1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package org.mortbay.jetty.plus.jaas.spi;
17
18 import java.sql.Connection;
19 import java.sql.PreparedStatement;
20 import java.sql.ResultSet;
21 import java.sql.SQLException;
22 import java.util.ArrayList;
23 import java.util.List;
24 import java.util.Map;
25
26 import javax.security.auth.Subject;
27 import javax.security.auth.callback.CallbackHandler;
28
29 import org.mortbay.jetty.security.Credential;
30 import org.mortbay.log.Log;
31
32
33
34
35
36
37
38
39
40 public abstract class AbstractDatabaseLoginModule extends AbstractLoginModule
41 {
42 private String userQuery;
43 private String rolesQuery;
44 private String dbUserTable;
45 private String dbUserTableUserField;
46 private String dbUserTableCredentialField;
47 private String dbUserRoleTable;
48 private String dbUserRoleTableUserField;
49 private String dbUserRoleTableRoleField;
50
51
52
53
54
55
56
57
58 public abstract Connection getConnection () throws Exception;
59
60
61
62
63
64
65
66
67 public UserInfo getUserInfo (String userName)
68 throws Exception
69 {
70 Connection connection = null;
71
72 try
73 {
74 connection = getConnection();
75
76
77 PreparedStatement statement = connection.prepareStatement (userQuery);
78 statement.setString (1, userName);
79 ResultSet results = statement.executeQuery();
80 String dbCredential = null;
81 if (results.next())
82 {
83 dbCredential = results.getString(1);
84 }
85 results.close();
86 statement.close();
87
88
89 statement = connection.prepareStatement (rolesQuery);
90 statement.setString (1, userName);
91 results = statement.executeQuery();
92 List roles = new ArrayList();
93
94 while (results.next())
95 {
96 String roleName = results.getString (1);
97 roles.add (roleName);
98 }
99
100 results.close();
101 statement.close();
102
103 return dbCredential==null ? null : new UserInfo (userName,
104 Credential.getCredential(dbCredential), roles);
105 }
106 finally
107 {
108 if (connection != null) connection.close();
109 }
110 }
111
112
113 public void initialize(Subject subject,
114 CallbackHandler callbackHandler,
115 Map sharedState,
116 Map options)
117 {
118 super.initialize(subject, callbackHandler, sharedState, options);
119
120
121 dbUserTable = (String)options.get("userTable");
122 dbUserTableUserField = (String)options.get("userField");
123 dbUserTableCredentialField = (String)options.get("credentialField");
124
125 userQuery = "select "+dbUserTableCredentialField+" from "+dbUserTable+" where "+dbUserTableUserField+"=?";
126
127
128
129 dbUserRoleTable = (String)options.get("userRoleTable");
130 dbUserRoleTableUserField = (String)options.get("userRoleUserField");
131 dbUserRoleTableRoleField = (String)options.get("userRoleRoleField");
132
133 rolesQuery = "select "+dbUserRoleTableRoleField+" from "+dbUserRoleTable+" where "+dbUserRoleTableUserField+"=?";
134
135 if(Log.isDebugEnabled())Log.debug("userQuery = "+userQuery);
136 if(Log.isDebugEnabled())Log.debug("rolesQuery = "+rolesQuery);
137 }
138 }