Package org.jboss.security.auth.spi
Class DatabaseServerLoginModule
- java.lang.Object
-
- org.jboss.security.auth.spi.AbstractServerLoginModule
-
- org.jboss.security.auth.spi.UsernamePasswordLoginModule
-
- org.jboss.security.auth.spi.DatabaseServerLoginModule
-
- All Implemented Interfaces:
LoginModule
public class DatabaseServerLoginModule extends UsernamePasswordLoginModule
A JDBC based login module that supports authentication and role mapping. It is based on two logical tables:- Principals(PrincipalID text, Password text)
- Roles(PrincipalID text, Role text, RoleGroup text)
LoginModule options:
- dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables
- principalsQuery: The prepared statement query, equivalent to:
"select Password from Principals where PrincipalID=?"
- rolesQuery: The prepared statement query, equivalent to:
"select Role, RoleGroup from Roles where PrincipalID=?"
- Version:
- $Revision$
- Author:
- Oleg Nitz, Scott.Stark@jboss.org
-
-
Field Summary
Fields Modifier and Type Field Description protected String
dsJndiName
The JNDI name of the DataSource to useprotected String
principalsQuery
The sql query to obtain the user passwordprotected String
rolesQuery
The sql query to obtain the user rolesprotected boolean
suspendResume
Whether to suspend resume transactions during database operationsprotected TransactionManager
tm
The TransactionManagaer instance to be usedprotected String
txManagerJndiName
The JNDI name of the transaction manager-
Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass
-
-
Constructor Summary
Constructors Constructor Description DatabaseServerLoginModule()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected String
convertRawPassword(String rawPassword)
A hook to allow subclasses to convert a password from the database into a plain text string or whatever form is used for matching against the user input.protected Group[]
getRoleSets()
Execute the rolesQuery against the dsJndiName to obtain the roles for the authenticated user.protected TransactionManager
getTransactionManager()
protected String
getUsersPassword()
Get the expected password for the current username available via the getUsername() method.void
initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
Initialize this LoginModule.-
Methods inherited from class org.jboss.security.auth.spi.UsernamePasswordLoginModule
createPasswordHash, getCredentials, getIdentity, getUnauthenticatedIdentity, getUsername, getUsernameAndPassword, getValidateError, login, safeClose, setValidateError, validatePassword
-
Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
abort, addValidOptions, checkOptions, commit, createGroup, createIdentity, getCallerPrincipalGroup, getUseFirstPass, logout
-
-
-
-
Field Detail
-
dsJndiName
protected String dsJndiName
The JNDI name of the DataSource to use
-
principalsQuery
protected String principalsQuery
The sql query to obtain the user password
-
rolesQuery
protected String rolesQuery
The sql query to obtain the user roles
-
suspendResume
protected boolean suspendResume
Whether to suspend resume transactions during database operations
-
txManagerJndiName
protected String txManagerJndiName
The JNDI name of the transaction manager
-
tm
protected TransactionManager tm
The TransactionManagaer instance to be used
-
-
Method Detail
-
initialize
public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options)
Initialize this LoginModule.- Specified by:
initialize
in interfaceLoginModule
- Overrides:
initialize
in classUsernamePasswordLoginModule
- Parameters:
options
- - dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables principalsQuery: The prepared statement query, equivalent to: "select Password from Principals where PrincipalID=?" rolesQuery: The prepared statement query, equivalent to: "select Role, RoleGroup from Roles where PrincipalID=?"subject
- the Subject to update after a successful login.callbackHandler
- the CallbackHandler that will be used to obtain the the user identity and credentials.sharedState
- a Map shared between all configured login module instances
-
getUsersPassword
protected String getUsersPassword() throws LoginException
Get the expected password for the current username available via the getUsername() method. This is called from within the login() method after the CallbackHandler has returned the username and candidate password.- Specified by:
getUsersPassword
in classUsernamePasswordLoginModule
- Returns:
- the valid password String
- Throws:
LoginException
-
getRoleSets
protected Group[] getRoleSets() throws LoginException
Execute the rolesQuery against the dsJndiName to obtain the roles for the authenticated user.- Specified by:
getRoleSets
in classAbstractServerLoginModule
- Returns:
- Group[] containing the sets of roles
- Throws:
LoginException
-
convertRawPassword
protected String convertRawPassword(String rawPassword)
A hook to allow subclasses to convert a password from the database into a plain text string or whatever form is used for matching against the user input. It is called from within the getUsersPassword() method.- Parameters:
rawPassword
- - the password as obtained from the database- Returns:
- the argument rawPassword
-
getTransactionManager
protected TransactionManager getTransactionManager() throws NamingException
- Throws:
NamingException
-
-