Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.boylesoftware.cb2.auth.servlet.resin
Class JdbcAuthenticator

java.lang.Object
  extended bycom.caucho.http.security.AbstractAuthenticator
      extended bycom.boylesoftware.cb2.auth.servlet.resin.JdbcAuthenticator
All Implemented Interfaces:
com.caucho.http.security.ServletAuthenticator
public class JdbcAuthenticator
extends com.caucho.http.security.AbstractAuthenticator

Authenticator implementation for Caucho Resin servlet engine, which uses database as the user accounts storage.

Resin already has an authenticator implementation called com.caucho.http.security.JdbcAuthenticator. However, that imlpementation is virtually unusable since it queries the database for each isUserInRole call, which is exteremely inefficient. Our implementation fetches the whole list of user roles at the user login and caches it in the session. It also means that any updates to a user roles will be reflected only with the next login.

In order to use this authenticator for servlet container managed authentication you should add it to the resin.conf file. Here is an example: 

 <caucho.com>

   ...

   <resource-ref>
     <res-ref-name>jdbc/dataSource</res-ref-name>
     <res-type>javax.sql.DataSource</res-type>
     ...
   </resource-ref>

   ...

   <http-server>

     ...

     <host id="">

       ...

       <authenticator id="com.boylesoftware.cb2.auth.servlet.resin.JdbcAuthenticator">
         <pool-name>jdbc/dataSource</pool-name>
         <password-query>
           SELECT password FROM tbUser WHERE loginName = ?
         </password-query>
           SELECT roleName FROM tbUserRole INNER JOIN tbUser ON tbUserRole.userId = tbUser.userId WHERE loginName = ?
         <roles-query>
         </roles-query>
       </authenticator>

       ...

     </host>

   </http-server>

 </caucho.com>

Note that Resin requires authenticator implementation class to be in the startup class path, so this class is included in the cb2-auth.jar, which has to be added to the Resin's startup class path.

Version:
$Id: JdbcAuthenticator.java,v 1.2 2004/04/04 20:13:45 levahim Exp $
Author:
Lev Himmelfarb

Nested Class Summary
 
Nested classes inherited from class com.caucho.http.security.AbstractAuthenticator
com.caucho.http.security.AbstractAuthenticator.LoginPrincipal
 
Field Summary
protected  javax.sql.DataSource dataSource
          The datasource for database connections.
 
Fields inherited from class com.caucho.http.security.AbstractAuthenticator
LOGIN_NAME, passwordDigest, passwordDigestName, principalCache, principalCacheSize
 
Constructor Summary
JdbcAuthenticator()
           
 
Method Summary
protected  java.lang.String getDigestPassword(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.ServletContext application, java.lang.String username, java.lang.String realm)
          Returns the password from the database.
protected  java.lang.String getPassword(java.lang.String username)
          Gets a user's password from the database,
 java.lang.String getPasswordQuery()
          Gets the password query.
 java.lang.String getPoolName()
          Gets the database connection pool name.
protected  java.util.Set getRoles(java.lang.String username)
          Gets a collection of user's security roles from the database.
 java.lang.String getRolesQuery()
          Gets the role query.
 void init()
          Initialize the authenticator.
 boolean isUserInRole(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.ServletContext application, java.security.Principal principal, java.lang.String role)
          Checks if a user plays a security role.
 java.security.Principal loginImpl(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.ServletContext application, java.lang.String username, java.lang.String password)
          Authenticates the user given the request.
 void setPasswordQuery(java.lang.String passwordQuery)
          Sets the password query.
 void setPoolName(java.lang.String poolName)
          Sets the database connection pool name.
 void setRolesQuery(java.lang.String rolesQuery)
          Sets the role query.
 
Methods inherited from class com.caucho.http.security.AbstractAuthenticator
digest, getDigestSecret, getLogoutOnSessionTimeout, getPasswordDigest, getPrincipalCacheSize, getUserPrincipal, getUserPrincipalImpl, login, loginDigest, loginDigestImpl, logout, setLogoutOnSessionTimeout, setPasswordDigest, setPrincipalCacheSize
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

dataSource

protected javax.sql.DataSource dataSource
The datasource for database connections.

Constructor Detail

JdbcAuthenticator

public JdbcAuthenticator()
Method Detail

getPoolName

public java.lang.String getPoolName()
Gets the database connection pool name.

Returns:
the database connection pool name.

setPoolName

public void setPoolName(java.lang.String poolName)
Sets the database connection pool name.

Parameters:
poolName - the pool name in the JNDI.

getPasswordQuery

public java.lang.String getPasswordQuery()
Gets the password query.

Returns:
the SQL query, which fetches the user's password by login name.

setPasswordQuery

public void setPasswordQuery(java.lang.String passwordQuery)
Sets the password query.

Parameters:
passwordQuery - the SQL query, which fetches user's password by login name.

getRolesQuery

public java.lang.String getRolesQuery()
Gets the role query.

Returns:
the SQL query, which fetches the list of roles for a user by the user's login name.

setRolesQuery

public void setRolesQuery(java.lang.String rolesQuery)
Sets the role query.

Parameters:
rolesQuery - the SQL query, which fetches the list of roles for a user by the user's login name.

init

public void init()
          throws javax.servlet.ServletException
Initialize the authenticator.

Throws:
javax.servlet.ServletException - if an error happened.

loginImpl

public java.security.Principal loginImpl(javax.servlet.http.HttpServletRequest request,
                                         javax.servlet.http.HttpServletResponse response,
                                         javax.servlet.ServletContext application,
                                         java.lang.String username,
                                         java.lang.String password)
                                  throws javax.servlet.ServletException
Authenticates the user given the request.

Parameters:
request - the HTTP request.
response - the HTTP response.
application - the Servlet context.
username - the user name for the login.
password - the password for the login.
Returns:
the authenticated user or null for a failure.
Throws:
javax.servlet.ServletException - if an error happened.

getDigestPassword

protected java.lang.String getDigestPassword(javax.servlet.http.HttpServletRequest request,
                                             javax.servlet.http.HttpServletResponse response,
                                             javax.servlet.ServletContext application,
                                             java.lang.String username,
                                             java.lang.String realm)
                                      throws javax.servlet.ServletException
Returns the password from the database.

Parameters:
request - the HTTP request.
response - the HTTP response.
application - the Servlet context.
username - the user's login name.
realm - the realm.
Returns:
the password or null for a failure.
Throws:
javax.servlet.ServletException - if an error happened.

getPassword

protected java.lang.String getPassword(java.lang.String username)
                                throws javax.servlet.ServletException
Gets a user's password from the database,

Parameters:
username - the user's login name.
Returns:
the user's password as it is stored in the database or null if no such user.
Throws:
javax.servlet.ServletException - if an error happened.

getRoles

protected java.util.Set getRoles(java.lang.String username)
                          throws javax.servlet.ServletException
Gets a collection of user's security roles from the database.

Parameters:
username - the user's login name.
Returns:
set of user's security roles (objects of String). Mat return an empty set, but never a null.
Throws:
javax.servlet.ServletException - if an error happened.

isUserInRole

public boolean isUserInRole(javax.servlet.http.HttpServletRequest request,
                            javax.servlet.http.HttpServletResponse response,
                            javax.servlet.ServletContext application,
                            java.security.Principal principal,
                            java.lang.String role)
Checks if a user plays a security role.

Parameters:
request - the HTTP request.
response - the HTTP response.
application - the Servlet context.
principal - the user principal, must be PrincipalWithRoles instance.
role - the role to check.
Returns:
true if the user plays the role.
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2002,2003,2004 - Boyle Software, Inc.