org.ow2.jonas.web.tomcat6.security
Class Realm

java.lang.Object
  org.apache.catalina.realm.RealmBase
      org.ow2.jonas.web.tomcat6.security.Realm

All Implemented Interfaces:

Cloneable, MBeanRegistration, org.apache.catalina.Lifecycle, org.apache.catalina.Realm

public class Realm
extends org.apache.catalina.realm.RealmBase
implements Cloneable

Implementation of a Realm. (by a wrapper)
Use any JOnAS realm by specifying the resource name This implementation manages the security with JACC specification It implements Cloneable to allow clones. Each context must have its own Realm. A realm can not be shared across different contexts or an engine. This is because each realm is associated to a permission manager Extends the Realmbase class of the Tomcat Server.
This Realm can use also the LoginModule for the authentication

Author:

Florent Benoit

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.catalina.realm.RealmBase

org.apache.catalina.realm.RealmBase.AllRolesMode

Field Summary

Fields inherited from class org.apache.catalina.realm.RealmBase

allRolesMode, container, containerLog, controller, digest, digestEncoding, domain, host, info, initialized, lifecycle, md, md5Encoder, md5Helper, mserver, oname, path, realmPath, started, support, type, validate

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Realm()

Method Summary

Principal	authenticate(String username, String credentials) Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
Principal	authenticate(X509Certificate[] cert) Return the Principal associated with the specified chain of X509 client certificates.
Principal	authenticateJAAS(String username, String credentials) Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
Principal	authenticateResource(String username, String credentials) Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
Object	clone() Creates and returns a copy of this object.
org.apache.catalina.deploy.SecurityConstraint[]	findSecurityConstraints(org.apache.catalina.connector.Request request, org.apache.catalina.Context context) Return the SecurityConstraints configured to guard the request URI for this request, or null if there is no such constraint.
String	getInfo() Return descriptive information about this Realm implementation and the corresponding version number, in the format.
String	getJaasEntry() Return the JAAS entry name we will be using.
protected String	getName() Return a short name for this Realm implementation.
protected String	getPassword(String username) Return the password associated with the given principal's user name.
PermissionManager	getPermissionManager()
protected Principal	getPrincipal(String username) Return the Principal associated with the given user name.
String	getResourceName() Return the resource name we will be using.
boolean	hasResourcePermission(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.SecurityConstraint[] constraints, org.apache.catalina.Context context) Perform access control based on the specified authorization constraint.
boolean	hasRole(Principal principal, String role)
boolean	hasUserDataPermission(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.SecurityConstraint[] constraints) Enforce any user data constraint required by the security constraint guarding this request URI.
void	setContext(org.apache.catalina.Context context) Set the context of this Realm.
void	setJaasEntry(String jaasEntry) Set the JAAS entry we will be using.
void	setPermissionManager(PermissionManager permissionManager) Set the permission manager used by this realm.
void	setResourceName(String resourceName) Set the resource name we will be using.
void	setSecurityService(SecurityService securityService) Assign the SecurityService instance to be used for authentication.
void	start() Prepare for active use of the public methods of this Component.
void	stop() Gracefully shut down active use of the public methods of this Component.

Methods inherited from class org.apache.catalina.realm.RealmBase

addLifecycleListener, addPropertyChangeListener, authenticate, authenticate, backgroundProcess, destroy, digest, Digest, findLifecycleListeners, getAllRolesMode, getContainer, getController, getDigest, getDigest, getDigestEncoding, getDomain, getObjectName, getPrincipal, getRealmPath, getRealmSuffix, getType, getValidate, hasMessageDigest, init, main, postDeregister, postRegister, preDeregister, preRegister, removeLifecycleListener, removePropertyChangeListener, setAllRolesMode, setContainer, setController, setDigest, setDigestEncoding, setRealmPath, setValidate

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

Realm

public Realm()

Method Detail

getInfo

public String getInfo()

Return descriptive information about this Realm implementation and the corresponding version number, in the format. <description>/<version>.

Specified by:

getInfo in interface org.apache.catalina.Realm

Overrides:

getInfo in class org.apache.catalina.realm.RealmBase

Returns:

the info.

getResourceName

public String getResourceName()

Return the resource name we will be using.

Returns:

the resource name.

setResourceName

public void setResourceName(String resourceName)

Set the resource name we will be using.

Parameters:

resourceName - The new resource name

getJaasEntry

public String getJaasEntry()

Return the JAAS entry name we will be using.

Returns:

the JAAS entry name.

setJaasEntry

public void setJaasEntry(String jaasEntry)

Set the JAAS entry we will be using.

Parameters:

jaasEntry - the JAAS entry name

setPermissionManager

public void setPermissionManager(PermissionManager permissionManager)

Set the permission manager used by this realm.

Parameters:

permissionManager - the permission manager to use

findSecurityConstraints

public org.apache.catalina.deploy.SecurityConstraint[] findSecurityConstraints(org.apache.catalina.connector.Request request,
                                                                               org.apache.catalina.Context context)

Return the SecurityConstraints configured to guard the request URI for this request, or null if there is no such constraint.

Specified by:

findSecurityConstraints in interface org.apache.catalina.Realm

Overrides:

findSecurityConstraints in class org.apache.catalina.realm.RealmBase

Parameters:

request - Request we are processing

context - Context the Request is mapped to

Returns:

security constraints configured to guard the request URI

hasResourcePermission

public boolean hasResourcePermission(org.apache.catalina.connector.Request request,
                                     org.apache.catalina.connector.Response response,
                                     org.apache.catalina.deploy.SecurityConstraint[] constraints,
                                     org.apache.catalina.Context context)
                              throws IOException

Perform access control based on the specified authorization constraint.

Specified by:

hasResourcePermission in interface org.apache.catalina.Realm

Overrides:

hasResourcePermission in class org.apache.catalina.realm.RealmBase

Parameters:

request - Request we are processing

response - Response we are creating

constraints - Security constraint we are enforcing

context - The Context to which client of this class is attached.

Returns:

true if this constraint is satisfied and processing should continue, or false otherwise.

Throws:

IOException - if an input/output error occurs

hasRole

public boolean hasRole(Principal principal,
                       String role)

Specified by:

hasRole in interface org.apache.catalina.Realm

Overrides:

hasRole in class org.apache.catalina.realm.RealmBase

Parameters:

principal - Principal for whom the role is to be checked

role - Security role to be checked

Returns:

true if the specified Principal has the specified security role, within the context of this Realm; otherwise return false. This method can be overridden by Realm implementations, but the default is adequate when an instance of GenericPrincipal is used to represent authenticated Principals from this Realm.

hasUserDataPermission

public boolean hasUserDataPermission(org.apache.catalina.connector.Request request,
                                     org.apache.catalina.connector.Response response,
                                     org.apache.catalina.deploy.SecurityConstraint[] constraints)
                              throws IOException

Enforce any user data constraint required by the security constraint guarding this request URI.

Specified by:

hasUserDataPermission in interface org.apache.catalina.Realm

Overrides:

hasUserDataPermission in class org.apache.catalina.realm.RealmBase

Parameters:

request - Request we are processing

response - Response we are creating

constraints - Security constraints being checked

Returns:

true if this constraint was not violated and processing should continue, or false if we have created a response already.

Throws:

IOException - if an input/output error occurs

authenticate

public Principal authenticate(String username,
                              String credentials)

Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.

Specified by:

authenticate in interface org.apache.catalina.Realm

Overrides:

authenticate in class org.apache.catalina.realm.RealmBase

Parameters:

username - Username of the Principal to look up

credentials - Password or other credentials to use in authenticating this username

Returns:

the principal associated

authenticateResource

public Principal authenticateResource(String username,
                                      String credentials)

Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.

Parameters:

username - Username of the Principal to look up

credentials - Password or other credentials to use in authenticating this username

Returns:

the principal associated

authenticateJAAS

public Principal authenticateJAAS(String username,
                                  String credentials)

Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.

Parameters:

username - Username of the Principal to look up

credentials - Password or other credentials to use in authenticating this username

Returns:

the principal associated

authenticate

public Principal authenticate(X509Certificate[] cert)

Return the Principal associated with the specified chain of X509 client certificates. If there is none, return null.

Specified by:

authenticate in interface org.apache.catalina.Realm

Overrides:

authenticate in class org.apache.catalina.realm.RealmBase

Parameters:

cert - Array of client certificates, with the first one in the array being the certificate of the client itself.

Returns:

the associated Principal

getName

protected String getName()

Return a short name for this Realm implementation.

Specified by:

getName in class org.apache.catalina.realm.RealmBase

Returns:

the name

getPassword

protected String getPassword(String username)

Return the password associated with the given principal's user name.

Specified by:

getPassword in class org.apache.catalina.realm.RealmBase

Parameters:

username - the given principal's user name.

Returns:

the password associated.

getPrincipal

protected Principal getPrincipal(String username)

Return the Principal associated with the given user name.

Specified by:

getPrincipal in class org.apache.catalina.realm.RealmBase

Parameters:

username - the given principal's user name.

Returns:

the Principal associated

setContext

public void setContext(org.apache.catalina.Context context)

Set the context of this Realm. This is used to retrieve xml information of the web.xml file

Parameters:

context - Context for this realm

setSecurityService

public void setSecurityService(SecurityService securityService)

Assign the SecurityService instance to be used for authentication.

Parameters:

securityService - SecurityService to use.

start

public void start()
           throws org.apache.catalina.LifecycleException

Prepare for active use of the public methods of this Component.

Specified by:

start in interface org.apache.catalina.Lifecycle

Overrides:

start in class org.apache.catalina.realm.RealmBase

Throws:

org.apache.catalina.LifecycleException - if this component detects a fatal error that prevents it from being started

stop

public void stop()
          throws org.apache.catalina.LifecycleException

Gracefully shut down active use of the public methods of this Component.

Specified by:

stop in interface org.apache.catalina.Lifecycle

Overrides:

stop in class org.apache.catalina.realm.RealmBase

Throws:

org.apache.catalina.LifecycleException - if this component detects a fatal error that needs to be reported

clone

public Object clone()
             throws CloneNotSupportedException

Creates and returns a copy of this object.

Overrides:

clone in class Object

Returns:

copy of this object.

Throws:

CloneNotSupportedException - if the copy fails

getPermissionManager

public PermissionManager getPermissionManager()

Returns:

the permission manager used by this realm.