org.norther.tammi.core.realm
Class AbstractRealm

java.lang.Object
  org.norther.tammi.core.base.Adaptee
      org.norther.tammi.core.config.DefaultConfigurable
          org.norther.tammi.core.realm.AbstractRealm

All Implemented Interfaces:

Serializable, EventListener, NotificationBroadcaster, NotificationEmitter, TraceListener, Manageable, MBeanDelegate, Configurable, Realm

Direct Known Subclasses:

DefaultJndiRealm, DefaultMemoryRealm, DefaultRepositoryRealm

public abstract class AbstractRealm
extends DefaultConfigurable
implements Realm

An abstract implementation of Realm.

Based on RealmBase in the Apache Jakarta Tomcat project.

Author:

Craig R. McClanahan, Ilkka Priha

See Also:

Serialized Form

Field Summary

Fields inherited from class org.norther.tammi.core.config.DefaultConfigurable

MODIFIED, SYNCHRONIZED, UNMODIFIED

Fields inherited from class org.norther.tammi.core.base.Adaptee

ADAPTEE_NOTIF_DESCRIPTION, ADAPTEE_NOTIFICATIONS

Fields inherited from interface org.norther.tammi.core.realm.Realm

ANONYMOUS_USER_PROPERTY, CACHED_PASSWORDS_PROPERTY, DEFAULT_ROLE_PROPERTY, DIGEST_ALGORITHM_PROPERTY, MEMBER_PROPERTY, PUBLIC_NAME_PROPERTY

Fields inherited from interface org.norther.tammi.core.base.MBeanDelegate

ARRAY_TYPE, OBJECT_TYPE, PRIMITIVE_TYPE, STRING_TYPE

Constructor Summary

AbstractRealm()
Constructs a new realm.

AbstractRealm(String digest)
Constructs a new realm with a digest.

Method Summary

protected boolean	addRoles(AuthenticatedPrincipal principal, List roles) Adds roles for the specified authenticated principal.
Principal	authenticate(Certificate[] certs) Authenticates the principal with a certificate.
Principal	authenticate(Principal principal, String scheme) Authenticates the specified principal in this realm.
Principal	authenticate(String domain, Certificate[] certs) Authenticates the principal with a certicate in the specified domain.
Principal	authenticate(String domain, Principal principal, String scheme) Authenticates the specified principal in the specified domain of this realm.
Principal	authenticate(String username, String password, String scheme) Authenticates the principal associated with the specified username and password using the specified scheme, if there is one.
Principal	authenticate(String domain, String username, String password, String scheme) Authenticates the principal associated with the specified username and password in the specified domain using the specified scheme, if there is one.
Principal	authenticate(String username, String realmname, String resp, String nonce, String nc, String cnonce, String qop, String md5a2, String encoding) Authenticates the principal associated with the specified username matching the digest calculated using the given parameters using the method described in RFC2617/2831.
Principal	authenticate(String domain, String username, String realmname, String resp, String nonce, String nc, String cnonce, String qop, String md5a2, String encoding) Authenticates the principal associated with the specified username in the specified domain matching the digest calculated using the given parameters using the method described in RFC2617/2831.
protected void	checkProperties() Checks properties.
protected AuthenticatedPrincipal	createPrincipal(String domain, Locale locale, Object id, String username, String credentials) Creates a user principal instance representing the authenticated user.
protected AuthenticatedPrincipal	createPrincipal(String domain, Locale locale, Object id, String username, String credentials, String realName) Creates a user principal instance with the full name representing the authenticated user.
String	digest(String username, String password) Digests the password for the specified username using the defined algorithm and converts the result to a corresponding hexadecimal string.
String	generateAuthenticate(String username, String password, String scheme) Generates the authentication header.
String	getAnonymousUser() Gets the username for anonymous principals.
String	getAuthType() Gets the authentication scheme.
String	getDefaultRole() Gets the default role of authenticated principals.
String	getDigestAlgorithm() Gets the digest algorithm used to store credentials.
protected Map	getMemberMap() Gets the member map.
protected MessageDigest	getMessageDigest() Gets the message digest to apply to credentials, if any.
protected abstract Principal	getPrincipal(String domain, String username, String password) Gets the user principal representing the authenticated user.
String	getPublicName() Gets the public name of this realm.
Principal	identify(String identity) Identifies the principal associated with the specified identity.
Principal	identify(String username, String password) Identifies the principal associated with the specified username and password.
boolean	isAuthenticated(Principal principal) Checks whether the specified principal is authenticated in this realm.
boolean	isAuthenticated(String domain, Principal principal) Checks whether the specified principal is authenticated in the specified domain of this realm.
boolean	isCachedPasswords() Checks whether non-digested client passwords are cached.
boolean	isUserInRole(Principal principal, String role) Checks whether the specified principal is in the specified security role within the context of any domain in this realm.
void	setAnonymousUser(String username) Sets the username for anonymous principals.
void	setCachedPasswords(boolean flag) Sets the option to cache non-digested client passwords of authenticated principals to be used in e.g.
void	setDefaultRole(String role) Sets the default role of authenticated principals.
void	setDigestAlgorithm(String digest) Sets the digest algorithm used to store credentials.
void	setPublicName(String name) Sets the public name of this realm.
protected void	updateProperties() Updates properties.

Methods inherited from class org.norther.tammi.core.config.DefaultConfigurable

addProperty, addProperty, clearProperties, containsProperty, getConfigKey, getConfiguration, getModifiedState, getProperties, getProperty, getPropertyFilePath, indexOfProperty, loadConfiguration, loadConfiguration, loadConfiguration, modified, propertyMap, propertyMap, removeProperty, removeProperty, setConfigKey, setModifiedState, setProperties, setProperty, setPropertyFilePath, setPropertyFilePath, storeProperties

Methods inherited from class org.norther.tammi.core.base.Adaptee

addAdaptee, addNotificationListener, getAttributeSupport, getBroker, getCanonicalName, getDomain, getFactory, getLoader, getLog, getLog, getMBean, getMBeanServer, getNotificationInfo, getObjectName, getRegistrationTime, getSequenceNumber, hasListeners, isRegistered, postmanaged, premanaged, removeNotificationListener, removeNotificationListener, sendNotification, sendNotification, sendNotification, sendNotification, unmanaged, unregister

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.norther.tammi.core.config.Configurable

addProperty, addProperty, clearProperties, containsProperty, getConfigKey, getProperties, getProperty, getPropertyFilePath, indexOfProperty, propertyMap, propertyMap, removeProperty, removeProperty, setConfigKey, setProperties, setProperty, setPropertyFilePath, setPropertyFilePath, storeProperties

Constructor Detail

AbstractRealm

public AbstractRealm()

Constructs a new realm.

AbstractRealm

public AbstractRealm(String digest)

Constructs a new realm with a digest.

Parameters:

digest - the digest algorithm.

Method Detail

getPublicName

public String getPublicName()

Description copied from interface: Realm

Gets the public name of this realm.

Specified by:

getPublicName in interface Realm

Returns:

the public name.

setPublicName

public void setPublicName(String name)

Description copied from interface: Realm

Sets the public name of this realm.

Note that if both the digest algorithm and the public name are defined, the digested passwords must include the username and the realmname in the form: <username>:<realmname>:<password>.

Specified by:

setPublicName in interface Realm

Parameters:

name - the public name.

getDigestAlgorithm

public String getDigestAlgorithm()

Description copied from interface: Realm

Gets the digest algorithm used to store credentials.

Specified by:

getDigestAlgorithm in interface Realm

Returns:

the digest algorithm.

setDigestAlgorithm

public void setDigestAlgorithm(String digest)

Description copied from interface: Realm

Sets the digest algorithm used to store credentials.

Specified by:

setDigestAlgorithm in interface Realm

Parameters:

digest - the digest algorithm.

isCachedPasswords

public boolean isCachedPasswords()

Description copied from interface: Realm

Checks whether non-digested client passwords are cached.

Specified by:

isCachedPasswords in interface Realm

Returns:

the cached passwords option.

setCachedPasswords

public void setCachedPasswords(boolean flag)

Description copied from interface: Realm

Sets the option to cache non-digested client passwords of authenticated principals to be used in e.g. JDBC authentication. The default is to cache only the digested server credentials.

Specified by:

setCachedPasswords in interface Realm

Parameters:

flag - the cached passwords option.

getDefaultRole

public String getDefaultRole()

Description copied from interface: Realm

Gets the default role of authenticated principals.

Specified by:

getDefaultRole in interface Realm

Returns:

the default role.

setDefaultRole

public void setDefaultRole(String role)

Description copied from interface: Realm

Sets the default role of authenticated principals. If set, it will be associated to all authenticated principals in addition to their account specific roles.

Specified by:

setDefaultRole in interface Realm

Parameters:

role - the default role.

getAnonymousUser

public String getAnonymousUser()

Description copied from interface: Realm

Gets the username for anonymous principals.

Specified by:

getAnonymousUser in interface Realm

Returns:

the anonymous username.

setAnonymousUser

public void setAnonymousUser(String username)

Description copied from interface: Realm

Sets the username for anonymous principals. If set, it will be associated to unauthenticated principals without a username.

Note that the anonymous user must be known within the realm but its credentials are not necessarily verified during authentication.

Specified by:

setAnonymousUser in interface Realm

Parameters:

username - the default guest.

isUserInRole

public boolean isUserInRole(Principal principal,
                            String role)

Description copied from interface: Realm

Checks whether the specified principal is in the specified security role within the context of any domain in this realm.

Specified by:

isUserInRole in interface Realm

Parameters:

principal - the principal for whom the role is to be checked.

role - the security role to be checked.

Returns:

true or false.

isAuthenticated

public boolean isAuthenticated(Principal principal)

Description copied from interface: Realm

Checks whether the specified principal is authenticated in this realm.

Specified by:

isAuthenticated in interface Realm

Parameters:

principal - the principal to be checked.

Returns:

true or false.

isAuthenticated

public boolean isAuthenticated(String domain,
                               Principal principal)

Description copied from interface: Realm

Checks whether the specified principal is authenticated in the specified domain of this realm.

Specified by:

isAuthenticated in interface Realm

Parameters:

domain - the domain of the user.

principal - the principal to be checked.

Returns:

true or false.

identify

public Principal identify(String identity)

Description copied from interface: Realm

Identifies the principal associated with the specified identity.

Specified by:

identify in interface Realm

Parameters:

identity - the identity.

Returns:

the identified principal.

identify

public Principal identify(String username,
                          String password)

Description copied from interface: Realm

Identifies the principal associated with the specified username and password.

Specified by:

identify in interface Realm

Parameters:

username - the username.

password - the password.

Returns:

the identified principal.

authenticate

public Principal authenticate(Principal principal,
                              String scheme)

Description copied from interface: Realm

Authenticates the specified principal in this realm.

Specified by:

authenticate in interface Realm

Parameters:

principal - principal to be authenticated.

scheme - the authentication scheme to be applied.

Returns:

the authenticated principal, identified principal or null.

authenticate

public Principal authenticate(String domain,
                              Principal principal,
                              String scheme)

Description copied from interface: Realm

Authenticates the specified principal in the specified domain of this realm.

Specified by:

authenticate in interface Realm

Parameters:

domain - the domain of the user.

principal - principal to be authenticated.

scheme - the authentication scheme to be applied.

Returns:

the authenticated principal, identified principal or null.

authenticate

public Principal authenticate(String username,
                              String password,
                              String scheme)

Description copied from interface: Realm

Authenticates the principal associated with the specified username and password using the specified scheme, if there is one.

The username can be null or empty for an anonymous authentication.

Specified by:

authenticate in interface Realm

Parameters:

username - the username to look up.

password - the password to use in authentication.

scheme - the authentication scheme to be applied.

Returns:

the authenticated principal, identified principal or null.

authenticate

public Principal authenticate(String domain,
                              String username,
                              String password,
                              String scheme)

Description copied from interface: Realm

Authenticates the principal associated with the specified username and password in the specified domain using the specified scheme, if there is one.

The username can be null or empty for an anonymous authentication.

Specified by:

authenticate in interface Realm

Parameters:

domain - the domain of the user.

username - the username to look up.

password - the password to use in authentication.

scheme - the authentication scheme to be applied.

Returns:

the authenticated principal, identified principal or null.

authenticate

public Principal authenticate(String username,
                              String realmname,
                              String resp,
                              String nonce,
                              String nc,
                              String cnonce,
                              String qop,
                              String md5a2,
                              String encoding)

Description copied from interface: Realm

Authenticates the principal associated with the specified username matching the digest calculated using the given parameters using the method described in RFC2617/2831.

Note that either non-encrypted or MD5 digested passwords must be applied. Digested passwords must include the username and realmname in the form: <username>:<realmname>:<password>.

The username can be null or empty for an anonymous authentication.

Specified by:

authenticate in interface Realm

Parameters:

username - the username to look up.

realmname - the realm, i.e. the identification of the server.

resp - the digest which has been submitted by the client.

nonce - a unique token which has been used for this request.

nc - a nonce count.

cnonce - a client nonce.

qop - the quality of protection ("auth", "auth-int",...)

md5a2 - the second MD5 digest used to calculate the digest: MD5(Method + ':' + uri).

encoding - the chareacter encoding to apply.

Returns:

the authenticated principal, identified principal or null.

authenticate

public Principal authenticate(String domain,
                              String username,
                              String realmname,
                              String resp,
                              String nonce,
                              String nc,
                              String cnonce,
                              String qop,
                              String md5a2,
                              String encoding)

Description copied from interface: Realm

Authenticates the principal associated with the specified username in the specified domain matching the digest calculated using the given parameters using the method described in RFC2617/2831.

Note that either non-encrypted or MD5 digested passwords must be applied. Digested passwords must include the username and realmname in the form: <username>:<realmname>:<password>.

The username can be null or empty for an anonymous authentication.

Specified by:

authenticate in interface Realm

Parameters:

domain - the domain of the user.

username - the username to look up.

realmname - the realm, i.e. the identification of the server.

resp - the digest which has been submitted by the client.

nonce - a unique token which has been used for this request.

nc - a nonce count.

cnonce - a client nonce.

qop - the quality of protection ("auth", "auth-int",...)

md5a2 - the second MD5 digest used to calculate the digest: MD5(Method + ':' + uri).

encoding - the character encoding to apply.

Returns:

the authenticated principal, identified principal or null.

authenticate

public Principal authenticate(Certificate[] certs)

Description copied from interface: Realm

Authenticates the principal with a certificate.

Specified by:

authenticate in interface Realm

Parameters:

certs - the peer certificate chain.

Returns:

the authenticated principal, identified principal or null.

authenticate

public Principal authenticate(String domain,
                              Certificate[] certs)

Description copied from interface: Realm

Authenticates the principal with a certicate in the specified domain.

Specified by:

authenticate in interface Realm

Parameters:

domain - the domain of the user.

certs - the peer certificate chain.

Returns:

the authenticated principal, identified principal or null.

getAuthType

public String getAuthType()

Description copied from interface: Realm

Gets the authentication scheme. Usually this is defined by the authenticator, but some native realms provide proprietary authentication schemes.

Specified by:

getAuthType in interface Realm

Returns:

the authentication scheme or null.

generateAuthenticate

public String generateAuthenticate(String username,
                                   String password,
                                   String scheme)

Description copied from interface: Realm

Generates the authentication header. Usually this can be done by the authenticator, but some native realms provide proprietary authentication schemes.

The username can be null or empty for an anonymous authentication.

Specified by:

generateAuthenticate in interface Realm

Parameters:

username - the username to look up.

password - the password to use in authentication.

scheme - the authentication scheme to be used.

Returns:

the authentication header value.

digest

public String digest(String username,
                     String password)

Description copied from interface: Realm

Digests the password for the specified username using the defined algorithm and converts the result to a corresponding hexadecimal string. The UTF-8 encoding is applied.

Specified by:

digest in interface Realm

Parameters:

username - the username.

password - the password or other credentials.

Returns:

the digest as a hexadecimal string.

getMessageDigest

protected MessageDigest getMessageDigest()

Gets the message digest to apply to credentials, if any.

Returns:

the message digest or null.

getMemberMap

protected Map getMemberMap()

Gets the member map.

Returns:

the member map.

checkProperties

protected void checkProperties()

Checks properties.

updateProperties

protected void updateProperties()

Updates properties.

createPrincipal

protected AuthenticatedPrincipal createPrincipal(String domain,
                                                 Locale locale,
                                                 Object id,
                                                 String username,
                                                 String credentials)

Creates a user principal instance representing the authenticated user.

Parameters:

domain - the domain.

locale - the locale.

id - the identification.

username - the username.

credentials - the server credentials.

Returns:

the principal or null.

createPrincipal

protected AuthenticatedPrincipal createPrincipal(String domain,
                                                 Locale locale,
                                                 Object id,
                                                 String username,
                                                 String credentials,
                                                 String realName)

Creates a user principal instance with the full name representing the authenticated user.

Parameters:

domain - the domain.

locale - the locale.

id - the identification.

username - the username.

credentials - the server credentials.

realName - the real name.

Returns:

the principal or null.

addRoles

protected boolean addRoles(AuthenticatedPrincipal principal,
                           List roles)

Adds roles for the specified authenticated principal.

Parameters:

principal - the principal.

roles - a list of roles.

Returns:

the true if added, false otherwise.

getPrincipal

protected abstract Principal getPrincipal(String domain,
                                          String username,
                                          String password)

Gets the user principal representing the authenticated user. Subclasses may implement this method only and rely on authentication operations provided by this class.

Parameters:

domain - the domain.

username - the username.

password - the user password.

Returns:

the principal or null.