public class JAASRealm extends RealmBase
Implementation of Realm that authenticates users via the Java
 Authentication and Authorization Service (JAAS).  JAAS support requires
 either JDK 1.4 (which includes it as part of the standard platform) or
 JDK 1.3 (with the plug-in jaas.jar file).
The value configured for the appName property is passed to
 the javax.security.auth.login.LoginContext constructor, to
 specify the application name used to select the set of relevant
 LoginModules required.
The JAAS Specification describes the result of a successful login as a
 javax.security.auth.Subject instance, which can contain zero
 or more java.security.Principal objects in the return value
 of the Subject.getPrincipals() method.  However, it provides
 no guidance on how to distinguish Principals that describe the individual
 user (and are thus appropriate to return as the value of
 request.getUserPrincipal() in a web application) from the Principal(s)
 that describe the authorized roles for this user.  To maintain as much
 independence as possible from the underlying LoginMethod
 implementation executed by JAAS, the following policy is implemented by
 this Realm:
LoginModule is assumed to return a
     Subject with at least one Principal instance
     representing the user himself or herself, and zero or more separate
     Principals representing the security roles authorized
     for this user.Principal representing the user, the Principal
     name is an appropriate value to return via the Servlet API method
     HttpServletRequest.getRemoteUser().Principals representing the security roles, the
     name is the name of the authorized security role.java.security.Principal - one that identifies class(es)
     representing a user, and one that identifies class(es) representing
     a security role.Principals returned by
     Subject.getPrincipals(), it will identify the first
     Principal that matches the "user classes" list as the
     Principal for this user.Principals returned by
     Subject.getPrincipals(), it will accumulate the set of
     all Principals matching the "role classes" list as
     identifying the security roles for this user.Subject without a Principal that
     matches the "user classes" list.Catalina {
org.foobar.auth.DatabaseLoginModule REQUIRED
    JNDI_RESOURCE=jdbc/AuthDB
  USER_TABLE=users
  USER_ID_COLUMN=id
  USER_NAME_COLUMN=name
  USER_CREDENTIAL_COLUMN=password
  ROLE_TABLE=roles
  ROLE_NAME_COLUMN=name
  PRINCIPAL_FACTORY=org.foobar.auth.impl.SimplePrincipalFactory;
};CATALINA_OPTS environment variable
     similar to the following:
CATALINA_OPTS="-Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas.config"CallbackHandler,
     called (unsurprisingly) JAASCallbackHandler. This handler supplies the
     HTTP requests's username and credentials to the user-supplied LoginModuleRealm implementations, digested passwords are supported if
     the <Realm> element in server.xml contains a
     digest attribute; JAASCallbackHandler will digest the password
     prior to passing it back to the LoginModuleRealmBase.AllRolesModeLifecycle.SingleUse| Modifier and Type | Field and Description | 
|---|---|
| protected String | appNameThe application name passed to the JAAS  LoginContext,
 which uses it to select the set of relevantLoginModules. | 
| protected String | configFilePath to find a JAAS configuration file, if not set global JVM JAAS
 configuration will be used. | 
| protected static String | infoDescriptive information about this  Realmimplementation. | 
| protected Configuration | jaasConfiguration | 
| protected boolean | jaasConfigurationLoaded | 
| protected static String | nameDescriptive information about this  Realmimplementation. | 
| protected List<String> | roleClassesThe list of role class names, split out for easy processing. | 
| protected String | roleClassNamesComma-delimited list of  java.security.Principalclasses
 that represent security roles. | 
| protected boolean | useContextClassLoaderWhether to use context ClassLoader or default ClassLoader. | 
| protected List<String> | userClassesThe set of user class names, split out for easy processing. | 
| protected String | userClassNamesComma-delimited list of  java.security.Principalclasses
 that represent individual users. | 
allRolesMode, container, containerLog, digest, digestEncoding, md, md5Encoder, md5Helper, realmPath, sm, stripRealmForGss, support, validate, x509UsernameRetriever, x509UsernameRetrieverClassNamemserverAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT| Constructor and Description | 
|---|
| JAASRealm() | 
| Modifier and Type | Method and Description | 
|---|---|
| protected Principal | authenticate(String username,
            CallbackHandler callbackHandler)Perform the actual JAAS authentication | 
| Principal | authenticate(String username,
            String credentials)Return the  Principalassociated with the specified username
 and credentials, if there is one; otherwise returnnull. | 
| Principal | authenticate(String username,
            String clientDigest,
            String nonce,
            String nc,
            String cnonce,
            String qop,
            String realmName,
            String md5a2)Return the  Principalassociated with the specified username
 and digest, if there is one; otherwise returnnull. | 
| protected Principal | createPrincipal(String username,
               Subject subject,
               LoginContext loginContext)Identify and return a  java.security.Principalinstance
 representing the authenticated user for the specifiedSubject. | 
| String | getAppName()getter for the  appNamemember variable | 
| protected Configuration | getConfig()Load custom JAAS Configuration | 
| String | getConfigFile()Getter for the  configfilemember variable. | 
| String | getInfo()Return descriptive information about this Realm implementation and
 the corresponding version number, in the format
  <description>/<version>. | 
| protected String | getName()Return a short name for this  Realmimplementation. | 
| protected String | getPassword(String username)Return the password associated with the given principal's user name. | 
| protected Principal | getPrincipal(String username)Return the  Principalassociated with the given user name. | 
| String | getRoleClassNames() | 
| String | getUserClassNames() | 
| boolean | isUseContextClassLoader()Returns whether to use the context or default ClassLoader. | 
| protected String | makeLegalForJAAS(String src)Ensure the given name is legal for JAAS configuration. | 
| protected void | parseClassNames(String classNamesString,
               List<String> classNamesList)Parses a comma-delimited list of class names, and store the class names
 in the provided List. | 
| void | setAppName(String name)setter for the  appNamemember variable | 
| void | setConfigFile(String configFile)Setter for the  configfilemember variable. | 
| void | setContainer(Container container)Set the Container with which this Realm has been associated. | 
| void | setRoleClassNames(String roleClassNames)Sets the list of comma-delimited classes that represent roles. | 
| void | setUseContextClassLoader(boolean useContext)Sets whether to use the context or default ClassLoader. | 
| void | setUserClassNames(String userClassNames)Sets the list of comma-delimited classes that represent individual
 users. | 
| protected void | startInternal()Prepare for the beginning of active use of the public methods of this
 component and implement the requirements of
  LifecycleBase.startInternal(). | 
addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, backgroundProcess, compareCredentials, digest, Digest, findSecurityConstraints, getAllRolesMode, getContainer, getDigest, getDigest, getDigestCharset, getDigestEncoding, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getPrincipal, getPrincipal, getRealmPath, getRealmSuffix, getServer, getTransportGuaranteeRedirectStatus, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, hasResourcePermission, hasRole, hasUserDataPermission, initInternal, isStripRealmForGss, main, removePropertyChangeListener, setAllRolesMode, setDigest, setDigestEncoding, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setValidate, setX509UsernameRetrieverClassName, stopInternal, toStringdestroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregisteraddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stopprotected String appName
LoginContext,
 which uses it to select the set of relevant LoginModules.protected static final String info
Realm implementation.protected static final String name
Realm implementation.protected List<String> roleClasses
protected List<String> userClasses
protected boolean useContextClassLoader
protected String configFile
protected Configuration jaasConfiguration
protected volatile boolean jaasConfigurationLoaded
protected String roleClassNames
java.security.Principal classes
 that represent security roles.protected String userClassNames
java.security.Principal classes
 that represent individual users.public String getConfigFile()
configfile member variable.public void setConfigFile(String configFile)
configfile member variable.public void setAppName(String name)
appName member variablepublic String getAppName()
appName member variablepublic void setUseContextClassLoader(boolean useContext)
useContext - True means use context ClassLoaderpublic boolean isUseContextClassLoader()
public void setContainer(Container container)
RealmBasesetContainer in interface RealmsetContainer in class RealmBasecontainer - The associated Containerpublic String getRoleClassNames()
public void setRoleClassNames(String roleClassNames)
java.security.Principal.
 The supplied list of classes will be parsed when LifecycleBase.start() is
 called.protected void parseClassNames(String classNamesString, List<String> classNamesList)
java.security.Principal.classNamesString - a comma-delimited list of fully qualified class names.classNamesList - the list in which the class names will be stored.
        The list is cleared before being populated.public String getUserClassNames()
public void setUserClassNames(String userClassNames)
java.security.Principal. The supplied list of classes will
 be parsed when LifecycleBase.start() is called.public String getInfo()
<description>/<version>.public Principal authenticate(String username, String credentials)
Principal associated with the specified username
 and credentials, if there is one; otherwise return null.authenticate in interface Realmauthenticate in class RealmBaseusername - Username of the Principal to look upcredentials - Password or other credentials to use in
  authenticating this usernamenull if there is none.public Principal authenticate(String username, String clientDigest, String nonce, String nc, String cnonce, String qop, String realmName, String md5a2)
Principal associated with the specified username
 and digest, if there is one; otherwise return null.authenticate in interface Realmauthenticate in class RealmBaseusername - Username of the Principal to look upclientDigest - Digest to use in authenticating this usernamenonce - Server generated noncenc - Nonce countcnonce - Client generated nonceqop - Quality of protection applied to the messagerealmName - Realm namemd5a2 - Second MD5 digest used to calculate the digest
                          MD5(Method + ":" + uri)null if there is none.protected Principal authenticate(String username, CallbackHandler callbackHandler)
protected String getName()
Realm implementation.protected String getPassword(String username)
getPassword in class RealmBaseprotected Principal getPrincipal(String username)
Principal associated with the given user name.getPrincipal in class RealmBaseprotected Principal createPrincipal(String username, Subject subject, LoginContext loginContext)
java.security.Principal instance
 representing the authenticated user for the specified Subject.
 The Principal is constructed by scanning the list of Principals returned
 by the JAASLoginModule. The first Principal object that matches
 one of the class names supplied as a "user class" is the user Principal.
 This object is returned to the caller.
 Any remaining principal objects returned by the LoginModules are mapped to
 roles, but only if their respective classes match one of the "role class" classes.
 If a user Principal cannot be constructed, return null.subject - The Subject representing the logged-in userloginContext - Associated with the Principal so
                     LoginContext.logout() can be called laterprotected String makeLegalForJAAS(String src)
src - The name to validateprotected void startInternal()
                      throws LifecycleException
LifecycleBase.startInternal().startInternal in class RealmBaseLifecycleException - if this component detects a fatal error
  that prevents this component from being usedprotected Configuration getConfig()
Copyright © 2000-2020 Apache Software Foundation. All Rights Reserved.