| org.jboss.web.tomcat.security.JBossSecurityMgrRealm
All known Subclasses: org.jboss.web.tomcat.security.JaccAuthorizationRealm,
| JBossSecurityMgrRealm | | public class JBossSecurityMgrRealm extends RealmBase implements Realm(Code) | | An implementation of the catelinz Realm and Valve interfaces. The Realm
implementation handles authentication and authorization using the JBossSX
security framework. It relieas on the JNDI ENC namespace setup by the
AbstractWebContainer. In particular, it uses the java:comp/env/security
subcontext to access the security manager interfaces for authorization and
authenticaton. The Valve interface is used to associated the
authenticated user with the SecurityAssociation class when a request begins
so that web components may call EJBs and have the principal propagated. The
security association is removed when the request completes.
author:
Scott.Stark@jboss.org
version:
$Revision: 57206 $
See Also: org.jboss.security.AuthenticationManager
See Also: org.jboss.security.CertificatePrincipal
See Also: org.jboss.security.RealmMapping
See Also: org.jboss.security.SimplePrincipal
See Also: org.jboss.security.SecurityAssociation
See Also: org.jboss.security.SubjectSecurityManager |
| Field Summary | |
| static Logger | log
|
| Method Summary | |
| public Principal | authenticate(X509Certificate[] certs)
Return the Principal associated with the specified chain of X509 client
certificates. | | public Principal | authenticate(String username, String digest, String nonce, String nc, String cnonce, String qop, String realm, String md5a2)
Return the Principal associated with the specified username, which matches
the digest calculated using the given parameters using the method
described in RFC 2069; otherwise return null. | | public Principal | authenticate(String username, String credentials)
Return the Principal associated with the specified username and
credentials, if there is one; otherwise return null. | | public Principal | authenticate(String username, byte[] credentials)
Return the Principal associated with the specified username and
credentials, if there is one; otherwise return null. | | protected Principal | getCachingPrincpal(RealmMapping realmMapping, Principal authPrincipal, Principal callerPrincipal, Object credential, Subject subject)
Create the session principal tomcat will cache to avoid callouts to this
Realm. | | protected String | getName()
Return a short name for this Realm implementation, for use in log
messages. | | protected String | getPassword(String username)
Return the password associated with the given principal's user name. | | protected Principal | getPrincipal(String username)
Return the Principal associated with the given user name. | | protected Set | getPrincipalRoles(Principal principal)
Access the set of role Princpals associated with the given caller princpal. | | public boolean | hasResourcePermission(Request request, Response response, SecurityConstraint[] constraints, org.apache.catalina.Context context)
| | public boolean | hasRole(Principal principal, String role)
Returns true if the specified user Principal has
the specified security role, within the context of this
Realm; otherwise return false. | | public void | setCertificatePrincipal(String className)
Set the class name of the CertificatePrincipal used for mapping X509 cert
chains to a Princpal. | | public void | start()
| | public void | stop()
|
| authenticate | | public Principal authenticate(X509Certificate[] certs)(Code) | | Return the Principal associated with the specified chain of X509 client
certificates. If there is none, return null.
Parameters:
certs - Array of client certificates, with the first one in the arraybeing the certificate of the client itself. |
| authenticate | | public Principal authenticate(String username, String digest, String nonce, String nc, String cnonce, String qop, String realm, String md5a2)(Code) | | Return the Principal associated with the specified username, which matches
the digest calculated using the given parameters using the method
described in RFC 2069; otherwise return null.
Parameters:
username - Username of the Principal to look up
Parameters:
digest - Digest which has been submitted by the client
Parameters:
nonce - Unique (or supposedly unique) token which has been used forthis request
Parameters:
nc - client nonce reuse count
Parameters:
cnonce - client token
Parameters:
qop - quality of protection
Parameters:
realm - Realm name
Parameters:
md5a2 - Second MD5 digest used to calculate the digest : MD5(Method +":" + uri) |
| authenticate | | public Principal authenticate(String username, String credentials)(Code) | | Return the Principal associated with the specified username and
credentials, if there is one; otherwise return null.
Parameters:
username - Username of the Principal to look up
Parameters:
credentials - Password or other credentials to use in authenticatingthis username |
| authenticate | | public Principal authenticate(String username, byte[] credentials)(Code) | | Return the Principal associated with the specified username and
credentials, if there is one; otherwise return null.
Parameters:
username - Username of the Principal to look up
Parameters:
credentials - Password or other credentials to use in authenticatingthis username |
| getCachingPrincpal | | protected Principal getCachingPrincpal(RealmMapping realmMapping, Principal authPrincipal, Principal callerPrincipal, Object credential, Subject subject)(Code) | | Create the session principal tomcat will cache to avoid callouts to this
Realm.
Parameters:
realmMapping - - the role mapping security manager
Parameters:
authPrincipal - - the principal used for authentication and stored inthe security manager cache
Parameters:
callerPrincipal - - the possibly different caller principalrepresentation of the authenticated principal
Parameters:
credential - - the credential used for authentication the tomcat session principal wrapper |
| getName | | protected String getName()(Code) | | Return a short name for this Realm implementation, for use in log
messages.
|
| getPassword | | protected String getPassword(String username)(Code) | | Return the password associated with the given principal's user name.
|
| getPrincipal | | protected Principal getPrincipal(String username)(Code) | | Return the Principal associated with the given user name.
|
| getPrincipalRoles | | protected Set getPrincipalRoles(Principal principal)(Code) | | Access the set of role Princpals associated with the given caller princpal.
Parameters:
principal - - the Principal mapped from the authentication principaland visible from the HttpServletRequest.getUserPrincipal a possible null Set for the caller roles |
| hasResourcePermission | | public boolean hasResourcePermission(Request request, Response response, SecurityConstraint[] constraints, org.apache.catalina.Context context) throws IOException(Code) | | |
| hasRole | | public boolean hasRole(Principal principal, String role)(Code) | | Returns true if the specified user Principal has
the specified security role, within the context of this
Realm; otherwise return false. This will be true
when an associated role Principal can be found whose
getName method returns a String equalling the
specified role.
Parameters:
principal - Principal for whom the role is to bechecked
Parameters:
role - Security role to be checked |
| setCertificatePrincipal | | public void setCertificatePrincipal(String className)(Code) | | Set the class name of the CertificatePrincipal used for mapping X509 cert
chains to a Princpal.
Parameters:
className - the CertificatePrincipal implementation class that musthave a no-arg ctor.
See Also: org.jboss.security.CertificatePrincipal |
| start | | public void start() throws LifecycleException(Code) | | Override to allow a single realm to be shared as a realm and valve
|
| stop | | public void stop() throws LifecycleException(Code) | | Override to allow a single realm to be shared as a realm and valve
|
|
|