org.objectweb.jonas.security.realm.web.catalina55
Class JACC

java.lang.Object
  extended by org.apache.catalina.realm.RealmBase
      extended by org.objectweb.jonas.security.realm.web.catalina55.JACC
All Implemented Interfaces:
java.lang.Cloneable, javax.management.MBeanRegistration, org.apache.catalina.Lifecycle, org.apache.catalina.Realm

public class JACC
extends org.apache.catalina.realm.RealmBase
implements java.lang.Cloneable

Implementation of a Realm. (by a wrapper) Use any JOnAS realm by specifying the resource name This implementation manages the security with JACC specification It implements Cloneable to allow clones. Each context must have its own Realm. A realm can not be shared across different contexts or an engine. This is because each realm is associated to a permission manager Extends the Realmbase class of the Tomcat Server.

Author:
Florent Benoit

Nested Class Summary
 
Nested classes/interfaces inherited from class org.apache.catalina.realm.RealmBase
org.apache.catalina.realm.RealmBase.AllRolesMode
 
Field Summary
 
Fields inherited from class org.apache.catalina.realm.RealmBase
allRolesMode, container, containerLog, controller, digest, digestEncoding, domain, host, info, initialized, lifecycle, md, md5Encoder, md5Helper, mserver, oname, path, started, support, type, validate
 
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
 
Constructor Summary
JACC()
           
 
Method Summary
 java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)
          Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
 java.security.Principal authenticate(java.security.cert.X509Certificate[] cert)
          Return the Principal associated with the specified chain of X509 client certificates.
 java.security.Principal authenticateJAAS(java.lang.String username, java.lang.String credentials)
          Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
 java.security.Principal authenticateResource(java.lang.String username, java.lang.String credentials)
          Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
 java.lang.Object clone()
          Creates and returns a copy of this object.
 org.apache.catalina.deploy.SecurityConstraint[] findSecurityConstraints(org.apache.catalina.connector.Request request, org.apache.catalina.Context context)
          Return the SecurityConstraints configured to guard the request URI for this request, or null if there is no such constraint.
 java.lang.String getInfo()
          Return descriptive information about this Realm implementation and the corresponding version number, in the format <description>/<version>.
protected  java.lang.String getName()
          Return a short name for this Realm implementation.
protected  java.lang.String getPassword(java.lang.String username)
          Return the password associated with the given principal's user name.
 PermissionManager getPermissionManager()
           
protected  java.security.Principal getPrincipal(java.lang.String username)
          Return the Principal associated with the given user name.
 java.lang.String getResourceName()
          Return the resource name we will be using.
 boolean hasResourcePermission(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.SecurityConstraint[] constraints, org.apache.catalina.Context context)
          Perform access control based on the specified authorization constraint.
 boolean hasRole(java.security.Principal principal, java.lang.String role)
           
 boolean hasUserDataPermission(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.SecurityConstraint[] constraints)
          Enforce any user data constraint required by the security constraint guarding this request URI.
protected  void log(java.lang.String message)
          Log a message on the Logger associated with our Container (if any)
 void setContext(org.apache.catalina.Context context)
          Set the context of this Realm.
 void setPermissionManager(PermissionManager permissionManager)
          Set the permission manager used by this realm
 void setResourceName(java.lang.String resourceName)
          Set the resource name we will be using.
 void start()
          Prepare for active use of the public methods of this Component.
 void stop()
          Gracefully shut down active use of the public methods of this Component.
 
Methods inherited from class org.apache.catalina.realm.RealmBase
addLifecycleListener, addPropertyChangeListener, authenticate, authenticate, backgroundProcess, destroy, digest, Digest, findLifecycleListeners, getAllRolesMode, getContainer, getController, getDigest, getDigest, getDigestEncoding, getDomain, getObjectName, getPrincipal, getType, getValidate, hasMessageDigest, init, main, postDeregister, postRegister, preDeregister, preRegister, removeLifecycleListener, removePropertyChangeListener, setAllRolesMode, setContainer, setController, setDigest, setDigestEncoding, setValidate
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

JACC

public JACC()
Method Detail

getInfo

public java.lang.String getInfo()
Return descriptive information about this Realm implementation and the corresponding version number, in the format <description>/<version>.

Specified by:
getInfo in interface org.apache.catalina.Realm
Overrides:
getInfo in class org.apache.catalina.realm.RealmBase
Returns:
the info.

getResourceName

public java.lang.String getResourceName()
Return the resource name we will be using.

Returns:
the resource name.

setResourceName

public void setResourceName(java.lang.String resourceName)
Set the resource name we will be using.

Parameters:
resourceName - The new resource name

setPermissionManager

public void setPermissionManager(PermissionManager permissionManager)
Set the permission manager used by this realm

Parameters:
permissionManager - the permission manager to use

findSecurityConstraints

public org.apache.catalina.deploy.SecurityConstraint[] findSecurityConstraints(org.apache.catalina.connector.Request request,
                                                                               org.apache.catalina.Context context)
Return the SecurityConstraints configured to guard the request URI for this request, or null if there is no such constraint.

Specified by:
findSecurityConstraints in interface org.apache.catalina.Realm
Overrides:
findSecurityConstraints in class org.apache.catalina.realm.RealmBase
Parameters:
request - Request we are processing
context - Context the Request is mapped to
Returns:
security constraints configured to guard the request URI

hasResourcePermission

public boolean hasResourcePermission(org.apache.catalina.connector.Request request,
                                     org.apache.catalina.connector.Response response,
                                     org.apache.catalina.deploy.SecurityConstraint[] constraints,
                                     org.apache.catalina.Context context)
                              throws java.io.IOException
Perform access control based on the specified authorization constraint.

Specified by:
hasResourcePermission in interface org.apache.catalina.Realm
Overrides:
hasResourcePermission in class org.apache.catalina.realm.RealmBase
Parameters:
request - Request we are processing
response - Response we are creating
constraints - Security constraint we are enforcing
context - The Context to which client of this class is attached.
Returns:
true if this constraint is satisfied and processing should continue, or false otherwise.
Throws:
java.io.IOException - if an input/output error occurs

hasRole

public boolean hasRole(java.security.Principal principal,
                       java.lang.String role)
Specified by:
hasRole in interface org.apache.catalina.Realm
Overrides:
hasRole in class org.apache.catalina.realm.RealmBase
Parameters:
principal - Principal for whom the role is to be checked
role - Security role to be checked
Returns:
true if the specified Principal has the specified security role, within the context of this Realm; otherwise return false. This method can be overridden by Realm implementations, but the default is adequate when an instance of GenericPrincipal is used to represent authenticated Principals from this Realm.

hasUserDataPermission

public boolean hasUserDataPermission(org.apache.catalina.connector.Request request,
                                     org.apache.catalina.connector.Response response,
                                     org.apache.catalina.deploy.SecurityConstraint[] constraints)
                              throws java.io.IOException
Enforce any user data constraint required by the security constraint guarding this request URI.

Specified by:
hasUserDataPermission in interface org.apache.catalina.Realm
Overrides:
hasUserDataPermission in class org.apache.catalina.realm.RealmBase
Parameters:
request - Request we are processing
response - Response we are creating
constraints - Security constraints being checked
Returns:
true if this constraint was not violated and processing should continue, or false if we have created a response already.
Throws:
java.io.IOException - if an input/output error occurs

authenticate

public java.security.Principal authenticate(java.lang.String username,
                                            java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.

Specified by:
authenticate in interface org.apache.catalina.Realm
Overrides:
authenticate in class org.apache.catalina.realm.RealmBase
Parameters:
username - Username of the Principal to look up
credentials - Password or other credentials to use in authenticating this username
Returns:
the principal associated

authenticateResource

public java.security.Principal authenticateResource(java.lang.String username,
                                                    java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.

Parameters:
username - Username of the Principal to look up
credentials - Password or other credentials to use in authenticating this username
Returns:
the principal associated

authenticateJAAS

public java.security.Principal authenticateJAAS(java.lang.String username,
                                                java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.

Parameters:
username - Username of the Principal to look up
credentials - Password or other credentials to use in authenticating this username
Returns:
the principal associated

authenticate

public java.security.Principal authenticate(java.security.cert.X509Certificate[] cert)
Return the Principal associated with the specified chain of X509 client certificates. If there is none, return null.

Specified by:
authenticate in interface org.apache.catalina.Realm
Overrides:
authenticate in class org.apache.catalina.realm.RealmBase
Parameters:
cert - Array of client certificates, with the first one in the array being the certificate of the client itself.
Returns:
the associated Principal

getName

protected java.lang.String getName()
Return a short name for this Realm implementation.

Specified by:
getName in class org.apache.catalina.realm.RealmBase
Returns:
the name

getPassword

protected java.lang.String getPassword(java.lang.String username)
Return the password associated with the given principal's user name.

Specified by:
getPassword in class org.apache.catalina.realm.RealmBase
Parameters:
username - the given principal's user name.
Returns:
the password associated.

getPrincipal

protected java.security.Principal getPrincipal(java.lang.String username)
Return the Principal associated with the given user name.

Specified by:
getPrincipal in class org.apache.catalina.realm.RealmBase
Parameters:
username - the given principal's user name.
Returns:
the Principal associated

setContext

public void setContext(org.apache.catalina.Context context)
Set the context of this Realm. This is used to retrieve xml information of the web.xml file

Parameters:
context - Context for this realm

start

public void start()
           throws org.apache.catalina.LifecycleException
Prepare for active use of the public methods of this Component.

Specified by:
start in interface org.apache.catalina.Lifecycle
Overrides:
start in class org.apache.catalina.realm.RealmBase
Throws:
org.apache.catalina.LifecycleException - if this component detects a fatal error that prevents it from being started

stop

public void stop()
          throws org.apache.catalina.LifecycleException
Gracefully shut down active use of the public methods of this Component.

Specified by:
stop in interface org.apache.catalina.Lifecycle
Overrides:
stop in class org.apache.catalina.realm.RealmBase
Throws:
org.apache.catalina.LifecycleException - if this component detects a fatal error that needs to be reported

log

protected void log(java.lang.String message)
Log a message on the Logger associated with our Container (if any)

Parameters:
message - Message to be logged

clone

public java.lang.Object clone()
                       throws java.lang.CloneNotSupportedException
Creates and returns a copy of this object.

Overrides:
clone in class java.lang.Object
Returns:
copy of this object.
Throws:
java.lang.CloneNotSupportedException - if the copy fails

getPermissionManager

public PermissionManager getPermissionManager()
Returns:
the permission manager used by this realm.