org.norther.tammi.core.realm
Class DefaultNativeRealm

java.lang.Object
  org.norther.tammi.core.base.Adaptee
      org.norther.tammi.core.external.DefaultLibrary
          org.norther.tammi.core.realm.DefaultNativeRealm

All Implemented Interfaces:

Serializable, NotificationBroadcaster, NotificationEmitter, Manageable, MBeanDelegate, Configurable, Library, NativeRealm, Realm

public class DefaultNativeRealm
extends DefaultLibrary
implements NativeRealm

A default implementation of NativeRealm.

Author:

Ilkka Priha

See Also:

Serialized Form

Field Summary

Fields inherited from class org.norther.tammi.core.base.Adaptee

ADAPTEE_NOTIF_DESCRIPTION, ADAPTEE_NOTIFICATIONS

Fields inherited from interface org.norther.tammi.core.realm.NativeRealm

DEFAULT_DOMAIN_PROPERTY

Fields inherited from interface org.norther.tammi.core.realm.Realm

ANONYMOUS_USER_PROPERTY, CACHED_PASSWORDS_PROPERTY, DEFAULT_ROLE_PROPERTY, DIGEST_ALGORITHM_PROPERTY, MEMBER_PROPERTY, PUBLIC_NAME_PROPERTY

Fields inherited from interface org.norther.tammi.core.base.MBeanDelegate

ARRAY_TYPE, OBJECT_TYPE, PRIMITIVE_TYPE, STRING_TYPE

Constructor Summary

DefaultNativeRealm()
Constructs a new realm.

DefaultNativeRealm(String library)
Constructs a new realm with a specific library.

Method Summary

void	addProperty(int index, String key, String value) Inserts a multivalued property at the specified index.
void	addProperty(String key, String value) Adds a multivalued property.
Principal	authenticate(Certificate[] certs) Authenticates the principal with a certificate.
Principal	authenticate(Principal principal, String scheme) Authenticates the specified principal in this realm.
Principal	authenticate(String domain, Certificate[] certs) Authenticates the principal with a certicate in the specified domain.
Principal	authenticate(String domain, Principal principal, String scheme) Authenticates the specified principal in the specified domain of this realm.
Principal	authenticate(String username, String password, String scheme) Authenticates the principal associated with the specified username and password using the specified scheme, if there is one.
Principal	authenticate(String domain, String username, String password, String scheme) Authenticates the principal associated with the specified username and password in the specified domain using the specified scheme, if there is one.
Principal	authenticate(String username, String realmname, String resp, String nonce, String nc, String cnonce, String qop, String md5a2, String encoding) Authenticates the principal associated with the specified username matching the digest calculated using the given parameters using the method described in RFC2617/2831.
Principal	authenticate(String domain, String username, String realmname, String resp, String nonce, String nc, String cnonce, String qop, String md5a2, String encoding) Authenticates the principal associated with the specified username in the specified domain matching the digest calculated using the given parameters using the method described in RFC2617/2831.
protected void	checkProperties() Checks properties.
void	clearProperties() Clears all properties.
boolean	containsProperty(String key) Checks whether a property is defined.
String	digest(String username, String password) Digests the password for the specified username using the defined algorithm and converts the result to a corresponding hexadecimal string.
String	generateAuthenticate(String username, String password, String scheme) Generates the authentication header.
String	getAnonymousUser() Gets the username for anonymous principals.
String	getAuthType() Gets the authentication scheme.
String	getConfigKey() Gets the path finder key for resolving configuration paths.
String	getDefaultDomain() Gets the default domain to use for this realm.
String	getDefaultRole() Gets the default role of authenticated principals.
String	getDigestAlgorithm() Gets the digest algorithm used to store credentials.
int	getFreeDiskSpace(String name) Get free disk space in MB for given disk, empty or null name means the current disk.
int	getGroupId() Gets the group id of the current process.
String[]	getProperties(String key) Gets a multivalued property.
String	getProperty(String key) Gets a property.
String	getPropertyFilePath() Gets the property file path.
String	getPublicName() Gets the public name of this realm.
int	getUserId() Gets the user id of the current process.
Principal	identify(String identity) Identifies the principal associated with the specified identity.
Principal	identify(String username, String password) Identifies the principal associated with the specified username and password.
int	indexOfProperty(String key, String value) Returns the index of a multivalued property value.
boolean	isAuthenticated(Principal principal) Checks whether the specified principal is authenticated in this realm.
boolean	isAuthenticated(String domain, Principal principal) Checks whether the specified principal is authenticated in the specified domain of this realm.
boolean	isCachedPasswords() Checks whether non-digested client passwords are cached.
boolean	isUserInRole(Principal principal, String role) Checks whether the specified principal is in the specified security role within the context of any domain in this realm.
OrderedMap	propertyMap() Returns a map of properties.
OrderedMap	propertyMap(String prefix) Returns a map of prefixed properties.
Object	removeProperty(String key) Removes a property.
boolean	removeProperty(String key, String value) Removes a multivalued property.
void	reportErrorEvent(String source, String message) Reports an error event.
void	reportInfoEvent(String source, String message) Reports an info event.
void	reportWarningEvent(String source, String message) Reports a warning event.
void	setAnonymousUser(String username) Sets the username for anonymous principals.
void	setCachedPasswords(boolean flag) Sets the option to cache non-digested client passwords of authenticated principals to be used in e.g.
void	setConfigKey(String key) Sets the path finder key for resolving configuration paths.
void	setDefaultDomain(String domain) Sets the default domain to use for this realm.
void	setDefaultRole(String role) Sets the default role of authenticated principals.
void	setDigestAlgorithm(String digest) Sets the digest algorithm used to store credentials.
void	setGroupId(int gid) Sets the group id of the current process.
Object	setProperties(String key, String[] values) Sets a multivalued property.
Object	setProperty(String key, String value) Sets a property.
void	setPropertyFilePath(String path) Sets the property file path.
void	setPropertyFilePath(String path, String encoding) Sets the property file path with encoding.
void	setPublicName(String name) Sets the public name of this realm.
void	setUserId(int uid) Sets the user id of the current process.
void	storeProperties() Stores properties to the property file.
protected void	updateProperties() Updates properties.

Methods inherited from class org.norther.tammi.core.external.DefaultLibrary

freeLibrary, getBinKey, getLibrary, getLibraryPath, getLoaderPath, invoke, invoke, invokeByte, invokeByte, invokeBytes, invokeBytes, invokeConstBytes, invokeConstBytes, invokeConstString, invokeConstString, invokeConstStrings, invokeConstStrings, invokeDouble, invokeDouble, invokeFloat, invokeFloat, invokeInt, invokeInt, invokeLong, invokeLong, invokeShort, invokeShort, invokeString, invokeString, invokeStrings, invokeStrings, setBinKey, setLibraryPath, setLoaderPath, unmanaged

Methods inherited from class org.norther.tammi.core.base.Adaptee

addAdaptee, addNotificationListener, getAttributeSupport, getBroker, getCanonicalName, getDomain, getFactory, getLoader, getLog, getLog, getMBean, getMBeanServer, getNotificationInfo, getObjectName, getRegistrationTime, getSequenceNumber, hasListeners, isRegistered, postmanaged, premanaged, removeNotificationListener, removeNotificationListener, sendNotification, sendNotification, sendNotification, sendNotification, unregister

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.norther.tammi.core.external.Library

getBinKey, getLibraryPath, getLoaderPath, setBinKey, setLibraryPath, setLoaderPath

Constructor Detail

DefaultNativeRealm

public DefaultNativeRealm()

Constructs a new realm.

DefaultNativeRealm

public DefaultNativeRealm(String library)

Constructs a new realm with a specific library.

Parameters:

library - the native library.

Method Detail

getConfigKey

public String getConfigKey()

Description copied from interface: Configurable

Gets the path finder key for resolving configuration paths.

Specified by:

getConfigKey in interface Configurable

Returns:

the path finder key.

setConfigKey

public void setConfigKey(String key)

Description copied from interface: Configurable

Sets the path finder key for resolving configuration paths. The default key is PathFinderMBean.CONFIG.

Specified by:

setConfigKey in interface Configurable

Parameters:

key - the path finder key.

getPropertyFilePath

public String getPropertyFilePath()

Description copied from interface: Configurable

Gets the property file path.

Specified by:

getPropertyFilePath in interface Configurable

Returns:

the property file path.

setPropertyFilePath

public void setPropertyFilePath(String path)

Description copied from interface: Configurable

Sets the property file path. The path may be an absolute file path, a file path relative to the specified config key folder or a URL. The properties will be loaded before the next get/set property operation.

Specified by:

setPropertyFilePath in interface Configurable

Parameters:

path - a property file path.

setPropertyFilePath

public void setPropertyFilePath(String path,
                                String encoding)

Description copied from interface: Configurable

Sets the property file path with encoding. The path may be an absolute file path, a file path relative to the specified config key folder or a URL. The properties will be loaded before the next get/set property operation.

Specified by:

setPropertyFilePath in interface Configurable

Parameters:

path - a property file path.

encoding - the encoding to use.

containsProperty

public boolean containsProperty(String key)

Description copied from interface: Configurable

Checks whether a property is defined.

Specified by:

containsProperty in interface Configurable

Parameters:

key - the key.

Returns:

true for a defined property, false otherwise.

getProperty

public String getProperty(String key)

Description copied from interface: Configurable

Gets a property.

Specified by:

getProperty in interface Configurable

Parameters:

key - the key.

Returns:

the value or null.

setProperty

public Object setProperty(String key,
                          String value)

Description copied from interface: Configurable

Sets a property.

Specified by:

setProperty in interface Configurable

Parameters:

key - the key.

value - the value.

Returns:

the previous value.

getProperties

public String[] getProperties(String key)

Description copied from interface: Configurable

Gets a multivalued property.

Specified by:

getProperties in interface Configurable

Parameters:

key - the key.

Returns:

the values or null.

setProperties

public Object setProperties(String key,
                            String[] values)

Description copied from interface: Configurable

Sets a multivalued property.

Specified by:

setProperties in interface Configurable

Parameters:

key - the key.

values - the values.

Returns:

the previous value.

removeProperty

public Object removeProperty(String key)

Description copied from interface: Configurable

Removes a property.

Specified by:

removeProperty in interface Configurable

Parameters:

key - the key.

Returns:

the removed value or null.

indexOfProperty

public int indexOfProperty(String key,
                           String value)

Description copied from interface: Configurable

Returns the index of a multivalued property value.

Specified by:

indexOfProperty in interface Configurable

Parameters:

key - the key.

value - the value.

Returns:

the index of the value or -1.

addProperty

public void addProperty(String key,
                        String value)

Description copied from interface: Configurable

Adds a multivalued property.

Specified by:

addProperty in interface Configurable

Parameters:

key - the key.

value - the property.

addProperty

public void addProperty(int index,
                        String key,
                        String value)

Description copied from interface: Configurable

Inserts a multivalued property at the specified index.

Specified by:

addProperty in interface Configurable

Parameters:

index - the index.

key - the key.

value - the value.

removeProperty

public boolean removeProperty(String key,
                              String value)

Description copied from interface: Configurable

Removes a multivalued property.

Specified by:

removeProperty in interface Configurable

Parameters:

key - the key.

value - the value.

Returns:

true if removed, false otherwise.

clearProperties

public void clearProperties()

Description copied from interface: Configurable

Clears all properties.

Specified by:

clearProperties in interface Configurable

propertyMap

public OrderedMap propertyMap()

Description copied from interface: Configurable

Returns a map of properties. Multivalued properties are presented as string arrays.

Specified by:

propertyMap in interface Configurable

Returns:

a map of properties.

propertyMap

public OrderedMap propertyMap(String prefix)

Description copied from interface: Configurable

Returns a map of prefixed properties. The prefix is removed from the keys of the returned map. Multivalued properties are presented as string arrays.

Specified by:

propertyMap in interface Configurable

Parameters:

prefix - the prefix.

Returns:

a map of properties.

storeProperties

public void storeProperties()
                     throws IOException

Description copied from interface: Configurable

Stores properties to the property file.

Specified by:

storeProperties in interface Configurable

Throws:

IOException - on I/O errors.

getPublicName

public String getPublicName()

Description copied from interface: Realm

Gets the public name of this realm.

Specified by:

getPublicName in interface Realm

Returns:

the public name.

setPublicName

public void setPublicName(String name)

Description copied from interface: Realm

Sets the public name of this realm.

Note that if both the digest algorithm and the public name are defined, the digested passwords must include the username and the realmname in the form: <username>:<realmname>:<password>.

Specified by:

setPublicName in interface Realm

Parameters:

name - the public name.

getDigestAlgorithm

public String getDigestAlgorithm()

Description copied from interface: Realm

Gets the digest algorithm used to store credentials.

Specified by:

getDigestAlgorithm in interface Realm

Returns:

the digest algorithm.

setDigestAlgorithm

public void setDigestAlgorithm(String digest)

Description copied from interface: Realm

Sets the digest algorithm used to store credentials.

Specified by:

setDigestAlgorithm in interface Realm

Parameters:

digest - the digest algorithm.

isCachedPasswords

public boolean isCachedPasswords()

Description copied from interface: Realm

Checks whether non-digested client passwords are cached.

Specified by:

isCachedPasswords in interface Realm

Returns:

the cached passwords option.

setCachedPasswords

public void setCachedPasswords(boolean flag)

Description copied from interface: Realm

Sets the option to cache non-digested client passwords of authenticated principals to be used in e.g. JDBC authentication. The default is to cache only the digested server credentials.

Specified by:

setCachedPasswords in interface Realm

Parameters:

flag - the cached passwords option.

getDefaultRole

public String getDefaultRole()

Description copied from interface: Realm

Gets the default role of authenticated principals.

Specified by:

getDefaultRole in interface Realm

Returns:

the default role.

setDefaultRole

public void setDefaultRole(String role)

Description copied from interface: Realm

Sets the default role of authenticated principals. If set, it will be associated to all authenticated principals in addition to their account specific roles.

Specified by:

setDefaultRole in interface Realm

Parameters:

role - the default role.

getAnonymousUser

public String getAnonymousUser()

Description copied from interface: Realm

Gets the username for anonymous principals.

Specified by:

getAnonymousUser in interface Realm

Returns:

the anonymous username.

setAnonymousUser

public void setAnonymousUser(String username)

Description copied from interface: Realm

Sets the username for anonymous principals. If set, it will be associated to unauthenticated principals without a username.

Note that the anonymous user must be known within the realm but its credentials are not necessarily verified during authentication.

Specified by:

setAnonymousUser in interface Realm

Parameters:

username - the default guest.

isUserInRole

public boolean isUserInRole(Principal principal,
                            String role)

Description copied from interface: Realm

Checks whether the specified principal is in the specified security role within the context of any domain in this realm.

Specified by:

isUserInRole in interface Realm

Parameters:

principal - the principal for whom the role is to be checked.

role - the security role to be checked.

Returns:

true or false.

isAuthenticated

public boolean isAuthenticated(Principal principal)

Description copied from interface: Realm

Checks whether the specified principal is authenticated in this realm.

Specified by:

isAuthenticated in interface Realm

Parameters:

principal - the principal to be checked.

Returns:

true or false.

isAuthenticated

public boolean isAuthenticated(String domain,
                               Principal principal)

Description copied from interface: Realm

Checks whether the specified principal is authenticated in the specified domain of this realm.

Specified by:

isAuthenticated in interface Realm

Parameters:

domain - the domain of the user.

principal - the principal to be checked.

Returns:

true or false.

identify

public Principal identify(String identity)

Description copied from interface: Realm

Identifies the principal associated with the specified identity.

Specified by:

identify in interface Realm

Parameters:

identity - the identity.

Returns:

the identified principal.

identify

public Principal identify(String username,
                          String password)

Description copied from interface: Realm

Identifies the principal associated with the specified username and password.

Specified by:

identify in interface Realm

Parameters:

username - the username.

password - the password.

Returns:

the identified principal.

authenticate

public Principal authenticate(Principal principal,
                              String scheme)

Description copied from interface: Realm

Authenticates the specified principal in this realm.

Specified by:

authenticate in interface Realm

Parameters:

principal - principal to be authenticated.

scheme - the authentication scheme to be applied.

Returns:

the authenticated principal, identified principal or null.

authenticate

public Principal authenticate(String domain,
                              Principal principal,
                              String scheme)

Description copied from interface: Realm

Authenticates the specified principal in the specified domain of this realm.

Specified by:

authenticate in interface Realm

Parameters:

domain - the domain of the user.

principal - principal to be authenticated.

scheme - the authentication scheme to be applied.

Returns:

the authenticated principal, identified principal or null.

authenticate

public Principal authenticate(String username,
                              String password,
                              String scheme)

Description copied from interface: Realm

Authenticates the principal associated with the specified username and password using the specified scheme, if there is one.

The username can be null or empty for an anonymous authentication.

Specified by:

authenticate in interface Realm

Parameters:

username - the username to look up.

password - the password to use in authentication.

scheme - the authentication scheme to be applied.

Returns:

the authenticated principal, identified principal or null.

authenticate

public Principal authenticate(String domain,
                              String username,
                              String password,
                              String scheme)

Description copied from interface: Realm

Authenticates the principal associated with the specified username and password in the specified domain using the specified scheme, if there is one.

The username can be null or empty for an anonymous authentication.

Specified by:

authenticate in interface Realm

Parameters:

domain - the domain of the user.

username - the username to look up.

password - the password to use in authentication.

scheme - the authentication scheme to be applied.

Returns:

the authenticated principal, identified principal or null.

authenticate

public Principal authenticate(String username,
                              String realmname,
                              String resp,
                              String nonce,
                              String nc,
                              String cnonce,
                              String qop,
                              String md5a2,
                              String encoding)

Description copied from interface: Realm

Authenticates the principal associated with the specified username matching the digest calculated using the given parameters using the method described in RFC2617/2831.

Note that either non-encrypted or MD5 digested passwords must be applied. Digested passwords must include the username and realmname in the form: <username>:<realmname>:<password>.

The username can be null or empty for an anonymous authentication.

Specified by:

authenticate in interface Realm

Parameters:

username - the username to look up.

realmname - the realm, i.e. the identification of the server.

resp - the digest which has been submitted by the client.

nonce - a unique token which has been used for this request.

nc - a nonce count.

cnonce - a client nonce.

qop - the quality of protection ("auth", "auth-int",...)

md5a2 - the second MD5 digest used to calculate the digest: MD5(Method + ':' + uri).

encoding - the chareacter encoding to apply.

Returns:

the authenticated principal, identified principal or null.

authenticate

public Principal authenticate(String domain,
                              String username,
                              String realmname,
                              String resp,
                              String nonce,
                              String nc,
                              String cnonce,
                              String qop,
                              String md5a2,
                              String encoding)

Description copied from interface: Realm

Authenticates the principal associated with the specified username in the specified domain matching the digest calculated using the given parameters using the method described in RFC2617/2831.

Note that either non-encrypted or MD5 digested passwords must be applied. Digested passwords must include the username and realmname in the form: <username>:<realmname>:<password>.

The username can be null or empty for an anonymous authentication.

Specified by:

authenticate in interface Realm

Parameters:

domain - the domain of the user.

username - the username to look up.

realmname - the realm, i.e. the identification of the server.

resp - the digest which has been submitted by the client.

nonce - a unique token which has been used for this request.

nc - a nonce count.

cnonce - a client nonce.

qop - the quality of protection ("auth", "auth-int",...)

md5a2 - the second MD5 digest used to calculate the digest: MD5(Method + ':' + uri).

encoding - the character encoding to apply.

Returns:

the authenticated principal, identified principal or null.

authenticate

public Principal authenticate(Certificate[] certs)

Description copied from interface: Realm

Authenticates the principal with a certificate.

Specified by:

authenticate in interface Realm

Parameters:

certs - the peer certificate chain.

Returns:

the authenticated principal, identified principal or null.

authenticate

public Principal authenticate(String domain,
                              Certificate[] certs)

Description copied from interface: Realm

Authenticates the principal with a certicate in the specified domain.

Specified by:

authenticate in interface Realm

Parameters:

domain - the domain of the user.

certs - the peer certificate chain.

Returns:

the authenticated principal, identified principal or null.

getAuthType

public String getAuthType()

Description copied from interface: Realm

Gets the authentication scheme. Usually this is defined by the authenticator, but some native realms provide proprietary authentication schemes.

Specified by:

getAuthType in interface Realm

Returns:

the authentication scheme or null.

generateAuthenticate

public String generateAuthenticate(String username,
                                   String password,
                                   String scheme)

Description copied from interface: Realm

Generates the authentication header. Usually this can be done by the authenticator, but some native realms provide proprietary authentication schemes.

The username can be null or empty for an anonymous authentication.

Specified by:

generateAuthenticate in interface Realm

Parameters:

username - the username to look up.

password - the password to use in authentication.

scheme - the authentication scheme to be used.

Returns:

the authentication header value.

digest

public String digest(String username,
                     String password)

Description copied from interface: Realm

Digests the password for the specified username using the defined algorithm and converts the result to a corresponding hexadecimal string. The UTF-8 encoding is applied.

Specified by:

digest in interface Realm

Parameters:

username - the username.

password - the password or other credentials.

Returns:

the digest as a hexadecimal string.

getDefaultDomain

public String getDefaultDomain()

Description copied from interface: NativeRealm

Gets the default domain to use for this realm.

Specified by:

getDefaultDomain in interface NativeRealm

Returns:

the default domain name.

setDefaultDomain

public void setDefaultDomain(String domain)

Description copied from interface: NativeRealm

Sets the default domain to use for this realm.

Specified by:

setDefaultDomain in interface NativeRealm

Parameters:

domain - the default domain name.

getUserId

public int getUserId()

Description copied from interface: NativeRealm

Gets the user id of the current process.

Specified by:

getUserId in interface NativeRealm

Returns:

the process uid.

setUserId

public void setUserId(int uid)
               throws LogException

Description copied from interface: NativeRealm

Sets the user id of the current process.

Specified by:

setUserId in interface NativeRealm

Parameters:

uid - the new process uid.

Throws:

LogException - on errors.

getGroupId

public int getGroupId()

Description copied from interface: NativeRealm

Gets the group id of the current process.

Specified by:

getGroupId in interface NativeRealm

Returns:

the process gid.

setGroupId

public void setGroupId(int gid)
                throws LogException

Description copied from interface: NativeRealm

Sets the group id of the current process.

Specified by: