Package org.apache.catalina.realm
Class CombinedRealm
- java.lang.Object
-
- org.apache.catalina.util.LifecycleBase
-
- org.apache.catalina.util.LifecycleMBeanBase
-
- org.apache.catalina.realm.RealmBase
-
- org.apache.catalina.realm.CombinedRealm
-
- All Implemented Interfaces:
javax.management.MBeanRegistration,Contained,GSSRealm,JmxEnabled,Lifecycle,Realm
- Direct Known Subclasses:
LockOutRealm
public class CombinedRealm extends RealmBase
Realm implementation that contains one or more realms. Authentication is attempted for each realm in the order they were configured. If any realm authenticates the user then the authentication succeeds. When combining realms usernames should be unique across all combined realms.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.apache.catalina.realm.RealmBase
RealmBase.AllRolesMode
-
Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
Lifecycle.SingleUse
-
-
Field Summary
Fields Modifier and Type Field Description protected static java.lang.StringnameDeprecated.This will be removed in Tomcat 9 onwards.protected java.util.List<Realm>realmsThe list of Realms contained by this Realm.-
Fields inherited from class org.apache.catalina.realm.RealmBase
allRolesMode, container, containerLog, realmPath, sm, stripRealmForGss, support, USER_ATTRIBUTES_DELIMITER, USER_ATTRIBUTES_WILDCARD, userAttributes, userAttributesList, validate, x509UsernameRetriever, x509UsernameRetrieverClassName
-
Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase
mserver
-
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
-
-
Constructor Summary
Constructors Constructor Description CombinedRealm()
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description voidaddRealm(Realm theRealm)Add a realm to the list of realms that will be used to authenticate users.java.security.Principalauthenticate(java.lang.String username)Try to authenticate with the specified username.java.security.Principalauthenticate(java.lang.String username, java.lang.String credentials)Try to authenticate using the specified username and credentials.java.security.Principalauthenticate(java.lang.String username, java.lang.String clientDigest, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce, java.lang.String qop, java.lang.String realmName, java.lang.String digestA2, java.lang.String algorithm)Try to authenticate with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 7616.java.security.Principalauthenticate(java.security.cert.X509Certificate[] certs)Try to authenticate using a chain ofX509Certificates.java.security.Principalauthenticate(org.ietf.jgss.GSSContext gssContext, boolean storeCred)Try to authenticate using aGSSContext.java.security.Principalauthenticate(org.ietf.jgss.GSSName gssName, org.ietf.jgss.GSSCredential gssCredential)Try to authenticate using aGSSNamevoidbackgroundProcess()Delegate the backgroundProcess call to all sub-realms.protected voiddestroyInternal()Ensure child Realms are destroyed when this Realm is destroyed.protected java.lang.StringgetName()Deprecated.Realm[]getNestedRealms()protected java.lang.StringgetPassword(java.lang.String username)Get the password for the specified user.protected java.security.PrincipalgetPrincipal(java.lang.String username)Get the principal associated with the specified user.javax.management.ObjectName[]getRealms()booleanhasRole(Wrapper wrapper, java.security.Principal principal, java.lang.String role)Check if the specified Principal has the specified security role, within the context of this Realm.booleanisAvailable()Return the availability of the realm for authentication.voidsetContainer(Container container)Set theContainerwith which this instance is associated.voidsetCredentialHandler(CredentialHandler credentialHandler)Set the CredentialHandler to be used by this Realm.protected voidstartInternal()Prepare for the beginning of active use of the public methods of this component and implement the requirements ofLifecycleBase.startInternal().protected voidstopInternal()Gracefully terminate the active use of the public methods of this component and implement the requirements ofLifecycleBase.stopInternal().-
Methods inherited from class org.apache.catalina.realm.RealmBase
addPropertyChangeListener, authenticate, Digest, findSecurityConstraints, getAllRolesMode, getContainer, getCredentialHandler, getDigest, getDigest, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getPrincipal, getPrincipal, getRealmPath, getRealmSuffix, getRoles, getServer, getTransportGuaranteeRedirectStatus, getUserAttributes, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, hasResourcePermission, hasRoleInternal, hasUserDataPermission, initInternal, isStripRealmForGss, main, parseUserAttributes, removePropertyChangeListener, setAllRolesMode, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setUserAttributes, setValidate, setX509UsernameRetrieverClassName, toString
-
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister
-
Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
-
-
-
-
Field Detail
-
realms
protected final java.util.List<Realm> realms
The list of Realms contained by this Realm.
-
name
@Deprecated protected static final java.lang.String name
Deprecated.This will be removed in Tomcat 9 onwards.Descriptive information about this Realm implementation.- See Also:
- Constant Field Values
-
-
Method Detail
-
addRealm
public void addRealm(Realm theRealm)
Add a realm to the list of realms that will be used to authenticate users.- Parameters:
theRealm- realm which should be wrapped by the combined realm
-
getRealms
public javax.management.ObjectName[] getRealms()
- Returns:
- the set of Realms that this Realm is wrapping
-
getNestedRealms
public Realm[] getNestedRealms()
- Returns:
- the list of Realms contained by this Realm.
-
authenticate
public java.security.Principal authenticate(java.lang.String username, java.lang.String clientDigest, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce, java.lang.String qop, java.lang.String realmName, java.lang.String digestA2, java.lang.String algorithm)Description copied from interface:RealmTry to authenticate with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 7616.- Specified by:
authenticatein interfaceRealm- Overrides:
authenticatein classRealmBase- Parameters:
username- Username of the Principal to look upclientDigest- Digest which has been submitted by the clientnonce- Unique (or supposedly unique) token which has been used for this requestnc- the nonce countercnonce- the client chosen nonceqop- the "quality of protection" (ncandcnoncewill only be used, ifqopis notnull).realmName- Realm namedigestA2- Second digest calculated as digest(Method + ":" + uri)algorithm- The message digest algorithm to use- Returns:
- the associated principal, or
nullif there is none.
-
authenticate
public java.security.Principal authenticate(java.lang.String username)
Description copied from interface:RealmTry to authenticate with the specified username.- Specified by:
authenticatein interfaceRealm- Overrides:
authenticatein classRealmBase- Parameters:
username- Username of the Principal to look up- Returns:
- the associated principal, or
nullif none is associated.
-
authenticate
public java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)Description copied from interface:RealmTry to authenticate using the specified username and credentials.- Specified by:
authenticatein interfaceRealm- Overrides:
authenticatein classRealmBase- Parameters:
username- Username of the Principal to look upcredentials- Password or other credentials to use in authenticating this username- Returns:
- the associated principal, or
nullif there is none
-
setContainer
public void setContainer(Container container)
Description copied from interface:ContainedSet theContainerwith which this instance is associated.- Specified by:
setContainerin interfaceContained- Overrides:
setContainerin classRealmBase- Parameters:
container- The Container instance with which this instance is to be associated, ornullto disassociate this instance from any Container
-
startInternal
protected void startInternal() throws LifecycleExceptionDescription copied from class:RealmBasePrepare for the beginning of active use of the public methods of this component and implement the requirements ofLifecycleBase.startInternal().- Overrides:
startInternalin classRealmBase- Throws:
LifecycleException- if this component detects a fatal error that prevents this component from being used
-
stopInternal
protected void stopInternal() throws LifecycleExceptionDescription copied from class:RealmBaseGracefully terminate the active use of the public methods of this component and implement the requirements ofLifecycleBase.stopInternal().- Overrides:
stopInternalin classRealmBase- Throws:
LifecycleException- if this component detects a fatal error that needs to be reported
-
destroyInternal
protected void destroyInternal() throws LifecycleExceptionEnsure child Realms are destroyed when this Realm is destroyed.- Overrides:
destroyInternalin classLifecycleMBeanBase- Throws:
LifecycleException- If the destruction fails
-
backgroundProcess
public void backgroundProcess()
Delegate the backgroundProcess call to all sub-realms.- Specified by:
backgroundProcessin interfaceRealm- Overrides:
backgroundProcessin classRealmBase
-
authenticate
public java.security.Principal authenticate(java.security.cert.X509Certificate[] certs)
Description copied from interface:RealmTry to authenticate using a chain ofX509Certificates.- Specified by:
authenticatein interfaceRealm- Overrides:
authenticatein classRealmBase- Parameters:
certs- Array of client certificates, with the first one in the array being the certificate of the client itself.- Returns:
- the associated principal, or
nullif there is none
-
authenticate
public java.security.Principal authenticate(org.ietf.jgss.GSSContext gssContext, boolean storeCred)Description copied from interface:RealmTry to authenticate using aGSSContext.- Specified by:
authenticatein interfaceRealm- Overrides:
authenticatein classRealmBase- Parameters:
gssContext- The gssContext processed by theAuthenticator.storeCred- Should the realm attempt to store the delegated credentials in the returned Principal?- Returns:
- the associated principal, or
nullif there is none
-
authenticate
public java.security.Principal authenticate(org.ietf.jgss.GSSName gssName, org.ietf.jgss.GSSCredential gssCredential)Description copied from interface:GSSRealmTry to authenticate using aGSSName- Specified by:
authenticatein interfaceGSSRealm- Overrides:
authenticatein classRealmBase- Parameters:
gssName- TheGSSNameof the principal to look upgssCredential- TheGSSCredentialof the principal, may benull- Returns:
- the associated principal, or
nullif there is none
-
hasRole
public boolean hasRole(Wrapper wrapper, java.security.Principal principal, java.lang.String role)
Description copied from class:RealmBaseCheck if the specified Principal has the specified security role, within the context of this Realm.This method or
RealmBase.hasRoleInternal(Principal, String)can be overridden by Realm implementations, but the default is adequate when an instance ofGenericPrincipalis used to represent authenticated Principals from this Realm.- Specified by:
hasRolein interfaceRealm- Overrides:
hasRolein classRealmBase- Parameters:
wrapper- wrapper context for evaluating roleprincipal- Principal for whom the role is to be checkedrole- Security role to be checked- Returns:
trueif the specified Principal has the specified security role, within the context of this Realm; otherwise returnfalse.
-
getName
@Deprecated protected java.lang.String getName()
Deprecated.
-
getPassword
protected java.lang.String getPassword(java.lang.String username)
Description copied from class:RealmBaseGet the password for the specified user.- Specified by:
getPasswordin classRealmBase- Parameters:
username- The user name- Returns:
- the password associated with the given principal's user name.
-
getPrincipal
protected java.security.Principal getPrincipal(java.lang.String username)
Description copied from class:RealmBaseGet the principal associated with the specified user.- Specified by:
getPrincipalin classRealmBase- Parameters:
username- The user name- Returns:
- the Principal associated with the given user name.
-
isAvailable
public boolean isAvailable()
Description copied from interface:RealmReturn the availability of the realm for authentication.- Specified by:
isAvailablein interfaceRealm- Overrides:
isAvailablein classRealmBase- Returns:
trueif the realm is able to perform authentication
-
setCredentialHandler
public void setCredentialHandler(CredentialHandler credentialHandler)
Description copied from interface:RealmSet the CredentialHandler to be used by this Realm.- Specified by:
setCredentialHandlerin interfaceRealm- Overrides:
setCredentialHandlerin classRealmBase- Parameters:
credentialHandler- theCredentialHandlerto use
-
-