Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.caucho.server.security
Class JdbcAuthenticator

java.lang.Object
  extended by com.caucho.server.security.AbstractAuthenticator
      extended by com.caucho.server.security.JdbcAuthenticator
All Implemented Interfaces:
ServletAuthenticator, HandleAware, java.io.Serializable
Direct Known Subclasses:
JdbcAuthenticator
public class JdbcAuthenticator
extends AbstractAuthenticator

An authenticator using JDBC.

The default table schema looks something like: 

 CREATE TABLE LOGIN (
   username VARCHAR(250) NOT NULL,
   password VARCHAR(250),
   cookie VARCHAR(250),
   PRIMARY KEY (username)
 );
 
 <authenticator url="jdbc:database=jdbc/user">
 </authenticator>

See Also:
Serialized Form

Field Summary
protected  java.lang.String _cookieDomain
           
protected  long _cookieMaxAge
           
protected  int _cookieVersion
           
protected  boolean _useCookie
           
 
Fields inherited from class com.caucho.server.security.AbstractAuthenticator
_passwordDigest, _passwordDigestAlgorithm, _passwordDigestRealm, _principalCache, _principalCacheSize, LOGIN_NAME
 
Constructor Summary
JdbcAuthenticator()
           
 
Method Summary
protected  void addAuthCookie(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.security.Principal user)
          Adds a cookie to store authentication.
 java.security.Principal authenticateCookie(java.lang.String cookieValue)
          Authenticate based on a cookie.
 java.lang.String getCookieAuthQuery()
          Gets the cookie auth query.
 java.lang.String getCookieAuthUpdate()
          Gets the cookie update query.
 java.lang.String getCookieDomain()
          Returns the domain for a login cookie.
 long getCookieMaxAge()
          Returns the max-age for a login cookie.
 int getCookieVersion()
          Returns the version for a login cookie.
 javax.sql.DataSource getDataSource()
          Gets the database
protected  java.lang.String getDigestPassword(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.lang.String username, java.lang.String realm)
          Returns the password for authenticators too lazy to calculate the digest.
 java.lang.String getPasswordQuery()
          Gets the password query.
 java.lang.String getRoleQuery()
          Gets the role query.
 boolean getUseCookie()
          Returns true if Resin should generate the resinauth cookie by default.
protected  java.security.Principal getUserPrincipalImpl(HttpServletRequest request, ServletContext application)
          Gets the user from a persistent cookie, uaing authenticateCookie to actually look the cookie up.
 void init()
          Initialize the authenticator.
 boolean isUserInRole(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.security.Principal principal, java.lang.String role)
          Returns true if the user plays the named role.
 java.security.Principal loginImpl(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.lang.String username, java.lang.String password)
          Authenticates the user given the request.
 java.security.Principal loginImpl(java.lang.String username, java.lang.String password)
          Authenticates the user given the request.
 void logout(HttpServletRequest request, HttpServletResponse response, ServletContext application, java.security.Principal user)
          Logs the user out from the session.
 void setCookieAuthQuery(java.lang.String query)
          Sets the cookie auth query.
 void setCookieAuthUpdate(java.lang.String query)
          Sets the cookie update query.
 void setCookieDomain(java.lang.String cookieDomain)
          Sets the domain for a login cookie.
 void setCookieLogout(boolean cookieLogout)
          If true, the cookie is removed on logout
 void setCookieMaxAge(Period cookieMaxAge)
          Sets the max age for a login cookie.
 void setCookieVersion(int version)
          Sets the version for a login cookie.
 void setDataSource(javax.sql.DataSource dataSource)
          Sets the database pool name.
 void setPasswordQuery(java.lang.String query)
          Sets the password query.
 void setRoleQuery(java.lang.String query)
          Sets the role query.
 void setUseCookie(boolean useCookie)
          Set true if Resin should generate the resinauth cookie by default.
 boolean updateCookie(java.security.Principal user, java.lang.String cookieValue)
          Associates a user with a persistent cookie.
 
Methods inherited from class com.caucho.server.security.AbstractAuthenticator
addRoleMapping, digest, getDigestSecret, getLogoutOnSessionTimeout, getPasswordDigest, getPasswordDigest, getPasswordDigestAlgorithm, getPasswordDigestRealm, getPrincipalCacheSize, getUserPrincipal, login, loginDigest, loginDigestImpl, logout, logout, setLogoutOnSessionTimeout, setPasswordDigest, setPasswordDigestAlgorithm, setPasswordDigestRealm, setPrincipalCacheSize, setSerializationHandle, stringToDigest, toString, writeReplace
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

_useCookie

protected boolean _useCookie

_cookieVersion

protected int _cookieVersion

_cookieDomain

protected java.lang.String _cookieDomain

_cookieMaxAge

protected long _cookieMaxAge
Constructor Detail

JdbcAuthenticator

public JdbcAuthenticator()
Method Detail

getDataSource

public javax.sql.DataSource getDataSource()
Gets the database

setDataSource

public void setDataSource(javax.sql.DataSource dataSource)
Sets the database pool name.

getPasswordQuery

public java.lang.String getPasswordQuery()
Gets the password query.

Example: 


 SELECT password FROM LOGIN WHERE username=?

setPasswordQuery

public void setPasswordQuery(java.lang.String query)
Sets the password query.

getCookieAuthQuery

public java.lang.String getCookieAuthQuery()
Gets the cookie auth query.

setCookieAuthQuery

public void setCookieAuthQuery(java.lang.String query)
Sets the cookie auth query.

getCookieAuthUpdate

public java.lang.String getCookieAuthUpdate()
Gets the cookie update query.

setCookieAuthUpdate

public void setCookieAuthUpdate(java.lang.String query)
Sets the cookie update query.

setCookieLogout

public void setCookieLogout(boolean cookieLogout)
If true, the cookie is removed on logout

getRoleQuery

public java.lang.String getRoleQuery()
Gets the role query.

setRoleQuery

public void setRoleQuery(java.lang.String query)
Sets the role query.

getUseCookie

public boolean getUseCookie()
Returns true if Resin should generate the resinauth cookie by default.

setUseCookie

public void setUseCookie(boolean useCookie)
Set true if Resin should generate the resinauth cookie by default.

getCookieVersion

public int getCookieVersion()
Returns the version for a login cookie.

setCookieVersion

public void setCookieVersion(int version)
Sets the version for a login cookie.

getCookieDomain

public java.lang.String getCookieDomain()
Returns the domain for a login cookie.

setCookieDomain

public void setCookieDomain(java.lang.String cookieDomain)
Sets the domain for a login cookie.

getCookieMaxAge

public long getCookieMaxAge()
Returns the max-age for a login cookie.

setCookieMaxAge

public void setCookieMaxAge(Period cookieMaxAge)
Sets the max age for a login cookie.

init

public void init()
          throws ServletException
Initialize the authenticator.

Specified by:
init in interface ServletAuthenticator
Overrides:
init in class AbstractAuthenticator
Throws:
ServletException

loginImpl

public java.security.Principal loginImpl(HttpServletRequest request,
                                         HttpServletResponse response,
                                         ServletContext application,
                                         java.lang.String username,
                                         java.lang.String password)
                                  throws ServletException
Authenticates the user given the request.

Overrides:
loginImpl in class AbstractAuthenticator
Parameters:
username - the user name for the login
password - the password for the login
Returns:
the authenticated user or null for a failure
Throws:
ServletException

addAuthCookie

protected void addAuthCookie(HttpServletRequest request,
                             HttpServletResponse response,
                             ServletContext application,
                             java.security.Principal user)
Adds a cookie to store authentication.

loginImpl

public java.security.Principal loginImpl(java.lang.String username,
                                         java.lang.String password)
                                  throws ServletException
Authenticates the user given the request.

Parameters:
username - the user name for the login
password - the password for the login
Returns:
the authenticated user or null for a failure
Throws:
ServletException

getDigestPassword

protected java.lang.String getDigestPassword(HttpServletRequest request,
                                             HttpServletResponse response,
                                             ServletContext application,
                                             java.lang.String username,
                                             java.lang.String realm)
                                      throws ServletException
Returns the password for authenticators too lazy to calculate the digest.

Overrides:
getDigestPassword in class AbstractAuthenticator
Throws:
ServletException

getUserPrincipalImpl

protected java.security.Principal getUserPrincipalImpl(HttpServletRequest request,
                                                       ServletContext application)
                                                throws ServletException
Description copied from class: AbstractAuthenticator
Gets the user from a persistent cookie, uaing authenticateCookie to actually look the cookie up.

Overrides:
getUserPrincipalImpl in class AbstractAuthenticator
Throws:
ServletException

authenticateCookie

public java.security.Principal authenticateCookie(java.lang.String cookieValue)
                                           throws ServletException
Authenticate based on a cookie.

Parameters:
cookieValue - the value of the resin-auth cookie
Returns:
the user for the cookie.
Throws:
ServletException

updateCookie

public boolean updateCookie(java.security.Principal user,
                            java.lang.String cookieValue)
Associates a user with a persistent cookie.

Parameters:
user - the user for the cookie
cookieValue - the value of the resin-auth cookie
Returns:
true if the cookie value is valid, i.e. it's unique

isUserInRole

public boolean isUserInRole(HttpServletRequest request,
                            HttpServletResponse response,
                            ServletContext application,
                            java.security.Principal principal,
                            java.lang.String role)
Description copied from class: AbstractAuthenticator
Returns true if the user plays the named role.

Specified by:
isUserInRole in interface ServletAuthenticator
Overrides:
isUserInRole in class AbstractAuthenticator
Parameters:
request - the servlet request
application - the owning application
principal - the user to test
role - the role to test

logout

public void logout(HttpServletRequest request,
                   HttpServletResponse response,
                   ServletContext application,
                   java.security.Principal user)
            throws ServletException
Logs the user out from the session.

Overrides:
logout in class AbstractAuthenticator
Parameters:
request - the servlet request
Throws:
ServletException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD