public abstract class RealmBase extends LifecycleMBeanBase implements Realm
Modifier and Type | Class and Description |
---|---|
protected static class |
RealmBase.AllRolesMode |
Modifier and Type | Field and Description |
---|---|
protected RealmBase.AllRolesMode |
allRolesMode
The all role mode.
|
protected Container |
container
The Container with which this Realm is associated.
|
protected Log |
containerLog
Container log
|
protected java.lang.String |
digest
Digest algorithm used in storing passwords in a non-plaintext format.
|
protected java.lang.String |
digestEncoding
The encoding charset for the digest.
|
protected static java.lang.String |
info
Descriptive information about this Realm implementation.
|
protected java.security.MessageDigest |
md
The MessageDigest object for digesting user credentials (passwords).
|
protected static MD5Encoder |
md5Encoder
Deprecated.
Unused - will be removed in Tomcat 8.0.x
|
protected static java.security.MessageDigest |
md5Helper
MD5 message digest provider.
|
protected java.lang.String |
realmPath |
protected static StringManager |
sm
The string manager for this package.
|
protected boolean |
stripRealmForGss
When processing users authenticated via the GSS-API, should any
"@...
|
protected java.beans.PropertyChangeSupport |
support
The property change support for this component.
|
protected boolean |
validate
Should we validate client certificate chains when they are presented?
|
protected X509UsernameRetriever |
x509UsernameRetriever
The object that will extract user names from X509 client certificates.
|
protected java.lang.String |
x509UsernameRetrieverClassName
The name of the class to use for retrieving user names from X509
certificates.
|
mserver
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
Constructor and Description |
---|
RealmBase() |
Modifier and Type | Method and Description |
---|---|
void |
addPropertyChangeListener(java.beans.PropertyChangeListener listener)
Add a property change listener to this component.
|
java.security.Principal |
authenticate(org.ietf.jgss.GSSContext gssContext,
boolean storeCred)
Return the Principal associated with the specified
GSSContext . |
java.security.Principal |
authenticate(java.lang.String username)
Return the Principal associated with the specified username, if there
is one; otherwise return
null . |
java.security.Principal |
authenticate(java.lang.String username,
java.lang.String credentials)
Return the Principal associated with the specified username and
credentials, if there is one; otherwise return
null . |
java.security.Principal |
authenticate(java.lang.String username,
java.lang.String clientDigest,
java.lang.String nonce,
java.lang.String nc,
java.lang.String cnonce,
java.lang.String qop,
java.lang.String realm,
java.lang.String md5a2)
Return the Principal associated with the specified username, which
matches the digest calculated using the given parameters using the
method described in RFC 2069; otherwise return
null . |
java.security.Principal |
authenticate(java.security.cert.X509Certificate[] certs)
Return the Principal associated with the specified chain of X509
client certificates.
|
void |
backgroundProcess()
Execute a periodic task, such as reloading, etc.
|
protected boolean |
compareCredentials(java.lang.String userCredentials,
java.lang.String serverCredentials) |
protected java.lang.String |
digest(java.lang.String credentials)
Digest the password using the specified algorithm and
convert the result to a corresponding hexadecimal string.
|
static java.lang.String |
Digest(java.lang.String credentials,
java.lang.String algorithm,
java.lang.String encoding)
Digest password using the algorithm specified and
convert the result to a corresponding hex string.
|
SecurityConstraint[] |
findSecurityConstraints(Request request,
Context context)
Return the SecurityConstraints configured to guard the request URI for
this request, or
null if there is no such constraint. |
java.lang.String |
getAllRolesMode()
Return the all roles mode.
|
Container |
getContainer()
Return the Container with which this Realm has been associated.
|
java.lang.String |
getDigest()
Return the digest algorithm used for storing credentials.
|
protected java.lang.String |
getDigest(java.lang.String username,
java.lang.String realmName)
Return the digest associated with given principal's user name.
|
protected java.nio.charset.Charset |
getDigestCharset() |
java.lang.String |
getDigestEncoding()
Returns the digest encoding charset.
|
java.lang.String |
getDomainInternal()
Method implemented by sub-classes to identify the domain in which MBeans
should be registered.
|
java.lang.String |
getInfo()
Return descriptive information about this Realm implementation and
the corresponding version number, in the format
<description>/<version> . |
protected abstract java.lang.String |
getName()
Return a short name for this Realm implementation, for use in
log messages.
|
java.lang.String |
getObjectNameKeyProperties()
Allow sub-classes to specify the key properties component of the
ObjectName that will be used to register this component. |
protected abstract java.lang.String |
getPassword(java.lang.String username)
Return the password associated with the given principal's user name.
|
protected abstract java.security.Principal |
getPrincipal(java.lang.String username)
Return the Principal associated with the given user name.
|
protected java.security.Principal |
getPrincipal(java.lang.String username,
org.ietf.jgss.GSSCredential gssCredential) |
protected java.security.Principal |
getPrincipal(java.security.cert.X509Certificate usercert)
Return the Principal associated with the given certificate.
|
java.lang.String |
getRealmPath() |
protected java.lang.String |
getRealmSuffix() |
protected Server |
getServer()
Return the Server object that is the ultimate parent for the container
with which this Realm is associated.
|
boolean |
getValidate()
Return the "validate certificate chains" flag.
|
java.lang.String |
getX509UsernameRetrieverClassName()
Gets the name of the class that will be used to extract user names
from X509 client certificates.
|
protected boolean |
hasMessageDigest() |
boolean |
hasResourcePermission(Request request,
Response response,
SecurityConstraint[] constraints,
Context context)
Perform access control based on the specified authorization constraint.
|
boolean |
hasRole(Wrapper wrapper,
java.security.Principal principal,
java.lang.String role)
Return
true if the specified Principal has the specified
security role, within the context of this Realm; otherwise return
false . |
boolean |
hasUserDataPermission(Request request,
Response response,
SecurityConstraint[] constraints)
Enforce any user data constraint required by the security constraint
guarding this request URI.
|
protected void |
initInternal()
Sub-classes wishing to perform additional initialization should override
this method, ensuring that super.initInternal() is the first call in the
overriding method.
|
boolean |
isStripRealmForGss() |
static void |
main(java.lang.String[] args)
Digest password using the algorithm specified and
convert the result to a corresponding hex string.
|
void |
removePropertyChangeListener(java.beans.PropertyChangeListener listener)
Remove a property change listener from this component.
|
void |
setAllRolesMode(java.lang.String allRolesMode)
Set the all roles mode.
|
void |
setContainer(Container container)
Set the Container with which this Realm has been associated.
|
void |
setDigest(java.lang.String digest)
Set the digest algorithm used for storing credentials.
|
void |
setDigestEncoding(java.lang.String charset)
Sets the digest encoding charset.
|
void |
setRealmPath(java.lang.String theRealmPath) |
void |
setStripRealmForGss(boolean stripRealmForGss) |
void |
setValidate(boolean validate)
Set the "validate certificate chains" flag.
|
void |
setX509UsernameRetrieverClassName(java.lang.String className)
Sets the name of the class that will be used to extract user names
from X509 client certificates.
|
protected void |
startInternal()
Prepare for the beginning of active use of the public methods of this
component and implement the requirements of
LifecycleBase.startInternal() . |
protected void |
stopInternal()
Gracefully terminate the active use of the public methods of this
component and implement the requirements of
LifecycleBase.stopInternal() . |
java.lang.String |
toString()
Return a String representation of this component.
|
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop
protected Container container
protected Log containerLog
protected java.lang.String digest
null
if no digesting should
be performed.protected java.lang.String digestEncoding
protected static final java.lang.String info
protected volatile java.security.MessageDigest md
@Deprecated protected static final MD5Encoder md5Encoder
protected static volatile java.security.MessageDigest md5Helper
protected static final StringManager sm
protected java.beans.PropertyChangeSupport support
protected boolean validate
protected java.lang.String x509UsernameRetrieverClassName
protected X509UsernameRetriever x509UsernameRetriever
protected RealmBase.AllRolesMode allRolesMode
protected boolean stripRealmForGss
protected java.lang.String realmPath
public Container getContainer()
getContainer
in interface Realm
public void setContainer(Container container)
setContainer
in interface Realm
container
- The associated Containerpublic java.lang.String getAllRolesMode()
public void setAllRolesMode(java.lang.String allRolesMode)
public java.lang.String getDigest()
public void setDigest(java.lang.String digest)
digest
- The new digest algorithmpublic java.lang.String getDigestEncoding()
public void setDigestEncoding(java.lang.String charset)
charset
- The charset (null for platform default)protected java.nio.charset.Charset getDigestCharset() throws java.io.UnsupportedEncodingException
java.io.UnsupportedEncodingException
public java.lang.String getInfo()
<description>/<version>
.public boolean getValidate()
public void setValidate(boolean validate)
validate
- The new validate certificate chains flagpublic java.lang.String getX509UsernameRetrieverClassName()
public void setX509UsernameRetrieverClassName(java.lang.String className)
className
- The name of the class that will be used to extract user names
from X509 client certificates.public boolean isStripRealmForGss()
public void setStripRealmForGss(boolean stripRealmForGss)
public void addPropertyChangeListener(java.beans.PropertyChangeListener listener)
addPropertyChangeListener
in interface Realm
listener
- The listener to addpublic java.security.Principal authenticate(java.lang.String username)
null
.authenticate
in interface Realm
username
- Username of the Principal to look uppublic java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)
null
.authenticate
in interface Realm
username
- Username of the Principal to look upcredentials
- Password or other credentials to use in
authenticating this usernamepublic java.security.Principal authenticate(java.lang.String username, java.lang.String clientDigest, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce, java.lang.String qop, java.lang.String realm, java.lang.String md5a2)
null
.authenticate
in interface Realm
username
- Username of the Principal to look upclientDigest
- Digest which has been submitted by the clientnonce
- Unique (or supposedly unique) token which has been used
for this requestrealm
- Realm namemd5a2
- Second MD5 digest used to calculate the digest :
MD5(Method + ":" + uri)public java.security.Principal authenticate(java.security.cert.X509Certificate[] certs)
null
.authenticate
in interface Realm
certs
- Array of client certificates, with the first one in
the array being the certificate of the client itself.public java.security.Principal authenticate(org.ietf.jgss.GSSContext gssContext, boolean storeCred)
GSSContext
.
If there is none, return null
.authenticate
in interface Realm
gssContext
- The gssContext processed by the Authenticator
.storeCred
- Should the realm attempt to store the delegated
credentials in the returned Principal?protected boolean compareCredentials(java.lang.String userCredentials, java.lang.String serverCredentials)
public void backgroundProcess()
backgroundProcess
in interface Realm
public SecurityConstraint[] findSecurityConstraints(Request request, Context context)
null
if there is no such constraint.findSecurityConstraints
in interface Realm
request
- Request we are processingcontext
- Context the Request is mapped topublic boolean hasResourcePermission(Request request, Response response, SecurityConstraint[] constraints, Context context) throws java.io.IOException
true
if this constraint is satisfied and processing
should continue, or false
otherwise.hasResourcePermission
in interface Realm
request
- Request we are processingresponse
- Response we are creatingconstraints
- Security constraint we are enforcingcontext
- The Context to which client of this class is attached.java.io.IOException
- if an input/output error occurspublic boolean hasRole(Wrapper wrapper, java.security.Principal principal, java.lang.String role)
true
if the specified Principal has the specified
security role, within the context of this Realm; otherwise return
false
. This method can be overridden by Realm
implementations, but the default is adequate when an instance of
GenericPrincipal
is used to represent authenticated
Principals from this Realm.public boolean hasUserDataPermission(Request request, Response response, SecurityConstraint[] constraints) throws java.io.IOException
true
if this constraint
was not violated and processing should continue, or false
if we have created a response already.hasUserDataPermission
in interface Realm
request
- Request we are processingresponse
- Response we are creatingconstraints
- Security constraint being checkedjava.io.IOException
- if an input/output error occurspublic void removePropertyChangeListener(java.beans.PropertyChangeListener listener)
removePropertyChangeListener
in interface Realm
listener
- The listener to removeprotected void initInternal() throws LifecycleException
LifecycleMBeanBase
initInternal
in class LifecycleMBeanBase
LifecycleException
protected void startInternal() throws LifecycleException
LifecycleBase.startInternal()
.startInternal
in class LifecycleBase
LifecycleException
- if this component detects a fatal error
that prevents this component from being usedprotected void stopInternal() throws LifecycleException
LifecycleBase.stopInternal()
.stopInternal
in class LifecycleBase
LifecycleException
- if this component detects a fatal error
that needs to be reportedpublic java.lang.String toString()
toString
in class java.lang.Object
protected java.lang.String digest(java.lang.String credentials)
credentials
- Password or other credentials to use in
authenticating this usernameprotected boolean hasMessageDigest()
protected java.lang.String getDigest(java.lang.String username, java.lang.String realmName)
protected abstract java.lang.String getName()
protected abstract java.lang.String getPassword(java.lang.String username)
protected java.security.Principal getPrincipal(java.security.cert.X509Certificate usercert)
protected abstract java.security.Principal getPrincipal(java.lang.String username)
protected java.security.Principal getPrincipal(java.lang.String username, org.ietf.jgss.GSSCredential gssCredential)
protected Server getServer()
null
is
returned.public static final java.lang.String Digest(java.lang.String credentials, java.lang.String algorithm, java.lang.String encoding)
credentials
- Password or other credentials to use in
authenticating this usernamealgorithm
- Algorithm used to do the digestencoding
- Character encoding of the string to digestpublic static void main(java.lang.String[] args)
public java.lang.String getObjectNameKeyProperties()
LifecycleMBeanBase
ObjectName
that will be used to register this component.getObjectNameKeyProperties
in class LifecycleMBeanBase
ObjectName
public java.lang.String getDomainInternal()
LifecycleMBeanBase
getDomainInternal
in class LifecycleMBeanBase
public java.lang.String getRealmPath()
public void setRealmPath(java.lang.String theRealmPath)
protected java.lang.String getRealmSuffix()
Copyright © 2000-2015 Apache Software Foundation. All Rights Reserved.