org.apache.catalina.realm

Class CatalinaLdapDataSourceRealm

java.lang.Object

org.apache.catalina.util.LifecycleBase

org.apache.catalina.util.LifecycleMBeanBase

org.apache.catalina.realm.RealmBase

org.apache.catalina.realm.JNDIRealm

org.apache.catalina.realm.CatalinaLdapDataSourceRealm

All Implemented Interfaces:

javax.management.MBeanRegistration, org.apache.catalina.JmxEnabled, org.apache.catalina.Lifecycle, org.apache.catalina.Realm

Direct Known Subclasses:

LdapDataSourceRealm

public class CatalinaLdapDataSourceRealm
extends org.apache.catalina.realm.JNDIRealm
implements org.apache.catalina.Realm

CatalinaLdapDataSourceRealm is a minimal implementation of a Realm to connect to LDAP for authentication and a database for authorization.

Example server.xml configuration fragment:

        <Realm 
            className="de.nikem.nest.tomcatrealms.ldapjdbc.LdapDataSourceRealm"
            
            connectionName="ad001\z00084or"
            connectionPassword="xxx"

            authentication="simple"
            connectionURL="ldaps://ad001.siemens.net:636/dc=ad001,dc=siemens,dc=net"
            referrals="follow"
            userSearch="(sAMAccountName={0})"
            userBase="OU=Users,OU=_Central,OU=40DE000,OU=40DE,OU=RA006" 
            userSubtree="true"
            
            dataSourceName="jdbc/shopfloor_local"
            
            roleNameCol="role_name" 
            userCredCol="password" 
            userNameCol="user_name" 
            userRoleTable="v_user_role" 
            userTable=""USER""
            
            />
 

See Also:

Stack Overflow, GitHub

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.catalina.realm.JNDIRealm

org.apache.catalina.realm.JNDIRealm.User

Nested classes/interfaces inherited from class org.apache.catalina.realm.RealmBase

org.apache.catalina.realm.RealmBase.AllRolesMode

Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

org.apache.catalina.Lifecycle.SingleUse

Field Summary

Fields

Modifier and Type	Field and Description
protected static java.lang.String	info
protected static java.lang.String	name

Fields inherited from class org.apache.catalina.realm.JNDIRealm

adCompat, alternateURL, authentication, commonRole, connectionAttempt, connectionName, connectionPassword, connectionTimeout, connectionURL, context, contextFactory, DEREF_ALIASES, derefAliases, protocol, referrals, roleBase, roleBaseFormat, roleFormat, roleName, roleNested, roleSearch, roleSearchAsUser, roleSubtree, sizeLimit, spnegoDelegationQop, timeLimit, useDelegatedCredential, userBase, userPassword, userPattern, userPatternArray, userPatternFormatArray, userRoleAttribute, userRoleName, userSearch, userSearchFormat, userSubtree

Fields inherited from class org.apache.catalina.realm.RealmBase

allRolesMode, container, containerLog, realmPath, sm, stripRealmForGss, support, validate, x509UsernameRetriever, x509UsernameRetrieverClassName

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

mserver

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor and Description
CatalinaLdapDataSourceRealm()

Method Summary

Modifier and Type	Method and Description
java.security.Principal	authenticate(java.lang.String username, java.lang.String credentials)
org.apache.tomcat.util.descriptor.web.SecurityConstraint[]	findSecurityConstraints(org.apache.catalina.connector.Request request, org.apache.catalina.Context context)
java.lang.String	getDataSourceName()
org.apache.catalina.realm.DataSourceRealm	getDataSourceRealm()
java.lang.String	getRoleNameCol() Return the column in the user role table that names a role.
protected java.util.List<java.lang.String>	getRoles(javax.naming.directory.DirContext context, org.apache.catalina.realm.JNDIRealm.User user) Return a List of roles associated with the given User.
java.lang.String	getUserCredCol()
java.lang.String	getUserNameCol() Return the column in the user table that holds the user's name.
java.lang.String	getUserRoleTable() Return the table that holds the relation between user's and roles.
java.lang.String	getUserTable() Return the table that holds user data..
boolean	hasResourcePermission(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.tomcat.util.descriptor.web.SecurityConstraint[] constraints, org.apache.catalina.Context context)
boolean	hasRole(org.apache.catalina.Wrapper wrapper, java.security.Principal principal, java.lang.String role)
boolean	hasUserDataPermission(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.tomcat.util.descriptor.web.SecurityConstraint[] constraints)
protected void	initInternal()
void	setAllRolesMode(java.lang.String allRolesMode) Set the all roles mode.
void	setContainer(org.apache.catalina.Container container)
void	setDataSourceName(java.lang.String dataSourceName) Set the name of the JNDI JDBC DataSource.
void	setRoleNameCol(java.lang.String roleNameCol) Set the column in the user role table that names a role.
void	setUserCredCol(java.lang.String userCredCol)
void	setUserNameCol(java.lang.String userNameCol) Set the column in the user table that holds the user's name.
void	setUserRoleTable(java.lang.String userRoleTable) Set the table that holds the relation between user's and roles.
void	setUserTable(java.lang.String userTable) Set the table that holds user data.
protected void	startInternal()

Methods inherited from class org.apache.catalina.realm.JNDIRealm

authenticate, bindAsUser, checkCredentials, close, compareCredentials, doRFC2254Encoding, getAdCompat, getAlternateURL, getAuthentication, getCommonRole, getConnectionName, getConnectionPassword, getConnectionTimeout, getConnectionURL, getContextFactory, getDerefAliases, getDirectoryContextEnvironment, getDistinguishedName, getHostnameVerifier, getHostnameVerifierClassName, getName, getPassword, getPrincipal, getPrincipal, getPrincipal, getProtocol, getReferrals, getRoleBase, getRoleName, getRoleNested, getRoleSearch, getRoleSubtree, getSizeLimit, getSpnegoDelegationQop, getTimeLimit, getUser, getUser, getUser, getUserBase, getUserByPattern, getUserByPattern, getUserBySearch, getUserPassword, getUserPattern, getUserRoleAttribute, getUserRoleName, getUserSearch, getUserSubtree, getUseStartTls, isAvailable, isRoleSearchAsUser, isUseDelegatedCredential, isUserSearchAsUser, open, parseUserPatternString, release, setAdCompat, setAlternateURL, setAuthentication, setCipherSuites, setCommonRole, setConnectionName, setConnectionPassword, setConnectionTimeout, setConnectionURL, setContextFactory, setDerefAliases, setHostnameVerifierClassName, setProtocol, setReferrals, setRoleBase, setRoleName, setRoleNested, setRoleSearch, setRoleSearchAsUser, setRoleSubtree, setSizeLimit, setSpnegoDelegationQop, setSslProtocol, setSslSocketFactoryClassName, setTimeLimit, setUseDelegatedCredential, setUserBase, setUserPassword, setUserPattern, setUserRoleAttribute, setUserRoleName, setUserSearch, setUserSearchAsUser, setUserSubtree, setUseStartTls, stopInternal

Methods inherited from class org.apache.catalina.realm.RealmBase

addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, backgroundProcess, Digest, getAllRolesMode, getContainer, getCredentialHandler, getDigest, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getRealmPath, getRealmSuffix, getRoles, getServer, getTransportGuaranteeRedirectStatus, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, isStripRealmForGss, main, removePropertyChangeListener, setCredentialHandler, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setValidate, setX509UsernameRetrieverClassName, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase

addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.catalina.Realm

addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, backgroundProcess, getContainer, getCredentialHandler, getRoles, isAvailable, removePropertyChangeListener, setCredentialHandler

Field Detail

info

protected static final java.lang.String info

name

protected static final java.lang.String name

Constructor Detail

CatalinaLdapDataSourceRealm

public CatalinaLdapDataSourceRealm()

Method Detail

initInternal

protected void initInternal()
                     throws org.apache.catalina.LifecycleException

Overrides:

initInternal in class org.apache.catalina.realm.RealmBase

Throws:

org.apache.catalina.LifecycleException

startInternal

protected void startInternal()
                      throws org.apache.catalina.LifecycleException

Overrides:

startInternal in class org.apache.catalina.realm.JNDIRealm

Throws:

org.apache.catalina.LifecycleException

setContainer

public void setContainer(org.apache.catalina.Container container)

Specified by:

setContainer in interface org.apache.catalina.Realm

Overrides:

setContainer in class org.apache.catalina.realm.RealmBase

authenticate

public java.security.Principal authenticate(java.lang.String username,
                                            java.lang.String credentials)

Specified by:

authenticate in interface org.apache.catalina.Realm

Overrides:

authenticate in class org.apache.catalina.realm.JNDIRealm

setAllRolesMode

public void setAllRolesMode(java.lang.String allRolesMode)

Set the all roles mode.

Overrides:

setAllRolesMode in class org.apache.catalina.realm.RealmBase

Parameters:

allRolesMode - authentication mode

getUserTable

public java.lang.String getUserTable()

Return the table that holds user data..

Returns:

table name

See Also:

JDBCRealm.getUserTable()

setUserTable

public void setUserTable(java.lang.String userTable)

Set the table that holds user data.

Parameters:

userTable - The table name

See Also:

JDBCRealm.setUserTable(String)

getUserNameCol

public java.lang.String getUserNameCol()

Return the column in the user table that holds the user's name.

Returns:

username database column name

See Also:

JDBCRealm.getUserNameCol()

setUserNameCol

public void setUserNameCol(java.lang.String userNameCol)

Set the column in the user table that holds the user's name.

Parameters:

userNameCol - The column name

See Also:

JDBCRealm.setUserNameCol(String)

getUserRoleTable

public java.lang.String getUserRoleTable()

Return the table that holds the relation between user's and roles.

Returns:

user role database table name

See Also:

JDBCRealm.getUserRoleTable()

setUserRoleTable

public void setUserRoleTable(java.lang.String userRoleTable)

Set the table that holds the relation between user's and roles.

Parameters:

userRoleTable - The table name

See Also:

JDBCRealm.setUserRoleTable(String)

getRoleNameCol

public java.lang.String getRoleNameCol()

Return the column in the user role table that names a role.

Returns:

role column name

See Also:

JDBCRealm.getRoleNameCol()

setRoleNameCol

public void setRoleNameCol(java.lang.String roleNameCol)

Set the column in the user role table that names a role.

Parameters:

roleNameCol - The column name

See Also:

JDBCRealm.setRoleNameCol(String)

getUserCredCol

public java.lang.String getUserCredCol()

Returns:

the column in the user table that holds the user's credentials.

See Also:

DataSourceRealm.getUserCredCol()

setUserCredCol

public void setUserCredCol(java.lang.String userCredCol)

Parameters:

userCredCol - the column in the user table that holds the user's credentials.

See Also:

DataSourceRealm.setUserCredCol(java.lang.String)

findSecurityConstraints

public org.apache.tomcat.util.descriptor.web.SecurityConstraint[] findSecurityConstraints(org.apache.catalina.connector.Request request,
                                                                                          org.apache.catalina.Context context)

Specified by:

findSecurityConstraints in interface org.apache.catalina.Realm

Overrides:

findSecurityConstraints in class org.apache.catalina.realm.RealmBase

hasUserDataPermission

public boolean hasUserDataPermission(org.apache.catalina.connector.Request request,
                                     org.apache.catalina.connector.Response response,
                                     org.apache.tomcat.util.descriptor.web.SecurityConstraint[] constraints)
                              throws java.io.IOException

Specified by:

hasUserDataPermission in interface org.apache.catalina.Realm

Overrides:

hasUserDataPermission in class org.apache.catalina.realm.RealmBase

Throws:

java.io.IOException

hasResourcePermission

public boolean hasResourcePermission(org.apache.catalina.connector.Request request,
                                     org.apache.catalina.connector.Response response,
                                     org.apache.tomcat.util.descriptor.web.SecurityConstraint[] constraints,
                                     org.apache.catalina.Context context)
                              throws java.io.IOException

Specified by:

hasResourcePermission in interface org.apache.catalina.Realm

Overrides:

hasResourcePermission in class org.apache.catalina.realm.RealmBase

Throws:

java.io.IOException

hasRole

public boolean hasRole(org.apache.catalina.Wrapper wrapper,
                       java.security.Principal principal,
                       java.lang.String role)

Specified by:

hasRole in interface org.apache.catalina.Realm

Overrides:

hasRole in class org.apache.catalina.realm.RealmBase

getRoles

protected java.util.List<java.lang.String> getRoles(javax.naming.directory.DirContext context,
                                                    org.apache.catalina.realm.JNDIRealm.User user)

Return a List of roles associated with the given User. If no roles are associated with this user, a zero-length List is returned.

Overrides:

getRoles in class org.apache.catalina.realm.JNDIRealm

Parameters:

context - unused. JDBC does not need this field.

user - The User to be checked

Returns:

list of role names

See Also:

JNDIRealm.getRoles(DirContext, User), JDBCRealm.getRoles(String)

getDataSourceName

public java.lang.String getDataSourceName()

Returns:

the name of the JNDI JDBC DataSource.

setDataSourceName

public void setDataSourceName(java.lang.String dataSourceName)

Set the name of the JNDI JDBC DataSource.

Parameters:

dataSourceName - the name of the JNDI JDBC DataSource

getDataSourceRealm

public org.apache.catalina.realm.DataSourceRealm getDataSourceRealm()