Strolch provides a robust security model for authentication and authorization, primarily managed by the StrolchSessionHandler and PrivilegeHandler.
The PrivilegeHandler is the core component for security. It delegates to the strolch-privilege library to:
Certificate objects that represent an active session.The StrolchSessionHandler manages user sessions at the agent level:
Certificate: A token issued upon successful authentication. It must be passed to most Strolch APIs.PrivilegeContext: Provides information about the current user’s privileges.StrolchSessionHandler sessionHandler = agent.getComponent(StrolchSessionHandler.class);
Certificate certificate = sessionHandler.authenticate("username", "password".toCharArray(), "source-ip", Usage.AUTHENTICATE, false);
When a transaction is opened with a certificate, operations are checked against the user’s privileges.
try (StrolchTransaction tx = agent.openTx(certificate, "SensitiveAction", false)) {
// If the user lacks 'SensitiveAction' privilege, an exception will be thrown
tx.commitOnClose();
}
For background tasks, you can run code with system privileges.
agent.runAsAgent(tx -> {
// This code runs with full system privileges
tx.commitOnClose();
});