File Doc Category Size Date Package
Realm.java API Doc Glassfish v2 API 13175 Fri May 04 22:31:52 BST 2007 org.apache.catalina

Realm

public interface Realm

A Realm is a read-only facade for an underlying security realm used to authenticate individual users, and identify the security roles associated with those users. Realms can be attached at any Container level, but will typically only be attached to a Context, or higher level, Container.

author: Craig R. McClanahan
version: $Revision: 1.7 $ $Date: 2007/05/05 05:31:51 $

Fields Summary
public static final int
AUTHENTICATE_NEEDED
Flag indicating authentication is needed for current request. Used by preAuthenticateCheck method.
public static final int
AUTHENTICATE_NOT_NEEDED
Flag indicating authentication is not needed for current request. Used by preAuthenticateCheck method.
public static final int
AUTHENTICATED_NOT_AUTHORIZED
Flag indicating the user has been authenticated but been denied access to the requested resource.
Constructors Summary
Methods Summary
public void addPropertyChangeListener(java.beans.PropertyChangeListener listener)
Add a property change listener to this component.
param
listener The listener to add
public java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
param
username Username of the Principal to look up
param
credentials Password or other credentials to use in authenticating this username
public java.security.Principal authenticate(java.lang.String username, byte[] credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
param
username Username of the Principal to look up
param
credentials Password or other credentials to use in authenticating this username
public java.security.Principal authenticate(java.lang.String username, java.lang.String digest, java.lang.String nonce, java.lang.String nc, java.lang.String cnonce, java.lang.String qop, java.lang.String realm, java.lang.String md5a2)
Return the Principal associated with the specified username, which matches the digest calculated using the given parameters using the method described in RFC 2069; otherwise return null.
param
username Username of the Principal to look up
param
digest Digest which has been submitted by the client
param
nonce Unique (or supposedly unique) token which has been used for this request
param
realm Realm name
param
md5a2 Second MD5 digest used to calculate the digest : MD5(Method + ":" + uri)
public java.security.Principal authenticate(java.security.cert.X509Certificate[] certs)
Return the Principal associated with the specified chain of X509 client certificates. If there is none, return null.
param
certs Array of client certificates, with the first one in the array being the certificate of the client itself.
public org.apache.catalina.deploy.SecurityConstraint[] findSecurityConstraints(HttpRequest request, Context context)
Return the SecurityConstraints configured to guard the request URI for this request, or null if there is no such constraint.
param
request Request we are processing
public java.lang.String getAlternateAuthType(HttpRequest req)
Return an alternate auth type from the request if available.
param
req The request object.
return
Alternate auth type or null.
public java.security.Principal getAlternatePrincipal(HttpRequest req)
Return an alternate principal from the request if available.
param
req The request object.
return
Alternate principal or null.
public Container getContainer()
Return the Container with which this Realm has been associated.
public java.lang.String getInfo()
Return descriptive information about this Realm implementation and the corresponding version number, in the format <description>/<version>.
public java.lang.String getRealmName()
Returns the name of the associated realm.
return
realm name or null if not set.
public boolean hasResourcePermission(HttpRequest request, HttpResponse response, org.apache.catalina.deploy.SecurityConstraint[] constraint, Context context)
Perform access control based on the specified authorization constraint. Return true if this constraint is satisfied and processing should continue, or false otherwise.
param
request Request we are processing
param
response Response we are creating
param
constraint Security constraint we are enforcing
param
The Context to which client of this class is attached.
exception
IOException if an input/output error occurs
public boolean hasRole(java.security.Principal principal, java.lang.String role)
Return true if the specified Principal has the specified security role, within the context of this Realm; otherwise return false.
param
principal Principal for whom the role is to be checked
param
role Security role to be checked
public boolean hasRole(HttpRequest request, HttpResponse response, java.security.Principal principal, java.lang.String role)
Return true if the specified Principal has the specified security role, within the context of this Realm; otherwise return false.
param
request Request we are processing
param
response Response we are creating
param
principal Principal for whom the role is to be checked
param
role Security role to be checked
public boolean hasUserDataPermission(HttpRequest request, HttpResponse response, org.apache.catalina.deploy.SecurityConstraint[] constraint)
Enforce any user data constraint required by the security constraint guarding this request URI. Return true if this constraint was not violated and processing should continue, or false if we have created a response already.
param
request Request we are processing
param
response Response we are creating
param
constraint Security constraint being checked
exception
IOException if an input/output error occurs
public boolean invokeAuthenticateDelegate(HttpRequest request, HttpResponse response, Context context, Authenticator authenticator)
Authenticates the user making this request, based on the specified login configuration. Return true if any specified requirements have been satisfied, or false if we have created a response challenge already.
param
request Request we are processing
param
response Response we are creating
param
context The Context to which client of this class is attached.
param
authenticator the current authenticator.
exception
IOException if an input/output error occurs
public boolean invokePostAuthenticateDelegate(HttpRequest request, HttpResponse response, Context context)
Post authentication for given request and response.
param
request Request we are processing
param
response Response we are creating
param
context The Context to which client of this class is attached.
exception
IOException if an input/output error occurs
public int preAuthenticateCheck(HttpRequest request, HttpResponse response, org.apache.catalina.deploy.SecurityConstraint[] constraints, boolean disableProxyCaching, boolean securePagesWithPragma, boolean ssoEnabled)
Checks whether or not authentication is needed. Returns an int, one of AUTHENTICATE_NOT_NEEDED, AUTHENTICATE_NEEDED, or AUTHENTICATED_NOT_AUTHORIZED.
param
request Request we are processing
param
response Response we are creating
param
constraints Security constraint we are enforcing
param
disableProxyCaching whether or not to disable proxy caching for protected resources.
param
securePagesWithPragma true if we add headers which are incompatible with downloading office documents in IE under SSL but which fix a caching problem in Mozill
param
ssoEnabled true if sso is enabled
exception
IOException if an input/output error occurs
public void removePropertyChangeListener(java.beans.PropertyChangeListener listener)
Remove a property change listener from this component.
param
listener The listener to remove
public void setContainer(Container container)
Set the Container with which this Realm has been associated.
param
container The associated Container
public void setRealmName(java.lang.String name, java.lang.String authMethod)
Set the name of the associated realm.
param
name the name of the realm.