Package org.apache.catalina.realm
Class CombinedRealm
- java.lang.Object
- 
- org.apache.catalina.util.LifecycleBase
- 
- org.apache.catalina.util.LifecycleMBeanBase
- 
- org.apache.catalina.realm.RealmBase
- 
- org.apache.catalina.realm.CombinedRealm
 
 
 
 
- 
- All Implemented Interfaces:
- javax.management.MBeanRegistration,- Contained,- GSSRealm,- JmxEnabled,- Lifecycle,- Realm
 - Direct Known Subclasses:
- LockOutRealm
 
 public class CombinedRealm extends RealmBase Realm implementation that contains one or more realms. Authentication is attempted for each realm in the order they were configured. If any realm authenticates the user then the authentication succeeds. When combining realms usernames should be unique across all combined realms.
- 
- 
Nested Class Summary- 
Nested classes/interfaces inherited from class org.apache.catalina.realm.RealmBaseRealmBase.AllRolesMode
 - 
Nested classes/interfaces inherited from interface org.apache.catalina.LifecycleLifecycle.SingleUse
 
- 
 - 
Field SummaryFields Modifier and Type Field Description protected static java.lang.StringnameDeprecated.This will be removed in Tomcat 9 onwards.protected java.util.List<Realm>realmsThe list of Realms contained by this Realm.- 
Fields inherited from class org.apache.catalina.realm.RealmBaseallRolesMode, container, containerLog, realmPath, sm, stripRealmForGss, support, validate, x509UsernameRetriever, x509UsernameRetrieverClassName
 - 
Fields inherited from class org.apache.catalina.util.LifecycleMBeanBasemserver
 - 
Fields inherited from interface org.apache.catalina.LifecycleAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
 
- 
 - 
Constructor SummaryConstructors Constructor Description CombinedRealm()
 - 
Method SummaryAll Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description voidaddRealm(Realm theRealm)Add a realm to the list of realms that will be used to authenticate users.java.security.Principalauthenticate(java.lang.String username)Return the Principal associated with the specified user name otherwise returnnull.java.security.Principalauthenticate(java.lang.String username, java.lang.String credentials)Return the Principal associated with the specified username and credentials, if there is one; otherwise returnnull.java.security.Principalauthenticate(java.lang.String username, java.lang.String clientDigest, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce, java.lang.String qop, java.lang.String realmName, java.lang.String md5a2)Return the Principal associated with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2069; otherwise returnnull.java.security.Principalauthenticate(java.security.cert.X509Certificate[] certs)Return the Principal associated with the specified chain of X509 client certificates.java.security.Principalauthenticate(org.ietf.jgss.GSSContext gssContext, boolean storeCred)Try to authenticate using aGSSContextjava.security.Principalauthenticate(org.ietf.jgss.GSSName gssName, org.ietf.jgss.GSSCredential gssCredential)Try to authenticate using aGSSNamevoidbackgroundProcess()Delegate the backgroundProcess call to all sub-realms.protected voiddestroyInternal()Ensure child Realms are destroyed when this Realm is destroyed.protected java.lang.StringgetName()Deprecated.Realm[]getNestedRealms()protected java.lang.StringgetPassword(java.lang.String username)Get the password for the specified user.protected java.security.PrincipalgetPrincipal(java.lang.String username)Get the principal associated with the specified user.javax.management.ObjectName[]getRealms()booleanhasRole(Wrapper wrapper, java.security.Principal principal, java.lang.String role)Check if the specified Principal has the specified security role, within the context of this Realm.booleanisAvailable()Return the availability of the realm for authentication.voidsetContainer(Container container)Set the Container with which this Realm has been associated.voidsetCredentialHandler(CredentialHandler credentialHandler)Set the CredentialHandler to be used by this Realm.protected voidstartInternal()Prepare for the beginning of active use of the public methods of this component and implement the requirements ofLifecycleBase.startInternal().protected voidstopInternal()Gracefully terminate the active use of the public methods of this component and implement the requirements ofLifecycleBase.stopInternal().- 
Methods inherited from class org.apache.catalina.realm.RealmBaseaddPropertyChangeListener, Digest, findSecurityConstraints, getAllRolesMode, getContainer, getCredentialHandler, getDigest, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getPrincipal, getPrincipal, getRealmPath, getRealmSuffix, getRoles, getServer, getTransportGuaranteeRedirectStatus, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, hasResourcePermission, hasRoleInternal, hasUserDataPermission, initInternal, isStripRealmForGss, main, removePropertyChangeListener, setAllRolesMode, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setValidate, setX509UsernameRetrieverClassName, toString
 - 
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBasegetDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister
 - 
Methods inherited from class org.apache.catalina.util.LifecycleBaseaddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
 
- 
 
- 
- 
- 
Field Detail- 
realmsprotected final java.util.List<Realm> realms The list of Realms contained by this Realm.
 - 
name@Deprecated protected static final java.lang.String name Deprecated.This will be removed in Tomcat 9 onwards.Descriptive information about this Realm implementation.- See Also:
- Constant Field Values
 
 
- 
 - 
Method Detail- 
addRealmpublic void addRealm(Realm theRealm) Add a realm to the list of realms that will be used to authenticate users.- Parameters:
- theRealm- realm which should be wrapped by the combined realm
 
 - 
getRealmspublic javax.management.ObjectName[] getRealms() - Returns:
- the set of Realms that this Realm is wrapping
 
 - 
getNestedRealmspublic Realm[] getNestedRealms() - Returns:
- the list of Realms contained by this Realm.
 
 - 
authenticatepublic java.security.Principal authenticate(java.lang.String username, java.lang.String clientDigest, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce, java.lang.String qop, java.lang.String realmName, java.lang.String md5a2)Return the Principal associated with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2069; otherwise returnnull.- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- username- Username of the Principal to look up
- clientDigest- Digest which has been submitted by the client
- nonce- Unique (or supposedly unique) token which has been used for this request
- realmName- Realm name
- md5a2- Second MD5 digest used to calculate the digest : MD5(Method + ":" + uri)
- nc- the nonce counter
- cnonce- the client chosen nonce
- qop- the "quality of protection" (- ncand- cnoncewill only be used, if- qopis not- null).
- Returns:
- the associated principal, or nullif there is none.
 
 - 
authenticatepublic java.security.Principal authenticate(java.lang.String username) Return the Principal associated with the specified user name otherwise returnnull.- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- username- User name of the Principal to look up
- Returns:
- the associated principal, or nullif none is associated.
 
 - 
authenticatepublic java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)Return the Principal associated with the specified username and credentials, if there is one; otherwise returnnull.- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- username- Username of the Principal to look up
- credentials- Password or other credentials to use in authenticating this username
- Returns:
- the associated principal, or nullif there is none.
 
 - 
setContainerpublic void setContainer(Container container) Set the Container with which this Realm has been associated.- Specified by:
- setContainerin interface- Contained
- Overrides:
- setContainerin class- RealmBase
- Parameters:
- container- The associated Container
 
 - 
startInternalprotected void startInternal() throws LifecycleExceptionPrepare for the beginning of active use of the public methods of this component and implement the requirements ofLifecycleBase.startInternal().- Overrides:
- startInternalin class- RealmBase
- Throws:
- LifecycleException- if this component detects a fatal error that prevents this component from being used
 
 - 
stopInternalprotected void stopInternal() throws LifecycleExceptionGracefully terminate the active use of the public methods of this component and implement the requirements ofLifecycleBase.stopInternal().- Overrides:
- stopInternalin class- RealmBase
- Throws:
- LifecycleException- if this component detects a fatal error that needs to be reported
 
 - 
destroyInternalprotected void destroyInternal() throws LifecycleExceptionEnsure child Realms are destroyed when this Realm is destroyed.- Overrides:
- destroyInternalin class- LifecycleMBeanBase
- Throws:
- LifecycleException- If the destruction fails
 
 - 
backgroundProcesspublic void backgroundProcess() Delegate the backgroundProcess call to all sub-realms.- Specified by:
- backgroundProcessin interface- Realm
- Overrides:
- backgroundProcessin class- RealmBase
 
 - 
authenticatepublic java.security.Principal authenticate(java.security.cert.X509Certificate[] certs) Return the Principal associated with the specified chain of X509 client certificates. If there is none, returnnull.- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- certs- Array of client certificates, with the first one in the array being the certificate of the client itself.
- Returns:
- the associated principal, or nullif there is none
 
 - 
authenticatepublic java.security.Principal authenticate(org.ietf.jgss.GSSContext gssContext, boolean storeCred)Try to authenticate using aGSSContext- Specified by:
- authenticatein interface- Realm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- gssContext- The gssContext processed by the- Authenticator.
- storeCred- Should the realm attempt to store the delegated credentials in the returned Principal?
- Returns:
- the associated principal, or nullif there is none
 
 - 
authenticatepublic java.security.Principal authenticate(org.ietf.jgss.GSSName gssName, org.ietf.jgss.GSSCredential gssCredential)Try to authenticate using aGSSName- Specified by:
- authenticatein interface- GSSRealm
- Overrides:
- authenticatein class- RealmBase
- Parameters:
- gssName- The- GSSNameof the principal to look up
- gssCredential- The- GSSCredentialof the principal, may be- null
- Returns:
- the associated principal, or nullif there is none
 
 - 
hasRolepublic boolean hasRole(Wrapper wrapper, java.security.Principal principal, java.lang.String role) Check if the specified Principal has the specified security role, within the context of this Realm. This method orRealmBase.hasRoleInternal(Principal, String)can be overridden by Realm implementations, but the default is adequate when an instance ofGenericPrincipalis used to represent authenticated Principals from this Realm.- Specified by:
- hasRolein interface- Realm
- Overrides:
- hasRolein class- RealmBase
- Parameters:
- wrapper- wrapper context for evaluating role
- principal- Principal for whom the role is to be checked
- role- Security role to be checked
- Returns:
- trueif the specified Principal has the specified security role, within the context of this Realm; otherwise return- false.
 
 - 
getName@Deprecated protected java.lang.String getName() Deprecated.
 - 
getPasswordprotected java.lang.String getPassword(java.lang.String username) Description copied from class:RealmBaseGet the password for the specified user.- Specified by:
- getPasswordin class- RealmBase
- Parameters:
- username- The user name
- Returns:
- the password associated with the given principal's user name.
 
 - 
getPrincipalprotected java.security.Principal getPrincipal(java.lang.String username) Description copied from class:RealmBaseGet the principal associated with the specified user.- Specified by:
- getPrincipalin class- RealmBase
- Parameters:
- username- The user name
- Returns:
- the Principal associated with the given user name.
 
 - 
isAvailablepublic boolean isAvailable() Description copied from interface:RealmReturn the availability of the realm for authentication.- Specified by:
- isAvailablein interface- Realm
- Overrides:
- isAvailablein class- RealmBase
- Returns:
- trueif the realm is able to perform authentication
 
 - 
setCredentialHandlerpublic void setCredentialHandler(CredentialHandler credentialHandler) Description copied from interface:RealmSet the CredentialHandler to be used by this Realm.- Specified by:
- setCredentialHandlerin interface- Realm
- Overrides:
- setCredentialHandlerin class- RealmBase
- Parameters:
- credentialHandler- the- CredentialHandlerto use
 
 
- 
 
-