Apache Tomcat 7.0.28

org.apache.catalina
Interface Realm

All Known Implementing Classes:
CombinedRealm, DataSourceRealm, JAASMemoryLoginModule, JAASRealm, JDBCRealm, JNDIRealm, LockOutRealm, MemoryRealm, NullRealm, RealmBase, UserDatabaseRealm

public interface Realm

A Realm is a read-only facade for an underlying security realm used to authenticate individual users, and identify the security roles associated with those users. Realms can be attached at any Container level, but will typically only be attached to a Context, or higher level, Container.

Version:
$Id: Realm.java 1200160 2011-11-10 05:35:13Z kkolinko $
Author:
Craig R. McClanahan

Method Summary
 void addPropertyChangeListener(PropertyChangeListener listener)
          Add a property change listener to this component.
 Principal authenticate(GSSContext gssContext, boolean storeCreds)
          Return the Principal associated with the specified GSSContext.
 Principal authenticate(String username, String credentials)
          Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
 Principal authenticate(String username, String digest, String nonce, String nc, String cnonce, String qop, String realm, String md5a2)
          Return the Principal associated with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2069; otherwise return null.
 Principal authenticate(X509Certificate[] certs)
          Return the Principal associated with the specified chain of X509 client certificates.
 void backgroundProcess()
          Execute a periodic task, such as reloading, etc.
 SecurityConstraint[] findSecurityConstraints(Request request, Context context)
          Return the SecurityConstraints configured to guard the request URI for this request, or null if there is no such constraint.
 Container getContainer()
          Return the Container with which this Realm has been associated.
 String getInfo()
          Return descriptive information about this Realm implementation and the corresponding version number, in the format <description>/<version>.
 boolean hasResourcePermission(Request request, Response response, SecurityConstraint[] constraint, Context context)
          Perform access control based on the specified authorization constraint.
 boolean hasRole(Wrapper wrapper, Principal principal, String role)
          Return true if the specified Principal has the specified security role, within the context of this Realm; otherwise return false.
 boolean hasUserDataPermission(Request request, Response response, SecurityConstraint[] constraint)
          Enforce any user data constraint required by the security constraint guarding this request URI.
 void removePropertyChangeListener(PropertyChangeListener listener)
          Remove a property change listener from this component.
 void setContainer(Container container)
          Set the Container with which this Realm has been associated.
 

Method Detail

getContainer

Container getContainer()
Return the Container with which this Realm has been associated.


setContainer

void setContainer(Container container)
Set the Container with which this Realm has been associated.

Parameters:
container - The associated Container

getInfo

String getInfo()
Return descriptive information about this Realm implementation and the corresponding version number, in the format <description>/<version>.


addPropertyChangeListener

void addPropertyChangeListener(PropertyChangeListener listener)
Add a property change listener to this component.

Parameters:
listener - The listener to add

authenticate

Principal authenticate(String username,
                       String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.

Parameters:
username - Username of the Principal to look up
credentials - Password or other credentials to use in authenticating this username

authenticate

Principal authenticate(String username,
                       String digest,
                       String nonce,
                       String nc,
                       String cnonce,
                       String qop,
                       String realm,
                       String md5a2)
Return the Principal associated with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2069; otherwise return null.

Parameters:
username - Username of the Principal to look up
digest - Digest which has been submitted by the client
nonce - Unique (or supposedly unique) token which has been used for this request
realm - Realm name
md5a2 - Second MD5 digest used to calculate the digest : MD5(Method + ":" + uri)

authenticate

Principal authenticate(GSSContext gssContext,
                       boolean storeCreds)
Return the Principal associated with the specified GSSContext. If there is none, return null.

Parameters:
gssContext - The gssContext processed by the Authenticator.
storeCreds - Should the realm attempt to store the delegated credentials in the returned Principal?

authenticate

Principal authenticate(X509Certificate[] certs)
Return the Principal associated with the specified chain of X509 client certificates. If there is none, return null.

Parameters:
certs - Array of client certificates, with the first one in the array being the certificate of the client itself.

backgroundProcess

void backgroundProcess()
Execute a periodic task, such as reloading, etc. This method will be invoked inside the classloading context of this container. Unexpected throwables will be caught and logged.


findSecurityConstraints

SecurityConstraint[] findSecurityConstraints(Request request,
                                             Context context)
Return the SecurityConstraints configured to guard the request URI for this request, or null if there is no such constraint.

Parameters:
request - Request we are processing

hasResourcePermission

boolean hasResourcePermission(Request request,
                              Response response,
                              SecurityConstraint[] constraint,
                              Context context)
                              throws IOException
Perform access control based on the specified authorization constraint. Return true if this constraint is satisfied and processing should continue, or false otherwise.

Parameters:
request - Request we are processing
response - Response we are creating
constraint - Security constraint we are enforcing
context - The Context to which client of this class is attached.
Throws:
IOException - if an input/output error occurs

hasRole

boolean hasRole(Wrapper wrapper,
                Principal principal,
                String role)
Return true if the specified Principal has the specified security role, within the context of this Realm; otherwise return false.

Parameters:
wrapper - wrapper context for evaluating role
principal - Principal for whom the role is to be checked
role - Security role to be checked

hasUserDataPermission

boolean hasUserDataPermission(Request request,
                              Response response,
                              SecurityConstraint[] constraint)
                              throws IOException
Enforce any user data constraint required by the security constraint guarding this request URI. Return true if this constraint was not violated and processing should continue, or false if we have created a response already.

Parameters:
request - Request we are processing
response - Response we are creating
constraint - Security constraint being checked
Throws:
IOException - if an input/output error occurs

removePropertyChangeListener

void removePropertyChangeListener(PropertyChangeListener listener)
Remove a property change listener from this component.

Parameters:
listener - The listener to remove

Apache Tomcat 7.0.28

Copyright © 2000-2012 Apache Software Foundation. All Rights Reserved.