org.apache.catalina.realm
Class JDBCRealm

java.lang.Object
  |
  +--org.apache.catalina.realm.RealmBase
        |
        +--org.apache.catalina.realm.JDBCRealm
All Implemented Interfaces:
Lifecycle, Realm

public final class JDBCRealm
extends RealmBase

Implmentation of Realm that works with any JDBC supported database. See the JDBCRealm.howto for more details on how to set up the database and for configuration options. TODO: - Work on authentication with non-plaintext passwords - Make sure no bad chars can get in and trick the auth and hasrole

Author:
Craig R. McClanahan, Carson McDonald

Fields inherited from class org.apache.catalina.realm.RealmBase
container, debug, info, lifecycle, md5Encoder, md5Helper, sm, started, support
 
Fields inherited from interface org.apache.catalina.Lifecycle
START_EVENT, STOP_EVENT
 
Constructor Summary
JDBCRealm()
           
 
Method Summary
 void addLifecycleListener(LifecycleListener listener)
          Add a lifecycle event listener to this component.
 void addPropertyChangeListener(java.beans.PropertyChangeListener listener)
          Add a property change listener to this component.
 java.security.Principal authenticate(java.lang.String username, byte[] credentials)
          Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
 java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)
          Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
static java.lang.String Digest(java.lang.String credentials, java.lang.String algorithm)
          Digest password using the algorithm especificied and convert the result to a corresponding hex string.
 Container getContainer()
          Return the Container with which this Realm has been associated.
 int getDebug()
          Return the debugging detail level for this component.
 java.lang.String getDigest()
          Gets the digest algorithm used for credentials in the database could be the same that MessageDigest accepts vor algorithm and "No" that is the Default
 java.lang.String getInfo()
          Return descriptive information about this Realm implementation and the corresponding version number, in the format <description>/<version>.
protected  java.lang.String getPassword(java.lang.String username)
          Return the password associated with the given principal's user name.
protected  java.security.Principal getPrincipal(java.lang.String username)
          Return the Principal associated with the given user name.
 boolean hasRole(java.security.Principal principal, java.lang.String role)
          Return true if the specified Principal has the specified security role, within the context of this Realm; otherwise return false.
static void main(java.lang.String[] args)
           
 void removeLifecycleListener(LifecycleListener listener)
          Remove a lifecycle event listener from this component.
 void removePropertyChangeListener(java.beans.PropertyChangeListener listener)
          Remove a property change listener from this component.
 void setConnectionName(java.lang.String connectionName)
          Set the name to use to connect to the database.
 void setConnectionPassword(java.lang.String connectionPassword)
          Set the password to use to connect to the database.
 void setConnectionURL(java.lang.String connectionURL)
          Set the URL to use to connect to the database.
 void setContainer(Container container)
          Set the Container with which this Realm has been associated.
 void setDebug(int debug)
          Set the debugging detail level for this component.
 void setDigest(java.lang.String algorithm)
          Gets the digest algorithm used for credentials in the database could be the same that MessageDigest accepts vor algorithm and "No" that is the Default
 void setDriverName(java.lang.String driverName)
          Set the JDBC driver that will be used.
 void setRoleNameCol(java.lang.String roleNameCol)
          Set the column in the user role table that names a role
 void setUserCredCol(java.lang.String userCredCol)
          Set the column in the user table that holds the user's credintials
 void setUserNameCol(java.lang.String userNameCol)
          Set the column in the user table that holds the user's name
 void setUserRoleTable(java.lang.String userRoleTable)
          Set the table that holds the relation between user's and roles
 void setUserTable(java.lang.String userTable)
          Set the table that holds user data.
 void start()
          Prepare for active use of the public methods of this Component.
 void stop()
          Gracefully shut down active use of the public methods of this Component.
 
Methods inherited from class org.apache.catalina.realm.RealmBase
authenticate, getDigest
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

JDBCRealm

public JDBCRealm()
Method Detail

setConnectionURL

public void setConnectionURL(java.lang.String connectionURL)
Set the URL to use to connect to the database.
Parameters:
connectionURL - The new connection URL

getContainer

public Container getContainer()
Return the Container with which this Realm has been associated.
Overrides:
getContainer in class RealmBase

setContainer

public void setContainer(Container container)
Set the Container with which this Realm has been associated.
Overrides:
setContainer in class RealmBase
Parameters:
container - The associated Container

getDebug

public int getDebug()
Return the debugging detail level for this component.
Overrides:
getDebug in class RealmBase

setDebug

public void setDebug(int debug)
Set the debugging detail level for this component.
Overrides:
setDebug in class RealmBase
Parameters:
debug - The new debugging detail level

setDriverName

public void setDriverName(java.lang.String driverName)
Set the JDBC driver that will be used.
Parameters:
driverName - The driver name

getInfo

public java.lang.String getInfo()
Return descriptive information about this Realm implementation and the corresponding version number, in the format <description>/<version>.
Overrides:
getInfo in class RealmBase

setRoleNameCol

public void setRoleNameCol(java.lang.String roleNameCol)
Set the column in the user role table that names a role
Parameters:
userRoleNameCol - The column name

setUserCredCol

public void setUserCredCol(java.lang.String userCredCol)
Set the column in the user table that holds the user's credintials
Parameters:
userCredCol - The column name

setUserNameCol

public void setUserNameCol(java.lang.String userNameCol)
Set the column in the user table that holds the user's name
Parameters:
userNameCol - The column name

setUserRoleTable

public void setUserRoleTable(java.lang.String userRoleTable)
Set the table that holds the relation between user's and roles
Parameters:
userRoleTable - The table name

setUserTable

public void setUserTable(java.lang.String userTable)
Set the table that holds user data.
Parameters:
userTable - The table name

setConnectionName

public void setConnectionName(java.lang.String connectionName)
Set the name to use to connect to the database.
Parameters:
connectionName - User name

setConnectionPassword

public void setConnectionPassword(java.lang.String connectionPassword)
Set the password to use to connect to the database.
Parameters:
connectionPassword - User password

getDigest

public java.lang.String getDigest()
Gets the digest algorithm used for credentials in the database could be the same that MessageDigest accepts vor algorithm and "No" that is the Default

setDigest

public void setDigest(java.lang.String algorithm)
Gets the digest algorithm used for credentials in the database could be the same that MessageDigest accepts vor algorithm and "No" that is the Default
Parameters:
algorithm - the Encode type

addPropertyChangeListener

public void addPropertyChangeListener(java.beans.PropertyChangeListener listener)
Add a property change listener to this component.
Overrides:
addPropertyChangeListener in class RealmBase
Parameters:
listener - The listener to add

authenticate

public java.security.Principal authenticate(java.lang.String username,
                                            java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null. If there are any errors with the JDBC connection, executing the query or anything we return null (don't authenticate). This event is also logged. If there is some SQL exception the connection is set to null. This will allow a retry on the next auth attempt. This might not be the best thing to do but it will keep Catalina from needing a restart if the database goes down.
Overrides:
authenticate in class RealmBase
Parameters:
username - Username of the Principal to look up
credentials - Password or other credentials to use in authenticating this username

authenticate

public java.security.Principal authenticate(java.lang.String username,
                                            byte[] credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null. See other authenticate for more details.
Overrides:
authenticate in class RealmBase
Parameters:
username - Username of the Principal to look up
credentials - Password or other credentials to use in authenticating this username

hasRole

public boolean hasRole(java.security.Principal principal,
                       java.lang.String role)
Return true if the specified Principal has the specified security role, within the context of this Realm; otherwise return false. If there are any errors with the JDBC connection, executing the query or anything we return false (not in role set). This event is also logged. If there is some SQL exception the connection is set to null. This will allow a retry on the next auth attempt. This might not be the best thing to do but it will keep Catalina from needing a restart if the database goes down.
Overrides:
hasRole in class RealmBase
Parameters:
principal - Principal for whom the role is to be checked
role - Security role to be checked

removePropertyChangeListener

public void removePropertyChangeListener(java.beans.PropertyChangeListener listener)
Remove a property change listener from this component.
Overrides:
removePropertyChangeListener in class RealmBase
Parameters:
listener - The listener to remove

getPassword

protected java.lang.String getPassword(java.lang.String username)
Return the password associated with the given principal's user name.
Overrides:
getPassword in class RealmBase

getPrincipal

protected java.security.Principal getPrincipal(java.lang.String username)
Return the Principal associated with the given user name.
Overrides:
getPrincipal in class RealmBase

addLifecycleListener

public void addLifecycleListener(LifecycleListener listener)
Add a lifecycle event listener to this component.
Overrides:
addLifecycleListener in class RealmBase
Parameters:
listener - The listener to add

removeLifecycleListener

public void removeLifecycleListener(LifecycleListener listener)
Remove a lifecycle event listener from this component.
Overrides:
removeLifecycleListener in class RealmBase
Parameters:
listener - The listener to remove

start

public void start()
           throws LifecycleException
Prepare for active use of the public methods of this Component. The DriverManager is initiated here. The initial database connection is also formed.
Overrides:
start in class RealmBase
Throws:
IllegalStateException - if this component has already been started
LifecycleException - if this component detects a fatal error that prevents it from being started

stop

public void stop()
          throws LifecycleException
Gracefully shut down active use of the public methods of this Component. If there is a connection it is closed.
Overrides:
stop in class RealmBase
Throws:
IllegalStateException - if this component has not been started
LifecycleException - if this component detects a fatal error that needs to be reported

Digest

public static final java.lang.String Digest(java.lang.String credentials,
                                            java.lang.String algorithm)
Digest password using the algorithm especificied and convert the result to a corresponding hex string. If exception, the plain credentials string is returned
Parameters:
credentials - Password or other credentials to use in authenticating this username
algorithm - Algorithm used to do th digest

main

public static void main(java.lang.String[] args)


Copyright © 2000 Apache Software Foundation. All Rights Reserved.