1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.plus.jaas.spi;
20
21 import java.sql.Connection;
22 import java.sql.PreparedStatement;
23 import java.sql.ResultSet;
24 import java.sql.SQLException;
25 import java.util.ArrayList;
26 import java.util.List;
27 import java.util.Map;
28
29 import javax.security.auth.Subject;
30 import javax.security.auth.callback.CallbackHandler;
31
32 import org.eclipse.jetty.util.security.Credential;
33 import org.eclipse.jetty.util.log.Log;
34 import org.eclipse.jetty.util.log.Logger;
35
36
37
38
39
40
41
42
43
44 public abstract class AbstractDatabaseLoginModule extends AbstractLoginModule
45 {
46 private static final Logger LOG = Log.getLogger(AbstractDatabaseLoginModule.class);
47
48 private String userQuery;
49 private String rolesQuery;
50 private String dbUserTable;
51 private String dbUserTableUserField;
52 private String dbUserTableCredentialField;
53 private String dbUserRoleTable;
54 private String dbUserRoleTableUserField;
55 private String dbUserRoleTableRoleField;
56
57
58
59
60
61
62
63
64 public abstract Connection getConnection () throws Exception;
65
66
67
68
69
70
71
72
73 public UserInfo getUserInfo (String userName)
74 throws Exception
75 {
76 Connection connection = null;
77
78 try
79 {
80 connection = getConnection();
81
82
83 PreparedStatement statement = connection.prepareStatement (userQuery);
84 statement.setString (1, userName);
85 ResultSet results = statement.executeQuery();
86 String dbCredential = null;
87 if (results.next())
88 {
89 dbCredential = results.getString(1);
90 }
91 results.close();
92 statement.close();
93
94
95 statement = connection.prepareStatement (rolesQuery);
96 statement.setString (1, userName);
97 results = statement.executeQuery();
98 List<String> roles = new ArrayList<String>();
99
100 while (results.next())
101 {
102 String roleName = results.getString (1);
103 roles.add (roleName);
104 }
105
106 results.close();
107 statement.close();
108
109 return dbCredential==null ? null : new UserInfo (userName,
110 Credential.getCredential(dbCredential), roles);
111 }
112 finally
113 {
114 if (connection != null) connection.close();
115 }
116 }
117
118
119 public void initialize(Subject subject,
120 CallbackHandler callbackHandler,
121 Map<String,?> sharedState,
122 Map<String,?> options)
123 {
124 super.initialize(subject, callbackHandler, sharedState, options);
125
126
127 dbUserTable = (String)options.get("userTable");
128 dbUserTableUserField = (String)options.get("userField");
129 dbUserTableCredentialField = (String)options.get("credentialField");
130
131 userQuery = "select "+dbUserTableCredentialField+" from "+dbUserTable+" where "+dbUserTableUserField+"=?";
132
133
134
135 dbUserRoleTable = (String)options.get("userRoleTable");
136 dbUserRoleTableUserField = (String)options.get("userRoleUserField");
137 dbUserRoleTableRoleField = (String)options.get("userRoleRoleField");
138
139 rolesQuery = "select "+dbUserRoleTableRoleField+" from "+dbUserRoleTable+" where "+dbUserRoleTableUserField+"=?";
140
141 if(LOG.isDebugEnabled())LOG.debug("userQuery = "+userQuery);
142 if(LOG.isDebugEnabled())LOG.debug("rolesQuery = "+rolesQuery);
143 }
144 }