/**
* This method will load the Fortress Tomcat implementation on a URL classloader. Methods on the
* implementation are wrapped by methods on this class and are accessed via the {@code realm}
* instance variable of this class.
*/
private void initialize() {
try {
URLClassLoader ucl;
if (CONTAINER.equalsIgnoreCase(JBOSS_AGENT)) {
LOG.info(CLS_NM + ".initialize JBoss policy agent");
URL[] cp = CpUtil.getRealmClasspath(REALM_CLASSPATH);
ucl = new ChildFirstUrlClassLoader(cp, this.getClass().getClassLoader());
} else if (CONTAINER.equalsIgnoreCase("TomcatContext")) {
LOG.info(CLS_NM + ".initialize Tomcat7 Context-based policy agent");
ucl = new URLClassLoader(new URL[] {}, Thread.currentThread().getContextClassLoader());
} else {
LOG.info(CLS_NM + ".initialize Tomcat7 policy agent");
if ((realmClasspath != null) && (realmClasspath.length() > 0)) {
ucl =
new URLClassLoader(
CpUtil.parseRealmClasspath(realmClasspath), this.getClass().getClassLoader());
} else {
URL[] cp = CpUtil.getRealmClasspath(REALM_CLASSPATH);
ucl = new URLClassLoader(cp, this.getClass().getClassLoader());
}
}
LOG.info(CLS_NM + ".initialize - instantiate policy agent name: " + REALM_IMPL);
Class<?> sc = ucl.loadClass(REALM_IMPL);
realm = (TcAccessMgr) sc.newInstance();
realm.setDefaultRoles(defaultRoles);
realm.setContextId(contextId);
LOG.info(
CLS_NM
+ " J2EE Tomcat7 policy agent, contextId: "
+ contextId
+ ", defaultRoles: "
+ defaultRoles);
} catch (ClassNotFoundException e) {
String error = CLS_NM + ".initialize caught java.lang.ClassNotFoundException=" + e.toString();
LOG.severe(error);
throw new RuntimeException(error, e);
} catch (InstantiationException ie) {
String error =
CLS_NM + ".initialize caught java.lang.InstantiationException=" + ie.toString();
LOG.severe(error);
throw new RuntimeException(error, ie);
} catch (IllegalAccessException iae) {
String error =
CLS_NM + ".initialize caught java.lang.IllegalAccessException=" + iae.toString();
LOG.severe(error);
throw new RuntimeException(error, iae);
}
}
/**
* Determine if given Role is contained within User's Tomcat Principal object. This method does
* not need to hit the ldap server as the User's activated Roles are loaded into {@link
* org.apache.directory.fortress.realm.TcPrincipal#setContext(java.util.HashMap)}
*
* @param principal Contains User's Tomcat RBAC Session data that includes activated Roles.
* @param role Maps to {@code org.apache.directory.fortress.core.model.Role#name}.
* @return True if Role is found in TcPrincipal, false otherwise.
*/
@Override
public boolean hasRole(Wrapper wrapper, Principal principal, String role) {
if (realm == null) {
throw new IllegalArgumentException(
CLS_NM
+ "authenticate detected Fortress Tomcat7 Realm not initialized correctly. Check your Fortress Realm configuration");
}
return realm.hasRole(principal, role);
}
/**
* Perform user authentication and evaluate password policies.
*
* @param userId Contains the userid of the user signing on.
* @param password Contains the user's password.
* @return Principal whic * This method will load the Fortress Tomcat implementation on a URL
* classloader. Methods on the implementation are wrapped by methods on this class and are
* accessed via the {@code realm} instance variable of this class.
*/
@Override
public Principal authenticate(String userId, String password) {
if (realm == null) {
throw new IllegalArgumentException(
CLS_NM
+ "authenticate detected Fortress Tomcat7 Realm not initialized correctly. Check your Fortress Realm configuration");
}
return realm.authenticate(userId, password);
}
