org.jboss.as.web.security

Class JBossWebRealm

java.lang.Object

org.apache.catalina.realm.RealmBase

org.jboss.as.web.security.JBossWebRealm

All Implemented Interfaces:

MBeanRegistration, org.apache.catalina.Lifecycle, org.apache.catalina.Realm

public class JBossWebRealm
extends org.apache.catalina.realm.RealmBase

A RealmBase implementation

Author:

Scott.Stark@jboss.org, Anil Saldhana

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.catalina.realm.RealmBase

org.apache.catalina.realm.RealmBase.AllRolesMode

Field Summary

Fields

Modifier and Type	Field and Description
protected org.jboss.security.audit.AuditManager	auditManager The AuditManager instance that can audit security events
protected org.jboss.security.AuthenticationManager	authenticationManager The AuthenticationManager instance that can perform authentication
protected org.jboss.security.AuthorizationManager	authorizationManager The AuthorizationManager instance that is used for authorization as well as get roles
protected org.jboss.security.CertificatePrincipal	certMapping The converter from X509 certificate chain to Principal
protected DeploymentUnit	deploymentUnit The DeploymentUnit associated with the Realm
protected boolean	disableAudit Is Audit disabled?
protected org.jboss.security.mapping.MappingManager	mappingManager The MappingManager instance to perform principal, role, attribute and credential mapping
protected org.jboss.metadata.web.jboss.JBossWebMetaData	metaData MetaData associated with the DeploymentUnit
protected static String	name
protected Map<String,Set<String>>	principalVersusRolesMap JBoss specific role mapping set in the MetaData
protected boolean	useJBossAuthorization Is JBoss authorization framework enabled?

Fields inherited from class org.apache.catalina.realm.RealmBase

allRolesMode, container, containerLog, controller, digest, digestEncoding, domain, host, info, initialized, lifecycle, md, md5Encoder, md5Helper, mserver, oname, path, realmPath, sm, started, support, type, validate

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, DESTROY_EVENT, INIT_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor and Description
JBossWebRealm()

Method Summary

Methods

Modifier and Type	Method and Description
Principal	authenticate(String username, byte[] credentials)
Principal	authenticate(String username, String credentials)
Principal	authenticate(String username, String clientDigest, String nOnce, String nc, String cnonce, String qop, String realm, String md5a2)
Principal	authenticate(X509Certificate[] certs)
protected String	getName()
protected String	getPassword(String username)
protected Principal	getPrincipal(String username)
protected Principal	getPrincipal(Subject subject) Get the Principal given the authenticated Subject.
protected Set<Principal>	getPrincipalRoles(Principal principal) Access the set of role Principals associated with the given caller principal.
protected List<String>	getPrincipalRoles(org.apache.catalina.connector.Request request) Get the roles that is stored in the authenticated GenericPrincipal
Map<String,Set<String>>	getPrincipalVersusRolesMap() Returns the principal versus roles map
protected Subject	getSubjectFromRequestPrincipal(Principal principal) Retrieve the Subject stored in the Principal
boolean	hasResourcePermission(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.SecurityConstraint[] constraints, org.apache.catalina.Context context)
boolean	hasRole(Principal principal, String role)
boolean	hasUserDataPermission(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.catalina.deploy.SecurityConstraint[] constraints)
protected List<String>	mapUserRoles(List<String> rolesList)
protected String	requestURI(org.apache.catalina.connector.Request request) Get the canonical request URI from the request mapping data requestPath
void	setAuditManager(org.jboss.security.audit.AuditManager auditManager) Set the AuditManager
void	setAuthenticationManager(org.jboss.security.AuthenticationManager authenticationManager) Set the AuthenticationManager
void	setAuthorizationManager(org.jboss.security.AuthorizationManager authorizationManager) Set the AuthorizationManager
void	setDeploymentUnit(DeploymentUnit deploymentUnit) Set the DeploymentUnit
void	setMappingManager(org.jboss.security.mapping.MappingManager mappingManager) Set the MappingManager

Methods inherited from class org.apache.catalina.realm.RealmBase

addLifecycleListener, addPropertyChangeListener, backgroundProcess, destroy, digest, Digest, findLifecycleListeners, findSecurityConstraints, getAllRolesMode, getContainer, getController, getDigest, getDigest, getDigestEncoding, getDomain, getInfo, getObjectName, getPrincipal, getRealmPath, getRealmSuffix, getServer, getType, getValidate, hasMessageDigest, init, main, postDeregister, postRegister, preDeregister, preRegister, removeLifecycleListener, removePropertyChangeListener, setAllRolesMode, setContainer, setController, setDigest, setDigestEncoding, setRealmPath, setValidate, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

name

protected static final String name

See Also:

Constant Field Values

auditManager

protected org.jboss.security.audit.AuditManager auditManager

The AuditManager instance that can audit security events

authenticationManager

protected org.jboss.security.AuthenticationManager authenticationManager

The AuthenticationManager instance that can perform authentication

authorizationManager

protected org.jboss.security.AuthorizationManager authorizationManager

The AuthorizationManager instance that is used for authorization as well as get roles

mappingManager

protected org.jboss.security.mapping.MappingManager mappingManager

The MappingManager instance to perform principal, role, attribute and credential mapping

certMapping

protected org.jboss.security.CertificatePrincipal certMapping

The converter from X509 certificate chain to Principal

deploymentUnit

protected DeploymentUnit deploymentUnit

The DeploymentUnit associated with the Realm

metaData

protected org.jboss.metadata.web.jboss.JBossWebMetaData metaData

MetaData associated with the DeploymentUnit

principalVersusRolesMap

protected Map<String,Set<String>> principalVersusRolesMap

JBoss specific role mapping set in the MetaData

useJBossAuthorization

protected boolean useJBossAuthorization

Is JBoss authorization framework enabled?

disableAudit

protected boolean disableAudit

Is Audit disabled?

Constructor Detail

JBossWebRealm

public JBossWebRealm()

Method Detail

setAuthenticationManager

public void setAuthenticationManager(org.jboss.security.AuthenticationManager authenticationManager)

Set the AuthenticationManager

Parameters:

authenticationManager -

setAuditManager

public void setAuditManager(org.jboss.security.audit.AuditManager auditManager)

Set the AuditManager

Parameters:

auditManager -

setAuthorizationManager

public void setAuthorizationManager(org.jboss.security.AuthorizationManager authorizationManager)

Set the AuthorizationManager

Parameters:

authorizationManager -

setMappingManager

public void setMappingManager(org.jboss.security.mapping.MappingManager mappingManager)

Set the MappingManager

Parameters:

mappingManager -

setDeploymentUnit

public void setDeploymentUnit(DeploymentUnit deploymentUnit)

Set the DeploymentUnit

Parameters:

deploymentUnit -

getPrincipalVersusRolesMap

public Map<String,Set<String>> getPrincipalVersusRolesMap()

Returns the principal versus roles map

Returns:

map

authenticate

public Principal authenticate(String username,
                     String credentials)

Specified by:

authenticate in interface org.apache.catalina.Realm

Overrides:

authenticate in class org.apache.catalina.realm.RealmBase

authenticate

public Principal authenticate(X509Certificate[] certs)

Specified by:

authenticate in interface org.apache.catalina.Realm

Overrides:

authenticate in class org.apache.catalina.realm.RealmBase

authenticate

public Principal authenticate(String username,
                     byte[] credentials)

Specified by:

authenticate in interface org.apache.catalina.Realm

Overrides:

authenticate in class org.apache.catalina.realm.RealmBase

authenticate

public Principal authenticate(String username,
                     String clientDigest,
                     String nOnce,
                     String nc,
                     String cnonce,
                     String qop,
                     String realm,
                     String md5a2)

Specified by:

authenticate in interface org.apache.catalina.Realm

Overrides:

authenticate in class org.apache.catalina.realm.RealmBase

getName

protected String getName()

Specified by:

getName in class org.apache.catalina.realm.RealmBase

getPassword

protected String getPassword(String username)

Specified by:

getPassword in class org.apache.catalina.realm.RealmBase

getPrincipal

protected Principal getPrincipal(String username)

Specified by:

getPrincipal in class org.apache.catalina.realm.RealmBase

mapUserRoles

protected List<String> mapUserRoles(List<String> rolesList)

getPrincipal

protected Principal getPrincipal(Subject subject)

Get the Principal given the authenticated Subject. Currently the first principal that is not of type Group is considered or the single principal inside the CallerPrincipal group.

Parameters:

subject -

Returns:

the authenticated principal

hasResourcePermission

public boolean hasResourcePermission(org.apache.catalina.connector.Request request,
                            org.apache.catalina.connector.Response response,
                            org.apache.catalina.deploy.SecurityConstraint[] constraints,
                            org.apache.catalina.Context context)
                              throws IOException

Specified by:

hasResourcePermission in interface org.apache.catalina.Realm

Overrides:

hasResourcePermission in class org.apache.catalina.realm.RealmBase

Throws:

IOException

hasRole

public boolean hasRole(Principal principal,
              String role)

Specified by:

hasRole in interface org.apache.catalina.Realm

Overrides:

hasRole in class org.apache.catalina.realm.RealmBase

hasUserDataPermission

public boolean hasUserDataPermission(org.apache.catalina.connector.Request request,
                            org.apache.catalina.connector.Response response,
                            org.apache.catalina.deploy.SecurityConstraint[] constraints)
                              throws IOException

Specified by:

hasUserDataPermission in interface org.apache.catalina.Realm

Overrides:

hasUserDataPermission in class org.apache.catalina.realm.RealmBase

Throws:

IOException

getSubjectFromRequestPrincipal

protected Subject getSubjectFromRequestPrincipal(Principal principal)

Retrieve the Subject stored in the Principal

Parameters:

principal - the Principal present in the Request

Returns:

the authenticated Subject

getPrincipalRoles

protected Set<Principal> getPrincipalRoles(Principal principal)

Access the set of role Principals associated with the given caller principal.

Parameters:

principal - - the Principal mapped from the authentication principal and visible from the HttpServletRequest.getUserPrincipal

Returns:

a possible null Set for the caller roles

getPrincipalRoles

protected List<String> getPrincipalRoles(org.apache.catalina.connector.Request request)

Get the roles that is stored in the authenticated GenericPrincipal

Parameters:

request -

Returns:

requestURI

protected String requestURI(org.apache.catalina.connector.Request request)

Get the canonical request URI from the request mapping data requestPath

Parameters:

request -

Returns:

the request URI path