org.apache.openejb.core.security.jaas: public class: SQLLoginModule

org.apache.openejb.core.security.jaas
public class: SQLLoginModule [javadoc | source]

java.lang.Object
   org.apache.openejb.core.security.jaas.SQLLoginModule

All Implemented Interfaces:
LoginModule

A login module that loads security information from a SQL database. Expects to be run by a GenericSecurityRealm (doesn't work on its own).

This requires database connectivity information (either 1: a dataSourceName and optional dataSourceApplication or 2: a JDBC driver, URL, username, and password) and 2 SQL queries.

The userSelect query should return 2 values, the username and the password in that order. It should include one PreparedStatement parameter (a ?) which will be filled in with the username. In other words, the query should look like: SELECT user, password FROM credentials WHERE username=?

The groupSelect query should return 2 values, the username and the group name in that order (but it may return multiple rows, one per group). It should include one PreparedStatement parameter (a ?) which will be filled in with the username. In other words, the query should look like: SELECT user, role FROM user_roles WHERE username=?

This login module checks security credentials so the lifecycle methods must return true to indicate success or throw LoginException to indicate failure.

version: $ - Rev: 710022 $ $Date: 2008-11-03 00:40:14 -0800 (Mon, 03 Nov 2008) $

Method from org.apache.openejb.core.security.jaas.SQLLoginModule Summary:
abort, commit, initialize, login, logout

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from org.apache.openejb.core.security.jaas.SQLLoginModule Detail:
public boolean abort() throws LoginException { if (loginSucceeded) { // Clear out the private state cbUsername = null; cbPassword = null; groups.clear(); allPrincipals.clear(); } return loginSucceeded; }
public boolean commit() throws LoginException { if (loginSucceeded) { if (cbUsername != null) { allPrincipals.add(new UserPrincipal(cbUsername)); } for (String group : groups) { allPrincipals.add(new GroupPrincipal(group)); } subject.getPrincipals().addAll(allPrincipals); } // Clear out the private state cbUsername = null; cbPassword = null; groups.clear(); return loginSucceeded; }
public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { this.subject = subject; this.handler = callbackHandler; for (Object key : options.keySet()) { Option option = Option.findByName((String) key); if (option != null) { String value = (String) options.get(key); optionsMap.put(option, value.trim()); } else { log.warning("Ignoring option: {0}. Not supported.", key); } } userSelect = optionsMap.get(Option.USER_SELECT); groupSelect = optionsMap.get(Option.GROUP_SELECT); digest = optionsMap.get(Option.DIGEST); encoding = optionsMap.get(Option.ENCODING); if (!StringUtilities.checkNullBlankString(digest)) { // Check if the digest algorithm is available try { MessageDigest.getInstance(digest); } catch (NoSuchAlgorithmException e) { initError(e, "Digest algorithm %s is not available.", digest); } if (encoding != null && !"hex".equalsIgnoreCase(encoding) && !"base64".equalsIgnoreCase(encoding)) { initError(null, "Digest Encoding %s is not supported.", encoding); } } if (optionsMap.containsKey(Option.DATABASE_POOL_NAME)) { String dataSourceName = optionsMap.get(Option.DATABASE_POOL_NAME); ContainerSystem containerSystem = SystemInstance.get().getComponent(ContainerSystem.class); try { dataSource = (DataSource) containerSystem.getJNDIContext().lookup("openejb/Resource/" + dataSourceName); } catch (NamingException e) { initError(e, "Data source %s not found.", dataSourceName); } } else if (optionsMap.containsKey(Option.CONNECTION_URL)) { connectionURL = optionsMap.get(Option.CONNECTION_URL); String user = optionsMap.get(Option.USER); String password = optionsMap.get(Option.PASSWORD); String driverName = optionsMap.get(Option.DRIVER); properties = new Properties(); if (user != null) { properties.put("user", user); } if (password != null) { properties.put("password", password); } if (driverName != null) { ClassLoader cl = getClass().getClassLoader(); try { driver = (Driver) cl.loadClass(driverName).newInstance(); } catch (ClassNotFoundException e) { initError(e, "Driver class %s is not available. Perhaps you need to add it as a dependency in your deployment plan?", driverName); } catch (Exception e) { initError(e, "Unable to load, instantiate, register driver %s: %s", driverName, e.getMessage()); } } } else { initError(null, "Neither %s nor %s was specified", Option.DATABASE_POOL_NAME.name, Option.CONNECTION_URL.name); } }
public boolean login() throws LoginException { loginSucceeded = false; Callback[] callbacks = new Callback[2]; callbacks[0] = new NameCallback("User name"); callbacks[1] = new PasswordCallback("Password", false); try { handler.handle(callbacks); } catch (IOException ioe) { throw (LoginException) new LoginException().initCause(ioe); } catch (UnsupportedCallbackException uce) { throw (LoginException) new LoginException().initCause(uce); } assert callbacks.length == 2; cbUsername = ((NameCallback) callbacks[0]).getName(); if (StringUtilities.checkNullBlankString(cbUsername)) { throw new FailedLoginException(); } char[] provided = ((PasswordCallback) callbacks[1]).getPassword(); cbPassword = provided == null ? null : new String(provided); try { Connection conn; if (dataSource != null) { conn = dataSource.getConnection(); } else if (driver != null) { conn = driver.connect(connectionURL, properties); } else { conn = DriverManager.getConnection(connectionURL, properties); } try { PreparedStatement statement = conn.prepareStatement(userSelect); try { int count = statement.getParameterMetaData().getParameterCount(); for (int i = 0; i < count; i++) { statement.setObject(i + 1, cbUsername); } ResultSet result = statement.executeQuery(); try { boolean found = false; while (result.next()) { String userName = result.getString(1); String userPassword = result.getString(2); if (cbUsername.equals(userName)) { found = true; if (!checkPassword(userPassword, cbPassword)) { throw new FailedLoginException(); } break; } } if (!found) { // User does not exist throw new FailedLoginException(); } } finally { result.close(); } } finally { statement.close(); } statement = conn.prepareStatement(groupSelect); try { int count = statement.getParameterMetaData().getParameterCount(); for (int i = 0; i < count; i++) { statement.setObject(i + 1, cbUsername); } ResultSet result = statement.executeQuery(); try { while (result.next()) { String userName = result.getString(1); String groupName = result.getString(2); if (cbUsername.equals(userName)) { groups.add(groupName); } } } finally { result.close(); } } finally { statement.close(); } } finally { conn.close(); } } catch (LoginException e) { // Clear out the private state cbUsername = null; cbPassword = null; groups.clear(); throw e; } catch (SQLException sqle) { // Clear out the private state cbUsername = null; cbPassword = null; groups.clear(); throw (LoginException) new LoginException("SQL error").initCause(sqle); } catch (Exception e) { // Clear out the private state cbUsername = null; cbPassword = null; groups.clear(); throw (LoginException) new LoginException("Could not access datasource").initCause(e); } loginSucceeded = true; return true; } This LoginModule is not to be ignored. So, this method should never return false.
public boolean logout() throws LoginException { // Clear out the private state loginSucceeded = false; cbUsername = null; cbPassword = null; groups.clear(); if (!subject.isReadOnly()) { // Remove principals added by this LoginModule subject.getPrincipals().removeAll(allPrincipals); } allPrincipals.clear(); return true; }