|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object SK.gnome.dwarf.auth.login.GenericLoginModule SK.gnome.dwarf.auth.login.JDBCLoginModule
This login module reads user data from a SQL database.
The JDBC-related parameters may be specified via the following option keys:
option type default description ----------------------------------------------------------------------------------------- driver required - JDBC driver class url required - JDBC connection URL username optional - JDBC connection username password optional - JDBC connection password
At least three tables must be available for the login module - one with the user data, the second with the user roles and the third which maps the users to their roles.
The following sample SQL commands can be used to create the required database structure:
CREATE Users ( name VARCHAR(128) PRIMARY KEY, password VARCHAR(128) NOT NULL, fullname VARCHAR(128), accexpire DATETIME, pwdexpire DATETIME ); CREATE Roles ( name VARCHAR(20) PRIMARY KEY, description VARCHAR(255) ); CREATE RoleMap ( user VARCHAR(128) NOT NULL, role VARCHAR(20) NOT NULL );The Users table contains information about the users, and the Roles table contains information about the user roles. The RoleMap table specifies relationship between users and their roles.
The following additional option keys may be used to change the default SQL table and column names:
option type default description ----------------------------------------------------------------------------------------- users optional Users user table roles optional RoleMap role table nameCol optional name user name column paswordCol optional password password column fullNameCol optional fullname full user name column accExpireCol optional accexpire account expiration column pwdExpireCol optional pwdexpire password expiration column roleUserCol optional user user column in the role tabe roleNameCol optional role role column in the role table
This module checks the account and password expiration times, if the corresponding column values are not NULL. The AccountExpiredException or CredentialExpiredException is thrown if the account or password is expired in the time when the user tries to login.
This module also supports the identification feature as described in the
GenericLoginModule
, but it does not support the case-insensitive logins.
Field Summary |
Fields inherited from class SK.gnome.dwarf.auth.login.GenericLoginModule |
encoder |
Constructor Summary | |
JDBCLoginModule()
|
Method Summary | |
void |
initialize(javax.security.auth.Subject subject,
javax.security.auth.callback.CallbackHandler cbHandler,
java.util.Map sharedState,
java.util.Map options)
Initializes this login module. |
protected java.security.Principal[] |
validate(java.lang.String username,
char[] password)
Validates the given user. |
Methods inherited from class SK.gnome.dwarf.auth.login.GenericLoginModule |
abort, commit, debug, getBooleanOption, getIntOption, getStringOption, checkPassword, isDebugOn, isIdentOn, isIgnoreCaseOn, login, logout |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
public JDBCLoginModule()
Method Detail |
public void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler cbHandler, java.util.Map sharedState, java.util.Map options)
GenericLoginModule
initialize
in interface javax.security.auth.spi.LoginModule
initialize
in class GenericLoginModule
subject
- the subject to be authenticatedcbHandler
- the callbackHandler for getting the username and passwordsharedState
- shared login module stateoptions
- options specified in the login configuration for this particular
login moduleprotected java.security.Principal[] validate(java.lang.String username, char[] password) throws javax.security.auth.login.LoginException
GenericLoginModule
This method must validate a user according to the given username and password, and should return an array of principal objects representing the various user's identities. If no principals are found, an empty array must be returned. If the user could not be validated, a LoginException is thrown to indicate the failed login. Exception is then propagated to the calling LoginContext object.
It is recommended for the implementations to use the GenericLoginModule.checkPassword(String, char[])
method to validate the password using the current PasswordEncoder
instance.
This method may be implemented in a way that if the password argument is null, it will bypass the password check and will test the user existence only. However, the subject procesed by this type of authentication must not be used to represent an authenticated user. The implementations must consult the ident option key prior to enabling this feature.
The ignorecase option key may be consulted by the implementing modules, too, for enabling the case-insensitive logins.
validate
in class GenericLoginModule
username
- the name of the userpassword
- the user password
javax.security.auth.login.LoginException
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |