Class DatabaseServerLoginModule

  • All Implemented Interfaces:
    LoginModule

    public class DatabaseServerLoginModule
    extends UsernamePasswordLoginModule
    A JDBC based login module that supports authentication and role mapping. It is based on two logical tables:
    • Principals(PrincipalID text, Password text)
    • Roles(PrincipalID text, Role text, RoleGroup text)

    LoginModule options:

    • dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables
    • principalsQuery: The prepared statement query, equivalent to:
          "select Password from Principals where PrincipalID=?"
       
    • rolesQuery: The prepared statement query, equivalent to:
          "select Role, RoleGroup from Roles where PrincipalID=?"
       
    Version:
    $Revision$
    Author:
    Oleg Nitz, Scott.Stark@jboss.org
    • Field Detail

      • dsJndiName

        protected String dsJndiName
        The JNDI name of the DataSource to use
      • principalsQuery

        protected String principalsQuery
        The sql query to obtain the user password
      • rolesQuery

        protected String rolesQuery
        The sql query to obtain the user roles
      • suspendResume

        protected boolean suspendResume
        Whether to suspend resume transactions during database operations
      • txManagerJndiName

        protected String txManagerJndiName
        The JNDI name of the transaction manager
    • Constructor Detail

      • DatabaseServerLoginModule

        public DatabaseServerLoginModule()
    • Method Detail

      • initialize

        public void initialize​(Subject subject,
                               CallbackHandler callbackHandler,
                               Map<String,​?> sharedState,
                               Map<String,​?> options)
        Initialize this LoginModule.
        Specified by:
        initialize in interface LoginModule
        Overrides:
        initialize in class UsernamePasswordLoginModule
        Parameters:
        options - - dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables principalsQuery: The prepared statement query, equivalent to: "select Password from Principals where PrincipalID=?" rolesQuery: The prepared statement query, equivalent to: "select Role, RoleGroup from Roles where PrincipalID=?"
        subject - the Subject to update after a successful login.
        callbackHandler - the CallbackHandler that will be used to obtain the the user identity and credentials.
        sharedState - a Map shared between all configured login module instances
      • getUsersPassword

        protected String getUsersPassword()
                                   throws LoginException
        Get the expected password for the current username available via the getUsername() method. This is called from within the login() method after the CallbackHandler has returned the username and candidate password.
        Specified by:
        getUsersPassword in class UsernamePasswordLoginModule
        Returns:
        the valid password String
        Throws:
        LoginException
      • convertRawPassword

        protected String convertRawPassword​(String rawPassword)
        A hook to allow subclasses to convert a password from the database into a plain text string or whatever form is used for matching against the user input. It is called from within the getUsersPassword() method.
        Parameters:
        rawPassword - - the password as obtained from the database
        Returns:
        the argument rawPassword