You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2011/10/22 23:14:22 UTC
svn commit: r1187797 - /tomcat/trunk/java/org/apache/catalina/realm/
Author: markt
Date: Sat Oct 22 21:14:22 2011
New Revision: 1187797
URL: http://svn.apache.org/viewvc?rev=1187797&view=rev
Log:
Whitespace removal from /java/org/apache/catalina/realm
Modified:
tomcat/trunk/java/org/apache/catalina/realm/CombinedRealm.java
tomcat/trunk/java/org/apache/catalina/realm/Constants.java
tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
tomcat/trunk/java/org/apache/catalina/realm/GenericPrincipal.java
tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java
tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java
tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
tomcat/trunk/java/org/apache/catalina/realm/LockOutRealm.java
tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java
tomcat/trunk/java/org/apache/catalina/realm/MemoryRuleSet.java
tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
tomcat/trunk/java/org/apache/catalina/realm/UserDatabaseRealm.java
tomcat/trunk/java/org/apache/catalina/realm/mbeans-descriptors.xml
Modified: tomcat/trunk/java/org/apache/catalina/realm/CombinedRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/CombinedRealm.java?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/CombinedRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/CombinedRealm.java Sat Oct 22 21:14:22 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -61,10 +61,10 @@ public class CombinedRealm extends Realm
*/
public void addRealm(Realm theRealm) {
realms.add(theRealm);
-
+
if (log.isDebugEnabled()) {
sm.getString("combinedRealm.addRealm",
- theRealm.getClass().getName(),
+ theRealm.getClass().getName(),
Integer.toString(realms.size()));
}
}
@@ -103,7 +103,7 @@ public class CombinedRealm extends Realm
String nonce, String nc, String cnonce, String qop,
String realmName, String md5a2) {
Principal authenticatedUser = null;
-
+
for (Realm realm : realms) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("combinedRealm.authStart", username,
@@ -141,7 +141,7 @@ public class CombinedRealm extends Realm
@Override
public Principal authenticate(String username, String credentials) {
Principal authenticatedUser = null;
-
+
for (Realm realm : realms) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("combinedRealm.authStart", username,
@@ -180,7 +180,7 @@ public class CombinedRealm extends Realm
((RealmBase) realm).setRealmPath(
getRealmPath() + "/realm" + realms.indexOf(realm));
}
-
+
// Set the container for sub-realms. Mainly so logging works.
realm.setContainer(container);
}
@@ -200,7 +200,7 @@ public class CombinedRealm extends Realm
protected void startInternal() throws LifecycleException {
// Start 'sub-realms' then this one
Iterator<Realm> iter = realms.iterator();
-
+
while (iter.hasNext()) {
Realm realm = iter.next();
if (realm instanceof Lifecycle) {
@@ -234,7 +234,7 @@ public class CombinedRealm extends Realm
if (realm instanceof Lifecycle) {
((Lifecycle) realm).stop();
}
- }
+ }
}
@@ -252,7 +252,7 @@ public class CombinedRealm extends Realm
if (certs != null && certs.length >0) {
username = certs[0].getSubjectDN().getName();
}
-
+
for (Realm realm : realms) {
if (log.isDebugEnabled()) {
log.debug(sm.getString("combinedRealm.authStart", username,
@@ -285,7 +285,7 @@ public class CombinedRealm extends Realm
if (gssContext.isEstablished()) {
Principal authenticatedUser = null;
String username = null;
-
+
GSSName name = null;
try {
name = gssContext.getSrcName();
@@ -293,7 +293,7 @@ public class CombinedRealm extends Realm
log.warn(sm.getString("realmBase.gssNameFail"), e);
return null;
}
-
+
username = name.toString();
for (Realm realm : realms) {
@@ -319,11 +319,11 @@ public class CombinedRealm extends Realm
}
return authenticatedUser;
}
-
+
// Fail in all other cases
return null;
}
-
+
@Override
protected String getName() {
return name;
Modified: tomcat/trunk/java/org/apache/catalina/realm/Constants.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/Constants.java?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/Constants.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/Constants.java Sat Oct 22 21:14:22 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -30,7 +30,7 @@ package org.apache.catalina.realm;
public final class Constants {
public static final String Package = "org.apache.catalina.realm";
-
+
// Authentication methods for login configuration
public static final String FORM_METHOD = "FORM";
Modified: tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/DataSourceRealm.java Sat Oct 22 21:14:22 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -248,13 +248,13 @@ public class DataSourceRealm extends Rea
*/
@Override
public Principal authenticate(String username, String credentials) {
-
+
// No user or no credentials
// Can't possibly authenticate, don't bother the database then
if (username == null || credentials == null) {
return null;
}
-
+
Connection dbConnection = null;
// Ensure that we have an open database connection
@@ -263,10 +263,10 @@ public class DataSourceRealm extends Rea
// If the db connection open fails, return "not authenticated"
return null;
}
-
+
// Acquire a Principal object for this user
Principal principal = authenticate(dbConnection, username, credentials);
-
+
close(dbConnection);
return principal;
@@ -338,7 +338,7 @@ public class DataSourceRealm extends Rea
try {
if (!dbConnection.getAutoCommit()) {
dbConnection.commit();
- }
+ }
} catch (SQLException e) {
containerLog.error("Exception committing connection before closing:", e);
}
@@ -372,7 +372,7 @@ public class DataSourceRealm extends Rea
} catch (Exception e) {
// Log the problem for posterity
containerLog.error(sm.getString("dataSourceRealm.exception"), e);
- }
+ }
return null;
}
@@ -401,18 +401,18 @@ public class DataSourceRealm extends Rea
}
try {
- return getPassword(dbConnection, username);
+ return getPassword(dbConnection, username);
} finally {
close(dbConnection);
}
}
-
+
/**
* Return the password associated with the given principal's user name.
* @param dbConnection The database connection to be used
* @param username Username for which password should be retrieved
*/
- protected String getPassword(Connection dbConnection,
+ protected String getPassword(Connection dbConnection,
String username) {
ResultSet rs = null;
@@ -427,7 +427,7 @@ public class DataSourceRealm extends Rea
}
return (dbCredentials != null) ? dbCredentials.trim() : null;
-
+
} catch(SQLException e) {
containerLog.error(
sm.getString("dataSourceRealm.getPassword.exception",
@@ -444,10 +444,10 @@ public class DataSourceRealm extends Rea
containerLog.error(
sm.getString("dataSourceRealm.getPassword.exception",
username));
-
+
}
}
-
+
return null;
}
@@ -491,7 +491,7 @@ public class DataSourceRealm extends Rea
close(dbConnection);
}
}
-
+
/**
* Return the roles associated with the given user name
* @param dbConnection The database connection to be used
@@ -499,16 +499,16 @@ public class DataSourceRealm extends Rea
*/
protected ArrayList<String> getRoles(Connection dbConnection,
String username) {
-
+
ResultSet rs = null;
PreparedStatement stmt = null;
ArrayList<String> list = null;
-
+
try {
stmt = roles(dbConnection, username);
rs = stmt.executeQuery();
list = new ArrayList<String>();
-
+
while (rs.next()) {
String role = rs.getString(1);
if (role != null) {
@@ -534,7 +534,7 @@ public class DataSourceRealm extends Rea
username));
}
}
-
+
return null;
}
@@ -558,7 +558,7 @@ public class DataSourceRealm extends Rea
return (credentials);
}
-
+
/**
* Return a PreparedStatement configured to perform the SELECT required
* to retrieve user roles for the specified username.
@@ -571,7 +571,7 @@ public class DataSourceRealm extends Rea
private PreparedStatement roles(Connection dbConnection, String username)
throws SQLException {
- PreparedStatement roles =
+ PreparedStatement roles =
dbConnection.prepareStatement(preparedRoles);
roles.setString(1, username);
@@ -612,7 +612,7 @@ public class DataSourceRealm extends Rea
temp.append(userNameCol);
temp.append(" = ?");
preparedCredentials = temp.toString();
-
+
super.startInternal();
}
}
Modified: tomcat/trunk/java/org/apache/catalina/realm/GenericPrincipal.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/GenericPrincipal.java?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/GenericPrincipal.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/GenericPrincipal.java Sat Oct 22 21:14:22 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -77,14 +77,14 @@ public class GenericPrincipal implements
* @param name The username of the user represented by this Principal
* @param password Credentials used to authenticate this user
* @param roles List of roles (must be Strings) possessed by this user
- * @param userPrincipal - the principal to be returned from the request
+ * @param userPrincipal - the principal to be returned from the request
* getUserPrincipal call if not null; if null, this will be returned
*/
public GenericPrincipal(String name, String password, List<String> roles,
Principal userPrincipal) {
this(name, password, roles, userPrincipal, null);
}
-
+
/**
* Construct a new Principal, associated with the specified Realm, for the
* specified username and password, with the specified role names
@@ -93,7 +93,7 @@ public class GenericPrincipal implements
* @param name The username of the user represented by this Principal
* @param password Credentials used to authenticate this user
* @param roles List of roles (must be Strings) possessed by this user
- * @param userPrincipal - the principal to be returned from the request
+ * @param userPrincipal - the principal to be returned from the request
* getUserPrincipal call if not null; if null, this will be returned
* @param loginContext - If provided, this will be used to log out the user
* at the appropriate time
@@ -102,7 +102,7 @@ public class GenericPrincipal implements
Principal userPrincipal, LoginContext loginContext) {
this(name, password, roles, userPrincipal, loginContext, null);
}
-
+
/**
* Construct a new Principal, associated with the specified Realm, for the
* specified username and password, with the specified role names
@@ -111,7 +111,7 @@ public class GenericPrincipal implements
* @param name The username of the user represented by this Principal
* @param password Credentials used to authenticate this user
* @param roles List of roles (must be Strings) possessed by this user
- * @param userPrincipal - the principal to be returned from the request
+ * @param userPrincipal - the principal to be returned from the request
* getUserPrincipal call if not null; if null, this will be returned
* @param loginContext - If provided, this will be used to log out the user
* at the appropriate time
@@ -183,7 +183,7 @@ public class GenericPrincipal implements
}
}
-
+
/**
* The JAAS LoginContext, if any, used to authenticate this Principal.
* Kept so we can call logout().
@@ -240,16 +240,16 @@ public class GenericPrincipal implements
}
-
+
/**
* Calls logout, if necessary, on any associated JAASLoginContext. May in
* the future be extended to cover other logout requirements.
- *
+ *
* @throws Exception If something goes wrong with the logout. Uses Exception
* to allow for future expansion of this method to cover
* other logout mechanisms that might throw a different
* exception to LoginContext
- *
+ *
*/
public void logout() throws Exception {
if (loginContext != null) {
Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JAASCallbackHandler.java Sat Oct 22 21:14:22 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -37,7 +37,7 @@ import org.apache.tomcat.util.res.String
* (or possible).</p>
*
* <p>This <code>CallbackHandler</code> will pre-digest the supplied
- * password, if required by the <code><Realm></code> element in
+ * password, if required by the <code><Realm></code> element in
* <code>server.xml</code>.</p>
* <p>At present, <code>JAASCallbackHandler</code> knows how to handle callbacks of
* type <code>javax.security.auth.callback.NameCallback</code> and
@@ -77,7 +77,7 @@ public class JAASCallbackHandler impleme
}
}
-
+
/**
* Construct a callback handler for DIGEST authentication.
*
@@ -91,7 +91,7 @@ public class JAASCallbackHandler impleme
* @param realmName Realm name
* @param md5a2 Second MD5 digest used to calculate the digest
* MD5(Method + ":" + uri)
- * @param authMethod The authentication method in use
+ * @param authMethod The authentication method in use
*/
public JAASCallbackHandler(JAASRealm realm, String username,
String password, String nonce, String nc,
@@ -135,12 +135,12 @@ public class JAASCallbackHandler impleme
* Server generated nonce.
*/
protected String nonce = null;
-
+
/**
* Nonce count.
*/
protected String nc = null;
-
+
/**
* Client generated nonce.
*/
@@ -174,7 +174,7 @@ public class JAASCallbackHandler impleme
* This implementation only recognizes {@link NameCallback},
* {@link PasswordCallback} and {@link TextInputCallback}.
* {@link TextInputCallback} is used to pass the various additional
- * parameters required for DIGEST authentication.
+ * parameters required for DIGEST authentication.
*
* @param callbacks The set of <code>Callback</code>s to be processed
*
Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java Sat Oct 22 21:14:22 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -190,7 +190,7 @@ public class JAASMemoryLoginModule exten
subject.getPrincipals().add(
new GenericPrincipal(null, roles[i], null));
}
-
+
}
}
@@ -199,7 +199,7 @@ public class JAASMemoryLoginModule exten
}
-
+
/**
* Initialize this <code>LoginModule</code> with the specified
* configuration information.
Modified: tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JAASRealm.java Sat Oct 22 21:14:22 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -93,7 +93,7 @@ import org.apache.tomcat.util.ExceptionU
* application name used to obtain the JAAS LoginContext ("Catalina" in
* a default installation). Tomcat must be able to find an application
* with this name in the JAAS configuration file. Here is a hypothetical
- * JAAS configuration file entry for a database-oriented login module that uses
+ * JAAS configuration file entry for a database-oriented login module that uses
* a Tomcat-managed JNDI database resource:
* <blockquote><pre>Catalina {
org.foobar.auth.DatabaseLoginModule REQUIRED
@@ -112,12 +112,12 @@ org.foobar.auth.DatabaseLoginModule REQU
<blockquote><code>CATALINA_OPTS="-Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas.config"</code></blockquote>
* </li>
* <li>As part of the login process, JAASRealm registers its own <code>CallbackHandler</code>,
- * called (unsurprisingly) <code>JAASCallbackHandler</code>. This handler supplies the
+ * called (unsurprisingly) <code>JAASCallbackHandler</code>. This handler supplies the
* HTTP requests's username and credentials to the user-supplied <code>LoginModule</code></li>
* <li>As with other <code>Realm</code> implementations, digested passwords are supported if
- * the <code><Realm></code> element in <code>server.xml</code> contains a
+ * the <code><Realm></code> element in <code>server.xml</code> contains a
* <code>digest</code> attribute; <code>JAASCallbackHandler</code> will digest the password
- * prior to passing it back to the <code>LoginModule</code></li>
+ * prior to passing it back to the <code>LoginModule</code></li>
* </ul>
*
* @author Craig R. McClanahan
@@ -168,7 +168,7 @@ public class JAASRealm
// ------------------------------------------------------------- Properties
-
+
/**
* setter for the <code>appName</code> member variable
* @deprecated JAAS should use the <code>Engine</code> (domain) name and webpp/host overrides
@@ -177,7 +177,7 @@ public class JAASRealm
public void setAppName(String name) {
appName = name;
}
-
+
/**
* getter for the <code>appName</code> member variable
*/
@@ -204,7 +204,7 @@ public class JAASRealm
*/
public boolean isUseContextClassLoader() {
return useContextClassLoader;
- }
+ }
@Override
public void setContainer(Container container) {
@@ -228,11 +228,11 @@ public class JAASRealm
* that represent security roles.
*/
protected String roleClassNames = null;
-
+
public String getRoleClassNames() {
return (this.roleClassNames);
}
-
+
/**
* Sets the list of comma-delimited classes that represent roles. The
* classes in the list must implement <code>java.security.Principal</code>.
@@ -242,15 +242,15 @@ public class JAASRealm
public void setRoleClassNames(String roleClassNames) {
this.roleClassNames = roleClassNames;
}
-
+
/**
* Parses a comma-delimited list of class names, and store the class names
* in the provided List. Each class must implement
* <code>java.security.Principal</code>.
- *
+ *
* @param classNamesString a comma-delimited list of fully qualified class names.
* @param classNamesList the list in which the class names will be stored.
- * The list is cleared before being populated.
+ * The list is cleared before being populated.
*/
protected void parseClassNames(String classNamesString, List<String> classNamesList) {
classNamesList.clear();
@@ -262,7 +262,7 @@ public class JAASRealm
String[] classNames = classNamesString.split("[ ]*,[ ]*");
for (int i=0; i<classNames.length; i++) {
- if (classNames[i].length()==0) continue;
+ if (classNames[i].length()==0) continue;
try {
Class<?> principalClass = Class.forName(classNames[i], false,
loader);
@@ -276,18 +276,18 @@ public class JAASRealm
log.error("Class "+classNames[i]+" not found! Class not added.");
}
}
- }
-
+ }
+
/**
* Comma-delimited list of <code>java.security.Principal</code> classes
* that represent individual users.
*/
protected String userClassNames = null;
-
+
public String getUserClassNames() {
return (this.userClassNames);
}
-
+
/**
* Sets the list of comma-delimited classes that represent individual
* users. The classes in the list must implement
@@ -298,7 +298,7 @@ public class JAASRealm
this.userClassNames = userClassNames;
}
-
+
// --------------------------------------------------------- Public Methods
/**
@@ -314,7 +314,7 @@ public class JAASRealm
return authenticate(username,
new JAASCallbackHandler(this, username, credentials));
}
-
+
/**
* Return the <code>Principal</code> associated with the specified username
@@ -480,8 +480,8 @@ public class JAASRealm
* by the JAASLoginModule. The first <code>Principal</code> object that matches
* one of the class names supplied as a "user class" is the user Principal.
* This object is returned to the caller.
- * Any remaining principal objects returned by the LoginModules are mapped to
- * roles, but only if their respective classes match one of the "role class" classes.
+ * Any remaining principal objects returned by the LoginModules are mapped to
+ * roles, but only if their respective classes match one of the "role class" classes.
* If a user Principal cannot be constructed, return <code>null</code>.
* @param subject The <code>Subject</code> representing the logged-in user
* @param loginContext Associated with the Principal so
@@ -511,7 +511,7 @@ public class JAASRealm
log.debug(sm.getString("jaasRealm.userPrincipalSuccess", principal.getName()));
}
}
-
+
if (roleClasses.contains(principalClass)) {
roles.add(principal.getName());
if( log.isDebugEnabled() ) {
@@ -550,7 +550,7 @@ public class JAASRealm
*/
protected String makeLegalForJAAS(final String src) {
String result = src;
-
+
// Default name is "other" per JAAS spec
if(result == null) {
result = "other";
Modified: tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JDBCRealm.java Sat Oct 22 21:14:22 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -409,7 +409,7 @@ public class JDBCRealm
}
ArrayList<String> roles = getRoles(username);
-
+
// Create and return a suitable Principal for this user
return (new GenericPrincipal(username, credentials, roles));
@@ -529,14 +529,14 @@ public class JDBCRealm
int numberOfTries = 2;
while (numberOfTries>0) {
try {
-
+
// Ensure that we have an open database connection
open();
-
+
try {
stmt = credentials(dbConnection, username);
rs = stmt.executeQuery();
-
+
if (rs.next()) {
dbCredentials = rs.getString(1);
}
@@ -545,10 +545,10 @@ public class JDBCRealm
if (dbCredentials == null) {
return (null);
}
-
+
dbCredentials = dbCredentials.trim();
return dbCredentials;
-
+
} finally {
if (rs!=null) {
try {
@@ -559,21 +559,21 @@ public class JDBCRealm
}
dbConnection.commit();
}
-
+
} catch (SQLException e) {
-
+
// Log the problem for posterity
containerLog.error(sm.getString("jdbcRealm.exception"), e);
-
+
// Close the connection so that it gets reopened next time
if (dbConnection != null)
close(dbConnection);
-
+
}
-
+
numberOfTries--;
}
-
+
return (null);
}
@@ -595,7 +595,7 @@ public class JDBCRealm
* Return the roles associated with the gven user name.
*/
protected ArrayList<String> getRoles(String username) {
-
+
PreparedStatement stmt = null;
ResultSet rs = null;
@@ -610,10 +610,10 @@ public class JDBCRealm
int numberOfTries = 2;
while (numberOfTries>0) {
try {
-
+
// Ensure that we have an open database connection
open();
-
+
try {
// Accumulate the user's roles
ArrayList<String> roleList = new ArrayList<String>();
@@ -627,9 +627,9 @@ public class JDBCRealm
}
rs.close();
rs = null;
-
+
return (roleList);
-
+
} finally {
if (rs!=null) {
try {
@@ -640,26 +640,26 @@ public class JDBCRealm
}
dbConnection.commit();
}
-
+
} catch (SQLException e) {
-
+
// Log the problem for posterity
containerLog.error(sm.getString("jdbcRealm.exception"), e);
-
+
// Close the connection so that it gets reopened next time
if (dbConnection != null)
close(dbConnection);
-
+
}
-
+
numberOfTries--;
}
-
+
return (null);
-
+
}
-
-
+
+
/**
* Open (if necessary) and return a database connection for use by
* this Realm.
Modified: tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/JNDIRealm.java Sat Oct 22 21:14:22 2011
@@ -362,7 +362,7 @@ public class JNDIRealm extends RealmBase
* Should we search the entire subtree for matching memberships?
*/
protected boolean roleSubtree = false;
-
+
/**
* Should we look for nested group in order to determine roles?
*/
@@ -372,10 +372,10 @@ public class JNDIRealm extends RealmBase
* When searching for user roles, should the search be performed as the user
* currently being authenticated? If false, {@link #connectionName} and
* {@link #connectionPassword} will be used if specified, else an anonymous
- * connection will be used.
+ * connection will be used.
*/
protected boolean roleSearchAsUser = false;
-
+
/**
* An alternate URL, to which, we should connect if connectionURL fails.
*/
@@ -398,7 +398,7 @@ public class JNDIRealm extends RealmBase
* to the directory. The default is 5000 (5 seconds).
*/
protected String connectionTimeout = "5000";
-
+
/**
* The sizeLimit (also known as the countLimit) to use when the realm is
* configured with {@link #userSearch}. Zero for no limit.
@@ -411,7 +411,7 @@ public class JNDIRealm extends RealmBase
*/
protected int timeLimit = 0;
-
+
/**
* Should delegated credentials from the SPNEGO authenticator be used if
* available
@@ -784,7 +784,7 @@ public class JNDIRealm extends RealmBase
this.roleSubtree = roleSubtree;
}
-
+
/**
* Return the "The nested group search flag" flag.
*/
@@ -954,7 +954,7 @@ public class JNDIRealm extends RealmBase
}
-
+
public boolean isUseDelegatedCredential() {
return useDelegatedCredential;
}
@@ -1634,7 +1634,7 @@ public class JNDIRealm extends RealmBase
* Configure the context to use {@link #connectionName} and
* {@link #connectionPassword} if specified or an anonymous connection if
* those attributes are not specified.
- *
+ *
* @param context DirContext to configure
*/
private void userCredentialsRemove(DirContext context)
@@ -1683,10 +1683,10 @@ public class JNDIRealm extends RealmBase
containerLog.trace(" getRoles(" + dn + ")");
// Start with roles retrieved from the user entry
- List<String> list = new ArrayList<String>();
+ List<String> list = new ArrayList<String>();
List<String> userRoles = user.getRoles();
if (userRoles != null) {
- list.addAll(userRoles);
+ list.addAll(userRoles);
}
if (commonRole != null)
list.add(commonRole);
@@ -1700,7 +1700,7 @@ public class JNDIRealm extends RealmBase
// Are we configured to do role searches?
if ((roleFormat == null) || (roleName == null))
return (list);
-
+
// Set up parameters for an appropriate search
String filter = roleFormat.format(new String[] { doRFC2254Encoding(dn), username });
SearchControls controls = new SearchControls();
@@ -1766,7 +1766,7 @@ public class JNDIRealm extends RealmBase
// if nested group search is enabled, perform searches for nested groups until no new group is found
if (getRoleNested()) {
- // The following efficient algorithm is known as memberOf Algorithm, as described in "Practices in
+ // The following efficient algorithm is known as memberOf Algorithm, as described in "Practices in
// Directory Groups". It avoids group slurping and handles cyclic group memberships as well.
// See http://middleware.internet2.edu/dir/ for details
@@ -1938,7 +1938,7 @@ public class JNDIRealm extends RealmBase
protected Principal getPrincipal(String username) {
return getPrincipal(username, null);
}
-
+
@Override
protected Principal getPrincipal(String username,
GSSCredential gssCredential) {
@@ -2066,7 +2066,7 @@ public class JNDIRealm extends RealmBase
return new GenericPrincipal(user.getUserName(), user.getPassword(),
roles, null, null, gssCredential);
}
-
+
return null;
}
@@ -2313,11 +2313,11 @@ public class JNDIRealm extends RealmBase
NameParser parser = context.getNameParser("");
Name contextName = parser.parse(context.getNameInNamespace());
Name baseName = parser.parse(base);
-
+
// Bugzilla 32269
Name entryName =
parser.parse(new CompositeName(result.getName()).get(0));
-
+
Name name = contextName.addAll(baseName);
name = name.addAll(entryName);
return name.toString();
@@ -2354,7 +2354,7 @@ public class JNDIRealm extends RealmBase
* A protected class representing a User
*/
protected static class User {
-
+
private final String username;
private final String dn;
private final String password;
@@ -2371,19 +2371,19 @@ public class JNDIRealm extends RealmBase
this.roles = Collections.unmodifiableList(roles);
}
}
-
+
public String getUserName() {
return username;
}
-
+
public String getDN() {
return dn;
}
-
+
public String getPassword() {
return password;
}
-
+
public List<String> getRoles() {
return roles;
}
Modified: tomcat/trunk/java/org/apache/catalina/realm/LockOutRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/LockOutRealm.java?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/LockOutRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/LockOutRealm.java Sat Oct 22 21:14:22 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -56,10 +56,10 @@ public class LockOutRealm extends Combin
* locked out. Defaults to 5.
*/
protected int failureCount = 5;
-
+
/**
* The time (in seconds) a user is locked out for after too many
- * authentication failures. Defaults to 300 (5 minutes).
+ * authentication failures. Defaults to 300 (5 minutes).
*/
protected int lockOutTime = 300;
@@ -106,7 +106,7 @@ public class LockOutRealm extends Combin
// Check to see if this element has been removed too quickly
long timeInCache = (System.currentTimeMillis() -
eldest.getValue().getLastFailureTime())/1000;
-
+
if (timeInCache < cacheRemovalWarningTime) {
log.warn(sm.getString("lockOutRealm.removeWarning",
eldest.getKey(), Long.valueOf(timeInCache)));
@@ -142,14 +142,14 @@ public class LockOutRealm extends Combin
if (isLocked(username)) {
// Trying to authenticate a locked user is an automatic failure
registerAuthFailure(username);
-
+
log.warn(sm.getString("lockOutRealm.authLockedUser", username));
return null;
}
Principal authenticatedUser = super.authenticate(username, clientDigest,
nonce, nc, cnonce, qop, realmName, md5a2);
-
+
if (authenticatedUser == null) {
registerAuthFailure(username);
} else {
@@ -172,13 +172,13 @@ public class LockOutRealm extends Combin
if (isLocked(username)) {
// Trying to authenticate a locked user is an automatic failure
registerAuthFailure(username);
-
+
log.warn(sm.getString("lockOutRealm.authLockedUser", username));
return null;
}
Principal authenticatedUser = super.authenticate(username, credentials);
-
+
if (authenticatedUser == null) {
registerAuthFailure(username);
} else {
@@ -205,13 +205,13 @@ public class LockOutRealm extends Combin
if (isLocked(username)) {
// Trying to authenticate a locked user is an automatic failure
registerAuthFailure(username);
-
+
log.warn(sm.getString("lockOutRealm.authLockedUser", username));
return null;
}
Principal authenticatedUser = super.authenticate(certs);
-
+
if (authenticatedUser == null) {
registerAuthFailure(username);
} else {
@@ -235,20 +235,20 @@ public class LockOutRealm extends Combin
log.warn(sm.getString("realmBase.gssNameFail"), e);
return null;
}
-
+
username = name.toString();
-
+
if (isLocked(username)) {
// Trying to authenticate a locked user is an automatic failure
registerAuthFailure(username);
-
+
log.warn(sm.getString("lockOutRealm.authLockedUser", username));
return null;
}
Principal authenticatedUser =
super.authenticate(gssContext, storeCreds);
-
+
if (authenticatedUser == null) {
registerAuthFailure(username);
} else {
@@ -256,7 +256,7 @@ public class LockOutRealm extends Combin
}
return authenticatedUser;
}
-
+
// Fail in all other cases
return null;
}
@@ -265,14 +265,14 @@ public class LockOutRealm extends Combin
/**
* Unlock the specified username. This will remove all records of
* authentication failures for this user.
- *
+ *
* @param username The user to unlock
*/
public void unlock(String username) {
- // Auth success clears the lock record so...
+ // Auth success clears the lock record so...
registerAuthSuccess(username);
}
-
+
/*
* Checks to see if the current user is locked. If this is associated with
* a login attempt, then the last access time will be recorded and any
@@ -283,19 +283,19 @@ public class LockOutRealm extends Combin
synchronized (this) {
lockRecord = failedUsers.get(username);
}
-
+
// No lock record means user can't be locked
if (lockRecord == null) {
return false;
}
-
+
// Check to see if user is locked
if (lockRecord.getFailures() >= failureCount &&
(System.currentTimeMillis() -
lockRecord.getLastFailureTime())/1000 < lockOutTime) {
return true;
}
-
+
// User has not, yet, exceeded lock thresholds
return false;
}
@@ -313,13 +313,13 @@ public class LockOutRealm extends Combin
/*
* After a failed authentication, add the record of the failed
- * authentication.
+ * authentication.
*/
private void registerAuthFailure(String username) {
LockRecord lockRecord = null;
synchronized (this) {
if (!failedUsers.containsKey(username)) {
- lockRecord = new LockRecord();
+ lockRecord = new LockRecord();
failedUsers.put(username, lockRecord);
} else {
lockRecord = failedUsers.get(username);
@@ -336,7 +336,7 @@ public class LockOutRealm extends Combin
lockRecord.registerFailure();
}
-
+
/**
* Get the number of failed authentication attempts required to lock the
* user account.
@@ -426,11 +426,11 @@ public class LockOutRealm extends Combin
protected static class LockRecord {
private AtomicInteger failures = new AtomicInteger(0);
private long lastFailureTime = 0;
-
+
public int getFailures() {
return failures.get();
}
-
+
public void setFailures(int theFailures) {
failures.set(theFailures);
}
@@ -438,7 +438,7 @@ public class LockOutRealm extends Combin
public long getLastFailureTime() {
return lastFailureTime;
}
-
+
public void registerFailure() {
failures.incrementAndGet();
lastFailureTime = System.currentTimeMillis();
Modified: tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/MemoryRealm.java Sat Oct 22 21:14:22 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Modified: tomcat/trunk/java/org/apache/catalina/realm/MemoryRuleSet.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/MemoryRuleSet.java?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/MemoryRuleSet.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/MemoryRuleSet.java Sat Oct 22 21:14:22 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
Modified: tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/RealmBase.java Sat Oct 22 21:14:22 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -139,12 +139,12 @@ public abstract class RealmBase extends
*/
protected boolean validate = true;
-
+
/**
* The all role mode.
*/
protected AllRolesMode allRolesMode = AllRolesMode.STRICT_MODE;
-
+
/**
* When processing users authenticated via the GSS-API, should any
@@ -152,7 +152,7 @@ public abstract class RealmBase extends
*/
protected boolean stripRealmForGss = true;
-
+
// ------------------------------------------------------------- Properties
@@ -378,13 +378,13 @@ public abstract class RealmBase extends
}
if (log.isDebugEnabled()) {
- log.debug("Digest : " + clientDigest + " Username:" + username
- + " ClientSigest:" + clientDigest + " nonce:" + nonce
- + " nc:" + nc + " cnonce:" + cnonce + " qop:" + qop
- + " realm:" + realm + "md5a2:" + md5a2
+ log.debug("Digest : " + clientDigest + " Username:" + username
+ + " ClientSigest:" + clientDigest + " nonce:" + nonce
+ + " nc:" + nc + " cnonce:" + cnonce + " qop:" + qop
+ + " realm:" + realm + "md5a2:" + md5a2
+ " Server digest:" + serverDigest);
}
-
+
if (serverDigest.equals(clientDigest)) {
return getPrincipal(username);
}
@@ -429,7 +429,7 @@ public abstract class RealmBase extends
}
-
+
/**
* {@inheritDoc}
*/
@@ -442,10 +442,10 @@ public abstract class RealmBase extends
} catch (GSSException e) {
log.warn(sm.getString("realmBase.gssNameFail"), e);
}
-
+
if (gssName!= null) {
String name = gssName.toString();
-
+
if (isStripRealmForGss()) {
int i = name.indexOf('@');
if (i > 0) {
@@ -468,12 +468,12 @@ public abstract class RealmBase extends
return getPrincipal(name, gssCredential);
}
}
-
+
// Fail in all other cases
return null;
}
-
+
/**
* Execute a periodic task, such as reloading, etc. This method will be
* invoked inside the classloading context of this container. Unexpected
@@ -512,13 +512,13 @@ public abstract class RealmBase extends
if (uri == null) {
uri = "/";
}
-
+
String method = request.getMethod();
int i;
boolean found = false;
for (i = 0; i < constraints.length; i++) {
SecurityCollection [] collection = constraints[i].findCollections();
-
+
// If collection is null, continue to avoid an NPE
// See Bugzilla 30624
if ( collection == null) {
@@ -533,7 +533,7 @@ public abstract class RealmBase extends
for(int j=0; j < collection.length; j++){
String [] patterns = collection[j].findPatterns();
-
+
// If patterns is null, continue to avoid an NPE
// See Bugzilla 30624
if ( patterns == null) {
@@ -562,7 +562,7 @@ public abstract class RealmBase extends
for (i = 0; i < constraints.length; i++) {
SecurityCollection [] collection = constraints[i].findCollections();
-
+
// If collection is null, continue to avoid an NPE
// See Bugzilla 30624
if ( collection == null) {
@@ -588,9 +588,9 @@ public abstract class RealmBase extends
int length = -1;
for(int k=0; k < patterns.length; k++) {
String pattern = patterns[k];
- if(pattern.startsWith("/") && pattern.endsWith("/*") &&
+ if(pattern.startsWith("/") && pattern.endsWith("/*") &&
pattern.length() >= longest) {
-
+
if(pattern.length() == 2) {
matched = true;
length = pattern.length();
@@ -634,7 +634,7 @@ public abstract class RealmBase extends
if ( collection == null) {
continue;
}
-
+
if (log.isDebugEnabled()) {
log.debug(" Checking constraint '" + constraints[i] +
"' against " + method + " " + uri + " --> " +
@@ -685,7 +685,7 @@ public abstract class RealmBase extends
for (i = 0; i < constraints.length; i++) {
SecurityCollection [] collection = constraints[i].findCollections();
-
+
// If collection is null, continue to avoid an NPE
// See Bugzilla 30624
if ( collection == null) {
@@ -717,7 +717,7 @@ public abstract class RealmBase extends
if(matched) {
if(results == null) {
results = new ArrayList<SecurityConstraint>();
- }
+ }
results.add(constraints[i]);
}
}
@@ -730,7 +730,7 @@ public abstract class RealmBase extends
}
return resultsToArray(results);
}
-
+
/**
* Convert an ArrayList to a SecurityContraint [].
*/
@@ -744,7 +744,7 @@ public abstract class RealmBase extends
return array;
}
-
+
/**
* Perform access control based on the specified authorization constraint.
* Return <code>true</code> if this constraint is satisfied and processing
@@ -821,7 +821,7 @@ public abstract class RealmBase extends
denyfromall = true;
break;
}
-
+
if(log.isDebugEnabled())
log.debug("Passing all access");
status = true;
@@ -859,7 +859,7 @@ public abstract class RealmBase extends
status = true;
break;
}
-
+
// For AllRolesMode.STRICT_AUTH_ONLY_MODE there must be zero roles
roles = request.getContext().findSecurityRoles();
if (roles.length == 0 && allRolesMode == AllRolesMode.STRICT_AUTH_ONLY_MODE) {
@@ -872,7 +872,7 @@ public abstract class RealmBase extends
}
}
}
-
+
// Return a "Forbidden" message denying access to this resource
if(!status) {
response.sendError
@@ -882,8 +882,8 @@ public abstract class RealmBase extends
return status;
}
-
-
+
+
/**
* Return <code>true</code> if the specified Principal has the specified
* security role, within the context of this Realm; otherwise return
@@ -922,7 +922,7 @@ public abstract class RealmBase extends
}
-
+
/**
* Enforce any user data constraint required by the security constraint
* guarding this request URI. Return <code>true</code> if this constraint
@@ -1013,8 +1013,8 @@ public abstract class RealmBase extends
return (false);
}
-
-
+
+
/**
* Remove a property change listener from this component.
*
@@ -1038,7 +1038,7 @@ public abstract class RealmBase extends
this.containerLog = container.getLogger();
}
}
-
+
/**
* Prepare for the beginning of active use of the public methods of this
* component and implement the requirements of
@@ -1076,12 +1076,12 @@ public abstract class RealmBase extends
protected void stopInternal() throws LifecycleException {
setState(LifecycleState.STOPPING);
-
+
// Clean up allocated resources
md = null;
}
-
-
+
+
/**
* Return a String representation of this component.
*/
@@ -1092,8 +1092,8 @@ public abstract class RealmBase extends
sb.append(']');
return sb.toString();
}
-
-
+
+
// ------------------------------------------------------ Protected Methods
@@ -1115,7 +1115,7 @@ public abstract class RealmBase extends
synchronized (this) {
try {
md.reset();
-
+
byte[] bytes = null;
try {
bytes = credentials.getBytes(getDigestCharset());
@@ -1155,7 +1155,7 @@ public abstract class RealmBase extends
// Use pre-generated digest
return getPassword(username);
}
-
+
String digestValue = username + ":" + realmName + ":"
+ getPassword(username);
@@ -1196,7 +1196,7 @@ public abstract class RealmBase extends
protected Principal getPrincipal(X509Certificate usercert) {
return(getPrincipal(usercert.getSubjectDN().getName()));
}
-
+
/**
* Return the Principal associated with the given user name.
@@ -1207,11 +1207,11 @@ public abstract class RealmBase extends
protected Principal getPrincipal(String username,
GSSCredential gssCredential) {
Principal p = getPrincipal(username);
-
+
if (p instanceof GenericPrincipal) {
((GenericPrincipal) p).setGssCredential(gssCredential);
}
-
+
return p;
}
@@ -1238,7 +1238,7 @@ public abstract class RealmBase extends
return null;
}
-
+
// --------------------------------------------------------- Static Methods
@@ -1265,7 +1265,7 @@ public abstract class RealmBase extends
if (encoding == null) {
md.update(credentials.getBytes());
} else {
- md.update(credentials.getBytes(encoding));
+ md.update(credentials.getBytes(encoding));
}
// Digest the credentials and return as hexadecimal
@@ -1287,12 +1287,12 @@ public abstract class RealmBase extends
String encoding = null;
int firstCredentialArg = 2;
-
+
if (args.length > 4 && args[2].equalsIgnoreCase("-e")) {
encoding = args[3];
firstCredentialArg = 4;
}
-
+
if(args.length > firstCredentialArg && args[0].equalsIgnoreCase("-a")) {
for(int i=firstCredentialArg; i < args.length ; i++){
System.out.print(args[i]+":");
@@ -1310,7 +1310,7 @@ public abstract class RealmBase extends
@Override
public String getObjectNameKeyProperties() {
-
+
StringBuilder keyProperties = new StringBuilder("type=Realm");
keyProperties.append(getRealmSuffix());
keyProperties.append(MBeanUtils.getContainerKeyProperties(container));
@@ -1328,7 +1328,7 @@ public abstract class RealmBase extends
public String getRealmPath() {
return realmPath;
}
-
+
public void setRealmPath(String theRealmPath) {
realmPath = theRealmPath;
}
@@ -1339,10 +1339,10 @@ public abstract class RealmBase extends
protected static class AllRolesMode {
-
+
private String name;
/** Use the strict servlet spec interpretation which requires that the user
- * have one of the web-app/security-role/role-name
+ * have one of the web-app/security-role/role-name
*/
public static final AllRolesMode STRICT_MODE = new AllRolesMode("strict");
/** Allow any authenticated user
@@ -1351,7 +1351,7 @@ public abstract class RealmBase extends
/** Allow any authenticated user only if there are no web-app/security-roles
*/
public static final AllRolesMode STRICT_AUTH_ONLY_MODE = new AllRolesMode("strictAuthOnly");
-
+
static AllRolesMode toMode(String name)
{
AllRolesMode mode;
@@ -1365,12 +1365,12 @@ public abstract class RealmBase extends
throw new IllegalStateException("Unknown mode, must be one of: strict, authOnly, strictAuthOnly");
return mode;
}
-
+
private AllRolesMode(String name)
{
this.name = name;
}
-
+
@Override
public boolean equals(Object o)
{
Modified: tomcat/trunk/java/org/apache/catalina/realm/UserDatabaseRealm.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/UserDatabaseRealm.java?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/UserDatabaseRealm.java (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/UserDatabaseRealm.java Sat Oct 22 21:14:22 2011
@@ -5,9 +5,9 @@
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -108,7 +108,7 @@ public class UserDatabaseRealm
* security role, within the context of this Realm; otherwise return
* <code>false</code>. This implementation returns <code>true</code>
* if the <code>User</code> has the role, or if any <code>Group</code>
- * that the <code>User</code> is a member of has the role.
+ * that the <code>User</code> is a member of has the role.
*
* @param principal Principal for whom the role is to be checked
* @param role Security role to be checked
@@ -139,7 +139,7 @@ public class UserDatabaseRealm
User user = (User)principal;
Role dbrole = database.findRole(role);
if(dbrole == null) {
- return false;
+ return false;
}
if(user.isInRole(dbrole)) {
return true;
@@ -178,7 +178,7 @@ public class UserDatabaseRealm
if (user == null) {
return null;
- }
+ }
return (user.getPassword());
Modified: tomcat/trunk/java/org/apache/catalina/realm/mbeans-descriptors.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/realm/mbeans-descriptors.xml?rev=1187797&r1=1187796&r2=1187797&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/realm/mbeans-descriptors.xml (original)
+++ tomcat/trunk/java/org/apache/catalina/realm/mbeans-descriptors.xml Sat Oct 22 21:14:22 2011
@@ -23,7 +23,7 @@
domain="Catalina"
group="Realm"
type="org.apache.catalina.realm.DataSourceRealm">
-
+
<attribute name="allRolesMode"
description="The all roles mode."
type="java.lang.String"/>
@@ -40,15 +40,15 @@
<attribute name="digest"
description="Digest algorithm used in storing passwords in a non-plaintext format"
type="java.lang.String"/>
-
+
<attribute name="digestEncoding"
description="The digest encoding charset."
- type="java.lang.String"/>
+ type="java.lang.String"/>
<attribute name="localDataSource"
description="Configures if the DataSource is local to the webapp"
type="boolean"/>
-
+
<attribute name="realmPath"
description="The realm path"
type="java.lang.String"/>
@@ -77,7 +77,7 @@
<attribute name="userTable"
description="The table that holds user data"
type="java.lang.String"/>
-
+
<attribute name="validate"
description="The 'validate certificate chains' flag."
type="boolean"/>
@@ -95,7 +95,7 @@
domain="Catalina"
group="Realm"
type="org.apache.catalina.realm.JAASRealm">
-
+
<attribute name="allRolesMode"
description="The all roles mode."
type="java.lang.String"/>
@@ -112,7 +112,7 @@
<attribute name="digest"
description="Digest algorithm used in storing passwords in a non-plaintext format"
type="java.lang.String"/>
-
+
<attribute name="digestEncoding"
description="The digest encoding charset."
type="java.lang.String"/>
@@ -120,7 +120,7 @@
<attribute name="roleClassNames"
description="Comma-delimited list of javax.security.Principal classes that represent security roles"
type="java.lang.String"/>
-
+
<attribute name="realmPath"
description="The realm path"
type="java.lang.String"/>
@@ -133,7 +133,7 @@
<attribute name="userClassNames"
description="Comma-delimited list of javax.security.Principal classes that represent individual users"
type="java.lang.String"/>
-
+
<attribute name="useContextClassLoader"
description="Sets whether to use the context or default ClassLoader."
type="boolean"/>
@@ -155,7 +155,7 @@
domain="Catalina"
group="Realm"
type="org.apache.catalina.realm.JDBCRealm">
-
+
<attribute name="allRolesMode"
description="The all roles mode."
type="java.lang.String"/>
@@ -180,7 +180,7 @@
<attribute name="digest"
description="Digest algorithm used in storing passwords in a non-plaintext format"
type="java.lang.String"/>
-
+
<attribute name="digestEncoding"
description="The digest encoding charset."
type="java.lang.String"/>
@@ -192,7 +192,7 @@
<attribute name="roleNameCol"
description="The column in the user role table that names a role"
type="java.lang.String"/>
-
+
<attribute name="realmPath"
description="The realm path"
type="java.lang.String"/>
@@ -217,7 +217,7 @@
<attribute name="userTable"
description="The table that holds user data"
type="java.lang.String"/>
-
+
<attribute name="validate"
description="The 'validate certificate chains' flag."
type="boolean"/>
@@ -234,11 +234,11 @@
domain="Catalina"
group="Realm"
type="org.apache.catalina.realm.JNDIRealm">
-
+
<attribute name="adCompat"
description=" The current settings for handling PartialResultExceptions"
type="boolean"/>
-
+
<attribute name="allRolesMode"
description="The all roles mode."
type="java.lang.String"/>
@@ -246,7 +246,7 @@
<attribute name="alternateURL"
description="The Alternate URL"
type="java.lang.String"/>
-
+
<attribute name="authentication"
description="The type of authentication to use"
type="java.lang.String"/>
@@ -255,7 +255,7 @@
description="Fully qualified class name of the managed object"
type="java.lang.String"
writeable="false"/>
-
+
<attribute name="commonRole"
description="The common role"
type="java.lang.String"/>
@@ -267,7 +267,7 @@
<attribute name="connectionPassword"
description="The connection password for the server we will contact"
type="java.lang.String"/>
-
+
<attribute name="connectionTimeout"
description="The connection timeout"
type="java.lang.String"/>
@@ -283,19 +283,19 @@
<attribute name="digest"
description="Digest algorithm used in storing passwords in a non-plaintext format"
type="java.lang.String"/>
-
+
<attribute name="digestEncoding"
description="The digest encoding charset."
type="java.lang.String"/>
-
+
<attribute name="protocol"
description="The protocol to be used"
type="java.lang.String"/>
-
+
<attribute name="realmPath"
description="The realm path"
type="java.lang.String"/>
-
+
<attribute name="referrals"
description="The current setting for handling JNDI referrals."
type="java.lang.String"/>
@@ -307,7 +307,7 @@
<attribute name="roleName"
description="The name of the attribute containing roles held elsewhere"
type="java.lang.String"/>
-
+
<attribute name="roleNested"
description="The 'The nested group search flag' flag"
type="boolean"/>
@@ -348,7 +348,7 @@
<attribute name="userSubtree"
description="Should we search the entire subtree for matching users?"
type="boolean"/>
-
+
<attribute name="validate"
description="The 'validate certificate chains' flag."
type="boolean"/>
@@ -365,7 +365,7 @@
domain="Catalina"
group="Realm"
type="org.apache.catalina.realm.MemoryRealm">
-
+
<attribute name="allRolesMode"
description="The all roles mode."
type="java.lang.String"/>
@@ -374,11 +374,11 @@
description="Fully qualified class name of the managed object"
type="java.lang.String"
writeable="false"/>
-
+
<attribute name="digest"
description="Digest algorithm used in storing passwords in a non-plaintext format"
type="java.lang.String"/>
-
+
<attribute name="digestEncoding"
description="The digest encoding charset."
type="java.lang.String"/>
@@ -386,7 +386,7 @@
<attribute name="pathname"
description="The pathname of the XML file containing our database information"
type="java.lang.String"/>
-
+
<attribute name="realmPath"
description="The realm path"
type="java.lang.String"/>
@@ -412,7 +412,7 @@
domain="Catalina"
group="Realm"
type="org.apache.catalina.realm.UserDatabaseRealm">
-
+
<attribute name="allRolesMode"
description="The all roles mode."
type="java.lang.String"/>
@@ -421,11 +421,11 @@
description="Fully qualified class name of the managed object"
type="java.lang.String"
writeable="false"/>
-
+
<attribute name="digest"
description="Digest algorithm used in storing passwords in a non-plaintext format"
type="java.lang.String"/>
-
+
<attribute name="digestEncoding"
description="The digest encoding charset."
type="java.lang.String"/>
@@ -433,7 +433,7 @@
<attribute name="resourceName"
description="The global JNDI name of the UserDatabase resource to use"
type="java.lang.String"/>
-
+
<attribute name="realmPath"
description="The realm path"
type="java.lang.String"/>
@@ -446,7 +446,7 @@
<attribute name="validate"
description="The 'validate certificate chains' flag."
type="boolean"/>
-
+
<operation name="start" description="Start" impact="ACTION" returnType="void" />
<operation name="stop" description="Stop" impact="ACTION" returnType="void" />
<operation name="init" description="Init" impact="ACTION" returnType="void" />
@@ -459,7 +459,7 @@
domain="Catalina"
group="Realm"
type="org.apache.catalina.realm.CombinedRealm">
-
+
<attribute name="allRolesMode"
description="The all roles mode."
type="java.lang.String"/>
@@ -468,11 +468,11 @@
description="Fully qualified class name of the managed object"
type="java.lang.String"
writeable="false"/>
-
+
<attribute name="digest"
description="Digest algorithm used in storing passwords in a non-plaintext format"
type="java.lang.String"/>
-
+
<attribute name="digestEncoding"
description="The digest encoding charset."
type="java.lang.String"/>
@@ -481,7 +481,7 @@
description="The set of realms that the combined realm is wrapping"
type="[Ljavax.management.ObjectName;"
writeable="false"/>
-
+
<attribute name="realmPath"
description="The realm path"
type="java.lang.String"/>
@@ -516,15 +516,15 @@
domain="Catalina"
group="Realm"
type="org.apache.catalina.realm.LockOutRealm">
-
+
<attribute name="allRolesMode"
description="The all roles mode."
type="java.lang.String"/>
-
+
<attribute name="cacheSize"
description="Number of users that have failed authentication to keep in cache. Over time the cache will grow to this size and may not shrink. Defaults to 1000."
type="int" />
-
+
<attribute name="cacheRemovalWarningTime"
description="If a failed user is removed from the cache because the cache is too big before it has been in the cache for at least this period of time (in seconds) a warning message will be logged. Defaults to 3600 (1 hour)."
type="int" />
@@ -533,11 +533,11 @@
description="Fully qualified class name of the managed object"
type="java.lang.String"
writeable="false"/>
-
+
<attribute name="digest"
description="Digest algorithm used in storing passwords in a non-plaintext format"
type="java.lang.String"/>
-
+
<attribute name="failureCount"
description="The number of times in a row a user has to fail authentication to be locked out. Defaults to 5."
type="int" />
@@ -545,7 +545,7 @@
<attribute name="lockOutTime"
description="The time (in seconds) a user is locked out for after too many authentication failures. Defaults to 300 (5 minutes)."
type="int" />
-
+
<attribute name="digestEncoding"
description="The digest encoding charset."
type="java.lang.String"/>
@@ -554,7 +554,7 @@
description="The set of realms that the lockout realm is wrapping"
type="[Ljavax.management.ObjectName;"
writeable="false"/>
-
+
<attribute name="realmPath"
description="The realm path"
type="java.lang.String"/>
@@ -562,7 +562,7 @@
<attribute name="validate"
description="The 'validate certificate chains' flag."
type="boolean"/>
-
+
<operation name="addRealm"
description="Add a new Realm to the set of Realms wrapped by this realm"
impact="ACTION"
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org