Class JDBCLoginModule

  extended bySK.gnome.dwarf.auth.login.GenericLoginModule
      extended bySK.gnome.dwarf.auth.login.JDBCLoginModule
All Implemented Interfaces:

public class JDBCLoginModule
extends GenericLoginModule

This login module reads user data from a SQL database.

The JDBC-related parameters may be specified via the following option keys:

 option         type       default          description
 driver         required   -                JDBC driver class
 url            required   -                JDBC connection URL
 username       optional   -                JDBC connection username
 password       optional   -                JDBC connection password

At least three tables must be available for the login module - one with the user data, the second with the user roles and the third which maps the users to their roles.

The following sample SQL commands can be used to create the required database structure:

 CREATE Users (
   password VARCHAR(128) NOT NULL,
   fullname VARCHAR(128),
   accexpire DATETIME,
   pwdexpire DATETIME

 CREATE Roles (
   description VARCHAR(255)

 CREATE RoleMap (
   user VARCHAR(128) NOT NULL,
   role VARCHAR(20) NOT NULL
The Users table contains information about the users, and the Roles table contains information about the user roles. The RoleMap table specifies relationship between users and their roles.

The following additional option keys may be used to change the default SQL table and column names:

 option         type       default          description
 users          optional   Users            user table
 roles          optional   RoleMap          role table
 nameCol        optional   name             user name column
 paswordCol     optional   password         password column
 fullNameCol    optional   fullname         full user name column
 accExpireCol   optional   accexpire        account expiration column
 pwdExpireCol   optional   pwdexpire        password expiration column
 roleUserCol    optional   user             user column in the role tabe
 roleNameCol    optional   role             role column in the role table

This module checks the account and password expiration times, if the corresponding column values are not NULL. The AccountExpiredException or CredentialExpiredException is thrown if the account or password is expired in the time when the user tries to login.

This module also supports the identification feature as described in the GenericLoginModule, but it does not support the case-insensitive logins.

Field Summary
Fields inherited from class SK.gnome.dwarf.auth.login.GenericLoginModule
Constructor Summary
Method Summary
 void initialize( subject, cbHandler, java.util.Map sharedState, java.util.Map options)
          Initializes this login module.
protected[] validate(java.lang.String username, char[] password)
          Validates the given user.
Methods inherited from class SK.gnome.dwarf.auth.login.GenericLoginModule
abort, commit, debug, getBooleanOption, getIntOption, getStringOption, checkPassword, isDebugOn, isIdentOn, isIgnoreCaseOn, login, logout
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail


public JDBCLoginModule()
Method Detail


public void initialize( subject,
                       java.util.Map sharedState,
                       java.util.Map options)
Description copied from class: GenericLoginModule
Initializes this login module.

Specified by:
initialize in interface
initialize in class GenericLoginModule
subject - the subject to be authenticated
cbHandler - the callbackHandler for getting the username and password
sharedState - shared login module state
options - options specified in the login configuration for this particular login module


protected[] validate(java.lang.String username,
                                             char[] password)
Description copied from class: GenericLoginModule
Validates the given user.

This method must validate a user according to the given username and password, and should return an array of principal objects representing the various user's identities. If no principals are found, an empty array must be returned. If the user could not be validated, a LoginException is thrown to indicate the failed login. Exception is then propagated to the calling LoginContext object.

It is recommended for the implementations to use the GenericLoginModule.checkPassword(String, char[]) method to validate the password using the current PasswordEncoder instance.

This method may be implemented in a way that if the password argument is null, it will bypass the password check and will test the user existence only. However, the subject procesed by this type of authentication must not be used to represent an authenticated user. The implementations must consult the ident option key prior to enabling this feature.

The ignorecase option key may be consulted by the implementing modules, too, for enabling the case-insensitive logins.

Specified by:
validate in class GenericLoginModule
username - the name of the user
password - the user password
the array of principals representing the various user identities

Copyright (c) 1999-2005, Gnome Ltd. All rights reserved.