1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
|
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.catalina;
import java.beans.PropertyChangeListener;
import java.io.IOException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSName;
/**
* A <b>Realm</b> is a read-only facade for an underlying security realm used to authenticate individual users, and
* identify the security roles associated with those users. Realms can be attached at any Container level, but will
* typically only be attached to a Context, or higher level, Container.
*
* @author Craig R. McClanahan
*/
public interface Realm extends Contained {
/**
* @return the CredentialHandler configured for this Realm.
*/
CredentialHandler getCredentialHandler();
/**
* Set the CredentialHandler to be used by this Realm.
*
* @param credentialHandler the {@link CredentialHandler} to use
*/
void setCredentialHandler(CredentialHandler credentialHandler);
/**
* Add a property change listener to this component.
*
* @param listener The listener to add
*/
void addPropertyChangeListener(PropertyChangeListener listener);
/**
* Try to authenticate with the specified username.
*
* @param username Username of the Principal to look up
*
* @return the associated principal, or {@code null} if none is associated.
*/
Principal authenticate(String username);
/**
* Try to authenticate using the specified username and credentials.
*
* @param username Username of the Principal to look up
* @param credentials Password or other credentials to use in authenticating this username
*
* @return the associated principal, or {@code null} if there is none
*/
Principal authenticate(String username, String credentials);
/**
* Try to authenticate with the specified username, which matches the digest calculated using the given parameters
* using the method described in RFC 2617 (which is a superset of RFC 2069).
*
* @param username Username of the Principal to look up
* @param digest Digest which has been submitted by the client
* @param nonce Unique (or supposedly unique) token which has been used for this request
* @param nc the nonce counter
* @param cnonce the client chosen nonce
* @param qop the "quality of protection" ({@code nc} and {@code cnonce} will only be used, if {@code qop} is
* not {@code null}).
* @param realm Realm name
* @param digestA2 Second digest calculated as digest(Method + ":" + uri)
*
* @return the associated principal, or {@code null} if there is none.
*
* @deprecated Unused. Use
* {@link #authenticate(String, String, String, String, String, String, String, String, String)}.
* Will be removed in Tomcat 11.
*/
@Deprecated
Principal authenticate(String username, String digest, String nonce, String nc, String cnonce, String qop,
String realm, String digestA2);
/**
* Try to authenticate with the specified username, which matches the digest calculated using the given parameters
* using the method described in RFC 7616.
* <p>
* The default implementation calls
* {@link #authenticate(String, String, String, String, String, String, String, String)} for backwards compatibility
* which effectively forces the use of MD5 regardless of the algorithm specified in the call to this method.
* <p>
* Implementations are expected to override the default implementation and take account of the algorithm parameter.
*
* @param username Username of the Principal to look up
* @param digest Digest which has been submitted by the client
* @param nonce Unique (or supposedly unique) token which has been used for this request
* @param nc the nonce counter
* @param cnonce the client chosen nonce
* @param qop the "quality of protection" ({@code nc} and {@code cnonce} will only be used, if {@code qop} is
* not {@code null}).
* @param realm Realm name
* @param digestA2 Second digest calculated as digest(Method + ":" + uri)
* @param algorithm The message digest algorithm to use
*
* @return the associated principal, or {@code null} if there is none.
*/
default Principal authenticate(String username, String digest, String nonce, String nc, String cnonce, String qop,
String realm, String digestA2, String algorithm) {
return authenticate(username, digest, nonce, nc, cnonce, qop, realm, digestA2);
}
/**
* Try to authenticate using a {@link GSSContext}.
*
* @param gssContext The gssContext processed by the {@link Authenticator}.
* @param storeCreds Should the realm attempt to store the delegated credentials in the returned Principal?
*
* @return the associated principal, or {@code null} if there is none
*/
Principal authenticate(GSSContext gssContext, boolean storeCreds);
/**
* Try to authenticate using a {@link GSSName}.
*
* @param gssName The {@link GSSName} of the principal to look up
* @param gssCredential The {@link GSSCredential} of the principal, may be {@code null}
*
* @return the associated principal, or {@code null} if there is none
*/
Principal authenticate(GSSName gssName, GSSCredential gssCredential);
/**
* Try to authenticate using a chain of {@link X509Certificate}s.
*
* @param certs Array of client certificates, with the first one in the array being the certificate of the client
* itself.
*
* @return the associated principal, or {@code null} if there is none
*/
Principal authenticate(X509Certificate[] certs);
/**
* Execute a periodic task, such as reloading, etc. This method will be invoked inside the classloading context of
* this container. Unexpected throwables will be caught and logged.
*/
void backgroundProcess();
/**
* Find the SecurityConstraints configured to guard the request URI for this request.
*
* @param request Request we are processing
* @param context Context the Request is mapped to
*
* @return the configured {@link SecurityConstraint}, or {@code null} if there is none
*/
SecurityConstraint[] findSecurityConstraints(Request request, Context context);
/**
* Perform access control based on the specified authorization constraint.
*
* @param request Request we are processing
* @param response Response we are creating
* @param constraint Security constraint we are enforcing
* @param context The Context to which client of this class is attached.
*
* @return {@code true} if this constraint is satisfied and processing should continue, or {@code false} otherwise
*
* @exception IOException if an input/output error occurs
*/
boolean hasResourcePermission(Request request, Response response, SecurityConstraint[] constraint, Context context)
throws IOException;
/**
* Check if the specified Principal has the specified security role, within the context of this Realm.
*
* @param wrapper wrapper context for evaluating role
* @param principal Principal for whom the role is to be checked
* @param role Security role to be checked
*
* @return {@code true} if the specified Principal has the specified security role, within the context of this
* Realm; otherwise return {@code false}.
*/
boolean hasRole(Wrapper wrapper, Principal principal, String role);
/**
* Enforce any user data constraint required by the security constraint guarding this request URI.
*
* @param request Request we are processing
* @param response Response we are creating
* @param constraint Security constraint being checked
*
* @return {@code true} if this constraint was not violated and processing should continue, or {@code false} if we
* have created a response already.
*
* @exception IOException if an input/output error occurs
*/
boolean hasUserDataPermission(Request request, Response response, SecurityConstraint[] constraint)
throws IOException;
/**
* Remove a property change listener from this component.
*
* @param listener The listener to remove
*/
void removePropertyChangeListener(PropertyChangeListener listener);
/**
* Return the availability of the realm for authentication.
*
* @return {@code true} if the realm is able to perform authentication
*/
default boolean isAvailable() {
return true;
}
}
|
