WebLogic Server 5.1.0 API Reference

weblogic.security.acl
Class AbstractListableRealm

java.lang.Object
  |
  +--weblogic.security.acl.AbstractListableRealm

Direct Known Subclasses:

AbstractManageableRealm

public abstract class AbstractListableRealm

extends java.lang.Object

implements ListableRealm, FlatGroup.Source, DelegatedRealm

Abstract listable realm. This class provides a base from which it is easy to implement custom realms.

In order to implement a custom realm, you should only override the methods your realm knows about. For example, if your realm does not manage ACLs, you should not provide your own implementations of the ACL methods.

This class maintains a contract with the FlatGroup class for performance and correctness. If your realm provides a group abstraction, we recommend (but do not require) that your Group objects inherit from FlatGroup.

Author:

Copyright (c) 2000 BEA Systems, Inc. All Rights Reserved.

See Also:

FlatGroup

Constructor Summary

protected

AbstractListableRealm(java.lang.String auditName) Constructor to be called by public constructors in subclasses.

Method Summary

protected User	authCertificates(java.lang.String userName, java.util.Vector certificates) Attempt authentication based on any X.509 certificates the user has presented.
User	authenticate(UserInfo userInfo) Check whether some User matches the presented UserInfo and accept its credentials.
protected User	authInternal(UserInfo userInfo) The authentication dispatcher.
protected User	authSSLCertificates(java.lang.String userName, java.util.Vector certificates) Attempt authentication based on any SSL certificates the remote client has presented.
protected User	authUserPassword(java.lang.String userName, java.lang.String password) Attempt authentication based on a user name and password.
java.security.acl.Acl	getAcl(java.lang.String name) Retrieves an Access Control List (Acl) of that name, or null.
java.security.acl.Acl	getAcl(java.lang.String name, char separator) Retrieves an Access Control List (Acl) with the best matching name, or null.
java.security.Principal	getAclOwner(java.lang.Object credential) Retrieves the owner of all ACLs in a BasicRealm, or null, depending on the validity of the passed credential.
java.util.Enumeration	getAcls() Gets an Enumeration of the Acls in a ListableRealm.
java.lang.Object	getDelegator() Return the object that is delegating to this object.
java.security.acl.Group	getGroup(java.lang.String name) Retrieves a group of that name or null.
java.util.Hashtable	getGroupMembers(java.lang.String name) This is not a public method.
protected java.util.Hashtable	getGroupMembersInternal(java.lang.String name) Obtain the set of members of this group.
java.util.Enumeration	getGroups() Gets an Enumeration of the Groups in a ListableRealm.
java.lang.String	getName() Gets the name of a BasicRealm.
java.security.acl.Permission	getPermission(java.lang.String name) Retrieves a permission of that name, or null.
java.util.Enumeration	getPermissions() Gets an Enumeration of the Permissions in a ListableRealm.
User	getUser(java.lang.String name) Retrieves a User by the specified name, or null.
User	getUser(UserInfo userInfo) Deprecated.
java.util.Enumeration	getUsers() Gets an Enumeration of the in a ListableRealm.
void	init(java.lang.String name, java.lang.Object ownerCredential) Initializes a realm implementation.
void	load(java.lang.String name, java.lang.Object credential) Loads a BasicRealm from some persistent state identified in the name.
void	save(java.lang.String name) Saves the realm to some persistent state identified in the name.
void	setDelegator(java.lang.Object obj) Set the object that is delegating to this object.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractListableRealm

protected AbstractListableRealm(java.lang.String auditName)

Constructor to be called by public constructors in subclasses. If you extend this class, you must provide a public no-arg constructor that calls this constructor.

Parameters:

auditName - the name of your realm, to be used when generating audit log events

Method Detail

init

public void init(java.lang.String name,
                 java.lang.Object ownerCredential)
          throws java.security.acl.NotOwnerException

Initializes a realm implementation. Throws NotOwnerException on reinitialization if the owner credential is invalid.

Parameters:

name - Name of Realm

ownerCredential - Credentialed owner of a BasicRealm

Throws:

java.security.acl.NotOwnerException - if the owner credential is invalid

getName

public java.lang.String getName()

Gets the name of a BasicRealm.

Returns:

Name

getUser

public User getUser(java.lang.String name)

Retrieves a User by the specified name, or null.

Parameters:

User - name

Returns:

User object

getUser

public User getUser(UserInfo userInfo)

Deprecated.

Checks whether some User matches the presented UserInfo and accepts its credentials.

Parameters:

userInfo - Credentials to check against

Returns:

Authenticated User or null

authenticate

public User authenticate(UserInfo userInfo)

Check whether some User matches the presented UserInfo and accept its credentials.

By default, this implementation calls the authInternal method, and performs an audit log of the result.

Parameters:

userInfo - Credentials to check against

Returns:

Authenticated User or null

See Also:

authInternal(UserInfo userInfo)

authInternal

protected User authInternal(UserInfo userInfo)

The authentication dispatcher. This method is provided to allow realm implementors to change the order in which authentication steps take place. The default order is as follows:

• Check to see if the provided userInfo is an instance of DefaultUserInfoImpl. If it is not, return null immediately.
• If any certificates are presented, call the authCertificates method. If it succeeds, return the authenticated user object.
• If a password is presented, call the authUserPassword method. If it succeeds, return the authenticated user object.
• If the client's connection was authenticated via SSL, call the authSSLCertificates method. If it succeeds, return the authenticated user object.
• If none of the above steps has caused authentication to succeed, return null.

For example, to give precedence to an SSL client's certificates, you can simply reimplement this method and change the order in which it calls the above methods.

Parameters:

userInfo - authentication information

Returns:

authenticated user, or null if authentication failed

See Also:

authCertificates(java.lang.String, java.util.Vector), authUserPassword(java.lang.String, java.lang.String), authSSLCertificates(java.lang.String, java.util.Vector)

authCertificates

protected User authCertificates(java.lang.String userName,
                                java.util.Vector certificates)

Attempt authentication based on any X.509 certificates the user has presented. Each element in the vector is an X509 object.

The default implementation of this method calls CertAuthentication.authenticate.

Parameters:

userName - the name of the user

certificates - a vector containing X509 objects

Returns:

authenticated user, or null if authentication failed

See Also:

CertAuthentication.authenticate(java.lang.String, java.util.Vector, boolean), X509

authSSLCertificates

protected User authSSLCertificates(java.lang.String userName,
                                   java.util.Vector certificates)

Attempt authentication based on any SSL certificates the remote client has presented. Each element in the vector is an X509 object. If the connection was not established using two-way SSL authentication, this method will not be called.

The default implementation of this method calls CertAuthentication.authenticate.

Parameters:

userName - the name of the user

certificates - a vector containing X509 objects

Returns:

authenticated user, or null if authentication failed

See Also:

authCertificates(java.lang.String, java.util.Vector), X509

authUserPassword

protected User authUserPassword(java.lang.String userName,
                                java.lang.String password)

Attempt authentication based on a user name and password. The password is usually presented as plain text.

The default implementation of this method always returns null.

Parameters:

userName - the name of the user

password - the user's plain text password

Returns:

authenticated user, or null if authentication failed

getAclOwner

public java.security.Principal getAclOwner(java.lang.Object credential)

Retrieves the owner of all ACLs in a BasicRealm, or null, depending on the validity of the passed credential.

Parameters:

credential - Credentials of an owner

Returns:

Principal that is a BasicRealm owner

getGroupMembers

public java.util.Hashtable getGroupMembers(java.lang.String name)

This is not a public method. It is provided to manage the contract between FlatGroup and classes that inherit from AbstractListableRealm. It is called if the membership cache of a FlatGroup object expires.

This method tries to look for a cached Group object that has the given name. If it finds it and the object has a set of members, it returns those members. Otherwise, it calls the getGroupMembersInternal method.

Specified by:

getGroupMembers in interface FlatGroup.Source

See Also:

FlatGroup, getGroupMembersInternal(String name)

getGroupMembersInternal

protected java.util.Hashtable getGroupMembersInternal(java.lang.String name)

Obtain the set of members of this group. This method is called if the membership cache of a FlatGroup object expires. It should return a Hashtable mapping from principal names to Principal objects. If the group being requested no longer exists, it should return null.

See Also:

Principal

getGroup

public java.security.acl.Group getGroup(java.lang.String name)

Retrieves a group of that name or null.

Parameters:

name - Name of group

Returns:

Group that matches name

getAcl

public java.security.acl.Acl getAcl(java.lang.String name)

Retrieves an Access Control List (Acl) of that name, or null.

Parameters:

name - Name of ACL associated with a BasicRealm

Returns:

Acl object

getAcl

public java.security.acl.Acl getAcl(java.lang.String name,
                                    char separator)

Retrieves an Access Control List (Acl) with the best matching name, or null. A name matches if it is a prefix. The longer the prefix, the better the match. The only prefixes considered are up to, but excluding the separator character. For example: getAcl("/files/personal/bill", '.') looks for Acls named files.personal.bill, files.personal, and files and returns the one with the longest name.

Parameters:

name - Name of the Acl to retrieve

separator - Character separator

Returns:

Acl object

getPermission

public java.security.acl.Permission getPermission(java.lang.String name)

Retrieves a permission of that name, or null.

Parameters:

name - Name of permission to retrieve

Returns:

Permission object

load

public void load(java.lang.String name,
                 java.lang.Object credential)
          throws java.lang.ClassNotFoundException,
                 java.io.IOException,
                 java.security.acl.NotOwnerException

Loads a BasicRealm from some persistent state identified in the name. Different implementations differ in how they are stored persistently and how they interpret the name.

Parameters:

name - Name of BasicRealm to load

credential - Credentialed owner of a BasicRealm

Throws:

java.lang.ClassNotFoundException - if the BasicRealm cannot be found

java.io.IOException - if there is an I/O error

java.security.acl.NotOwnerException - if the credential does not match an owner

save

public void save(java.lang.String name)
          throws java.io.IOException

Saves the realm to some persistent state identified in the name. Different implementations differ in how they are stored persistently and how they interpret the name.

Parameters:

name - Name to save under

Throws:

java.io.IOException - if there is an I/O error

getUsers

public java.util.Enumeration getUsers()

Gets an Enumeration of the in a ListableRealm. The enumerated objects are of instance User.

Specified by:

getUsers in interface ListableRealm

Returns:

Enumeration of User objects

getGroups

public java.util.Enumeration getGroups()

Gets an Enumeration of the Groups in a ListableRealm. The enumerated objects are of instance Group.

Specified by:

getGroups in interface ListableRealm

Returns:

Enumeration of Group objects

getAcls

public java.util.Enumeration getAcls()

Gets an Enumeration of the Acls in a ListableRealm. The enumerated objects are of instance Acl.

Specified by:

getAcls in interface ListableRealm

Returns:

Enumeration of Acl objects

getPermissions

public java.util.Enumeration getPermissions()

Gets an Enumeration of the Permissions in a ListableRealm. The enumerated objects are of instance Permission.

Specified by:

getPermissions in interface ListableRealm

Returns:

Enumeration of Permission objects

setDelegator

public void setDelegator(java.lang.Object obj)

Set the object that is delegating to this object. A realm that delegates to this realm for some functions should call this method so that this realm knows it is being delegated to.

Specified by:

setDelegator in interface DelegatedRealm

getDelegator

public java.lang.Object getDelegator()

Return the object that is delegating to this object. If there is no delegator, null is returned.

Specified by:

getDelegator in interface DelegatedRealm