java.lang.Object
|
+--stec.iws.Realm
public abstract class Realm extends Object
Defines methods used by security realms.
Methods
Method
|
Description
|
authenticateComputer
|
Called by iServer for each client request to check computer security privileges.
|
authenticateUser
|
Called by iServer for each client request to check user security privileges.
|
checkGroup
|
Returns whether the given user is part of the specified group.
|
checkRange
|
Returns whether the given IP address range matches the specified IP address.
|
destroy
|
Called by iServer when unloading the security realm.
|
getPrincipal
|
Returns the Principal for the specified user.
|
init
|
Called by iServer when loading the security realm.
|
authenticateComputer
Called by iServer for each client request to check computer security privileges.
Syntax
public abstract int authenticateComputer(String acls,
String hostname,
String address,
String method)
throws Exception
Parameters
acls
|
comma delimited list of Access Control Lists.
|
hostname
|
the name of the computer making the request.
|
address
|
the IP address of the computer making the request.
|
method
|
the request method.
|
Returns
int
|
whether or not the specified computer can access the requested resource using
the specified method.
-1 - not found
0 - false
1 - true
|
Throws
Exception
|
any exception thrown.
|
Example
public int authenticateComputer(String acls,
String hostname,
String address,
String method)
throws Exception
{
if(method.equals("get") || method.equals("post"))
{
String acl;
int offset;
String type;
String taddress;
int count = DString.dcount(acls, ",");
for(int i = 0; i < count; i++)
{
acl = DString.trim(DString.extract(acls, ",", i));
offset = acl.indexOf('.');
type = acl.substring(0, offset);
taddress = acl.substring(offset + 1);
if(type.equals("hostname"))
{
if(hostname.equals(taddress))
{
return 1;
}
else
{
return 0;
}
}
else if(type.equals("ip_address"))
{
if(address.equals(taddress))
{
return 1;
}
else
{
return 0;
}
}
else if(type.equals("ip_range"))
{
if(Realm.checkRange(taddress, address)
{
return 1;
}
else
{
return 0;
}
}
}
}
return -1;
}
authenticateUser
Called by iServer for each client request to check user security privileges.
Syntax
public abstract boolean authenticateUser(String acls,
String username,
String password,
String method)
throws Exception
Parameters
acls
|
comma delimited list of Access Control Lists.
|
username
|
the name of the user to authenticate.
|
password
|
the user's password.
|
method
|
the request method.
|
Returns
boolean
|
whether or not the specified user can access the requested resource using the
specified method.
|
Throws
Exception
|
any exception thrown.
|
Example
public boolean authenticateUser(String acls,
String username,
String password,
String method)
throws Exception
{
if(username.equals("admin") &&
password.equals("admin") &&
(method.equals("get") ||
method.equals("post")))
{
String acl;
int offset;
String type;
String name;
int count = DString.dcount(acls, ",");
for(int i = 0; i < count; i++)
{
acl = DString.trim(DString.extract(acls, ",", i));
offset = acl.indexOf('.');
type = acl.substring(0, offset);
name = acl.substring(offset + 1);
if(type.equals("users"))
{
if(username.equals(name))
{
return true;
}
}
else if(type.equals("group") && name.equals("admin"))
{
return true;
}
}
}
return false;
}
checkGroup
Returns whether the given user is part of the specified group.
Syntax
public static boolean checkGroup(String groupname,
String username)
throws Exception
Parameters
groupname
|
the name of the group to check.
|
username
|
the user to test.
|
Returns
boolean
|
whether or not the given user was part of the specified group.
|
Throws
Exception
|
any exception thrown.
|
Example
public boolean checkGroup(String groupname, String username)
{
String[] users = getUsers(groupname);
if(users == null)
{
return false;
}
for(int i = 0; i < users.length; i++)
{
if(username.equals(users[i]))
{
return true;
}
}
return false;
}
checkRange
Returns whether the given IP address range matches the specified IP address.
Syntax
public static boolean checkRange(String range,
String address)
throws Exception
Parameters
range
|
the IP range to check against.
IP ranges use the form
#.#.#.#-#.#.#.#
or
[#|*].[#|*].[#|*].[#|*].
# is a number from 0 to 255.
|
address
|
the IP address of the computer to check.
IP addresses use the form
#.#.#.#.
# is a number from 0 to 255.
|
Returns
boolean
|
whether or not the given IP address was within the specified IP address range.
|
Throws
Exception
|
any exception thrown.
|
Example
boolean inrange = Realm.checkRange(range, address)
destroy
Called by iServer when unloading the security realm.
Syntax
public void destroy()
Parameters
Returns
Throws
Example
public destroy()
{
super.destroy();
close_files();
}
getPrincipal
Returns the Principal for the specified user.
Syntax
public abstract Principal getPrincipal(String username)
throws Exception
Parameters
username
|
the user to create a Principal for.
|
Returns
java.security.Principal
|
the Principal of the specified user.
|
Throws
Exception
|
any exception thrown.
|
Example
import java.security.Principal;
public Principal getPrincipal(String username) throws Exception
{
return new PrincipalImpl(username);
}
class PrincipalImpl implements Principal
{
String name;
public PrincipalImpl(String _name)
{
name = _name;
}
public String getName()
{
return name;
}
public boolean equals(Object obj)
{
if(obj instanceof Principal)
{
return name.equals(((PrincipalImpl)obj).name);
}
else
{
return false;
}
}
public String toString()
{
return name;
}
}
init
Called by iServer when loading the security realm.
Syntax
public void init(Hashtable parameters) throws Exception
Parameters
parameters
|
a hashtable containing initialization parameters.
|
Returns
Throws
Exception
|
any exception thrown.
|
Example
public void init(Hashtable parameters) throws Exception
{
super.init(parameters);
Object filename = parameters.get(file_name);
if(filename == null)
{
filename = "realm.dat";
}
open_files((String)file_name);
}
|