org.apache.ignite.internal.processors.security

Interface IgniteSecurity

All Known Implementing Classes:

IgniteSecurityProcessor, NoOpIgniteSecurityProcessor

public interface IgniteSecurity

Ignite Security Processor.

The differences between IgniteSecurity and GridSecurityProcessor are:

• IgniteSecurity allows to define a current security context by withContext(SecurityContext) or withContext(UUID) methods.
• IgniteSecurity doesn't require to pass SecurityContext to authorize operations.
• IgniteSecurity doesn't extend GridProcessor interface sequentially it doesn't have any methods of the lifecycle of GridProcessor.

Field Summary

Fields

Modifier and Type	Field and Description
static String	MSG_SEC_PROC_CLS_IS_INVALID

Method Summary

Modifier and Type	Method and Description
SecurityContext	authenticate(AuthenticationContext ctx) Delegates call to GridSecurityProcessor.authenticate(AuthenticationContext)
SecuritySubject	authenticatedSubject(UUID subjId) Delegates call to GridSecurityProcessor.authenticatedSubject(UUID)
Collection<SecuritySubject>	authenticatedSubjects() Delegates call to GridSecurityProcessor.authenticatedSubjects()
SecurityContext	authenticateNode(ClusterNode node, SecurityCredentials cred) Delegates call to GridSecurityProcessor.authenticateNode(org.apache.ignite.cluster.ClusterNode, org.apache.ignite.plugin.security.SecurityCredentials)
default void	authorize(SecurityPermission perm) Authorizes grid system operation.
void	authorize(String name, SecurityPermission perm) Authorizes grid operation.
boolean	enabled()
boolean	isGlobalNodeAuthentication() Delegates call to GridSecurityProcessor.isGlobalNodeAuthentication()
void	onSessionExpired(UUID subjId) Delegates call to GridSecurityProcessor.onSessionExpired(UUID)
SecurityContext	securityContext()
OperationSecurityContext	withContext(SecurityContext secCtx) Creates OperationSecurityContext.
OperationSecurityContext	withContext(UUID nodeId) Creates OperationSecurityContext.

Field Detail

MSG_SEC_PROC_CLS_IS_INVALID

static final String MSG_SEC_PROC_CLS_IS_INVALID

See Also:

Constant Field Values

Method Detail

withContext

OperationSecurityContext withContext(SecurityContext secCtx)

Creates OperationSecurityContext. All calls of methods authorize(String, SecurityPermission) or authorize(SecurityPermission) will be processed into the context of passed SecurityContext until holder OperationSecurityContext will be closed.

Parameters:

secCtx - Security Context.

Returns:

Security context holder.

withContext

OperationSecurityContext withContext(UUID nodeId)

Creates OperationSecurityContext. All calls of methods authorize(String, SecurityPermission) or authorize(SecurityPermission) will be processed into the context of SecurityContext that is owned by the node with given nodeId until holder OperationSecurityContext will be closed.

Parameters:

nodeId - Node id.

Returns:

Security context holder.

securityContext

SecurityContext securityContext()

Returns:

SecurityContext of holder OperationSecurityContext.

authenticateNode

SecurityContext authenticateNode(ClusterNode node,
                                 SecurityCredentials cred)
                          throws IgniteCheckedException

Delegates call to GridSecurityProcessor.authenticateNode(org.apache.ignite.cluster.ClusterNode, org.apache.ignite.plugin.security.SecurityCredentials)

Throws:

IgniteCheckedException

isGlobalNodeAuthentication

boolean isGlobalNodeAuthentication()

Delegates call to GridSecurityProcessor.isGlobalNodeAuthentication()

authenticate

SecurityContext authenticate(AuthenticationContext ctx)
                      throws IgniteCheckedException

Delegates call to GridSecurityProcessor.authenticate(AuthenticationContext)

Throws:

IgniteCheckedException

authenticatedSubjects

Collection<SecuritySubject> authenticatedSubjects()
                                           throws IgniteCheckedException

Delegates call to GridSecurityProcessor.authenticatedSubjects()

Throws:

IgniteCheckedException

authenticatedSubject

SecuritySubject authenticatedSubject(UUID subjId)
                              throws IgniteCheckedException

Delegates call to GridSecurityProcessor.authenticatedSubject(UUID)

Throws:

IgniteCheckedException

onSessionExpired

void onSessionExpired(UUID subjId)

Delegates call to GridSecurityProcessor.onSessionExpired(UUID)

authorize

void authorize(String name,
               SecurityPermission perm)
        throws SecurityException

Authorizes grid operation.

Parameters:

name - Cache name or task class name.

perm - Permission to authorize.

Throws:

SecurityException - If security check failed.

authorize

default void authorize(SecurityPermission perm)
                throws SecurityException

Authorizes grid system operation.

Parameters:

perm - Permission to authorize.

Throws:

SecurityException - If security check failed.

enabled

boolean enabled()

Returns:

True if IgniteSecurity is a plugin implementation, false if it's used a default NoOp implementation.