org.objectweb.jonas.security.realm.web.catalina50
Class JACC

java.lang.Object
  extended byorg.apache.catalina.realm.RealmBase
      extended byorg.objectweb.jonas.security.realm.web.catalina50.JACC
All Implemented Interfaces:
java.lang.Cloneable, org.apache.catalina.Lifecycle, javax.management.MBeanRegistration, org.apache.catalina.Realm

public class JACC
extends org.apache.catalina.realm.RealmBase
implements java.lang.Cloneable

Implementation of a Realm. (by a wrapper) Use any JOnAS realm by specifying the resource name This implementation manages the security with JACC specification It implements Cloneable to allow clones. Each context must have its own Realm. A realm can not be shared across different contexts or an engine. This is because each realm is associated to a permission manager Extends the Realmbase class of the Tomcat Server.

Author:
Florent Benoit

Field Summary
 
Fields inherited from class org.apache.catalina.realm.RealmBase
container, controller, debug, digest, domain, host, info, initialized, lifecycle, md, md5Encoder, md5Helper, mserver, oname, path, started, support, type, validate
 
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, START_EVENT, STOP_EVENT
 
Constructor Summary
JACC()
           
 
Method Summary
 java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)
          Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
 java.security.Principal authenticate(java.security.cert.X509Certificate[] cert)
          Return the Principal associated with the specified chain of X509 client certificates.
 java.lang.Object clone()
          Creates and returns a copy of this object.
 org.apache.catalina.deploy.SecurityConstraint[] findSecurityConstraints(org.apache.catalina.HttpRequest request, org.apache.catalina.Context context)
          Return the SecurityConstraints configured to guard the request URI for this request, or null if there is no such constraint.
 java.lang.String getInfo()
          Return descriptive information about this Realm implementation and the corresponding version number, in the format <description>/<version>.
protected  java.lang.String getName()
          Return a short name for this Realm implementation.
protected  java.lang.String getPassword(java.lang.String username)
          Return the password associated with the given principal's user name.
protected  java.security.Principal getPrincipal(java.lang.String username)
          Return the Principal associated with the given user name.
 java.lang.String getResourceName()
          Return the resource name we will be using.
 boolean hasResourcePermission(org.apache.catalina.HttpRequest request, org.apache.catalina.HttpResponse response, org.apache.catalina.deploy.SecurityConstraint[] constraints, org.apache.catalina.Context context)
          Perform access control based on the specified authorization constraint.
 boolean hasRole(java.security.Principal principal, java.lang.String role)
          Return true if the specified Principal has the specified security role, within the context of this Realm; otherwise return false.
 boolean hasUserDataPermission(org.apache.catalina.HttpRequest request, org.apache.catalina.HttpResponse response, org.apache.catalina.deploy.SecurityConstraint[] constraints)
          Enforce any user data constraint required by the security constraint guarding this request URI.
protected  void log(java.lang.String message)
          Log a message on the Logger associated with our Container (if any)
 void setContext(org.apache.catalina.Context context)
          Set the context of this Realm This is used to retrieve xml information of the web.xml file
 void setPermissionManager(PermissionManager permissionManager)
          Set the permission manager used by this realm
 void setResourceName(java.lang.String resourceName)
          Set the resource name we will be using.
 void start()
          Prepare for active use of the public methods of this Component.
 void stop()
          Gracefully shut down active use of the public methods of this Component.
 
Methods inherited from class org.apache.catalina.realm.RealmBase
addLifecycleListener, addPropertyChangeListener, authenticate, authenticate, destroy, digest, Digest, findLifecycleListeners, getContainer, getController, getDebug, getDigest, getDigest, getDomain, getObjectName, getType, getValidate, hasMessageDigest, init, log, main, postDeregister, postRegister, preDeregister, preRegister, removeLifecycleListener, removePropertyChangeListener, setContainer, setController, setDebug, setDigest, setValidate
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

JACC

public JACC()
Method Detail

getInfo

public java.lang.String getInfo()
Return descriptive information about this Realm implementation and the corresponding version number, in the format <description>/<version>.

Specified by:
getInfo in interface org.apache.catalina.Realm
Returns:
the info.

getResourceName

public java.lang.String getResourceName()
Return the resource name we will be using.

Returns:
the resource name.

setResourceName

public void setResourceName(java.lang.String resourceName)
Set the resource name we will be using.

Parameters:
resourceName - The new resource name

setPermissionManager

public void setPermissionManager(PermissionManager permissionManager)
Set the permission manager used by this realm

Parameters:
permissionManager - the permission manager to use

findSecurityConstraints

public org.apache.catalina.deploy.SecurityConstraint[] findSecurityConstraints(org.apache.catalina.HttpRequest request,
                                                                               org.apache.catalina.Context context)
Return the SecurityConstraints configured to guard the request URI for this request, or null if there is no such constraint.

Specified by:
findSecurityConstraints in interface org.apache.catalina.Realm
Parameters:
request - Request we are processing
context - Context the Request is mapped to

hasResourcePermission

public boolean hasResourcePermission(org.apache.catalina.HttpRequest request,
                                     org.apache.catalina.HttpResponse response,
                                     org.apache.catalina.deploy.SecurityConstraint[] constraints,
                                     org.apache.catalina.Context context)
                              throws java.io.IOException
Perform access control based on the specified authorization constraint. Return true if this constraint is satisfied and processing should continue, or false otherwise.

Specified by:
hasResourcePermission in interface org.apache.catalina.Realm
Parameters:
request - Request we are processing
response - Response we are creating
Throws:
java.io.IOException - if an input/output error occurs

hasRole

public boolean hasRole(java.security.Principal principal,
                       java.lang.String role)
Return true if the specified Principal has the specified security role, within the context of this Realm; otherwise return false. This method can be overridden by Realm implementations, but the default is adequate when an instance of GenericPrincipal is used to represent authenticated Principals from this Realm.

Specified by:
hasRole in interface org.apache.catalina.Realm
Parameters:
principal - Principal for whom the role is to be checked
role - Security role to be checked

hasUserDataPermission

public boolean hasUserDataPermission(org.apache.catalina.HttpRequest request,
                                     org.apache.catalina.HttpResponse response,
                                     org.apache.catalina.deploy.SecurityConstraint[] constraints)
                              throws java.io.IOException
Enforce any user data constraint required by the security constraint guarding this request URI. Return true if this constraint was not violated and processing should continue, or false if we have created a response already.

Specified by:
hasUserDataPermission in interface org.apache.catalina.Realm
Parameters:
request - Request we are processing
response - Response we are creating
Throws:
java.io.IOException - if an input/output error occurs

authenticate

public java.security.Principal authenticate(java.lang.String username,
                                            java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.

Specified by:
authenticate in interface org.apache.catalina.Realm
Parameters:
username - Username of the Principal to look up
credentials - Password or other credentials to use in authenticating this username
Returns:
the principal associated

authenticate

public java.security.Principal authenticate(java.security.cert.X509Certificate[] cert)
Return the Principal associated with the specified chain of X509 client certificates. If there is none, return null.

Specified by:
authenticate in interface org.apache.catalina.Realm
Parameters:
cert - Array of client certificates, with the first one in the array being the certificate of the client itself.
Returns:
the associated Principal

getName

protected java.lang.String getName()
Return a short name for this Realm implementation.

Returns:
the name

getPassword

protected java.lang.String getPassword(java.lang.String username)
Return the password associated with the given principal's user name.

Parameters:
username - the given principal's user name.
Returns:
the password associated.

getPrincipal

protected java.security.Principal getPrincipal(java.lang.String username)
Return the Principal associated with the given user name.

Parameters:
username - the given principal's user name.
Returns:
the Principal associated

setContext

public void setContext(org.apache.catalina.Context context)
Set the context of this Realm This is used to retrieve xml information of the web.xml file


start

public void start()
           throws org.apache.catalina.LifecycleException
Prepare for active use of the public methods of this Component.

Specified by:
start in interface org.apache.catalina.Lifecycle
Throws:
org.apache.catalina.LifecycleException - if this component detects a fatal error that prevents it from being started

stop

public void stop()
          throws org.apache.catalina.LifecycleException
Gracefully shut down active use of the public methods of this Component.

Specified by:
stop in interface org.apache.catalina.Lifecycle
Throws:
org.apache.catalina.LifecycleException - if this component detects a fatal error that needs to be reported

log

protected void log(java.lang.String message)
Log a message on the Logger associated with our Container (if any)

Parameters:
message - Message to be logged

clone

public java.lang.Object clone()
                       throws java.lang.CloneNotSupportedException
Creates and returns a copy of this object.

Returns:
copy of this object.
Throws:
java.lang.CloneNotSupportedException