| java.lang.Object
 org.apache.catalina.realm.RealmBase
All known Subclasses: org.apache.catalina.realm.JNDIRealm, org.apache.catalina.realm.JAASRealm, org.apache.catalina.realm.DataSourceRealm, org.apache.catalina.realm.UserDatabaseRealm, org.apache.catalina.realm.MemoryRealm, org.apache.catalina.realm.JDBCRealm,
| RealmBase | | abstract public class RealmBase implements Lifecycle,Realm,MBeanRegistration(Code) | | Simple implementation of Realm that reads an XML file to configure
the valid users, passwords, and roles. The file format (and default file
location) are identical to those currently supported by Tomcat 3.X.
author:
Craig R. McClanahan
version:
$Revision: 1.33 $ $Date: 2004/05/26 15:51:25 $ |
| Method Summary | |
| final public static String | Digest(String credentials, String algorithm)
Digest password using the algorithm especificied and
convert the result to a corresponding hex string. | | public void | addLifecycleListener(LifecycleListener listener)
Add a lifecycle event listener to this component. | | public void | addPropertyChangeListener(PropertyChangeListener listener)
Add a property change listener to this component. | | public Principal | authenticate(String username, String credentials)
Return the Principal associated with the specified username and
credentials, if there is one; otherwise return null. | | public Principal | authenticate(String username, byte[] credentials)
Return the Principal associated with the specified username and
credentials, if there is one; otherwise return null. | | public Principal | authenticate(String username, String clientDigest, String nOnce, String nc, String cnonce, String qop, String realm, String md5a2)
Return the Principal associated with the specified username, which
matches the digest calculated using the given parameters using the
method described in RFC 2069; otherwise return null. | | public Principal | authenticate(X509Certificate certs)
Return the Principal associated with the specified chain of X509
client certificates. | | public void | destroy()
| | protected String | digest(String credentials)
Digest the password using the specified algorithm and
convert the result to a corresponding hexadecimal string. | | public LifecycleListener[] | findLifecycleListeners()
Get the lifecycle listeners associated with this lifecycle. | | public SecurityConstraint[] | findSecurityConstraints(HttpRequest request, Context context)
Return the SecurityConstraints configured to guard the request URI for
this request, or null if there is no such constraint. | | public Container | getContainer()
Return the Container with which this Realm has been associated. | | public ObjectName | getController()
| | public int | getDebug()
Return the debugging detail level for this component. | | public String | getDigest()
Return the digest algorithm used for storing credentials. | | protected String | getDigest(String username, String realmName)
Return the digest associated with given principal's user name. | | public String | getDomain()
| | public String | getInfo()
Return descriptive information about this Realm implementation and
the corresponding version number, in the format
<description>/<version>. | | abstract protected String | getName()
Return a short name for this Realm implementation, for use in
log messages. | | public ObjectName | getObjectName()
| | abstract protected String | getPassword(String username)
Return the password associated with the given principal's user name. | | abstract protected Principal | getPrincipal(String username)
Return the Principal associated with the given user name. | | public String | getType()
| | public boolean | getValidate()
Return the "validate certificate chains" flag. | | protected boolean | hasMessageDigest()
| | public boolean | hasResourcePermission(HttpRequest request, HttpResponse response, SecurityConstraint[] constraints, Context context)
Perform access control based on the specified authorization constraint. | | public boolean | hasRole(Principal principal, String role)
Return true if the specified Principal has the specified
security role, within the context of this Realm; otherwise return
false. | | public boolean | hasUserDataPermission(HttpRequest request, HttpResponse response, SecurityConstraint[] constraints)
Enforce any user data constraint required by the security constraint
guarding this request URI. | | public void | init()
| | protected void | log(String message)
| | protected void | log(String message, Throwable throwable)
| | public static void | main(String args)
Digest password using the algorithm especificied and
convert the result to a corresponding hex string. | | public void | postDeregister()
| | public void | postRegister(Boolean registrationDone)
| | public void | preDeregister()
| | public ObjectName | preRegister(MBeanServer server, ObjectName name)
| | public void | removeLifecycleListener(LifecycleListener listener)
Remove a lifecycle event listener from this component. | | public void | removePropertyChangeListener(PropertyChangeListener listener)
Remove a property change listener from this component. | | public void | setContainer(Container container)
Set the Container with which this Realm has been associated. | | public void | setController(ObjectName controller)
| | public void | setDebug(int debug)
Set the debugging detail level for this component. | | public void | setDigest(String digest)
Set the digest algorithm used for storing credentials. | | public void | setValidate(boolean validate)
Set the "validate certificate chains" flag. | | public void | start()
Prepare for the beginning of active use of the public methods of this
component. | | public void | stop()
Gracefully terminate the active use of the public methods of this
component. |
| container | | protected Container container(Code) | | The Container with which this Realm is associated.
|
| debug | | protected int debug(Code) | | The debugging detail level for this component.
|
| digest | | protected String digest(Code) | | Digest algorithm used in storing passwords in a non-plaintext format.
Valid values are those accepted for the algorithm name by the
MessageDigest class, or null if no digesting should
be performed.
|
| info | | final protected static String info(Code) | | Descriptive information about this Realm implementation.
|
| initialized | | protected boolean initialized(Code) | | |
| md | | protected MessageDigest md(Code) | | The MessageDigest object for digesting user credentials (passwords).
|
| md5Encoder | | final protected static MD5Encoder md5Encoder(Code) | | The MD5 helper object for this class.
|
| started | | protected boolean started(Code) | | Has this component been started?
|
| validate | | protected boolean validate(Code) | | Should we validate client certificate chains when they are presented?
|
| Digest | | final public static String Digest(String credentials, String algorithm)(Code) | | Digest password using the algorithm especificied and
convert the result to a corresponding hex string.
If exception, the plain credentials string is returned
Parameters:
credentials - Password or other credentials to use inauthenticating this username
Parameters:
algorithm - Algorithm used to do th digest |
| addLifecycleListener | | public void addLifecycleListener(LifecycleListener listener)(Code) | | Add a lifecycle event listener to this component.
Parameters:
listener - The listener to add |
| addPropertyChangeListener | | public void addPropertyChangeListener(PropertyChangeListener listener)(Code) | | Add a property change listener to this component.
Parameters:
listener - The listener to add |
| authenticate | | public Principal authenticate(String username, String credentials)(Code) | | Return the Principal associated with the specified username and
credentials, if there is one; otherwise return null.
Parameters:
username - Username of the Principal to look up
Parameters:
credentials - Password or other credentials to use inauthenticating this username |
| authenticate | | public Principal authenticate(String username, byte[] credentials)(Code) | | Return the Principal associated with the specified username and
credentials, if there is one; otherwise return null.
Parameters:
username - Username of the Principal to look up
Parameters:
credentials - Password or other credentials to use inauthenticating this username |
| authenticate | | public Principal authenticate(String username, String clientDigest, String nOnce, String nc, String cnonce, String qop, String realm, String md5a2)(Code) | | Return the Principal associated with the specified username, which
matches the digest calculated using the given parameters using the
method described in RFC 2069; otherwise return null.
Parameters:
username - Username of the Principal to look up
Parameters:
clientDigest - Digest which has been submitted by the client
Parameters:
nOnce - Unique (or supposedly unique) token which has been usedfor this request
Parameters:
realm - Realm name
Parameters:
md5a2 - Second MD5 digest used to calculate the digest :MD5(Method + ":" + uri) |
| authenticate | | public Principal authenticate(X509Certificate certs)(Code) | | Return the Principal associated with the specified chain of X509
client certificates. If there is none, return null.
Parameters:
certs - Array of client certificates, with the first one inthe array being the certificate of the client itself. |
| destroy | | public void destroy()(Code) | | |
| digest | | protected String digest(String credentials)(Code) | | Digest the password using the specified algorithm and
convert the result to a corresponding hexadecimal string.
If exception, the plain credentials string is returned.
IMPLEMENTATION NOTE - This implementation is
synchronized because it reuses the MessageDigest instance.
This should be faster than cloning the instance on every request.
Parameters:
credentials - Password or other credentials to use inauthenticating this username |
| findLifecycleListeners | | public LifecycleListener[] findLifecycleListeners()(Code) | | Get the lifecycle listeners associated with this lifecycle. If this
Lifecycle has no listeners registered, a zero-length array is returned.
|
| findSecurityConstraints | | public SecurityConstraint[] findSecurityConstraints(HttpRequest request, Context context)(Code) | | Return the SecurityConstraints configured to guard the request URI for
this request, or null if there is no such constraint.
Parameters:
request - Request we are processing
Parameters:
context - Context the Request is mapped to |
| getContainer | | public Container getContainer()(Code) | | Return the Container with which this Realm has been associated.
|
| getDebug | | public int getDebug()(Code) | | Return the debugging detail level for this component.
|
| getDigest | | public String getDigest()(Code) | | Return the digest algorithm used for storing credentials.
|
| getDigest | | protected String getDigest(String username, String realmName)(Code) | | Return the digest associated with given principal's user name.
|
| getInfo | | public String getInfo()(Code) | | Return descriptive information about this Realm implementation and
the corresponding version number, in the format
<description>/<version>.
|
| getName | | abstract protected String getName()(Code) | | Return a short name for this Realm implementation, for use in
log messages.
|
| getPassword | | abstract protected String getPassword(String username)(Code) | | Return the password associated with the given principal's user name.
|
| getPrincipal | | abstract protected Principal getPrincipal(String username)(Code) | | Return the Principal associated with the given user name.
|
| getValidate | | public boolean getValidate()(Code) | | Return the "validate certificate chains" flag.
|
| hasMessageDigest | | protected boolean hasMessageDigest()(Code) | | |
| hasResourcePermission | | public boolean hasResourcePermission(HttpRequest request, HttpResponse response, SecurityConstraint[] constraints, Context context) throws IOException(Code) | | Perform access control based on the specified authorization constraint.
Return true if this constraint is satisfied and processing
should continue, or false otherwise.
Parameters:
request - Request we are processing
Parameters:
response - Response we are creating
Parameters:
constraints - Security constraint we are enforcing
Parameters:
context - The Context to which client of this class is attached.
exception:
IOException - if an input/output error occurs |
| hasRole | | public boolean hasRole(Principal principal, String role)(Code) | | Return true if the specified Principal has the specified
security role, within the context of this Realm; otherwise return
false. This method can be overridden by Realm
implementations, but the default is adequate when an instance of
GenericPrincipal is used to represent authenticated
Principals from this Realm.
Parameters:
principal - Principal for whom the role is to be checked
Parameters:
role - Security role to be checked |
| hasUserDataPermission | | public boolean hasUserDataPermission(HttpRequest request, HttpResponse response, SecurityConstraint[] constraints) throws IOException(Code) | | Enforce any user data constraint required by the security constraint
guarding this request URI. Return true if this constraint
was not violated and processing should continue, or false
if we have created a response already.
Parameters:
request - Request we are processing
Parameters:
response - Response we are creating
Parameters:
constraints - Security constraint being checked
exception:
IOException - if an input/output error occurs |
| log | | protected void log(String message)(Code) | | Log a message on the Logger associated with our Container (if any)
Parameters:
message - Message to be logged |
| log | | protected void log(String message, Throwable throwable)(Code) | | Log a message on the Logger associated with our Container (if any)
Parameters:
message - Message to be logged
Parameters:
throwable - Associated exception |
| main | | public static void main(String args)(Code) | | Digest password using the algorithm especificied and
convert the result to a corresponding hex string.
If exception, the plain credentials string is returned
|
| postDeregister | | public void postDeregister()(Code) | | |
| postRegister | | public void postRegister(Boolean registrationDone)(Code) | | |
| removeLifecycleListener | | public void removeLifecycleListener(LifecycleListener listener)(Code) | | Remove a lifecycle event listener from this component.
Parameters:
listener - The listener to remove |
| removePropertyChangeListener | | public void removePropertyChangeListener(PropertyChangeListener listener)(Code) | | Remove a property change listener from this component.
Parameters:
listener - The listener to remove |
| setContainer | | public void setContainer(Container container)(Code) | | Set the Container with which this Realm has been associated.
Parameters:
container - The associated Container |
| setDebug | | public void setDebug(int debug)(Code) | | Set the debugging detail level for this component.
Parameters:
debug - The new debugging detail level |
| setDigest | | public void setDigest(String digest)(Code) | | Set the digest algorithm used for storing credentials.
Parameters:
digest - The new digest algorithm |
| setValidate | | public void setValidate(boolean validate)(Code) | | Set the "validate certificate chains" flag.
Parameters:
validate - The new validate certificate chains flag |
| start | | public void start() throws LifecycleException(Code) | | Prepare for the beginning of active use of the public methods of this
component. This method should be called before any of the public
methods of this component are utilized. It should also send a
LifecycleEvent of type START_EVENT to any registered listeners.
exception:
LifecycleException - if this component detects a fatal errorthat prevents this component from being used |
| stop | | public void stop() throws LifecycleException(Code) | | Gracefully terminate the active use of the public methods of this
component. This method should be the last one called on a given
instance of this component. It should also send a LifecycleEvent
of type STOP_EVENT to any registered listeners.
exception:
LifecycleException - if this component detects a fatal errorthat needs to be reported |
|
|