| org.josso.jb32.agent.JBossCatalinaRealm
JBossCatalinaRealm | public class JBossCatalinaRealm extends JBossSecurityMgrRealm (Code) | | JBoss Realm proxy that does mainly the following two things :
1. Before invoking the overriden Realm methods, it creates a "java:comp/env/security" JNDI context
needed by the JBossSecurityMgrRealm to retrieve the configured JBoss Security Manager.
The "java:comp/env/security" context is only created by Catalina for built-in authenticators
and web applications contexts. The Context where the Agent Valve is associated to does not have
an ENC at all so we must build one for it.
2. Completely overrides the user authentication method so that the current Principal is not
the SSO Session Id Principal but the SSOUser Principal.
All Realm operations that require a SecurityContext were overriden so that there is a chance
for our Realm to prepare the "java:comp/env/security" JNDI Context.
author: Gianluca Brigandi version: CVS $Id: JBossCatalinaRealm.java 508 2008-02-18 13:32:29Z sgonzalez $ |
Method Summary | |
public Principal | authenticate(String username, String credentials) Return the Principal associated with the specified username and
credentials, if there is one; otherwise return null.
The method was completely rewritten since the overriden operation,
on succesfull authentication, sets as the authenticated Principal
a SimplePrincipal instantiated using the provided username.
The problem is that in JOSSO the username is a SSO Session Id, not
a username. | public Principal | authenticate(X509Certificate[] certs) Return the Principal associated with the specified chain of X509
client certificates. | public boolean | hasRole(Principal principal, String role) Return true if the specified Principal has the specified
security role, within the context of this Realm; otherwise return
false . | protected Context | prepareENC() This creates a java:comp/env/security context that contains a
securityMgr binding pointing to an AuthenticationManager implementation
and a realmMapping binding pointing to a RealmMapping implementation. |
authenticate | public Principal authenticate(String username, String credentials)(Code) | | Return the Principal associated with the specified username and
credentials, if there is one; otherwise return null.
The method was completely rewritten since the overriden operation,
on succesfull authentication, sets as the authenticated Principal
a SimplePrincipal instantiated using the provided username.
The problem is that in JOSSO the username is a SSO Session Id, not
a username. So we need to set the SSOUser returned by the JAAS Gateway
Login Module as the authenticatd Principal.
Since the JaasSecurityManager caches the authenticated user using the
Principal referring to a JOSSO Session Id, we will need to map, for
example when roles are checked against the realm, a user Principal
back to its JOSSO Session Identifier Principal. This way the the user
and its roles can be retrieved correctly by the JaasSecurityManager.
Parameters: username - Username of the Principal to look up Parameters: credentials - Password or other credentials to use inauthenticating this username |
authenticate | public Principal authenticate(X509Certificate[] certs)(Code) | | Return the Principal associated with the specified chain of X509
client certificates. If there is none, return null .
Before invoking the overriden operation it creates the security JNDI context
in case one was not found.
Parameters: certs - Array of client certificates, with the first one inthe array being the certificate of the client itself. |
hasRole | public boolean hasRole(Principal principal, String role)(Code) | | Return true if the specified Principal has the specified
security role, within the context of this Realm; otherwise return
false .
Since the Principal, in the JaasSecurityManager, has been stored in its cache
using the JOSSO Single Sign-On Session Identifier Principal (see isValid method),
when roles are checked , the Principal to be submitted to the overriden
operation is not the user principal but the JOSSO Session Id Principal.
Parameters: principal - Principal for whom the role is to be checked Parameters: role - Security role to be checked |
prepareENC | protected Context prepareENC() throws NamingException(Code) | | This creates a java:comp/env/security context that contains a
securityMgr binding pointing to an AuthenticationManager implementation
and a realmMapping binding pointing to a RealmMapping implementation.
|
|
|