DatabaseServerLoginModule

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS (src) NEXT CLASS (src)

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jboss.security.auth.spi
Class DatabaseServerLoginModule

java.lang.Object
  org.jboss.security.auth.spi.AbstractServerLoginModule (src) 
      org.jboss.security.auth.spi.UsernamePasswordLoginModule (src) 
          org.jboss.security.auth.spi.DatabaseServerLoginModule

All Implemented Interfaces:: javax.security.auth.spi.LoginModule

public class DatabaseServerLoginModule
extends UsernamePasswordLoginModule (src)

A JDBC based login module that supports authentication and role mapping. It is based on two logical tables:

Principals(PrincipalID text, Password text)
Roles(PrincipalID text, Role text, RoleGroup text)

LoginModule options:

dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables

principalsQuery: The prepared statement query, equivalent to:

    "select Password from Principals where PrincipalID=?"

rolesQuery: The prepared statement query, equivalent to:

    "select Role, RoleGroup from Roles where PrincipalID=?"

Field Summary
`protected java.lang.String`	`dsJndiName` The JNDI name of the DataSource to use
`protected java.lang.String`	`principalsQuery` The sql query to obtain the user password
`protected java.lang.String`	`rolesQuery` The sql query to obtain the user roles

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule (src)

callbackHandler, log, loginOk, options, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass

Constructor Summary
`DatabaseServerLoginModule()`

Method Summary
`protected java.lang.String`	`convertRawPassword(java.lang.String rawPassword)` A hook to allow subclasses to convert a password from the database into a plain text string or whatever form is used for matching against the user input.
`protected java.security.acl.Group[]`	`getRoleSets()` Execute the rolesQuery against the dsJndiName to obtain the roles for the authenticated user.
`protected java.lang.String`	`getUsersPassword()` Get the expected password for the current username available via the getUsername() method.
`void`	`initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)` Initialize this LoginModule.

Methods inherited from class org.jboss.security.auth.spi.UsernamePasswordLoginModule (src)

createPasswordHash, getCredentials, getIdentity, getUnauthenticatedIdentity, getUsername, getUsernameAndPassword, login, validatePassword

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule (src)

abort, commit, createGroup, createIdentity, getUseFirstPass, logout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

dsJndiName

protected java.lang.String dsJndiName

The JNDI name of the DataSource to use

principalsQuery

protected java.lang.String principalsQuery

The sql query to obtain the user password

rolesQuery

protected java.lang.String rolesQuery

The sql query to obtain the user roles

Constructor Detail

DatabaseServerLoginModule

public DatabaseServerLoginModule()

Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map sharedState,
                       java.util.Map options)

Initialize this LoginModule.

Specified by:: initialize in interface javax.security.auth.spi.LoginModule
Overrides:: initialize in class UsernamePasswordLoginModule (src)

Parameters:: options - - dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables principalsQuery: The prepared statement query, equivalent to: "select Password from Principals where PrincipalID=?" rolesQuery: The prepared statement query, equivalent to: "select Role, RoleGroup from Roles where PrincipalID=?"

getUsersPassword

protected java.lang.String getUsersPassword()
                                     throws javax.security.auth.login.LoginException

Get the expected password for the current username available via the getUsername() method. This is called from within the login() method after the CallbackHandler has returned the username and candidate password.

Specified by:: getUsersPassword in class UsernamePasswordLoginModule (src)

Returns:: the valid password String
Throws:: javax.security.auth.login.LoginException

getRoleSets

protected java.security.acl.Group[] getRoleSets()
                                         throws javax.security.auth.login.LoginException

Execute the rolesQuery against the dsJndiName to obtain the roles for the authenticated user.

Specified by:: getRoleSets in class AbstractServerLoginModule (src)

Returns:: Group[] containing the sets of roles
Throws:: javax.security.auth.login.LoginException

convertRawPassword

protected java.lang.String convertRawPassword(java.lang.String rawPassword)

A hook to allow subclasses to convert a password from the database into a plain text string or whatever form is used for matching against the user input. It is called from within the getUsersPassword() method.