public abstract class RealmBase extends LifecycleMBeanBase implements GSSRealm
| Modifier and Type | Class and Description | 
|---|---|
| protected static class  | RealmBase.AllRolesMode | 
Lifecycle.SingleUse| Modifier and Type | Field and Description | 
|---|---|
| protected RealmBase.AllRolesMode | allRolesModeThe all role mode. | 
| protected Container | containerThe Container with which this Realm is associated. | 
| protected Log | containerLogContainer log | 
| protected String | digestDigest algorithm used in storing passwords in a non-plaintext format. | 
| protected String | digestEncodingThe encoding charset for the digest. | 
| protected static String | infoDescriptive information about this Realm implementation. | 
| protected MessageDigest | mdThe MessageDigest object for digesting user credentials (passwords). | 
| protected static MD5Encoder | md5EncoderDeprecated. 
 Unused - will be removed in Tomcat 8.0.x | 
| protected static MessageDigest | md5HelperMD5 message digest provider. | 
| protected String | realmPath | 
| protected static StringManager | smThe string manager for this package. | 
| protected boolean | stripRealmForGssWhen processing users authenticated via the GSS-API, should any
 "@... | 
| protected PropertyChangeSupport | supportThe property change support for this component. | 
| protected boolean | validateShould we validate client certificate chains when they are presented? | 
| protected X509UsernameRetriever | x509UsernameRetrieverThe object that will extract user names from X509 client certificates. | 
| protected String | x509UsernameRetrieverClassNameThe name of the class to use for retrieving user names from X509
 certificates. | 
mserverAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT| Constructor and Description | 
|---|
| RealmBase() | 
| Modifier and Type | Method and Description | 
|---|---|
| void | addPropertyChangeListener(PropertyChangeListener listener)Add a property change listener to this component. | 
| Principal | authenticate(GSSContext gssContext,
            boolean storeCred)Try to authenticate using a  GSSContext | 
| Principal | authenticate(GSSName gssName,
            GSSCredential gssCredential)Try to authenticate using a  GSSName | 
| Principal | authenticate(String username)Return the Principal associated with the specified username, if there
 is one; otherwise return  null. | 
| Principal | authenticate(String username,
            String credentials)Return the Principal associated with the specified username and
 credentials, if there is one; otherwise return  null. | 
| Principal | authenticate(String username,
            String clientDigest,
            String nonce,
            String nc,
            String cnonce,
            String qop,
            String realm,
            String md5a2)Try to authenticate with the specified username, which
 matches the digest calculated using the given parameters using the
 method described in RFC 2617 (which is a superset of RFC 2069). | 
| Principal | authenticate(X509Certificate[] certs)Return the Principal associated with the specified chain of X509
 client certificates. | 
| void | backgroundProcess()Execute a periodic task, such as reloading, etc. | 
| protected boolean | compareCredentials(String userCredentials,
                  String serverCredentials) | 
| protected String | digest(String credentials)Digest the password using the specified algorithm and
 convert the result to a corresponding hexadecimal string. | 
| static String | Digest(String credentials,
      String algorithm,
      String encoding)Digest password using the algorithm specified and
 convert the result to a corresponding hex string. | 
| SecurityConstraint[] | findSecurityConstraints(Request request,
                       Context context)Return the SecurityConstraints configured to guard the request URI for
 this request, or  nullif there is no such constraint. | 
| String | getAllRolesMode()Return the all roles mode. | 
| Container | getContainer()Return the Container with which this Realm has been associated. | 
| String | getDigest()Return the digest algorithm  used for storing credentials. | 
| protected String | getDigest(String username,
         String realmName)Return the digest associated with given principal's user name. | 
| protected Charset | getDigestCharset() | 
| String | getDigestEncoding()Returns the digest encoding charset. | 
| String | getDomainInternal()Method implemented by sub-classes to identify the domain in which MBeans
 should be registered. | 
| String | getInfo()Return descriptive information about this Realm implementation and
 the corresponding version number, in the format
  <description>/<version>. | 
| protected abstract String | getName()Return a short name for this Realm implementation, for use in
 log messages. | 
| String | getObjectNameKeyProperties()Allow sub-classes to specify the key properties component of the
  ObjectNamethat will be used to register this component. | 
| protected abstract String | getPassword(String username)Return the password associated with the given principal's user name. | 
| protected Principal | getPrincipal(GSSName gssName,
            GSSCredential gssCredential)Get the principal associated with the specified  GSSName. | 
| protected abstract Principal | getPrincipal(String username)Return the Principal associated with the given user name. | 
| protected Principal | getPrincipal(String username,
            GSSCredential gssCredential)Deprecated. 
 This will be removed in Tomcat 10 onwards. Use
              getPrincipal(GSSName, GSSCredential)instead. | 
| protected Principal | getPrincipal(X509Certificate usercert)Return the Principal associated with the given certificate. | 
| String | getRealmPath() | 
| protected String | getRealmSuffix() | 
| protected Server | getServer()Return the Server object that is the ultimate parent for the container
 with which this Realm is associated. | 
| int | getTransportGuaranteeRedirectStatus() | 
| boolean | getValidate()Return the "validate certificate chains" flag. | 
| String | getX509UsernameRetrieverClassName()Gets the name of the class that will be used to extract user names
 from X509 client certificates. | 
| protected boolean | hasMessageDigest() | 
| boolean | hasResourcePermission(Request request,
                     Response response,
                     SecurityConstraint[] constraints,
                     Context context)Perform access control based on the specified authorization constraint. | 
| boolean | hasRole(Wrapper wrapper,
       Principal principal,
       String role)Return  trueif the specified Principal has the specified
 security role, within the context of this Realm; otherwise returnfalse. | 
| boolean | hasUserDataPermission(Request request,
                     Response response,
                     SecurityConstraint[] constraints)Enforce any user data constraint required by the security constraint
 guarding this request URI. | 
| protected void | initInternal()Sub-classes wishing to perform additional initialization should override
 this method, ensuring that super.initInternal() is the first call in the
 overriding method. | 
| boolean | isStripRealmForGss() | 
| static void | main(String[] args)Digest password using the algorithm specified and
 convert the result to a corresponding hex string. | 
| void | removePropertyChangeListener(PropertyChangeListener listener)Remove a property change listener from this component. | 
| void | setAllRolesMode(String allRolesMode)Set the all roles mode. | 
| void | setContainer(Container container)Set the Container with which this Realm has been associated. | 
| void | setDigest(String digest)Set the digest algorithm used for storing credentials. | 
| void | setDigestEncoding(String charset)Sets the digest encoding charset. | 
| void | setRealmPath(String theRealmPath) | 
| void | setStripRealmForGss(boolean stripRealmForGss) | 
| void | setTransportGuaranteeRedirectStatus(int transportGuaranteeRedirectStatus)Set the HTTP status code used when the container needs to issue an HTTP
 redirect to meet the requirements of a configured transport guarantee. | 
| void | setValidate(boolean validate)Set the "validate certificate chains" flag. | 
| void | setX509UsernameRetrieverClassName(String className)Sets the name of the class that will be used to extract user names
 from X509 client certificates. | 
| protected void | startInternal()Prepare for the beginning of active use of the public methods of this
 component and implement the requirements of
  LifecycleBase.startInternal(). | 
| protected void | stopInternal()Gracefully terminate the active use of the public methods of this
 component and implement the requirements of
  LifecycleBase.stopInternal(). | 
| String | toString()Return a String representation of this component. | 
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregisteraddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stopprotected Container container
protected Log containerLog
protected String digest
null if no digesting should
 be performed.protected String digestEncoding
protected static final String info
protected volatile MessageDigest md
@Deprecated protected static final MD5Encoder md5Encoder
protected static volatile MessageDigest md5Helper
protected static final StringManager sm
protected PropertyChangeSupport support
protected boolean validate
protected String x509UsernameRetrieverClassName
protected X509UsernameRetriever x509UsernameRetriever
protected RealmBase.AllRolesMode allRolesMode
protected boolean stripRealmForGss
protected String realmPath
public int getTransportGuaranteeRedirectStatus()
public void setTransportGuaranteeRedirectStatus(int transportGuaranteeRedirectStatus)
transportGuaranteeRedirectStatus - The status to use. This value is
                                         not validatedpublic Container getContainer()
getContainer in interface Realmpublic void setContainer(Container container)
setContainer in interface Realmcontainer - The associated Containerpublic String getAllRolesMode()
public void setAllRolesMode(String allRolesMode)
allRolesMode - A string representation of the new all roles modepublic String getDigest()
public void setDigest(String digest)
digest - The new digest algorithmpublic String getDigestEncoding()
public void setDigestEncoding(String charset)
charset - The charset (null for platform default)protected Charset getDigestCharset() throws UnsupportedEncodingException
UnsupportedEncodingExceptionpublic String getInfo()
<description>/<version>.public boolean getValidate()
public void setValidate(boolean validate)
validate - The new validate certificate chains flagpublic String getX509UsernameRetrieverClassName()
public void setX509UsernameRetrieverClassName(String className)
className - The name of the class that will be used to extract user names
                  from X509 client certificates.X509UsernameRetrieverpublic boolean isStripRealmForGss()
public void setStripRealmForGss(boolean stripRealmForGss)
public void addPropertyChangeListener(PropertyChangeListener listener)
addPropertyChangeListener in interface Realmlistener - The listener to addpublic Principal authenticate(String username)
null.authenticate in interface Realmusername - Username of the Principal to look upnull if none is
         associated.public Principal authenticate(String username, String credentials)
null.authenticate in interface Realmusername - Username of the Principal to look upcredentials - Password or other credentials to use in
  authenticating this usernamenull if there is none.public Principal authenticate(String username, String clientDigest, String nonce, String nc, String cnonce, String qop, String realm, String md5a2)
authenticate in interface Realmusername - Username of the Principal to look upclientDigest - Digest which has been submitted by the clientnonce - Unique (or supposedly unique) token which has been used
 for this requestnc - the nonce countercnonce - the client chosen nonceqop - the "quality of protection" (nc and cnonce
        will only be used, if qop is not null).realm - Realm namemd5a2 - Second MD5 digest used to calculate the digest :
 MD5(Method + ":" + uri)null if there is none.public Principal authenticate(X509Certificate[] certs)
null.authenticate in interface Realmcerts - Array of client certificates, with the first one in
  the array being the certificate of the client itself.null if there is nonepublic Principal authenticate(GSSContext gssContext, boolean storeCred)
GSSContextauthenticate in interface RealmgssContext - The gssContext processed by the Authenticator.storeCred - Should the realm attempt to store the delegated
                   credentials in the returned Principal?null if there is noneprotected boolean compareCredentials(String userCredentials, String serverCredentials)
public Principal authenticate(GSSName gssName, GSSCredential gssCredential)
GSSNameauthenticate in interface GSSRealmgssName - The GSSName of the principal to look upgssCredential - The GSSCredential of the principal, may be
                      nullnull if there is nonepublic void backgroundProcess()
backgroundProcess in interface Realmpublic SecurityConstraint[] findSecurityConstraints(Request request, Context context)
null if there is no such constraint.findSecurityConstraints in interface Realmrequest - Request we are processingcontext - Context the Request is mapped toSecurityConstraint, of null
         if there is nonepublic boolean hasResourcePermission(Request request, Response response, SecurityConstraint[] constraints, Context context) throws IOException
true if this constraint is satisfied and processing
 should continue, or false otherwise.hasResourcePermission in interface Realmrequest - Request we are processingresponse - Response we are creatingconstraints - Security constraint we are enforcingcontext - The Context to which client of this class is attached.true if this constraint is satisfied and processing
         should continue, or false otherwiseIOException - if an input/output error occurspublic boolean hasRole(Wrapper wrapper, Principal principal, String role)
true if the specified Principal has the specified
 security role, within the context of this Realm; otherwise return
 false.  This method can be overridden by Realm
 implementations, but the default is adequate when an instance of
 GenericPrincipal is used to represent authenticated
 Principals from this Realm.hasRole in interface Realmprincipal - Principal for whom the role is to be checkedrole - Security role to be checkedwrapper - wrapper context for evaluating roletrue if the specified Principal has the specified
         security role, within the context of this Realm; otherwise return
         false.public boolean hasUserDataPermission(Request request, Response response, SecurityConstraint[] constraints) throws IOException
true if this constraint
 was not violated and processing should continue, or false
 if we have created a response already.hasUserDataPermission in interface Realmrequest - Request we are processingresponse - Response we are creatingconstraints - Security constraint being checkedtrue if this constraint
         was not violated and processing should continue, or false
         if we have created a response already.IOException - if an input/output error occurspublic void removePropertyChangeListener(PropertyChangeListener listener)
removePropertyChangeListener in interface Realmlistener - The listener to removeprotected void initInternal()
                     throws LifecycleException
LifecycleMBeanBaseinitInternal in class LifecycleMBeanBaseLifecycleException - If the initialisation failsprotected void startInternal()
                      throws LifecycleException
LifecycleBase.startInternal().startInternal in class LifecycleBaseLifecycleException - if this component detects a fatal error
  that prevents this component from being usedprotected void stopInternal()
                     throws LifecycleException
LifecycleBase.stopInternal().stopInternal in class LifecycleBaseLifecycleException - if this component detects a fatal error
  that needs to be reportedpublic String toString()
protected String digest(String credentials)
credentials - Password or other credentials to use in
  authenticating this usernameprotected boolean hasMessageDigest()
protected String getDigest(String username, String realmName)
username - the user namerealmName - the realm nameprotected abstract String getName()
protected abstract String getPassword(String username)
protected Principal getPrincipal(X509Certificate usercert)
protected abstract Principal getPrincipal(String username)
@Deprecated protected Principal getPrincipal(String username, GSSCredential gssCredential)
getPrincipal(GSSName, GSSCredential) instead.username - The user namegssCredential - the GSS credential of the principalprotected Principal getPrincipal(GSSName gssName, GSSCredential gssCredential)
GSSName.gssName - The GSS namegssCredential - the GSS credential of the principalprotected Server getServer()
null is
 returned.public static final String Digest(String credentials, String algorithm, String encoding)
credentials - Password or other credentials to use in
  authenticating this usernamealgorithm - Algorithm used to do the digestencoding - Character encoding of the string to digestpublic static void main(String[] args)
public String getObjectNameKeyProperties()
LifecycleMBeanBaseObjectName that will be used to register this component.getObjectNameKeyProperties in class LifecycleMBeanBaseObjectNamepublic String getDomainInternal()
LifecycleMBeanBasegetDomainInternal in class LifecycleMBeanBasepublic String getRealmPath()
public void setRealmPath(String theRealmPath)
protected String getRealmSuffix()
Copyright © 2000-2020 Apache Software Foundation. All Rights Reserved.