Package org.apache.ignite.internal.processors.security

Interface GridSecurityProcessor

  • All Superinterfaces:
    GridComponent, GridProcessor
    All Known Implementing Classes:
    IgniteAuthenticationProcessor
    public interface GridSecurityProcessor
extends GridProcessor
    This interface is responsible for:
    • Node authentication;
    • Thin client authentication;
    • Providing configuration info whether global node authentication is enabled;
    • Keeping and propagating all authenticated security subjects;
    • Providing configuration info whether security mode is enabled at all;
    • Handling expired sessions;
    • Providing configuration info whether sandbox is enabled;
    • Keeping and propagating authenticated security subject for thin clients;
    • Keeping and propagating authenticated security contexts for nodes and thin clients;
    • Authorizing specific operations (cache put, task execute, so on) when session security context is set.

    • Method Detail

      • isGlobalNodeAuthentication

        boolean isGlobalNodeAuthentication()
        Gets flag indicating whether all nodes or coordinator only should run the authentication for joining node.
        Returns:
        True if all nodes should run authentication process, false otherwise.

      • securityContext

        default SecurityContext securityContext​(UUID subjId)
        Gets security context for authenticated nodes and thin clients.
        Parameters:
        subjId - Security subject id.
        Returns:
        Security context or null if not found.

      • onSessionExpired

        void onSessionExpired​(UUID subjId)
        Callback invoked when subject session got expired.
        Parameters:
        subjId - Subject ID.

      • sandboxEnabled

        default boolean sandboxEnabled()
        If this method returns true and SecurityManager is installed, then the user-defined code will be run inside the Sandbox.
        Returns:
        True if sandbox is enabled.
        See Also:
        IgniteSandbox

      • createUser

        default void createUser​(String login,
                        char[] pwd)
                 throws IgniteCheckedException
        Creates user with the specified login and password.
        Parameters:
        login - Login of the user to be created.
        pwd - User password.
        Throws:
        IgniteCheckedException - If error occurred.

      • alterUser

        default void alterUser​(String login,
                       char[] pwd)
                throws IgniteCheckedException
        Alters password of user with the specified login.
        Parameters:
        login - Login of the user which password should be altered.
        pwd - User password to alter.
        Throws:
        IgniteCheckedException - If error occurred.

      • isSystemType

        default boolean isSystemType​(Class<?> cls)
        Parameters:
        cls - The class for which the check is to be performed.
        Returns:
        Whether the specified class can be considered system. System classes are classes whose source code can be considered controlled by the Ignite administrator and to which less stringent security checks can be applied. This method will be called on classes that are not part of the Ignite codebase. This allows the Security Plugin to extend the pool of system classes with user-defined ones (e.g. classes that belongs to custom Ignite Plugins).