Package org.apache.catalina.realm
Class CombinedRealm
java.lang.Object
org.apache.catalina.util.LifecycleBase
org.apache.catalina.util.LifecycleMBeanBase
org.apache.catalina.realm.RealmBase
org.apache.catalina.realm.CombinedRealm
- All Implemented Interfaces:
- MBeanRegistration,- Contained,- JmxEnabled,- Lifecycle,- Realm
- Direct Known Subclasses:
- LockOutRealm
Realm implementation that contains one or more realms. Authentication is attempted for each realm in the order they
 were configured. If any realm authenticates the user then the authentication succeeds. When combining realms
 usernames should be unique across all combined realms.
- 
Nested Class SummaryNested classes/interfaces inherited from class org.apache.catalina.realm.RealmBaseRealmBase.AllRolesModeNested classes/interfaces inherited from interface org.apache.catalina.LifecycleLifecycle.SingleUse
- 
Field SummaryFieldsModifier and TypeFieldDescriptionThe list of Realms contained by this Realm.Fields inherited from class org.apache.catalina.realm.RealmBaseallRolesMode, container, containerLog, realmPath, sm, stripRealmForGss, support, USER_ATTRIBUTES_DELIMITER, USER_ATTRIBUTES_WILDCARD, userAttributes, userAttributesList, validate, x509UsernameRetriever, x509UsernameRetrieverClassNameFields inherited from interface org.apache.catalina.LifecycleAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
- 
Constructor SummaryConstructors
- 
Method SummaryModifier and TypeMethodDescriptionvoidAdd a realm to the list of realms that will be used to authenticate users.authenticate(String username) Try to authenticate with the specified username.authenticate(String username, String credentials) Try to authenticate using the specified username and credentials.authenticate(String username, String clientDigest, String nonce, String nc, String cnonce, String qop, String realmName, String digestA2, String algorithm) Try to authenticate with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 7616.authenticate(X509Certificate[] certs) Try to authenticate using a chain ofX509Certificates.authenticate(GSSContext gssContext, boolean storeCred) Try to authenticate using aGSSContext.authenticate(GSSName gssName, GSSCredential gssCredential) Try to authenticate using aGSSName.voidDelegate the backgroundProcess call to all sub-realms.protected voidEnsure child Realms are destroyed when this Realm is destroyed.Realm[]protected StringgetPassword(String username) Get the password for the specified user.protected PrincipalgetPrincipal(String username) Get the principal associated with the specified user.booleanCheck if the specified Principal has the specified security role, within the context of this Realm.booleanReturn the availability of the realm for authentication.voidsetContainer(Container container) Set theContainerwith which this instance is associated.voidsetCredentialHandler(CredentialHandler credentialHandler) Set the CredentialHandler to be used by this Realm.protected voidPrepare for the beginning of active use of the public methods of this component and implement the requirements ofLifecycleBase.startInternal().protected voidGracefully terminate the active use of the public methods of this component and implement the requirements ofLifecycleBase.stopInternal().Methods inherited from class org.apache.catalina.realm.RealmBaseaddPropertyChangeListener, authenticate, findSecurityConstraints, getAllRolesMode, getContainer, getCredentialHandler, getDigest, getDigest, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getPrincipal, getRealmPath, getRealmSuffix, getServer, getTransportGuaranteeRedirectStatus, getUserAttributes, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, hasResourcePermission, hasRoleInternal, hasUserDataPermission, initInternal, isStripRealmForGss, main, parseUserAttributes, removePropertyChangeListener, setAllRolesMode, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setUserAttributes, setValidate, setX509UsernameRetrieverClassName, toStringMethods inherited from class org.apache.catalina.util.LifecycleMBeanBasegetDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregisterMethods inherited from class org.apache.catalina.util.LifecycleBaseaddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
- 
Field Details- 
realmsThe list of Realms contained by this Realm.
 
- 
- 
Constructor Details- 
CombinedRealmpublic CombinedRealm()
 
- 
- 
Method Details- 
addRealmAdd a realm to the list of realms that will be used to authenticate users.- Parameters:
- theRealm- realm which should be wrapped by the combined realm
 
- 
getRealms- Returns:
- the set of Realms that this Realm is wrapping
 
- 
getNestedRealms- Returns:
- the list of Realms contained by this Realm.
 
- 
authenticatepublic Principal authenticate(String username, String clientDigest, String nonce, String nc, String cnonce, String qop, String realmName, String digestA2, String algorithm) Description copied from interface:RealmTry to authenticate with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 7616.The default implementation calls Realm.authenticate(String, String, String, String, String, String, String, String)for backwards compatibility which effectively forces the use of MD5 regardless of the algorithm specified in the call to this method.Implementations are expected to override the default implementation and take account of the algorithm parameter. - Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- username- Username of the Principal to look up
- clientDigest- Digest which has been submitted by the client
- nonce- Unique (or supposedly unique) token which has been used for this request
- nc- the nonce counter
- cnonce- the client chosen nonce
- qop- the "quality of protection" (- ncand- cnoncewill only be used, if- qopis not- null).
- realmName- Realm name
- digestA2- Second digest calculated as digest(Method + ":" + uri)
- algorithm- The message digest algorithm to use
- Returns:
- the associated principal, or nullif there is none.
 
- 
authenticateDescription copied from interface:RealmTry to authenticate with the specified username.- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- username- Username of the Principal to look up
- Returns:
- the associated principal, or nullif none is associated.
 
- 
authenticateDescription copied from interface:RealmTry to authenticate using the specified username and credentials.- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- username- Username of the Principal to look up
- credentials- Password or other credentials to use in authenticating this username
- Returns:
- the associated principal, or nullif there is none
 
- 
setContainerDescription copied from interface:ContainedSet theContainerwith which this instance is associated.- Specified by:
- setContainerin interface- Contained
- Overrides:
- setContainerin class- RealmBase
- Parameters:
- container- The Container instance with which this instance is to be associated, or- nullto disassociate this instance from any Container
 
- 
startInternalDescription copied from class:RealmBasePrepare for the beginning of active use of the public methods of this component and implement the requirements ofLifecycleBase.startInternal().- Overrides:
- startInternalin class- RealmBase
- Throws:
- LifecycleException- if this component detects a fatal error that prevents this component from being used
 
- 
stopInternalDescription copied from class:RealmBaseGracefully terminate the active use of the public methods of this component and implement the requirements ofLifecycleBase.stopInternal().- Overrides:
- stopInternalin class- RealmBase
- Throws:
- LifecycleException- if this component detects a fatal error that needs to be reported
 
- 
destroyInternalEnsure child Realms are destroyed when this Realm is destroyed.- Overrides:
- destroyInternalin class- LifecycleMBeanBase
- Throws:
- LifecycleException- If the destruction fails
 
- 
backgroundProcesspublic void backgroundProcess()Delegate the backgroundProcess call to all sub-realms.- Specified by:
- backgroundProcessin interface- Realm
- Overrides:
- backgroundProcessin class- RealmBase
 
- 
authenticateDescription copied from interface:RealmTry to authenticate using a chain ofX509Certificates.- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- certs- Array of client certificates, with the first one in the array being the certificate of the client itself.
- Returns:
- the associated principal, or nullif there is none
 
- 
authenticateDescription copied from interface:RealmTry to authenticate using aGSSContext.- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- gssContext- The gssContext processed by the- Authenticator.
- storeCred- Should the realm attempt to store the delegated credentials in the returned Principal?
- Returns:
- the associated principal, or nullif there is none
 
- 
authenticateDescription copied from interface:RealmTry to authenticate using aGSSName.- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- gssName- The- GSSNameof the principal to look up
- gssCredential- The- GSSCredentialof the principal, may be- null
- Returns:
- the associated principal, or nullif there is none
 
- 
hasRoleDescription copied from class:RealmBaseCheck if the specified Principal has the specified security role, within the context of this Realm.This method or RealmBase.hasRoleInternal(Principal, String)can be overridden by Realm implementations, but the default is adequate when an instance ofGenericPrincipalis used to represent authenticated Principals from this Realm.- Specified by:
- hasRolein interface- Realm
- Overrides:
- hasRolein class- RealmBase
- Parameters:
- wrapper- wrapper context for evaluating role
- principal- Principal for whom the role is to be checked
- role- Security role to be checked
- Returns:
- trueif the specified Principal has the specified security role, within the context of this Realm; otherwise return- false.
 
- 
getPasswordDescription copied from class:RealmBaseGet the password for the specified user.- Specified by:
- getPasswordin class- RealmBase
- Parameters:
- username- The user name
- Returns:
- the password associated with the given principal's user name.
 
- 
getPrincipalDescription copied from class:RealmBaseGet the principal associated with the specified user.- Specified by:
- getPrincipalin class- RealmBase
- Parameters:
- username- The user name
- Returns:
- the Principal associated with the given user name.
 
- 
isAvailablepublic boolean isAvailable()Description copied from interface:RealmReturn the availability of the realm for authentication.- Returns:
- trueif the realm is able to perform authentication
 
- 
setCredentialHandlerDescription copied from interface:RealmSet the CredentialHandler to be used by this Realm.- Specified by:
- setCredentialHandlerin interface- Realm
- Overrides:
- setCredentialHandlerin class- RealmBase
- Parameters:
- credentialHandler- the- CredentialHandlerto use
 
 
-