310. EPMO Open Source Coordination Office Redaction File Detail Report

Produced by Araxis Merge on 12/5/2017 12:06:46 PM Central Standard Time. See www.araxis.com for information about Merge. This report uses XHTML and CSS2, and is best viewed with a modern standards-compliant browser. For optimum results when printing this report, use landscape orientation and enable printing of background images and colours in your browser.

310.1 Files compared

#	Location	File	Last Modified
1	IV-eHMP_CIF.zip\IMAG_Source\VISA\Java\ImagingVistaRealm\main\src\java\gov\va\med\imaging\tomcat\vistarealm	VistaAccessVerifyRealm.java	Mon Dec 4 21:35:12 2017 UTC
2	IV-eHMP_CIF.zip\IMAG_Source\VISA\Java\ImagingVistaRealm\main\src\java\gov\va\med\imaging\tomcat\vistarealm	VistaAccessVerifyRealm.java	Tue Dec 5 13:24:10 2017 UTC

310.2 Comparison summary

Description	Between Files 1 and 2
Description	Text Blocks	Lines
Unchanged	3	2350
Changed	2	4
Inserted	0	0
Removed	0	0

310.3 Comparison options

Whitespace
Character case	Differences in character case are significant
Line endings	Differences in line endings (`CR` and `LF` characters) are ignored
CR/LF characters	Not shown in the comparison detail

310.4 Active regular expressions

No regular expressions were active.

310.5 Comparison detail

	1	/**
	2	*
	3	Package: MAG - Vis tA Imaging
	4	WARNING: Per VHA D irective 2 004-038, t his routin e should n ot be modi fied.
	5	Date Cre ated:
	6	Site Nam e: Washin gton OI Fi eld Office , Silver S pring, MD
	7	Develope r:
	8	Descript ion:
	9
	10	;; +-------- ---------- ---------- ---------- ---------- ---------- ---------- +
	11	;; Property of the US Government .
	12	;; No permis sion to co py or redi stribute t his softwa re is give n.
	13	;; Use of un released v ersions of this soft ware requi res the us er
	14	;; to execu te a writt en test ag reement wi th the Vis tA Imaging
	15	;; Developm ent Office of the De partment o f Veterans Affairs,
	16	;; telephon e (301) 73 4-0100.
	17	;;
	18	;; The Food and Drug A dministrat ion classi fies this software a s
	19	;; a Class I I medical device. A s such, it may not b e changed
	20	;; in any wa y. Modifi cations to this soft ware may r esult in a n
	21	;; adulterat ed medical device un der 21CFR8 20, the us e of which
	22	;; is consid ered to be a violati on of US F ederal Sta tutes.
	23	;; +-------- ---------- ---------- ---------- ---------- ---------- ---------- +
	24
	25	*/
	26	package go v.va.med.i maging.tom cat.vistar ealm;
	27
	28	import gov .va.med.im aging.tomc at.vistare alm.broker .NewRpcBro ker;
	29	import gov .va.med.im aging.tomc at.vistare alm.except ions.Conne ctionFaile dException ;
	30	import gov .va.med.im aging.tomc at.vistare alm.except ions.Inval idCredenti alsExcepti on;
	31	import gov .va.med.im aging.tomc at.vistare alm.except ions.Metho dException ;
	32
	33	import jav a.security .Principal ;
	34	import jav a.security .cert.X509 Certificat e;
	35	import jav a.util.*;
	36	import jav a.util.con current.lo cks.Reentr antLock;
	37	import org .apache.ca talina.Lif ecycleStat e;
	38	import org .apache.ca talina.Cre dentialHan dler;
	39	import org .apache.ca talina.Con tainer;
	40	import org .apache.ca talina.Rea lm;
	41	import org .apache.ca talina.rea lm.Generic Principal;
	42	import org .apache.lo gging.log4 j.LogManag er;
	43	import org .apache.lo gging.log4 j.Logger;
	44	import org .ietf.jgss .GSSContex t;
	45
	46	/**
	47	* This cl ass implem ents a Tom cat Realm using Vist a as the b acking aut horization
	48	* reposit ory. The r oles of th e users au thenticate d under th is realm a re limited
	49	* to thre e known ro les, these are: 1.) clinical-d isplay-use r - a spec ial user
	50	* logged into a cli nical disp lay workst ation 2.) vista-user - a user
	51	* authent icated aga inst a Vis ta system and having the user key therei n 3.)
	52	* adminis trator - a user auth enticated against a Vista syst em and hav ing the
	53	* exchang e administ rator user key there in
	54	*
	55	* This Re alm will d elegate au thenticati on to its container parent rea lm after
	56	* authent ication ag ainst Vist a. This is done whet her the Vi sta authen tication
	57	* was suc cessful or not. Prac tically th is means t hat "speci al" users may be
	58	* added t o the pare nt realm o r that add itional ro les may be added to Vista
	59	* users b y includin g them in the parent context r ealm.
	60	*
	61	* Portion s of this code and t he comment s are copi ed verbati m from
	62	* Tomcat/ Catalina s ource.
	63	*
	64	* A quick discussio n of Realm calling s equence in Tomcat (o r at least how I
	65	* think t hey work). -startup- 1.) const ructor() 2 .) setCont ainer() 3. )
	66	* MBeanRe gistration .preRegist er() 4.) M BeanRegist ration.pos tRegister( ) 5.)
	67	* Lifecyc le.start() 6.) backg roundProce ss() runs periodical ly from he re to
	68	* Lifecyc le.stop()
	69	*
	70	* -on cli ent call- 1.) findSe curityCons traints() - determin es if the web.xml
	71	* file ha s defined security-c onstraint elements f or the res ource shou ld return
	72	* an arra y of appli cable cons traints (i n descendi ng order o f specific ity) 2.)
	73	* hasUser DataPermis sion() - t o check th e web.xml specified requiremen ts for
	74	* data in tegrity an d security in transm ission 3.) authentic ate() - de pending on
	75	* the pre sented cre dentials, may call o ne of the four authe nticate me thods if
	76	* the use r exists, should ret urn a Prin cipal real ization 4. )
	77	* hasReso urcePermis sion() - d etermines if the aut henticated user has permission
	78	* to the specific r esource na med - on s erver stop - 1.) Lif ecycle.sto p()
	79	*
	80	* Initial ization Se quence:
	81	*
	82	* ======= ========== ========== ========== ========== ========== ========== ======
	83	* server. xml Realm element ex ample with just requ ired prope rties spec ified
	84	* <Realm
	85	* classNa me="gov.va .med.imagi ng.tomcat. vistarealm .VistaReal m"
	86	* siteNum ber = "660 "
	87	* siteAbb reviation = "SLC"
	88	* siteNam e = "Salt Lake City, UT"
	89	* vistaSe rver = "lo calhost"
	90	* vistaPo rt = "9300 "
	91	* />
	92	*
	93	* ======= ========== ========== ========== ========== ========== ========== ======
	94	* server. xml Realm element ex ample with all prope rties spec ified
	95	* <Realm
	96	* classNa me="gov.va .med.imagi ng.tomcat. vistarealm .VistaReal m"
	97	* siteNum ber="660"
	98	* siteAbb reviation= "SLC"
	99	* siteNam e="Salt La ke City, U T"
	100	* vistaSe rver="loca lhost"
	101	* vistaPo rt="9300"
	102	* usingPr incipalCac he="true"
	103	* usingSe curityCons traintCach e="true"
	104	* princip alCacheLif espan="600 00"
	105	* securit yConstrain tCacheLife span="6000 00"
	106	* refresh PrincipalC acheEntryO nUse="true "
	107	* refresh SecurityCo nstraintCa cheEntryOn Use="true"
	108	* vistaCo nnectDelay Kludge="10 00"
	109	* userId= null
	110	* passwor d=null
	111	* showPas swordsInLo gging=fals e
	112	* setCprs Context=fa lse
	113	* default Ssn="000-0 0-0000"
	114	* bseReal m="200"
	115	* generat eBseToken= true
	116	* />
	117	*
	118	* @author BECKEC
	119	*
	120	*/
	121	public cla ss VistaAc cessVerify Realm
	122	extends Ab stractVist aRealmImpl
	123	implements Realm, or g.apache.c atalina.Li fecycle, V istaRealmS ite, Vista Realm, Vis taAccessVe rifyRealmM Bean
	124	{
	125	// Known Rol es are now defined i n the Vist aRealmRole s Enum in the
	126	// VistaReal mClient pr oject.
	127	// Partially this was for a code cleanup, and partia lly to mak e them
	128	// available
	129	// outside o f the real m itself.
	130
	131	pr ivate Cont ainer pare ntContaine r;
	132	pr ivate Real m parentCo ntainerRea lm;
	133
	134	// propertie s affectin g which Vi stA server we connec t to
	135	pr ivate Stri ng vistaSe rver = nul l; // t his MUST b e initiali zed to nul l
	136	pr ivate Inte ger vistaP ort = null ; // t his MUST b e initiali zed to nul l
	137
	138	pr ivate Bool ean authen ticateAgai nstVista = Boolean.T RUE;
	139
	140	// User iden tification propertie s, if thes e are prov ided then
	141	// the user identifica tion provi ded to the authentic ate() will be
	142	// ignored a nd these v alues used .
	143	pr ivate Stri ng userId = null;
	144	pr ivate Stri ng passwor d = null;
	145	pr ivate Bool ean showPa sswordsInL ogging = B oolean.FAL SE;
	146	pr ivate Bool ean genera teBseToken = Boolean .TRUE;
	147	pr ivate Bool ean setCpr sContext = Boolean.F ALSE;
	148	pr ivate fina l Map<Stri ng, List<S tring>> ad ditionalUs erRoles = new HashMa p<String, List<Strin g>>();
	149	pr ivate fina l Map<Stri ng, List<S tring>> ad ditionalRo leRoles = new HashMa p<String, List<Strin g>>();
	150	pr ivate Stri ng default Ssn = null ;
	151	pr ivate Stri ng bseReal m = null;
	152
	153	// If we nee d to do a Vista conn ection for authentic ation then delay for
	154	// some amou nt of time after the connectio n to allow Vista to get its ac t together again. Th is is most
	155	// definitel y a kludge to work a round a pr oblem we c an't direc tly addres s.
	156	pr ivate int vistaConne ctDelayKlu dge = 1000 ;
	157	pr ivate stat ic final i nt maxVist aConnectDe layKludge = 3000;
	158	pr ivate stat ic final i nt minVist aConnectDe layKludge = 0;
	159
	160	pr ivate Logg er logger = LogManag er.getLogg er(this.ge tClass());
	161	pr ivate Cred entialHand ler creden tialHandle r;
	162
	163	@O verride
	164	protec ted Logger getLogger ()
	165	{
	166	return l ogger;
	167	}
	168	/* *
	169	*
	170	* /
	171	pu blic Vista AccessVeri fyRealm()
	172	{
	173	logg er.info(Vi staAccessV erifyRealm .class.get CanonicalN ame() + " ctor()");
	174	}
	175
	176	// ========= ========== ========== ========== ========== ========== ========== ========== ========== ========== ========
	177	// JavaBean Property A ccessors
	178	// These pro perties ma y be set f rom the se rver confi guration.
	179	// ========= ========== ========== ========== ========== ========== ========== ========== ========== ========== ========
	180
	181	/* *
	182	* @se e gov.va.m ed.imaging .tomcat.vi starealm.V istaRealm# getVistaPo rt()
	183	*/
	184	@Overr ide
	185	public Integer g etVistaPor t()
	186	{
	187	return v istaPort;
	188	}
	189	pu blic void setVistaPo rt(Integer vistaPort )
	190	{
	191	if(t his.vistaP ort == nul l)
	192	this.v istaPort = vistaPort ;
	193	else
	194	getLog ger().erro r("The vis ta port ma y not be c hanged onc e it has b een set, a ttempt to change fro m '" +
	195	this.vis taPort + " ' to '" + vistaPort + "' is be ing ignore d.");
	196	}
	197
	198
	199	/* *
	200	* @se e gov.va.m ed.imaging .tomcat.vi starealm.V istaRealm# getVistaSe rver()
	201	*/
	202	@Overr ide
	203	public String ge tVistaServ er()
	204	{
	205	return v istaServer ;
	206	}
	207	pu blic void setVistaSe rver(Strin g localVis taServer)
	208	{
	209	if(t his.vistaS erver == n ull)
	210	this.v istaServer = localVi staServer;
	211	else
	212	getLog ger().erro r("The vis ta server may not be changed o nce it has been set, attempt t o change f rom '" +
	213	this.vis taServer + "' to '" + localVis taServer + "' is bei ng ignored .");
	214	}
	215
	216	/* *
	217	* @se e gov.va.m ed.imaging .tomcat.vi starealm.V istaRealm# getVistaCo nnectDelay Kludge()
	218	*/
	219	pu blic int g etVistaCon nectDelayK ludge()
	220	{
	221	retu rn this.vi staConnect DelayKludg e;
	222	}
	223
	224	pu blic void setVistaCo nnectDelay Kludge(int vistaConn ectDelayKl udge)
	225	{
	226	vist aConnectDe layKludge = Math.max (minVistaC onnectDela yKludge, v istaConnec tDelayKlud ge);
	227	vist aConnectDe layKludge = Math.min (maxVistaC onnectDela yKludge, v istaConnec tDelayKlud ge);
	228
	229	this .vistaConn ectDelayKl udge = vis taConnectD elayKludge ;
	230	}
	231
	232	/* *
	233	* If this p roperty is false the n this rea lm will si mply deleg ate the
	234	* authentic ation to i ts parent and create a VistaRe almPrincip al instanc e
	235	* on the Th readLocal.
	236	*
	237	* @return
	238	* /
	239	pu blic Boole an getAuth enticateAg ainstVista ()
	240	{
	241	retu rn this.au thenticate AgainstVis ta;
	242	}
	243	pu blic void setAuthent icateAgain stVista(Bo olean auth enticateAg ainstVista )
	244	{
	245	this .authentic ateAgainst Vista = au thenticate AgainstVis ta;
	246	}
	247
	248
	249	/* *
	250	* @return t he userid
	251	* /
	252	pu blic Strin g getUserI d()
	253	{
	254	retu rn this.us erId;
	255	}
	256	/* *
	257	* @return t he passwor d
	258	* /
	259	pu blic Strin g getPassw ord()
	260	{
	261	retu rn this.pa ssword;
	262	}
	263	/* *
	264	* @param us erid the u serid to s et
	265	* /
	266	pu blic void setUserId( String use rid)
	267	{
	268	this .userId = userid;
	269	}
	270	/* *
	271	* @param pa ssword the password to set
	272	* /
	273	pu blic void setPasswor d(String p assword)
	274	{
	275	this .password = password ;
	276	}
	277
	278	/* *
	279	* @return t he showPas swordsInLo gging
	280	* /
	281	pu blic Boole an getShow PasswordsI nLogging()
	282	{
	283	retu rn this.sh owPassword sInLogging ;
	284	}
	285	/* *
	286	* @param sh owPassword sInLogging the showP asswordsIn Logging to set
	287	* /
	288	pu blic void setShowPas swordsInLo gging(Bool ean showPa sswordsInL ogging)
	289	{
	290	this .showPassw ordsInLogg ing = show PasswordsI nLogging;
	291	}
	292
	293	pu blic Boole an getGene rateBseTok en()
	294	{
	295	retu rn generat eBseToken;
	296	}
	297	pu blic void setGenerat eBseToken( Boolean ge nerateBseT oken)
	298	{
	299	this .generateB seToken = generateBs eToken;
	300	}
	301	/* *
	302	* @return t he setCprs Context
	303	* /
	304	pu blic Boole an getSetC prsContext ()
	305	{
	306	retu rn this.se tCprsConte xt;
	307	}
	308	/* *
	309	* Set to TR UE to use the CPRS V istA conte xt, otherw ise use th e IMAGING VistA cont ext
	310	*
	311	* @param se tCprsConte xt the set CprsContex t to set
	312	* /
	313	pu blic void setSetCprs Context(Bo olean setC prsContext )
	314	{
	315	this .setCprsCo ntext = se tCprsConte xt;
	316	}
	317
	318	// ========= ========== ========== ========== =====
	319	// The follo wing acces sors are a means of adding add itional ro les to a
	320	// specific user or ro le
	321	// ========= ========== ========== ========== =====
	322
	323	/* *
	324	* @return t he additio nalUserRol es
	325	* /
	326	pu blic Strin g getAddit ionalUserR oles()
	327	{
	328	retu rn makeAdd itionalRol eString(ad ditionalUs erRoles);
	329	}
	330
	331	/* *
	332	* @return t he additio nalRoleRol es
	333	* /
	334	pu blic Strin g getAddit ionalRoleR oles()
	335	{
	336	retu rn makeAdd itionalRol eString(ad ditionalRo leRoles);
	337	}
	338
	339	/* *
	340	* @param ad ditionalUs erRoles th e addition alUserRole s to set
	341	* /
	342	pu blic void setAdditio nalUserRol es(String rawValue)
	343	{
	344	try
	345	{
	346	parseA dditionalR oleString( rawValue, this.addit ionalUserR oles);
	347	}
	348	catc h (Excepti on x)
	349	{
	350	x.prin tStackTrac e();
	351	}
	352	}
	353
	354	/* *
	355	* @param ad ditionalRo leRoles th e addition alRoleRole s to set
	356	* /
	357	pu blic void setAdditio nalRoleRol es(String rawValue)
	358	{
	359	try
	360	{
	361	parseA dditionalR oleString( rawValue, this.addit ionalRoleR oles);
	362	}
	363	catc h (Excepti on x)
	364	{
	365	x.prin tStackTrac e();
	366	}
	367	}
	368
	369	pr ivate Stri ng makeAdd itionalRol eString(Ma p<String, List<Strin g>> map)
	370	{
	371	Stri ngBuilder sb = new S tringBuild er();
	372
	373	for( Map.Entry< String, Li st<String> > addition alRoles : map.entryS et())
	374	{
	375	sb.app end(additi onalRoles. getKey());
	376	sb.app end("->");
	377	boolea n firstRol e = true;
	378	for(St ring role : addition alRoles.ge tValue())
	379	{
	380	if(!firs tRole) sb. append(',' );
	381	sb.appen d(role);
	382	}
	383	sb.app end(';');
	384	}
	385	retu rn sb.toSt ring();
	386	}
	387
	388	/* *
	389	* Parse a s tring in a form like "identifi er1:role1, role2;iden tifier2=ro le3,role4; "
	390	* into a Ma p<String,L ist<String >> where
	391	* the ident ifier(s) e nd up as t he key and
	392	* the role( s) are the values
	393	*
	394	* @param ra wValue
	395	* @param de stinationM ap
	396	* @throws E xception
	397	* /
	398	pr ivate void parseAddi tionalRole String(Str ing rawVal ue, Map<St ring, List <String>> destinatio nMap)
	399	th rows Excep tion
	400	{
	401	// n othing to do ?
	402	if(r awValue == null \|\| r awValue.le ngth() == 0)
	403	return ;
	404
	405	Stri ng[] roleM appings = rawValue.s plit(";");
	406	// a gain, noth ing to do ?
	407	if(r oleMapping s.length = = 0)
	408	return ;
	409
	410	for( String rol eMapping : roleMappi ngs)
	411	{
	412	String [] keyValu ePairs = r oleMapping .trim().sp lit(":");
	413	if(key ValuePairs .length < 2)
	414	throw ne w Exceptio n("Additio nal role p roperties must be in the form 'identifie r1:role1,r ole2;ident ifier2=rol e3,role4;' ");
	415	String key = key ValuePairs [0].trim() ;
	416	String [] roles = keyValueP airs[1].tr im().split (",");
	417	if(rol es.length < 1)
	418	throw ne w Exceptio n("Additio nal role p roperties must be in the form 'identifie r1:role1,r ole2;ident ifier2=rol e3,role4;' . No role specified .");
	419	List<S tring> rol eList = ne w ArrayLis t<String>( );
	420	for(St ring role : roles)
	421	roleList .add(role) ;
	422	destin ationMap.p ut(key, ro leList);
	423	}
	424	}
	425
	426	/* *
	427	* A default SSN, if s upplied, w ill be ins erted only when the SSN is not obtained from an
	428	* authentic ation repo sitory. B y default it is null , and that is expect ed to be t rue in
	429	* productio n settings .
	430	*
	431	* @return t he default SSN
	432	* /
	433	pu blic Strin g getDefau ltSsn()
	434	{
	435	retu rn this.de faultSsn;
	436	}
	437	/* *
	438	* testSsn
	439	* @param de faultSsn t he default SSN to set
	440	* /
	441	pu blic void setDefault Ssn(String defaultSs n)
	442	{
	443	this .defaultSs n = defaul tSsn;
	444	}
	445	pu blic Strin g getBseRe alm()
	446	{
	447	retu rn bseReal m;
	448	}
	449	pu blic void setBseReal m(String b seRealm)
	450	{
	451	this .bseRealm = bseRealm ;
	452	}
	453	// ========= ========== ========== ========== ========== ========== ========== ========== ========== ===
	454	// Read-Only propertie s, used by JMX for m onitoring
	455	// ========= ========== ========== ========== ========== ========== ========== ========== ========== ===
	456	/* *
	457	* @se e gov.va.m ed.imaging .tomcat.vi starealm.V istaRealm# isInitiali zed()
	458	*/
	459	@O verride
	460	pu blic boole an isIniti alized()
	461	{
	462	getL ogger().de bug("isIni tialized") ;
	463
	464	bool ean result = true;
	465
	466	Cont ainer cont ainer = th is.getCont ainer();
	467	Stri ng contain erName = c ontainer = = null ? n ull : cont ainer.getN ame();
	468	getL ogger().de bug("conta inerName = " + conta inerName);
	469
	470	if ( this.getSi teAbbrevia tion() == null)
	471	{
	472	getLog ger().warn ("VistaRea lm[" + con tainerName + "] - si te abbrevi ation is n ot set and must be b efore auth entication will succ eed.");
	473	result = false;
	474	}
	475	if ( this.getSi teName() = = null)
	476	{
	477	getLog ger().warn ("VistaRea lm[" + con tainerName + "] - si te name is not set a nd must be before au thenticati on will su cceed.");
	478	result = false;
	479	}
	480	if ( this.getSi teNumber() == null)
	481	{
	482	getLog ger().warn ("VistaRea lm[" + con tainerName + "] - si te number is not set and must be before authentica tion will succeed.") ;
	483	result = false;
	484	}
	485	if ( this.getVi staPort() == null)
	486	{
	487	getLog ger().warn ("VistaRea lm[" + con tainerName + "] - vi sta port i s not set and must b e before a uthenticat ion will s ucceed.");
	488	result = false;
	489	}
	490	if ( this.getVi staServer( ) == null)
	491	{
	492	getLog ger().warn ("VistaRea lm[" + con tainerName + "] - vi sta server is not se t and must be before authentic ation will succeed." );
	493	result = false;
	494	}
	495
	496	retu rn result;
	497	}
	498
	499	// ========= ========== ========== ========== ========== ========== ========== ========== ========== ========== ========
	500	// Realm imp lementatio n
	501	// ========= ========== ========== ========== ========== ========== ========== ========== ========== ========== ========
	502
	503	/* *
	504	* A Contain er is an o bject that can execu te request s received from a
	505	* client, a nd return responses based on t hose reque sts. Engin e -
	506	* Represent ation of t he entire Catalina s ervlet eng ine. Host -
	507	* Represent ation of a virtual h ost contai ning a num ber of Con texts. Con text -
	508	* Represent ation of a single Se rvletConte xt, which will typic ally conta in
	509	* one or mo re Wrapper s for the supported servlets. Wrapper - Representa tion
	510	* of an ind ividual se rvlet defi nition.
	511	* /
	512
	513	@O verride
	514	pu blic void setContain er(Contain er contain er)
	515	{
	516	supe r.setConta iner(conta iner);
	517
	518	// i f the cont ainer has a parent t hen get it s realm
	519	// t his class will authe nticate ag ainst that realm as well as it s own
	520	// a uthenticat ion reposi tory
	521	if ( getContain er() != nu ll)
	522	{
	523	getLog ger().info ("Containe r name is '" + getCo ntainer(). getName() + "' conta iner type is '" + ge tContainer ().getClas s().getNam e() + "'") ;
	524
	525	parent Container = getConta iner().get Parent();
	526	if (pa rentContai ner != nul l)
	527	{
	528	getLogge r().info(" Parent con tainer nam e is '" + parentCont ainer.getN ame() +
	529	"' parent container type is '" + parentC ontainer.g etClass(). getName() + "'");
	530	parentCo ntainerRea lm = paren tContainer .getRealm( );
	531	getLogge r().info(" Parent con tainer rea lm type is '" +
	532	(parentCon tainerReal m == null ? "null" : parentCon tainerReal m.getClass ().getName ()) +
	533	"'");
	534	}
	535	else
	536	{
	537	getLogge r().info(" Parent con tainer is null. Del egation to parent re alm will b e disabled .");
	538	}
	539	}
	540	}
	541
	542	pu blic synch ronized Co ntainer ge tParentCon tainer()
	543	{
	544	if(p arentConta iner == nu ll)
	545	parent Container = getConta iner() == null ? nul l : getCon tainer().g etParent() ;
	546
	547	retu rn parentC ontainer;
	548	}
	549
	550	pu blic synch ronized Re alm getPar entContain erRealm()
	551	{
	552	if(p arentConta inerRealm == null)
	553	{
	554	Contai ner parent Container = getParen tContainer ();
	555	parent ContainerR ealm = par entContain er == null ? null : parentCont ainer.getR ealm();
	556	}
	557
	558	retu rn parentC ontainerRe alm;
	559	}
	560
	561	/* *
	562	* @se e java.lan g.Object#t oString()
	563	*
	564	* Ret urns a Str ing like:
	565	* VistaRea lm [660-SL C Salt Lak e City, UT vista:slc . DNS . DNS : PORT ]
	566	*/
	567	@Overr ide
	568	public String to String()
	569	{
	570	St ringBuilde r sb = new StringBui lder();
	571
	572	sb .append(th is.getClas s().getSim pleName()) ;
	573	sb .append(" [");
	574	sb .append(th is.getSite Abbreviati on());
	575	sb .append("- ");
	576	sb .append(th is.getSite Number());
	577	sb .append(" ");
	578	sb .append(th is.getSite Name());
	579	sb .append(" vista:");
	580	sb .append(th is.getVist aServer()) ;
	581	sb .append(": ");
	582	sb .append(th is.getVist aPort());
	583	sb .append("] ");
	584
	585	return s b.toString ();
	586	}
	587
	588	/*
	589	* ========= ========== ========== ========== ========== ========== ========== ========== =======
	590	* Authentic ation Meth ods
	591	* ========= ========== ========== ========== ========== ========== ========== ========== =======
	592	* /
	593
	594	/* *
	595	* Return th e Principa l associat ed with th e specifie d username and
	596	* credentia ls, if the re is one; otherwise return <c ode>null</ code>.
	597	*
	598	* @param us ername
	599	* Username of the Pr incipal to look up, A valid Vi staImaging
	600	* access c ode
	601	* @param cr edentials
	602	* Password or other credential s to use i n authenti cating thi s
	603	* username , The veri fy code ma tching the given acc ess code
	604	* /
	605	pu blic Princ ipal authe nticate(St ring usern ame, Strin g password )
	606	{
	607	Vist aRealmPrin cipal prin cipal = nu ll;
	608	bool ean append ParentReal mRoles = t rue;
	609
	610	logg er.debug(" Authentica ting via V istaAccess VerifyReal m.");
	611
	612	Stri ng inhibit ParentDele gationProp erty =
	613	RealmD elegationC ontext.get RealmDeleg ationPrope rties().ge t(RealmDel egationCon text.INHIB IT_PARENT_ DELEGATION );
	614	bool ean inhibi tParentDel egation = Boolean.pa rseBoolean (inhibitPa rentDelega tionProper ty);
	615	Stri ng inhibit ThisAuthen ticationPr operty =
	616	RealmD elegationC ontext.get RealmDeleg ationPrope rties().ge t(RealmDel egationCon text.INHIB IT_THIS_AU THENTICATI ON);
	617	bool ean inhibi tThisAuthe ntication = Boolean. parseBoole an(inhibit ThisAuthen ticationPr operty);
	618
	619	if(! inhibitThi sAuthentic ation)
	620	{
	621	inhibi tThisAuthe ntication = RealmErr orContext. getSkipVis taAuthenti cation();
	622	}
	623
	624	// S ystem.err. println("B egin stack trace fro m VistaRea lm.authent icate()
	625	// - THIS IS N OT A THROW N EXCEPTIO N, just a stack trac e");
	626	// T hread.dump Stack();
	627	// S ystem.err. println("E nd stack t race from VistaRealm .authentic ate()");
	628	Stri ng specifi edSiteId = null;
	629	if(u sername.co ntains("\|\| "))
	630	{
	631	int lo c = userna me.indexOf ("\|\|");
	632	specif iedSiteId = username .substring (0, loc);
	633	userna me = usern ame.substr ing(loc + 2);
	634	getLog ger().info ("Using si te [" + sp ecifiedSit eId + "] s pecified i n username ");
	635	}
	636
	637	Vist aRealmSite authentic ationSite = this;
	638	if(a uthenticat ionSite == null \|\| a uthenticat ionSite.ge tVistaServ er() == nu ll \|\| auth entication Site.getVi staServer( ).length() <= 0 \|\| a uthenticat ionSite.ge tVistaPort () <= 0)
	639	{
	640	getLog ger().warn ("authenti cation sit e not spec ified, sit e required for authe ntication" );
	641	return null;
	642	}
	643
	644	getL ogger().in fo("Realm '" + authe nticationS ite.getSit eNumber() + "'-authe nticate (" + usernam e + ", " +
	645	(getSh owPassword sInLogging ().boolean Value() ? password : "<passwor d not show n>)")
	646	);
	647
	648	// I f a userId property is provide d then ove rride the supplied u sername an d password
	649	// w ith the pr operty val ues.
	650	// T his is use d, usually with auth Type=NONE where a se rvice acco unt is att ached to
	651	// a facade.
	652	if(g etUserId() != null)
	653	{
	654	getLog ger().info ("Realm '" + authent icationSit e.getSiteN umber() + "'-authent icate over riding UID /PWD");
	655	userna me = getUs erId();
	656	passwo rd = getPa ssword();
	657	getLog ger().info ("Realm '" + authent icationSit e.getSiteN umber() + "'-authent icate (" + username + ", " +
	658	(getShow PasswordsI nLogging() .booleanVa lue() ? pa ssword : " <password not shown> )")
	659	);
	660	}
	661
	662	getL ogger().de bug("inhib itParentDe legation = " + inhib itParentDe legation);
	663	getL ogger().de bug("inhib itThisAuth entication = " + inh ibitThisAu thenticati on);
	664	getL ogger().de bug("defau ltSsn = " + getDefau ltSsn());
	665
	666	// g et a lock that is ma pped to th e user nam e
	667	// t his will p revent mul tiple thre ads from a uthenticat ing the sa me user at the same time
	668	// a nd should result in succeeding threads g etting a c ache hit i nstead of a VistA ca ll
	669	Reen trantLock lock = get UsernameLo ck(usernam e);
	670	try
	671	{
	672	if(loc k != null)
	673	lock.loc k();
	674	else
	675	getLogge r().error( "Unable to acquire l ock for us ername '" + username + "', thi s could po tentially lead to co ncurrency problems." );
	676
	677	// if the princi pal cache is turned on then
	678	// loo k in the p rincipal c ache first ,
	679	// if it is ther e then che ck the pas sword and return it
	680	if (is UsingPrinc ipalCache( ).booleanV alue())
	681	{
	682	FullyQua lifiedPrin cipalName fqPrincipa l = new Fu llyQualifi edPrincipa lName(auth entication Site.getSi teNumber() , username );
	683	Principa lCacheValu e cacheEnt ry = getPr incipalCac heEntry( f qPrincipal );
	684	if (cach eEntry != null)
	685	{
	686	principal = cacheEnt ry.getPrin cipal().cl one(); // clone the
	687	// Princip al so that each thre ad has its own copy, added clo ne
	688	// on 15Oc t2007 CTB
	689
	690	// make su re that th e PWD supp lied in th e call mat ches that in
	691	// the cac he.
	692	if (princi pal.getVer ifyCode(). equals(pas sword))
	693	{
	694	ge tLogger(). info("User (" + user name + ", " +
	695	(get ShowPasswo rdsInLoggi ng().boole anValue() ? password : "<passw ord not sh own>") +
	696	") f ound in Vi staRealmPr incipal ca che");
	697
	698	// if the pr incipal is found in the cache then it ha s all
	699	// the roles it should have
	700	ap pendParent RealmRoles = false;
	701	if (isRefres hPrincipal CacheEntry OnUse().bo oleanValue ())
	702	cach eEntry.tou ch();
	703
	704	// clear the applicati on propert ies, all a pplication
	705	// propertie s are assu med to be
	706	// local to the transa ction cont ext
	707	pr incipal.cl earApplica tionProper ties();
	708	}
	709	else
	710	{
	711	pr incipal = null; // N OTE: big s ecurity ho le if this is not nu lled out
	712	ge tLogger(). warn("User (" + user name + ", " +
	713	(get ShowPasswo rdsInLoggi ng().boole anValue() ? password : "<passw ord not sh own>)") +
	714	") f ound in Vi staRealmPr incipal ca che WITH D IFFERENT P ASSWORD!") ;
	715	}
	716	}
	717	else
	718	getLogger( ).info("Pr incipal '" + fqPrinc ipal.toStr ing() + "' not found in cache. ");
	719	}
	720	else
	721	getLogge r().info(" Principal cache is n ot being u sed.");
	722
	723	// if we have no t been con figured th en do not try to do Vista conn ect
	724	if (is Initialize d() && get Authentica teAgainstV ista().boo leanValue( ) && !inhi bitThisAut henticatio n)
	725	{
	726	// if th e principa l is not a lready set then try to retriev e the
	727	// infor mation fro m VistA
	728	if (prin cipal == n ull)
	729	{
	730	//RpcBroke r broker = new RpcBr oker();
	731	NewRpcBrok er broker = new NewR pcBroker() ;
	732
	733	try
	734	{
	735	pr incipal = new VistaR ealmPrinci pal(authen ticationSi te.getSite Number(), false,
	736	Vist aRealmPrin cipal.Auth entication Credential sType.Pass word);
	737	pr incipal.se tAccessCod e(username );
	738	pr incipal.se tVerifyCod e(password );
	739	pr incipal.se tPreemptiv eAuthoriza tion(this) ;
	740
	741	// the local Connect() method set s fields i n the prin cipal
	742	// instance
	743	if (getSetCpr sContext() .booleanVa lue())
	744	{
	745	brok er.localCo nnectWitho utImaging( authentica tionSite, principal) ;
	746	// J MW 10/5/20 09 - get t he broker security t oken using the non-V istA Imagi ng RPC
	747	if(g etGenerate BseToken() )
	748	{
	749	String brokerSec urityToken = broker. getBrokerS ecurityTok enWithoutI maging(bse Realm);
	750	princi pal.setSec urityToken (brokerSec urityToken );
	751	}
	752	}
	753	el se
	754	{
	755	brok er.localCo nnect(auth entication Site, prin cipal);
	756	// s ecurity ke ys are map ped to app lication r oles
	757	Stri ng[] secur ityKeys = broker.get UserKeys() ;
	758	// g et the map ped roles and add th em to the Principal
	759	prin cipal.addR oles(Vista RealmRoles .getMapped RoleNames( securityKe ys));
	760	if(g etGenerate BseToken() )
	761	{
	762	// JMW 12/21/201 0 - need t o get brok er securit y token if VistA Ima ging insta lled as we ll
	763	String brokerSec urityToken = broker. getBrokerS ecurityTok enWithImag ing(bseRea lm);
	764	princi pal.setSec urityToken (brokerSec urityToken );
	765	}
	766	}
	767
	768	if (getLogge r().isDebu gEnabled() )
	769	for (String ro leName : p rincipal.g etRoles())
	770	getLog ger().debu g("Authent icated use r '" + use rname + "h as role '" + roleNam e + "'.");
	771
	772	ge tLogger(). info("auth enticate ( " + userna me + ", " +
	773	(get ShowPasswo rdsInLoggi ng().boole anValue() ? password : "<passw ord not sh own>") +
	774	"), user authe nticated i n Vista");
	775
	776	pr incipal.se tAuthentic atedByVist a(Boolean. TRUE);
	777	} catch (C onnectionF ailedExcep tion e)
	778	{
	779	ge tLogger(). error("aut henticate of (" + us ername + " , " +
	780	(get ShowPasswo rdsInLoggi ng().boole anValue() ? password : "<passw ord not sh own>") +
	781	"), failed due to connec tion probl em", e);
	782	pr incipal = null;
	783	Re almErrorCo ntext.setE xceptionMe ssage(e);
	784	} catch (I nvalidCred entialsExc eption e)
	785	{
	786	ge tLogger(). info("auth enticate o f (" + use rname + ", " +
	787	(get ShowPasswo rdsInLoggi ng().boole anValue() ? password : "<passw ord not sh own>") +
	788	"), failed due to invali d credenti als");
	789	pr incipal = null;
	790	Re almErrorCo ntext.setE xceptionMe ssage(e);
	791	} catch (M ethodExcep tion e)
	792	{
	793	ge tLogger(). error("aut henticate of (" + us ername + " , " +
	794	(get ShowPasswo rdsInLoggi ng().boole anValue() ? password : "<passw ord not sh own>") +
	795	"), failed due to method exception (possible change in Vista ver sion?)", e );
	796	pr incipal = null;
	797	Re almErrorCo ntext.setE xceptionMe ssage(e);
	798	} finally
	799	{
	800	tr y
	801	{
	802	brok er.disconn ect();
	803	} catch (Exc eption x)
	804	{
	805	}
	806	// kludge .. .
	807	in t delay = getVistaCo nnectDelay Kludge();
	808	if (delay > 0 && delay < 3000)
	809	try
	810	{
	811	Thread .sleep(del ay);
	812	} ca tch (Inter ruptedExce ption iX)
	813	{
	814	}
	815	}
	816	}
	817	}
	818	// Vis taRealm co nnection t o the loca l VistA ha s not been configure d,
	819	// sho w a messag e to remin d operatio ns
	820	else
	821	{
	822	if(inhib itThisAuth entication )
	823	{
	824	getLogger( ).debug("T his authen tication h as been in hibited");
	825	}
	826	else
	827	{
	828	getLogger( ).debug("V istaRealm has not be en configu red, set a ll Vista r elated pro perties in the confi guration c onsole bef ore attemp ting ViXS transactio ns.");
	829	}
	830	}
	831
	832
	833	// if the princi pal has no t had the parent rea lm roles a ppended to its
	834	// lis t and
	835	// the re is a pa rent conta iner realm (i.e. we' re the rea lm for a c ontext
	836	// and the realm for the s erver is a vailable)
	837	// the n delegate to it for additiona l users an d/or roles
	838	if (ap pendParent RealmRoles && getPar entContain erRealm() != null && !inhibitP arentDeleg ation)
	839	{
	840	getLogge r().info(" Appending parent rea lm roles, parent con tainer rea lm exists. ");
	841
	842	Principa l parentRe almPrincip al = getPa rentContai nerRealm() .authentic ate(userna me, passwo rd);
	843	if (pare ntRealmPri ncipal != null)
	844	{
	845	if (parent RealmPrinc ipal insta nceof org. apache.cat alina.real m.GenericP rincipal)
	846	{
	847	Ge nericPrinc ipal gp = (GenericPr incipal) p arentRealm Principal;
	848	if (principa l == null)
	849	{
	850	getL ogger().in fo("authen ticate (" + username + ", " +
	851	(getSh owPassword sInLogging ().boolean Value() ? password : "<passwor d not show n>") +
	852	"), su ccessfully authentic ated again st delegat e (parent container) realm.");
	853
	854	prin cipal = ne w VistaRea lmPrincipa l(authenti cationSite .getSiteNu mber(), tr ue,
	855	VistaR ealmPrinci pal.Authen ticationCr edentialsT ype.Passwo rd);
	856	prin cipal.setA ccessCode( username);
	857	prin cipal.setV erifyCode( password);
	858	prin cipal.setP reemptiveA uthorizati on(this);
	859	}
	860
	861	fo r (String gpRole : g p.getRoles ())
	862	if ( isKnownRol e(gpRole))
	863	princi pal.addRol e(gpRole);
	864
	865	if (principa l.getRoles ().size() == 0)
	866	{
	867	getL ogger().in fo("authen ticate (" + username + ", " +
	868	(getSh owPassword sInLogging ().boolean Value() ? password : "<passwor d not show n>") +
	869	") is a valid us er but had no roles defined, h ence perso na non gra ta.");
	870	prin cipal = nu ll;
	871	}
	872	el se
	873	getL ogger().in fo("authen ticate (" + username + ", " +
	874	(getSh owPassword sInLogging ().boolean Value() ? password : "<passwor d not show n>") +
	875	"), ro les from d elegated p arent may have been added.");
	876	}
	877	else
	878	{
	879	ge tLogger(). warn("Vist aRealm att empted to delegate t o ancestor container realm but did not g et a Gener icPrincipa l instance returned. ");
	880	}
	881	}
	882	}
	883	else
	884	{
	885	if(inhib itParentDe legation)
	886	{
	887	getLogger( ).info("Pa rent realm delegatio n inhibite d.");
	888	}
	889	else
	890	{
	891	getLogger( ).info("Pa rent realm roles wil l not be a ppended, " +
	892	(a ppendParen tRealmRole s ? "appen d parent r oles is en abled" : " append par ent roles is disable d") +
	893	", " +
	894	(g etParentCo ntainerRea lm() != nu ll ? "pare nt contain er realm e xists" : " parent con tainer rea lm does no t exist") +
	895	". "
	896	);
	897	}
	898	}
	899
	900	if (pr incipal != null)
	901	addAddit ionalMappe dRoles(pri ncipal);
	902
	903	// use d mostly f or testing , stuff an default S SN when no ne exists in the Pri ncipal ins tance
	904	if (pr incipal != null && g etDefaultS sn() != nu ll && (pri ncipal.get Ssn() == n ull \|\| pri ncipal.get Ssn().leng th() == 0) )
	905	{
	906	getLogge r().warn(" A default SSN (" + g etDefaultS sn() + ") is being s et on the user princ ipal, this is a test feature a nd should not be use d in produ ction.");
	907	principa l.setSsn(g etDefaultS sn());
	908	}
	909
	910	// set the threa d local se curity con text, if w e have a P rincipal
	911	if (pr incipal != null)
	912	{
	913	// put t he princip al into th e cache (i f it is tu rned on)
	914	if( isUs ingPrincip alCache(). booleanVal ue() )
	915	{
	916	VistaRealm Principal principalC lone = pri ncipal.clo ne();
	917	FullyQuali fiedPrinci palName fq pn = new F ullyQualif iedPrincip alName(pri ncipalClon e);
	918
	919	getLogger( ).info("Ca ching full y qualifie d principa l name '" + fqpn.toS tring() + "'.");
	920	PrincipalC acheValue principalC acheValue = new Prin cipalCache Value(prin cipalClone );
	921	addPrincip alCacheEnt ryIfUnique (fqpn, pri ncipalCach eValue);
	922	}
	923
	924	// set t he thread local secu rity conte xt for lat er access from
	925	// appli cation cod e
	926	VistaRea lmSecurity Context.se t(principa l);
	927	getLogge r().info(" VistaRealm SecurityCo ntext set on thread (" + Threa d.currentT hread().ge tName() + ")");
	928	}
	929
	930	return principal ;
	931	}
	932	fina lly
	933	{
	934	if(loc k != null)
	935	try{lock .unlock(); }
	936	catch(Il legalMonit orStateExc eption ims X)
	937	{
	938	getLogger( ).error(
	939	"Unexpecte d error un locking us ername loc k, this ma y indicate that the VistaRealm is gettin g confused with mult iple threa ds under t he same se curity con text."
	940	);
	941	}
	942	}
	943	}
	944
	945	/* (non-Java doc)
	946	* @see org. apache.cat alina.Real m#authenti cate(java. lang.Strin g)
	947	* /
	948	@O verride
	949	pu blic Princ ipal authe nticate(St ring uid)
	950	{
	951	retu rn null;
	952	}
	953
	954	/* (non-Java doc)
	955	* @see org. apache.cat alina.Real m#authenti cate(org.i etf.jgss.G SSContext; , java.lan g.String)
	956	* /
	957	@O verride
	958	pu blic Princ ipal authe nticate(GS SContext g ssContext, boolean s toreCreds)
	959	{
	960	retu rn null;
	961	}
	962
	963
	964	/* *
	965	* Add the m apped role s from thi s classes additional role fiel ds.
	966	*
	967	* @param pr incipal
	968	* /
	969	pr ivate void addAdditi onalMapped Roles(Vist aRealmPrin cipal prin cipal)
	970	{
	971	List <String> a dditionalR oles = new ArrayList <String>() ;
	972	List <String> a dditionalU serIdMappe dRoles = t his.additi onalUserRo les.get(pr incipal.ge tName());
	973	if(a dditionalU serIdMappe dRoles != null)
	974	additi onalRoles. addAll( ad ditionalUs erIdMapped Roles );
	975
	976	for( String rol e : princi pal.getRol es())
	977	{
	978	List<S tring> add itionalRol eMappedRol es = this. additional RoleRoles. get(role);
	979	if(add itionalRol eMappedRol es != null )
	980	addition alRoles.ad dAll( addi tionalRole MappedRole s );
	981	}
	982
	983	prin cipal.addR oles(addit ionalRoles );
	984	}
	985
	986	pr ivate Weak HashMap<Re entrantLoc k, String> userSpeci ficSynchro nizationMa p =
	987	new WeakHashMa p<Reentran tLock, Str ing>();
	988
	989	pr ivate Reen trantLock getUsernam eLock(Stri ng usernam e)
	990	{
	991	if(u sername == null)
	992	return null;
	993
	994	sync hronized(u serSpecifi cSynchroni zationMap)
	995	{
	996	for(Re entrantLoc k userLock : userSpe cificSynch ronization Map.keySet ())
	997	{
	998	String k nownUser = userSpeci ficSynchro nizationMa p.get(user Lock);
	999	if(usern ame.equals (knownUser ))
	1000	return use rLock;
	1001	}
	1002	Reentr antLock us erLock = n ew Reentra ntLock(tru e);
	1003	userSp ecificSync hronizatio nMap.put(u serLock, u sername);
	1004	return userLock;
	1005	}
	1006	}
	1007
	1008	/* *
	1009	* Return th e Principa l associat ed with th e specifie d username and
	1010	* credentia ls, if the re is one; otherwise return <c ode>null</ code>.
	1011	*
	1012	* @param us ername
	1013	* Username of the Pr incipal to look up
	1014	* @param cr edentials
	1015	* Password or other credential s to use i n authenti cating thi s
	1016	* username
	1017	* /
	1018	pu blic Princ ipal authe nticate(St ring usern ame, byte[ ] credenti als)
	1019	{
	1020	retu rn authent icate(user name, new String(cre dentials)) ;
	1021	}
	1022
	1023	/* *
	1024	* Return th e Principa l associat ed with th e specifie d username , which
	1025	* matches t he digest calculated using the given par ameters us ing the me thod
	1026	* described in RFC 20 69; otherw ise return <code>nul l</code>.
	1027	*
	1028	* @param us ername
	1029	* Username of the Pr incipal to look up
	1030	* @param di gest
	1031	* Digest w hich has b een submit ted by the client
	1032	* @param no nce
	1033	* Unique ( or suppose dly unique ) token wh ich has be en used fo r
	1034	* this req uest
	1035	* @param re alm
	1036	* Realm na me
	1037	* @param md 5a2
	1038	* Second M D5 digest used to ca lculate th e digest : MD5(Metho d +
	1039	* ":" + ur i)
	1040	* /
	1041	pu blic Princ ipal authe nticate(St ring usern ame, Strin g clientDi gest, Stri ng nOnce, String nc, String cn once, Stri ng qop, St ring realm ,
	1042	Stri ng md5a2)
	1043	{
	1044	getL ogger().in fo("authen ticate (" + username + ", dige st)");
	1045	retu rn null;
	1046	}
	1047
	1048	/* *
	1049	* Return th e Principa l associat ed with th e specifie d chain of X509 clie nt
	1050	* certifica tes. If th ere is non e, return <code>null </code>.
	1051	*
	1052	* For this method to be called the client must have presented an X509
	1053	* certifica te, which has been s igned by a trusted C ertificate Authority . At
	1054	* this poin t, all we need to do is get th e user nam e from the certifica te
	1055	* and assig n the role .
	1056	*
	1057	* @param ce rts
	1058	* Array of client ce rtificates , with the first one in the ar ray
	1059	* being th e certific ate of the client it self.
	1060	* /
	1061	pu blic Princ ipal authe nticate(X5 09Certific ate certs[ ])
	1062	{
	1063	getL ogger().de bug("Authe nticating using X509 certifica te.");
	1064	retu rn null;
	1065	}
	1066
	1067	/* (non-Java doc)
	1068	* @see java .lang.Obje ct#hashCod e()
	1069	* /
	1070	@O verride
	1071	pu blic int h ashCode()
	1072	{
	1073	fina l int prim e = 31;
	1074	int result = 1 ;
	1075	resu lt = prime * result + ((this.v istaPort = = null) ? 0 : this.v istaPort.h ashCode()) ;
	1076	resu lt = prime * result + ((this.v istaServer == null) ? 0 : this .vistaServ er.hashCod e());
	1077	retu rn result;
	1078	}
	1079	/* (non-Java doc)
	1080	* @see java .lang.Obje ct#equals( java.lang. Object)
	1081	* /
	1082	@O verride
	1083	pu blic boole an equals( Object obj )
	1084	{
	1085	if ( this == ob j)
	1086	return true;
	1087	if ( obj == nul l)
	1088	return false;
	1089	if ( getClass() != obj.ge tClass())
	1090	return false;
	1091	Vist aAccessVer ifyRealm o ther = (Vi staAccessV erifyRealm ) obj;
	1092	if ( this.vista Port == nu ll)
	1093	{
	1094	if (ot her.vistaP ort != nul l)
	1095	return f alse;
	1096	}
	1097	else if (!this .vistaPort .equals(ot her.vistaP ort))
	1098	return false;
	1099	if ( this.vista Server == null)
	1100	{
	1101	if (ot her.vistaS erver != n ull)
	1102	return f alse;
	1103	}
	1104	else if (!this .vistaServ er.equals( other.vist aServer))
	1105	return false;
	1106	retu rn true;
	1107	}
	1108
	1109	/* (non-Java doc)
	1110	* @see org. apache.cat alina.Real m#isAvaila ble()
	1111	*/
	1112	pu blic boole an isAvail able()
	1113	{
	1114	retu rn true;
	1115	}
	1116
	1117	/* (non-Java doc)
	1118	* @see org. apache.cat alina.Real m#getRoles (java.secu rity.Princ ipal)
	1119	* /
	1120	pu blic Strin g[] getRol es(Princip al princip al)
	1121	{
	1122	retu rn null;
	1123	}
	1124
	1125	/* (non-Java doc)
	1126	* @see org. apache.cat alina.Real m#setCrede ntialHandl er(org.apa che.catali na.Credent ialHandler )
	1127	*/
	1128	@O verride
	1129	pu blic void setCredent ialHandler (Credentia lHandler c redentialH andler)
	1130	{
	1131	this .credentia lHandler = credentia lHandler;
	1132	}
	1133
	1134	/* (non-Java doc)
	1135	* @see org. apache.cat alina.Real m#getCrede ntialHandl er()
	1136	*/
	1137	@O verride
	1138	pu blic Crede ntialHandl er getCred entialHand ler()
	1139	{
	1140	retu rn credent ialHandler ;
	1141	}
	1142
	1143	/* (non-Java doc)
	1144	* @see org. apache.cat alina.Life cycle#getS tateName()
	1145	*/
	1146	@O verride
	1147	pu blic Strin g getState Name()
	1148	{
	1149	retu rn null; / /getParent ContainerR ealm() == null ? nul l : getPar entContain erRealm(). getStateNa me();
	1150	}
	1151
	1152	/* (non-Java doc)
	1153	* @see org. apache.cat alina.Life cycle#getS tate()
	1154	*/
	1155	@O verride
	1156	pu blic Lifec ycleState getState()
	1157	{
	1158	retu rn null; / /getParent ContainerR ealm() == null ? nul l : getPar entContain erRealm(). getState() ;
	1159	}
	1160
	1161	/* (non-Java doc)
	1162	* @see org. apache.Lif ecycle.des troy()
	1163	*/
	1164	@O verride
	1165	pu blic void destroy()
	1166	{
	1167	}
	1168
	1169	/* (non-Java doc)
	1170	* @see org. apache.Lif ecycle.ini t()
	1171	*/
	1172	@O verride
	1173	pu blic void init()
	1174	{
	1175	}
	1176
	1177	}