org.jboss.security.auth.spi

Class DatabaseServerLoginModule

java.lang.Object

org.jboss.security.auth.spi.AbstractServerLoginModule

org.jboss.security.auth.spi.UsernamePasswordLoginModule

org.jboss.security.auth.spi.DatabaseServerLoginModule

All Implemented Interfaces:

LoginModule

public class DatabaseServerLoginModule
extends UsernamePasswordLoginModule

A JDBC based login module that supports authentication and role mapping. It is based on two logical tables:

• Principals(PrincipalID text, Password text)
• Roles(PrincipalID text, Role text, RoleGroup text)

LoginModule options:

• dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables
• principalsQuery: The prepared statement query, equivalent to:

      "select Password from Principals where PrincipalID=?"
   

• rolesQuery: The prepared statement query, equivalent to:

      "select Role, RoleGroup from Roles where PrincipalID=?"
   

Version:

$Revision$

Author:

Oleg Nitz, Scott.Stark@jboss.org

Field Summary

Fields

Modifier and Type	Field and Description
protected String	dsJndiName The JNDI name of the DataSource to use
protected String	principalsQuery The sql query to obtain the user password
protected String	rolesQuery The sql query to obtain the user roles
protected boolean	suspendResume Whether to suspend resume transactions during database operations
protected TransactionManager	tm The TransactionManagaer instance to be used
protected String	txManagerJndiName The JNDI name of the transaction manager

Fields inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

callbackHandler, jbossModuleName, log, loginOk, options, principalClassModuleName, principalClassName, sharedState, subject, unauthenticatedIdentity, useFirstPass

Constructor Summary

Constructors

Constructor and Description
DatabaseServerLoginModule()

Method Summary

Modifier and Type	Method and Description
protected String	convertRawPassword(String rawPassword) A hook to allow subclasses to convert a password from the database into a plain text string or whatever form is used for matching against the user input.
protected Group[]	getRoleSets() Execute the rolesQuery against the dsJndiName to obtain the roles for the authenticated user.
protected TransactionManager	getTransactionManager()
protected String	getUsersPassword() Get the expected password for the current username available via the getUsername() method.
void	initialize(Subject subject, CallbackHandler callbackHandler, Map<String,?> sharedState, Map<String,?> options) Initialize this LoginModule.

Methods inherited from class org.jboss.security.auth.spi.UsernamePasswordLoginModule

createPasswordHash, getCredentials, getIdentity, getUnauthenticatedIdentity, getUsername, getUsernameAndPassword, getValidateError, login, safeClose, setValidateError, validatePassword

Methods inherited from class org.jboss.security.auth.spi.AbstractServerLoginModule

abort, addValidOptions, checkOptions, commit, createGroup, createIdentity, getCallerPrincipalGroup, getUseFirstPass, logout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

dsJndiName

protected String dsJndiName

The JNDI name of the DataSource to use

principalsQuery

protected String principalsQuery

The sql query to obtain the user password

rolesQuery

protected String rolesQuery

The sql query to obtain the user roles

suspendResume

protected boolean suspendResume

Whether to suspend resume transactions during database operations

txManagerJndiName

protected String txManagerJndiName

The JNDI name of the transaction manager

tm

protected TransactionManager tm

The TransactionManagaer instance to be used

Constructor Detail

DatabaseServerLoginModule

public DatabaseServerLoginModule()

Method Detail

initialize

public void initialize(Subject subject,
                       CallbackHandler callbackHandler,
                       Map<String,?> sharedState,
                       Map<String,?> options)

Initialize this LoginModule.

Specified by:

initialize in interface LoginModule

Overrides:

initialize in class UsernamePasswordLoginModule

Parameters:

options - - dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables principalsQuery: The prepared statement query, equivalent to: "select Password from Principals where PrincipalID=?" rolesQuery: The prepared statement query, equivalent to: "select Role, RoleGroup from Roles where PrincipalID=?"

subject - the Subject to update after a successful login.

callbackHandler - the CallbackHandler that will be used to obtain the the user identity and credentials.

sharedState - a Map shared between all configured login module instances

getUsersPassword

protected String getUsersPassword()
                           throws LoginException

Get the expected password for the current username available via the getUsername() method. This is called from within the login() method after the CallbackHandler has returned the username and candidate password.

Specified by:

getUsersPassword in class UsernamePasswordLoginModule

Returns:

the valid password String

Throws:

LoginException

getRoleSets

protected Group[] getRoleSets()
                       throws LoginException

Execute the rolesQuery against the dsJndiName to obtain the roles for the authenticated user.

Specified by:

getRoleSets in class AbstractServerLoginModule

Returns:

Group[] containing the sets of roles

Throws:

LoginException

convertRawPassword

protected String convertRawPassword(String rawPassword)

A hook to allow subclasses to convert a password from the database into a plain text string or whatever form is used for matching against the user input. It is called from within the getUsersPassword() method.

Parameters:

rawPassword - - the password as obtained from the database

Returns:

the argument rawPassword

getTransactionManager

protected TransactionManager getTransactionManager()
                                            throws NamingException

Throws:

NamingException