org.norther.tammi.core.realm
Class AbstractRealm

java.lang.Object
  org.norther.tammi.core.base.Adaptee
      org.norther.tammi.core.config.DefaultConfigurable
          org.norther.tammi.core.realm.AbstractRealm

All Implemented Interfaces:

Serializable, EventListener, NotificationBroadcaster, NotificationEmitter, TraceListener, Manageable, MBeanDelegate, Configurable, Realm

Direct Known Subclasses:

DefaultJndiRealm, DefaultMemoryRealm, DefaultRepositoryRealm

public abstract class AbstractRealm
extends DefaultConfigurable
implements Realm

An abstract implementation of Realm.

Based on RealmBase in the Apache Jakarta Tomcat project.

Version:

$Id: AbstractRealm.java,v 1.32 2010-07-07 11:58:44 cvsimp Exp $

Author:

Craig R. McClanahan, Ilkka Priha

See Also:

Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from class org.norther.tammi.core.config.DefaultConfigurable

DefaultConfigurable.Modified

Field Summary

Fields inherited from class org.norther.tammi.core.base.Adaptee

ADAPTEE_NOTIF_DESCRIPTION, ADAPTEE_NOTIFICATIONS

Fields inherited from interface org.norther.tammi.core.realm.Realm

ANONYMOUS_USER_PROPERTY, CACHED_PASSWORDS_PROPERTY, DEFAULT_DOMAIN_PROPERTY, DEFAULT_ROLE_PROPERTY, DIGEST_ALGORITHM_PROPERTY, MEMBER_PROPERTY, PUBLIC_NAME_PROPERTY, SECRET_KEY_ALGORITHM, SECRET_KEY_PROPERTY

Constructor Summary

AbstractRealm()
Constructs a new realm.

AbstractRealm(String digest)
Constructs a new realm with a digest.

Method Summary

protected boolean	addRoles(AuthenticatedPrincipal principal, List<String> roles) Adds roles for the specified authenticated principal.
Principal	authenticate(String domain, Certificate[] certs) Authenticates the principal with a certificate in the specified domain.
Principal	authenticate(String domain, Principal principal, String scheme) Authenticates the specified principal in the specified domain of this realm.
Principal	authenticate(String domain, String msisdn, String scheme) Authenticates the principal associated with the specified MSISDN in the specified domain using the specified scheme, if there is one.
Principal	authenticate(String domain, String username, String password, String scheme) Authenticates the principal associated with the specified username and password in the specified domain using the specified scheme, if there is one.
Principal	authenticate(String domain, String username, String realmname, String resp, String nonce, String nc, String cnonce, String qop, String md5a2, String encoding) Authenticates the principal associated with the specified username in the specified domain matching the digest calculated using the given parameters using the method described in RFC2617/2831.
protected AuthenticatedPrincipal	createPrincipal(String domain, Locale locale, String user, Object uid, Object gid, String credentials) Creates a user principal instance representing the authenticated user.
protected AuthenticatedPrincipal	createPrincipal(String domain, Locale locale, String user, Object uid, Object gid, String credentials, String realName) Creates a user principal instance with the full name representing the authenticated user.
String	digest(String username, String password) Digests the password for the specified username using the defined algorithm and converts the result to a corresponding hexadecimal string.
String	getAnonymousUser() Gets the username for anonymous principals.
Challenge	getChallenge(String domain) Gets the challenge for the specified domain of challenge-response based authentication.
String	getDefaultDomain() Gets the default domain of this realm.
String	getDefaultRole() Gets the default role of authenticated principals.
String	getDigestAlgorithm() Gets the digest algorithm used to store credentials.
protected Map<String,String>	getMemberMap() Gets the member map.
protected MessageDigest	getMessageDigest() Gets the message digest to apply to credentials, if any.
protected abstract Principal	getPrincipal(String domain, String msisdn, String scheme) Gets the user principal representing the authenticated user identified by an MSISDN.
protected abstract Principal	getPrincipal(String domain, String username, String password, String scheme) Gets the user principal representing the authenticated user identified by a username and password.
String	getPublicName() Gets the public name of this realm.
String	handshake(Challenge chal, String msg) Handshakes the challenge by switching messages.
Principal	identify(Certificate[] certs) Identifies the principal associated with a certificate.
Principal	identify(String identity) Identifies the principal associated with the specified identity.
Principal	identify(String username, String password) Identifies the principal associated with the specified username and password.
boolean	isAuthenticated(Principal principal) Checks whether the specified principal is authenticated in any domain of this realm.
boolean	isAuthenticated(String domain, Principal principal) Checks whether the specified principal is authenticated in the specified domain of this realm.
boolean	isCachedPasswords() Checks whether non-digested client passwords are cached.
boolean	isUserInRole(Principal principal, String role) Checks whether the specified principal is in the specified security role within the context of any domain in this realm.
void	release(Challenge chal) Releases the generated challenge.
void	setAnonymousUser(String username) Sets the username for anonymous principals.
void	setCachedPasswords(boolean flag) Sets the option to cache non-digested client passwords of authenticated principals to be used in e.g.
void	setDefaultDomain(String domain) Sets the default domain of this realm.
void	setDefaultRole(String role) Sets the default role of authenticated principals.
void	setDigestAlgorithm(String digest) Sets the digest algorithm used to store credentials.
void	setPublicName(String name) Sets the public name of this realm.
void	setSecretKey(Key key) Sets the secret key to encrypt serialized password.
protected void	validateConfiguration(Configuration config) Validates the configuration.

Methods inherited from class org.norther.tammi.core.config.DefaultConfigurable

addProperty, addProperty, addPropertyFilePath, addPropertyFilePath, checkConfiguration, clearProperties, containsProperty, getConfigKey, getConfiguration, getModifiedState, getProperties, getProperty, getPropertyFilePath, getPropertyFilePaths, indexOfProperty, loadConfiguration, loadConfiguration, loadConfiguration, modified, propertyMap, propertyMap, removeProperty, removeProperty, removePropertyFilePath, setConfigKey, setModifiedState, setProperties, setProperty, setPropertyFilePath, setPropertyFilePath, setPropertyFilePaths, setPropertyFilePaths, storeProperties

Methods inherited from class org.norther.tammi.core.base.Adaptee

addAdaptee, addNotificationListener, getAttributeSupport, getBroker, getCanonicalName, getDomain, getFactory, getLoader, getLog, getLog, getMBean, getMBeanServer, getNotificationInfo, getObjectName, getRegistrationTime, getSequenceNumber, hasListeners, isRegistered, postmanaged, premanaged, removeNotificationListener, removeNotificationListener, sendNotification, sendNotification, sendNotification, sendNotification, unmanaged, unregister

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.norther.tammi.core.config.Configurable

addProperty, addProperty, addPropertyFilePath, addPropertyFilePath, clearProperties, containsProperty, getConfigKey, getProperties, getProperty, getPropertyFilePath, getPropertyFilePaths, indexOfProperty, propertyMap, propertyMap, removeProperty, removeProperty, removePropertyFilePath, setConfigKey, setProperties, setProperty, setPropertyFilePath, setPropertyFilePath, setPropertyFilePaths, setPropertyFilePaths, storeProperties

Constructor Detail

AbstractRealm

public AbstractRealm()

Constructs a new realm.

AbstractRealm

public AbstractRealm(String digest)

Constructs a new realm with a digest.

Parameters:

digest - the digest algorithm.

Method Detail

getDefaultDomain

public String getDefaultDomain()

Description copied from interface: Realm

Gets the default domain of this realm.

Specified by:

getDefaultDomain in interface Realm

Returns:

the default domain.

setDefaultDomain

public void setDefaultDomain(String domain)

Description copied from interface: Realm

Sets the default domain of this realm.

Specified by:

setDefaultDomain in interface Realm

Parameters:

domain - the default domain.

getPublicName

public String getPublicName()

Description copied from interface: Realm

Gets the public name of this realm.

Specified by:

getPublicName in interface Realm

Returns:

the public name.

setPublicName

public void setPublicName(String name)

Description copied from interface: Realm

Sets the public name of this realm.

Note that if both the digest algorithm and the public name are defined, the digested passwords must include the username and the realmname in the form: <username>:<realmname>:<password>.

Specified by:

setPublicName in interface Realm

Parameters:

name - the public name.

setSecretKey

public void setSecretKey(Key key)

Description copied from interface: Realm

Sets the secret key to encrypt serialized password.

Specified by:

setSecretKey in interface Realm

Parameters:

key - the secret key.

getDigestAlgorithm

public String getDigestAlgorithm()

Description copied from interface: Realm

Gets the digest algorithm used to store credentials.

Specified by:

getDigestAlgorithm in interface Realm

Returns:

the digest algorithm.

setDigestAlgorithm

public void setDigestAlgorithm(String digest)

Description copied from interface: Realm

Sets the digest algorithm used to store credentials.

Specified by:

setDigestAlgorithm in interface Realm

Parameters:

digest - the digest algorithm.

isCachedPasswords

public boolean isCachedPasswords()

Description copied from interface: Realm

Checks whether non-digested client passwords are cached.

Specified by:

isCachedPasswords in interface Realm

Returns:

the cached passwords option.

setCachedPasswords

public void setCachedPasswords(boolean flag)

Description copied from interface: Realm

Sets the option to cache non-digested client passwords of authenticated principals to be used in e.g. JDBC authentication. The default is to cache only the digested server credentials.

Specified by:

setCachedPasswords in interface Realm

Parameters:

flag - the cached passwords option.

getDefaultRole

public String getDefaultRole()

Description copied from interface: Realm

Gets the default role of authenticated principals.

Specified by:

getDefaultRole in interface Realm

Returns:

the default role.

setDefaultRole

public void setDefaultRole(String role)

Description copied from interface: Realm

Sets the default role of authenticated principals. If set, it will be associated to all authenticated principals in addition to their account specific roles.

Specified by:

setDefaultRole in interface Realm

Parameters:

role - the default role.

getAnonymousUser

public String getAnonymousUser()

Description copied from interface: Realm

Gets the username for anonymous principals.

Specified by:

getAnonymousUser in interface Realm

Returns:

the anonymous username.

setAnonymousUser

public void setAnonymousUser(String username)

Description copied from interface: Realm

Sets the username for anonymous principals. If set, it will be associated to unauthenticated principals without a username.

Note that the anonymous user must be known within the realm but its credentials are not necessarily verified during authentication.

Specified by:

setAnonymousUser in interface Realm

Parameters:

username - the default guest.

isUserInRole

public boolean isUserInRole(Principal principal,
                            String role)

Description copied from interface: Realm

Checks whether the specified principal is in the specified security role within the context of any domain in this realm.

Specified by:

isUserInRole in interface Realm

Parameters:

principal - the principal for whom the role is to be checked.

role - the security role to be checked.

Returns:

true or false.

isAuthenticated

public boolean isAuthenticated(Principal principal)

Description copied from interface: Realm

Checks whether the specified principal is authenticated in any domain of this realm.

Specified by:

isAuthenticated in interface Realm

Parameters:

principal - the principal to be checked.

Returns:

true or false.

isAuthenticated

public boolean isAuthenticated(String domain,
                               Principal principal)

Description copied from interface: Realm

Checks whether the specified principal is authenticated in the specified domain of this realm.

Specified by:

isAuthenticated in interface Realm

Parameters:

domain - the domain of the user.

principal - the principal to be checked.

Returns:

true or false.

identify

public Principal identify(String identity)

Description copied from interface: Realm

Identifies the principal associated with the specified identity.

Specified by:

identify in interface Realm

Parameters:

identity - the identity.

Returns:

the identified principal.

identify

public Principal identify(String username,
                          String password)

Description copied from interface: Realm

Identifies the principal associated with the specified username and password.

Specified by:

identify in interface Realm

Parameters:

username - the username.

password - the password.

Returns:

the identified principal.

identify

public Principal identify(Certificate[] certs)

Description copied from interface: Realm

Identifies the principal associated with a certificate.

Specified by:

identify in interface Realm

Parameters:

certs - the peer certificate chain.

Returns:

the identified principal.

authenticate

public Principal authenticate(String domain,
                              Principal principal,
                              String scheme)

Description copied from interface: Realm

Authenticates the specified principal in the specified domain of this realm.

Specified by:

authenticate in interface Realm

Parameters:

domain - the domain of the user.

principal - principal to be authenticated.

scheme - the authentication scheme to be applied.

Returns:

the authenticated principal or null.

authenticate

public Principal authenticate(String domain,
                              String msisdn,
                              String scheme)

Description copied from interface: Realm

Authenticates the principal associated with the specified MSISDN in the specified domain using the specified scheme, if there is one.

The username can be null or empty for an anonymous authentication.

Specified by:

authenticate in interface Realm

Parameters:

domain - the domain of the user.

msisdn - the MSISDN to look up.

scheme - the authentication scheme to be applied.

Returns:

the authenticated principal or null.

authenticate

public Principal authenticate(String domain,
                              String username,
                              String password,
                              String scheme)

Description copied from interface: Realm

Authenticates the principal associated with the specified username and password in the specified domain using the specified scheme, if there is one.

The username can be null or empty for an anonymous authentication.

Specified by:

authenticate in interface Realm

Parameters:

domain - the domain of the user.

username - the username to look up.

password - the password to use in authentication.

scheme - the authentication scheme to be applied.

Returns:

the authenticated principal or null.

authenticate

public Principal authenticate(String domain,
                              String username,
                              String realmname,
                              String resp,
                              String nonce,
                              String nc,
                              String cnonce,
                              String qop,
                              String md5a2,
                              String encoding)

Description copied from interface: Realm

Authenticates the principal associated with the specified username in the specified domain matching the digest calculated using the given parameters using the method described in RFC2617/2831.

Note that either non-encrypted or MD5 digested passwords must be applied. Digested passwords must include the username and realmname in the form: <username>:<realmname>:<password>.

The username can be null or empty for an anonymous authentication.

Specified by:

authenticate in interface Realm

Parameters:

domain - the domain of the user.

username - the username to look up.

realmname - the realm, i.e. the identification of the server.

resp - the digest which has been submitted by the client.

nonce - a unique token which has been used for this request.

nc - a nonce count.

cnonce - a client nonce.

qop - the quality of protection ("auth", "auth-int",...)

md5a2 - the second MD5 digest used to calculate the digest: MD5(Method + ':' + uri).

encoding - the character encoding to apply.

Returns:

the authenticated principal or null.

authenticate

public Principal authenticate(String domain,
                              Certificate[] certs)

Description copied from interface: Realm

Authenticates the principal with a certificate in the specified domain.

Specified by:

authenticate in interface Realm

Parameters:

domain - the domain of the user.

certs - the peer certificate chain.

Returns:

the authenticated principal or null.

getChallenge

public Challenge getChallenge(String domain)

Description copied from interface: Realm

Gets the challenge for the specified domain of challenge-response based authentication.

Specified by:

getChallenge in interface Realm

Parameters:

domain - the domain of the user.

Returns:

the challenge or null.

handshake

public String handshake(Challenge chal,
                        String msg)

Description copied from interface: Realm

Handshakes the challenge by switching messages.

Specified by:

handshake in interface Realm

Parameters:

chal - the challenge.

msg - the request.

Returns:

the response or null.

release

public void release(Challenge chal)

Description copied from interface: Realm

Releases the generated challenge.

Specified by:

release in interface Realm

Parameters:

chal - the challenge.

digest

public String digest(String username,
                     String password)

Description copied from interface: Realm

Digests the password for the specified username using the defined algorithm and converts the result to a corresponding hexadecimal string. The UTF-8 encoding is applied.

Specified by:

digest in interface Realm

Parameters:

username - the username.

password - the password or other credentials.

Returns:

the digest as a hexadecimal string.

validateConfiguration

protected void validateConfiguration(Configuration config)

Description copied from class: DefaultConfigurable

Validates the configuration.

Overrides:

validateConfiguration in class DefaultConfigurable

Parameters:

config - the configuration.

getMessageDigest

protected MessageDigest getMessageDigest()

Gets the message digest to apply to credentials, if any.

Returns:

the message digest or null.

getMemberMap

protected Map<String,String> getMemberMap()

Gets the member map.

Returns:

the member map.

createPrincipal

protected AuthenticatedPrincipal createPrincipal(String domain,
                                                 Locale locale,
                                                 String user,
                                                 Object uid,
                                                 Object gid,
                                                 String credentials)

Creates a user principal instance representing the authenticated user.

Parameters:

domain - the domain.

locale - the locale.

uid - the user id.

gid - the group id.

user - the username.

credentials - the server credentials.

Returns:

the principal or null.

createPrincipal

protected AuthenticatedPrincipal createPrincipal(String domain,
                                                 Locale locale,
                                                 String user,
                                                 Object uid,
                                                 Object gid,
                                                 String credentials,
                                                 String realName)

Creates a user principal instance with the full name representing the authenticated user.

Parameters:

domain - the domain.

locale - the locale.

user - the username.

uid - the user id.

gid - the group id.

credentials - the server credentials.

realName - the real name.

Returns:

the principal or null.

addRoles

protected boolean addRoles(AuthenticatedPrincipal principal,
                           List<String> roles)

Adds roles for the specified authenticated principal.

Parameters:

principal - the principal.

roles - a list of roles.

Returns:

the true if added, false otherwise.

getPrincipal

protected abstract Principal getPrincipal(String domain,
                                          String msisdn,
                                          String scheme)

Gets the user principal representing the authenticated user identified by an MSISDN. Subclasses may implement this method only and rely on authentication operations provided by this class.

Parameters:

domain - the domain.

msisdn - the MSISDN.

scheme - the authentication scheme.

Returns:

the principal or null.

getPrincipal

protected abstract Principal getPrincipal(String domain,
                                          String username,
                                          String password,
                                          String scheme)

Gets the user principal representing the authenticated user identified by a username and password. Subclasses may implement this method only and rely on authentication operations provided by this class.

Parameters:

domain - the domain.

username - the username.

password - the user password.

scheme - the authentication scheme.

Returns:

the principal or null.