KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > jboss > security > auth > spi > DatabaseServerLoginModule


1 /*
2  * JBoss, Home of Professional Open Source
3  *
4  * Distributable under LGPL license.
5  * See terms of license at gnu.org.
6  */
7 package org.jboss.security.auth.spi;
8
9 import java.security.acl.Group JavaDoc;
10 import java.util.Map JavaDoc;
11 import java.sql.Connection JavaDoc;
12 import java.sql.PreparedStatement JavaDoc;
13 import java.sql.ResultSet JavaDoc;
14 import java.sql.SQLException JavaDoc;
15 import javax.naming.InitialContext JavaDoc;
16 import javax.naming.NamingException JavaDoc;
17 import javax.sql.DataSource JavaDoc;
18 import javax.security.auth.Subject JavaDoc;
19 import javax.security.auth.callback.CallbackHandler JavaDoc;
20 import javax.security.auth.login.LoginException JavaDoc;
21 import javax.security.auth.login.FailedLoginException JavaDoc;
22
23 /**
24  * A JDBC based login module that supports authentication and role mapping.
25  * It is based on two logical tables:
26  * <ul>
27  * <li>Principals(PrincipalID text, Password text)
28  * <li>Roles(PrincipalID text, Role text, RoleGroup text)
29  * </ul>
30  * <p>
31  * LoginModule options:
32  * <ul>
33  * <li><em>dsJndiName</em>: The name of the DataSource of the database
34  * containing the Principals, Roles tables
35  * <li><em>principalsQuery</em>: The prepared statement query, equivalent to:
36  * <pre>
37  * "select Password from Principals where PrincipalID=?"
38  * </pre>
39  * <li><em>rolesQuery</em>: The prepared statement query, equivalent to:
40  * <pre>
41  * "select Role, RoleGroup from Roles where PrincipalID=?"
42  * </pre>
43  * </ul>
44  *
45  * @author <a HREF="mailto:on@ibis.odessa.ua">Oleg Nitz</a>
46  * @author Scott.Stark@jboss.org
47  * @version $Revision: 1.12.4.1 $
48  */
49 public class DatabaseServerLoginModule extends UsernamePasswordLoginModule
50 {
51    /** The JNDI name of the DataSource to use */
52    protected String JavaDoc dsJndiName;
53    /** The sql query to obtain the user password */
54    protected String JavaDoc principalsQuery = "select Password from Principals where PrincipalID=?";
55    /** The sql query to obtain the user roles */
56    protected String JavaDoc rolesQuery = "select Role, RoleGroup from Roles where PrincipalID=?";
57    
58    /**
59     * Initialize this LoginModule.
60     *
61     * @param options -
62     * dsJndiName: The name of the DataSource of the database containing the
63     * Principals, Roles tables
64     * principalsQuery: The prepared statement query, equivalent to:
65     * "select Password from Principals where PrincipalID=?"
66     * rolesQuery: The prepared statement query, equivalent to:
67     * "select Role, RoleGroup from Roles where PrincipalID=?"
68     */
69    public void initialize(Subject JavaDoc subject, CallbackHandler JavaDoc callbackHandler,
70       Map JavaDoc sharedState, Map JavaDoc options)
71    {
72       super.initialize(subject, callbackHandler, sharedState, options);
73       dsJndiName = (String JavaDoc) options.get("dsJndiName");
74       if( dsJndiName == null )
75          dsJndiName = "java:/DefaultDS";
76       Object JavaDoc tmp = options.get("principalsQuery");
77       if( tmp != null )
78          principalsQuery = tmp.toString();
79       tmp = options.get("rolesQuery");
80       if( tmp != null )
81          rolesQuery = tmp.toString();
82       log.trace("DatabaseServerLoginModule, dsJndiName="+dsJndiName);
83       log.trace("principalsQuery="+principalsQuery);
84       log.trace("rolesQuery="+rolesQuery);
85    }
86
87    /** Get the expected password for the current username available via
88     * the getUsername() method. This is called from within the login()
89     * method after the CallbackHandler has returned the username and
90     * candidate password.
91     * @return the valid password String
92     */
93    protected String JavaDoc getUsersPassword() throws LoginException JavaDoc
94    {
95       String JavaDoc username = getUsername();
96       String JavaDoc password = null;
97       Connection JavaDoc conn = null;
98       PreparedStatement JavaDoc ps = null;
99       ResultSet JavaDoc rs = null;
100       
101       try
102       {
103          InitialContext JavaDoc ctx = new InitialContext JavaDoc();
104          DataSource JavaDoc ds = (DataSource JavaDoc) ctx.lookup(dsJndiName);
105          conn = ds.getConnection();
106          // Get the password
107 ps = conn.prepareStatement(principalsQuery);
108          ps.setString(1, username);
109          rs = ps.executeQuery();
110          if( rs.next() == false )
111             throw new FailedLoginException JavaDoc("No matching username found in Principals");
112          
113          password = rs.getString(1);
114          password = convertRawPassword(password);
115       }
116       catch(NamingException JavaDoc ex)
117       {
118          throw new LoginException JavaDoc(ex.toString(true));
119       }
120       catch(SQLException JavaDoc ex)
121       {
122          log.error("Query failed", ex);
123          throw new LoginException JavaDoc(ex.toString());
124       }
125       finally
126       {
127          if (rs != null)
128          {
129             try
130             {
131                rs.close();
132             }
133             catch(SQLException JavaDoc e)
134             {}
135          }
136          if( ps != null )
137          {
138             try
139             {
140                ps.close();
141             }
142             catch(SQLException JavaDoc e)
143             {}
144          }
145          if( conn != null )
146          {
147             try
148             {
149                conn.close();
150             }
151             catch (SQLException JavaDoc ex)
152             {}
153          }
154       }
155       return password;
156    }
157
158    /** Execute the rolesQuery against the dsJndiName to obtain the roles for
159     the authenticated user.
160      
161     @return Group[] containing the sets of roles
162     */
163    protected Group JavaDoc[] getRoleSets() throws LoginException JavaDoc
164    {
165       String JavaDoc username = getUsername();
166       Group JavaDoc[] roleSets = Util.getRoleSets(username, dsJndiName, rolesQuery, this);
167       return roleSets;
168    }
169    
170    /** A hook to allow subclasses to convert a password from the database
171     into a plain text string or whatever form is used for matching against
172     the user input. It is called from within the getUsersPassword() method.
173     @param rawPassword - the password as obtained from the database
174     @return the argument rawPassword
175     */
176    protected String JavaDoc convertRawPassword(String JavaDoc rawPassword)
177    {
178       return rawPassword;
179    }
180 }
181
Popular Tags