1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.plus.jaas.spi;
15
16 import java.sql.Connection;
17 import java.sql.PreparedStatement;
18 import java.sql.ResultSet;
19 import java.sql.SQLException;
20 import java.util.ArrayList;
21 import java.util.List;
22 import java.util.Map;
23
24 import javax.security.auth.Subject;
25 import javax.security.auth.callback.CallbackHandler;
26
27 import org.eclipse.jetty.http.security.Credential;
28 import org.eclipse.jetty.util.log.Log;
29 import org.eclipse.jetty.util.log.Logger;
30
31
32
33
34
35
36
37
38
39 public abstract class AbstractDatabaseLoginModule extends AbstractLoginModule
40 {
41 private static final Logger LOG = Log.getLogger(AbstractDatabaseLoginModule.class);
42
43 private String userQuery;
44 private String rolesQuery;
45 private String dbUserTable;
46 private String dbUserTableUserField;
47 private String dbUserTableCredentialField;
48 private String dbUserRoleTable;
49 private String dbUserRoleTableUserField;
50 private String dbUserRoleTableRoleField;
51
52
53
54
55
56
57
58
59 public abstract Connection getConnection () throws Exception;
60
61
62
63
64
65
66
67
68 public UserInfo getUserInfo (String userName)
69 throws Exception
70 {
71 Connection connection = null;
72
73 try
74 {
75 connection = getConnection();
76
77
78 PreparedStatement statement = connection.prepareStatement (userQuery);
79 statement.setString (1, userName);
80 ResultSet results = statement.executeQuery();
81 String dbCredential = null;
82 if (results.next())
83 {
84 dbCredential = results.getString(1);
85 }
86 results.close();
87 statement.close();
88
89
90 statement = connection.prepareStatement (rolesQuery);
91 statement.setString (1, userName);
92 results = statement.executeQuery();
93 List<String> roles = new ArrayList<String>();
94
95 while (results.next())
96 {
97 String roleName = results.getString (1);
98 roles.add (roleName);
99 }
100
101 results.close();
102 statement.close();
103
104 return dbCredential==null ? null : new UserInfo (userName,
105 Credential.getCredential(dbCredential), roles);
106 }
107 finally
108 {
109 if (connection != null) connection.close();
110 }
111 }
112
113
114 public void initialize(Subject subject,
115 CallbackHandler callbackHandler,
116 Map<String,?> sharedState,
117 Map<String,?> options)
118 {
119 super.initialize(subject, callbackHandler, sharedState, options);
120
121
122 dbUserTable = (String)options.get("userTable");
123 dbUserTableUserField = (String)options.get("userField");
124 dbUserTableCredentialField = (String)options.get("credentialField");
125
126 userQuery = "select "+dbUserTableCredentialField+" from "+dbUserTable+" where "+dbUserTableUserField+"=?";
127
128
129
130 dbUserRoleTable = (String)options.get("userRoleTable");
131 dbUserRoleTableUserField = (String)options.get("userRoleUserField");
132 dbUserRoleTableRoleField = (String)options.get("userRoleRoleField");
133
134 rolesQuery = "select "+dbUserRoleTableRoleField+" from "+dbUserRoleTable+" where "+dbUserRoleTableUserField+"=?";
135
136 if(LOG.isDebugEnabled())LOG.debug("userQuery = "+userQuery);
137 if(LOG.isDebugEnabled())LOG.debug("rolesQuery = "+rolesQuery);
138 }
139 }