com.bea.p13n.security.realm
Class RDBMSRealm

java.lang.Object
  |
  +--weblogic.security.acl.AbstractListableRealm
        |
        +--weblogic.security.acl.AbstractManageableRealm
              |
              +--com.bea.p13n.security.realm.RDBMSRealm

Direct Known Subclasses:

RDBMSPerformanceRealm

public class RDBMSRealm

extends weblogic.security.acl.AbstractManageableRealm

ManageableRealm implementation that goes against the WLPS database tables as a backing store. This realm can be made active by using an <RDBMSRealm> element in the application's config.xml file, with the appropriate parameters (see the WLS docs for more information). This implementation uses a pool of delegate class instances to do the actual database work. Each method will retry in the case of a sql exception, for the number of times it takes to cycle through the pool. If the entire pool is cycled through with failures this means that it won't do any good to make new connections, so an exception will be thrown. NOTE: this implementation does not use the SchemaProperties parameter, instead, the SQL is externalized in a properties file.

See Also:

Serialized Form

Field Summary

protected com.bea.p13n.security.realm.internal.Pool	delegatePool We maintain a pool of delegates, each with its own connection to the database.
protected int	maxDelegateTries when retrying for delegates, let it cycle through the pool two times
protected int	poolSize the real number of delegates in the pool
protected java.lang.String	realmName
protected static com.bea.p13n.i18n.RealmExceptionTextFormatter	textFormatter Exception class

Constructor Summary

RDBMSRealm()

RDBMSRealm(java.lang.String realmName)
Creates a new RDBMS realm object.

Method Summary

protected weblogic.security.acl.User	authUserPassword(java.lang.String name, java.lang.String passwd) Authenticates the given user.
protected com.bea.p13n.security.realm.internal.Pool	createPool(int size) Creates a pool of delegates.
void	deleteGroup(java.security.acl.Group group) Deletes a group.
void	deleteUser(weblogic.security.acl.User user) Deletes a user.
protected RDBMSDelegate	getDelegate()
java.security.acl.Group	getGroup(java.lang.String name) Returns the group with the given name.
java.util.Map	getGroupGroups(RDBMSGroup pGroup) Returns a thread-safe Map of all groups in the database for a particular group.
java.util.Hashtable	getGroupMembers(java.lang.String name) Implementation of getGroupMembers as specified by the FlatGroup.Source interface.
protected java.util.Hashtable	getGroupMembersInternal(java.lang.String name) Called by getGroupMembers to retrieve group information if the group's cache has expired.
java.util.Enumeration	getGroups() Returns an enumeration of all groups in the database.
java.util.Map	getGroupUsers(RDBMSGroup pGroup) Returns a thread-safe Map of all users in the database for a particular group.
protected java.security.Principal	getPrincipal(java.lang.String name) Returns the principal with the given name.
protected java.lang.String	getPropertyBundleName()
protected java.lang.String	getRealmName()
weblogic.security.acl.User	getUser(java.lang.String name) Returns the user with the given name.
java.util.Map	getUserGroups(java.lang.String pUserName) Returns a thread-safe Map of all groups in the database for a particular user.
java.util.Enumeration	getUsers() Returns an enumeration of all users in the database.
java.security.acl.Group	newGroup(java.lang.String name) Creates a new Group
weblogic.security.acl.User	newUser(java.lang.String name, java.lang.Object credential, java.lang.Object constraints) Creates a new User.
protected void	removeDelegate(RDBMSDelegate delegate)
protected void	returnDelegate(RDBMSDelegate delegate) Returns a delegate to the pool.

Methods inherited from class weblogic.security.acl.AbstractManageableRealm

deleteAcl, deletePermission, newAcl, newPermission, setPermission

Methods inherited from class weblogic.security.acl.AbstractListableRealm

authCertificates, authenticate, authInternal, authSSLCertificates, getAcl, getAcl, getAclOwner, getAcls, getDelegator, getName, getPermission, getPermissions, getUser, init, load, save, setDelegator

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

textFormatter

protected static final com.bea.p13n.i18n.RealmExceptionTextFormatter textFormatter

Exception class

poolSize

protected int poolSize

the real number of delegates in the pool

maxDelegateTries

protected int maxDelegateTries

when retrying for delegates, let it cycle through the pool two times

realmName

protected java.lang.String realmName

delegatePool

protected com.bea.p13n.security.realm.internal.Pool delegatePool

We maintain a pool of delegates, each with its own connection to the database. Access to the pool itself is synchronized, but since only one thread will obtain a given delegate from the pool at any time, we don't need to synchronize any other method calls.

See Also:

returnDelegate(com.bea.p13n.security.realm.RDBMSDelegate), RDBMSDelegate$DFactory

Constructor Detail

RDBMSRealm

public RDBMSRealm()

RDBMSRealm

public RDBMSRealm(java.lang.String realmName)

Creates a new RDBMS realm object.

Method Detail

getPropertyBundleName

protected java.lang.String getPropertyBundleName()

getRealmName

protected java.lang.String getRealmName()

createPool

protected com.bea.p13n.security.realm.internal.Pool createPool(int size)

Creates a pool of delegates. The objects returned by the pool's factory method must extend the RDBMSDelegate class or the server will not start.

Parameters:

size - the number of pool instances to maintain

getDelegate

protected RDBMSDelegate getDelegate()

returnDelegate

protected void returnDelegate(RDBMSDelegate delegate)

Returns a delegate to the pool. If the delegate was set to null because of errors nothing is done.

See Also:

getDelegate()

removeDelegate

protected void removeDelegate(RDBMSDelegate delegate)

getUser

public weblogic.security.acl.User getUser(java.lang.String name)

Returns the user with the given name. Returns null if the user does not exist in the database.

Parameters:

name - the name to obtain

Returns:

the user, or null if none

Throws:

RDBMSException - an error occurred in communicating with the database

Overrides:

getUser in class weblogic.security.acl.AbstractListableRealm

getPrincipal

protected java.security.Principal getPrincipal(java.lang.String name)

Returns the principal with the given name. Returns null if the principal does not exist in the database.

Parameters:

name - the name to obtain

Returns:

the principal, or null if none

Throws:

RDBMSException - an error occurred in communicating with the database

getGroupMembers

public java.util.Hashtable getGroupMembers(java.lang.String name)

Implementation of getGroupMembers as specified by the FlatGroup.Source interface. This is over-ridden from AbstractListableRealm because we want to always query the database if a group's internal cache has expired (only provide one level of caching). This method is meant to only be called by RDBMSGroup when its internal cache expires.

Parameters:

name - the group name

Returns:

a hashtable of principal name->principal object pairs

Overrides:

getGroupMembers in class weblogic.security.acl.AbstractListableRealm

getGroupMembersInternal

protected java.util.Hashtable getGroupMembersInternal(java.lang.String name)

Called by getGroupMembers to retrieve group information if the group's cache has expired.

Overrides:

getGroupMembersInternal in class weblogic.security.acl.AbstractListableRealm

getGroup

public java.security.acl.Group getGroup(java.lang.String name)

Returns the group with the given name. Returns null if the group does not exist in the database.

Parameters:

name - the name to obtain

Returns:

the group, or null if none

Throws:

RDBMSException - an error occurred in communicating with the database

Overrides:

getGroup in class weblogic.security.acl.AbstractListableRealm

getUsers

public java.util.Enumeration getUsers()

Returns an enumeration of all users in the database. Each element of the Enumeration is a User object.

Returns:

all users

Throws:

RDBMSException - an error occurred in communicating with the database

Overrides:

getUsers in class weblogic.security.acl.AbstractListableRealm

See Also:

User

getGroups

public java.util.Enumeration getGroups()

Returns an enumeration of all groups in the database. Each element of the enumeration is a Group object. Note that in the RDBMS security realm, empty groups cannot currently exist.

Returns:

all groups

Throws:

RDBMSException - an error occurred in communicating with the database

Overrides:

getGroups in class weblogic.security.acl.AbstractListableRealm

See Also:

Group

getUserGroups

public java.util.Map getUserGroups(java.lang.String pUserName)

Returns a thread-safe Map of all groups in the database for a particular user. Each entry of the hashtable is a Group object. Note that in the RDBMS security realm, empty groups cannot currently exist.

Returns:

all groups

Throws:

RDBMSException - an error occurred in communicating with the database

See Also:

Group

getGroupUsers

public java.util.Map getGroupUsers(RDBMSGroup pGroup)

Returns a thread-safe Map of all users in the database for a particular group. Each entry of the hashtable is a Group object. Note that in the RDBMS security realm, empty groups cannot currently exist.

Returns:

all groups

Throws:

RDBMSException - an error occurred in communicating with the database

See Also:

Group

getGroupGroups

public java.util.Map getGroupGroups(RDBMSGroup pGroup)

Returns a thread-safe Map of all groups in the database for a particular group. Each entry of the hashtable is a Group object. Note that in the RDBMS security realm, empty groups cannot currently exist.

Returns:

all groups

Throws:

RDBMSException - an error occurred in communicating with the database

See Also:

Group

authUserPassword

protected weblogic.security.acl.User authUserPassword(java.lang.String name,
                                                      java.lang.String passwd)

Authenticates the given user. If authentication is successful, a User object is returned for that user. Otherwise, null is returned.

Returns:

the authenticated user, or null

Throws:

RDBMSException - an error occurred in communicating with the database

Overrides:

authUserPassword in class weblogic.security.acl.AbstractListableRealm

newUser

public weblogic.security.acl.User newUser(java.lang.String name,
                                          java.lang.Object credential,
                                          java.lang.Object constraints)
                                   throws java.lang.SecurityException

Creates a new User.

Parameters:

name - the name of the new user

credential - the credential for the user (must be a plaintext password)

constraints - null, for this realm

Returns:

the new User

Throws:

java.lang.SecurityException - invalid credential or constraint

Overrides:

newUser in class weblogic.security.acl.AbstractManageableRealm

newGroup

public java.security.acl.Group newGroup(java.lang.String name)
                                 throws java.lang.SecurityException

Creates a new Group

Parameters:

name - the name of the new user

credential - the credential for the user (must be a plaintext password)

constraints - null, for this realm

Returns:

the new Group

Throws:

java.lang.SecurityException - invalid credential or constraint

Overrides:

newGroup in class weblogic.security.acl.AbstractManageableRealm

deleteUser

public void deleteUser(weblogic.security.acl.User user)
                throws java.lang.SecurityException

Deletes a user. This removes the user from the users table, from the group membership, and ACL entry tables.

Parameters:

user - the user to delete

Throws:

java.lang.SecurityException - invalid user

Overrides:

deleteUser in class weblogic.security.acl.AbstractManageableRealm

deleteGroup

public void deleteGroup(java.security.acl.Group group)
                 throws java.lang.SecurityException

Deletes a group. Deletes the group from both the group membership table and the ACL entry table.

Parameters:

group - the group to delete

Throws:

java.lang.SecurityException - invalid group

Overrides:

deleteGroup in class weblogic.security.acl.AbstractManageableRealm