Class CertificateRealm
- java.lang.Object
-
- com.sun.enterprise.security.auth.realm.AbstractRealm
-
- com.sun.enterprise.security.auth.realm.AbstractStatefulRealm
-
- com.sun.enterprise.security.auth.realm.Realm
-
- com.sun.enterprise.security.BaseRealm
-
- com.sun.enterprise.security.auth.realm.certificate.CertificateRealm
-
- All Implemented Interfaces:
Comparable<Realm>
@Service public final class CertificateRealm extends BaseRealm
Realm wrapper for supporting certificate authentication.The certificate realm provides the security-service functionality needed to process a client-cert authentication.
Since the SSL processing, and client certificate verification is done by NSS, no authentication is actually done by this realm. It only serves the purpose of being registered as the certificate handler realm and to service group membership requests during web container role checks.
There is no JAAS LoginModule corresponding to the certificate realm, therefore this realm does not require the jaas-context configuration parameter to be set. The purpose of a JAAS LoginModule is to implement the actual authentication processing, which for the case of this certificate realm is already done by the time execution gets to Java.
The certificate realm needs the following properties in its configuration: None.
The following optional properties can also be specified:
- assign-groups - a comma-separated list of group names which will be assigned to all users who present a cryptographically valid certificate.
- "common-name-as-principal-name" - if true, the CN from the client certificate will be used as a name of the principal
- "dn-parts-used-for-groups" a comma-separated list of
OID
names whose values in certificate's distinguished name will be used as a group names.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
CertificateRealm.AppContextCallback
ALoginModule
forCertificateRealm
can instantiate and pass aAppContextCallback
tohandle
method of the passedCallbackHandler
to retrieve the application name information.
-
Field Summary
Fields Modifier and Type Field Description static String
AUTH_TYPE
Descriptive string of the authentication type of this realm.-
Fields inherited from class com.sun.enterprise.security.auth.realm.Realm
_logger, JAAS_CONTEXT_PARAM, RI_DEFAULT
-
Fields inherited from class com.sun.enterprise.security.auth.realm.AbstractStatefulRealm
groupMapper, GROUPS_SEP, PARAM_DEFAULT_DIGEST_ALGORITHM, PARAM_GROUP_MAPPING, PARAM_GROUPS
-
-
Constructor Summary
Constructors Constructor Description CertificateRealm()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
authenticate(Subject subject, X500Principal principal)
String
getAuthType()
Returns a short (preferably less than fifteen characters) description of the kind of authentication which is supported by this realm.Enumeration<String>
getGroupNames(String username)
WARN: does not have access to user's certificate, so it does not return groups based on certificate.protected void
init(Properties props)
Initialize a realm with some properties.-
Methods inherited from class com.sun.enterprise.security.BaseRealm
addUser, addUser, getGroupNames, getUser, getUserNames, persist, refresh, removeUser, supportsUserManagement, updateUser, updateUser
-
Methods inherited from class com.sun.enterprise.security.auth.realm.Realm
getDefaultInstance, getDefaultRealm, getInstance, getInstance, getRealmNames, getRealmStatsProvier, instantiate, instantiate, isValidRealm, isValidRealm, setDefaultRealm, unloadInstance, unloadInstance, updateInstance, updateInstance
-
Methods inherited from class com.sun.enterprise.security.auth.realm.AbstractStatefulRealm
addAssignGroups, compareTo, getDefaultDigestAlgorithm, getJAASContext, getMappedGroupNames, getName, getProperties, getProperty, refresh, setName, setProperty, toString
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
-
Methods inherited from interface java.lang.Comparable
compareTo
-
-
-
-
Field Detail
-
AUTH_TYPE
public static final String AUTH_TYPE
Descriptive string of the authentication type of this realm.- See Also:
- Constant Field Values
-
-
Method Detail
-
init
protected void init(Properties props) throws BadRealmException, NoSuchRealmException
Description copied from class:AbstractStatefulRealm
Initialize a realm with some properties. This can be used when instantiating realms from their descriptions. This method may only be called a single time.- Overrides:
init
in classAbstractStatefulRealm
- Parameters:
props
- initialization parameters used by this realm.- Throws:
BadRealmException
- if the configuration parameters identify a corrupt realmNoSuchRealmException
- if the configuration parameters specify a realm which doesn't exist
-
getAuthType
public String getAuthType()
Returns a short (preferably less than fifteen characters) description of the kind of authentication which is supported by this realm.- Specified by:
getAuthType
in classAbstractRealm
- Returns:
- Description of the kind of authentication that is directly supported by this realm.
-
getGroupNames
public Enumeration<String> getGroupNames(String username)
WARN: does not have access to user's certificate, so it does not return groups based on certificate.- Specified by:
getGroupNames
in classAbstractRealm
- Parameters:
username
- name of the user in this realm whose group listing is needed.- Returns:
- enumeration of group names assigned to all users authenticated by this realm.
-
authenticate
public String authenticate(Subject subject, X500Principal principal)
- Parameters:
subject
- The Subject object for the authentication request.principal
- The Principal object from the user certificate.- Returns:
- principal's name
-
-