org.apache.catalina.realm: public class: JAASMemoryLoginModule

org.apache.catalina.realm
public class: JAASMemoryLoginModule [javadoc | source]

java.lang.Object
   org.apache.catalina.realm.RealmBase
      org.apache.catalina.realm.MemoryRealm
         org.apache.catalina.realm.JAASMemoryLoginModule

All Implemented Interfaces:
LoginModule, Realm, MBeanRegistration, Lifecycle

Implementation of the JAAS LoginModule interface, primarily for use in testing JAASRealm. It utilizes an XML-format data file of username/password/role information identical to that supported by org.apache.catalina.realm.MemoryRealm (except that digested passwords are not supported).

This class recognizes the following string-valued options, which are specified in the configuration file (and passed to our constructor in the options argument:

debug - Set to "true" to get debugging messages generated to System.out. The default value is false.
pathname - Relative (to the pathname specified by the "catalina.base" system property) or absolute pahtname to the XML file containing our user information, in the format supported by MemoryRealm . The default value matches the MemoryRealm default.

IMPLEMENTATION NOTE - This class implements Realm only to satisfy the calling requirements of the GenericPrincipal constructor. It does not actually perform the functionality required of a Realm implementation.

author: Craig - R. McClanahan

version: $ - Revision: 543691 $ $Date: 2007-06-02 03:37:08 +0200 (sam., 02 juin 2007) $

Field Summary
protected CallbackHandler	callbackHandler	The callback handler responsible for answering our requests.
protected boolean	committed	Has our own `commit()` returned successfully?
protected Map	options	The configuration information for this `LoginModule`.
protected String	pathname	The absolute or relative pathname to the XML configuration file.
protected Principal	principal	The `Principal` identified by our validation, or `null` if validation falied.
protected HashMap	principals	The set of `Principals` loaded from our configuration file.
protected static StringManager	sm	The string manager for this package.
protected Map	sharedState	The state information that is shared with other configured `LoginModule` instances.
protected Subject	subject	The subject for which we are performing authentication.

Fields inherited from org.apache.catalina.realm.MemoryRealm:
info, name

Fields inherited from org.apache.catalina.realm.RealmBase:
container, containerLog, digest, digestEncoding, info, lifecycle, md, md5Encoder, md5Helper, sm, started, support, validate, allRolesMode, type, domain, host, path, oname, controller, mserver, initialized

Constructor:
public JAASMemoryLoginModule() { // --------------------------------------------------------- Public Methods log.debug("MEMORY LOGIN MODULE"); }

Constructor:

 public JAASMemoryLoginModule() {
    // --------------------------------------------------------- Public Methods
        log.debug("MEMORY LOGIN MODULE");
}

Method from org.apache.catalina.realm.JAASMemoryLoginModule Summary:
abort, commit, findSecurityConstraints, initialize, load, login, logout

Methods from org.apache.catalina.realm.MemoryRealm:
addUser, authenticate, getDigester, getInfo, getName, getPassword, getPathname, getPrincipal, getPrincipals, setPathname, start, stop

Methods from org.apache.catalina.realm.RealmBase:
Digest, addLifecycleListener, addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, backgroundProcess, destroy, digest, findLifecycleListeners, findSecurityConstraints, getAllRolesMode, getContainer, getController, getDigest, getDigest, getDigestEncoding, getDomain, getInfo, getName, getObjectName, getPassword, getPrincipal, getPrincipal, getType, getValidate, hasMessageDigest, hasResourcePermission, hasRole, hasUserDataPermission, init, main, postDeregister, postRegister, preDeregister, preRegister, removeLifecycleListener, removePropertyChangeListener, setAllRolesMode, setContainer, setController, setDigest, setDigestEncoding, setValidate, start, stop

Methods from org.apache.catalina.realm.RealmBase:

Digest, addLifecycleListener, addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, backgroundProcess, destroy, digest, findLifecycleListeners, findSecurityConstraints, getAllRolesMode, getContainer, getController, getDigest, getDigest, getDigestEncoding, getDomain, getInfo, getName, getObjectName, getPassword, getPrincipal, getPrincipal, getType, getValidate, hasMessageDigest, hasResourcePermission, hasRole, hasUserDataPermission, init, main, postDeregister, postRegister, preDeregister, preRegister, removeLifecycleListener, removePropertyChangeListener, setAllRolesMode, setContainer, setController, setDigest, setDigestEncoding, setValidate, start, stop

Methods from java.lang.Object:
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from org.apache.catalina.realm.JAASMemoryLoginModule Detail:
public boolean abort() throws LoginException { // If our authentication was not successful, just return false if (principal == null) return (false); // Clean up if overall authentication failed if (committed) logout(); else { committed = false; principal = null; } log.debug("Abort"); return (true); } Phase 2 of authenticating a `Subject` when Phase 1 fails. This method is called if the `LoginContext` failed somewhere in the overall authentication chain.
public boolean commit() throws LoginException { log.debug("commit " + principal); // If authentication was not successful, just return false if (principal == null) return (false); // Add our Principal to the Subject if needed if (!subject.getPrincipals().contains(principal)) subject.getPrincipals().add(principal); committed = true; return (true); } Phase 2 of authenticating a `Subject` when Phase 1 was successful. This method is called if the `LoginContext` succeeded in the overall authentication chain.
public SecurityConstraint[] findSecurityConstraints(Request request, Context context) { ArrayList< SecurityConstraint > results = null; // Are there any defined security constraints? SecurityConstraint constraints[] = context.findConstraints(); if ((constraints == null) \|\| (constraints.length == 0)) { if (context.getLogger().isDebugEnabled()) context.getLogger().debug(" No applicable constraints defined"); return (null); } // Check each defined security constraint String uri = request.getDecodedRequestURI(); String contextPath = request.getContextPath(); if (contextPath.length() > 0) uri = uri.substring(contextPath.length()); uri = RequestUtil.URLDecode(uri); // Before checking constraints String method = request.getMethod(); for (int i = 0; i < constraints.length; i++) { if (context.getLogger().isDebugEnabled()) context.getLogger().debug(" Checking constraint '" + constraints[i] + "' against " + method + " " + uri + " -- > " + constraints[i].included(uri, method)); if (constraints[i].included(uri, method)) { if(results == null) { results = new ArrayList< SecurityConstraint >(); } results.add(constraints[i]); } } // No applicable security constraint was found if (context.getLogger().isDebugEnabled()) context.getLogger().debug(" No applicable constraint located"); if(results == null) return null; SecurityConstraint [] array = new SecurityConstraint[results.size()]; System.arraycopy(results.toArray(), 0, array, 0, array.length); return array; } Return the SecurityConstraints configured to guard the request URI for this request, or `null` if there is no such constraint.
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { log.debug("Init"); // Save configuration values this.subject = subject; this.callbackHandler = callbackHandler; this.sharedState = sharedState; this.options = options; // Perform instance-specific initialization if (options.get("pathname") != null) this.pathname = (String) options.get("pathname"); // Load our defined Principals load(); } Initialize this `LoginModule` with the specified configuration information.
protected void load() { // Validate the existence of our configuration file File file = new File(pathname); if (!file.isAbsolute()) file = new File(System.getProperty("catalina.base"), pathname); if (!file.exists() \|\| !file.canRead()) { log.warn("Cannot load configuration file " + file.getAbsolutePath()); return; } // Load the contents of our configuration file Digester digester = new Digester(); digester.setValidating(false); digester.addRuleSet(new MemoryRuleSet()); try { digester.push(this); digester.parse(file); } catch (Exception e) { log.warn("Error processing configuration file " + file.getAbsolutePath(), e); return; } finally { digester.reset(); } } Load the contents of our configuration file.
public boolean login() throws LoginException { // Set up our CallbackHandler requests if (callbackHandler == null) throw new LoginException("No CallbackHandler specified"); Callback callbacks[] = new Callback[2]; callbacks[0] = new NameCallback("Username: "); callbacks[1] = new PasswordCallback("Password: ", false); // Interact with the user to retrieve the username and password String username = null; String password = null; try { callbackHandler.handle(callbacks); username = ((NameCallback) callbacks[0]).getName(); password = new String(((PasswordCallback) callbacks[1]).getPassword()); } catch (IOException e) { throw new LoginException(e.toString()); } catch (UnsupportedCallbackException e) { throw new LoginException(e.toString()); } // Validate the username and password we have received principal = super.authenticate(username, password); log.debug("login " + username + " " + principal); // Report results based on success or failure if (principal != null) { return (true); } else { throw new FailedLoginException("Username or password is incorrect"); } } Phase 1 of authenticating a `Subject`.
public boolean logout() throws LoginException { subject.getPrincipals().remove(principal); committed = false; principal = null; return (true); } Log out this user.

Method from org.apache.catalina.realm.JAASMemoryLoginModule Detail:

 public boolean abort() throws LoginException {
        // If our authentication was not successful, just return false
        if (principal == null)
            return (false);
        // Clean up if overall authentication failed
        if (committed)
            logout();
        else {
            committed = false;
            principal = null;
        }
        log.debug("Abort");
        return (true);
}

Subject

LoginContext

 public boolean commit() throws LoginException {
        log.debug("commit " + principal);
        // If authentication was not successful, just return false
        if (principal == null)
            return (false);
        // Add our Principal to the Subject if needed
        if (!subject.getPrincipals().contains(principal))
            subject.getPrincipals().add(principal);
        committed = true;
        return (true);
}

Subject

LoginContext

 public SecurityConstraint[] findSecurityConstraints(Request request,
    Context context) {
        ArrayList< SecurityConstraint > results = null;
        // Are there any defined security constraints?
        SecurityConstraint constraints[] = context.findConstraints();
        if ((constraints == null) || (constraints.length == 0)) {
            if (context.getLogger().isDebugEnabled())
                context.getLogger().debug("  No applicable constraints defined");
            return (null);
        }
        // Check each defined security constraint
        String uri = request.getDecodedRequestURI();
        String contextPath = request.getContextPath();
        if (contextPath.length()  > 0)
            uri = uri.substring(contextPath.length());
        uri = RequestUtil.URLDecode(uri); // Before checking constraints
        String method = request.getMethod();
        for (int i = 0; i <  constraints.length; i++) {
            if (context.getLogger().isDebugEnabled())
                context.getLogger().debug("  Checking constraint '" + constraints[i] +
                    "' against " + method + " " + uri + " -- > " +
                    constraints[i].included(uri, method));
            if (constraints[i].included(uri, method)) {
                if(results == null) {
                    results = new ArrayList< SecurityConstraint >();
                }
                results.add(constraints[i]);
            }
        }
        // No applicable security constraint was found
        if (context.getLogger().isDebugEnabled())
            context.getLogger().debug("  No applicable constraint located");
        if(results == null)
            return null;
        SecurityConstraint [] array = new SecurityConstraint[results.size()];
        System.arraycopy(results.toArray(), 0, array, 0, array.length);
        return array;
}

null

 public  void initialize(Subject subject,
    CallbackHandler callbackHandler,
    Map sharedState,
    Map options) {
        log.debug("Init");
        // Save configuration values
        this.subject = subject;
        this.callbackHandler = callbackHandler;
        this.sharedState = sharedState;
        this.options = options;
        // Perform instance-specific initialization
        if (options.get("pathname") != null)
            this.pathname = (String) options.get("pathname");
        // Load our defined Principals
        load();
}

LoginModule

 protected  void load() {
        // Validate the existence of our configuration file
        File file = new File(pathname);
        if (!file.isAbsolute())
            file = new File(System.getProperty("catalina.base"), pathname);
        if (!file.exists() || !file.canRead()) {
            log.warn("Cannot load configuration file " + file.getAbsolutePath());
            return;
        }
        // Load the contents of our configuration file
        Digester digester = new Digester();
        digester.setValidating(false);
        digester.addRuleSet(new MemoryRuleSet());
        try {
            digester.push(this);
            digester.parse(file);
        } catch (Exception e) {
            log.warn("Error processing configuration file " +
                file.getAbsolutePath(), e);
            return;
        } finally {
            digester.reset();
        }
}

Load the contents of our configuration file.

 public boolean login() throws LoginException {
        // Set up our CallbackHandler requests
        if (callbackHandler == null)
            throw new LoginException("No CallbackHandler specified");
        Callback callbacks[] = new Callback[2];
        callbacks[0] = new NameCallback("Username: ");
        callbacks[1] = new PasswordCallback("Password: ", false);
        // Interact with the user to retrieve the username and password
        String username = null;
        String password = null;
        try {
            callbackHandler.handle(callbacks);
            username = ((NameCallback) callbacks[0]).getName();
            password =
                new String(((PasswordCallback) callbacks[1]).getPassword());
        } catch (IOException e) {
            throw new LoginException(e.toString());
        } catch (UnsupportedCallbackException e) {
            throw new LoginException(e.toString());
        }
        // Validate the username and password we have received
        principal = super.authenticate(username, password);
        log.debug("login " + username + " " + principal);
        // Report results based on success or failure
        if (principal != null) {
            return (true);
        } else {
            throw new
                FailedLoginException("Username or password is incorrect");
        }
}

Subject

 public boolean logout() throws LoginException {
        subject.getPrincipals().remove(principal);
        committed = false;
        principal = null;
        return (true);
}

Log out this user.