Package org.apache.catalina.realm
Class CombinedRealm
java.lang.Object
org.apache.catalina.util.LifecycleBase
org.apache.catalina.util.LifecycleMBeanBase
org.apache.catalina.realm.RealmBase
org.apache.catalina.realm.CombinedRealm
- All Implemented Interfaces:
MBeanRegistration,Contained,JmxEnabled,Lifecycle,Realm
- Direct Known Subclasses:
LockOutRealm
Realm implementation that contains one or more realms. Authentication is
attempted for each realm in the order they were configured. If any realm
authenticates the user then the authentication succeeds. When combining
realms usernames should be unique across all combined realms.
-
Nested Class Summary
Nested classes/interfaces inherited from class org.apache.catalina.realm.RealmBase
RealmBase.AllRolesModeNested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
Lifecycle.SingleUse -
Field Summary
FieldsModifier and TypeFieldDescriptionThe list of Realms contained by this Realm.Fields inherited from class org.apache.catalina.realm.RealmBase
allRolesMode, container, containerLog, realmPath, sm, stripRealmForGss, support, validate, x509UsernameRetriever, x509UsernameRetrieverClassNameFields inherited from class org.apache.catalina.util.LifecycleMBeanBase
mserverFields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionvoidAdd a realm to the list of realms that will be used to authenticate users.authenticate(String username) Return the Principal associated with the specified user name otherwise returnnull.authenticate(String username, String credentials) Return the Principal associated with the specified username and credentials, if there is one; otherwise returnnull.authenticate(String username, String clientDigest, String nonce, String nc, String cnonce, String qop, String realmName, String md5a2) Return the Principal associated with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2069; otherwise returnnull.authenticate(X509Certificate[] certs) Return the Principal associated with the specified chain of X509 client certificates.authenticate(GSSContext gssContext, boolean storeCred) Try to authenticate using aGSSContextauthenticate(GSSName gssName, GSSCredential gssCredential) Try to authenticate using aGSSNameNote that this default method will be turned into an abstract one in Tomcat 10.voidDelegate the backgroundProcess call to all sub-realms.protected voidEnsure child Realms are destroyed when this Realm is destroyed.Realm[]protected StringgetPassword(String username) Get the password for the specified user.protected PrincipalgetPrincipal(String username) Get the principal associated with the specified user.booleanCheck if the specified Principal has the specified security role, within the context of this Realm.booleanReturn the availability of the realm for authentication.voidsetContainer(Container container) Set the Container with which this Realm has been associated.voidsetCredentialHandler(CredentialHandler credentialHandler) Set the CredentialHandler to be used by this Realm.protected voidPrepare for the beginning of active use of the public methods of this component and implement the requirements ofLifecycleBase.startInternal().protected voidGracefully terminate the active use of the public methods of this component and implement the requirements ofLifecycleBase.stopInternal().Methods inherited from class org.apache.catalina.realm.RealmBase
addPropertyChangeListener, findSecurityConstraints, getAllRolesMode, getContainer, getCredentialHandler, getDigest, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getPrincipal, getPrincipal, getRealmPath, getRealmSuffix, getRoles, getServer, getTransportGuaranteeRedirectStatus, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, hasResourcePermission, hasRoleInternal, hasUserDataPermission, initInternal, isStripRealmForGss, main, removePropertyChangeListener, setAllRolesMode, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setValidate, setX509UsernameRetrieverClassName, toStringMethods inherited from class org.apache.catalina.util.LifecycleMBeanBase
getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregisterMethods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
-
Field Details
-
realms
The list of Realms contained by this Realm.
-
-
Constructor Details
-
CombinedRealm
public CombinedRealm()
-
-
Method Details
-
addRealm
Add a realm to the list of realms that will be used to authenticate users.- Parameters:
theRealm- realm which should be wrapped by the combined realm
-
getRealms
- Returns:
- the set of Realms that this Realm is wrapping
-
getNestedRealms
- Returns:
- the list of Realms contained by this Realm.
-
authenticate
public Principal authenticate(String username, String clientDigest, String nonce, String nc, String cnonce, String qop, String realmName, String md5a2) Return the Principal associated with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2069; otherwise returnnull.- Specified by:
authenticatein interfaceRealm- Overrides:
authenticatein classRealmBase- Parameters:
username- Username of the Principal to look upclientDigest- Digest which has been submitted by the clientnonce- Unique (or supposedly unique) token which has been used for this requestrealmName- Realm namemd5a2- Second MD5 digest used to calculate the digest : MD5(Method + ":" + uri)nc- the nonce countercnonce- the client chosen nonceqop- the "quality of protection" (ncandcnoncewill only be used, ifqopis notnull).- Returns:
- the associated principal, or
nullif there is none.
-
authenticate
Return the Principal associated with the specified user name otherwise returnnull.- Specified by:
authenticatein interfaceRealm- Overrides:
authenticatein classRealmBase- Parameters:
username- User name of the Principal to look up- Returns:
- the associated principal, or
nullif none is associated.
-
authenticate
Return the Principal associated with the specified username and credentials, if there is one; otherwise returnnull.- Specified by:
authenticatein interfaceRealm- Overrides:
authenticatein classRealmBase- Parameters:
username- Username of the Principal to look upcredentials- Password or other credentials to use in authenticating this username- Returns:
- the associated principal, or
nullif there is none.
-
setContainer
Set the Container with which this Realm has been associated.- Specified by:
setContainerin interfaceContained- Overrides:
setContainerin classRealmBase- Parameters:
container- The associated Container
-
startInternal
Prepare for the beginning of active use of the public methods of this component and implement the requirements ofLifecycleBase.startInternal().- Overrides:
startInternalin classRealmBase- Throws:
LifecycleException- if this component detects a fatal error that prevents this component from being used
-
stopInternal
Gracefully terminate the active use of the public methods of this component and implement the requirements ofLifecycleBase.stopInternal().- Overrides:
stopInternalin classRealmBase- Throws:
LifecycleException- if this component detects a fatal error that needs to be reported
-
destroyInternal
Ensure child Realms are destroyed when this Realm is destroyed.- Overrides:
destroyInternalin classLifecycleMBeanBase- Throws:
LifecycleException- If the destruction fails
-
backgroundProcess
public void backgroundProcess()Delegate the backgroundProcess call to all sub-realms.- Specified by:
backgroundProcessin interfaceRealm- Overrides:
backgroundProcessin classRealmBase
-
authenticate
Return the Principal associated with the specified chain of X509 client certificates. If there is none, returnnull.- Specified by:
authenticatein interfaceRealm- Overrides:
authenticatein classRealmBase- Parameters:
certs- Array of client certificates, with the first one in the array being the certificate of the client itself.- Returns:
- the associated principal, or
nullif there is none
-
authenticate
Try to authenticate using aGSSContext- Specified by:
authenticatein interfaceRealm- Overrides:
authenticatein classRealmBase- Parameters:
gssContext- The gssContext processed by theAuthenticator.storeCred- Should the realm attempt to store the delegated credentials in the returned Principal?- Returns:
- the associated principal, or
nullif there is none
-
authenticate
Try to authenticate using aGSSNameNote that this default method will be turned into an abstract one in Tomcat 10.- Specified by:
authenticatein interfaceRealm- Overrides:
authenticatein classRealmBase- Parameters:
gssName- TheGSSNameof the principal to look upgssCredential- TheGSSCredentialof the principal, may benull- Returns:
- the associated principal, or
nullif there is none
-
hasRole
Check if the specified Principal has the specified security role, within the context of this Realm. This method orRealmBase.hasRoleInternal(Principal, String)can be overridden by Realm implementations, but the default is adequate when an instance ofGenericPrincipalis used to represent authenticated Principals from this Realm.- Specified by:
hasRolein interfaceRealm- Overrides:
hasRolein classRealmBase- Parameters:
wrapper- wrapper context for evaluating roleprincipal- Principal for whom the role is to be checkedrole- Security role to be checked- Returns:
trueif the specified Principal has the specified security role, within the context of this Realm; otherwise returnfalse.
-
getPassword
Description copied from class:RealmBaseGet the password for the specified user.- Specified by:
getPasswordin classRealmBase- Parameters:
username- The user name- Returns:
- the password associated with the given principal's user name.
-
getPrincipal
Description copied from class:RealmBaseGet the principal associated with the specified user.- Specified by:
getPrincipalin classRealmBase- Parameters:
username- The user name- Returns:
- the Principal associated with the given user name.
-
isAvailable
public boolean isAvailable()Description copied from interface:RealmReturn the availability of the realm for authentication.- Returns:
trueif the realm is able to perform authentication
-
setCredentialHandler
Description copied from interface:RealmSet the CredentialHandler to be used by this Realm.- Specified by:
setCredentialHandlerin interfaceRealm- Overrides:
setCredentialHandlerin classRealmBase- Parameters:
credentialHandler- theCredentialHandlerto use
-