|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.catalina.realm.RealmBase org.apache.catalina.realm.JAASRealm
Implmentation of Realm that authenticates users via the Java
Authentication and Authorization Service (JAAS). JAAS support requires
either JDK 1.4 (which includes it as part of the standard platform) or
JDK 1.3 (with the plug-in jaas.jar
file).
The value configured for the appName
property is passed to
the javax.security.auth.login.LoginContext
constructor, to
specify the application name used to select the set of relevant
LoginModules
required.
The JAAS Specification describes the result of a successful login as a
javax.security.auth.Subject
instance, which can contain zero
or more java.security.Principal
objects in the return value
of the Subject.getPrincipals()
method. However, it provides
no guidance on how to distinguish Principals that describe the individual
user (and are thus appropriate to return as the value of
request.getUserPrincipal() in a web application) from the Principal(s)
that describe the authorized roles for this user. To maintain as much
independence as possible from the underlying LoginMethod
implementation executed by JAAS, the following policy is implemented by
this Realm:
LoginModule
is assumed to return a
Subject with at least one Principal
instance
representing the user himself or herself, and zero or more separate
Principals
representing the security roles authorized
for this user.
Principal
representing the user, the Principal
name is an appropriate value to return via the Servlet API method
HttpServletRequest.getRemoteUser()
.Principals
representing the security roles, the
name is the name of the authorized security role.java.security.Principal
- one that identifies class(es)
representing a user, and one that identifies class(es) representing
a security role.Principals
returned by
Subject.getPrincipals()
, it will identify the first
Principal
that matches the "user classes" list as the
Principal
for this user.Princpals
returned by
Subject.getPrincipals()
, it will accumulate the set of
all Principals
matching the "role classes" list as
identifying the security roles for this user.Subject
without a Principal
that
matches the "user classes" list.
Field Summary | |
protected java.lang.String |
appName
The application name passed to the JAAS LoginContext ,
which uses it to select the set of relevant LoginModules . |
protected static java.lang.String |
info
Descriptive information about this Realm implementation. |
protected static java.lang.String |
name
Descriptive information about this Realm implementation. |
protected java.util.ArrayList |
roleClasses
The list of role class names, split out for easy processing. |
protected java.lang.String |
roleClassNames
Comma-delimited list of javax.security.Principal classes
that represent security roles. |
protected static StringManager |
sm
The string manager for this package. |
protected java.util.ArrayList |
userClasses
The set of user class names, split out for easy processing. |
protected java.lang.String |
userClassNames
Comma-delimited list of javax.security.Principal classes
that represent individual users. |
Fields inherited from class org.apache.catalina.realm.RealmBase |
container, debug, digest, digestEncoding, lifecycle, md, md5Encoder, md5Helper, started, support, validate |
Fields inherited from interface org.apache.catalina.Lifecycle |
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, START_EVENT, STOP_EVENT |
Constructor Summary | |
JAASRealm()
|
Method Summary | |
java.security.Principal |
authenticate(java.lang.String username,
java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null . |
protected java.security.Principal |
createPrincipal(java.lang.String username,
javax.security.auth.Subject subject)
Construct and return a java.security.Principal instance
representing the authenticated user for the specified Subject. |
java.lang.String |
getAppName()
getter for the appName member variable |
protected java.lang.String |
getName()
Return a short name for this Realm implementation. |
protected java.lang.String |
getPassword(java.lang.String username)
Return the password associated with the given principal's user name. |
protected java.security.Principal |
getPrincipal(java.lang.String username)
Return the Principal associated with the given user name. |
java.lang.String |
getRoleClassNames()
|
java.lang.String |
getUserClassNames()
|
void |
setAppName(java.lang.String name)
setter for the appName member variable |
void |
setRoleClassNames(java.lang.String roleClassNames)
|
void |
setUserClassNames(java.lang.String userClassNames)
|
void |
start()
Prepare for active use of the public methods of this Component. |
void |
stop()
Gracefully shut down active use of the public methods of this Component. |
Methods inherited from class org.apache.catalina.realm.RealmBase |
addLifecycleListener, addPropertyChangeListener, authenticate, authenticate, authenticate, digest, Digest, findLifecycleListeners, getContainer, getDebug, getDigest, getDigest, getDigestEncoding, getInfo, getPrincipal, getValidate, hasMessageDigest, hasRole, log, log, main, removeLifecycleListener, removePropertyChangeListener, setContainer, setDebug, setDigest, setDigestEncoding, setValidate |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
protected java.lang.String appName
LoginContext
,
which uses it to select the set of relevant LoginModules
.
protected static final java.lang.String info
protected static final java.lang.String name
protected java.util.ArrayList roleClasses
protected static final StringManager sm
protected java.util.ArrayList userClasses
protected java.lang.String roleClassNames
javax.security.Principal
classes
that represent security roles.
protected java.lang.String userClassNames
javax.security.Principal
classes
that represent individual users.
Constructor Detail |
public JAASRealm()
Method Detail |
public void setAppName(java.lang.String name)
public java.lang.String getAppName()
public java.lang.String getRoleClassNames()
public void setRoleClassNames(java.lang.String roleClassNames)
public java.lang.String getUserClassNames()
public void setUserClassNames(java.lang.String userClassNames)
public java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)
null
.
If there are any errors with the JDBC connection, executing
the query or anything we return null (don't authenticate). This
event is also logged, and the connection will be closed so that
a subsequent request will automatically re-open it.
authenticate
in interface Realm
authenticate
in class RealmBase
username
- Username of the Principal to look upcredentials
- Password or other credentials to use in
authenticating this usernameprotected java.lang.String getName()
getName
in class RealmBase
protected java.lang.String getPassword(java.lang.String username)
getPassword
in class RealmBase
protected java.security.Principal getPrincipal(java.lang.String username)
getPrincipal
in class RealmBase
protected java.security.Principal createPrincipal(java.lang.String username, javax.security.auth.Subject subject)
java.security.Principal
instance
representing the authenticated user for the specified Subject. If no
such Principal can be constructed, return null
.
subject
- The Subject representing the logged in userpublic void start() throws LifecycleException
start
in interface Lifecycle
start
in class RealmBase
LifecycleException
- if this component detects a fatal error
that prevents it from being startedpublic void stop() throws LifecycleException
stop
in interface Lifecycle
stop
in class RealmBase
LifecycleException
- if this component detects a fatal error
that needs to be reported
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |