org.apache.catalina.realm

Class CatalinaLdapJdbcRealm

java.lang.Object

org.apache.catalina.util.LifecycleBase

org.apache.catalina.util.LifecycleMBeanBase

org.apache.catalina.realm.RealmBase

org.apache.catalina.realm.JNDIRealm

org.apache.catalina.realm.CatalinaLdapJdbcRealm

All Implemented Interfaces:

javax.management.MBeanRegistration, org.apache.catalina.JmxEnabled, org.apache.catalina.Lifecycle, org.apache.catalina.Realm

Direct Known Subclasses:

LdapJdbcRealm

public class CatalinaLdapJdbcRealm
extends org.apache.catalina.realm.JNDIRealm
implements org.apache.catalina.Realm

LdapJdbcRealm is a minimal implementation of a Realm to connect to LDAP for authentication and a database for authorization.

Example server.xml configuration fragment:

   <Realm className="org.apache.catalina.realm.LdapJdbcRealm"
      connectionURL="ldap://ldaphost:389"
      resourceName="LDAP Auth" driverName="oracle.jdbc.driver.OracleDriver"
      userPattern="uid={0}, ou=Portal, dc=example, dc=com"
      dbConnectionName="dbuser" dbConnectionPassword="dbpassword"
      dbConnectionURL="jdbc:oracle:thin:@oracledb:1521:dbname"
      userTable="users" userNameCol="user_id"
      userRoleTable="user_role_xref" roleNameCol="role_id" />
 

See Also:

Stack Overflow, GitHub

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.catalina.realm.JNDIRealm

org.apache.catalina.realm.JNDIRealm.User

Nested classes/interfaces inherited from class org.apache.catalina.realm.RealmBase

org.apache.catalina.realm.RealmBase.AllRolesMode

Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

org.apache.catalina.Lifecycle.SingleUse

Field Summary

Fields

Modifier and Type	Field and Description
protected static java.lang.String	info
protected static java.lang.String	name

Fields inherited from class org.apache.catalina.realm.JNDIRealm

adCompat, alternateURL, authentication, commonRole, connectionAttempt, connectionName, connectionPassword, connectionTimeout, connectionURL, context, contextFactory, DEREF_ALIASES, derefAliases, protocol, referrals, roleBase, roleBaseFormat, roleFormat, roleName, roleNested, roleSearch, roleSearchAsUser, roleSubtree, sizeLimit, spnegoDelegationQop, timeLimit, useDelegatedCredential, userBase, userPassword, userPattern, userPatternArray, userPatternFormatArray, userRoleAttribute, userRoleName, userSearch, userSearchFormat, userSubtree

Fields inherited from class org.apache.catalina.realm.RealmBase

allRolesMode, container, containerLog, realmPath, sm, stripRealmForGss, support, validate, x509UsernameRetriever, x509UsernameRetrieverClassName

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

mserver

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor and Description
CatalinaLdapJdbcRealm()

Method Summary

Modifier and Type	Method and Description
org.apache.tomcat.util.descriptor.web.SecurityConstraint[]	findSecurityConstraints(org.apache.catalina.connector.Request request, org.apache.catalina.Context context)
java.lang.String	getDbConnectionName() Return the username to use to connect to the database.
java.lang.String	getDbConnectionPassword() Return the password to use to connect to the database.
java.lang.String	getDbConnectionURL() Return the URL to use to connect to the database.
java.lang.String	getDriverName() Return the JDBC driver that will be used.
java.lang.String	getRoleNameCol() Return the column in the user role table that names a role.
protected java.util.List<java.lang.String>	getRoles(javax.naming.directory.DirContext context, org.apache.catalina.realm.JNDIRealm.User user) Return a List of roles associated with the given User.
java.lang.String	getUserNameCol() Return the column in the user table that holds the user's name.
java.lang.String	getUserRoleTable() Return the table that holds the relation between user's and roles.
java.lang.String	getUserTable() Return the table that holds user data..
boolean	hasResourcePermission(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.tomcat.util.descriptor.web.SecurityConstraint[] constraints, org.apache.catalina.Context context)
boolean	hasRole(org.apache.catalina.Wrapper wrapper, java.security.Principal principal, java.lang.String role)
boolean	hasUserDataPermission(org.apache.catalina.connector.Request request, org.apache.catalina.connector.Response response, org.apache.tomcat.util.descriptor.web.SecurityConstraint[] constraints)
void	setAllRolesMode(java.lang.String allRolesMode) Set the all roles mode.
void	setDbConnectionName(java.lang.String dbConnectionName) Set the username to use to connect to the database.
void	setDbConnectionPassword(java.lang.String dbConnectionPassword) Set the password to use to connect to the database.
void	setDbConnectionURL(java.lang.String dbConnectionURL) Set the URL to use to connect to the database.
void	setDriverName(java.lang.String driverName) Set the JDBC driver that will be used.
void	setRoleNameCol(java.lang.String roleNameCol) Set the column in the user role table that names a role.
void	setUserNameCol(java.lang.String userNameCol) Set the column in the user table that holds the user's name.
void	setUserRoleTable(java.lang.String userRoleTable) Set the table that holds the relation between user's and roles.
void	setUserTable(java.lang.String userTable) Set the table that holds user data.

Methods inherited from class org.apache.catalina.realm.JNDIRealm

authenticate, authenticate, bindAsUser, checkCredentials, close, compareCredentials, doRFC2254Encoding, getAdCompat, getAlternateURL, getAuthentication, getCommonRole, getConnectionName, getConnectionPassword, getConnectionTimeout, getConnectionURL, getContextFactory, getDerefAliases, getDirectoryContextEnvironment, getDistinguishedName, getHostnameVerifier, getHostnameVerifierClassName, getName, getPassword, getPrincipal, getPrincipal, getPrincipal, getProtocol, getReferrals, getRoleBase, getRoleName, getRoleNested, getRoleSearch, getRoleSubtree, getSizeLimit, getSpnegoDelegationQop, getTimeLimit, getUser, getUser, getUser, getUserBase, getUserByPattern, getUserByPattern, getUserBySearch, getUserPassword, getUserPattern, getUserRoleAttribute, getUserRoleName, getUserSearch, getUserSubtree, getUseStartTls, isAvailable, isRoleSearchAsUser, isUseDelegatedCredential, isUserSearchAsUser, open, parseUserPatternString, release, setAdCompat, setAlternateURL, setAuthentication, setCipherSuites, setCommonRole, setConnectionName, setConnectionPassword, setConnectionTimeout, setConnectionURL, setContextFactory, setDerefAliases, setHostnameVerifierClassName, setProtocol, setReferrals, setRoleBase, setRoleName, setRoleNested, setRoleSearch, setRoleSearchAsUser, setRoleSubtree, setSizeLimit, setSpnegoDelegationQop, setSslProtocol, setSslSocketFactoryClassName, setTimeLimit, setUseDelegatedCredential, setUserBase, setUserPassword, setUserPattern, setUserRoleAttribute, setUserRoleName, setUserSearch, setUserSearchAsUser, setUserSubtree, setUseStartTls, startInternal, stopInternal

Methods inherited from class org.apache.catalina.realm.RealmBase

addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, backgroundProcess, Digest, getAllRolesMode, getContainer, getCredentialHandler, getDigest, getDomainInternal, getObjectNameKeyProperties, getPrincipal, getRealmPath, getRealmSuffix, getRoles, getServer, getTransportGuaranteeRedirectStatus, getValidate, getX509UsernameRetrieverClassName, hasMessageDigest, initInternal, isStripRealmForGss, main, removePropertyChangeListener, setContainer, setCredentialHandler, setRealmPath, setStripRealmForGss, setTransportGuaranteeRedirectStatus, setValidate, setX509UsernameRetrieverClassName, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase

addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, init, removeLifecycleListener, setState, setState, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface org.apache.catalina.Realm

addPropertyChangeListener, authenticate, authenticate, authenticate, authenticate, authenticate, backgroundProcess, getContainer, getCredentialHandler, getRoles, isAvailable, removePropertyChangeListener, setContainer, setCredentialHandler

Field Detail

info

protected static final java.lang.String info

name

protected static final java.lang.String name

Constructor Detail

CatalinaLdapJdbcRealm

public CatalinaLdapJdbcRealm()

Method Detail

setAllRolesMode

public void setAllRolesMode(java.lang.String allRolesMode)

Set the all roles mode.

Overrides:

setAllRolesMode in class org.apache.catalina.realm.RealmBase

Parameters:

allRolesMode - authentication mode

getDbConnectionName

public java.lang.String getDbConnectionName()

Return the username to use to connect to the database.

Returns:

username

See Also:

JDBCRealm.getConnectionName()

setDbConnectionName

public void setDbConnectionName(java.lang.String dbConnectionName)

Set the username to use to connect to the database.

Parameters:

dbConnectionName - username

See Also:

JDBCRealm.setConnectionName(String)

getDbConnectionPassword

public java.lang.String getDbConnectionPassword()

Return the password to use to connect to the database.

Returns:

password

See Also:

JDBCRealm.getConnectionPassword()

setDbConnectionPassword

public void setDbConnectionPassword(java.lang.String dbConnectionPassword)

Set the password to use to connect to the database.

Parameters:

dbConnectionPassword - password

See Also:

JDBCRealm.setConnectionPassword(String)

getDbConnectionURL

public java.lang.String getDbConnectionURL()

Return the URL to use to connect to the database.

Returns:

database connection URL

See Also:

JDBCRealm.getConnectionURL()

setDbConnectionURL

public void setDbConnectionURL(java.lang.String dbConnectionURL)

Set the URL to use to connect to the database.

Parameters:

dbConnectionURL - The new connection URL

See Also:

JDBCRealm.setConnectionURL(String)

getDriverName

public java.lang.String getDriverName()

Return the JDBC driver that will be used.

Returns:

driver classname

See Also:

JDBCRealm.getDriverName()

setDriverName

public void setDriverName(java.lang.String driverName)

Set the JDBC driver that will be used.

Parameters:

driverName - The driver name

See Also:

JDBCRealm.setDriverName(String)

getUserTable

public java.lang.String getUserTable()

Return the table that holds user data..

Returns:

table name

See Also:

JDBCRealm.getUserTable()

setUserTable

public void setUserTable(java.lang.String userTable)

Set the table that holds user data.

Parameters:

userTable - The table name

See Also:

JDBCRealm.setUserTable(String)

getUserNameCol

public java.lang.String getUserNameCol()

Return the column in the user table that holds the user's name.

Returns:

username database column name

See Also:

JDBCRealm.getUserNameCol()

setUserNameCol

public void setUserNameCol(java.lang.String userNameCol)

Set the column in the user table that holds the user's name.

Parameters:

userNameCol - The column name

See Also:

JDBCRealm.setUserNameCol(String)

getUserRoleTable

public java.lang.String getUserRoleTable()

Return the table that holds the relation between user's and roles.

Returns:

user role database table name

See Also:

JDBCRealm.getUserRoleTable()

setUserRoleTable

public void setUserRoleTable(java.lang.String userRoleTable)

Set the table that holds the relation between user's and roles.

Parameters:

userRoleTable - The table name

See Also:

JDBCRealm.setUserRoleTable(String)

getRoleNameCol

public java.lang.String getRoleNameCol()

Return the column in the user role table that names a role.

Returns:

role column name

See Also:

JDBCRealm.getRoleNameCol()

setRoleNameCol

public void setRoleNameCol(java.lang.String roleNameCol)

Set the column in the user role table that names a role.

Parameters:

roleNameCol - The column name

See Also:

JDBCRealm.setRoleNameCol(String)

findSecurityConstraints

public org.apache.tomcat.util.descriptor.web.SecurityConstraint[] findSecurityConstraints(org.apache.catalina.connector.Request request,
                                                                                          org.apache.catalina.Context context)

Specified by:

findSecurityConstraints in interface org.apache.catalina.Realm

Overrides:

findSecurityConstraints in class org.apache.catalina.realm.RealmBase

hasUserDataPermission

public boolean hasUserDataPermission(org.apache.catalina.connector.Request request,
                                     org.apache.catalina.connector.Response response,
                                     org.apache.tomcat.util.descriptor.web.SecurityConstraint[] constraints)
                              throws java.io.IOException

Specified by:

hasUserDataPermission in interface org.apache.catalina.Realm

Overrides:

hasUserDataPermission in class org.apache.catalina.realm.RealmBase

Throws:

java.io.IOException

hasResourcePermission

public boolean hasResourcePermission(org.apache.catalina.connector.Request request,
                                     org.apache.catalina.connector.Response response,
                                     org.apache.tomcat.util.descriptor.web.SecurityConstraint[] constraints,
                                     org.apache.catalina.Context context)
                              throws java.io.IOException

Specified by:

hasResourcePermission in interface org.apache.catalina.Realm

Overrides:

hasResourcePermission in class org.apache.catalina.realm.RealmBase

Throws:

java.io.IOException

hasRole

public boolean hasRole(org.apache.catalina.Wrapper wrapper,
                       java.security.Principal principal,
                       java.lang.String role)

Specified by:

hasRole in interface org.apache.catalina.Realm

Overrides:

hasRole in class org.apache.catalina.realm.RealmBase

getRoles

protected java.util.List<java.lang.String> getRoles(javax.naming.directory.DirContext context,
                                                    org.apache.catalina.realm.JNDIRealm.User user)

Return a List of roles associated with the given User. If no roles are associated with this user, a zero-length List is returned.

Overrides:

getRoles in class org.apache.catalina.realm.JNDIRealm

Parameters:

context - unused. JDBC does not need this field.

user - The User to be checked

Returns:

list of role names

See Also:

JNDIRealm.getRoles(DirContext, User), JDBCRealm.getRoles(String)