Class CombinedRealm

  • All Implemented Interfaces:
    MBeanRegistration, Contained, GSSRealm, JmxEnabled, Lifecycle, Realm
    Direct Known Subclasses:
    LockOutRealm

    public class CombinedRealm
    extends RealmBase
    Realm implementation that contains one or more realms. Authentication is attempted for each realm in the order they were configured. If any realm authenticates the user then the authentication succeeds. When combining realms usernames should be unique across all combined realms.
    • Field Detail

      • realms

        protected final List<Realm> realms
        The list of Realms contained by this Realm.
      • name

        @Deprecated
        protected static final String name
        Deprecated.
        This will be removed in Tomcat 9 onwards.
        Descriptive information about this Realm implementation.
        See Also:
        Constant Field Values
    • Constructor Detail

      • CombinedRealm

        public CombinedRealm()
    • Method Detail

      • addRealm

        public void addRealm​(Realm theRealm)
        Add a realm to the list of realms that will be used to authenticate users.
        Parameters:
        theRealm - realm which should be wrapped by the combined realm
      • getRealms

        public ObjectName[] getRealms()
        Returns:
        the set of Realms that this Realm is wrapping
      • getNestedRealms

        public Realm[] getNestedRealms()
        Returns:
        the list of Realms contained by this Realm.
      • authenticate

        public Principal authenticate​(String username,
                                      String clientDigest,
                                      String nonce,
                                      String nc,
                                      String cnonce,
                                      String qop,
                                      String realmName,
                                      String md5a2)
        Return the Principal associated with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2069; otherwise return null.
        Specified by:
        authenticate in interface Realm
        Overrides:
        authenticate in class RealmBase
        Parameters:
        username - Username of the Principal to look up
        clientDigest - Digest which has been submitted by the client
        nonce - Unique (or supposedly unique) token which has been used for this request
        realmName - Realm name
        md5a2 - Second MD5 digest used to calculate the digest : MD5(Method + ":" + uri)
        nc - the nonce counter
        cnonce - the client chosen nonce
        qop - the "quality of protection" (nc and cnonce will only be used, if qop is not null).
        Returns:
        the associated principal, or null if there is none.
      • authenticate

        public Principal authenticate​(String username)
        Return the Principal associated with the specified user name otherwise return null.
        Specified by:
        authenticate in interface Realm
        Overrides:
        authenticate in class RealmBase
        Parameters:
        username - User name of the Principal to look up
        Returns:
        the associated principal, or null if none is associated.
      • authenticate

        public Principal authenticate​(String username,
                                      String credentials)
        Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
        Specified by:
        authenticate in interface Realm
        Overrides:
        authenticate in class RealmBase
        Parameters:
        username - Username of the Principal to look up
        credentials - Password or other credentials to use in authenticating this username
        Returns:
        the associated principal, or null if there is none.
      • setContainer

        public void setContainer​(Container container)
        Set the Container with which this Realm has been associated.
        Specified by:
        setContainer in interface Contained
        Overrides:
        setContainer in class RealmBase
        Parameters:
        container - The associated Container
      • authenticate

        public Principal authenticate​(X509Certificate[] certs)
        Return the Principal associated with the specified chain of X509 client certificates. If there is none, return null.
        Specified by:
        authenticate in interface Realm
        Overrides:
        authenticate in class RealmBase
        Parameters:
        certs - Array of client certificates, with the first one in the array being the certificate of the client itself.
        Returns:
        the associated principal, or null if there is none
      • authenticate

        public Principal authenticate​(GSSContext gssContext,
                                      boolean storeCred)
        Try to authenticate using a GSSContext
        Specified by:
        authenticate in interface Realm
        Overrides:
        authenticate in class RealmBase
        Parameters:
        gssContext - The gssContext processed by the Authenticator.
        storeCred - Should the realm attempt to store the delegated credentials in the returned Principal?
        Returns:
        the associated principal, or null if there is none
      • hasRole

        public boolean hasRole​(Wrapper wrapper,
                               Principal principal,
                               String role)
        Check if the specified Principal has the specified security role, within the context of this Realm. This method or RealmBase.hasRoleInternal(Principal, String) can be overridden by Realm implementations, but the default is adequate when an instance of GenericPrincipal is used to represent authenticated Principals from this Realm.
        Specified by:
        hasRole in interface Realm
        Overrides:
        hasRole in class RealmBase
        Parameters:
        wrapper - wrapper context for evaluating role
        principal - Principal for whom the role is to be checked
        role - Security role to be checked
        Returns:
        true if the specified Principal has the specified security role, within the context of this Realm; otherwise return false.
      • getName

        @Deprecated
        protected String getName()
        Deprecated.
        Specified by:
        getName in class RealmBase
        Returns:
        a short name for this Realm implementation, for use in log messages.
      • getPassword

        protected String getPassword​(String username)
        Description copied from class: RealmBase
        Get the password for the specified user.
        Specified by:
        getPassword in class RealmBase
        Parameters:
        username - The user name
        Returns:
        the password associated with the given principal's user name.
      • getPrincipal

        protected Principal getPrincipal​(String username)
        Description copied from class: RealmBase
        Get the principal associated with the specified user.
        Specified by:
        getPrincipal in class RealmBase
        Parameters:
        username - The user name
        Returns:
        the Principal associated with the given user name.
      • isAvailable

        public boolean isAvailable()
        Description copied from interface: Realm
        Return the availability of the realm for authentication.
        Specified by:
        isAvailable in interface Realm
        Overrides:
        isAvailable in class RealmBase
        Returns:
        true if the realm is able to perform authentication