JNDIRealm (Catalina Internal API Documentation)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object | +--org.apache.catalina.realm.RealmBase | +--org.apache.catalina.realm.JNDIRealm
Implementation of Realm that works with a directory server accessed via the Java Naming and Directory Interface (JNDI) APIs. The following constraints are imposed on the data structure in the underlying directory server:
DirContext
that is accessed
via the connectionURL
property. This element has the
following characteristics:
dn
) attribute of this element
contains the username that is being presented for authentication.
MessageFormat
, where the string "{0}"
in the pattern is replaced by the username being presented.userPassword
property. The value of this attribute
is retrieved for use in authentication.RealmBase.digest()
method (using the standard digest
support included in RealmBase
).
RealmBase.digest()
) are equal to the retrieved value
for the user password attribute.DirContext
that is accessed via the
connectionURL
property. This element has the following
characteristics:
roleSearch
property.roleSearch
pattern optionally includes pattern
replacements "{0}" for the distinguished name, and/or "{1}" for
the username, of the authenticated user for which roles will be
retrieved.roleBase
property can be set to the element that
is the base of the search for matching roles. If not specified,
the entire context will be searched.roleSubtree
property can be set to
true
if you wish to search the entire subtree of the
directory context. The default value of false
requests a search of only the current level.roleName
property) containing the name of the
role represented by this element.<security-role-ref>
element in
the web application deployment descriptor allows applications to refer
to roles programmatically by names other than those used in the
directory server itself.TODO - Support connection pooling (including message
format objects) so that authenticate()
does not have to be
synchronized.
Field Summary | |
protected java.lang.String |
connectionName
The connection username for the server we will contact. |
protected java.lang.String |
connectionPassword
The connection password for the server we will contact. |
protected java.lang.String |
connectionURL
The connection URL for the server we will contact. |
protected javax.naming.directory.DirContext |
context
The directory context linking us to our directory server. |
protected java.lang.String |
contextFactory
The JNDI context factory used to acquire our InitialContext. |
protected static java.lang.String |
info
Descriptive information about this Realm implementation. |
protected static java.lang.String |
name
Descriptive information about this Realm implementation. |
protected java.lang.String |
roleBase
The base element for role searches. |
protected java.text.MessageFormat |
roleFormat
The MessageFormat object associated with the current roleSearch . |
protected java.lang.String[] |
roleName
The name of the attribute containing the role name. |
protected java.lang.String |
roleSearch
The message format used to select roles for a user, with "{0}" marking the spot where the distinguished name of the user goes. |
protected boolean |
roleSubtree
Should we search the entire subtree for matching memberships? |
protected java.text.MessageFormat |
userFormat
The MessageFormat object associated with the current userPattern . |
protected java.lang.String[] |
userPassword
The attribute name used to retrieve the user password. |
protected java.lang.String |
userPattern
The message format used to select a user, with "{0}" marking the spot where the specified username goes. |
Fields inherited from class org.apache.catalina.realm.RealmBase |
container, debug, digest, lifecycle, md, md5Encoder, md5Helper, sm, started, support, validate |
Fields inherited from interface org.apache.catalina.Lifecycle |
START_EVENT, STOP_EVENT |
Constructor Summary | |
JNDIRealm()
|
Method Summary | |
java.security.Principal |
authenticate(javax.naming.directory.DirContext context,
java.lang.String username,
java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null . |
java.security.Principal |
authenticate(java.lang.String username,
java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null .
|
protected void |
close(javax.naming.directory.DirContext context)
Close any open connection to the directory server for this Realm. |
java.lang.String |
getConnectionName()
Return the connection username for this Realm. |
java.lang.String |
getConnectionPassword()
Return the connection password for this Realm. |
java.lang.String |
getConnectionURL()
Return the connection URL for this Realm. |
java.lang.String |
getContextFactory()
Return the JNDI context factory for this Realm. |
protected java.lang.String |
getName()
Return a short name for this Realm implementation. |
protected java.lang.String |
getPassword(java.lang.String username)
Return the password associated with the given principal's user name. |
protected java.security.Principal |
getPrincipal(java.lang.String username)
Return the Principal associated with the given user name. |
java.lang.String |
getRoleBase()
Return the base element for role searches. |
java.lang.String |
getRoleName()
Return the role name attribute name for this Realm. |
protected java.util.List |
getRoles(javax.naming.directory.DirContext context,
java.lang.String username,
java.lang.String dn)
Return a List of roles associated with the user with the specified distinguished name. |
java.lang.String |
getRoleSearch()
Return the message format pattern for selecting roles in this Realm. |
boolean |
getRoleSubtree()
Return the "search subtree for roles" flag. |
protected java.lang.String |
getUserDN(javax.naming.directory.DirContext context,
java.lang.String username,
java.lang.String credentials)
Return the distinguished name of an authenticated user (if successful) or null if authentication is unsuccessful. |
java.lang.String |
getUserPassword()
Return the password attribute used to retrieve the user password. |
java.lang.String |
getUserPattern()
Return the message format pattern for selecting users in this Realm. |
protected javax.naming.directory.DirContext |
open()
Open (if necessary) and return a connection to the configured directory server for this Realm. |
protected void |
release(javax.naming.directory.DirContext context)
Release our use of this connection so that it can be recycled. |
void |
setConnectionName(java.lang.String connectionName)
Set the connection username for this Realm. |
void |
setConnectionPassword(java.lang.String connectionPassword)
Set the connection password for this Realm. |
void |
setConnectionURL(java.lang.String connectionURL)
Set the connection URL for this Realm. |
void |
setContextFactory(java.lang.String contextFactory)
Set the JNDI context factory for this Realm. |
void |
setRoleBase(java.lang.String roleBase)
Set the base element for role searches. |
void |
setRoleName(java.lang.String roleName)
Set the role name attribute name for this Realm. |
void |
setRoleSearch(java.lang.String roleSearch)
Set the message format pattern for selecting roles in this Realm. |
void |
setRoleSubtree(boolean roleSubtree)
Set the "search subtree for roles" flag. |
void |
setUserPassword(java.lang.String userPassword)
Set the password attribute used to retrieve the user password. |
void |
setUserPattern(java.lang.String userPattern)
Set the message format pattern for selecting users in this Realm. |
void |
start()
Prepare for active use of the public methods of this Component. |
void |
stop()
Gracefully shut down active use of the public methods of this Component. |
Methods inherited from class org.apache.catalina.realm.RealmBase |
addLifecycleListener, addPropertyChangeListener, authenticate, authenticate, authenticate, digest, Digest, getContainer, getDebug, getDigest, getDigest, getInfo, getValidate, hasMessageDigest, hasRole, log, log, main, removeLifecycleListener, removePropertyChangeListener, setContainer, setDebug, setDigest, setValidate |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
protected java.lang.String connectionName
protected java.lang.String connectionPassword
protected java.lang.String connectionURL
protected javax.naming.directory.DirContext context
protected java.lang.String contextFactory
protected static final java.lang.String info
protected static final java.lang.String name
protected java.lang.String roleBase
protected java.text.MessageFormat roleFormat
roleSearch
.
protected java.lang.String[] roleName
protected java.lang.String roleSearch
protected boolean roleSubtree
protected java.text.MessageFormat userFormat
userPattern
.
protected java.lang.String[] userPassword
protected java.lang.String userPattern
Constructor Detail |
public JNDIRealm()
Method Detail |
public java.lang.String getConnectionName()
public void setConnectionName(java.lang.String connectionName)
connectionName
- The new connection usernamepublic java.lang.String getConnectionPassword()
public void setConnectionPassword(java.lang.String connectionPassword)
connectionPassword
- The new connection passwordpublic java.lang.String getConnectionURL()
public void setConnectionURL(java.lang.String connectionURL)
connectionURL
- The new connection URLpublic java.lang.String getContextFactory()
public void setContextFactory(java.lang.String contextFactory)
contextFactory
- The new context factorypublic java.lang.String getRoleBase()
public void setRoleBase(java.lang.String roleBase)
roleBase
- The new base elementpublic java.lang.String getRoleName()
public void setRoleName(java.lang.String roleName)
roleName
- The new role name attribute namepublic java.lang.String getRoleSearch()
public void setRoleSearch(java.lang.String roleSearch)
roleSearch
- The new role search patternpublic boolean getRoleSubtree()
public void setRoleSubtree(boolean roleSubtree)
roleSubtree
- The new search flagpublic java.lang.String getUserPassword()
public void setUserPassword(java.lang.String userPassword)
userPassword
- The new password attributepublic java.lang.String getUserPattern()
public void setUserPattern(java.lang.String userPattern)
userPattern
- The new user patternpublic java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)
null
.
If there are any errors with the JDBC connection, executing
the query or anything we return null (don't authenticate). This
event is also logged, and the connection will be closed so that
a subsequent request will automatically re-open it.
authenticate
in interface Realm
authenticate
in class RealmBase
username
- Username of the Principal to look upcredentials
- Password or other credentials to use in
authenticating this usernamepublic java.security.Principal authenticate(javax.naming.directory.DirContext context, java.lang.String username, java.lang.String credentials) throws javax.naming.NamingException
null
.
username
- Username of the Principal to look upcredentials
- Password or other credentials to use in
authenticating this username
javax.naming.NamingException
- if a directory server error occursprotected void close(javax.naming.directory.DirContext context)
context
- The directory context to be closedprotected java.lang.String getName()
getName
in class RealmBase
protected java.lang.String getPassword(java.lang.String username)
getPassword
in class RealmBase
protected java.security.Principal getPrincipal(java.lang.String username)
getPrincipal
in class RealmBase
protected java.util.List getRoles(javax.naming.directory.DirContext context, java.lang.String username, java.lang.String dn) throws javax.naming.NamingException
context
- The directory context we are searchingusername
- The username of the user to be checkeddn
- Distinguished name of the user to be checked
javax.naming.NamingException
- if a directory server error occursprotected java.lang.String getUserDN(javax.naming.directory.DirContext context, java.lang.String username, java.lang.String credentials) throws javax.naming.NamingException
null
if authentication is unsuccessful.
context
- The directory context we are accessingusername
- Username to be authenticatedcredentials
- Authentication credentials
javax.naming.NamingException
- if a directory server error occursprotected javax.naming.directory.DirContext open() throws javax.naming.NamingException
javax.naming.NamingException
- if a directory server error occursprotected void release(javax.naming.directory.DirContext context)
context
- The directory context to releasepublic void start() throws LifecycleException
start
in interface Lifecycle
start
in class RealmBase
java.lang.IllegalStateException
- if this component has already been
started
LifecycleException
- if this component detects a fatal error
that prevents it from being startedpublic void stop() throws LifecycleException
stop
in interface Lifecycle
stop
in class RealmBase
java.lang.IllegalStateException
- if this component has not been
started
LifecycleException
- if this component detects a fatal error
that needs to be reported
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |