© 2002 BEA Systems, Inc.


com.bea.p13n.security.realm
Class RDBMSRealm

java.lang.Object
  |
  +--weblogic.security.acl.AbstractListableRealm
        |
        +--weblogic.security.acl.AbstractManageableRealm
              |
              +--com.bea.p13n.security.realm.RDBMSRealm
Direct Known Subclasses:
RDBMSPerformanceRealm

public class RDBMSRealm
extends weblogic.security.acl.AbstractManageableRealm

ManageableRealm implementation that goes against the WLPS database tables as a backing store. This realm can be made active by using an <RDBMSRealm> element in the application's config.xml file, with the appropriate parameters (see the WLS docs for more information). This implementation uses a pool of delegate class instances to do the actual database work. Each method will retry in the case of a sql exception, for the number of times it takes to cycle through the pool. If the entire pool is cycled through with failures this means that it won't do any good to make new connections, so an exception will be thrown. NOTE: this implementation does not use the SchemaProperties parameter, instead, the SQL is externalized in a properties file.

See Also:
Serialized Form

Field Summary
protected  com.bea.p13n.security.realm.internal.Pool delegatePool
          We maintain a pool of delegates, each with its own connection to the database.
protected  int maxDelegateTries
          when retrying for delegates, let it cycle through the pool two times
protected  int poolSize
          the real number of delegates in the pool
protected  java.lang.String realmName
           
protected static com.bea.p13n.i18n.RealmExceptionTextFormatter textFormatter
          Exception class
 
Constructor Summary
RDBMSRealm()
           
RDBMSRealm(java.lang.String realmName)
          Creates a new RDBMS realm object.
 
Method Summary
protected  weblogic.security.acl.User authUserPassword(java.lang.String name, java.lang.String passwd)
          Authenticates the given user.
protected  com.bea.p13n.security.realm.internal.Pool createPool(int size)
          Creates a pool of delegates.
 void deleteGroup(java.security.acl.Group group)
          Deletes a group.
 void deleteUser(weblogic.security.acl.User user)
          Deletes a user.
protected  RDBMSDelegate getDelegate()
           
 java.security.acl.Group getGroup(java.lang.String name)
          Returns the group with the given name.
 java.util.Map getGroupGroups(RDBMSGroup pGroup)
          Returns a thread-safe Map of all groups in the database for a particular group.
 java.util.Hashtable getGroupMembers(java.lang.String name)
          Implementation of getGroupMembers as specified by the FlatGroup.Source interface.
protected  java.util.Hashtable getGroupMembersInternal(java.lang.String name)
          Called by getGroupMembers to retrieve group information if the group's cache has expired.
 java.util.Enumeration getGroups()
          Returns an enumeration of all groups in the database.
 java.util.Map getGroupUsers(RDBMSGroup pGroup)
          Returns a thread-safe Map of all users in the database for a particular group.
protected  java.security.Principal getPrincipal(java.lang.String name)
          Returns the principal with the given name.
protected  java.lang.String getPropertyBundleName()
           
protected  java.lang.String getRealmName()
           
 weblogic.security.acl.User getUser(java.lang.String name)
          Returns the user with the given name.
 java.util.Map getUserGroups(java.lang.String pUserName)
          Returns a thread-safe Map of all groups in the database for a particular user.
 java.util.Enumeration getUsers()
          Returns an enumeration of all users in the database.
 java.security.acl.Group newGroup(java.lang.String name)
          Creates a new Group
 weblogic.security.acl.User newUser(java.lang.String name, java.lang.Object credential, java.lang.Object constraints)
          Creates a new User.
protected  void removeDelegate(RDBMSDelegate delegate)
           
protected  void returnDelegate(RDBMSDelegate delegate)
          Returns a delegate to the pool.
 
Methods inherited from class weblogic.security.acl.AbstractManageableRealm
deleteAcl, deletePermission, newAcl, newPermission, setPermission
 
Methods inherited from class weblogic.security.acl.AbstractListableRealm
authCertificates, authenticate, authInternal, authSSLCertificates, getAcl, getAcl, getAclOwner, getAcls, getDelegator, getName, getPermission, getPermissions, getUser, init, load, save, setDelegator
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

textFormatter

protected static final com.bea.p13n.i18n.RealmExceptionTextFormatter textFormatter
Exception class

poolSize

protected int poolSize
the real number of delegates in the pool

maxDelegateTries

protected int maxDelegateTries
when retrying for delegates, let it cycle through the pool two times

realmName

protected java.lang.String realmName

delegatePool

protected com.bea.p13n.security.realm.internal.Pool delegatePool
We maintain a pool of delegates, each with its own connection to the database. Access to the pool itself is synchronized, but since only one thread will obtain a given delegate from the pool at any time, we don't need to synchronize any other method calls.
See Also:
returnDelegate(com.bea.p13n.security.realm.RDBMSDelegate), RDBMSDelegate$DFactory
Constructor Detail

RDBMSRealm

public RDBMSRealm()

RDBMSRealm

public RDBMSRealm(java.lang.String realmName)
Creates a new RDBMS realm object.
Method Detail

getPropertyBundleName

protected java.lang.String getPropertyBundleName()

getRealmName

protected java.lang.String getRealmName()

createPool

protected com.bea.p13n.security.realm.internal.Pool createPool(int size)
Creates a pool of delegates. The objects returned by the pool's factory method must extend the RDBMSDelegate class or the server will not start.

Parameters:
size - the number of pool instances to maintain

getDelegate

protected RDBMSDelegate getDelegate()

returnDelegate

protected void returnDelegate(RDBMSDelegate delegate)
Returns a delegate to the pool. If the delegate was set to null because of errors nothing is done.

See Also:
getDelegate()

removeDelegate

protected void removeDelegate(RDBMSDelegate delegate)

getUser

public weblogic.security.acl.User getUser(java.lang.String name)
Returns the user with the given name. Returns null if the user does not exist in the database.

Parameters:
name - the name to obtain
Returns:
the user, or null if none
Throws:
RDBMSException - an error occurred in communicating with the database
Overrides:
getUser in class weblogic.security.acl.AbstractListableRealm

getPrincipal

protected java.security.Principal getPrincipal(java.lang.String name)
Returns the principal with the given name. Returns null if the principal does not exist in the database.

Parameters:
name - the name to obtain
Returns:
the principal, or null if none
Throws:
RDBMSException - an error occurred in communicating with the database

getGroupMembers

public java.util.Hashtable getGroupMembers(java.lang.String name)
Implementation of getGroupMembers as specified by the FlatGroup.Source interface. This is over-ridden from AbstractListableRealm because we want to always query the database if a group's internal cache has expired (only provide one level of caching). This method is meant to only be called by RDBMSGroup when its internal cache expires.

Parameters:
name - the group name
Returns:
a hashtable of principal name->principal object pairs
Overrides:
getGroupMembers in class weblogic.security.acl.AbstractListableRealm

getGroupMembersInternal

protected java.util.Hashtable getGroupMembersInternal(java.lang.String name)
Called by getGroupMembers to retrieve group information if the group's cache has expired.

Overrides:
getGroupMembersInternal in class weblogic.security.acl.AbstractListableRealm

getGroup

public java.security.acl.Group getGroup(java.lang.String name)
Returns the group with the given name. Returns null if the group does not exist in the database.

Parameters:
name - the name to obtain
Returns:
the group, or null if none
Throws:
RDBMSException - an error occurred in communicating with the database
Overrides:
getGroup in class weblogic.security.acl.AbstractListableRealm

getUsers

public java.util.Enumeration getUsers()
Returns an enumeration of all users in the database. Each element of the Enumeration is a User object.

Returns:
all users
Throws:
RDBMSException - an error occurred in communicating with the database
Overrides:
getUsers in class weblogic.security.acl.AbstractListableRealm
See Also:
User

getGroups

public java.util.Enumeration getGroups()
Returns an enumeration of all groups in the database. Each element of the enumeration is a Group object. Note that in the RDBMS security realm, empty groups cannot currently exist.

Returns:
all groups
Throws:
RDBMSException - an error occurred in communicating with the database
Overrides:
getGroups in class weblogic.security.acl.AbstractListableRealm
See Also:
Group

getUserGroups

public java.util.Map getUserGroups(java.lang.String pUserName)
Returns a thread-safe Map of all groups in the database for a particular user. Each entry of the hashtable is a Group object. Note that in the RDBMS security realm, empty groups cannot currently exist.

Returns:
all groups
Throws:
RDBMSException - an error occurred in communicating with the database
See Also:
Group

getGroupUsers

public java.util.Map getGroupUsers(RDBMSGroup pGroup)
Returns a thread-safe Map of all users in the database for a particular group. Each entry of the hashtable is a Group object. Note that in the RDBMS security realm, empty groups cannot currently exist.

Returns:
all groups
Throws:
RDBMSException - an error occurred in communicating with the database
See Also:
Group

getGroupGroups

public java.util.Map getGroupGroups(RDBMSGroup pGroup)
Returns a thread-safe Map of all groups in the database for a particular group. Each entry of the hashtable is a Group object. Note that in the RDBMS security realm, empty groups cannot currently exist.

Returns:
all groups
Throws:
RDBMSException - an error occurred in communicating with the database
See Also:
Group

authUserPassword

protected weblogic.security.acl.User authUserPassword(java.lang.String name,
                                                      java.lang.String passwd)
Authenticates the given user. If authentication is successful, a User object is returned for that user. Otherwise, null is returned.

Returns:
the authenticated user, or null
Throws:
RDBMSException - an error occurred in communicating with the database
Overrides:
authUserPassword in class weblogic.security.acl.AbstractListableRealm

newUser

public weblogic.security.acl.User newUser(java.lang.String name,
                                          java.lang.Object credential,
                                          java.lang.Object constraints)
                                   throws java.lang.SecurityException
Creates a new User.

Parameters:
name - the name of the new user
credential - the credential for the user (must be a plaintext password)
constraints - null, for this realm
Returns:
the new User
Throws:
java.lang.SecurityException - invalid credential or constraint
Overrides:
newUser in class weblogic.security.acl.AbstractManageableRealm

newGroup

public java.security.acl.Group newGroup(java.lang.String name)
                                 throws java.lang.SecurityException
Creates a new Group

Parameters:
name - the name of the new user
credential - the credential for the user (must be a plaintext password)
constraints - null, for this realm
Returns:
the new Group
Throws:
java.lang.SecurityException - invalid credential or constraint
Overrides:
newGroup in class weblogic.security.acl.AbstractManageableRealm

deleteUser

public void deleteUser(weblogic.security.acl.User user)
                throws java.lang.SecurityException
Deletes a user. This removes the user from the users table, from the group membership, and ACL entry tables.

Parameters:
user - the user to delete
Throws:
java.lang.SecurityException - invalid user
Overrides:
deleteUser in class weblogic.security.acl.AbstractManageableRealm

deleteGroup

public void deleteGroup(java.security.acl.Group group)
                 throws java.lang.SecurityException
Deletes a group. Deletes the group from both the group membership table and the ACL entry table.

Parameters:
group - the group to delete
Throws:
java.lang.SecurityException - invalid group
Overrides:
deleteGroup in class weblogic.security.acl.AbstractManageableRealm

© 2002 BEA Systems, Inc.

Copyright © 2002 BEA Systems, Inc. All Rights Reserved