org.apache.catalina.realm
public class LockOutRealm extends CombinedRealm
Nested Class Summary | |
---|---|
protected class | LockOutRealm.LockRecord |
Field Summary | |
---|---|
protected int | cacheRemovalWarningTime
If a failed user is removed from the cache because the cache is too big
before it has been in the cache for at least this period of time (in
seconds) a warning message will be logged. |
protected int | cacheSize
Number of users that have failed authentication to keep in cache. |
protected Map<String,LockOutRealm.LockRecord> | failedUsers
Users whose last authentication attempt failed. |
protected int | failureCount
The number of times in a row a user has to fail authentication to be
locked out. |
protected int | lockOutTime
The time (in seconds) a user is locked out for after too many
authentication failures. |
Method Summary | |
---|---|
Principal | authenticate(String username, byte[] credentials)
Return the Principal associated with the specified username and
credentials, if there is one; otherwise return null .
|
Principal | authenticate(String username, String clientDigest, String once, String nc, String cnonce, String qop, String realmName, String md5a2)
Return the Principal associated with the specified username, which
matches the digest calculated using the given parameters using the
method described in RFC 2069; otherwise return null .
|
Principal | authenticate(String username, String credentials)
Return the Principal associated with the specified username and
credentials, if there is one; otherwise return null .
|
Principal | authenticate(X509Certificate[] certs)
Return the Principal associated with the specified chain of X509
client certificates. |
int | getCacheRemovalWarningTime()
Get the minimum period a failed authentication must remain in the cache
to avoid generating a warning if it is removed from the cache to make
space for a new entry. |
int | getCacheSize()
Get the maximum number of users for which authentication failure will be
kept in the cache. |
int | getFailureCount()
Get the number of failed authentication attempts required to lock the
user account. |
int | getLockOutTime()
Get the period for which an account will be locked. |
void | setCacheRemovalWarningTime(int cacheRemovalWarningTime)
Set the minimum period a failed authentication must remain in the cache
to avoid generating a warning if it is removed from the cache to make
space for a new entry. |
void | setCacheSize(int cacheSize)
Set the maximum number of users for which authentication failure will be
kept in the cache. |
void | setFailureCount(int failureCount)
Set the number of failed authentication attempts required to lock the
user account. |
void | setLockOutTime(int lockOutTime)
Set the period for which an account will be locked. |
void | start()
Prepare for the beginning of active use of the public methods of this
component. |
void | unlock(String username)
Unlock the specified username. |
null
.
Parameters: username Username of the Principal to look up credentials Password or other credentials to use in authenticating this username
null
.
Parameters: username Username of the Principal to look up clientDigest Digest which has been submitted by the client nOnce Unique (or supposedly unique) token which has been used for this request realm Realm name md5a2 Second MD5 digest used to calculate the digest : MD5(Method + ":" + uri)
null
.
Parameters: username Username of the Principal to look up credentials Password or other credentials to use in authenticating this username
null
.
Parameters: certs Array of client certificates, with the first one in the array being the certificate of the client itself.
Returns: the cacheRemovalWarningTime
Returns: the cacheSize
Returns: the failureCount
Returns: the lockOutTime
Parameters: cacheRemovalWarningTime the cacheRemovalWarningTime to set
Parameters: cacheSize the cacheSize to set
Parameters: failureCount the failureCount to set
Parameters: lockOutTime the lockOutTime to set
Throws: LifecycleException if this component detects a fatal error that prevents this component from being used
Parameters: username The user to unlock