HashMapped User Realm.
An implementation of UserRealm that stores users and roles in-memory in
HashMaps.
Typically these maps are populated by calling the load() method or passing
a properties resource to the constructor. The format of the properties
file is:
username: password [,rolename ...]
Passwords may be clear text, obfuscated or checksummed. The class
com.mortbay.Util.Password should be used to generate obfuscated
passwords or password checksums.
If DIGEST Authentication is used, the password must be in a recoverable
format, either plain text or OBF:.
The HashUserRealm also implements SSORealm but provides no implementation
of SSORealm. Instead setSSORealm may be used to provide a delegate
SSORealm implementation.
addUserToRole
public void addUserToRole(String userName,
String roleName)
Add a user to a role.
authenticate
public Principal authenticate(String username,
Object credentials,
HttpRequest request)
Authenticate a users credentials.
Implementations of this method may adorn the calling context to
assoicate it with the authenticated principal (eg ThreadLocals). If
such context associations are made, they should be considered valid
until a UserRealm.deAuthenticate(UserPrincipal) call is made for this
UserPrincipal.
- authenticate in interface UserRealm
username
- The username.credentials
- The user credentials, normally a String password.request
- The request to be authenticated. Additional
parameters may be extracted or set on this request as needed
for the authentication mechanism (none required for BASIC and
FORM authentication).
- The authenticated UserPrincipal.
clearSingleSignOn
public void clearSingleSignOn(String username)
Clear SSO for user.
- clearSingleSignOn in interface SSORealm
username
- The user to clear.
disassociate
public void disassociate(Principal user)
Dissassociate the calling context with a Principal.
This method is called when the calling context is not longer
associated with the Principal. It should be used by an implementation
to remove context associations such as ThreadLocals.
The UserPrincipal object remains authenticated, as it may be
associated with other contexts.
- disassociate in interface UserRealm
user
- A UserPrincipal allocated from this realm.
dump
public void dump(PrintStream out)
getPrincipal
public Principal getPrincipal(String username)
Get the principal for a username.
This method is not guaranteed to return a Principal for non-authenticated users.
- getPrincipal in interface UserRealm
getSSORealm
public SSORealm getSSORealm()
- The SSORealm to delegate single sign on requests to.
getSingleSignOn
public Credential getSingleSignOn(HttpRequest request,
HttpResponse response)
Get SSO credentials.
This call is used by an authenticator to check if a SSO exists for a request.
If SSO authentiation is successful, the requests UserPrincipal and
AuthUser fields are set. If available, the credential used to
authenticate the user is returned. If recoverable credentials are not required then
null may be return.
- getSingleSignOn in interface SSORealm
request
- The request to SSO.response
- The response to SSO.
- A credential if available for SSO authenticated requests.
isUserInRole
public boolean isUserInRole(Principal user,
String roleName)
Check if a user is in a role.
- isUserInRole in interface UserRealm
user
- The user, which must be from this realmroleName
-
- True if the user can act in the role.
load
public void load(String config)
throws IOException
Load realm users from properties file.
The property file maps usernames to password specs followed by
an optional comma separated list of role names.
config
- Filename or url of user properties file.
logout
public void logout(Principal user)
logout a user Principal.
Called by authentication mechanisms (eg FORM) that can detect logout.
- logout in interface UserRealm
user
- A Principal previously returned from this realm
popRole
public Principal popRole(Principal user)
Pop role from a Principal.
- popRole in interface UserRealm
user
- A UserPrincipal previously returned from pushRole
- The principal without the role. Most often this will be the
original UserPrincipal passed.
pushRole
public Principal pushRole(Principal user,
String role)
Push role onto a Principal.
This method is used to add a role to an existing principal.
- pushRole in interface UserRealm
user
- An existing UserPrincipal or null for an anonymous user.role
- The role to add.
- A new UserPrincipal object that wraps the passed user, but
with the added role.
put
public Object put(Object name,
Object credentials)
Put user into realm.
name
- User namecredentials
- String password, Password or UserPrinciple
instance.
- Old UserPrinciple value or null
readExternal
public void readExternal(java.io.ObjectInput in)
throws IOException,
ClassNotFoundException
reauthenticate
public boolean reauthenticate(Principal user)
Re Authenticate a Principal.
Authenicate a principal that has previously been return from the authenticate method.
Implementations of this method may adorn the calling context to
assoicate it with the authenticated principal (eg ThreadLocals). If
such context associations are made, they should be considered valid
until a UserRealm.deAuthenticate(UserPrincipal) call is made for this
UserPrincipal.
- reauthenticate in interface UserRealm
- True if this user is still authenticated.
setName
public void setName(String name)
setSSORealm
public void setSSORealm(SSORealm ssoRealm)
Set the SSORealm.
A SSORealm implementation may be set to enable support for SSO.
ssoRealm
- The SSORealm to delegate single sign on requests to.
setSingleSignOn
public void setSingleSignOn(HttpRequest request,
HttpResponse response,
Principal principal,
Credential credential)
Set SSO principal and credential.
This call is used by an authenticator to inform the SSO mechanism that
a user has signed on. The SSO mechanism should record the principal
and credential and update the response with any cookies etc. required.
- setSingleSignOn in interface SSORealm
request
- The authenticated request.response
- The authenticated response/principal
- The principal that has been authenticated.credential
- The credentials used to authenticate.
toString
public String toString()
writeExternal
public void writeExternal(java.io.ObjectOutput out)
throws IOException