|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
java.lang.Objectorg.apache.catalina.realm.RealmBase
org.apache.catalina.realm.JAASRealm
Implmentation of Realm that authenticates users via the Java
Authentication and Authorization Service (JAAS). JAAS support requires
either JDK 1.4 (which includes it as part of the standard platform) or
JDK 1.3 (with the plug-in jaas.jar file).
The value configured for the appName property is passed to
the javax.security.auth.login.LoginContext constructor, to
specify the application name used to select the set of relevant
LoginModules required.
The JAAS Specification describes the result of a successful login as a
javax.security.auth.Subject instance, which can contain zero
or more java.security.Principal objects in the return value
of the Subject.getPrincipals() method. However, it provides
no guidance on how to distinguish Principals that describe the individual
user (and are thus appropriate to return as the value of
request.getUserPrincipal() in a web application) from the Principal(s)
that describe the authorized roles for this user. To maintain as much
independence as possible from the underlying LoginMethod
implementation executed by JAAS, the following policy is implemented by
this Realm:
LoginModule is assumed to return a
Subject with at least one Principal instance
representing the user himself or herself, and zero or more separate
Principals representing the security roles authorized
for this user.Principal representing the user, the Principal
name is an appropriate value to return via the Servlet API method
HttpServletRequest.getRemoteUser().Principals representing the security roles, the
name is the name of the authorized security role.java.security.Principal - one that identifies class(es)
representing a user, and one that identifies class(es) representing
a security role.Principals returned by
Subject.getPrincipals(), it will identify the first
Principal that matches the "user classes" list as the
Principal for this user.Princpals returned by
Subject.getPrincipals(), it will accumulate the set of
all Principals matching the "role classes" list as
identifying the security roles for this user.Subject without a Principal that
matches the "user classes" list.
| Field Summary | |
protected java.lang.String |
appName
The application name passed to the JAAS LoginContext,
which uses it to select the set of relevant LoginModules. |
protected static java.lang.String |
info
Descriptive information about this Realm implementation. |
protected static java.lang.String |
name
Descriptive information about this Realm implementation. |
protected java.util.ArrayList |
roleClasses
The list of role class names, split out for easy processing. |
protected java.lang.String |
roleClassNames
Comma-delimited list of javax.security.Principal classes
that represent security roles. |
protected static StringManager |
sm
The string manager for this package. |
protected java.util.ArrayList |
userClasses
The set of user class names, split out for easy processing. |
protected java.lang.String |
userClassNames
Comma-delimited list of javax.security.Principal classes
that represent individual users. |
| Fields inherited from class org.apache.catalina.realm.RealmBase |
container, debug, digest, digestEncoding, lifecycle, md, md5Encoder, md5Helper, started, support, validate |
| Fields inherited from interface org.apache.catalina.Lifecycle |
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, START_EVENT, STOP_EVENT |
| Constructor Summary | |
JAASRealm()
|
|
| Method Summary | |
java.security.Principal |
authenticate(java.lang.String username,
java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null. |
protected java.security.Principal |
createPrincipal(java.lang.String username,
javax.security.auth.Subject subject)
Construct and return a java.security.Principal instance
representing the authenticated user for the specified Subject. |
java.lang.String |
getAppName()
getter for the appName member variable |
protected java.lang.String |
getName()
Return a short name for this Realm implementation. |
protected java.lang.String |
getPassword(java.lang.String username)
Return the password associated with the given principal's user name. |
protected java.security.Principal |
getPrincipal(java.lang.String username)
Return the Principal associated with the given user name. |
java.lang.String |
getRoleClassNames()
|
java.lang.String |
getUserClassNames()
|
void |
setAppName(java.lang.String name)
setter for the appName member variable |
void |
setRoleClassNames(java.lang.String roleClassNames)
|
void |
setUserClassNames(java.lang.String userClassNames)
|
void |
start()
Prepare for active use of the public methods of this Component. |
void |
stop()
Gracefully shut down active use of the public methods of this Component. |
| Methods inherited from class org.apache.catalina.realm.RealmBase |
addLifecycleListener, addPropertyChangeListener, authenticate, authenticate, authenticate, digest, Digest, findLifecycleListeners, getContainer, getDebug, getDigest, getDigest, getDigestEncoding, getInfo, getPrincipal, getValidate, hasMessageDigest, hasRole, log, log, main, removeLifecycleListener, removePropertyChangeListener, setContainer, setDebug, setDigest, setDigestEncoding, setValidate |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Field Detail |
protected java.lang.String appName
LoginContext,
which uses it to select the set of relevant LoginModules.
protected static final java.lang.String info
protected static final java.lang.String name
protected java.util.ArrayList roleClasses
protected static final StringManager sm
protected java.util.ArrayList userClasses
protected java.lang.String roleClassNames
javax.security.Principal classes
that represent security roles.
protected java.lang.String userClassNames
javax.security.Principal classes
that represent individual users.
| Constructor Detail |
public JAASRealm()
| Method Detail |
public void setAppName(java.lang.String name)
public java.lang.String getAppName()
public java.lang.String getRoleClassNames()
public void setRoleClassNames(java.lang.String roleClassNames)
public java.lang.String getUserClassNames()
public void setUserClassNames(java.lang.String userClassNames)
public java.security.Principal authenticate(java.lang.String username,
java.lang.String credentials)
null.
If there are any errors with the JDBC connection, executing
the query or anything we return null (don't authenticate). This
event is also logged, and the connection will be closed so that
a subsequent request will automatically re-open it.
authenticate in interface Realmauthenticate in class RealmBaseusername - Username of the Principal to look upcredentials - Password or other credentials to use in
authenticating this usernameprotected java.lang.String getName()
getName in class RealmBaseprotected java.lang.String getPassword(java.lang.String username)
getPassword in class RealmBaseprotected java.security.Principal getPrincipal(java.lang.String username)
getPrincipal in class RealmBase
protected java.security.Principal createPrincipal(java.lang.String username,
javax.security.auth.Subject subject)
java.security.Principal instance
representing the authenticated user for the specified Subject. If no
such Principal can be constructed, return null.
subject - The Subject representing the logged in user
public void start()
throws LifecycleException
start in interface Lifecyclestart in class RealmBaseLifecycleException - if this component detects a fatal error
that prevents it from being started
public void stop()
throws LifecycleException
stop in interface Lifecyclestop in class RealmBaseLifecycleException - if this component detects a fatal error
that needs to be reported
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||