|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.catalina.realm.RealmBase org.apache.catalina.realm.JNDIRealm
Implementation of Realm that works with a directory server accessed via the Java Naming and Directory Interface (JNDI) APIs. The following constraints are imposed on the data structure in the underlying directory server:
DirContext
that is accessed
via the connectionURL
property.connectURL
an attempt will be made to use the alternateURL
if it
exists.userPattern
property.userPattern
property is not
specified, a unique element can be located by searching the directory
context. In this case:
userSearch
pattern specifies the search filter
after substitution of the username.userBase
property can be set to the element that
is the base of the subtree containing users. If not specified,
the search base is the top-level context.userSubtree
property can be set to
true
if you wish to search the entire subtree of the
directory context. The default value of false
requests a search of only the current level.userPassword
property is not specified.userPassword
property is specified, in which case:
userPassword
property.
RealmBase.digest()
method (using the standard digest
support included in RealmBase
).
RealmBase.digest()
) are equal to the retrieved value
for the user password attribute.DirContext
that is accessed via the
connectionURL
property. This element has the following
characteristics:
roleSearch
property.roleSearch
pattern optionally includes pattern
replacements "{0}" for the distinguished name, and/or "{1}" for
the username, of the authenticated user for which roles will be
retrieved.roleBase
property can be set to the element that
is the base of the search for matching roles. If not specified,
the entire context will be searched.roleSubtree
property can be set to
true
if you wish to search the entire subtree of the
directory context. The default value of false
requests a search of only the current level.roleName
property) containing the name of the
role represented by this element.userRoleName
property.<security-role-ref>
element in
the web application deployment descriptor allows applications to refer
to roles programmatically by names other than those used in the
directory server itself.TODO - Support connection pooling (including message
format objects) so that authenticate()
does not have to be
synchronized.
Field Summary | |
protected java.lang.String |
alternateURL
An alternate URL, to which, we should connect if connectionURL fails. |
protected java.lang.String |
authentication
The type of authentication to use |
protected int |
connectionAttempt
The number of connection attempts. |
protected java.lang.String |
connectionName
The connection username for the server we will contact. |
protected java.lang.String |
connectionPassword
The connection password for the server we will contact. |
protected java.lang.String |
connectionURL
The connection URL for the server we will contact. |
protected javax.naming.directory.DirContext |
context
The directory context linking us to our directory server. |
protected java.lang.String |
contextFactory
The JNDI context factory used to acquire our InitialContext. |
protected static java.lang.String |
info
Descriptive information about this Realm implementation. |
protected static java.lang.String |
name
Descriptive information about this Realm implementation. |
protected java.lang.String |
protocol
The protocol that will be used in the communication with the directory server. |
protected java.lang.String |
referrals
How should we handle referrals? |
protected java.lang.String |
roleBase
The base element for role searches. |
protected java.text.MessageFormat |
roleFormat
The MessageFormat object associated with the current roleSearch . |
protected java.lang.String |
roleName
The name of the attribute containing roles held elsewhere |
protected java.lang.String |
roleSearch
The message format used to select roles for a user, with "{0}" marking the spot where the distinguished name of the user goes. |
protected boolean |
roleSubtree
Should we search the entire subtree for matching memberships? |
protected java.lang.String |
userBase
The base element for user searches. |
protected java.lang.String |
userPassword
The attribute name used to retrieve the user password. |
protected java.lang.String |
userPattern
The message format used to form the distinguished name of a user, with "{0}" marking the spot where the specified username goes. |
protected java.text.MessageFormat |
userPatternFormat
The MessageFormat object associated with the current userPattern . |
protected java.lang.String |
userRoleName
The name of an attribute in the user's entry containing roles for that user |
protected java.lang.String |
userSearch
The message format used to search for a user, with "{0}" marking the spot where the username goes. |
protected java.text.MessageFormat |
userSearchFormat
The MessageFormat object associated with the current userSearch . |
protected boolean |
userSubtree
Should we search the entire subtree for matching users? |
Fields inherited from class org.apache.catalina.realm.RealmBase |
container, debug, digest, lifecycle, md, md5Encoder, md5Helper, sm, started, support, validate |
Fields inherited from interface org.apache.catalina.Lifecycle |
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, START_EVENT, STOP_EVENT |
Constructor Summary | |
JNDIRealm()
|
Method Summary | |
java.security.Principal |
authenticate(javax.naming.directory.DirContext context,
java.lang.String username,
java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null . |
java.security.Principal |
authenticate(java.lang.String username,
java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null .
|
protected boolean |
bindAsUser(javax.naming.directory.DirContext context,
org.apache.catalina.realm.User user,
java.lang.String credentials)
Check credentials by binding to the directory as the user |
protected boolean |
checkCredentials(javax.naming.directory.DirContext context,
org.apache.catalina.realm.User user,
java.lang.String credentials)
Check whether the given User can be authenticated with the given credentials. |
protected void |
close(javax.naming.directory.DirContext context)
Close any open connection to the directory server for this Realm. |
protected boolean |
compareCredentials(javax.naming.directory.DirContext context,
org.apache.catalina.realm.User info,
java.lang.String credentials)
Check whether the credentials presented by the user match those retrieved from the directory. |
java.lang.String |
getAlternateURL()
Getter for property alternateURL. |
java.lang.String |
getAuthentication()
Return the type of authentication to use. |
java.lang.String |
getConnectionName()
Return the connection username for this Realm. |
java.lang.String |
getConnectionPassword()
Return the connection password for this Realm. |
java.lang.String |
getConnectionURL()
Return the connection URL for this Realm. |
java.lang.String |
getContextFactory()
Return the JNDI context factory for this Realm. |
protected java.util.Hashtable |
getDirectoryContextEnvironment()
Create our directory context configuration. |
protected java.lang.String |
getName()
Return a short name for this Realm implementation. |
protected java.lang.String |
getPassword(java.lang.String username)
Return the password associated with the given principal's user name. |
protected java.security.Principal |
getPrincipal(java.lang.String username)
Return the Principal associated with the given user name. |
java.lang.String |
getProtocol()
Return the protocol to be used. |
java.lang.String |
getReferrals()
Returns the current settings for handling JNDI referrals. |
java.lang.String |
getRoleBase()
Return the base element for role searches. |
java.lang.String |
getRoleName()
Return the role name attribute name for this Realm. |
protected java.util.List |
getRoles(javax.naming.directory.DirContext context,
org.apache.catalina.realm.User user)
Return a List of roles associated with the given User. |
java.lang.String |
getRoleSearch()
Return the message format pattern for selecting roles in this Realm. |
boolean |
getRoleSubtree()
Return the "search subtree for roles" flag. |
protected org.apache.catalina.realm.User |
getUser(javax.naming.directory.DirContext context,
java.lang.String username)
Return a User object containing information about the user with the specified username, if found in the directory; otherwise return null .
|
java.lang.String |
getUserBase()
Return the base element for user searches. |
protected org.apache.catalina.realm.User |
getUserByPattern(javax.naming.directory.DirContext context,
java.lang.String username,
java.lang.String[] attrIds)
Use the UserPattern configuration attribute to
locate the directory entry for the user with the specified
username and return a User object; otherwise return
null . |
protected org.apache.catalina.realm.User |
getUserBySearch(javax.naming.directory.DirContext context,
java.lang.String username,
java.lang.String[] attrIds)
Search the directory to return a User object containing information about the user with the specified username, if found in the directory; otherwise return null . |
java.lang.String |
getUserPassword()
Return the password attribute used to retrieve the user password. |
java.lang.String |
getUserPattern()
Return the message format pattern for selecting users in this Realm. |
java.lang.String |
getUserRoleName()
Return the user role name attribute name for this Realm. |
java.lang.String |
getUserSearch()
Return the message format pattern for selecting users in this Realm. |
boolean |
getUserSubtree()
Return the "search subtree for users" flag. |
protected javax.naming.directory.DirContext |
open()
Open (if necessary) and return a connection to the configured directory server for this Realm. |
protected void |
release(javax.naming.directory.DirContext context)
Release our use of this connection so that it can be recycled. |
void |
setAlternateURL(java.lang.String alternateURL)
Setter for property alternateURL. |
void |
setAuthentication(java.lang.String authentication)
Set the type of authentication to use. |
void |
setConnectionName(java.lang.String connectionName)
Set the connection username for this Realm. |
void |
setConnectionPassword(java.lang.String connectionPassword)
Set the connection password for this Realm. |
void |
setConnectionURL(java.lang.String connectionURL)
Set the connection URL for this Realm. |
void |
setContextFactory(java.lang.String contextFactory)
Set the JNDI context factory for this Realm. |
void |
setProtocol(java.lang.String protocol)
Set the protocol for this Realm. |
void |
setReferrals(java.lang.String referrals)
How do we handle JNDI referrals? |
void |
setRoleBase(java.lang.String roleBase)
Set the base element for role searches. |
void |
setRoleName(java.lang.String roleName)
Set the role name attribute name for this Realm. |
void |
setRoleSearch(java.lang.String roleSearch)
Set the message format pattern for selecting roles in this Realm. |
void |
setRoleSubtree(boolean roleSubtree)
Set the "search subtree for roles" flag. |
void |
setUserBase(java.lang.String userBase)
Set the base element for user searches. |
void |
setUserPassword(java.lang.String userPassword)
Set the password attribute used to retrieve the user password. |
void |
setUserPattern(java.lang.String userPattern)
Set the message format pattern for selecting users in this Realm. |
void |
setUserRoleName(java.lang.String userRoleName)
Set the user role name attribute name for this Realm. |
void |
setUserSearch(java.lang.String userSearch)
Set the message format pattern for selecting users in this Realm. |
void |
setUserSubtree(boolean userSubtree)
Set the "search subtree for users" flag. |
void |
start()
Prepare for active use of the public methods of this Component. |
void |
stop()
Gracefully shut down active use of the public methods of this Component. |
Methods inherited from class org.apache.catalina.realm.RealmBase |
addLifecycleListener, addPropertyChangeListener, authenticate, authenticate, authenticate, digest, Digest, findLifecycleListeners, getContainer, getDebug, getDigest, getDigest, getInfo, getValidate, hasMessageDigest, hasRole, log, log, main, removeLifecycleListener, removePropertyChangeListener, setContainer, setDebug, setDigest, setValidate |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
protected java.lang.String authentication
protected java.lang.String connectionName
protected java.lang.String connectionPassword
protected java.lang.String connectionURL
protected javax.naming.directory.DirContext context
protected java.lang.String contextFactory
protected static final java.lang.String info
protected static final java.lang.String name
protected java.lang.String protocol
protected java.lang.String referrals
protected java.lang.String userBase
protected java.lang.String userSearch
protected java.text.MessageFormat userSearchFormat
userSearch
.
protected boolean userSubtree
protected java.lang.String userPassword
protected java.lang.String userPattern
protected java.text.MessageFormat userPatternFormat
userPattern
.
protected java.lang.String roleBase
protected java.text.MessageFormat roleFormat
roleSearch
.
protected java.lang.String userRoleName
protected java.lang.String roleName
protected java.lang.String roleSearch
protected boolean roleSubtree
protected java.lang.String alternateURL
protected int connectionAttempt
Constructor Detail |
public JNDIRealm()
Method Detail |
public java.lang.String getAuthentication()
public void setAuthentication(java.lang.String authentication)
authentication
- The authenticationpublic java.lang.String getConnectionName()
public void setConnectionName(java.lang.String connectionName)
connectionName
- The new connection usernamepublic java.lang.String getConnectionPassword()
public void setConnectionPassword(java.lang.String connectionPassword)
connectionPassword
- The new connection passwordpublic java.lang.String getConnectionURL()
public void setConnectionURL(java.lang.String connectionURL)
connectionURL
- The new connection URLpublic java.lang.String getContextFactory()
public void setContextFactory(java.lang.String contextFactory)
contextFactory
- The new context factorypublic java.lang.String getProtocol()
public void setProtocol(java.lang.String protocol)
protocol
- The new protocol.public java.lang.String getReferrals()
public void setReferrals(java.lang.String referrals)
public java.lang.String getUserBase()
public void setUserBase(java.lang.String userBase)
userBase
- The new base elementpublic java.lang.String getUserSearch()
public void setUserSearch(java.lang.String userSearch)
userSearch
- The new user search patternpublic boolean getUserSubtree()
public void setUserSubtree(boolean userSubtree)
userSubtree
- The new search flagpublic java.lang.String getUserRoleName()
public void setUserRoleName(java.lang.String userRoleName)
userRoleName
- The new userRole name attribute namepublic java.lang.String getRoleBase()
public void setRoleBase(java.lang.String roleBase)
roleBase
- The new base elementpublic java.lang.String getRoleName()
public void setRoleName(java.lang.String roleName)
roleName
- The new role name attribute namepublic java.lang.String getRoleSearch()
public void setRoleSearch(java.lang.String roleSearch)
roleSearch
- The new role search patternpublic boolean getRoleSubtree()
public void setRoleSubtree(boolean roleSubtree)
roleSubtree
- The new search flagpublic java.lang.String getUserPassword()
public void setUserPassword(java.lang.String userPassword)
userPassword
- The new password attributepublic java.lang.String getUserPattern()
public void setUserPattern(java.lang.String userPattern)
userPattern
- The new user patternpublic java.lang.String getAlternateURL()
public void setAlternateURL(java.lang.String alternateURL)
alternateURL
- New value of property alternateURL.public java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)
null
.
If there are any errors with the JDBC connection, executing
the query or anything we return null (don't authenticate). This
event is also logged, and the connection will be closed so that
a subsequent request will automatically re-open it.
authenticate
in interface Realm
authenticate
in class RealmBase
username
- Username of the Principal to look upcredentials
- Password or other credentials to use in
authenticating this usernamepublic java.security.Principal authenticate(javax.naming.directory.DirContext context, java.lang.String username, java.lang.String credentials) throws javax.naming.NamingException
null
.
context
- The directory contextusername
- Username of the Principal to look upcredentials
- Password or other credentials to use in
authenticating this username
javax.naming.NamingException
- if a directory server error occursprotected org.apache.catalina.realm.User getUser(javax.naming.directory.DirContext context, java.lang.String username) throws javax.naming.NamingException
null
.
If the userPassword
configuration attribute is
specified, the value of that attribute is retrieved from the
user's directory entry. If the userRoleName
configuration attribute is specified, all values of that
attribute are retrieved from the directory entry.
context
- The directory contextusername
- Username to be looked up
javax.naming.NamingException
- if a directory server error occursprotected org.apache.catalina.realm.User getUserByPattern(javax.naming.directory.DirContext context, java.lang.String username, java.lang.String[] attrIds) throws javax.naming.NamingException
UserPattern
configuration attribute to
locate the directory entry for the user with the specified
username and return a User object; otherwise return
null
.
context
- The directory contextusername
- The usernameattrIds
- String[]containing names of attributes to
retrieve.
javax.naming.NamingException
- if a directory server error occursprotected org.apache.catalina.realm.User getUserBySearch(javax.naming.directory.DirContext context, java.lang.String username, java.lang.String[] attrIds) throws javax.naming.NamingException
null
.
context
- The directory contextusername
- The usernameattrIds
- String[]containing names of attributes to retrieve.
javax.naming.NamingException
- if a directory server error occursprotected boolean checkCredentials(javax.naming.directory.DirContext context, org.apache.catalina.realm.User user, java.lang.String credentials) throws javax.naming.NamingException
userPassword
configuration attribute is specified, the credentials
previously retrieved from the directory are compared explicitly
with those presented by the user. Otherwise the presented
credentials are checked by binding to the directory as the
user.
context
- The directory contextuser
- The User to be authenticatedcredentials
- The credentials presented by the user
javax.naming.NamingException
- if a directory server error occursprotected boolean compareCredentials(javax.naming.directory.DirContext context, org.apache.catalina.realm.User info, java.lang.String credentials) throws javax.naming.NamingException
context
- The directory contextcredentials
- Authentication credentials
javax.naming.NamingException
- if a directory server error occursprotected boolean bindAsUser(javax.naming.directory.DirContext context, org.apache.catalina.realm.User user, java.lang.String credentials) throws javax.naming.NamingException
context
- The directory contextuser
- The User to be authenticatedcredentials
- Authentication credentials
javax.naming.NamingException
- if a directory server error occursprotected java.util.List getRoles(javax.naming.directory.DirContext context, org.apache.catalina.realm.User user) throws javax.naming.NamingException
context
- The directory context we are searchinguser
- The User to be checked
javax.naming.NamingException
- if a directory server error occursprotected void close(javax.naming.directory.DirContext context)
context
- The directory context to be closedprotected java.lang.String getName()
getName
in class RealmBase
protected java.lang.String getPassword(java.lang.String username)
getPassword
in class RealmBase
protected java.security.Principal getPrincipal(java.lang.String username)
getPrincipal
in class RealmBase
protected javax.naming.directory.DirContext open() throws javax.naming.NamingException
javax.naming.NamingException
- if a directory server error occursprotected java.util.Hashtable getDirectoryContextEnvironment()
protected void release(javax.naming.directory.DirContext context)
context
- The directory context to releasepublic void start() throws LifecycleException
start
in interface Lifecycle
start
in class RealmBase
LifecycleException
- if this component detects a fatal error
that prevents it from being startedpublic void stop() throws LifecycleException
stop
in interface Lifecycle
stop
in class RealmBase
LifecycleException
- if this component detects a fatal error
that needs to be reported
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |