org.apache.catalina.realm |
This package contains Realm implementations for the
various supported realm technologies for authenticating users and
identifying their associated roles. The Realm that is
associated with a web application's Context (or a hierarchically
superior Container) is used to resolve authentication and role presence
questions when a web application uses container managed security as described
in the Servlet API Specification, version 2.2.
The implementations share a common base class that supports basic
functionality for all of the standard Realm implementations,
and can be configured by setting the following properties (default values
are in square brackets):
- debug - Debugging detail level for this component. [0]
The standard Realm implementations that are currently
available include the following (with additional configuration properties
as specified):
- JDBCRealm - Implementation of
Realm that operates
from data stored in a relational database that is accessed via a JDBC
driver. The name of the driver, database connection information, and
the names of the relevant tables and columns are configured with the
following additional properties:
- connectionURL - The URL to use when connecting to this database.
[REQUIRED - NO DEFAULT]
- driverName - Fully qualified Java class name of the JDBC driver
to be used. [REQUIRED - NO DEFAULT]
- roleNameCol - Name of the database column that contains role
names. [REQUIRED - NO DEFAULT]
- userCredCol - Name of the database column that contains the
user's credentials (i.e. password) in cleartext. [REQUIRED -
NO DEFAULT]
- userNameCol - Name of the database column that contains the
user's logon username. [REQUIRED - NO DEFAULT]
- userRoleTable - Name of the database table containing user
role information. This table must include the columns specified by
the
userNameCol and roleNameCol properties.
[REQUIRED - NO DEFAULT]
- userTable - Name of the database table containing user
information. This table must include the columns specified by the
userNameCol and userCredCol properties.
[REQUIRED - NO DEFAULT]
- MemoryRealm - Implementation of
Realm that uses the
contents of a simple XML file (conf/tomcat-users.xml ) as the
list of valid users and their roles. This implementation is primarily to
demonstrate that the authentication technology functions correctly, and is
not anticipated as adequate for general purpose use. This component
supports the following additional properties:
- pathname - Pathname of the XML file containing our user and
role information. If a relative pathname is specified, it is resolved
against the pathname specified by the "catalina.home" system property.
[conf/tomcat-users.xml]
|
Java Source File Name | Type | Comment |
Constants.java | Class | Manifest constants for this Java package.
author: Craig R. |
DataSourceRealm.java | Class | Implmentation of Realm that works with any JDBC JNDI DataSource.
See the JDBCRealm.howto for more details on how to set up the database and
for configuration options.
author: Glenn L. |
GenericPrincipal.java | Class | Generic implementation of java.security.Principal that
is available for use by Realm implementations.
author: Craig R. |
JAASCallbackHandler.java | Class | Implementation of the JAAS CallbackHandler interface,
used to negotiate delivery of the username and credentials that were
specified to our constructor. |
JAASMemoryLoginModule.java | Class | Implementation of the JAAS LoginModule interface,
primarily for use in testing JAASRealm . |
JAASRealm.java | Class | Implmentation of Realm that authenticates users via the Java
Authentication and Authorization Service (JAAS). |
JDBCRealm.java | Class | Implmentation of Realm that works with any JDBC supported database.
See the JDBCRealm.howto for more details on how to set up the database and
for configuration options.
TODO - Support connection pooling (including message
format objects) so that authenticate() does not have to be
synchronized and would fix the ugly connection logic. |
JNDIRealm.java | Class | Implementation of Realm that works with a directory
server accessed via the Java Naming and Directory Interface (JNDI) APIs.
The following constraints are imposed on the data structure in the
underlying directory server:
- Each user that can be authenticated is represented by an individual
element in the top level
DirContext that is accessed
via the connectionURL property.
- If a socket connection can not be made to the
connectURL
an attempt will be made to use the alternateURL if it
exists.
- Each user element has a distinguished name that can be formed by
substituting the presented username into a pattern configured by the
userPattern property.
- Alternatively, if the
userPattern property is not
specified, a unique element can be located by searching the directory
context. |
MemoryRealm.java | Class | Simple implementation of Realm that reads an XML file to configure
the valid users, passwords, and roles. |
MemoryRuleSet.java | Class | RuleSet for recognizing the users defined in the
XML file processed by MemoryRealm .
author: Craig R. |
RealmBase.java | Class | Simple implementation of Realm that reads an XML file to configure
the valid users, passwords, and roles. |
UserDatabaseRealm.java | Class | Implementation of
Realm that is based on an implementation of
UserDatabase made available through the global JNDI resources
configured for this instance of Catalina. |