File Doc Category Size Date Package
DataSourceRealm.java API Doc Apache Tomcat 6.0.14 19346 Fri Jul 20 04:20:36 BST 2007 org.apache.catalina.realm

DataSourceRealm

java.lang.Object
- RealmBase

public class DataSourceRealm extends RealmBase

Implmentation of Realm that works with any JDBC JNDI DataSource. See the JDBCRealm.howto for more details on how to set up the database and for configuration options.

author: Glenn L. Nielsen
author: Craig R. McClanahan
author: Carson McDonald
author: Ignacio Ortega
version: $Revision: 543691 $

Fields Summary
private String
preparedRoles
The generated string for the roles PreparedStatement
private String
preparedCredentials
The generated string for the credentials PreparedStatement
protected String
dataSourceName
The name of the JNDI JDBC DataSource
protected static final String
info
Descriptive information about this Realm implementation.
protected boolean
localDataSource
Context local datasource.
protected static final String
name
Descriptive information about this Realm implementation.
protected String
roleNameCol
The column in the user role table that names a role
protected static final org.apache.catalina.util.StringManager
sm
The string manager for this package.
protected String
userCredCol
The column in the user table that holds the user's credintials
protected String
userNameCol
The column in the user table that holds the user's name
protected String
userRoleTable
The table that holds the relation between user's and roles
protected String
userTable
The table that holds user data.
Constructors Summary
Methods Summary
public java.security.Principal authenticate(java.lang.String username, java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null. If there are any errors with the JDBC connection, executing the query or anything we return null (don't authenticate). This event is also logged, and the connection will be closed so that a subsequent request will automatically re-open it.
param
username Username of the Principal to look up
param
credentials Password or other credentials to use in authenticating this username
// No user - can't possibly authenticate, don't bother the database then if (username == null) { return null; } Connection dbConnection = null; try { // Ensure that we have an open database connection dbConnection = open(); if (dbConnection == null) { // If the db connection open fails, return "not authenticated" return null; } // Acquire a Principal object for this user return authenticate(dbConnection, username, credentials); } catch (SQLException e) { // Log the problem for posterity containerLog.error(sm.getString("dataSourceRealm.exception"), e); // Return "not authenticated" for this request return (null); } finally { close(dbConnection); }
protected java.security.Principal authenticate(java.sql.Connection dbConnection, java.lang.String username, java.lang.String credentials)
Return the Principal associated with the specified username and credentials, if there is one; otherwise return null.
param
dbConnection The database connection to be used
param
username Username of the Principal to look up
param
credentials Password or other credentials to use in authenticating this username
String dbCredentials = getPassword(dbConnection, username); // Validate the user's credentials boolean validated = false; if (hasMessageDigest()) { // Hex hashes should be compared case-insensitive validated = (digest(credentials).equalsIgnoreCase(dbCredentials)); } else validated = (digest(credentials).equals(dbCredentials)); if (validated) { if (containerLog.isTraceEnabled()) containerLog.trace( sm.getString("dataSourceRealm.authenticateSuccess", username)); } else { if (containerLog.isTraceEnabled()) containerLog.trace( sm.getString("dataSourceRealm.authenticateFailure", username)); return (null); } ArrayList<String> list = getRoles(dbConnection, username); // Create and return a suitable Principal for this user return (new GenericPrincipal(this, username, credentials, list));
protected void close(java.sql.Connection dbConnection)
Close the specified database connection.
param
dbConnection The connection to be closed
// Do nothing if the database connection is already closed if (dbConnection == null) return; // Commit if not auto committed try { if (!dbConnection.getAutoCommit()) { dbConnection.commit(); } } catch (SQLException e) { containerLog.error("Exception committing connection before closing:", e); } // Close this database connection, and log any errors try { dbConnection.close(); } catch (SQLException e) { containerLog.error(sm.getString("dataSourceRealm.close"), e); // Just log it here }
private java.sql.PreparedStatement credentials(java.sql.Connection dbConnection, java.lang.String username)
Return a PreparedStatement configured to perform the SELECT required to retrieve user credentials for the specified username.
param
dbConnection The database connection to be used
param
username Username for which credentials should be retrieved
exception
SQLException if a database error occurs
PreparedStatement credentials = dbConnection.prepareStatement(preparedCredentials); credentials.setString(1, username); return (credentials);
public java.lang.String getDataSourceName()
Return the name of the JNDI JDBC DataSource.
// ------------------------------------------------------------- Properties return dataSourceName;
public boolean getLocalDataSource()
Return if the datasource will be looked up in the webapp JNDI Context.
return localDataSource;
protected java.lang.String getName()
Return a short name for this Realm implementation.
return (name);
protected java.lang.String getPassword(java.lang.String username)
Return the password associated with the given principal's user name.
Connection dbConnection = null; // Ensure that we have an open database connection dbConnection = open(); if (dbConnection == null) { return null; } try { return getPassword(dbConnection, username); } finally { close(dbConnection); }
protected java.lang.String getPassword(java.sql.Connection dbConnection, java.lang.String username)
Return the password associated with the given principal's user name.
param
dbConnection The database connection to be used
param
username Username for which password should be retrieved
ResultSet rs = null; PreparedStatement stmt = null; String dbCredentials = null; try { stmt = credentials(dbConnection, username); rs = stmt.executeQuery(); if (rs.next()) { dbCredentials = rs.getString(1); } return (dbCredentials != null) ? dbCredentials.trim() : null; } catch(SQLException e) { containerLog.error( sm.getString("dataSourceRealm.getPassword.exception", username)); } finally { try { if (rs != null) { rs.close(); } if (stmt != null) { stmt.close(); } } catch (SQLException e) { containerLog.error( sm.getString("dataSourceRealm.getPassword.exception", username)); } } return null;
protected java.security.Principal getPrincipal(java.lang.String username)
Return the Principal associated with the given user name.
Connection dbConnection = open(); if (dbConnection == null) { return new GenericPrincipal(this,username, null, null); } try { return (new GenericPrincipal(this, username, getPassword(dbConnection, username), getRoles(dbConnection, username))); } finally { close(dbConnection); }
public java.lang.String getRoleNameCol()
Return the column in the user role table that names a role.
return roleNameCol;
protected java.util.ArrayList getRoles(java.lang.String username)
Return the roles associated with the given user name.
param
username Username for which roles should be retrieved
Connection dbConnection = null; // Ensure that we have an open database connection dbConnection = open(); if (dbConnection == null) { return null; } try { return getRoles(dbConnection, username); } finally { close(dbConnection); }
protected java.util.ArrayList getRoles(java.sql.Connection dbConnection, java.lang.String username)
Return the roles associated with the given user name
param
dbConnection The database connection to be used
param
username Username for which roles should be retrieved
ResultSet rs = null; PreparedStatement stmt = null; ArrayList<String> list = null; try { stmt = roles(dbConnection, username); rs = stmt.executeQuery(); list = new ArrayList<String>(); while (rs.next()) { String role = rs.getString(1); if (role != null) { list.add(role.trim()); } } return list; } catch(SQLException e) { containerLog.error( sm.getString("dataSourceRealm.getRoles.exception", username)); } finally { try { if (rs != null) { rs.close(); } if (stmt != null) { stmt.close(); } } catch (SQLException e) { containerLog.error( sm.getString("dataSourceRealm.getRoles.exception", username)); } } return null;
public java.lang.String getUserCredCol()
Return the column in the user table that holds the user's credentials.
return userCredCol;
public java.lang.String getUserNameCol()
Return the column in the user table that holds the user's name.
return userNameCol;
public java.lang.String getUserRoleTable()
Return the table that holds the relation between user's and roles.
return userRoleTable;
public java.lang.String getUserTable()
Return the table that holds user data..
return userTable;
protected java.sql.Connection open()
Open the specified database connection.
return
Connection to the database
try { Context context = null; if (localDataSource) { context = ContextBindings.getClassLoader(); context = (Context) context.lookup("comp/env"); } else { StandardServer server = (StandardServer) ServerFactory.getServer(); context = server.getGlobalNamingContext(); } DataSource dataSource = (DataSource)context.lookup(dataSourceName); return dataSource.getConnection(); } catch (Exception e) { // Log the problem for posterity containerLog.error(sm.getString("dataSourceRealm.exception"), e); } return null;
private java.sql.PreparedStatement roles(java.sql.Connection dbConnection, java.lang.String username)
Return a PreparedStatement configured to perform the SELECT required to retrieve user roles for the specified username.
param
dbConnection The database connection to be used
param
username Username for which roles should be retrieved
exception
SQLException if a database error occurs
PreparedStatement roles = dbConnection.prepareStatement(preparedRoles); roles.setString(1, username); return (roles);
public void setDataSourceName(java.lang.String dataSourceName)
Set the name of the JNDI JDBC DataSource.
param
dataSourceName the name of the JNDI JDBC DataSource
this.dataSourceName = dataSourceName;
public void setLocalDataSource(boolean localDataSource)
Set to true to cause the datasource to be looked up in the webapp JNDI Context.
param
localDataSource the new flag value
this.localDataSource = localDataSource;
public void setRoleNameCol(java.lang.String roleNameCol)
Set the column in the user role table that names a role.
param
roleNameCol The column name
this.roleNameCol = roleNameCol;
public void setUserCredCol(java.lang.String userCredCol)
Set the column in the user table that holds the user's credentials.
param
userCredCol The column name
this.userCredCol = userCredCol;
public void setUserNameCol(java.lang.String userNameCol)
Set the column in the user table that holds the user's name.
param
userNameCol The column name
this.userNameCol = userNameCol;
public void setUserRoleTable(java.lang.String userRoleTable)
Set the table that holds the relation between user's and roles.
param
userRoleTable The table name
this.userRoleTable = userRoleTable;
public void setUserTable(java.lang.String userTable)
Set the table that holds user data.
param
userTable The table name
this.userTable = userTable;
public void start()
Prepare for active use of the public methods of this Component.
exception
LifecycleException if this component detects a fatal error that prevents it from being started
// Perform normal superclass initialization super.start(); // Create the roles PreparedStatement string StringBuffer temp = new StringBuffer("SELECT "); temp.append(roleNameCol); temp.append(" FROM "); temp.append(userRoleTable); temp.append(" WHERE "); temp.append(userNameCol); temp.append(" = ?"); preparedRoles = temp.toString(); // Create the credentials PreparedStatement string temp = new StringBuffer("SELECT "); temp.append(userCredCol); temp.append(" FROM "); temp.append(userTable); temp.append(" WHERE "); temp.append(userNameCol); temp.append(" = ?"); preparedCredentials = temp.toString();
public void stop()
Gracefully shut down active use of the public methods of this Component.
exception
LifecycleException if this component detects a fatal error that needs to be reported
// Perform normal superclass finalization super.stop();