View Javadoc

1   // ========================================================================
2   // $Id: AbstractDatabaseLoginModule.java 3463 2008-07-31 04:39:59Z dyu $
3   // Copyright 1999-2004 Mort Bay Consulting Pty. Ltd.
4   // ------------------------------------------------------------------------
5   // Licensed under the Apache License, Version 2.0 (the "License");
6   // you may not use this file except in compliance with the License.
7   // You may obtain a copy of the License at 
8   // http://www.apache.org/licenses/LICENSE-2.0
9   // Unless required by applicable law or agreed to in writing, software
10  // distributed under the License is distributed on an "AS IS" BASIS,
11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  // See the License for the specific language governing permissions and
13  // limitations under the License.
14  // ========================================================================
15  
16  package org.mortbay.jetty.plus.jaas.spi;
17  
18  import java.sql.Connection;
19  import java.sql.PreparedStatement;
20  import java.sql.ResultSet;
21  import java.sql.SQLException;
22  import java.util.ArrayList;
23  import java.util.List;
24  import java.util.Map;
25  
26  import javax.security.auth.Subject;
27  import javax.security.auth.callback.CallbackHandler;
28  
29  import org.mortbay.jetty.security.Credential;
30  import org.mortbay.log.Log;
31  
32  /**
33   * AbstractDatabaseLoginModule
34   *
35   * Abstract base class for LoginModules that interact with a 
36   * database to retrieve authentication and authorization information.
37   * Used by the JDBCLoginModule and DataSourceLoginModule.
38   *
39   */
40  public abstract class AbstractDatabaseLoginModule extends AbstractLoginModule
41  {
42      private String userQuery;
43      private String rolesQuery;
44      private String dbUserTable;
45      private String dbUserTableUserField;
46      private String dbUserTableCredentialField;
47      private String dbUserRoleTable;
48      private String dbUserRoleTableUserField;
49      private String dbUserRoleTableRoleField;
50      
51      
52      
53      
54      /**
55       * @return a java.sql.Connection from the database
56       * @throws Exception
57       */
58      public abstract Connection getConnection () throws Exception;
59      
60     
61      
62      /* ------------------------------------------------ */
63      /** Load info from database
64       * @param userName user info to load
65       * @exception SQLException 
66       */
67      public UserInfo getUserInfo (String userName)
68          throws Exception
69      {
70          Connection connection = null;
71          
72          try
73          {
74              connection = getConnection();
75              
76              //query for credential
77              PreparedStatement statement = connection.prepareStatement (userQuery);
78              statement.setString (1, userName);
79              ResultSet results = statement.executeQuery();
80              String dbCredential = null;
81              if (results.next())
82              {
83                  dbCredential = results.getString(1);
84              }
85              results.close();
86              statement.close();
87              
88              //query for role names
89              statement = connection.prepareStatement (rolesQuery);
90              statement.setString (1, userName);
91              results = statement.executeQuery();
92              List roles = new ArrayList();
93              
94              while (results.next())
95              {
96                  String roleName = results.getString (1);
97                  roles.add (roleName);
98              }
99              
100             results.close();
101             statement.close();
102             
103             return dbCredential==null ? null : new UserInfo (userName, 
104                     Credential.getCredential(dbCredential), roles);
105         }
106         finally
107         {
108             if (connection != null) connection.close();
109         }
110     }
111     
112 
113     public void initialize(Subject subject,
114             CallbackHandler callbackHandler,
115             Map sharedState,
116             Map options)
117     {
118         super.initialize(subject, callbackHandler, sharedState, options);
119         
120         //get the user credential query out of the options
121         dbUserTable = (String)options.get("userTable");
122         dbUserTableUserField = (String)options.get("userField");
123         dbUserTableCredentialField = (String)options.get("credentialField");
124         
125         userQuery = "select "+dbUserTableCredentialField+" from "+dbUserTable+" where "+dbUserTableUserField+"=?";
126         
127         
128         //get the user roles query out of the options
129         dbUserRoleTable = (String)options.get("userRoleTable");
130         dbUserRoleTableUserField = (String)options.get("userRoleUserField");
131         dbUserRoleTableRoleField = (String)options.get("userRoleRoleField");
132         
133         rolesQuery = "select "+dbUserRoleTableRoleField+" from "+dbUserRoleTable+" where "+dbUserRoleTableUserField+"=?";
134         
135         if(Log.isDebugEnabled())Log.debug("userQuery = "+userQuery);
136         if(Log.isDebugEnabled())Log.debug("rolesQuery = "+rolesQuery);
137     }
138 }