org.apache.openejb.core.security.jaas
Class SQLLoginModule

java.lang.Object
  extended by org.apache.openejb.core.security.jaas.SQLLoginModule
All Implemented Interfaces:
javax.security.auth.spi.LoginModule

public class SQLLoginModule
extends java.lang.Object
implements javax.security.auth.spi.LoginModule

A login module that loads security information from a SQL database. Expects to be run by a GenericSecurityRealm (doesn't work on its own).

This requires database connectivity information (either 1: a dataSourceName and optional dataSourceApplication or 2: a JDBC driver, URL, username, and password) and 2 SQL queries.

The userSelect query should return 2 values, the username and the password in that order. It should include one PreparedStatement parameter (a ?) which will be filled in with the username. In other words, the query should look like: SELECT user, password FROM credentials WHERE username=?

The groupSelect query should return 2 values, the username and the group name in that order (but it may return multiple rows, one per group). It should include one PreparedStatement parameter (a ?) which will be filled in with the username. In other words, the query should look like: SELECT user, role FROM user_roles WHERE username=?

This login module checks security credentials so the lifecycle methods must return true to indicate success or throw LoginException to indicate failure.

Version:
$Rev: 710022 $ $Date: 2008-11-03 09:40:14 +0100 (Mo, 03. Nov 2008) $

Constructor Summary
SQLLoginModule()
           
 
Method Summary
 boolean abort()
           
 boolean commit()
           
 void initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
           
 boolean login()
          This LoginModule is not to be ignored.
 boolean logout()
           
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SQLLoginModule

public SQLLoginModule()
Method Detail

initialize

public void initialize(javax.security.auth.Subject subject,
                       javax.security.auth.callback.CallbackHandler callbackHandler,
                       java.util.Map sharedState,
                       java.util.Map options)
Specified by:
initialize in interface javax.security.auth.spi.LoginModule

login

public boolean login()
              throws javax.security.auth.login.LoginException
This LoginModule is not to be ignored. So, this method should never return false.

Specified by:
login in interface javax.security.auth.spi.LoginModule
Returns:
true if authentication succeeds, or throw a LoginException such as FailedLoginException if authentication fails
Throws:
javax.security.auth.login.LoginException

commit

public boolean commit()
               throws javax.security.auth.login.LoginException
Specified by:
commit in interface javax.security.auth.spi.LoginModule
Returns:
true if login succeeded and commit succeeded, or false if login failed but commit succeeded.
Throws:
javax.security.auth.login.LoginException - if login succeeded but commit failed.

abort

public boolean abort()
              throws javax.security.auth.login.LoginException
Specified by:
abort in interface javax.security.auth.spi.LoginModule
Throws:
javax.security.auth.login.LoginException

logout

public boolean logout()
               throws javax.security.auth.login.LoginException
Specified by:
logout in interface javax.security.auth.spi.LoginModule
Throws:
javax.security.auth.login.LoginException


Copyright © 1999-2011 The Apache OpenEJB development community. All Rights Reserved.