/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License.
*/ package org.apache.catalina.realm;
/** * Implementation of <b>Realm</b> that works with any JDBC JNDI DataSource. See the Realm How-To for more details on how * to set up the database and for configuration options. * * @author Glenn L. Nielsen * @author Craig R. McClanahan * @author Carson McDonald * @author Ignacio Ortega
*/ publicclass DataSourceRealm extends RealmBase {
/** * @return the name of the JNDI JDBC DataSource.
*/ public String getDataSourceName() { return dataSourceName;
}
/** * Set the name of the JNDI JDBC DataSource. * * @param dataSourceName the name of the JNDI JDBC DataSource
*/ publicvoid setDataSourceName(String dataSourceName) { this.dataSourceName = dataSourceName;
}
/** * @return if the datasource will be looked up in the webapp JNDI Context.
*/ publicboolean getLocalDataSource() { return localDataSource;
}
/** * Set to true to cause the datasource to be looked up in the webapp JNDI Context. * * @param localDataSource the new flag value
*/ publicvoid setLocalDataSource(boolean localDataSource) { this.localDataSource = localDataSource;
}
/** * @return the column in the user role table that names a role.
*/ public String getRoleNameCol() { return roleNameCol;
}
/** * Set the column in the user role table that names a role. * * @param roleNameCol The column name
*/ publicvoid setRoleNameCol(String roleNameCol) { this.roleNameCol = roleNameCol;
}
/** * @return the column in the user table that holds the user's credentials.
*/ public String getUserCredCol() { return userCredCol;
}
/** * Set the column in the user table that holds the user's credentials. * * @param userCredCol The column name
*/ publicvoid setUserCredCol(String userCredCol) { this.userCredCol = userCredCol;
}
/** * @return the column in the user table that holds the user's name.
*/ public String getUserNameCol() { return userNameCol;
}
/** * Set the column in the user table that holds the user's name. * * @param userNameCol The column name
*/ publicvoid setUserNameCol(String userNameCol) { this.userNameCol = userNameCol;
}
/** * @return the table that holds the relation between user's and roles.
*/ public String getUserRoleTable() { return userRoleTable;
}
/** * Set the table that holds the relation between user's and roles. * * @param userRoleTable The table name
*/ publicvoid setUserRoleTable(String userRoleTable) { this.userRoleTable = userRoleTable;
}
/** * @return the table that holds user data..
*/ public String getUserTable() { return userTable;
}
/** * Set the table that holds user data. * * @param userTable The table name
*/ publicvoid setUserTable(String userTable) { this.userTable = userTable;
}
// --------------------------------------------------------- Public Methods
/** * {@inheritDoc} * <p> * If there are any errors with the JDBC connection, executing the query or anything this method returns null * (doesn't authenticate). This event is also logged, and the connection will be closed so that a subsequent request * will automatically re-open it.
*/
@Override public Principal authenticate(String username, String credentials) {
// No user or no credentials // Can't possibly authenticate, don't bother the database then if (username == null || credentials == null) { returnnull;
}
Connection dbConnection = null;
// Ensure that we have an open database connection
dbConnection = open(); if (dbConnection == null) { // If the db connection open fails, return "not authenticated" returnnull;
}
try { // Acquire a Principal object for this user return authenticate(dbConnection, username, credentials);
} finally {
close(dbConnection);
}
}
/** * Return the Principal associated with the specified username and credentials, if there is one; otherwise return * <code>null</code>. * * @param dbConnection The database connection to be used * @param username Username of the Principal to look up * @param credentials Password or other credentials to use in authenticating this username * * @return the associated principal, or <code>null</code> if there is none.
*/ protected Principal authenticate(Connection dbConnection, String username, String credentials) { // No user or no credentials // Can't possibly authenticate, don't bother the database then if (username == null || credentials == null) { if (containerLog.isTraceEnabled()) {
containerLog.trace(sm.getString("dataSourceRealm.authenticateFailure", username));
} returnnull;
}
// Look up the user's credentials
String dbCredentials = getPassword(dbConnection, username);
if (dbCredentials == null) { // User was not found in the database. // Waste a bit of time as not to reveal that the user does not exist.
getCredentialHandler().mutate(credentials);
if (containerLog.isTraceEnabled()) {
containerLog.trace(sm.getString("dataSourceRealm.authenticateFailure", username));
} returnnull;
}
// Validate the user's credentials boolean validated = getCredentialHandler().matches(credentials, dbCredentials);
if (validated) { if (containerLog.isTraceEnabled()) {
containerLog.trace(sm.getString("dataSourceRealm.authenticateSuccess", username));
}
} else { if (containerLog.isTraceEnabled()) {
containerLog.trace(sm.getString("dataSourceRealm.authenticateFailure", username));
} returnnull;
}
ArrayList<String> list = getRoles(dbConnection, username);
// Create and return a suitable Principal for this user returnnew GenericPrincipal(username, list);
}
/** * Close the specified database connection. * * @param dbConnection The connection to be closed
*/ protectedvoid close(Connection dbConnection) {
// Do nothing if the database connection is already closed if (dbConnection == null) { return;
}
// Commit if not auto committed try { if (!dbConnection.getAutoCommit()) {
dbConnection.commit();
}
} catch (SQLException e) {
containerLog.error(sm.getString("dataSourceRealm.commit"), e);
}
// Close this database connection, and log any errors try {
dbConnection.close();
} catch (SQLException e) {
containerLog.error(sm.getString("dataSourceRealm.close"), e); // Just log it here
}
}
/** * Open the specified database connection. * * @return Connection to the database
*/ protected Connection open() {
/** * Return the password associated with the given principal's user name. * * @param dbConnection The database connection to be used * @param username Username for which password should be retrieved * * @return the password for the specified user
*/ protected String getPassword(Connection dbConnection, String username) {
/** * Return the Principal associated with the given user name. * * @param username the user name * * @return the principal object
*/
@Override protected Principal getPrincipal(String username) {
Connection dbConnection = open(); if (dbConnection == null) { returnnew GenericPrincipal(username, null);
} try { returnnew GenericPrincipal(username, getRoles(dbConnection, username));
} finally {
close(dbConnection);
}
}
/** * Return the roles associated with the given user name. * * @param username User name for which roles should be retrieved * * @return an array list of the role names
*/ protected ArrayList<String> getRoles(String username) {
Connection dbConnection = null;
// Ensure that we have an open database connection
dbConnection = open(); if (dbConnection == null) { returnnull;
}
/** * Return the roles associated with the given user name. * * @param dbConnection The database connection to be used * @param username User name for which roles should be retrieved * * @return an array list of the role names
*/ protected ArrayList<String> getRoles(Connection dbConnection, String username) {
if (allRolesMode != AllRolesMode.STRICT_MODE && !isRoleStoreDefined()) { // Using an authentication only configuration and no role store has // been defined so don't spend cycles looking returnnull;
}
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung ist noch experimentell.
