Package org.apache.ignite.internal.processors.security

Interface IgniteSecurity

All Known Implementing Classes:

IgniteSecurityAdapter, IgniteSecurityProcessor, NoOpIgniteSecurityProcessor

public interface IgniteSecurity

Ignite Security Processor.

The differences between IgniteSecurity and GridSecurityProcessor are:

• IgniteSecurity allows to define a current security context by withContext(SecurityContext) or withContext(UUID) methods.
• IgniteSecurity doesn't require to pass SecurityContext to authorize operations.
• IgniteSecurity doesn't extend GridProcessor interface sequentially it doesn't have any methods of the lifecycle of GridProcessor.

Method Summary

Modifier and Type	Method	Description
void	alterUser(String login, char[] pwd)	Alters password of user with the specified login.
SecurityContext	authenticate(AuthenticationContext ctx)	Delegates call to GridSecurityProcessor.authenticate(AuthenticationContext)
SecuritySubject	authenticatedSubject(UUID subjId)	Delegates call to GridSecurityProcessor.authenticatedSubject(UUID)
Collection<SecuritySubject>	authenticatedSubjects()	Delegates call to GridSecurityProcessor.authenticatedSubjects()
SecurityContext	authenticateNode(ClusterNode node, SecurityCredentials cred)	Delegates call to GridSecurityProcessor.authenticateNode(org.apache.ignite.cluster.ClusterNode, org.apache.ignite.plugin.security.SecurityCredentials)
void	authorize(String name, SecurityPermission perm)	Authorizes grid operation.
default void	authorize(SecurityPermission perm)	Authorizes grid system operation.
void	createUser(String login, char[] pwd)	Creates user with the specified login and password.
void	dropUser(String login)	Drops user with the specified login.
boolean	enabled()
boolean	isDefaultContext()
boolean	isGlobalNodeAuthentication()	Delegates call to GridSecurityProcessor.isGlobalNodeAuthentication()
boolean	isSystemType(Class<?> cls)
void	onLocalJoin()	Callback for local join events for which the regular events are not generated.
void	onSessionExpired(UUID subjId)	Delegates call to GridSecurityProcessor.onSessionExpired(UUID)
IgniteSandbox	sandbox()
SecurityContext	securityContext()
OperationSecurityContext	withContext(UUID nodeId)	Creates OperationSecurityContext.
OperationSecurityContext	withContext(SecurityContext secCtx)	Creates OperationSecurityContext.

Method Detail

withContext

OperationSecurityContext withContext(SecurityContext secCtx)

Creates OperationSecurityContext. All calls of methods authorize(String, SecurityPermission) or authorize(SecurityPermission) will be processed into the context of passed SecurityContext until holder OperationSecurityContext will be closed.

Parameters:

secCtx - Security Context.

Returns:

Security context holder.

withContext

OperationSecurityContext withContext(UUID nodeId)

Creates OperationSecurityContext. All calls of methods authorize(String, SecurityPermission) or authorize(SecurityPermission) will be processed into the context of SecurityContext that is owned by the node with given nodeId until holder OperationSecurityContext will be closed.

Parameters:

nodeId - Node id.

Returns:

Security context holder.

isDefaultContext

boolean isDefaultContext()

Returns:

True if current thread executed in default security context.

securityContext

SecurityContext securityContext()

Returns:

SecurityContext of holder OperationSecurityContext.

authenticateNode

SecurityContext authenticateNode(ClusterNode node,
                                 SecurityCredentials cred)
                          throws IgniteCheckedException

Delegates call to GridSecurityProcessor.authenticateNode(org.apache.ignite.cluster.ClusterNode, org.apache.ignite.plugin.security.SecurityCredentials)

Throws:

IgniteCheckedException

isGlobalNodeAuthentication

boolean isGlobalNodeAuthentication()

Delegates call to GridSecurityProcessor.isGlobalNodeAuthentication()

authenticate

SecurityContext authenticate(AuthenticationContext ctx)
                      throws IgniteCheckedException

Delegates call to GridSecurityProcessor.authenticate(AuthenticationContext)

Throws:

IgniteCheckedException

authenticatedSubjects

Collection<SecuritySubject> authenticatedSubjects()
                                           throws IgniteCheckedException

Delegates call to GridSecurityProcessor.authenticatedSubjects()

Throws:

IgniteCheckedException

authenticatedSubject

SecuritySubject authenticatedSubject(UUID subjId)
                              throws IgniteCheckedException

Delegates call to GridSecurityProcessor.authenticatedSubject(UUID)

Throws:

IgniteCheckedException

onSessionExpired

void onSessionExpired(UUID subjId)

Delegates call to GridSecurityProcessor.onSessionExpired(UUID)

authorize

void authorize(String name,
               SecurityPermission perm)
        throws SecurityException

Authorizes grid operation.

Parameters:

name - Cache name or task class name.

perm - Permission to authorize.

Throws:

SecurityException - If security check failed.

authorize

default void authorize(SecurityPermission perm)
                throws SecurityException

Authorizes grid system operation.

Parameters:

perm - Permission to authorize.

Throws:

SecurityException - If security check failed.

sandbox

IgniteSandbox sandbox()

Returns:

Instance of IgniteSandbox.

enabled

boolean enabled()

Returns:

True if IgniteSecurity is a plugin implementation, false if it's used a default NoOp implementation.

createUser

void createUser(String login,
                char[] pwd)
         throws IgniteCheckedException

Creates user with the specified login and password.

Parameters:

login - Login of the user to be created.

pwd - User password.

Throws:

IgniteCheckedException - If error occurred.

alterUser

void alterUser(String login,
               char[] pwd)
        throws IgniteCheckedException

Alters password of user with the specified login.

Parameters:

login - Login of the user which password should be altered.

pwd - User password to alter.

Throws:

IgniteCheckedException - If error occurred.

dropUser

void dropUser(String login)
       throws IgniteCheckedException

Drops user with the specified login.

Parameters:

login - Login of the user to be dropped.

Throws:

IgniteCheckedException - If error occurred.

onLocalJoin

void onLocalJoin()

Callback for local join events for which the regular events are not generated.

Local join event is expected in cases of joining to topology or client reconnect.

isSystemType

boolean isSystemType(Class<?> cls)

Parameters:

cls - The class for which the check is to be performed.

Returns:

Whether the specified class can be considered system. System classes are classes whose source code can be considered controlled by the Ignite administrator and to which less stringent security checks can be applied. By default, Ignite considers only classes from its own codebase as system but their pool can be extended by custom Security Plugin.

See Also:

GridSecurityProcessor.isSystemType(Class)