Vue d'ensemble Package Utilisation Arbre Déprécié Aide |
|
SOMMAIRE: ATTR CONSTR METH | DETAIL: ATTR CONSTR METH |
Implmentation of Realm that authenticates users via the
Java
Authentication and Authorization Service (JAAS).
JAAS support requires either JDK 1.4 (which includes it as part of
the standard platform) or JDK 1.3 (with the plug-in
jaas.jar
file).
The value configured for the appName
property is
passed to the javax.security.auth.login.LoginContext
constructor, to specify the application NAME used to
select the set of relevant LoginModules
required.
The JAAS Specification describes the result of a successful login
as a javax.security.auth.Subject
instance, which can
contain zero or more java.security.Principal
objects
in the return value of the Subject.getPrincipals()
method. However, it provides no guidance on how to distinguish
Principals that describe the individual user (and are thus
appropriate to return as the value of request.getUserPrincipal() in
a web application) from the Principal(s) that describe the
authorized roles for this user. To maintain as much independence as
possible from the underlying LoginMethod
implementation executed by JAAS, the following policy is
implemented by this Realm:
LoginModule
is assumed to return a
Subject
with at least one Principal
instance representing the user himself or herself, and zero or more
separate Principals
representing the security roles
authorized for this user.Principal
representing the user, the
Principal NAME is an appropriate value to return via the Servlet
API method HttpServletRequest.getRemoteUser()
.Principals
representing the security
roles, the NAME is the NAME of the authorized security role.java.security.Principal
- one that identifies
class(es) representing a user, and one that identifies class(es)
representing a security role.Principals
returned by Subject.getPrincipals()
, it will
identify the first Principal
that matches the "user
classes" list as the Principal
for this user.Princpals
returned by Subject.getPrincipals()
, it will
accumulate the set of all Principals
matching the
"role classes" list as identifying the security roles for this
user.Subject
without a
Principal
that matches the "user classes" list.Catalina { org.foobar.auth.DatabaseLoginModule REQUIRED JNDI_RESOURCE=jdbc/AuthDB USER_TABLE=users USER_ID_COLUMN=id USER_NAME_COLUMN=NAME USER_CREDENTIAL_COLUMN=password ROLE_TABLE=roles ROLE_NAME_COLUMN=NAME PRINCIPAL_FACTORY=org.foobar.auth.impl.SimplePrincipalFactory; };
CATALINA_OPTS
environment variable similar to the
following: CATALINA_OPTS="-Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas.config"
CallbackHandler
, called (unsurprisingly)
JAASCallbackHandler
. This handler supplies the HTTP
requests's username and credentials to the user-supplied
LoginModule
Realm
implementations, digested
passwords are supported if the <Realm>
element
in server.xml
contains a digest
attribute; JAASCallbackHandler
will digest the
password prior to passing it back to the LoginModule
Sommaire des Attributs |
||
private String |
appName The application NAME passed to the JAAS
LoginContext , which uses it to select the set
of relevant LoginModule s. |
|
protected static final String |
INFO Descriptive information about this Realm
implementation. |
|
protected static final String |
NAME Descriptive information about this Realm
implementation. |
|
private List |
roleClasses The list of role class names, split out for easy processing. |
|
private String |
roleClassNames Comma-delimited list of java.security.Principal
classes that represent security roles. |
|
protected static final org.apache.catalina.util.StringManager |
SM The string manager for this package. |
|
private boolean |
useContextClassLoader Whether to use context ClassLoader or default ClassLoader. |
|
private List |
userClasses The set of user class names, split out for easy processing. |
|
private String |
userClassNames Comma-delimited list of java.security.Principal
classes that represent individual users. |
Attributs hérités de l'interface org.apache.catalina.Lifecycle |
AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT |
Sommaire des Méthodes |
||
Principal |
||
protected Principal |
createPrincipal(String username, Subject subject) Identify and return a java.security.Principal
instance representing the authenticated user for the specified
Subject . |
|
String |
||
protected String |
||
protected String |
||
protected Principal |
||
String |
||
String |
||
boolean |
||
protected String |
||
void |
setAppName(String applicationName) Deprecated. JAAS should use the Engine (domain)
NAME and webpp/host overrides |
|
void |
||
void |
setRoleClassNames(String roleClassNamesParameter) Sets the list of comma-delimited classes that represent roles. |
|
void |
||
void |
setUserClassNames(String userClassNames) Sets the list of comma-delimited classes that represent
individual users. |
|
void |
||
void |
Méthodes héritées de la classe acube.framework.clavierVirtuel.realm.RealmBaseAcube |
authenticate |
Méthodes héritées de la classe org.apache.catalina.realm.RealmBase |
addLifecycleListener, addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, backgroundProcess, destroy, Digest, findLifecycleListeners, findSecurityConstraints, getAllRolesMode, getContainer, getController, getDigest, getDigestEncoding, getDomain, getInfo, getObjectName, getType, getValidate, hasResourcePermission, hasRole, hasUserDataPermission, init, main, postDeregister, postRegister, preDeregister, preRegister, removeLifecycleListener, removePropertyChangeListener, setAllRolesMode, setContainer, setController, setDigest, setDigestEncoding, setValidate, start, stop |
Méthodes héritées de la classe java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Méthodes héritées de l'interface org.apache.catalina.Lifecycle |
addLifecycleListener, findLifecycleListeners, removeLifecycleListener, start, stop |
Méthodes héritées de l'interface org.apache.catalina.Realm |
addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, backgroundProcess, findSecurityConstraints, getContainer, getInfo, hasResourcePermission, hasRole, hasUserDataPermission, removePropertyChangeListener, setContainer |
Méthodes héritées de l'interface javax.management.MBeanRegistration |
postDeregister, postRegister, preDeregister, preRegister |
Realm
implementation.Realm
implementation.LoginContext
, which uses it to select the set
of relevant LoginModule
s.java.security.Principal
classes that represent individual users.java.security.Principal
classes that represent security roles.Engine
(domain)
NAME and webpp/host overridesappName
member variableappName
member variableappName
member variableappName
member variablejava.security.Principal
. When this accessor is
called (for example, by a Digester
instance
parsing the configuration file), it will parse the class names
and store the resulting string(s) into the
ArrayList
field roleClasses
.java.security.Principal
. When this accessor is
called (for example, by a Digester
instance
parsing the configuration file), it will parse the class names
and store the resulting string(s) into the
ArrayList
field userClasses
.java.security.Principal
instance representing the authenticated user for the specified
Subject
. The Principal is constructed by
scanning the list of Principals returned by the
JAASLoginModule. The first Principal
object that
matches one of the class names supplied as a "user class" is
the user Principal. This object is returned to tha caller. Any
remaining principal objects returned by the LoginModules are
mapped to roles, but only if their respective classes match one
of the "role class" classes. If a user Principal cannot be
constructed, return null
.Subject
representing the
logged-in userjava.security.Principal
instance
representing the authenticated userComponent
.Component
.Vue d'ensemble Package Utilisation Arbre Déprécié Aide |
|
SOMMAIRE: ATTR CONSTR METH | DETAIL: ATTR CONSTR METH |
Version 3.1.0 du 06/11/2009 / Etat : Validé |
Cette création est mise à disposition selon le Contrat Paternité - Pas d'Utilisation Commerciale - Partage des Conditions Initiales à l'Identique disponible en ligne http://creativecommons.org/licenses/by-nc-sa/2.0/fr/ ou par courrier postal à Creative Commons, 559 Nathan Abbott Way, Stanford,California 94305, USA. |
Documentation generated by DocFlex |