weblogic.security.acl
Class CachingRealm

java.lang.Object
  weblogic.security.acl.CachingRealm

All Implemented Interfaces:

Serializable, DebuggableRealm, ListableRealm, ManageableRealm, RefreshableRealm

public final class CachingRealm
extends Object
implements ManageableRealm, DebuggableRealm, RefreshableRealm

Caching realm.

See Also:

Serialized Form

caseSensitive

protected boolean caseSensitive

Deprecated. 

Whether this cache is case-sensitive.

aclPosCache

protected TTLCache aclPosCache

Deprecated. 

ACL positive cache. You must synchronize on aclSync if you wish to perform any action on either ACL cache.

See Also:

CachingRealm.aclNegCache, CachingRealm.aclSync

aclNegCache

protected TTLCache aclNegCache

Deprecated. 

ACL negative cache. You must synchronize on aclSync if you wish to perform any action on either ACL cache.

See Also:

CachingRealm.aclPosCache, CachingRealm.aclSync

aclSync

protected final Object aclSync

Deprecated. 

ACL sync object. You must synchronize on this if you wish to perform any action on either ACL cache.

See Also:

CachingRealm.aclPosCache, CachingRealm.aclNegCache

groupPosCache

protected TTLCache groupPosCache

Deprecated. 

Group positive cache. You must synchronize on groupSync if you wish to perform any action on either group cache.

See Also:

CachingRealm.groupNegCache, CachingRealm.groupSync

groupNegCache

protected TTLCache groupNegCache

Deprecated. 

Group negative cache. You must synchronize on groupSync if you wish to perform any action on either group cache.

See Also:

CachingRealm.groupPosCache, CachingRealm.groupSync

groupSync

protected final Object groupSync

Deprecated. 

Group sync object. You must synchronize on this if you wish to perform any action on either group cache.

See Also:

CachingRealm.groupPosCache, CachingRealm.groupNegCache

permPosCache

protected TTLCache permPosCache

Deprecated. 

Permission positive cache. You must synchronize on permSync if you wish to perform any action on either permission cache.

See Also:

CachingRealm.permNegCache, CachingRealm.permSync

permNegCache

protected TTLCache permNegCache

Deprecated. 

Permission negative cache. You must synchronize on permSync if you wish to perform any action on either permission cache.

See Also:

CachingRealm.permPosCache, CachingRealm.permSync

permSync

protected final Object permSync

Deprecated. 

Permission sync object. You must synchronize on this if you wish to perform any action on either permission cache.

See Also:

CachingRealm.permPosCache, CachingRealm.permNegCache

userPosCache

protected TTLCache userPosCache

Deprecated. 

User positive cache. You must synchronize on userSync if you wish to perform any action on any of the user or authentication caches.

See Also:

CachingRealm.userNegCache, CachingRealm.authPosCache, CachingRealm.authNegCache, CachingRealm.userSync

userNegCache

protected TTLCache userNegCache

Deprecated. 

User negative cache. You must synchronize on userSync if you wish to perform any action on any of the user or authentication caches.

See Also:

CachingRealm.userPosCache, CachingRealm.authPosCache, CachingRealm.authNegCache, CachingRealm.userSync

authPosCache

protected TTLCache authPosCache

Deprecated. 

Authentication positive cache. You must synchronize on userSync if you wish to perform any action on any of the user or authentication caches.

See Also:

CachingRealm.userPosCache, CachingRealm.userNegCache, CachingRealm.authNegCache, CachingRealm.userSync

authNegCache

protected TTLCache authNegCache

Deprecated. 

Authentication negative cache. You must synchronize on userSync if you wish to perform any action on any of the user or authentication caches.

See Also:

CachingRealm.userPosCache, CachingRealm.userNegCache, CachingRealm.authPosCache, CachingRealm.userSync

userSync

protected final Object userSync

Deprecated. 

User and authentication sync object. You must synchronize on this if you wish to perform any action on any of the user or authentication caches.

See Also:

CachingRealm.userPosCache, CachingRealm.userNegCache, CachingRealm.authPosCache, CachingRealm.authNegCache

log

protected LogOutputStream log

Deprecated. 

Debugging log. May be null.

CachingRealm

public CachingRealm(ListableRealm delegate)

Deprecated. 

Create a new caching realm instance. We delegate to the given realm, and use no backup.

Parameters:

delegate - the realm to delegate to

CachingRealm

public CachingRealm(ListableRealm delegate,
                    ManageableRealm backup,
                    Object credential)

Deprecated. 

Create a new caching realm instance. We delegate to the given primary and backup realms.

Parameters:

delegate - the realm to delegate to

backup - the backup realm to delegate to

credential - security credential

masqueradeAs

public BasicRealm masqueradeAs(String realmName)

Deprecated. 

Ensure that the given name in the set of realms points to this realm. This is useful for making sure that Realm.getRealm() will return this object for a particular name.

Returns:

the previous realm with this name, or null if there was none

See Also:

Realm.getRealm(java.lang.String)

init

public void init(String name,
                 Object ownerCredential)
          throws NotOwnerException

Deprecated. 

Call through to the init methods in the delegate and backup realms.

Throws:

NotOwnerException

See Also:

weblogic.security.acl.BasicRealm#init

getName

public String getName()

Deprecated. 

Return the name of this realm.

Returns:

the name of this realm

getUser

public User getUser(String name)

Deprecated. 

Return the User.

Parameters:

name - String name of user

Returns:

the User

lookupPrincipal

public Principal lookupPrincipal(String name)

Deprecated. 

Look for the named principal in the user and group caches. If the principal is not in the cache, null is returned.

getPrincipal

public Principal getPrincipal(String name)

Deprecated. 

lookupUser

public User lookupUser(String name)

Deprecated. 

Look for the given user in the cache. If the user is not currently cached, null is returned.

getUser

public User getUser(UserInfo userInfo)

Deprecated. 

Call through to the authenticate method.

See Also:

CachingRealm.authenticate(UserInfo)

authenticate

public User authenticate(UserInfo userInfo)

Deprecated. 

Attempt to authenticate the given user.

Parameters:

userInfo - authentication info associated with the user

Returns:

a User object, if authentication succeeded, otherwise null

getAclOwner

public Principal getAclOwner(Object credential)

Deprecated. 

This is a direct call through to getAclOwner in delegate and/or backup realms. Its result is not cached.

See Also:

weblogic.security.acl.BasicRealm#getAclOwner

lookupGroup

public Group lookupGroup(String name)

Deprecated. 

Look for the given group in the cache. If the group is not currently cached, null is returned.

getGroup

public Group getGroup(String name)

Deprecated. 

Parameters:

name - of the group to get

Returns:

Group or null if not found

lookupAcl

public Acl lookupAcl(String name)

Deprecated. 

Look for the given ACL in the cache. If the ACL is not currently cached, null is returned.

getAcl

public Acl getAcl(String name)

Deprecated. 

Parameters:

name - of the Acl to retrieve

Returns:

Acl requested or null

lookupAcl

public Acl lookupAcl(String name,
                     char separator)

Deprecated. 

Parameters:

name - of Acl to look up

separator - character that separates segments in an Acl name, usually '.'

Returns:

Acl that is the best match

getAcl

public Acl getAcl(String name,
                  char separator)

Deprecated. 

Parameters:

name - of the Acl to lookup

separator - character that separates segments in an Acl name

Returns:

Acl that is the best match

lookupPermission

public Permission lookupPermission(String name)

Deprecated. 

Perform a cache lookup for a permission. If the given permission is not in the cache, null is returned.

Parameters:

name - of permission to lookup

Returns:

Permission requested, or null if not cached

getPermission

public Permission getPermission(String name)

Deprecated. 

Parameters:

name - Permission to get

Returns:

Permission requested or null

load

public void load(String name,
                 Object credential)
          throws ClassNotFoundException,
                 IOException,
                 NotOwnerException

Deprecated. 

Call through to the load methods in the delegate and backup realms.

Throws:

ClassNotFoundException

IOException

NotOwnerException

See Also:

weblogic.security.acl.BasicRealm#load

save

public void save(String name)
          throws IOException

Deprecated. 

Call through to the save methods in the delegate and backup realms.

Throws:

IOException

See Also:

weblogic.security.acl.BasicRealm#save

newUser

public User newUser(String name,
                    Object credential,
                    Object constraints)
             throws SecurityException

Deprecated. 

Create a new user in a realm-specific way. If the user could not be created in the delegate realm, it is created in the backup realm. If the create succeeds, any existing user negative cache entry is cleared to ensure that the new user appears immediately.

Note: we do not currently attempt to clear the negative authentication cache when a new user is created, because there may be several negative hits associated with a given user and keeping track of them is not practicable.

For this reason, you should keep the time-to-live value on the negative authentication cache low if you intend to add users to a realm, otherwise you risk denying them access because of negative cache entries that have not yet expired.

If you must ensure that the negative authentication cache is cleared when a user is created, simply extend this class and make sure that your implementation of this method traverses the negative authentication cache, clearing any entries whose names match the name of the new user. This may be an expensive operation, depending on cache size and frequency of user creation.

Specified by:

newUser in interface ManageableRealm

Parameters:

name - Username

credential - X.509 certificate, token, or password, etc.

constraints - Constraints on this user's access

Returns:

User in a ManageableRealm

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.newUser(java.lang.String, java.lang.Object, java.lang.Object)

newGroup

public Group newGroup(String name)
               throws SecurityException

Deprecated. 

Create a new group in a realm-specific way. If the group could not be created in the delegate realm, it is created in the backup realm. If the create succeeds, any existing group negative cache entry is cleared to ensure that the new group appears immediately.

Specified by:

newGroup in interface ManageableRealm

Parameters:

name - Name for the new Group

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.newGroup(java.lang.String)

newAcl

public Acl newAcl(Principal owner,
                  String name)
           throws SecurityException

Deprecated. 

Create a new ACL in a realm-specific way. If the ACL could not be created in the delegate realm, it is created in the backup realm. If the create succeeds, any existing ACL negative cache entry is cleared to ensure that the new ACL appears immediately.

Specified by:

newAcl in interface ManageableRealm

Parameters:

owner - Owner of the access control list

name - Name of the access control list

Returns:

Acl object

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.newAcl(java.security.Principal, java.lang.String)

newPermission

public Permission newPermission(String name)
                         throws SecurityException

Deprecated. 

Create a new permission in a realm-specific way. If the permission could not be created in the delegate realm, it is created in the backup realm. If the create succeeds, any existing permission negative cache entry is cleared to ensure that the new permission appears immediately.

Specified by:

newPermission in interface ManageableRealm

Parameters:

name - Name for the Permission

Returns:

Permission object

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.newPermission(java.lang.String)

deleteUser

public void deleteUser(User user)
                throws SecurityException

Deprecated. 

Delete a user from both the delegate and backup realms. If entries exist in either the user or auth positive caches, they are cleared so that the user disappears immediately.

Specified by:

deleteUser in interface ManageableRealm

Parameters:

user - User to be removed from the realm

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.deleteUser(User)

deleteGroup

public void deleteGroup(Group group)
                 throws SecurityException

Deprecated. 

Delete a group from both the delegate and backup realms. If an entry exists in the group positive cache, it is cleared so that the group disappears immediately.

Specified by:

deleteGroup in interface ManageableRealm

Parameters:

group - Group to be removed from the realm

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.deleteGroup(java.security.acl.Group)

deletePermission

public void deletePermission(Permission perm)
                      throws SecurityException

Deprecated. 

Delete a permission from both the delegate and backup realms. If an entry exists in the permission positive cache, it is cleared so that the permission disappears immediately.

Specified by:

deletePermission in interface ManageableRealm

Parameters:

perm - Permission to be removed from the realm

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.deletePermission(java.security.acl.Permission)

deleteAcl

public void deleteAcl(Principal owner,
                      Acl acl)
               throws SecurityException

Deprecated. 

Delete an ACL from both the delegate and backup realms. If an entry exists in the ACL positive cache, it is cleared so that the ACL disappears immediately.

Specified by:

deleteAcl in interface ManageableRealm

Parameters:

owner - Principal who is an owner of the ACL

acl - Access control list to be deleted

Throws:

SecurityException - bad juju

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.deleteAcl(java.security.Principal, java.security.acl.Acl)

setPermission

public void setPermission(Acl acl,
                          Principal principal,
                          Permission permission,
                          boolean allow)

Deprecated. 

Sets or unsets a permission for a principal in an ACL. If the call succeeds in either the delegate or backup realm, the ACL negative or positive cache is cleared, depending on whether or not the permission is to be allowed.

Specified by:

setPermission in interface ManageableRealm

Parameters:

acl - Access control list to be updated

principal - Principal who is an owner of the ACL

permission - Permission to be updated

allow - True to set permission to allow

Throws:

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ManageableRealm.setPermission(java.security.acl.Acl, java.security.Principal, java.security.acl.Permission, boolean)

getUsers

public Enumeration getUsers()

Deprecated. 

Return all users in both the delegate and backup realms.

Specified by:

getUsers in interface ListableRealm

Returns:

Enumeration of User objects

Throws:

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ListableRealm.getUsers()

getGroups

public Enumeration getGroups()

Deprecated. 

Return all groups in both the delegate and backup realms.

Specified by:

getGroups in interface ListableRealm

Returns:

Enumeration of Group objects

Throws:

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ListableRealm.getGroups()

getAcls

public Enumeration getAcls()

Deprecated. 

Return all ACLs in both the delegate and backup realms.

Specified by:

getAcls in interface ListableRealm

Returns:

Enumeration of Acl objects

Throws:

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ListableRealm.getAcls()

getPermissions

public Enumeration getPermissions()

Deprecated. 

Return all permissions in both the delegate and backup realms.

Specified by:

getPermissions in interface ListableRealm

Returns:

Enumeration of Permission objects

Throws:

UnsupportedOperationException - the delegate realm does not support this operation

See Also:

ListableRealm.getPermissions()

refresh

public void refresh()

Deprecated. 

Refresh by emptying the caches, refreshing the delegate & backup - the CachingRealm will auto-refresh as users/groups/acls are looked up after the caches have been emptied

Specified by:

refresh in interface RefreshableRealm

clearCaches

public void clearCaches()

Deprecated. 

Clear all caches.

clearUserCaches

public void clearUserCaches()

Deprecated. 

Clear all user-related caches. This method clears both the user and authentication positive and negative caches.

clearGroupCaches

public void clearGroupCaches()

Deprecated. 

Clear the group positive and negative caches.

clearAclCaches

public void clearAclCaches()

Deprecated. 

Clear the ACL positive and negative caches.

clearPermCaches

public void clearPermCaches()

Deprecated. 

Clear the permission positive and negative caches.

setDebug

public void setDebug(boolean enable)

Deprecated. 

Specified by:

setDebug in interface DebuggableRealm

getDebugLog

public LogOutputStream getDebugLog()

Deprecated. 

Specified by:

getDebugLog in interface DebuggableRealm

getDelegateClass

public Class getDelegateClass()

Deprecated. 

Return the class of the delegate realm. You can use this for runtime type checking, to see what kind of realm this CachingRealm instance delegates to.

getCacheValue

public Object getCacheValue(Object propId)

Deprecated.