AbstractDatabaseLoginModule xref

View Javadoc

1   // ========================================================================
2   // Copyright (c) 1999-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  package org.eclipse.jetty.plus.jaas.spi;
15  
16  import java.sql.Connection;
17  import java.sql.PreparedStatement;
18  import java.sql.ResultSet;
19  import java.sql.SQLException;
20  import java.util.ArrayList;
21  import java.util.List;
22  import java.util.Map;
23  
24  import javax.security.auth.Subject;
25  import javax.security.auth.callback.CallbackHandler;
26  
27  import org.eclipse.jetty.http.security.Credential;
28  import org.eclipse.jetty.util.log.Log;
29  
30  /**
31   * AbstractDatabaseLoginModule
32   *
33   * Abstract base class for LoginModules that interact with a 
34   * database to retrieve authentication and authorization information.
35   * Used by the JDBCLoginModule and DataSourceLoginModule.
36   *
37   */
38  public abstract class AbstractDatabaseLoginModule extends AbstractLoginModule
39  {
40      private String userQuery;
41      private String rolesQuery;
42      private String dbUserTable;
43      private String dbUserTableUserField;
44      private String dbUserTableCredentialField;
45      private String dbUserRoleTable;
46      private String dbUserRoleTableUserField;
47      private String dbUserRoleTableRoleField;
48      
49      
50      
51      
52      /**
53       * @return a java.sql.Connection from the database
54       * @throws Exception
55       */
56      public abstract Connection getConnection () throws Exception;
57      
58     
59      
60      /* ------------------------------------------------ */
61      /** Load info from database
62       * @param userName user info to load
63       * @exception SQLException 
64       */
65      public UserInfo getUserInfo (String userName)
66          throws Exception
67      {
68          Connection connection = null;
69          
70          try
71          {
72              connection = getConnection();
73              
74              //query for credential
75              PreparedStatement statement = connection.prepareStatement (userQuery);
76              statement.setString (1, userName);
77              ResultSet results = statement.executeQuery();
78              String dbCredential = null;
79              if (results.next())
80              {
81                  dbCredential = results.getString(1);
82              }
83              results.close();
84              statement.close();
85              
86              //query for role names
87              statement = connection.prepareStatement (rolesQuery);
88              statement.setString (1, userName);
89              results = statement.executeQuery();
90              List roles = new ArrayList();
91              
92              while (results.next())
93              {
94                  String roleName = results.getString (1);
95                  roles.add (roleName);
96              }
97              
98              results.close();
99              statement.close();
100             
101             return dbCredential==null ? null : new UserInfo (userName, 
102                     Credential.getCredential(dbCredential), roles);
103         }
104         finally
105         {
106             if (connection != null) connection.close();
107         }
108     }
109     
110 
111     public void initialize(Subject subject,
112             CallbackHandler callbackHandler,
113             Map sharedState,
114             Map options)
115     {
116         super.initialize(subject, callbackHandler, sharedState, options);
117         
118         //get the user credential query out of the options
119         dbUserTable = (String)options.get("userTable");
120         dbUserTableUserField = (String)options.get("userField");
121         dbUserTableCredentialField = (String)options.get("credentialField");
122         
123         userQuery = "select "+dbUserTableCredentialField+" from "+dbUserTable+" where "+dbUserTableUserField+"=?";
124         
125         
126         //get the user roles query out of the options
127         dbUserRoleTable = (String)options.get("userRoleTable");
128         dbUserRoleTableUserField = (String)options.get("userRoleUserField");
129         dbUserRoleTableRoleField = (String)options.get("userRoleRoleField");
130         
131         rolesQuery = "select "+dbUserRoleTableRoleField+" from "+dbUserRoleTable+" where "+dbUserRoleTableUserField+"=?";
132         
133         if(Log.isDebugEnabled())Log.debug("userQuery = "+userQuery);
134         if(Log.isDebugEnabled())Log.debug("rolesQuery = "+rolesQuery);
135     }
136 }