Class ActiveDirectoryPrincipal

  • All Implemented Interfaces:
    Principal, TomcatPrincipal

    public class ActiveDirectoryPrincipal
    extends Object
    implements TomcatPrincipal
    Represents a principal from Active Directory with a list of roles.

    An Active Directory principal is comprised of the following items:

    • the GSS name,
    • the security identifier (SID),
    • an optional GSS credential for credential delegation (impersonation),
    • an array of security groups the user has been assigned to, stored according to the role format configured in the realm,
    • and a map with additional attributes which are either a String, byte[] or a List of either one.
    • Constructor Detail

      • ActiveDirectoryPrincipal

        public ActiveDirectoryPrincipal​(GSSName gssName,
                                        Sid sid,
                                        GSSCredential gssCredential)
        Constructs a new principal for the given parameters.
    • Method Detail

      • getGssName

        public GSSName getGssName()
        Returns the underlying GSS name.
        Returns:
        the underlying GSS name
      • getSid

        public Sid getSid()
        Returns the security identifier (SID) of the principal.
        Returns:
        the security identifier
      • hasRole

        public boolean hasRole​(String role)
        Grants access if supplied role is associated with this principal.
        Parameters:
        role - the role to check
        Returns:
        true if principal is associated with the role, else false
      • getRoles

        public String[] getRoles()
        Returns the sorted roles of the given principal.
        Returns:
        a sorted read-only view of the roles
      • getAdditionalAttributes

        public Map<String,​Object> getAdditionalAttributes()
        Holds additional attributes for a given principal which may be stored in Active Directory.
        Returns:
        a read-only view of the additional attributes