DatabaseServerLoginModule (JBoss Security(JBossSX) API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jboss.security.auth.spi
Class DatabaseServerLoginModule

java.lang.Object
  org.jboss.security.auth.spi.AbstractServerLoginModule
      org.jboss.security.auth.spi.UsernamePasswordLoginModule
          org.jboss.security.auth.spi.DatabaseServerLoginModule

All Implemented Interfaces:: LoginModule

public class DatabaseServerLoginModule
extends UsernamePasswordLoginModule
extends UsernamePasswordLoginModule

A JDBC based login module that supports authentication and role mapping. It is based on two logical tables:

Principals(PrincipalID text, Password text)
Roles(PrincipalID text, Role text, RoleGroup text)

LoginModule options:

dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables

principalsQuery: The prepared statement query, equivalent to:

    "select Password from Principals where PrincipalID=?"

rolesQuery: The prepared statement query, equivalent to:

    "select Role, RoleGroup from Roles where PrincipalID=?"

Version:: $Revision: 1.12.4.4 $
Author:: Oleg Nitz, Scott.Stark@jboss.org

Field Summary
`protected String`	`dsJndiName` The JNDI name of the DataSource to use
`protected String`	`principalsQuery` The sql query to obtain the user password
`protected String`	`rolesQuery` The sql query to obtain the user roles
`protected boolean`	`suspendResume` Whether to suspend resume transactions during database operations

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
`callbackHandler, log, loginOk, options, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass`

Constructor Summary
`DatabaseServerLoginModule()`

Method Summary
`protected String`	`convertRawPassword(String rawPassword)` A hook to allow subclasses to convert a password from the database into a plain text string or whatever form is used for matching against the user input.
`protected Group[]`	`getRoleSets()` Execute the rolesQuery against the dsJndiName to obtain the roles for the authenticated user.
`protected String`	`getUsersPassword()` Get the expected password for the current username available via the getUsername() method.
`void`	`initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)` Initialize this LoginModule.

Methods inherited from class org.jboss.security.auth.spi.UsernamePasswordLoginModule
`createPasswordHash, getCredentials, getIdentity, getUnauthenticatedIdentity, getUsername, getUsernameAndPassword, getValidateError, login, setValidateError, validatePassword`

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule
`abort, commit, createGroup, createIdentity, getUseFirstPass, logout`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

dsJndiName

protected String dsJndiName

The JNDI name of the DataSource to use

principalsQuery

protected String principalsQuery

The sql query to obtain the user password

rolesQuery

protected String rolesQuery

The sql query to obtain the user roles

suspendResume

protected boolean suspendResume

Whether to suspend resume transactions during database operations

Constructor Detail

DatabaseServerLoginModule

public DatabaseServerLoginModule()

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map sharedState,
                       Map options)

Initialize this LoginModule.

Specified by:: initialize in interface LoginModule
Overrides:: initialize in class UsernamePasswordLoginModule

Parameters:: options - - dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables principalsQuery: The prepared statement query, equivalent to: "select Password from Principals where PrincipalID=?" rolesQuery: The prepared statement query, equivalent to: "select Role, RoleGroup from Roles where PrincipalID=?"; subject - the Subject to update after a successful login.; callbackHandler - the CallbackHandler that will be used to obtain the the user identity and credentials.; sharedState - a Map shared between all configured login module instances

getUsersPassword

protected String getUsersPassword()
                           throws LoginException

Get the expected password for the current username available via the getUsername() method. This is called from within the login() method after the CallbackHandler has returned the username and candidate password.

Specified by:: getUsersPassword in class UsernamePasswordLoginModule

Returns:: the valid password String
Throws:: LoginException

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException

Execute the rolesQuery against the dsJndiName to obtain the roles for the authenticated user.

Specified by:: getRoleSets in class AbstractServerLoginModule

Returns:: Group[] containing the sets of roles
Throws:: LoginException

convertRawPassword

protected String convertRawPassword(String rawPassword)

A hook to allow subclasses to convert a password from the database into a plain text string or whatever form is used for matching against the user input. It is called from within the getUsersPassword() method.

Parameters:: rawPassword - - the password as obtained from the database
Returns:: the argument rawPassword