Package org.apache.catalina
Interface Realm
- 
- All Superinterfaces:
- Contained
 - All Known Subinterfaces:
- GSSRealm
 - All Known Implementing Classes:
- CombinedRealm,- DataSourceRealm,- JAASMemoryLoginModule,- JAASRealm,- JDBCRealm,- JNDIRealm,- LockOutRealm,- MemoryRealm,- NullRealm,- RealmBase,- UserDatabaseRealm
 
 public interface Realm extends Contained A Realm is a read-only facade for an underlying security realm used to authenticate individual users, and identify the security roles associated with those users. Realms can be attached at any Container level, but will typically only be attached to a Context, or higher level, Container.- Author:
- Craig R. McClanahan
 
- 
- 
Method SummaryAll Methods Instance Methods Abstract Methods Deprecated Methods Modifier and Type Method Description voidaddPropertyChangeListener(java.beans.PropertyChangeListener listener)Add a property change listener to this component.java.security.Principalauthenticate(java.lang.String username)Try to authenticate with the specified username.java.security.Principalauthenticate(java.lang.String username, java.lang.String credentials)Try to authenticate using the specified username and credentials.java.security.Principalauthenticate(java.lang.String username, java.lang.String digest, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce, java.lang.String qop, java.lang.String realm, java.lang.String md5a2)Try to authenticate with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2617 (which is a superset of RFC 2069).java.security.Principalauthenticate(java.security.cert.X509Certificate[] certs)Try to authenticate usingX509Certificatesjava.security.Principalauthenticate(org.ietf.jgss.GSSContext gssContext, boolean storeCreds)Try to authenticate using aGSSContextvoidbackgroundProcess()Execute a periodic task, such as reloading, etc.SecurityConstraint[]findSecurityConstraints(Request request, Context context)Find the SecurityConstraints configured to guard the request URI for this request.CredentialHandlergetCredentialHandler()java.lang.String[]getRoles(java.security.Principal principal)Deprecated.This will be removed in Tomcat 10.booleanhasResourcePermission(Request request, Response response, SecurityConstraint[] constraint, Context context)Perform access control based on the specified authorization constraint.booleanhasRole(Wrapper wrapper, java.security.Principal principal, java.lang.String role)Check if the specified Principal has the specified security role, within the context of this Realm.booleanhasUserDataPermission(Request request, Response response, SecurityConstraint[] constraint)Enforce any user data constraint required by the security constraint guarding this request URI.booleanisAvailable()Return the availability of the realm for authentication.voidremovePropertyChangeListener(java.beans.PropertyChangeListener listener)Remove a property change listener from this component.voidsetCredentialHandler(CredentialHandler credentialHandler)Set the CredentialHandler to be used by this Realm.- 
Methods inherited from interface org.apache.catalina.ContainedgetContainer, setContainer
 
- 
 
- 
- 
- 
Method Detail- 
getCredentialHandlerCredentialHandler getCredentialHandler() - Returns:
- the CredentialHandler configured for this Realm.
 
 - 
setCredentialHandlervoid setCredentialHandler(CredentialHandler credentialHandler) Set the CredentialHandler to be used by this Realm.- Parameters:
- credentialHandler- the- CredentialHandlerto use
 
 - 
addPropertyChangeListenervoid addPropertyChangeListener(java.beans.PropertyChangeListener listener) Add a property change listener to this component.- Parameters:
- listener- The listener to add
 
 - 
authenticatejava.security.Principal authenticate(java.lang.String username) Try to authenticate with the specified username.- Parameters:
- username- Username of the Principal to look up
- Returns:
- the associated principal, or nullif none is associated.
 
 - 
authenticatejava.security.Principal authenticate(java.lang.String username, java.lang.String credentials)Try to authenticate using the specified username and credentials.- Parameters:
- username- Username of the Principal to look up
- credentials- Password or other credentials to use in authenticating this username
- Returns:
- the associated principal, or nullif there is none
 
 - 
authenticatejava.security.Principal authenticate(java.lang.String username, java.lang.String digest, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce, java.lang.String qop, java.lang.String realm, java.lang.String md5a2)Try to authenticate with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2617 (which is a superset of RFC 2069).- Parameters:
- username- Username of the Principal to look up
- digest- Digest which has been submitted by the client
- nonce- Unique (or supposedly unique) token which has been used for this request
- nc- the nonce counter
- cnonce- the client chosen nonce
- qop- the "quality of protection" (- ncand- cnoncewill only be used, if- qopis not- null).
- realm- Realm name
- md5a2- Second MD5 digest used to calculate the digest : MD5(Method + ":" + uri)
- Returns:
- the associated principal, or nullif there is none.
 
 - 
authenticatejava.security.Principal authenticate(org.ietf.jgss.GSSContext gssContext, boolean storeCreds)Try to authenticate using aGSSContext- Parameters:
- gssContext- The gssContext processed by the- Authenticator.
- storeCreds- Should the realm attempt to store the delegated credentials in the returned Principal?
- Returns:
- the associated principal, or nullif there is none
 
 - 
authenticatejava.security.Principal authenticate(java.security.cert.X509Certificate[] certs) Try to authenticate usingX509Certificates- Parameters:
- certs- Array of client certificates, with the first one in the array being the certificate of the client itself.
- Returns:
- the associated principal, or nullif there is none
 
 - 
backgroundProcessvoid backgroundProcess() Execute a periodic task, such as reloading, etc. This method will be invoked inside the classloading context of this container. Unexpected throwables will be caught and logged.
 - 
findSecurityConstraintsSecurityConstraint[] findSecurityConstraints(Request request, Context context) Find the SecurityConstraints configured to guard the request URI for this request.- Parameters:
- request- Request we are processing
- context-- Contextfor this request
- Returns:
- the configured SecurityConstraint, ofnullif there is none
 
 - 
hasResourcePermissionboolean hasResourcePermission(Request request, Response response, SecurityConstraint[] constraint, Context context) throws java.io.IOException Perform access control based on the specified authorization constraint.- Parameters:
- request- Request we are processing
- response- Response we are creating
- constraint- Security constraint we are enforcing
- context- The Context to which client of this class is attached.
- Returns:
- trueif this constraint is satisfied and processing should continue, or- falseotherwise
- Throws:
- java.io.IOException- if an input/output error occurs
 
 - 
hasRoleboolean hasRole(Wrapper wrapper, java.security.Principal principal, java.lang.String role) Check if the specified Principal has the specified security role, within the context of this Realm.- Parameters:
- wrapper- wrapper context for evaluating role
- principal- Principal for whom the role is to be checked
- role- Security role to be checked
- Returns:
- trueif the specified Principal has the specified security role, within the context of this Realm; otherwise return- false.
 
 - 
hasUserDataPermissionboolean hasUserDataPermission(Request request, Response response, SecurityConstraint[] constraint) throws java.io.IOException Enforce any user data constraint required by the security constraint guarding this request URI.- Parameters:
- request- Request we are processing
- response- Response we are creating
- constraint- Security constraint being checked
- Returns:
- trueif this constraint was not violated and processing should continue, or- falseif we have created a response already.
- Throws:
- java.io.IOException- if an input/output error occurs
 
 - 
removePropertyChangeListenervoid removePropertyChangeListener(java.beans.PropertyChangeListener listener) Remove a property change listener from this component.- Parameters:
- listener- The listener to remove
 
 - 
getRoles@Deprecated java.lang.String[] getRoles(java.security.Principal principal) Deprecated.This will be removed in Tomcat 10.Return roles associated with given principal- Parameters:
- principal- the- Principalto get the roles for.
- Returns:
- principal roles
 
 - 
isAvailableboolean isAvailable() Return the availability of the realm for authentication.- Returns:
- trueif the realm is able to perform authentication
 
 
- 
 
-