-
Notifications
You must be signed in to change notification settings - Fork 1.9k
/
SecuritySubject.java
81 lines (72 loc) · 2.69 KB
/
SecuritySubject.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.ignite.plugin.security;
import java.io.Serializable;
import java.net.InetSocketAddress;
import java.security.PermissionCollection;
import java.security.ProtectionDomain;
import java.security.cert.Certificate;
import java.util.UUID;
import org.apache.ignite.internal.processors.security.SecurityUtils;
/**
* Security subject representing authenticated node with a set of permissions.
*/
public interface SecuritySubject extends Serializable {
/**
* Gets subject ID.
*
* @return Subject ID.
*/
public UUID id();
/**
* Gets subject type for node.
*
* @return Subject type.
*/
public SecuritySubjectType type();
/**
* Login provided via subject security credentials.
*
* @return Login object.
*/
public Object login();
/**
* Gets subject connection address. Usually {@link InetSocketAddress} representing connection IP and port.
*
* @return Subject connection address.
*/
public InetSocketAddress address();
/**
* Gets subject client certificates, or {@code null} if SSL were not used or client certificate checking not enabled.
*
* @return Subject client certificates.
*/
public default Certificate[] certificates() {
return null;
}
/**
* @return Permissions for SecurityManager checks.
* @deprecated {@link SecuritySubject} must contain only immutable set of
* information that represents a security principal. Security permissions are part of authorization process
* and have nothing to do with {@link SecuritySubject}. This method will be removed in the future releases.
*/
@Deprecated
public default PermissionCollection sandboxPermissions() {
ProtectionDomain pd = SecurityUtils.doPrivileged(() -> getClass().getProtectionDomain());
return pd != null ? pd.getPermissions() : SecurityUtils.ALL_PERMISSIONS;
}
}