode
```
SecurityContext authenticateNode(ClusterNode node,
                                 SecurityCredentials cred)
                          throws IgniteCheckedException
```
    Authenticates grid node with it's attributes via underlying Authenticator.
    
    Parameters:
    
    node - Node id to authenticate.
    
    cred - Security credentials.
    
    Returns:
    
    True if succeeded, false otherwise.
    
    Throws:
    
    IgniteCheckedException - If error occurred.
  - isGlobalNodeAuthentication
```
boolean isGlobalNodeAuthentication()
```
    Gets flag indicating whether all nodes or coordinator only should run the authentication for joining node.
    
    Returns:
    
    True if all nodes should run authentication process, false otherwise.
  - authenticate
```
SecurityContext authenticate(AuthenticationContext ctx)
                      throws IgniteCheckedException
```
    Authenticates subject via underlying Authenticator.
    
    Parameters:
    
    ctx - Authentication context.
    
    Returns:
    
    True if succeeded, false otherwise.
    
    Throws:
    
    IgniteCheckedException - If error occurred.
  - authenticatedSubjects
```
Collection<SecuritySubject> authenticatedSubjects()
                                           throws IgniteCheckedException
```
    Gets collection of authenticated nodes.
    
    Returns:
    
    Collection of authenticated nodes.
    
    Throws:
    
    IgniteCheckedException - If error occurred.
  - authenticatedSubject
```
SecuritySubject authenticatedSubject(UUID subjId)
                              throws IgniteCheckedException
```
    Gets authenticated node subject.
    
    Parameters:
    
    subjId - Subject ID.
    
    Returns:
    
    Security subject.
    
    Throws:
    
    IgniteCheckedException - If error occurred.
  - securityContext
```
default SecurityContext securityContext(UUID subjId)
```
    Gets security context for authenticated nodes and thin clients.
    
    Parameters:
    
    subjId - Security subject id.
    
    Returns:
    
    Security context or null if not found.
  - authorize
```
void authorize(String name,
               SecurityPermission perm,
               SecurityContext securityCtx)
        throws SecurityException
```
    Authorizes grid operation.
    
    Parameters:
    
    name - Cache name or task class name.
    
    perm - Permission to authorize.
    
    securityCtx - Optional security context.
    
    Throws:
    
    SecurityException - If security check failed.
  - onSessionExpired
```
void onSessionExpired(UUID subjId)
```
    Callback invoked when subject session got expired.
    
    Parameters:
    
    subjId - Subject ID.
  - enabled
```
@Deprecated
boolean enabled()
```
    Deprecated. To determine the security mode use IgniteSecurity.enabled().
    
    Returns:
    
    GridSecurityProcessor is enable.
  - sandboxEnabled
```
default boolean sandboxEnabled()
```
    If this method returns true and SecurityManager is installed, then the user-defined code will be run inside the Sandbox.
    
    Returns:
    
    True if sandbox is enabled.
    
    See Also:
    
    IgniteSandbox
  - createUser
```
default void createUser(String login,
                        char[] pwd)
                 throws IgniteCheckedException
```
    Creates user with the specified login and password.
    
    Parameters:
    
    login - Login of the user to be created.
    
    pwd - User password.
    
    Throws:
    
    IgniteCheckedException - If error occurred.
  - alterUser
```
default void alterUser(String login,
                       char[] pwd)
                throws IgniteCheckedException
```
    Alters password of user with the specified login.
    
    Parameters:
    
    login - Login of the user which password should be altered.
    
    pwd - User password to alter.
    
    Throws:
    
    IgniteCheckedException - If error occurred.
  - dropUser
```
default void dropUser(String login)
               throws IgniteCheckedException
```
    Drops user with the specified login.
    
    Parameters:
    
    login - Login of the user to be dropped.
    
    Throws:
    
    IgniteCheckedException - If error occurred.

Interface GridSecurityProcessor

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.ignite.internal.GridComponent

Method Summary

Methods inherited from interface org.apache.ignite.internal.GridComponent

Method Detail

authenticateNode

isGlobalNodeAuthentication

authenticate

authenticatedSubjects

authenticatedSubject

securityContext

authorize

onSessionExpired

enabled

sandboxEnabled

createUser

alterUser

dropUser