/** * Ensure child Realms are destroyed when this Realm is destroyed. */ @Override protected void destroyInternal() throws LifecycleException { for (Realm realm : realms) { if (realm instanceof Lifecycle) { ((Lifecycle) realm).destroy(); } } super.destroyInternal(); }
/** * Attempts reauthentication to the given <code>Realm</code> using the * credentials associated with the single sign-on session identified by * argument <code>ssoId</code>. * <p> * If reauthentication is successful, the <code>Principal</code> and * authorization type associated with the SSO session will be bound to the * given <code>Request</code> object via calls to {@link Request#setAuthType * Request.setAuthType()} and {@link Request#setUserPrincipal * Request.setUserPrincipal()} * </p> * * @param ssoId * identifier of SingleSignOn session with which the caller is * associated * @param realm * Realm implementation against which the caller is to be * authenticated * @param request * the request that needs to be authenticated * * @return <code>true</code> if reauthentication was successful, * <code>false</code> otherwise. */ protected boolean reauthenticate(String ssoId, Realm realm, Request request) { if (ssoId == null || realm == null) { return false; } boolean reauthenticated = false; SingleSignOnEntry entry = cache.get(ssoId); if (entry != null && entry.getCanReauthenticate()) { String username = entry.getUsername(); if (username != null) { Principal reauthPrincipal = realm.authenticate(username, entry.getPassword()); if (reauthPrincipal != null) { reauthenticated = true; // Bind the authorization credentials to the request request.setAuthType(entry.getAuthType()); request.setUserPrincipal(reauthPrincipal); } } } return reauthenticated; }
/** * Return the Principal associated with the specified username, which * matches the digest calculated using the given parameters using the method * described in RFC 2069; otherwise return <code>null</code>. * * @param username * Username of the Principal to look up * @param clientDigest * Digest which has been submitted by the client * @param nonce * Unique (or supposedly unique) token which has been used for * this request * @param realmName * Realm name * @param md5a2 * Second MD5 digest used to calculate the digest : MD5(Method + * ":" + uri) */ @Override public Principal authenticate(String username, String clientDigest, String nonce, String nc, String cnonce, String qop, String realmName, String md5a2) { Principal authenticatedUser = null; for (Realm realm : realms) { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authStart", username, realm.getInfo())); } authenticatedUser = realm.authenticate(username, clientDigest, nonce, nc, cnonce, qop, realmName, md5a2); if (authenticatedUser == null) { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authFail", username, realm.getInfo())); } } else { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authSuccess", username, realm.getInfo())); } break; } } return authenticatedUser; }
/** * Return <code>true</code> if the authenticated user principal * possesses the specified role name. * * @param role Role name to be validated */ @Override public boolean isUserInRole(String role) { // Have we got an authenticated principal at all? if (userPrincipal == null) { return false; } // Identify the Realm we will use for checking role assignments if (context == null) { return false; } Realm realm = context.getRealm(); if (realm == null) { return false; } // Check for a role defined directly as a <security-role> return (realm.hasRole(wrapper, userPrincipal, role)); }
/** * Deregister the MBean for this * <code>Realm</code> object. * * @param realm The Realm to be managed * * @exception Exception if an MBean cannot be deregistered * @deprecated Unused. Will be removed in Tomcat 8.0.x */ @Deprecated static void destroyMBean(Realm realm) throws Exception { String mname = createManagedName(realm); ManagedBean managed = registry.findManagedBean(mname); if (managed == null) { return; } String domain = managed.getDomain(); if (domain == null) domain = mserver.getDefaultDomain(); ObjectName oname = createObjectName(domain, realm); if( mserver.isRegistered(oname) ) mserver.unregisterMBean(oname); }
/** * Return the Principal associated with the specified username and * credentials, if there is one; otherwise return <code>null</code>. * * @param username Username of the Principal to look up * @param credentials Password or other credentials to use in * authenticating this username */ @Override public Principal authenticate(String username, String credentials) { Principal authenticatedUser = null; for (Realm realm : realms) { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authStart", username, realm.getInfo())); } authenticatedUser = realm.authenticate(username, credentials); if (authenticatedUser == null) { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authFail", username, realm.getInfo())); } } else { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authSuccess", username, realm.getInfo())); } break; } } return authenticatedUser; }
/** * Prepare for the beginning of active use of the public methods of this * component and implement the requirements of * {@link org.apache.catalina.util.LifecycleBase#startInternal()}. * * @exception LifecycleException if this component detects a fatal error * that prevents this component from being used */ @Override protected void startInternal() throws LifecycleException { // Start 'sub-realms' then this one Iterator<Realm> iter = realms.iterator(); while (iter.hasNext()) { Realm realm = iter.next(); if (realm instanceof Lifecycle) { try { ((Lifecycle) realm).start(); } catch (LifecycleException e) { // If realm doesn't start can't authenticate against it iter.remove(); log.error(sm.getString("combinedRealm.realmStartFail", realm.getInfo()), e); } } } super.startInternal(); }
/** * Return the Realm with which this Container is associated. If there is * no associated Realm, return the Realm associated with our parent * Container (if any); otherwise return <code>null</code>. */ @Override public Realm getRealm() { Lock l = realmLock.readLock(); try { l.lock(); if (realm != null) return (realm); if (parent != null) return (parent.getRealm()); return null; } finally { l.unlock(); } }
protected Realm getRealmInternal() { Lock l = realmLock.readLock(); try { l.lock(); return realm; } finally { l.unlock(); } }
/** * Prepare for the beginning of active use of the public methods of this * component and implement the requirements of * {@link org.apache.catalina.util.LifecycleBase#startInternal()}. * * @exception LifecycleException * if this component detects a fatal error that prevents this * component from being used */ @Override protected void startInternal() throws LifecycleException { // Start 'sub-realms' then this one Iterator<Realm> iter = realms.iterator(); while (iter.hasNext()) { Realm realm = iter.next(); if (realm instanceof Lifecycle) { try { ((Lifecycle) realm).start(); } catch (LifecycleException e) { // If realm doesn't start can't authenticate against it iter.remove(); log.error(sm.getString("combinedRealm.realmStartFail", realm.getInfo()), e); } } } super.startInternal(); }
/** * Create, register, and return an MBean for this * <code>Realm</code> object. * * @param realm The Realm to be managed * * @exception Exception if an MBean cannot be created or registered */ static DynamicMBean createMBean(Realm realm) throws Exception { String mname = createManagedName(realm); ManagedBean managed = registry.findManagedBean(mname); if (managed == null) { Exception e = new Exception("ManagedBean is not found with "+mname); throw new MBeanException(e); } String domain = managed.getDomain(); if (domain == null) domain = mserver.getDefaultDomain(); DynamicMBean mbean = managed.createMBean(realm); ObjectName oname = createObjectName(domain, realm); if( mserver.isRegistered( oname )) { mserver.unregisterMBean(oname); } mserver.registerMBean(mbean, oname); return (mbean); }
/** * Deregister the MBean for this * <code>Realm</code> object. * * @param realm The Realm to be managed * * @exception Exception if an MBean cannot be deregistered */ static void destroyMBean(Realm realm) throws Exception { String mname = createManagedName(realm); ManagedBean managed = registry.findManagedBean(mname); if (managed == null) { return; } String domain = managed.getDomain(); if (domain == null) domain = mserver.getDefaultDomain(); ObjectName oname = createObjectName(domain, realm); if( mserver.isRegistered(oname) ) mserver.unregisterMBean(oname); }
/** * Return the Principal associated with the specified username and * credentials, if there is one; otherwise return <code>null</code>. * * @param username Username of the Principal to look up * @param credentials Password or other credentials to use in * authenticating this username */ public Principal authenticate(String username, String credentials) { Principal authenticatedUser = null; for (Realm realm : realms) { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authStart", username, realm.getInfo())); } authenticatedUser = realm.authenticate(username, credentials); if (authenticatedUser == null) { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authFail", username, realm.getInfo())); } } else { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authSucess", username, realm.getInfo())); } break; } } return authenticatedUser; }
/** * Return <code>true</code> if the authenticated user principal possesses * the specified role name. * * @param role * Role name to be validated */ @Override public boolean isUserInRole(String role) { // Have we got an authenticated principal at all? if (userPrincipal == null) { return false; } // Identify the Realm we will use for checking role assignments if (context == null) { return false; } Realm realm = context.getRealm(); if (realm == null) { return false; } // Check for a role defined directly as a <security-role> return (realm.hasRole(wrapper, userPrincipal, role)); }
/** * Return <code>true</code> if the authenticated user principal * possesses the specified role name. * * @param role Role name to be validated */ public boolean isUserInRole(String role) { // Have we got an authenticated principal at all? if (userPrincipal == null) return (false); // Identify the Realm we will use for checking role assignmenets if (context == null) return (false); Realm realm = context.getRealm(); if (realm == null) return (false); // Check for a role alias defined in a <security-role-ref> element if (wrapper != null) { String realRole = wrapper.findSecurityReference(role); if ((realRole != null) && realm.hasRole(userPrincipal, realRole)) return (true); } // Check for a role defined directly as a <security-role> return (realm.hasRole(userPrincipal, role)); }
/** * Create, register, and return an MBean for this * <code>Realm</code> object. * * @param realm The Realm to be managed * * @exception Exception if an MBean cannot be created or registered */ public static ModelMBean createMBean(Realm realm) throws Exception { String mname = createManagedName(realm); ManagedBean managed = registry.findManagedBean(mname); if (managed == null) { Exception e = new Exception("ManagedBean is not found with "+mname); throw new MBeanException(e); } String domain = managed.getDomain(); if (domain == null) domain = mserver.getDefaultDomain(); ModelMBean mbean = managed.createMBean(realm); ObjectName oname = createObjectName(domain, realm); mserver.registerMBean(mbean, oname); return (mbean); }
/** * Deregister the MBean for this * <code>Realm</code> object. * * @param realm The Realm to be managed * * @exception Exception if an MBean cannot be deregistered */ public static void destroyMBean(Realm realm) throws Exception { String mname = createManagedName(realm); ManagedBean managed = registry.findManagedBean(mname); if (managed == null) { return; } String domain = managed.getDomain(); if (domain == null) domain = mserver.getDefaultDomain(); ObjectName oname = createObjectName(domain, realm); mserver.unregisterMBean(oname); }
/** * Construct a new Principal, associated with the specified Realm, for the * specified username and password, with the specified role names * (as Strings). * * @param realm The Realm that owns this principal * @param name The username of the user represented by this Principal * @param password Credentials used to authenticate this user * @param roles List of roles (must be Strings) possessed by this user */ public GenericPrincipal(Realm realm, String name, String password, List roles) { super(); this.realm = realm; this.name = name; this.password = password; if (roles != null) { this.roles = new String[roles.size()]; this.roles = (String[]) roles.toArray(this.roles); if (this.roles.length > 0) Arrays.sort(this.roles); } }
/** * Set the default Realm for our Containers. * * @param realm The new default realm */ public void setRealm(Realm realm) { Realm oldRealm = this.realm; this.realm = realm; support.firePropertyChange("realm", oldRealm, this.realm); }
/** * For complex configurations, this accessor allows callers of this class * to obtain the simple realm created by default. * @return the simple in-memory realm created by default. * @deprecated Will be removed in Tomcat 8.0.x */ @Deprecated public Realm getDefaultRealm() { if (defaultRealm == null) { initSimpleAuth(); } return defaultRealm; }
public Principal authenticate(Realm realm) { // Second MD5 digest used to calculate the digest : // MD5(Method + ":" + uri) String a2 = method + ":" + uri; byte[] buffer = ConcurrentMessageDigest.digestMD5( a2.getBytes(B2CConverter.ISO_8859_1)); String md5a2 = MD5Encoder.encode(buffer); return realm.authenticate(userName, response, nonce, nc, cnonce, qop, realmName, md5a2); }
/** * Add a realm to the list of realms that will be used to authenticate * users. */ public void addRealm(Realm theRealm) { realms.add(theRealm); if (log.isDebugEnabled()) { sm.getString("combinedRealm.addRealm", theRealm.getInfo(), Integer.toString(realms.size())); } }
/** * Return the set of Realms that this Realm is wrapping */ public ObjectName[] getRealms() { ObjectName[] result = new ObjectName[realms.size()]; for (Realm realm : realms) { if (realm instanceof RealmBase) { result[realms.indexOf(realm)] = ((RealmBase) realm).getObjectName(); } } return result; }
/** * Return the Principal associated with the specified username, which * matches the digest calculated using the given parameters using the * method described in RFC 2069; otherwise return <code>null</code>. * * @param username Username of the Principal to look up * @param clientDigest Digest which has been submitted by the client * @param nonce Unique (or supposedly unique) token which has been used * for this request * @param realmName Realm name * @param md5a2 Second MD5 digest used to calculate the digest : * MD5(Method + ":" + uri) */ @Override public Principal authenticate(String username, String clientDigest, String nonce, String nc, String cnonce, String qop, String realmName, String md5a2) { Principal authenticatedUser = null; for (Realm realm : realms) { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authStart", username, realm.getInfo())); } authenticatedUser = realm.authenticate(username, clientDigest, nonce, nc, cnonce, qop, realmName, md5a2); if (authenticatedUser == null) { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authFail", username, realm.getInfo())); } } else { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authSuccess", username, realm.getInfo())); } break; } } return authenticatedUser; }
/** * Return the Principal associated with the specified user name otherwise * return <code>null</code>. * * @param username User name of the Principal to look up */ @Override public Principal authenticate(String username) { Principal authenticatedUser = null; for (Realm realm : realms) { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authStart", username, realm.getClass().getName())); } authenticatedUser = realm.authenticate(username); if (authenticatedUser == null) { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authFail", username, realm.getClass().getName())); } } else { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authSuccess", username, realm.getClass().getName())); } break; } } return authenticatedUser; }
/** * Set the Container with which this Realm has been associated. * * @param container * The associated Container */ @Override public void setContainer(Container container) { for (Realm realm : realms) { // Set the realmPath for JMX naming if (realm instanceof RealmBase) { ((RealmBase) realm).setRealmPath(getRealmPath() + "/realm" + realms.indexOf(realm)); } // Set the container for sub-realms. Mainly so logging works. realm.setContainer(container); } super.setContainer(container); }
/** * Set the Container with which this Realm has been associated. * * @param container The associated Container */ @Override public void setContainer(Container container) { for(Realm realm : realms) { // Set the realmPath for JMX naming if (realm instanceof RealmBase) { ((RealmBase) realm).setRealmPath( getRealmPath() + "/realm" + realms.indexOf(realm)); } // Set the container for sub-realms. Mainly so logging works. realm.setContainer(container); } super.setContainer(container); }
/** * Delegate the backgroundProcess call to all sub-realms. */ @Override public void backgroundProcess() { super.backgroundProcess(); for (Realm r : realms) { r.backgroundProcess(); } }
/** * Return the Principal associated with the specified chain of X509 * client certificates. If there is none, return <code>null</code>. * * @param certs Array of client certificates, with the first one in * the array being the certificate of the client itself. */ @Override public Principal authenticate(X509Certificate[] certs) { Principal authenticatedUser = null; String username = null; if (certs != null && certs.length >0) { username = certs[0].getSubjectDN().getName(); } for (Realm realm : realms) { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authStart", username, realm.getInfo())); } authenticatedUser = realm.authenticate(certs); if (authenticatedUser == null) { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authFail", username, realm.getInfo())); } } else { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authSuccess", username, realm.getInfo())); } break; } } return authenticatedUser; }
@Override protected void destroyInternal() throws LifecycleException { if ((manager != null) && (manager instanceof Lifecycle)) { ((Lifecycle) manager).destroy(); } Realm realm = getRealmInternal(); if ((realm != null) && (realm instanceof Lifecycle)) { ((Lifecycle) realm).destroy(); } if ((cluster != null) && (cluster instanceof Lifecycle)) { ((Lifecycle) cluster).destroy(); } if ((loader != null) && (loader instanceof Lifecycle)) { ((Lifecycle) loader).destroy(); } // Stop the Valves in our pipeline (including the basic), if any if (pipeline instanceof Lifecycle) { ((Lifecycle) pipeline).destroy(); } // Remove children now this container is being destroyed for (Container child : findChildren()) { removeChild(child); } // Required if the child is destroyed directly. if (parent != null) { parent.removeChild(this); } // If init fails, this may be null if (startStopExecutor != null) { startStopExecutor.shutdownNow(); } super.destroyInternal(); }
/** * Return the Principal associated with the specified chain of X509 client * certificates. If there is none, return <code>null</code>. * * @param certs * Array of client certificates, with the first one in the array * being the certificate of the client itself. */ @Override public Principal authenticate(X509Certificate[] certs) { Principal authenticatedUser = null; String username = null; if (certs != null && certs.length > 0) { username = certs[0].getSubjectDN().getName(); } for (Realm realm : realms) { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authStart", username, realm.getInfo())); } authenticatedUser = realm.authenticate(certs); if (authenticatedUser == null) { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authFail", username, realm.getInfo())); } } else { if (log.isDebugEnabled()) { log.debug(sm.getString("combinedRealm.authSuccess", username, realm.getInfo())); } break; } } return authenticatedUser; }
public Principal authenticate(Realm realm) { // Second MD5 digest used to calculate the digest : // MD5(Method + ":" + uri) String a2 = method + ":" + uri; byte[] buffer = ConcurrentMessageDigest.digestMD5(a2.getBytes(B2CConverter.ISO_8859_1)); String md5a2 = MD5Encoder.encode(buffer); return realm.authenticate(userName, response, nonce, nc, cnonce, qop, realmName, md5a2); }
/** * Deregister the MBeans for the specified Engine and its nested * components. * * @param engine Engine for which to destroy MBeans * * @exception Exception if an exception is thrown during MBean destruction */ protected void destroyMBeans(Engine engine) throws Exception { // Deregister ourselves as a ContainerListener engine.removeContainerListener(this); // Deregister the MBeans for each child Host Container hosts[] = engine.findChildren(); for (int k = 0; k < hosts.length; k++) { destroyMBeans((Host) hosts[k]); } // Deregister the MBeans for the associated nested components Realm eRealm = engine.getRealm(); if (eRealm != null) { if (log.isDebugEnabled()) log.debug("Destroying MBean for Realm " + eRealm); //MBeanUtils.destroyMBean(eRealm); } // Deregister the MBean for the Engine itself if (log.isDebugEnabled()) { log.debug("Destroying MBean for Engine " + engine); } //MBeanUtils.destroyMBean(engine); }
/** * Deregister the MBeans for the specified Host and its nested components. * * @param host Host for which to destroy MBeans * * @exception Exception if an exception is thrown during MBean destruction */ protected void destroyMBeans(Host host) throws Exception { // Deregister ourselves as a ContainerListener host.removeContainerListener(this); // Deregister the MBeans for each child Context Container contexts[] = host.findChildren(); for (int k = 0; k < contexts.length; k++) { destroyMBeans((Context) contexts[k]); } // Deregister the MBeans for the associated nested components Realm eRealm = host.getParent().getRealm(); Realm hRealm = host.getRealm(); if ((hRealm != null) && (hRealm != eRealm)) { if (log.isDebugEnabled()) log.debug("Destroying MBean for Realm " + hRealm); //MBeanUtils.destroyMBean(hRealm); } // Deregister the MBean for the Host itself if (log.isDebugEnabled()) { log.debug("Destroying MBean for Host " + host); } //MBeanUtils.destroyMBean(host); }
/** * Attempts reauthentication to the <code>Realm</code> using * the credentials included in argument <code>entry</code>. * * @param ssoId identifier of SingleSignOn session with which the * caller is associated * @param request the request that needs to be authenticated */ protected boolean reauthenticateFromSSO(String ssoId, Request request) { if (sso == null || ssoId == null) return false; boolean reauthenticated = false; Container parent = getContainer(); if (parent != null) { Realm realm = parent.getRealm(); if (realm != null) { reauthenticated = sso.reauthenticate(ssoId, realm, request); } } if (reauthenticated) { associate(ssoId, request.getSessionInternal(true)); if (log.isDebugEnabled()) { log.debug(" Reauthenticated cached principal '" + request.getUserPrincipal().getName() + "' with auth type '" + request.getAuthType() + "'"); } } return reauthenticated; }
