Package org.apache.catalina.realm
Class CombinedRealm
- java.lang.Object
-
- org.apache.catalina.util.LifecycleBase
-
- org.apache.catalina.util.LifecycleMBeanBase
-
- org.apache.catalina.realm.RealmBase
-
- org.apache.catalina.realm.CombinedRealm
-
- All Implemented Interfaces:
javax.management.MBeanRegistration
,Contained
,JmxEnabled
,Lifecycle
,Realm
- Direct Known Subclasses:
LockOutRealm
public class CombinedRealm extends RealmBase
Realm implementation that contains one or more realms. Authentication is attempted for each realm in the order they were configured. If any realm authenticates the user then the authentication succeeds. When combining realms usernames should be unique across all combined realms.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.apache.catalina.realm.RealmBase
RealmBase.AllRolesMode
-
Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
Lifecycle.SingleUse
-
-
Field Summary
Fields Modifier and Type Field Description protected java.util.List<Realm>
realms
The list of Realms contained by this Realm.-
Fields inherited from class org.apache.catalina.realm.RealmBase
allRolesMode, container, containerLog, realmPath, sm, stripRealmForGss, support, validate, x509UsernameRetriever, x509UsernameRetrieverClassName
-
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
-
-
Constructor Summary
Constructors Constructor Description CombinedRealm()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
addRealm(Realm theRealm)
Add a realm to the list of realms that will be used to authenticate users.java.security.Principal
authenticate(java.lang.String username)
Return the Principal associated with the specified user name otherwise returnnull
.java.security.Principal
authenticate(java.lang.String username, java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise returnnull
.java.security.Principal
authenticate(java.lang.String username, java.lang.String clientDigest, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce, java.lang.String qop, java.lang.String realmName, java.lang.String md5a2)
Return the Principal associated with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2069; otherwise returnnull
.java.security.Principal
authenticate(java.security.cert.X509Certificate[] certs)
Return the Principal associated with the specified chain of X509 client certificates.java.security.Principal
authenticate(org.ietf.jgss.GSSContext gssContext, boolean storeCred)
Try to authenticate using aGSSContext
java.security.Principal
authenticate(org.ietf.jgss.GSSName gssName, org.ietf.jgss.GSSCredential gssCredential)
Try to authenticate using aGSSName
void
backgroundProcess()
Delegate the backgroundProcess call to all sub-realms.protected void
destroyInternal()
Ensure child Realms are destroyed when this Realm is destroyed.Realm[]
getNestedRealms()
protected java.lang.String
getPassword(java.lang.String username)
Get the password for the specified user.protected java.security.Principal
getPrincipal(java.lang.String username)
Get the principal associated with the specified user.javax.management.ObjectName[]
getRealms()
boolean
hasRole(Wrapper wrapper, java.security.Principal principal, java.lang.String role)
Check if the specified Principal has the specified security role, within the context of this Realm.boolean
isAvailable()
Return the availability of the realm for authentication.void
setContainer(Container container)
Set the Container with which this Realm has been associated.void
setCredentialHandler(CredentialHandler credentialHandler)
Set the CredentialHandler to be used by this Realm.protected void
startInternal()
Prepare for the beginning of active use of the public methods of this component and implement the requirements ofLifecycleBase.startInternal()
.protected void
stopInternal()
Gracefully terminate the active use of the public methods of this component and implement the requirements ofLifecycleBase.stopInternal()
.-
Methods inherited from class org.apache.catalina.realm.RealmBase
addPropertyChangeListener, findSecurityConstraints, getAllRolesMode, getContainer, getCredentialHandler, getDigest, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getPrincipal, getRealmPath, getRealmSuffix, getServer, getTransportGuaranteeRedirectStatus, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, hasResourcePermission, hasRoleInternal, hasUserDataPermission, initInternal, isStripRealmForGss, main, removePropertyChangeListener, setAllRolesMode, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setValidate, setX509UsernameRetrieverClassName, toString
-
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister
-
Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
-
-
-
-
Field Detail
-
realms
protected final java.util.List<Realm> realms
The list of Realms contained by this Realm.
-
-
Method Detail
-
addRealm
public void addRealm(Realm theRealm)
Add a realm to the list of realms that will be used to authenticate users.- Parameters:
theRealm
- realm which should be wrapped by the combined realm
-
getRealms
public javax.management.ObjectName[] getRealms()
- Returns:
- the set of Realms that this Realm is wrapping
-
getNestedRealms
public Realm[] getNestedRealms()
- Returns:
- the list of Realms contained by this Realm.
-
authenticate
public java.security.Principal authenticate(java.lang.String username, java.lang.String clientDigest, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce, java.lang.String qop, java.lang.String realmName, java.lang.String md5a2)
Return the Principal associated with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2069; otherwise returnnull
.- Specified by:
authenticate
in interfaceRealm
- Overrides:
authenticate
in classRealmBase
- Parameters:
username
- Username of the Principal to look upclientDigest
- Digest which has been submitted by the clientnonce
- Unique (or supposedly unique) token which has been used for this requestrealmName
- Realm namemd5a2
- Second MD5 digest used to calculate the digest : MD5(Method + ":" + uri)nc
- the nonce countercnonce
- the client chosen nonceqop
- the "quality of protection" (nc
andcnonce
will only be used, ifqop
is notnull
).- Returns:
- the associated principal, or
null
if there is none.
-
authenticate
public java.security.Principal authenticate(java.lang.String username)
Return the Principal associated with the specified user name otherwise returnnull
.- Specified by:
authenticate
in interfaceRealm
- Overrides:
authenticate
in classRealmBase
- Parameters:
username
- User name of the Principal to look up- Returns:
- the associated principal, or
null
if none is associated.
-
authenticate
public java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise returnnull
.- Specified by:
authenticate
in interfaceRealm
- Overrides:
authenticate
in classRealmBase
- Parameters:
username
- Username of the Principal to look upcredentials
- Password or other credentials to use in authenticating this username- Returns:
- the associated principal, or
null
if there is none.
-
setContainer
public void setContainer(Container container)
Set the Container with which this Realm has been associated.- Specified by:
setContainer
in interfaceContained
- Overrides:
setContainer
in classRealmBase
- Parameters:
container
- The associated Container
-
startInternal
protected void startInternal() throws LifecycleException
Prepare for the beginning of active use of the public methods of this component and implement the requirements ofLifecycleBase.startInternal()
.- Overrides:
startInternal
in classRealmBase
- Throws:
LifecycleException
- if this component detects a fatal error that prevents this component from being used
-
stopInternal
protected void stopInternal() throws LifecycleException
Gracefully terminate the active use of the public methods of this component and implement the requirements ofLifecycleBase.stopInternal()
.- Overrides:
stopInternal
in classRealmBase
- Throws:
LifecycleException
- if this component detects a fatal error that needs to be reported
-
destroyInternal
protected void destroyInternal() throws LifecycleException
Ensure child Realms are destroyed when this Realm is destroyed.- Overrides:
destroyInternal
in classLifecycleMBeanBase
- Throws:
LifecycleException
- If the destruction fails
-
backgroundProcess
public void backgroundProcess()
Delegate the backgroundProcess call to all sub-realms.- Specified by:
backgroundProcess
in interfaceRealm
- Overrides:
backgroundProcess
in classRealmBase
-
authenticate
public java.security.Principal authenticate(java.security.cert.X509Certificate[] certs)
Return the Principal associated with the specified chain of X509 client certificates. If there is none, returnnull
.- Specified by:
authenticate
in interfaceRealm
- Overrides:
authenticate
in classRealmBase
- Parameters:
certs
- Array of client certificates, with the first one in the array being the certificate of the client itself.- Returns:
- the associated principal, or
null
if there is none
-
authenticate
public java.security.Principal authenticate(org.ietf.jgss.GSSContext gssContext, boolean storeCred)
Try to authenticate using aGSSContext
- Specified by:
authenticate
in interfaceRealm
- Overrides:
authenticate
in classRealmBase
- Parameters:
gssContext
- The gssContext processed by theAuthenticator
.storeCred
- Should the realm attempt to store the delegated credentials in the returned Principal?- Returns:
- the associated principal, or
null
if there is none
-
authenticate
public java.security.Principal authenticate(org.ietf.jgss.GSSName gssName, org.ietf.jgss.GSSCredential gssCredential)
Try to authenticate using aGSSName
- Specified by:
authenticate
in interfaceRealm
- Overrides:
authenticate
in classRealmBase
- Parameters:
gssName
- TheGSSName
of the principal to look upgssCredential
- TheGSSCredential
of the principal, may benull
- Returns:
- the associated principal, or
null
if there is none
-
hasRole
public boolean hasRole(Wrapper wrapper, java.security.Principal principal, java.lang.String role)
Check if the specified Principal has the specified security role, within the context of this Realm. This method orRealmBase.hasRoleInternal(Principal, String)
can be overridden by Realm implementations, but the default is adequate when an instance ofGenericPrincipal
is used to represent authenticated Principals from this Realm.- Specified by:
hasRole
in interfaceRealm
- Overrides:
hasRole
in classRealmBase
- Parameters:
wrapper
- wrapper context for evaluating roleprincipal
- Principal for whom the role is to be checkedrole
- Security role to be checked- Returns:
true
if the specified Principal has the specified security role, within the context of this Realm; otherwise returnfalse
.
-
getPassword
protected java.lang.String getPassword(java.lang.String username)
Description copied from class:RealmBase
Get the password for the specified user.- Specified by:
getPassword
in classRealmBase
- Parameters:
username
- The user name- Returns:
- the password associated with the given principal's user name.
-
getPrincipal
protected java.security.Principal getPrincipal(java.lang.String username)
Description copied from class:RealmBase
Get the principal associated with the specified user.- Specified by:
getPrincipal
in classRealmBase
- Parameters:
username
- The user name- Returns:
- the Principal associated with the given user name.
-
isAvailable
public boolean isAvailable()
Description copied from interface:Realm
Return the availability of the realm for authentication.- Returns:
true
if the realm is able to perform authentication
-
setCredentialHandler
public void setCredentialHandler(CredentialHandler credentialHandler)
Description copied from interface:Realm
Set the CredentialHandler to be used by this Realm.- Specified by:
setCredentialHandler
in interfaceRealm
- Overrides:
setCredentialHandler
in classRealmBase
- Parameters:
credentialHandler
- theCredentialHandler
to use
-
-