1 17 18 19 package org.apache.catalina.realm; 20 21 22 import java.beans.PropertyChangeListener ; 23 import java.beans.PropertyChangeSupport ; 24 import java.io.IOException ; 25 import java.io.UnsupportedEncodingException ; 26 import java.security.MessageDigest ; 27 import java.security.NoSuchAlgorithmException ; 28 import java.security.Principal ; 29 import java.security.cert.X509Certificate ; 30 import java.util.ArrayList ; 31 32 import javax.management.Attribute ; 33 import javax.management.MBeanRegistration ; 34 import javax.management.MBeanServer ; 35 import javax.management.ObjectName ; 36 import javax.servlet.http.HttpServletResponse ; 37 38 import org.apache.catalina.Container; 39 import org.apache.catalina.Context; 40 import org.apache.catalina.Lifecycle; 41 import org.apache.catalina.LifecycleException; 42 import org.apache.catalina.LifecycleListener; 43 import org.apache.catalina.Realm; 44 import org.apache.catalina.connector.Request; 45 import org.apache.catalina.connector.Response; 46 import org.apache.catalina.core.ContainerBase; 47 import org.apache.catalina.deploy.LoginConfig; 48 import org.apache.catalina.deploy.SecurityConstraint; 49 import org.apache.catalina.deploy.SecurityCollection; 50 import org.apache.catalina.util.HexUtils; 51 import org.apache.catalina.util.LifecycleSupport; 52 import org.apache.catalina.util.MD5Encoder; 53 import org.apache.catalina.util.StringManager; 54 import org.apache.commons.logging.Log; 55 import org.apache.commons.logging.LogFactory; 56 import org.apache.tomcat.util.modeler.Registry; 57 58 66 67 public abstract class RealmBase 68 implements Lifecycle, Realm, MBeanRegistration { 69 70 private static Log log = LogFactory.getLog(RealmBase.class); 71 72 74 75 78 protected Container container = null; 79 80 81 84 protected Log containerLog = null; 85 86 87 93 protected String digest = null; 94 95 98 protected String digestEncoding = null; 99 100 101 104 protected static final String info = 105 "org.apache.catalina.realm.RealmBase/1.0"; 106 107 108 111 protected LifecycleSupport lifecycle = new LifecycleSupport(this); 112 113 114 117 protected MessageDigest md = null; 118 119 120 123 protected static final MD5Encoder md5Encoder = new MD5Encoder(); 124 125 126 129 protected static MessageDigest md5Helper; 130 131 132 135 protected static StringManager sm = 136 StringManager.getManager(Constants.Package); 137 138 139 142 protected boolean started = false; 143 144 145 148 protected PropertyChangeSupport support = new PropertyChangeSupport (this); 149 150 151 154 protected boolean validate = true; 155 156 157 160 protected AllRolesMode allRolesMode = AllRolesMode.STRICT_MODE; 161 162 163 165 166 169 public Container getContainer() { 170 171 return (container); 172 173 } 174 175 176 181 public void setContainer(Container container) { 182 183 Container oldContainer = this.container; 184 this.container = container; 185 support.firePropertyChange("container", oldContainer, this.container); 186 187 } 188 189 192 public String getAllRolesMode() { 193 194 return allRolesMode.toString(); 195 196 } 197 198 199 202 public void setAllRolesMode(String allRolesMode) { 203 204 this.allRolesMode = AllRolesMode.toMode(allRolesMode); 205 206 } 207 208 211 public String getDigest() { 212 213 return digest; 214 215 } 216 217 218 223 public void setDigest(String digest) { 224 225 this.digest = digest; 226 227 } 228 229 234 public String getDigestEncoding() { 235 return digestEncoding; 236 } 237 238 243 public void setDigestEncoding(String charset) { 244 digestEncoding = charset; 245 } 246 247 252 public String getInfo() { 253 254 return info; 255 256 } 257 258 259 262 public boolean getValidate() { 263 264 return (this.validate); 265 266 } 267 268 269 274 public void setValidate(boolean validate) { 275 276 this.validate = validate; 277 278 } 279 280 281 283 284 285 290 public void addPropertyChangeListener(PropertyChangeListener listener) { 291 292 support.addPropertyChangeListener(listener); 293 294 } 295 296 297 305 public Principal authenticate(String username, String credentials) { 306 307 String serverCredentials = getPassword(username); 308 309 boolean validated ; 310 if ( serverCredentials == null ) { 311 validated = false; 312 } else if(hasMessageDigest()) { 313 validated = serverCredentials.equalsIgnoreCase(digest(credentials)); 314 } else { 315 validated = serverCredentials.equals(credentials); 316 } 317 if(! validated ) { 318 if (containerLog.isTraceEnabled()) { 319 containerLog.trace(sm.getString("realmBase.authenticateFailure", 320 username)); 321 } 322 return null; 323 } 324 if (containerLog.isTraceEnabled()) { 325 containerLog.trace(sm.getString("realmBase.authenticateSuccess", 326 username)); 327 } 328 329 return getPrincipal(username); 330 } 331 332 333 341 public Principal authenticate(String username, byte[] credentials) { 342 343 return (authenticate(username, credentials.toString())); 344 345 } 346 347 348 361 public Principal authenticate(String username, String clientDigest, 362 String nOnce, String nc, String cnonce, 363 String qop, String realm, 364 String md5a2) { 365 366 String md5a1 = getDigest(username, realm); 367 if (md5a1 == null) 368 return null; 369 String serverDigestValue = md5a1 + ":" + nOnce + ":" + nc + ":" 370 + cnonce + ":" + qop + ":" + md5a2; 371 372 byte[] valueBytes = null; 373 if(getDigestEncoding() == null) { 374 valueBytes = serverDigestValue.getBytes(); 375 } else { 376 try { 377 valueBytes = serverDigestValue.getBytes(getDigestEncoding()); 378 } catch (UnsupportedEncodingException uee) { 379 log.error("Illegal digestEncoding: " + getDigestEncoding(), uee); 380 throw new IllegalArgumentException (uee.getMessage()); 381 } 382 } 383 384 String serverDigest = null; 385 synchronized(md5Helper) { 387 serverDigest = md5Encoder.encode(md5Helper.digest(valueBytes)); 388 } 389 390 if (log.isDebugEnabled()) { 391 log.debug("Digest : " + clientDigest + " Username:" + username 392 + " ClientSigest:" + clientDigest + " nOnce:" + nOnce 393 + " nc:" + nc + " cnonce:" + cnonce + " qop:" + qop 394 + " realm:" + realm + "md5a2:" + md5a2 395 + " Server digest:" + serverDigest); 396 } 397 398 if (serverDigest.equals(clientDigest)) 399 return getPrincipal(username); 400 else 401 return null; 402 } 403 404 405 406 413 public Principal authenticate(X509Certificate certs[]) { 414 415 if ((certs == null) || (certs.length < 1)) 416 return (null); 417 418 if (log.isDebugEnabled()) 420 log.debug("Authenticating client certificate chain"); 421 if (validate) { 422 for (int i = 0; i < certs.length; i++) { 423 if (log.isDebugEnabled()) 424 log.debug(" Checking validity for '" + 425 certs[i].getSubjectDN().getName() + "'"); 426 try { 427 certs[i].checkValidity(); 428 } catch (Exception e) { 429 if (log.isDebugEnabled()) 430 log.debug(" Validity exception", e); 431 return (null); 432 } 433 } 434 } 435 436 return (getPrincipal(certs[0])); 438 439 } 440 441 442 447 public void backgroundProcess() { 448 } 449 450 451 458 public SecurityConstraint [] findSecurityConstraints(Request request, 459 Context context) { 460 461 ArrayList results = null; 462 SecurityConstraint constraints[] = context.findConstraints(); 464 if ((constraints == null) || (constraints.length == 0)) { 465 if (log.isDebugEnabled()) 466 log.debug(" No applicable constraints defined"); 467 return (null); 468 } 469 470 String uri = request.getRequestPathMB().toString(); 472 473 String method = request.getMethod(); 474 int i; 475 boolean found = false; 476 for (i = 0; i < constraints.length; i++) { 477 SecurityCollection [] collection = constraints[i].findCollections(); 478 479 if ( collection == null) { 482 continue; 483 } 484 485 if (log.isDebugEnabled()) { 486 log.debug(" Checking constraint '" + constraints[i] + 487 "' against " + method + " " + uri + " --> " + 488 constraints[i].included(uri, method)); 489 } 490 491 for(int j=0; j < collection.length; j++){ 492 String [] patterns = collection[j].findPatterns(); 493 494 if ( patterns == null) { 497 continue; 498 } 499 500 for(int k=0; k < patterns.length; k++) { 501 if(uri.equals(patterns[k])) { 502 found = true; 503 if(collection[j].findMethod(method)) { 504 if(results == null) { 505 results = new ArrayList (); 506 } 507 results.add(constraints[i]); 508 } 509 } 510 } 511 } 512 } 513 514 if(found) { 515 return resultsToArray(results); 516 } 517 518 int longest = -1; 519 520 for (i = 0; i < constraints.length; i++) { 521 SecurityCollection [] collection = constraints[i].findCollections(); 522 523 if ( collection == null) { 526 continue; 527 } 528 529 if (log.isDebugEnabled()) { 530 log.debug(" Checking constraint '" + constraints[i] + 531 "' against " + method + " " + uri + " --> " + 532 constraints[i].included(uri, method)); 533 } 534 535 for(int j=0; j < collection.length; j++){ 536 String [] patterns = collection[j].findPatterns(); 537 538 if ( patterns == null) { 541 continue; 542 } 543 544 boolean matched = false; 545 int length = -1; 546 for(int k=0; k < patterns.length; k++) { 547 String pattern = patterns[k]; 548 if(pattern.startsWith("/") && pattern.endsWith("/*") && 549 pattern.length() >= longest) { 550 551 if(pattern.length() == 2) { 552 matched = true; 553 length = pattern.length(); 554 } else if(pattern.regionMatches(0,uri,0, 555 pattern.length()-1) || 556 (pattern.length()-2 == uri.length() && 557 pattern.regionMatches(0,uri,0, 558 pattern.length()-2))) { 559 matched = true; 560 length = pattern.length(); 561 } 562 } 563 } 564 if(matched) { 565 found = true; 566 if(length > longest) { 567 if(results != null) { 568 results.clear(); 569 } 570 longest = length; 571 } 572 if(collection[j].findMethod(method)) { 573 if(results == null) { 574 results = new ArrayList (); 575 } 576 results.add(constraints[i]); 577 } 578 } 579 } 580 } 581 582 if(found) { 583 return resultsToArray(results); 584 } 585 586 for (i = 0; i < constraints.length; i++) { 587 SecurityCollection [] collection = constraints[i].findCollections(); 588 589 if ( collection == null) { 592 continue; 593 } 594 595 if (log.isDebugEnabled()) { 596 log.debug(" Checking constraint '" + constraints[i] + 597 "' against " + method + " " + uri + " --> " + 598 constraints[i].included(uri, method)); 599 } 600 601 boolean matched = false; 602 int pos = -1; 603 for(int j=0; j < collection.length; j++){ 604 String [] patterns = collection[j].findPatterns(); 605 606 if ( patterns == null) { 609 continue; 610 } 611 612 for(int k=0; k < patterns.length && !matched; k++) { 613 String pattern = patterns[k]; 614 if(pattern.startsWith("*.")){ 615 int slash = uri.lastIndexOf("/"); 616 int dot = uri.lastIndexOf("."); 617 if(slash >= 0 && dot > slash && 618 dot != uri.length()-1 && 619 uri.length()-dot == pattern.length()-1) { 620 if(pattern.regionMatches(1,uri,dot,uri.length()-dot)) { 621 matched = true; 622 pos = j; 623 } 624 } 625 } 626 } 627 } 628 if(matched) { 629 found = true; 630 if(collection[pos].findMethod(method)) { 631 if(results == null) { 632 results = new ArrayList (); 633 } 634 results.add(constraints[i]); 635 } 636 } 637 } 638 639 if(found) { 640 return resultsToArray(results); 641 } 642 643 for (i = 0; i < constraints.length; i++) { 644 SecurityCollection [] collection = constraints[i].findCollections(); 645 646 if ( collection == null) { 649 continue; 650 } 651 652 if (log.isDebugEnabled()) { 653 log.debug(" Checking constraint '" + constraints[i] + 654 "' against " + method + " " + uri + " --> " + 655 constraints[i].included(uri, method)); 656 } 657 658 for(int j=0; j < collection.length; j++){ 659 String [] patterns = collection[j].findPatterns(); 660 661 if ( patterns == null) { 664 continue; 665 } 666 667 boolean matched = false; 668 for(int k=0; k < patterns.length && !matched; k++) { 669 String pattern = patterns[k]; 670 if(pattern.equals("/")){ 671 matched = true; 672 } 673 } 674 if(matched) { 675 if(results == null) { 676 results = new ArrayList (); 677 } 678 results.add(constraints[i]); 679 } 680 } 681 } 682 683 if(results == null) { 684 if (log.isDebugEnabled()) 686 log.debug(" No applicable constraint located"); 687 } 688 return resultsToArray(results); 689 } 690 691 694 private SecurityConstraint [] resultsToArray(ArrayList results) { 695 if(results == null) { 696 return null; 697 } 698 SecurityConstraint [] array = new SecurityConstraint[results.size()]; 699 results.toArray(array); 700 return array; 701 } 702 703 704 716 public boolean hasResourcePermission(Request request, 717 Response response, 718 SecurityConstraint []constraints, 719 Context context) 720 throws IOException { 721 722 if (constraints == null || constraints.length == 0) 723 return (true); 724 725 LoginConfig config = context.getLoginConfig(); 728 if ((config != null) && 729 (Constants.FORM_METHOD.equals(config.getAuthMethod()))) { 730 String requestURI = request.getRequestPathMB().toString(); 731 String loginPage = config.getLoginPage(); 732 if (loginPage.equals(requestURI)) { 733 if (log.isDebugEnabled()) 734 log.debug(" Allow access to login page " + loginPage); 735 return (true); 736 } 737 String errorPage = config.getErrorPage(); 738 if (errorPage.equals(requestURI)) { 739 if (log.isDebugEnabled()) 740 log.debug(" Allow access to error page " + errorPage); 741 return (true); 742 } 743 if (requestURI.endsWith(Constants.FORM_ACTION)) { 744 if (log.isDebugEnabled()) 745 log.debug(" Allow access to username/password submission"); 746 return (true); 747 } 748 } 749 750 Principal principal = request.getPrincipal(); 752 boolean status = false; 753 boolean denyfromall = false; 754 for(int i=0; i < constraints.length; i++) { 755 SecurityConstraint constraint = constraints[i]; 756 757 String roles[]; 758 if (constraint.getAllRoles()) { 759 roles = request.getContext().findSecurityRoles(); 761 } else { 762 roles = constraint.findAuthRoles(); 763 } 764 765 if (roles == null) 766 roles = new String [0]; 767 768 if (log.isDebugEnabled()) 769 log.debug(" Checking roles " + principal); 770 771 if (roles.length == 0 && !constraint.getAllRoles()) { 772 if(constraint.getAuthConstraint()) { 773 if( log.isDebugEnabled() ) 774 log.debug("No roles "); 775 status = false; denyfromall = true; 777 } else { 778 if(log.isDebugEnabled()) 779 log.debug("Passing all access"); 780 return (true); 781 } 782 } else if (principal == null) { 783 if (log.isDebugEnabled()) 784 log.debug(" No user authenticated, cannot grant access"); 785 status = false; 786 } else if(!denyfromall) { 787 788 for (int j = 0; j < roles.length; j++) { 789 if (hasRole(principal, roles[j])) 790 status = true; 791 if( log.isDebugEnabled() ) 792 log.debug( "No role found: " + roles[j]); 793 } 794 } 795 } 796 797 if (allRolesMode != AllRolesMode.STRICT_MODE && !status && principal != null) { 798 if (log.isDebugEnabled()) { 799 log.debug("Checking for all roles mode: " + allRolesMode); 800 } 801 for (int i = 0; i < constraints.length; i++) { 803 SecurityConstraint constraint = constraints[i]; 804 String roles[]; 805 if (constraint.getAllRoles()) { 807 if (allRolesMode == AllRolesMode.AUTH_ONLY_MODE) { 808 if (log.isDebugEnabled()) { 809 log.debug("Granting access for role-name=*, auth-only"); 810 } 811 status = true; 812 break; 813 } 814 815 roles = request.getContext().findSecurityRoles(); 817 if (roles.length == 0 && allRolesMode == AllRolesMode.STRICT_AUTH_ONLY_MODE) { 818 if (log.isDebugEnabled()) { 819 log.debug("Granting access for role-name=*, strict auth-only"); 820 } 821 status = true; 822 break; 823 } 824 } 825 } 826 } 827 828 if(!status) { 830 response.sendError 831 (HttpServletResponse.SC_FORBIDDEN, 832 sm.getString("realmBase.forbidden")); 833 } 834 return status; 835 836 } 837 838 839 850 public boolean hasRole(Principal principal, String role) { 851 852 if ((principal == null) || (role == null) || 854 !(principal instanceof GenericPrincipal)) 855 return (false); 856 857 GenericPrincipal gp = (GenericPrincipal) principal; 858 if (!(gp.getRealm() == this)) { 859 if(log.isDebugEnabled()) 860 log.debug("Different realm " + this + " " + gp.getRealm()); } 862 boolean result = gp.hasRole(role); 863 if (log.isDebugEnabled()) { 864 String name = principal.getName(); 865 if (result) 866 log.debug(sm.getString("realmBase.hasRoleSuccess", name, role)); 867 else 868 log.debug(sm.getString("realmBase.hasRoleFailure", name, role)); 869 } 870 return (result); 871 872 } 873 874 875 887 public boolean hasUserDataPermission(Request request, 888 Response response, 889 SecurityConstraint []constraints) 890 throws IOException { 891 892 if (constraints == null || constraints.length == 0) { 894 if (log.isDebugEnabled()) 895 log.debug(" No applicable security constraint defined"); 896 return (true); 897 } 898 for(int i=0; i < constraints.length; i++) { 899 SecurityConstraint constraint = constraints[i]; 900 String userConstraint = constraint.getUserConstraint(); 901 if (userConstraint == null) { 902 if (log.isDebugEnabled()) 903 log.debug(" No applicable user data constraint defined"); 904 return (true); 905 } 906 if (userConstraint.equals(Constants.NONE_TRANSPORT)) { 907 if (log.isDebugEnabled()) 908 log.debug(" User data constraint has no restrictions"); 909 return (true); 910 } 911 912 } 913 if (request.getRequest().isSecure()) { 915 if (log.isDebugEnabled()) 916 log.debug(" User data constraint already satisfied"); 917 return (true); 918 } 919 int redirectPort = request.getConnector().getRedirectPort(); 921 922 if (redirectPort <= 0) { 924 if (log.isDebugEnabled()) 925 log.debug(" SSL redirect is disabled"); 926 response.sendError 927 (HttpServletResponse.SC_FORBIDDEN, 928 request.getRequestURI()); 929 return (false); 930 } 931 932 StringBuffer file = new StringBuffer (); 934 String protocol = "https"; 935 String host = request.getServerName(); 936 file.append(protocol).append("://").append(host); 938 if(redirectPort != 443) { 940 file.append(":").append(redirectPort); 941 } 942 file.append(request.getRequestURI()); 944 String requestedSessionId = request.getRequestedSessionId(); 945 if ((requestedSessionId != null) && 946 request.isRequestedSessionIdFromURL()) { 947 file.append(";jsessionid="); 948 file.append(requestedSessionId); 949 } 950 String queryString = request.getQueryString(); 951 if (queryString != null) { 952 file.append('?'); 953 file.append(queryString); 954 } 955 if (log.isDebugEnabled()) 956 log.debug(" Redirecting to " + file.toString()); 957 response.sendRedirect(file.toString()); 958 return (false); 959 960 } 961 962 963 968 public void removePropertyChangeListener(PropertyChangeListener listener) { 969 970 support.removePropertyChangeListener(listener); 971 972 } 973 974 975 977 978 983 public void addLifecycleListener(LifecycleListener listener) { 984 985 lifecycle.addLifecycleListener(listener); 986 987 } 988 989 990 994 public LifecycleListener[] findLifecycleListeners() { 995 996 return lifecycle.findLifecycleListeners(); 997 998 } 999 1000 1001 1006 public void removeLifecycleListener(LifecycleListener listener) { 1007 1008 lifecycle.removeLifecycleListener(listener); 1009 1010 } 1011 1012 1021 public void start() throws LifecycleException { 1022 1023 if (started) { 1025 if(log.isInfoEnabled()) 1026 log.info(sm.getString("realmBase.alreadyStarted")); 1027 return; 1028 } 1029 if( !initialized ) { 1030 init(); 1031 } 1032 lifecycle.fireLifecycleEvent(START_EVENT, null); 1033 started = true; 1034 1035 if (digest != null) { 1037 try { 1038 md = MessageDigest.getInstance(digest); 1039 } catch (NoSuchAlgorithmException e) { 1040 throw new LifecycleException 1041 (sm.getString("realmBase.algorithm", digest), e); 1042 } 1043 } 1044 1045 } 1046 1047 1048 1057 public void stop() 1058 throws LifecycleException { 1059 1060 if (!started) { 1062 if(log.isInfoEnabled()) 1063 log.info(sm.getString("realmBase.notStarted")); 1064 return; 1065 } 1066 lifecycle.fireLifecycleEvent(STOP_EVENT, null); 1067 started = false; 1068 1069 md = null; 1071 1072 destroy(); 1073 1074 } 1075 1076 public void destroy() { 1077 1078 if ( oname!=null ) { 1080 try { 1081 Registry.getRegistry(null, null).unregisterComponent(oname); 1082 if(log.isDebugEnabled()) 1083 log.debug( "unregistering realm " + oname ); 1084 } catch( Exception ex ) { 1085 log.error( "Can't unregister realm " + oname, ex); 1086 } 1087 } 1088 1089 } 1090 1091 1093 1094 1102 protected String digest(String credentials) { 1103 1104 if (hasMessageDigest() == false) 1106 return (credentials); 1107 1108 synchronized (this) { 1110 try { 1111 md.reset(); 1112 1113 byte[] bytes = null; 1114 if(getDigestEncoding() == null) { 1115 bytes = credentials.getBytes(); 1116 } else { 1117 try { 1118 bytes = credentials.getBytes(getDigestEncoding()); 1119 } catch (UnsupportedEncodingException uee) { 1120 log.error("Illegal digestEncoding: " + getDigestEncoding(), uee); 1121 throw new IllegalArgumentException (uee.getMessage()); 1122 } 1123 } 1124 md.update(bytes); 1125 1126 return (HexUtils.convert(md.digest())); 1127 } catch (Exception e) { 1128 log.error(sm.getString("realmBase.digest"), e); 1129 return (credentials); 1130 } 1131 } 1132 1133 } 1134 1135 protected boolean hasMessageDigest() { 1136 return !(md == null); 1137 } 1138 1139 1142 protected String getDigest(String username, String realmName) { 1143 if (md5Helper == null) { 1144 try { 1145 md5Helper = MessageDigest.getInstance("MD5"); 1146 } catch (NoSuchAlgorithmException e) { 1147 log.error("Couldn't get MD5 digest: ", e); 1148 throw new IllegalStateException (e.getMessage()); 1149 } 1150 } 1151 1152 if (hasMessageDigest()) { 1153 return getPassword(username); 1155 } 1156 1157 String digestValue = username + ":" + realmName + ":" 1158 + getPassword(username); 1159 1160 byte[] valueBytes = null; 1161 if(getDigestEncoding() == null) { 1162 valueBytes = digestValue.getBytes(); 1163 } else { 1164 try { 1165 valueBytes = digestValue.getBytes(getDigestEncoding()); 1166 } catch (UnsupportedEncodingException uee) { 1167 log.error("Illegal digestEncoding: " + getDigestEncoding(), uee); 1168 throw new IllegalArgumentException (uee.getMessage()); 1169 } 1170 } 1171 1172 byte[] digest = null; 1173 synchronized(md5Helper) { 1175 digest = md5Helper.digest(valueBytes); 1176 } 1177 1178 return md5Encoder.encode(digest); 1179 } 1180 1181 1182 1186 protected abstract String getName(); 1187 1188 1189 1192 protected abstract String getPassword(String username); 1193 1194 1195 1198 protected Principal getPrincipal(X509Certificate usercert) { 1199 return(getPrincipal(usercert.getSubjectDN().getName())); 1200 } 1201 1202 1203 1206 protected abstract Principal getPrincipal(String username); 1207 1208 1209 1211 1212 1222 public final static String Digest(String credentials, String algorithm, 1223 String encoding) { 1224 1225 try { 1226 MessageDigest md = 1228 (MessageDigest ) MessageDigest.getInstance(algorithm).clone(); 1229 1230 if (encoding == null) { 1233 md.update(credentials.getBytes()); 1234 } else { 1235 md.update(credentials.getBytes(encoding)); 1236 } 1237 1238 return (HexUtils.convert(md.digest())); 1240 } catch(Exception ex) { 1241 log.error(ex); 1242 return credentials; 1243 } 1244 1245 } 1246 1247 1248 1253 public static void main(String args[]) { 1254 1255 String encoding = null; 1256 int firstCredentialArg = 2; 1257 1258 if (args.length > 4 && args[2].equalsIgnoreCase("-e")) { 1259 encoding = args[3]; 1260 firstCredentialArg = 4; 1261 } 1262 1263 if(args.length > firstCredentialArg && args[0].equalsIgnoreCase("-a")) { 1264 for(int i=firstCredentialArg; i < args.length ; i++){ 1265 System.out.print(args[i]+":"); 1266 System.out.println(Digest(args[i], args[1], encoding)); 1267 } 1268 } else { 1269 System.out.println 1270 ("Usage: RealmBase -a <algorithm> [-e <encoding>] <credentials>"); 1271 } 1272 1273 } 1274 1275 1276 protected String type; 1278 protected String domain; 1279 protected String host; 1280 protected String path; 1281 protected ObjectName oname; 1282 protected ObjectName controller; 1283 protected MBeanServer mserver; 1284 1285 public ObjectName getController() { 1286 return controller; 1287 } 1288 1289 public void setController(ObjectName controller) { 1290 this.controller = controller; 1291 } 1292 1293 public ObjectName getObjectName() { 1294 return oname; 1295 } 1296 1297 public String getDomain() { 1298 return domain; 1299 } 1300 1301 public String getType() { 1302 return type; 1303 } 1304 1305 public ObjectName preRegister(MBeanServer server, 1306 ObjectName name) throws Exception { 1307 oname=name; 1308 mserver=server; 1309 domain=name.getDomain(); 1310 1311 type=name.getKeyProperty("type"); 1312 host=name.getKeyProperty("host"); 1313 path=name.getKeyProperty("path"); 1314 1315 return name; 1316 } 1317 1318 public void postRegister(Boolean registrationDone) { 1319 } 1320 1321 public void preDeregister() throws Exception { 1322 } 1323 1324 public void postDeregister() { 1325 } 1326 1327 protected boolean initialized=false; 1328 1329 public void init() { 1330 this.containerLog = container.getLogger(); 1331 if( initialized && container != null ) return; 1332 1333 initialized=true; 1334 if( container== null ) { 1335 ObjectName parent=null; 1336 try { 1338 if( host == null ) { 1339 parent=new ObjectName (domain +":type=Engine"); 1341 } else if( path==null ) { 1342 parent=new ObjectName (domain + 1343 ":type=Host,host=" + host); 1344 } else { 1345 parent=new ObjectName (domain +":j2eeType=WebModule,name=//" + 1346 host + path); 1347 } 1348 if( mserver.isRegistered(parent )) { 1349 if(log.isDebugEnabled()) 1350 log.debug("Register with " + parent); 1351 mserver.setAttribute(parent, new Attribute ("realm", this)); 1352 } 1353 } catch (Exception e) { 1354 log.error("Parent not available yet: " + parent); 1355 } 1356 } 1357 1358 if( oname==null ) { 1359 try { 1361 ContainerBase cb=(ContainerBase)container; 1362 oname=new ObjectName (cb.getDomain()+":type=Realm" + cb.getContainerSuffix()); 1363 Registry.getRegistry(null, null).registerComponent(this, oname, null ); 1364 if(log.isDebugEnabled()) 1365 log.debug("Register Realm "+oname); 1366 } catch (Throwable e) { 1367 log.error( "Can't register " + oname, e); 1368 } 1369 } 1370 1371 } 1372 1373 1374 protected static class AllRolesMode { 1375 1376 private String name; 1377 1380 public static final AllRolesMode STRICT_MODE = new AllRolesMode("strict"); 1381 1383 public static final AllRolesMode AUTH_ONLY_MODE = new AllRolesMode("authOnly"); 1384 1386 public static final AllRolesMode STRICT_AUTH_ONLY_MODE = new AllRolesMode("strictAuthOnly"); 1387 1388 static AllRolesMode toMode(String name) 1389 { 1390 AllRolesMode mode; 1391 if( name.equalsIgnoreCase(STRICT_MODE.name) ) 1392 mode = STRICT_MODE; 1393 else if( name.equalsIgnoreCase(AUTH_ONLY_MODE.name) ) 1394 mode = AUTH_ONLY_MODE; 1395 else if( name.equalsIgnoreCase(STRICT_AUTH_ONLY_MODE.name) ) 1396 mode = STRICT_AUTH_ONLY_MODE; 1397 else 1398 throw new IllegalStateException ("Unknown mode, must be one of: strict, authOnly, strictAuthOnly"); 1399 return mode; 1400 } 1401 1402 private AllRolesMode(String name) 1403 { 1404 this.name = name; 1405 } 1406 1407 public boolean equals(Object o) 1408 { 1409 boolean equals = false; 1410 if( o instanceof AllRolesMode ) 1411 { 1412 AllRolesMode mode = (AllRolesMode) o; 1413 equals = name.equals(mode.name); 1414 } 1415 return equals; 1416 } 1417 public int hashCode() 1418 { 1419 return name.hashCode(); 1420 } 1421 public String toString() 1422 { 1423 return name; 1424 } 1425 } 1426 1427} 1428 | Popular Tags |