View Javadoc
1   /*
2    * Copyright 2013–2024 Michael Osipov
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package net.sf.michaelo.tomcat.realm;
17  
18  import java.security.Principal;
19  import java.security.cert.X509Certificate;
20  
21  import org.apache.catalina.realm.RealmBase;
22  import org.apache.juli.logging.Log;
23  import org.apache.juli.logging.LogFactory;
24  import org.apache.tomcat.util.res.StringManager;
25  import org.ietf.jgss.GSSContext;
26  import org.ietf.jgss.GSSName;
27  
28  /**
29   * Base Active Directory realm which is able to retrieve principals for {@link GSSName GSS names},
30   * fully established {@link GSSContext security contexts} or {@link X509Certificate TLS client certificates}.
31   */
32  public abstract class ActiveDirectoryRealmBase extends RealmBase {
33  
34  	protected final Log logger = LogFactory.getLog(getClass());
35  	protected final StringManager sm = StringManager.getManager(getClass());
36  
37  	/**
38  	 * @return Always {@code null} as this realm has no way of obtaining this
39  	 * information.
40  	 */
41  	@Override
42  	protected String getPassword(String username) {
43  		// Always return null
44  		return null;
45  	}
46  
47  	/**
48  	 * @throws UnsupportedOperationException
49  	 *             always throws because not implemented
50  	 */
51  	@Override
52  	protected Principal getPrincipal(String username) {
53  		throw new UnsupportedOperationException(
54  				"getPrincipal(String) is not supported by this realm");
55  	}
56  
57  	@Override
58  	protected boolean hasRoleInternal(Principal principal, String role) {
59  		if (!(principal instanceof ActiveDirectoryPrincipal))
60  			return false;
61  
62  		ActiveDirectoryPrincipal adp = (ActiveDirectoryPrincipal) principal;
63  		return adp.hasRole(role);
64  	}
65  
66  	@Override
67  	public String[] getRoles(Principal principal) {
68  		if (principal instanceof ActiveDirectoryPrincipal) {
69  			return ((ActiveDirectoryPrincipal) principal).getRoles();
70  		}
71  
72  		String className = principal.getClass().getName();
73  		throw new IllegalStateException(sm.getString("activeDirectoryRealmBase.cannotGetRoles",
74  				principal.getName(), className));
75  	}
76  
77  }