Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS (src)    NEXT CLASS (src) FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jboss.web.tomcat.security
Class JBossSecurityMgrRealm

java.lang.Object
  extended byRealmBase
      extended byorg.jboss.web.tomcat.security.JBossSecurityMgrRealm
Direct Known Subclasses:
JaccAuthorizationRealm (src)
public class JBossSecurityMgrRealm
extends RealmBase

An implementation of the catelinz Realm and Valve interfaces. The Realm implementation handles authentication and authorization using the JBossSX security framework. It relieas on the JNDI ENC namespace setup by the AbstractWebContainer. In particular, it uses the java:comp/env/security subcontext to access the security manager interfaces for authorization and authenticaton.

The Valve interface is used to associated the authenticated user with the SecurityAssociation class when a request begins so that web components may call EJBs and have the principal propagated. The security association is removed when the request completes.

See Also:
AuthenticationManager (src) , CertificatePrincipal (src) , RealmMapping (src) , SimplePrincipal (src) , SecurityAssociation (src) , SubjectSecurityManager (src) , Serialized Form

Constructor Summary
JBossSecurityMgrRealm()
           
 
Method Summary
 java.security.Principal authenticate(java.lang.String username, byte[] credentials)
          Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
 java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)
          Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
 java.security.Principal authenticate(java.lang.String username, java.lang.String digest, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce, java.lang.String qop, java.lang.String realm, java.lang.String md5a2)
          Return the Principal associated with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2069; otherwise return null.
 java.security.Principal authenticate(java.security.cert.X509Certificate[] certs)
          Return the Principal associated with the specified chain of X509 client certificates.
protected  java.security.Principal getCachingPrincpal(RealmMapping (src)  realmMapping, java.security.Principal authPrincipal, java.security.Principal callerPrincipal, java.lang.Object credential, javax.security.auth.Subject subject)
          Create the session principal tomcat will cache to avoid callouts to this Realm.
protected  java.lang.String getName()
          Return a short name for this Realm implementation, for use in log messages.
protected  java.lang.String getPassword(java.lang.String username)
          Return the password associated with the given principal's user name.
protected  java.security.Principal getPrincipal(java.lang.String username)
          Return the Principal associated with the given user name.
protected  java.util.Set getPrincipalRoles(java.security.Principal principal)
          Access the set of role Princpals associated with the given caller princpal.
 boolean hasRole(java.security.Principal principal, java.lang.String role)
          Returns true if the specified user Principal has the specified security role, within the context of this Realm; otherwise return false.
 void setCertificatePrincipal(java.lang.String className)
          Set the class name of the CertificatePrincipal used for mapping X509 cert chains to a Princpal.
 void start()
          Override to allow a single realm to be shared as a realm and valve
 void stop()
          Override to allow a single realm to be shared as a realm and valve
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

JBossSecurityMgrRealm

public JBossSecurityMgrRealm()
Method Detail

setCertificatePrincipal

public void setCertificatePrincipal(java.lang.String className)
Set the class name of the CertificatePrincipal used for mapping X509 cert chains to a Princpal.

Parameters:
className - the CertificatePrincipal implementation class that must have a no-arg ctor.
See Also:
CertificatePrincipal (src)

start

public void start()
           throws LifecycleException
Override to allow a single realm to be shared as a realm and valve

Throws:
LifecycleException

stop

public void stop()
          throws LifecycleException
Override to allow a single realm to be shared as a realm and valve

Throws:
LifecycleException

authenticate

public java.security.Principal authenticate(java.security.cert.X509Certificate[] certs)
Return the Principal associated with the specified chain of X509 client certificates. If there is none, return null.

Parameters:
certs - Array of client certificates, with the first one in the array being the certificate of the client itself.

authenticate

public java.security.Principal authenticate(java.lang.String username,
                                            java.lang.String digest,
                                            java.lang.String nonce,
                                            java.lang.String nc,
                                            java.lang.String cnonce,
                                            java.lang.String qop,
                                            java.lang.String realm,
                                            java.lang.String md5a2)
Return the Principal associated with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2069; otherwise return null.

Parameters:
username - Username of the Principal to look up
digest - Digest which has been submitted by the client
nonce - Unique (or supposedly unique) token which has been used for this request
realm - Realm name
md5a2 - Second MD5 digest used to calculate the digest : MD5(Method + ":" + uri)

authenticate

public java.security.Principal authenticate(java.lang.String username,
                                            java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.

Parameters:
username - Username of the Principal to look up
credentials - Password or other credentials to use in authenticating this username

hasRole

public boolean hasRole(java.security.Principal principal,
                       java.lang.String role)
Returns true if the specified user Principal has the specified security role, within the context of this Realm; otherwise return false. This will be true when an associated role Principal can be found whose getName method returns a String equalling the specified role.

Parameters:
principal - Principal for whom the role is to be checked
role - Security role to be checked

authenticate

public java.security.Principal authenticate(java.lang.String username,
                                            byte[] credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.

Parameters:
username - Username of the Principal to look up
credentials - Password or other credentials to use in authenticating this username

getName

protected java.lang.String getName()
Return a short name for this Realm implementation, for use in log messages.

getPassword

protected java.lang.String getPassword(java.lang.String username)
Return the password associated with the given principal's user name.

getPrincipal

protected java.security.Principal getPrincipal(java.lang.String username)
Return the Principal associated with the given user name.

getPrincipalRoles

protected java.util.Set getPrincipalRoles(java.security.Principal principal)
Access the set of role Princpals associated with the given caller princpal.

Parameters:
principal - - the Principal mapped from the authentication principal and visible from the HttpServletRequest.getUserPrincipal
Returns:
a possible null Set for the caller roles

getCachingPrincpal

protected java.security.Principal getCachingPrincpal(RealmMapping (src)  realmMapping,
                                                     java.security.Principal authPrincipal,
                                                     java.security.Principal callerPrincipal,
                                                     java.lang.Object credential,
                                                     javax.security.auth.Subject subject)
Create the session principal tomcat will cache to avoid callouts to this Realm.

Parameters:
realmMapping - - the role mapping security manager
authPrincipal - - the principal used for authentication and stored in the security manager cache
callerPrincipal - - the possibly different caller principal representation of the authenticated principal
credential - - the credential used for authentication
Returns:
the tomcat session principal wrapper
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS (src)    NEXT CLASS (src) FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD