BEA WebLogic Server 9.0 API Reference

weblogic.security.acl
Class CachingRealm

java.lang.Object
  weblogic.security.acl.CachingRealm

All Implemented Interfaces:

BasicRealm, DebuggableRealm, ListableRealm, ManageableRealm, RefreshableRealm, Serializable

Deprecated. Deprecated in WebLogic Server 7.0. Replaced by the Pluggable Security Infrastructure.

public final class CachingRealm

extends Object

implements ManageableRealm, DebuggableRealm, RefreshableRealm

Caching realm.

See Also:

Serialized Form

Copyright © 2005 BEA Systems, Inc. All Rights Reserved.

Nested Class Summary

protected static class	CachingRealm.CaseInsensitiveUserInfo Deprecated. Deprecated in WebLogic Server 7.0. Replaced by the Pluggable Security Infrastructure.
protected static class	CachingRealm.Entry Deprecated. Deprecated in WebLogic Server 7.0. Replaced by the Pluggable Security Infrastructure.
protected static class	CachingRealm.UserEntry Deprecated. Deprecated in WebLogic Server 7.0. Replaced by the Pluggable Security Infrastructure.

Field Summary

protected TTLCache	aclNegCache Deprecated. ACL negative cache.
protected TTLCache	aclPosCache Deprecated. ACL positive cache.
protected Object	aclSync Deprecated. ACL sync object.
protected TTLCache	authNegCache Deprecated. Authentication negative cache.
protected TTLCache	authPosCache Deprecated. Authentication positive cache.
protected boolean	caseSensitive Deprecated. Whether this cache is case-sensitive.
protected TTLCache	groupNegCache Deprecated. Group negative cache.
protected TTLCache	groupPosCache Deprecated. Group positive cache.
protected Object	groupSync Deprecated. Group sync object.
protected weblogic.logging.LogOutputStream	log Deprecated. Debugging log.
protected TTLCache	permNegCache Deprecated. Permission negative cache.
protected TTLCache	permPosCache Deprecated. Permission positive cache.
protected Object	permSync Deprecated. Permission sync object.
protected TTLCache	userNegCache Deprecated. User negative cache.
protected TTLCache	userPosCache Deprecated. User positive cache.
protected Object	userSync Deprecated. User and authentication sync object.

Constructor Summary

CachingRealm(ListableRealm delegate)
Deprecated. Create a new caching realm instance.

CachingRealm(ListableRealm delegate, ManageableRealm backup, Object credential)
Deprecated. Create a new caching realm instance.

Method Summary

User	authenticate(UserInfo userInfo) Deprecated. Attempt to authenticate the given user.
void	clearAclCaches() Deprecated. Clear the ACL positive and negative caches.
void	clearCaches() Deprecated. Clear all caches.
void	clearGroupCaches() Deprecated. Clear the group positive and negative caches.
void	clearPermCaches() Deprecated. Clear the permission positive and negative caches.
void	clearUserCaches() Deprecated. Clear all user-related caches.
void	deleteAcl(Principal owner, Acl acl) Deprecated. Delete an ACL from both the delegate and backup realms.
void	deleteGroup(Group group) Deprecated. Delete a group from both the delegate and backup realms.
void	deletePermission(Permission perm) Deprecated. Delete a permission from both the delegate and backup realms.
void	deleteUser(User user) Deprecated. Delete a user from both the delegate and backup realms.
Acl	getAcl(String name) Deprecated. Retrieves an Access Control List (Acl) of that name, or null.
Acl	getAcl(String name, char separator) Deprecated. Retrieves an Access Control List (Acl) with the best matching name, or null.
Principal	getAclOwner(Object credential) Deprecated. This is a direct call through to getAclOwner in delegate and/or backup realms.
Enumeration	getAcls() Deprecated. Return all ACLs in both the delegate and backup realms.
Object	getCacheValue(Object propId) Deprecated.
weblogic.logging.LogOutputStream	getDebugLog() Deprecated.
Class	getDelegateClass() Deprecated. Return the class of the delegate realm.
Group	getGroup(String name) Deprecated. Retrieves a group of that name or null.
Enumeration	getGroups() Deprecated. Return all groups in both the delegate and backup realms.
String	getName() Deprecated. Return the name of this realm.
Permission	getPermission(String name) Deprecated. Retrieves a permission object of that name or, if null is passed in, returns null.
Enumeration	getPermissions() Deprecated. Return all permissions in both the delegate and backup realms.
Principal	getPrincipal(String name) Deprecated.
User	getUser(String name) Deprecated. Return the User.
User	getUser(UserInfo userInfo) Deprecated. Call through to the authenticate method.
Enumeration	getUsers() Deprecated. Return all users in both the delegate and backup realms.
void	init(String name, Object ownerCredential) Deprecated. Call through to the init methods in the delegate and backup realms.
void	load(String name, Object credential) Deprecated. Call through to the load methods in the delegate and backup realms.
Acl	lookupAcl(String name) Deprecated. Look for the given ACL in the cache.
Acl	lookupAcl(String name, char separator) Deprecated.
Group	lookupGroup(String name) Deprecated. Look for the given group in the cache.
Permission	lookupPermission(String name) Deprecated. Perform a cache lookup for a permission.
Principal	lookupPrincipal(String name) Deprecated. Look for the named principal in the user and group caches.
User	lookupUser(String name) Deprecated. Look for the given user in the cache.
BasicRealm	masqueradeAs(String realmName) Deprecated. Ensure that the given name in the set of realms points to this realm.
Acl	newAcl(Principal owner, String name) Deprecated. Create a new ACL in a realm-specific way.
Group	newGroup(String name) Deprecated. Create a new group in a realm-specific way.
Permission	newPermission(String name) Deprecated. Create a new permission in a realm-specific way.
User	newUser(String name, Object credential, Object constraints) Deprecated. Create a new user in a realm-specific way.
void	refresh() Deprecated. Refresh by emptying the caches, refreshing the delegate & backup - the CachingRealm will auto-refresh as users/groups/acls are looked up after the caches have been emptied
void	save(String name) Deprecated. Call through to the save methods in the delegate and backup realms.
void	setDebug(boolean enable) Deprecated.
void	setPermission(Acl acl, Principal principal, Permission permission, boolean allow) Deprecated. Sets or unsets a permission for a principal in an ACL.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

aclNegCache

protected TTLCache aclNegCache

Deprecated.

ACL negative cache. You must synchronize on aclSync if you wish to perform any action on either ACL cache.

See Also:

aclPosCache, aclSync

aclPosCache

protected TTLCache aclPosCache

Deprecated.

ACL positive cache. You must synchronize on aclSync if you wish to perform any action on either ACL cache.

See Also:

aclNegCache, aclSync

aclSync

protected final Object aclSync

Deprecated.

ACL sync object. You must synchronize on this if you wish to perform any action on either ACL cache.

See Also:

aclPosCache, aclNegCache

authNegCache

protected TTLCache authNegCache

Deprecated.

Authentication negative cache. You must synchronize on userSync if you wish to perform any action on any of the user or authentication caches.

See Also:

userPosCache, userNegCache, authPosCache, userSync

authPosCache

protected TTLCache authPosCache

Deprecated.

Authentication positive cache. You must synchronize on userSync if you wish to perform any action on any of the user or authentication caches.

See Also:

userPosCache, userNegCache, authNegCache, userSync

caseSensitive

protected boolean caseSensitive

Deprecated.

Whether this cache is case-sensitive.

groupNegCache

protected TTLCache groupNegCache

Deprecated.

Group negative cache. You must synchronize on groupSync if you wish to perform any action on either group cache.

See Also:

groupPosCache, groupSync

groupPosCache

protected TTLCache groupPosCache

Deprecated.

Group positive cache. You must synchronize on groupSync if you wish to perform any action on either group cache.

See Also:

groupNegCache, groupSync

groupSync

protected final Object groupSync

Deprecated.

Group sync object. You must synchronize on this if you wish to perform any action on either group cache.

See Also:

groupPosCache, groupNegCache

log

protected weblogic.logging.LogOutputStream log

Deprecated.

Debugging log. May be null.

permNegCache

protected TTLCache permNegCache

Deprecated.

Permission negative cache. You must synchronize on permSync if you wish to perform any action on either permission cache.

See Also:

permPosCache, permSync

permPosCache

protected TTLCache permPosCache

Deprecated.

Permission positive cache. You must synchronize on permSync if you wish to perform any action on either permission cache.

See Also:

permNegCache, permSync

permSync

protected final Object permSync

Deprecated.

Permission sync object. You must synchronize on this if you wish to perform any action on either permission cache.

See Also:

permPosCache, permNegCache

userNegCache

protected TTLCache userNegCache

Deprecated.

User negative cache. You must synchronize on userSync if you wish to perform any action on any of the user or authentication caches.

See Also:

userPosCache, authPosCache, authNegCache, userSync

userPosCache

protected TTLCache userPosCache

Deprecated.

User positive cache. You must synchronize on userSync if you wish to perform any action on any of the user or authentication caches.

See Also:

userNegCache, authPosCache, authNegCache, userSync

userSync

protected final Object userSync

Deprecated.

User and authentication sync object. You must synchronize on this if you wish to perform any action on any of the user or authentication caches.

See Also:

userPosCache, userNegCache, authPosCache, authNegCache

Constructor Detail

CachingRealm

public CachingRealm(ListableRealm delegate)

Deprecated.

Create a new caching realm instance. We delegate to the given realm, and use no backup.

CachingRealm

public CachingRealm(ListableRealm delegate,
                    ManageableRealm backup,
                    Object credential)

Deprecated.

Create a new caching realm instance. We delegate to the given primary and backup realms.

Method Detail

authenticate

public User authenticate(UserInfo userInfo)

Deprecated.

Attempt to authenticate the given user.

Parameters:

userInfo - authentication info associated with the user

Returns:

a User object, if authentication succeeded, otherwise null

clearAclCaches

public void clearAclCaches()

Deprecated.

Clear the ACL positive and negative caches.

clearCaches

public void clearCaches()

Deprecated.

Clear all caches.

clearGroupCaches

public void clearGroupCaches()

Deprecated.

Clear the group positive and negative caches.

clearPermCaches

public void clearPermCaches()

Deprecated.

Clear the permission positive and negative caches.

clearUserCaches

public void clearUserCaches()

Deprecated.

Clear all user-related caches. This method clears both the user and authentication positive and negative caches.

deleteAcl

public void deleteAcl(Principal owner,
                      Acl acl)
               throws SecurityException

Deprecated.

Delete an ACL from both the delegate and backup realms. If an entry exists in the ACL positive cache, it is cleared so that the ACL disappears immediately.

Specified by:

deleteAcl in interface ManageableRealm

Parameters:

owner - Principal who is an owner of the ACL

acl - Access control list to be deleted

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.deleteAcl(java.security.Principal, java.security.acl.Acl)

deleteGroup

public void deleteGroup(Group group)
                 throws SecurityException

Deprecated.

Delete a group from both the delegate and backup realms. If an entry exists in the group positive cache, it is cleared so that the group disappears immediately.

Specified by:

deleteGroup in interface ManageableRealm

Parameters:

group - Group to be removed from the realm

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.deleteGroup(java.security.acl.Group)

deletePermission

public void deletePermission(Permission perm)
                      throws SecurityException

Deprecated.

Delete a permission from both the delegate and backup realms. If an entry exists in the permission positive cache, it is cleared so that the permission disappears immediately.

Specified by:

deletePermission in interface ManageableRealm

Parameters:

perm - Permission to be removed from the realm

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.deletePermission(java.security.acl.Permission)

deleteUser

public void deleteUser(User user)
                throws SecurityException

Deprecated.

Delete a user from both the delegate and backup realms. If entries exist in either the user or auth positive caches, they are cleared so that the user disappears immediately.

Specified by:

deleteUser in interface ManageableRealm

Parameters:

user - User to be removed from the realm

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.deleteUser(weblogic.security.acl.User)

getAcl

public Acl getAcl(String name)

Deprecated.

Description copied from interface: BasicRealm

Retrieves an Access Control List (Acl) of that name, or null.

Specified by:

getAcl in interface BasicRealm

Parameters:

name - of the Acl to retrieve

Returns:

Acl requested or null

getAcl

public Acl getAcl(String name,
                  char separator)

Deprecated.

Description copied from interface: BasicRealm

Retrieves an Access Control List (Acl) with the best matching name, or null. A name matches if it is a prefix. The longer the prefix, the better the match. The only prefixes considered are up to, but excluding the separator character. For example: getAcl("/files/personal/bill", '.') looks for Acls named files.personal.bill, files.personal, and files and returns the one with the longest name.

Specified by:

getAcl in interface BasicRealm

Parameters:

name - of the Acl to lookup

separator - character that separates segments in an Acl name

Returns:

Acl that is the best match

getAclOwner

public Principal getAclOwner(Object credential)

Deprecated.

This is a direct call through to getAclOwner in delegate and/or backup realms. Its result is not cached.

Specified by:

getAclOwner in interface BasicRealm

Parameters:

credential - Credentials of an owner

Returns:

Principal that is a BasicRealm owner

See Also:

BasicRealm.getAclOwner(java.lang.Object)

getAcls

public Enumeration getAcls()

Deprecated.

Return all ACLs in both the delegate and backup realms.

Specified by:

getAcls in interface ListableRealm

Returns:

Enumeration of Acl objects

Throws:

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ListableRealm.getAcls()

getCacheValue

public Object getCacheValue(Object propId)

Deprecated.

getDebugLog

public weblogic.logging.LogOutputStream getDebugLog()

Deprecated.

Specified by:

getDebugLog in interface DebuggableRealm

getDelegateClass

public Class getDelegateClass()

Deprecated.

Return the class of the delegate realm. You can use this for runtime type checking, to see what kind of realm this CachingRealm instance delegates to.

getGroup

public Group getGroup(String name)

Deprecated.

Description copied from interface: BasicRealm

Retrieves a group of that name or null.

Specified by:

getGroup in interface BasicRealm

Parameters:

name - of the group to get

Returns:

Group or null if not found

getGroups

public Enumeration getGroups()

Deprecated.

Return all groups in both the delegate and backup realms.

Specified by:

getGroups in interface ListableRealm

Returns:

Enumeration of Group objects

Throws:

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ListableRealm.getGroups()

getName

public String getName()

Deprecated.

Return the name of this realm.

Specified by:

getName in interface BasicRealm

Returns:

the name of this realm

getPermission

public Permission getPermission(String name)

Deprecated.

Description copied from interface: BasicRealm

Retrieves a permission object of that name or, if null is passed in, returns null. If the named permission does not exist, then it will be created and put in the list of permissions. If you pass in null, null will be returned.

Specified by:

getPermission in interface BasicRealm

Parameters:

name - Permission to get

Returns:

Permission requested or null

getPermissions

public Enumeration getPermissions()

Deprecated.

Return all permissions in both the delegate and backup realms.

Specified by:

getPermissions in interface ListableRealm

Returns:

Enumeration of Permission objects

Throws:

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ListableRealm.getPermissions()

getPrincipal

public Principal getPrincipal(String name)

Deprecated.

getUser

public User getUser(String name)

Deprecated.

Return the User.

Specified by:

getUser in interface BasicRealm

Parameters:

name - String name of user

Returns:

the User

getUser

public User getUser(UserInfo userInfo)

Deprecated.

Call through to the authenticate method.

Specified by:

getUser in interface BasicRealm

Parameters:

userInfo - Credentials to check against

Returns:

Authenticated User or null

See Also:

authenticate(weblogic.security.acl.UserInfo)

getUsers

public Enumeration getUsers()

Deprecated.

Return all users in both the delegate and backup realms.

Specified by:

getUsers in interface ListableRealm

Returns:

Enumeration of User objects

Throws:

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ListableRealm.getUsers()

init

public void init(String name,
                 Object ownerCredential)
          throws NotOwnerException

Deprecated.

Call through to the init methods in the delegate and backup realms.

Specified by:

init in interface BasicRealm

Parameters:

name - Name of Realm

ownerCredential - Credentialed owner of a BasicRealm

Throws:

NotOwnerException - if the owner credential is invalid

See Also:

BasicRealm.init(java.lang.String, java.lang.Object)

load

public void load(String name,
                 Object credential)
          throws ClassNotFoundException,
                 IOException,
                 NotOwnerException

Deprecated.

Call through to the load methods in the delegate and backup realms.

Specified by:

load in interface BasicRealm

Parameters:

name - Name of BasicRealm to load

credential - Credentialed owner of a BasicRealm

Throws:

ClassNotFoundException - if the BasicRealm cannot be found

NotOwnerException - if the credential does not match an owner

IOException - if there is an I/O error

See Also:

BasicRealm.load(java.lang.String, java.lang.Object)

lookupAcl

public Acl lookupAcl(String name)

Deprecated.

Look for the given ACL in the cache. If the ACL is not currently cached, null is returned.

lookupAcl

public Acl lookupAcl(String name,
                     char separator)

Deprecated.

Parameters:

name - of Acl to look up

separator - character that separates segments in an Acl name, usually '.'

Returns:

Acl that is the best match

lookupGroup

public Group lookupGroup(String name)

Deprecated.

Look for the given group in the cache. If the group is not currently cached, null is returned.

lookupPermission

public Permission lookupPermission(String name)

Deprecated.

Perform a cache lookup for a permission. If the given permission is not in the cache, null is returned.

Parameters:

name - of permission to lookup

Returns:

Permission requested, or null if not cached

lookupPrincipal

public Principal lookupPrincipal(String name)

Deprecated.

Look for the named principal in the user and group caches. If the principal is not in the cache, null is returned.

lookupUser

public User lookupUser(String name)

Deprecated.

Look for the given user in the cache. If the user is not currently cached, null is returned.

masqueradeAs

public BasicRealm masqueradeAs(String realmName)

Deprecated.

Ensure that the given name in the set of realms points to this realm. This is useful for making sure that Realm.getRealm() will return this object for a particular name.

Returns:

the previous realm with this name, or null if there was none

See Also:

Realm.getRealm(java.lang.String)

newAcl

public Acl newAcl(Principal owner,
                  String name)
           throws SecurityException

Deprecated.

Create a new ACL in a realm-specific way. If the ACL could not be created in the delegate realm, it is created in the backup realm. If the create succeeds, any existing ACL negative cache entry is cleared to ensure that the new ACL appears immediately.

Specified by:

newAcl in interface ManageableRealm

Parameters:

owner - Owner of the access control list

name - Name of the access control list

Returns:

Acl object

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.newAcl(java.security.Principal, java.lang.String)

newGroup

public Group newGroup(String name)
               throws SecurityException

Deprecated.

Create a new group in a realm-specific way. If the group could not be created in the delegate realm, it is created in the backup realm. If the create succeeds, any existing group negative cache entry is cleared to ensure that the new group appears immediately.

Specified by:

newGroup in interface ManageableRealm

Parameters:

name - Name for the new Group

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.newGroup(java.lang.String)

newPermission

public Permission newPermission(String name)
                         throws SecurityException

Deprecated.

Create a new permission in a realm-specific way. If the permission could not be created in the delegate realm, it is created in the backup realm. If the create succeeds, any existing permission negative cache entry is cleared to ensure that the new permission appears immediately.

Specified by:

newPermission in interface ManageableRealm

Parameters:

name - Name for the Permission

Returns:

Permission object

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.newPermission(java.lang.String)

newUser

public User newUser(String name,
                    Object credential,
                    Object constraints)
             throws SecurityException

Deprecated.

Create a new user in a realm-specific way. If the user could not be created in the delegate realm, it is created in the backup realm. If the create succeeds, any existing user negative cache entry is cleared to ensure that the new user appears immediately.

Note: we do not currently attempt to clear the negative authentication cache when a new user is created, because there may be several negative hits associated with a given user and keeping track of them is not practicable.

For this reason, you should keep the time-to-live value on the negative authentication cache low if you intend to add users to a realm, otherwise you risk denying them access because of negative cache entries that have not yet expired.

If you must ensure that the negative authentication cache is cleared when a user is created, simply extend this class and make sure that your implementation of this method traverses the negative authentication cache, clearing any entries whose names match the name of the new user. This may be an expensive operation, depending on cache size and frequency of user creation.

Specified by:

newUser in interface ManageableRealm

Parameters:

name - Username

credential - X.509 certificate, token, or password, etc.

constraints - Constraints on this user's access

Returns:

User in a ManageableRealm

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.newUser(java.lang.String, java.lang.Object, java.lang.Object)

refresh

public void refresh()

Deprecated.

Refresh by emptying the caches, refreshing the delegate & backup - the CachingRealm will auto-refresh as users/groups/acls are looked up after the caches have been emptied

Specified by:

refresh in interface RefreshableRealm

save

public void save(String name)
          throws IOException

Deprecated.

Call through to the save methods in the delegate and backup realms.

Specified by:

save in interface BasicRealm

Parameters:

name - Name to save under

Throws:

IOException - if there is an I/O error

See Also:

BasicRealm.save(java.lang.String)

setDebug

public void setDebug(boolean enable)

Deprecated.

Specified by:

setDebug in interface DebuggableRealm

setPermission

public void setPermission(Acl acl,
                          Principal principal,
                          Permission permission,
                          boolean allow)

Deprecated.

Sets or unsets a permission for a principal in an ACL. If the call succeeds in either the delegate or backup realm, the ACL negative or positive cache is cleared, depending on whether or not the permission is to be allowed.

Specified by:

setPermission in interface ManageableRealm

Parameters:

acl - Access control list to be updated

principal - Principal who is an owner of the ACL

permission - Permission to be updated

allow - True to set permission to allow

Throws:

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.setPermission(java.security.acl.Acl, java.security.Principal, java.security.acl.Permission, boolean)