/** Return the password associated with the given principal's user name. */
protected String getPassword(String username) {
GenericPrincipal principal = (GenericPrincipal) principals.get(username);
if (principal != null) {
return (principal.getPassword());
} else {
return (null);
}
}
/**
* Return <code>true</code> if the specified Principal has the specified security role, within the
* context of this Realm; otherwise return <code>false</code>. This method can be overridden by
* Realm implementations, but the default is adequate when an instance of <code>GenericPrincipal
* </code> is used to represent authenticated Principals from this Realm.
*
* @param principal Principal for whom the role is to be checked
* @param role Security role to be checked
*/
public boolean hasRole(Principal principal, String role) {
if ((principal == null) || (role == null) || !(principal instanceof GenericPrincipal))
return (false);
GenericPrincipal gp = (GenericPrincipal) principal;
if (!(gp.getRealm() == this)) return (false);
boolean result = gp.hasRole(role);
if (debug >= 2) {
String name = principal.getName();
if (result) log(sm.getString("realmBase.hasRoleSuccess", name, role));
else log(sm.getString("realmBase.hasRoleFailure", name, role));
}
return (result);
}
protected Principal getPrincipal(String username, GSSCredential gssCredential) {
Principal p = getPrincipal(username);
if (p instanceof GenericPrincipal) {
((GenericPrincipal) p).setGssCredential(gssCredential);
}
return p;
}
/**
* Return <code>true</code> if the specified Principal has the specified security role, within the
* context of this Realm; otherwise return <code>false</code>. This method can be overridden by
* Realm implementations, but the default is adequate when an instance of <code>GenericPrincipal
* </code> is used to represent authenticated Principals from this Realm.
*
* @param principal Principal for whom the role is to be checked
* @param role Security role to be checked
*/
@Override
public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
// Check for a role alias defined in a <security-role-ref> element
if (wrapper != null) {
String realRole = wrapper.findSecurityReference(role);
if (realRole != null) role = realRole;
}
// Should be overridden in JAASRealm - to avoid pretty inefficient conversions
if ((principal == null) || (role == null) || !(principal instanceof GenericPrincipal))
return (false);
GenericPrincipal gp = (GenericPrincipal) principal;
boolean result = gp.hasRole(role);
if (log.isDebugEnabled()) {
String name = principal.getName();
if (result) log.debug(sm.getString("realmBase.hasRoleSuccess", name, role));
else log.debug(sm.getString("realmBase.hasRoleFailure", name, role));
}
return (result);
}
/**
* Return the Principal associated with the specified username and credentials, if there is one;
* otherwise return <code>null</code>.
*
* @param username Username of the Principal to look up
* @param credentials Password or other credentials to use in authenticating this username
*/
public Principal authenticate(String username, String credentials) {
GenericPrincipal principal = (GenericPrincipal) principals.get(username);
boolean validated = false;
if (principal != null) {
if (hasMessageDigest()) {
// Hex hashes should be compared case-insensitive
validated = (digest(credentials).equalsIgnoreCase(principal.getPassword()));
} else {
validated = (digest(credentials).equals(principal.getPassword()));
}
}
if (validated) {
if (debug >= 2) log(sm.getString("memoryRealm.authenticateSuccess", username));
return (principal);
} else {
if (debug >= 2) log(sm.getString("memoryRealm.authenticateFailure", username));
return (null);
}
}
/**
* @see org.overlord.commons.auth.util.SAMLAssertionFactory#createSAMLAssertion(java.lang.String,
* java.lang.String, int)
*/
@Override
public String createSAMLAssertion(String issuerName, String forService, int timeValidInMillis) {
try {
HttpServletRequest request = HttpRequestThreadLocalValve.TL_request.get();
Principal principal = request.getUserPrincipal();
if (principal instanceof GenericPrincipal) {
GenericPrincipal gp = (GenericPrincipal) principal;
String[] gpRoles = gp.getRoles();
Set<String> roles = new HashSet<String>(gpRoles.length);
for (String role : gpRoles) {
roles.add(role);
}
return SAMLBearerTokenUtil.createSAMLAssertion(
principal, roles, issuerName, forService, timeValidInMillis);
}
throw new Exception(
Messages.getString("TomcatSAMLAssertionFactory.UnexpectedPrincipalType")
+ principal.getClass()); // $NON-NLS-1$
} catch (Exception e) {
throw new RuntimeException(e);
}
}