[Tomcat源码系列] 扩张

[Tomcat源码系列] 扩展

一、??? Realm/ HTTP认证
1)Realm
Realm提供了Web认证用户和角色信息的存储机制，如下是Tomcat关于Realm的说明

public interface Realm { public Container getContainer(); public void setContainer(Container container); public String getInfo(); public void addPropertyChangeListener(PropertyChangeListener listener); public Principal authenticate(String username, String credentials); public Principal authenticate(String username, byte[] credentials); public Principal authenticate(String username, String digest, String nonce, String nc, String cnonce, String qop, String realm, String md5a2); public Principal authenticate(X509Certificate certs[]); public void backgroundProcess(); public SecurityConstraint [] findSecurityConstraints(Request request, public boolean hasResourcePermission(Request request, Response response, SecurityConstraint [] constraint, Context context) throws IOException; public boolean hasRole(Principal principal, String role); public boolean hasUserDataPermission(Request request, Response response, SecurityConstraint []constraint) throws IOException; public void removePropertyChangeListener(PropertyChangeListener listener);}?

?? Tomcat提供了多种的Realm实现，实现代码比较简单

org.apache.catalina.realm.DataSourceRealm：Implmentation of Realm that works with any JDBC JNDI DataSource.See the JDBCRealm.howto for more details on how to set up the database and for configuration optionsorg.apache.catalina.realm.JAASRealm：Implmentation of Realm that authenticates users via the Java Authentication and Authorization Service (JAAS).org.apache.catalina.realm.JDBCRealm：Implmentation of <b>Realm</b> that works with any JDBC supported database. See the JDBCRealm.howto for more details on how to set up the database and for configuration options.org.apache.catalina.realm.JNDIRealm：Implementation of <strong>Realm</strong> that works with a directory server accessed via the Java Naming and Directory Interface (JNDI) APIs.org.apache.catalina.realm.MemoryRealm：Simple implementation of <b>Realm</b> that reads an XML file to configure the valid users, passwords, and roles.org.apache.catalina.realm.UserDatabaseRealm：Implementation of Realm that is based on an implementation of UserDatabase made available through the global JNDI resources configured for this instance of Catalina.(通过UserDatabase接口来获取认证信息，默认配置这个，见{tomcat}/conf/tomcat-users.xml)

2)HTTP认证
? 关于HTTP认证可参见《HTTP认证及其在Web平台中的实现》，Tomcat通过Realm实现HTTP认证用户/角色信息的存储。Tomcat的HTTP认证实现以Valve的方式提供的(见之前关于pipeline的说明，需要注意的是，这个Valve不需要显式地配置，默认ContextConfig会根据web.xml设置的信息自动注册一个认证实现)，每种实现会实现org.apache.catalina.Authenticator接口（空接口）

public interface Authenticator {}

?

?? 默认Tomcat提供了如下的实现，代码比较简单，可同时参见Realm的实现

BASIC=org.apache.catalina.authenticator.BasicAuthenticatorCLIENT-CERT=org.apache.catalina.authenticator.SSLAuthenticatorDIGEST=org.apache.catalina.authenticator.DigestAuthenticatorFORM=org.apache.catalina.authenticator.FormAuthenticatorNONE=org.apache.catalina.authenticator.NonLoginAuthenticator

如下是tomcat默认提供的manager的web.xml中关于HTTP认证部分的配置

<security-constraint>    <web-resource-collection>      <web-resource-name>HTMLManger and Manager command</web-resource-name>      <url-pattern>/jmxproxy/*</url-pattern>      <url-pattern>/html/*</url-pattern>      <url-pattern>/list</url-pattern>      <url-pattern>/expire</url-pattern>      <url-pattern>/sessions</url-pattern>      <url-pattern>/start</url-pattern>      <url-pattern>/stop</url-pattern>      <url-pattern>/install</url-pattern>      <url-pattern>/remove</url-pattern>      <url-pattern>/deploy</url-pattern>      <url-pattern>/undeploy</url-pattern>      <url-pattern>/reload</url-pattern>      <url-pattern>/save</url-pattern>      <url-pattern>/serverinfo</url-pattern>      <url-pattern>/status/*</url-pattern>      <url-pattern>/roles</url-pattern>      <url-pattern>/resources</url-pattern>      <url-pattern>/findleaks</url-pattern>    </web-resource-collection>    <auth-constraint>       <!-- NOTE:  This role is not present in the default users file -->       <role-name>manager</role-name>    </auth-constraint>  </security-constraint>  <!-- Define the Login Configuration for this Application -->  <login-config>    <auth-method>BASIC</auth-method>    <realm-name>Tomcat Manager Application</realm-name>  </login-config>  <!-- Security roles referenced by this web application -->  <security-role>    <description>      The role that is required to log in to the Manager Application    </description>    <role-name>manager</role-name>  </security-role>

二、??? Manager/Cluster
1．Manager
Manager接口实现了对Session的管理，看看Tomcat中关于Manager的定义

public interface Cluster { public String getInfo(); public String getClusterName(); public void setClusterName(String clusterName); public void setContainer(Container container); public Container getContainer(); public void setProtocol(String protocol); public String getProtocol(); public Manager createManager(String name); public void registerManager(Manager manager); public void removeManager(Manager manager); public void backgroundProcess();}

?

Cluster的实现只有一种org.apache.catalina.ha.tcp.SimpleTcpCluster，通过如下的配置范例，我们可以大概了解Cluster的主要结构，关于详细的实现，可以参见org.apache.catalina.ha包，代码相对比较独立，初始化和请求处理机制跟Tomcat机制类似，我们在前面中已有介绍。

<Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"                 channelSendOptions="8">          <Manager className="org.apache.catalina.ha.session.DeltaManager"                   expireSessionsOnShutdown="false"                   notifyListenersOnReplication="true"/>          <Channel className="org.apache.catalina.tribes.group.GroupChannel">            <Membership className="org.apache.catalina.tribes.membership.McastService"                        address="228.0.0.4"                        port="45564"                        frequency="500"                        dropTime="3000"/>            <Receiver className="org.apache.catalina.tribes.transport.nio.NioReceiver"                      address="auto"                      port="4000"                      autoBind="100"                      selectorTimeout="5000"                      maxThreads="6"/>            <Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter">              <Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>            </Sender>            <Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>            <Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>          </Channel>          <Valve className="org.apache.catalina.ha.tcp.ReplicationValve"                 filter=""/>          <Valve className="org.apache.catalina.ha.session.JvmRouteBinderValve"/>          <Deployer className="org.apache.catalina.ha.deploy.FarmWarDeployer"                    tempDir="/tmp/war-temp/"                    deployDir="/tmp/war-deploy/"                    watchDir="/tmp/war-listen/"                    watchEnabled="false"/>          <ClusterListener className="org.apache.catalina.ha.session.JvmRouteSessionIDBinderListener"/>          <ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/>        </Cluster>   

?

查看更多 下一篇