/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License.
*/ package org.apache.catalina;
/** * A <b>Realm</b> is a read-only facade for an underlying security realm * used to authenticate individual users, and identify the security roles * associated with those users. Realms can be attached at any Container * level, but will typically only be attached to a Context, or higher level, * Container. * * @author Craig R. McClanahan
*/ publicinterface Realm extends Contained {
/** * @return the CredentialHandler configured for this Realm.
*/
CredentialHandler getCredentialHandler();
/** * Set the CredentialHandler to be used by this Realm. * * @param credentialHandler the {@link CredentialHandler} to use
*/ void setCredentialHandler(CredentialHandler credentialHandler);
/** * Add a property change listener to this component. * * @param listener The listener to add
*/ void addPropertyChangeListener(PropertyChangeListener listener);
/** * Try to authenticate with the specified username. * * @param username Username of the Principal to look up * * @return the associated principal, or {@code null} if none is associated.
*/
Principal authenticate(String username);
/** * Try to authenticate using the specified username and * credentials. * * @param username Username of the Principal to look up * @param credentials Password or other credentials to use in * authenticating this username * * @return the associated principal, or {@code null} if there is none
*/
Principal authenticate(String username, String credentials);
/** * Try to authenticate with the specified username, which * matches the digest calculated using the given parameters using the * method described in RFC 2617 (which is a superset of RFC 2069). * * @param username Username of the Principal to look up * @param digest Digest which has been submitted by the client * @param nonce Unique (or supposedly unique) token which has been used * for this request * @param nc the nonce counter * @param cnonce the client chosen nonce * @param qop the "quality of protection" ({@code nc} and {@code cnonce} * will only be used, if {@code qop} is not {@code null}). * @param realm Realm name * @param digestA2 Second digest calculated as digest(Method + ":" + uri) * * @return the associated principal, or {@code null} if there is none. * * @deprecated Unused. Use {@link #authenticate(String, String, String, * String, String, String, String, String, String)}. Will be removed in * Tomcat 11.
*/
@Deprecated
Principal authenticate(String username, String digest,
String nonce, String nc, String cnonce,
String qop, String realm,
String digestA2);
/** * Try to authenticate with the specified username, which * matches the digest calculated using the given parameters using the * method described in RFC 7616. * <p> * The default implementation calls {@link #authenticate(String, String, * String, String, String, String, String, String)} for backwards * compatibility which effectively forces the use of MD5 regardless of the * algorithm specified in the call to this method. * <p> * Implementations are expected to override the default implementation and * take account of the algorithm parameter. * * @param username Username of the Principal to look up * @param digest Digest which has been submitted by the client * @param nonce Unique (or supposedly unique) token which has been used * for this request * @param nc the nonce counter * @param cnonce the client chosen nonce * @param qop the "quality of protection" ({@code nc} and {@code cnonce} * will only be used, if {@code qop} is not {@code null}). * @param realm Realm name * @param digestA2 Second digest calculated as digest(Method + ":" + uri) * @param algorithm The message digest algorithm to use * * @return the associated principal, or {@code null} if there is none.
*/ default Principal authenticate(String username, String digest,
String nonce, String nc, String cnonce,
String qop, String realm,
String digestA2, String algorithm) { return authenticate(username, digest, nonce, nc, cnonce, qop, realm, digestA2);
}
/** * Try to authenticate using a {@link GSSContext}. * * @param gssContext The gssContext processed by the {@link Authenticator}. * @param storeCreds Should the realm attempt to store the delegated * credentials in the returned Principal? * @return the associated principal, or {@code null} if there is none
*/
Principal authenticate(GSSContext gssContext, boolean storeCreds);
/** * Try to authenticate using a {@link GSSName}. * * @param gssName The {@link GSSName} of the principal to look up * @param gssCredential The {@link GSSCredential} of the principal, may be * {@code null} * @return the associated principal, or {@code null} if there is none
*/
Principal authenticate(GSSName gssName, GSSCredential gssCredential);
/** * Try to authenticate using a chain of {@link X509Certificate}s. * * @param certs Array of client certificates, with the first one in * the array being the certificate of the client itself. * * @return the associated principal, or {@code null} if there is none
*/
Principal authenticate(X509Certificate certs[]);
/** * Execute a periodic task, such as reloading, etc. This method will be * invoked inside the classloading context of this container. Unexpected * throwables will be caught and logged.
*/ void backgroundProcess();
/** * Find the SecurityConstraints configured to guard the request URI for * this request. * * @param request Request we are processing * @param context Context the Request is mapped to * * @return the configured {@link SecurityConstraint}, or {@code null} if * there is none
*/
SecurityConstraint [] findSecurityConstraints(Request request,
Context context);
/** * Perform access control based on the specified authorization constraint. * * @param request Request we are processing * @param response Response we are creating * @param constraint Security constraint we are enforcing * @param context The Context to which client of this class is attached. * * @return {@code true} if this constraint is satisfied and processing * should continue, or {@code false} otherwise * * @exception IOException if an input/output error occurs
*/ boolean hasResourcePermission(Request request,
Response response,
SecurityConstraint [] constraint,
Context context) throws IOException;
/** * Check if the specified Principal has the specified * security role, within the context of this Realm. * * @param wrapper wrapper context for evaluating role * @param principal Principal for whom the role is to be checked * @param role Security role to be checked * * @return {@code true} if the specified Principal has the specified * security role, within the context of this Realm; otherwise return * {@code false}.
*/ boolean hasRole(Wrapper wrapper, Principal principal, String role);
/** * Enforce any user data constraint required by the security constraint * guarding this request URI. * * @param request Request we are processing * @param response Response we are creating * @param constraint Security constraint being checked * * @return {@code true} if this constraint * was not violated and processing should continue, or {@code false} * if we have created a response already. * * @exception IOException if an input/output error occurs
*/ boolean hasUserDataPermission(Request request,
Response response,
SecurityConstraint []constraint) throws IOException;
/** * Remove a property change listener from this component. * * @param listener The listener to remove
*/ void removePropertyChangeListener(PropertyChangeListener listener);
/** * Return the availability of the realm for authentication. * @return {@code true} if the realm is able to perform authentication
*/ defaultboolean isAvailable() { returntrue;
}
}
¤ Dauer der Verarbeitung: 0.15 Sekunden
(vorverarbeitet)
¤
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
