H2OSecurityManager (h2o-core 3.42.0 API)

java.lang.Object
- water.H2OSecurityManager

All Implemented Interfaces:

WrappingSecurityManager
```
public class H2OSecurityManager
extends java.lang.Object
implements WrappingSecurityManager
```
Takes care of security. In the long run this class should manage all security aspects of H2O but currently some parts are handled in other parts of the codebase. An instance of this class should be instantiated for each H2O object and should follow its lifecycle. At this stage we support a simple shared secret, handshake based, authentication, which can be turned on with the h2o_ssl_enabled parameter. Should the communicating nodes not share a common shared secret communication between them will not be possible. Current state of data encryption: - HTTP for FlowUI - currently we rely on Jetty's SSL capabilities, authentication can be performed with hash login, ldap login or kerberos. The location of secret keys used byt Jetty's SSL server should be passed to the jks parameter. - inter node communication - all TCP based communication is being authenticated and encrypted using SSL using JSSE (Java Secure Socket Extension) when then h2o_ssl_enabled parameter is passed. Keystore related parameter should also be used as per the documentation. - in-memory data encryption - currently not supported, using an encrypted drive is recommended at least for the swap partition. - data saved to disk - currently not supported, using an encrypted drive is recommended

Field Summary

Fields
Modifier and Type Field and Description

boolean securityEnabled

Fields
Modifier and Type	Field and Description
`boolean`	`securityEnabled`

Method Summary

All Methods Static Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`static H2OSecurityManager`	`instance()`
`boolean`	`isSecurityEnabled()`
`java.nio.channels.ByteChannel`	`wrapClientChannel(java.nio.channels.SocketChannel channel, java.lang.String host, int port)`
`java.nio.channels.ByteChannel`	`wrapServerChannel(java.nio.channels.SocketChannel channel)`

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail
- securityEnabled
```
public final boolean securityEnabled
```

Method Detail

isSecurityEnabled
```
public boolean isSecurityEnabled()
```
Specified by:

isSecurityEnabled in interface WrappingSecurityManager

wrapServerChannel

public java.nio.channels.ByteChannel wrapServerChannel(java.nio.channels.SocketChannel channel)
                                                throws java.io.IOException

Specified by:: wrapServerChannel in interface WrappingSecurityManager
Throws:: java.io.IOException

wrapClientChannel

public java.nio.channels.ByteChannel wrapClientChannel(java.nio.channels.SocketChannel channel,
                                                       java.lang.String host,
                                                       int port)
                                                throws java.io.IOException

Specified by:: wrapClientChannel in interface WrappingSecurityManager
Throws:: java.io.IOException

instance

public static H2OSecurityManager instance()

Class H2OSecurityManager

Field Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

securityEnabled

Method Detail

isSecurityEnabled

wrapServerChannel

wrapClientChannel

instance