Field Detail

• name

  protected static final java.lang.String name

  Descriptive information about this Realm implementation.

  See Also:

  Constant Field Values

• failureCount

  protected int failureCount

  The number of times in a row a user has to fail authentication to be locked out. Defaults to 5.

• lockOutTime

  protected int lockOutTime

  The time (in seconds) a user is locked out for after too many authentication failures. Defaults to 300 (5 minutes).

• cacheSize

  protected int cacheSize

  Number of users that have failed authentication to keep in cache. Over time the cache will grow to this size and may not shrink. Defaults to 1000.

• cacheRemovalWarningTime

  protected int cacheRemovalWarningTime

  If a failed user is removed from the cache because the cache is too big before it has been in the cache for at least this period of time (in seconds) a warning message will be logged. Defaults to 3600 (1 hour).

• failedUsers

  protected java.util.Map<java.lang.String,LockOutRealm.LockRecord> failedUsers

  Users whose last authentication attempt failed. Entries will be ordered in access order from least recent to most recent.

Constructor Detail

• LockOutRealm

  public LockOutRealm()

Method Detail

• startInternal

  protected void startInternal()
                        throws LifecycleException

  Prepare for the beginning of active use of the public methods of this component and implement the requirements of LifecycleBase.startInternal().

  Overrides:

  startInternal in class CombinedRealm

  Throws:

  LifecycleException - if this component detects a fatal error that prevents this component from being used

• authenticate

  public java.security.Principal authenticate(java.lang.String username,
                                     java.lang.String clientDigest,
                                     java.lang.String nonce,
                                     java.lang.String nc,
                                     java.lang.String cnonce,
                                     java.lang.String qop,
                                     java.lang.String realmName,
                                     java.lang.String md5a2)

  Return the Principal associated with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2069; otherwise return null.

  Specified by:

  authenticate in interface Realm

  Overrides:

  authenticate in class CombinedRealm

  Parameters:

  username - Username of the Principal to look up

  clientDigest - Digest which has been submitted by the client

  nonce - Unique (or supposedly unique) token which has been used for this request

  realmName - Realm name

  md5a2 - Second MD5 digest used to calculate the digest : MD5(Method + ":" + uri)

  nc - the nonce counter

  cnonce - the client chosen nonce

  qop - the "quality of protection" (nc and cnonce will only be used, if qop is not null).

  Returns:

  the associated principal, or null if there is none.

• authenticate

  public java.security.Principal authenticate(java.lang.String username,
                                     java.lang.String credentials)

  Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.

  Specified by:

  authenticate in interface Realm

  Overrides:

  authenticate in class CombinedRealm

  Parameters:

  username - Username of the Principal to look up

  credentials - Password or other credentials to use in authenticating this username

  Returns:

  the associated principal, or null if there is none.

• authenticate

  public java.security.Principal authenticate(java.security.cert.X509Certificate[] certs)

  Return the Principal associated with the specified chain of X509 client certificates. If there is none, return null.

  Specified by:

  authenticate in interface Realm

  Overrides:

  authenticate in class CombinedRealm

  Parameters:

  certs - Array of client certificates, with the first one in the array being the certificate of the client itself.

  Returns:

  the associated principal, or null if there is none

• authenticate

  public java.security.Principal authenticate(org.ietf.jgss.GSSContext gssContext,
                                     boolean storeCreds)

  Try to authenticate using a GSSContext

  Specified by:

  authenticate in interface Realm

  Overrides:

  authenticate in class CombinedRealm

  Parameters:

  gssContext - The gssContext processed by the Authenticator.

  storeCreds - Should the realm attempt to store the delegated credentials in the returned Principal?

  Returns:

  the associated principal, or null if there is none

• unlock

  public void unlock(java.lang.String username)

  Unlock the specified username. This will remove all records of authentication failures for this user.

  Parameters:

  username - The user to unlock

• getFailureCount

  public int getFailureCount()

  Get the number of failed authentication attempts required to lock the user account.

  Returns:

  the failureCount

• setFailureCount

  public void setFailureCount(int failureCount)

  Set the number of failed authentication attempts required to lock the user account.

  Parameters:

  failureCount - the failureCount to set

• getLockOutTime

  public int getLockOutTime()

  Get the period for which an account will be locked.

  Returns:

  the lockOutTime

• getName

  protected java.lang.String getName()

  Overrides:

  getName in class CombinedRealm

  Returns:

  a short name for this Realm implementation, for use in log messages.

• setLockOutTime

  public void setLockOutTime(int lockOutTime)

  Set the period for which an account will be locked.

  Parameters:

  lockOutTime - the lockOutTime to set

• getCacheSize

  public int getCacheSize()

  Get the maximum number of users for which authentication failure will be kept in the cache.

  Returns:

  the cacheSize

• setCacheSize

  public void setCacheSize(int cacheSize)

  Set the maximum number of users for which authentication failure will be kept in the cache.

  Parameters:

  cacheSize - the cacheSize to set

• getCacheRemovalWarningTime

  public int getCacheRemovalWarningTime()

  Get the minimum period a failed authentication must remain in the cache to avoid generating a warning if it is removed from the cache to make space for a new entry.

  Returns:

  the cacheRemovalWarningTime

• setCacheRemovalWarningTime

  public void setCacheRemovalWarningTime(int cacheRemovalWarningTime)

  Set the minimum period a failed authentication must remain in the cache to avoid generating a warning if it is removed from the cache to make space for a new entry.

  Parameters:

  cacheRemovalWarningTime - the cacheRemovalWarningTime to set