Package org.apache.catalina.realm
Class CombinedRealm
- java.lang.Object
- 
- org.apache.catalina.util.LifecycleBase
- 
- org.apache.catalina.util.LifecycleMBeanBase
- 
- org.apache.catalina.realm.RealmBase
- 
- org.apache.catalina.realm.CombinedRealm
 
 
 
 
- 
- All Implemented Interfaces:
- javax.management.MBeanRegistration,- Contained,- JmxEnabled,- Lifecycle,- Realm
 - Direct Known Subclasses:
- LockOutRealm
 
 public class CombinedRealm extends RealmBase Realm implementation that contains one or more realms. Authentication is attempted for each realm in the order they were configured. If any realm authenticates the user then the authentication succeeds. When combining realms usernames should be unique across all combined realms.
- 
- 
Nested Class Summary- 
Nested classes/interfaces inherited from class org.apache.catalina.realm.RealmBaseRealmBase.AllRolesMode
 - 
Nested classes/interfaces inherited from interface org.apache.catalina.LifecycleLifecycle.SingleUse
 
- 
 - 
Field SummaryFields Modifier and Type Field Description protected java.util.List<Realm>realmsThe list of Realms contained by this Realm.- 
Fields inherited from class org.apache.catalina.realm.RealmBaseallRolesMode, container, containerLog, realmPath, sm, stripRealmForGss, support, USER_ATTRIBUTES_DELIMITER, USER_ATTRIBUTES_WILDCARD, userAttributes, userAttributesList, validate, x509UsernameRetriever, x509UsernameRetrieverClassName
 - 
Fields inherited from class org.apache.catalina.util.LifecycleMBeanBasemserver
 - 
Fields inherited from interface org.apache.catalina.LifecycleAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
 
- 
 - 
Constructor SummaryConstructors Constructor Description CombinedRealm()
 - 
Method SummaryAll Methods Instance Methods Concrete Methods Modifier and Type Method Description voidaddRealm(Realm theRealm)Add a realm to the list of realms that will be used to authenticate users.java.security.Principalauthenticate(java.lang.String username)Try to authenticate with the specified username.java.security.Principalauthenticate(java.lang.String username, java.lang.String credentials)Try to authenticate using the specified username and credentials.java.security.Principalauthenticate(java.lang.String username, java.lang.String clientDigest, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce, java.lang.String qop, java.lang.String realmName, java.lang.String digestA2, java.lang.String algorithm)Try to authenticate with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 7616.java.security.Principalauthenticate(java.security.cert.X509Certificate[] certs)Try to authenticate using a chain ofX509Certificates.java.security.Principalauthenticate(org.ietf.jgss.GSSContext gssContext, boolean storeCred)Try to authenticate using aGSSContext.java.security.Principalauthenticate(org.ietf.jgss.GSSName gssName, org.ietf.jgss.GSSCredential gssCredential)Try to authenticate using aGSSName.voidbackgroundProcess()Delegate the backgroundProcess call to all sub-realms.protected voiddestroyInternal()Ensure child Realms are destroyed when this Realm is destroyed.Realm[]getNestedRealms()protected java.lang.StringgetPassword(java.lang.String username)Get the password for the specified user.protected java.security.PrincipalgetPrincipal(java.lang.String username)Get the principal associated with the specified user.javax.management.ObjectName[]getRealms()booleanhasRole(Wrapper wrapper, java.security.Principal principal, java.lang.String role)Check if the specified Principal has the specified security role, within the context of this Realm.booleanisAvailable()Return the availability of the realm for authentication.voidsetContainer(Container container)Set theContainerwith which this instance is associated.voidsetCredentialHandler(CredentialHandler credentialHandler)Set the CredentialHandler to be used by this Realm.protected voidstartInternal()Prepare for the beginning of active use of the public methods of this component and implement the requirements ofLifecycleBase.startInternal().protected voidstopInternal()Gracefully terminate the active use of the public methods of this component and implement the requirements ofLifecycleBase.stopInternal().- 
Methods inherited from class org.apache.catalina.realm.RealmBaseaddPropertyChangeListener, authenticate, findSecurityConstraints, getAllRolesMode, getContainer, getCredentialHandler, getDigest, getDigest, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getPrincipal, getPrincipal, getRealmPath, getRealmSuffix, getRoles, getServer, getTransportGuaranteeRedirectStatus, getUserAttributes, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, hasResourcePermission, hasRoleInternal, hasUserDataPermission, initInternal, isStripRealmForGss, main, parseUserAttributes, removePropertyChangeListener, setAllRolesMode, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setUserAttributes, setValidate, setX509UsernameRetrieverClassName, toString
 - 
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBasegetDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister
 - 
Methods inherited from class org.apache.catalina.util.LifecycleBaseaddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
 
- 
 
- 
- 
- 
Field Detail- 
realmsprotected final java.util.List<Realm> realms The list of Realms contained by this Realm.
 
- 
 - 
Method Detail- 
addRealmpublic void addRealm(Realm theRealm) Add a realm to the list of realms that will be used to authenticate users.- Parameters:
- theRealm- realm which should be wrapped by the combined realm
 
 - 
getRealmspublic javax.management.ObjectName[] getRealms() - Returns:
- the set of Realms that this Realm is wrapping
 
 - 
getNestedRealmspublic Realm[] getNestedRealms() - Returns:
- the list of Realms contained by this Realm.
 
 - 
authenticatepublic java.security.Principal authenticate(java.lang.String username, java.lang.String clientDigest, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce, java.lang.String qop, java.lang.String realmName, java.lang.String digestA2, java.lang.String algorithm)Description copied from interface:RealmTry to authenticate with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 7616.The default implementation calls Realm.authenticate(String, String, String, String, String, String, String, String)for backwards compatibility which effectively forces the use of MD5 regardless of the algorithm specified in the call to this method.Implementations are expected to override the default implementation and take account of the algorithm parameter. - Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- username- Username of the Principal to look up
- clientDigest- Digest which has been submitted by the client
- nonce- Unique (or supposedly unique) token which has been used for this request
- nc- the nonce counter
- cnonce- the client chosen nonce
- qop- the "quality of protection" (- ncand- cnoncewill only be used, if- qopis not- null).
- realmName- Realm name
- digestA2- Second digest calculated as digest(Method + ":" + uri)
- algorithm- The message digest algorithm to use
- Returns:
- the associated principal, or nullif there is none.
 
 - 
authenticatepublic java.security.Principal authenticate(java.lang.String username) Description copied from interface:RealmTry to authenticate with the specified username.- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- username- Username of the Principal to look up
- Returns:
- the associated principal, or nullif none is associated.
 
 - 
authenticatepublic java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)Description copied from interface:RealmTry to authenticate using the specified username and credentials.- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- username- Username of the Principal to look up
- credentials- Password or other credentials to use in authenticating this username
- Returns:
- the associated principal, or nullif there is none
 
 - 
setContainerpublic void setContainer(Container container) Description copied from interface:ContainedSet theContainerwith which this instance is associated.- Specified by:
- setContainerin interface- Contained
- Overrides:
- setContainerin class- RealmBase
- Parameters:
- container- The Container instance with which this instance is to be associated, or- nullto disassociate this instance from any Container
 
 - 
startInternalprotected void startInternal() throws LifecycleExceptionDescription copied from class:RealmBasePrepare for the beginning of active use of the public methods of this component and implement the requirements ofLifecycleBase.startInternal().- Overrides:
- startInternalin class- RealmBase
- Throws:
- LifecycleException- if this component detects a fatal error that prevents this component from being used
 
 - 
stopInternalprotected void stopInternal() throws LifecycleExceptionDescription copied from class:RealmBaseGracefully terminate the active use of the public methods of this component and implement the requirements ofLifecycleBase.stopInternal().- Overrides:
- stopInternalin class- RealmBase
- Throws:
- LifecycleException- if this component detects a fatal error that needs to be reported
 
 - 
destroyInternalprotected void destroyInternal() throws LifecycleExceptionEnsure child Realms are destroyed when this Realm is destroyed.- Overrides:
- destroyInternalin class- LifecycleMBeanBase
- Throws:
- LifecycleException- If the destruction fails
 
 - 
backgroundProcesspublic void backgroundProcess() Delegate the backgroundProcess call to all sub-realms.- Specified by:
- backgroundProcessin interface- Realm
- Overrides:
- backgroundProcessin class- RealmBase
 
 - 
authenticatepublic java.security.Principal authenticate(java.security.cert.X509Certificate[] certs) Description copied from interface:RealmTry to authenticate using a chain ofX509Certificates.- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- certs- Array of client certificates, with the first one in the array being the certificate of the client itself.
- Returns:
- the associated principal, or nullif there is none
 
 - 
authenticatepublic java.security.Principal authenticate(org.ietf.jgss.GSSContext gssContext, boolean storeCred)Description copied from interface:RealmTry to authenticate using aGSSContext.- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- gssContext- The gssContext processed by the- Authenticator.
- storeCred- Should the realm attempt to store the delegated credentials in the returned Principal?
- Returns:
- the associated principal, or nullif there is none
 
 - 
authenticatepublic java.security.Principal authenticate(org.ietf.jgss.GSSName gssName, org.ietf.jgss.GSSCredential gssCredential)Description copied from interface:RealmTry to authenticate using aGSSName. Note that this default method will be turned into an abstract one in Tomcat 10.- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- gssName- The- GSSNameof the principal to look up
- gssCredential- The- GSSCredentialof the principal, may be- null
- Returns:
- the associated principal, or nullif there is none
 
 - 
hasRolepublic boolean hasRole(Wrapper wrapper, java.security.Principal principal, java.lang.String role) Description copied from class:RealmBaseCheck if the specified Principal has the specified security role, within the context of this Realm.This method or RealmBase.hasRoleInternal(Principal, String)can be overridden by Realm implementations, but the default is adequate when an instance ofGenericPrincipalis used to represent authenticated Principals from this Realm.- Specified by:
- hasRolein interface- Realm
- Overrides:
- hasRolein class- RealmBase
- Parameters:
- wrapper- wrapper context for evaluating role
- principal- Principal for whom the role is to be checked
- role- Security role to be checked
- Returns:
- trueif the specified Principal has the specified security role, within the context of this Realm; otherwise return- false.
 
 - 
getPasswordprotected java.lang.String getPassword(java.lang.String username) Description copied from class:RealmBaseGet the password for the specified user.- Specified by:
- getPasswordin class- RealmBase
- Parameters:
- username- The user name
- Returns:
- the password associated with the given principal's user name.
 
 - 
getPrincipalprotected java.security.Principal getPrincipal(java.lang.String username) Description copied from class:RealmBaseGet the principal associated with the specified user.- Specified by:
- getPrincipalin class- RealmBase
- Parameters:
- username- The user name
- Returns:
- the Principal associated with the given user name.
 
 - 
isAvailablepublic boolean isAvailable() Description copied from interface:RealmReturn the availability of the realm for authentication.- Returns:
- trueif the realm is able to perform authentication
 
 - 
setCredentialHandlerpublic void setCredentialHandler(CredentialHandler credentialHandler) Description copied from interface:RealmSet the CredentialHandler to be used by this Realm.- Specified by:
- setCredentialHandlerin interface- Realm
- Overrides:
- setCredentialHandlerin class- RealmBase
- Parameters:
- credentialHandler- the- CredentialHandlerto use
 
 
- 
 
-