Class SecurityOptions


  • @PublicEvolving
    public class SecurityOptions
    extends Object
    The set of configuration options relating to security.
    • Field Detail

      • SECURITY_CONTEXT_FACTORY_CLASSES

        public static final ConfigOption<List<String>> SECURITY_CONTEXT_FACTORY_CLASSES
      • SECURITY_MODULE_FACTORY_CLASSES

        public static final ConfigOption<List<String>> SECURITY_MODULE_FACTORY_CLASSES
      • KERBEROS_LOGIN_PRINCIPAL

        public static final ConfigOption<String> KERBEROS_LOGIN_PRINCIPAL
      • KERBEROS_LOGIN_USETICKETCACHE

        public static final ConfigOption<Boolean> KERBEROS_LOGIN_USETICKETCACHE
      • KERBEROS_LOGIN_CONTEXTS

        public static final ConfigOption<String> KERBEROS_LOGIN_CONTEXTS
      • KERBEROS_HADOOP_FILESYSTEMS_TO_ACCESS

        public static final ConfigOption<List<String>> KERBEROS_HADOOP_FILESYSTEMS_TO_ACCESS
      • DELEGATION_TOKENS_ENABLED

        public static final ConfigOption<Boolean> DELEGATION_TOKENS_ENABLED
      • DELEGATION_TOKENS_RENEWAL_RETRY_BACKOFF

        public static final ConfigOption<Duration> DELEGATION_TOKENS_RENEWAL_RETRY_BACKOFF
      • DELEGATION_TOKENS_RENEWAL_TIME_RATIO

        public static final ConfigOption<Double> DELEGATION_TOKENS_RENEWAL_TIME_RATIO
      • DELEGATION_TOKEN_PROVIDER_ENABLED

        public static final ConfigOption<Boolean> DELEGATION_TOKEN_PROVIDER_ENABLED
      • ZOOKEEPER_SASL_SERVICE_NAME

        public static final ConfigOption<String> ZOOKEEPER_SASL_SERVICE_NAME
      • ZOOKEEPER_SASL_LOGIN_CONTEXT_NAME

        public static final ConfigOption<String> ZOOKEEPER_SASL_LOGIN_CONTEXT_NAME
      • SSL_INTERNAL_ENABLED

        public static final ConfigOption<Boolean> SSL_INTERNAL_ENABLED
        Enable SSL for internal communication (pekko rpc, netty data transport, blob server).
      • SSL_REST_ENABLED

        public static final ConfigOption<Boolean> SSL_REST_ENABLED
        Enable SSL for external REST endpoints.
      • SSL_REST_AUTHENTICATION_ENABLED

        public static final ConfigOption<Boolean> SSL_REST_AUTHENTICATION_ENABLED
        Enable mututal SSL authentication for external REST endpoints.
      • SSL_KEYSTORE

        public static final ConfigOption<String> SSL_KEYSTORE
        The Java keystore file containing the flink endpoint key and certificate.
      • SSL_KEYSTORE_PASSWORD

        public static final ConfigOption<String> SSL_KEYSTORE_PASSWORD
        Secret to decrypt the keystore file.
      • SSL_KEY_PASSWORD

        public static final ConfigOption<String> SSL_KEY_PASSWORD
        Secret to decrypt the server key.
      • SSL_TRUSTSTORE

        public static final ConfigOption<String> SSL_TRUSTSTORE
        The truststore file containing the public CA certificates to verify the ssl peers.
      • SSL_TRUSTSTORE_PASSWORD

        public static final ConfigOption<String> SSL_TRUSTSTORE_PASSWORD
        Secret to decrypt the truststore.
      • SSL_INTERNAL_KEYSTORE

        public static final ConfigOption<String> SSL_INTERNAL_KEYSTORE
        For internal SSL, the Java keystore file containing the private key and certificate.
      • SSL_INTERNAL_KEYSTORE_PASSWORD

        public static final ConfigOption<String> SSL_INTERNAL_KEYSTORE_PASSWORD
        For internal SSL, the password to decrypt the keystore file containing the certificate.
      • SSL_INTERNAL_KEY_PASSWORD

        public static final ConfigOption<String> SSL_INTERNAL_KEY_PASSWORD
        For internal SSL, the password to decrypt the private key.
      • SSL_INTERNAL_KEYSTORE_TYPE

        public static final ConfigOption<String> SSL_INTERNAL_KEYSTORE_TYPE
        For internal SSL, the type of the keystore.
      • SSL_INTERNAL_TRUSTSTORE

        public static final ConfigOption<String> SSL_INTERNAL_TRUSTSTORE
        For internal SSL, the truststore file containing the public CA certificates to verify the ssl peers.
      • SSL_INTERNAL_TRUSTSTORE_PASSWORD

        public static final ConfigOption<String> SSL_INTERNAL_TRUSTSTORE_PASSWORD
        For internal SSL, the secret to decrypt the truststore.
      • SSL_INTERNAL_TRUSTSTORE_TYPE

        public static final ConfigOption<String> SSL_INTERNAL_TRUSTSTORE_TYPE
        For internal SSL, the type of the truststore.
      • SSL_INTERNAL_CERT_FINGERPRINT

        public static final ConfigOption<String> SSL_INTERNAL_CERT_FINGERPRINT
        For internal SSL, the sha1 fingerprint of the internal certificate to verify the client.
      • SSL_REST_KEYSTORE

        public static final ConfigOption<String> SSL_REST_KEYSTORE
        For external (REST) SSL, the Java keystore file containing the private key and certificate.
      • SSL_REST_KEYSTORE_PASSWORD

        public static final ConfigOption<String> SSL_REST_KEYSTORE_PASSWORD
        For external (REST) SSL, the password to decrypt the keystore file containing the certificate.
      • SSL_REST_KEY_PASSWORD

        public static final ConfigOption<String> SSL_REST_KEY_PASSWORD
        For external (REST) SSL, the password to decrypt the private key.
      • SSL_REST_KEYSTORE_TYPE

        public static final ConfigOption<String> SSL_REST_KEYSTORE_TYPE
        For external (REST) SSL, the type of the keystore.
      • SSL_REST_TRUSTSTORE

        public static final ConfigOption<String> SSL_REST_TRUSTSTORE
        For external (REST) SSL, the truststore file containing the public CA certificates to verify the ssl peers.
      • SSL_REST_TRUSTSTORE_PASSWORD

        public static final ConfigOption<String> SSL_REST_TRUSTSTORE_PASSWORD
        For external (REST) SSL, the secret to decrypt the truststore.
      • SSL_REST_TRUSTSTORE_TYPE

        public static final ConfigOption<String> SSL_REST_TRUSTSTORE_TYPE
        For external (REST) SSL, the type of the truststore.
      • SSL_REST_CERT_FINGERPRINT

        public static final ConfigOption<String> SSL_REST_CERT_FINGERPRINT
        For external (REST) SSL, the sha1 fingerprint of the rest client certificate to verify.
      • SSL_PROTOCOL

        public static final ConfigOption<String> SSL_PROTOCOL
        SSL protocol version to be supported.
      • SSL_ALGORITHMS

        public static final ConfigOption<String> SSL_ALGORITHMS
        The standard SSL algorithms to be supported.

        More options here - http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#ciphersuites

      • SSL_VERIFY_HOSTNAME

        public static final ConfigOption<Boolean> SSL_VERIFY_HOSTNAME
        Flag to enable/disable hostname verification for the ssl connections.
      • SSL_PROVIDER

        public static final ConfigOption<String> SSL_PROVIDER
        SSL engine provider.
      • SSL_INTERNAL_SESSION_CACHE_SIZE

        public static final ConfigOption<Integer> SSL_INTERNAL_SESSION_CACHE_SIZE
        SSL session cache size.
      • SSL_INTERNAL_SESSION_TIMEOUT

        public static final ConfigOption<Integer> SSL_INTERNAL_SESSION_TIMEOUT
        SSL session timeout.
      • SSL_INTERNAL_HANDSHAKE_TIMEOUT

        public static final ConfigOption<Integer> SSL_INTERNAL_HANDSHAKE_TIMEOUT
        SSL session timeout during handshakes.
      • SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT

        public static final ConfigOption<Integer> SSL_INTERNAL_CLOSE_NOTIFY_FLUSH_TIMEOUT
        SSL session timeout after flushing the close_notify message.
    • Constructor Detail

      • SecurityOptions

        public SecurityOptions()
    • Method Detail

      • forProvider

        @Experimental
        public static Configuration forProvider​(Configuration configuration,
                                                String providerName)
        Returns a view over the given configuration via which options can be set/retrieved for the given provider.
             Configuration config = ...
             SecurityOptions.forProvider(config, "my_provider")
                 .set(SecurityOptions.DELEGATION_TOKEN_PROVIDER_ENABLED, false)
                 ...
         
        Parameters:
        configuration - backing configuration
        providerName - provider name
        Returns:
        view over configuration
      • isInternalSSLEnabled

        public static boolean isInternalSSLEnabled​(Configuration sslConfig)
        Checks whether SSL for internal communication (rpc, data transport, blob server) is enabled.
      • isRestSSLEnabled

        public static boolean isRestSSLEnabled​(Configuration sslConfig)
        Checks whether SSL for the external REST endpoint is enabled.
      • isRestSSLAuthenticationEnabled

        public static boolean isRestSSLAuthenticationEnabled​(Configuration sslConfig)
        Checks whether mutual SSL authentication for the external REST endpoint is enabled.