Class NativeAuthenticationServiceImpl
- java.lang.Object
-
- org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase
-
- org.apache.derby.impl.jdbc.authentication.NativeAuthenticationServiceImpl
-
- All Implemented Interfaces:
UserAuthenticator
,AuthenticationService
,ModuleControl
,ModuleSupportable
,PropertySetCallback
public final class NativeAuthenticationServiceImpl extends AuthenticationServiceBase implements UserAuthenticator
This authentication service supports Derby NATIVE authentication.
To activate this service, set the derby.authentication.provider database or system property to a value beginning with the token "NATIVE:".
This service instantiates and calls the basic User authentication scheme at runtime.
User credentials are defined in the SYSUSERS table.
-
-
Field Summary
Fields Modifier and Type Field Description private boolean
_authenticateDatabaseOperationsLocally
private java.lang.String
_badlyFormattedPasswordProperty
private boolean
_creatingCredentialsDB
private java.lang.String
_credentialsDB
private double
_passwordExpirationThreshold
private long
_passwordLifetimeMillis
-
Fields inherited from class org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase
authenticationScheme, AuthenticationTrace, SECMEC_USRSSBPWD
-
Fields inherited from interface org.apache.derby.iapi.jdbc.AuthenticationService
MODULE
-
-
Constructor Summary
Constructors Constructor Description NativeAuthenticationServiceImpl()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private boolean
authenticateLocally(java.lang.String userName, java.lang.String userPassword, java.lang.String databaseName)
Authenticate the passed-in credentials against the local database.private boolean
authenticateRemotely(java.lang.String userName, java.lang.String userPassword, java.lang.String databaseName)
Authenticate the passed-in credentials against another Derby database.boolean
authenticateUser(java.lang.String userName, java.lang.String userPassword, java.lang.String databaseName, java.util.Properties info)
Authenticate the passed-in user's credentials.private boolean
authenticatingInThisDatabase(java.lang.String userVisibleDatabaseName)
Return true if we are authenticating in this database.private boolean
authenticatingInThisService(java.lang.String canonicalDatabaseName)
Return true if we are authenticating in this service.void
boot(boolean create, java.util.Properties properties)
Start this module.boolean
canSupport(java.util.Properties properties)
Check if we should activate this authentication service.private java.lang.String
getCanonicalServiceName()
Get the canonical name of the current database serviceprivate java.lang.String
getCanonicalServiceName(java.lang.String rawName)
Turn a service name into its normalized, standard formprivate static ModuleFactory
getMonitor()
Privileged Monitor lookup.private static java.lang.String
getServiceName(java.lang.Object serviceModule)
Privileged Monitor lookup.java.lang.String
getSystemCredentialsDatabaseName()
Override behavior in superclassprivate boolean
isCredentialsService(java.lang.String canonicalDatabaseName)
Return true if the passed in service is the credentials database.private void
parseNativeSpecification(java.util.Properties properties)
Parse the specification of NATIVE authentication.private boolean
validAuthenticationProvider()
Return true if AUTHENTICATION_PROVIDER_PARAMETER was well formatted.private StandardException
wrap(java.lang.Throwable t)
-
Methods inherited from class org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase
apply, authenticate, getDatabaseProperties, getDatabaseProperty, getProperty, getServiceModule, getServiceName, getSystemProperty, getTransaction, hashPasswordSHA1Scheme, hashUsingDefaultAlgorithm, init, map, parsePasswordLifetime, parsePasswordThreshold, requireAuthentication, setAuthenticationService, stop, substitutePassword, validate
-
-
-
-
Field Detail
-
_creatingCredentialsDB
private boolean _creatingCredentialsDB
-
_credentialsDB
private java.lang.String _credentialsDB
-
_authenticateDatabaseOperationsLocally
private boolean _authenticateDatabaseOperationsLocally
-
_passwordLifetimeMillis
private long _passwordLifetimeMillis
-
_passwordExpirationThreshold
private double _passwordExpirationThreshold
-
_badlyFormattedPasswordProperty
private java.lang.String _badlyFormattedPasswordProperty
-
-
Method Detail
-
canSupport
public boolean canSupport(java.util.Properties properties)
Check if we should activate this authentication service.- Specified by:
canSupport
in interfaceModuleSupportable
- Returns:
- true if this instance can be used, false otherwise.
-
parseNativeSpecification
private void parseNativeSpecification(java.util.Properties properties)
Parse the specification of NATIVE authentication. It can take 3 forms:
- NATIVE:$credentialsDB - Here $credentialsDB is the name of a Derby database. This means that all authentication should take place in $credentialsDB.
- NATIVE:$credentialsDB:LOCAL- This means that system-wide operations (like engine shutdown) are authenticated in $credentialsDB but connections to existing databases are authenticated in those databases.
- NATIVE::LOCAL - This means that connections to a given database are authenticated in that database.
-
validAuthenticationProvider
private boolean validAuthenticationProvider() throws StandardException
Return true if AUTHENTICATION_PROVIDER_PARAMETER was well formatted. The property must have designated some database as the authentication authority.
- Throws:
StandardException
-
boot
public void boot(boolean create, java.util.Properties properties) throws StandardException
Description copied from class:AuthenticationServiceBase
Start this module. In this case, nothing needs to be done.- Specified by:
boot
in interfaceModuleControl
- Overrides:
boot
in classAuthenticationServiceBase
- Throws:
StandardException
- upon failure to load/boot the expected authentication service.- See Also:
ModuleControl.boot(boolean, java.util.Properties)
-
getSystemCredentialsDatabaseName
public java.lang.String getSystemCredentialsDatabaseName()
Override behavior in superclass- Specified by:
getSystemCredentialsDatabaseName
in interfaceAuthenticationService
- Overrides:
getSystemCredentialsDatabaseName
in classAuthenticationServiceBase
-
authenticateUser
public boolean authenticateUser(java.lang.String userName, java.lang.String userPassword, java.lang.String databaseName, java.util.Properties info) throws java.sql.SQLException
Authenticate the passed-in user's credentials.- Specified by:
authenticateUser
in interfaceUserAuthenticator
- Parameters:
userName
- The user's name used to connect to JBMS systemuserPassword
- The user's password used to connect to JBMS systemdatabaseName
- The database which the user wants to connect to.info
- Additional jdbc connection info.- Returns:
- false if the connection request should be denied, true if the connection request should proceed. If false is returned the connection attempt will receive a SQLException with SQL State 08004.
- Throws:
java.sql.SQLException
- An exception processing the request, connection request will be denied. The SQL exception will be returned to the connection attempt.
-
authenticatingInThisDatabase
private boolean authenticatingInThisDatabase(java.lang.String userVisibleDatabaseName) throws StandardException
Return true if we are authenticating in this database.
- Throws:
StandardException
-
authenticatingInThisService
private boolean authenticatingInThisService(java.lang.String canonicalDatabaseName) throws StandardException
Return true if we are authenticating in this service.
- Throws:
StandardException
-
isCredentialsService
private boolean isCredentialsService(java.lang.String canonicalDatabaseName) throws StandardException
Return true if the passed in service is the credentials database.
- Throws:
StandardException
-
getCanonicalServiceName
private java.lang.String getCanonicalServiceName() throws StandardException
Get the canonical name of the current database service- Throws:
StandardException
-
getCanonicalServiceName
private java.lang.String getCanonicalServiceName(java.lang.String rawName) throws StandardException
Turn a service name into its normalized, standard form- Throws:
StandardException
-
authenticateRemotely
private boolean authenticateRemotely(java.lang.String userName, java.lang.String userPassword, java.lang.String databaseName) throws StandardException, java.sql.SQLWarning
Authenticate the passed-in credentials against another Derby database. This is done by getting a connection to the credentials database using the supplied username and password. If the connection attempts succeeds, then authentication succeeds.- Parameters:
userName
- The user's name used to connect to JBMS systemuserPassword
- The user's password used to connect to JBMS systemdatabaseName
- The database which the user wants to connect to.- Throws:
StandardException
java.sql.SQLWarning
-
wrap
private StandardException wrap(java.lang.Throwable t)
-
authenticateLocally
private boolean authenticateLocally(java.lang.String userName, java.lang.String userPassword, java.lang.String databaseName) throws StandardException, java.sql.SQLException
Authenticate the passed-in credentials against the local database.- Parameters:
userName
- The user's name used to connect to JBMS systemuserPassword
- The user's password used to connect to JBMS systemdatabaseName
- The database which the user wants to connect to.- Throws:
StandardException
java.sql.SQLException
-
getMonitor
private static ModuleFactory getMonitor()
Privileged Monitor lookup. Must be private so that user code can't call this entry point.
-
getServiceName
private static java.lang.String getServiceName(java.lang.Object serviceModule)
Privileged Monitor lookup. Must be private so that user code can't call this entry point.
-
-