All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.catalina.realm.JDBCRealm Maven / Gradle / Ivy

There is a newer version: 11.0.0-M26
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */


package org.apache.catalina.realm;


import java.security.Principal;
import java.sql.Connection;
import java.sql.Driver;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Properties;

import org.apache.catalina.LifecycleException;
import org.apache.tomcat.util.ExceptionUtils;


/**
*
* Implementation of Realm that works with any JDBC supported database.
* See the JDBCRealm.howto for more details on how to set up the database and
* for configuration options.
*
* 

For a Realm implementation that supports connection pooling and * doesn't require synchronisation of authenticate(), * getPassword(), roles() and * getPrincipal() or the ugly connection logic use the * DataSourceRealm.

* * @author Craig R. McClanahan * @author Carson McDonald * @author Ignacio Ortega */ public class JDBCRealm extends RealmBase { // ----------------------------------------------------- Instance Variables /** * The connection username to use when trying to connect to the database. */ protected String connectionName = null; /** * The connection URL to use when trying to connect to the database. */ protected String connectionPassword = null; /** * The connection URL to use when trying to connect to the database. */ protected String connectionURL = null; /** * The connection to the database. */ protected Connection dbConnection = null; /** * Instance of the JDBC Driver class we use as a connection factory. */ protected Driver driver = null; /** * The JDBC driver to use. */ protected String driverName = null; /** * Descriptive information about this Realm implementation. * @deprecated This will be removed in Tomcat 9 onwards. */ @Deprecated protected static final String name = "JDBCRealm"; /** * The PreparedStatement to use for authenticating users. */ protected PreparedStatement preparedCredentials = null; /** * The PreparedStatement to use for identifying the roles for * a specified user. */ protected PreparedStatement preparedRoles = null; /** * The column in the user role table that names a role */ protected String roleNameCol = null; /** * The column in the user table that holds the user's credentials */ protected String userCredCol = null; /** * The column in the user table that holds the user's name */ protected String userNameCol = null; /** * The table that holds the relation between user's and roles */ protected String userRoleTable = null; /** * The table that holds user data. */ protected String userTable = null; // ------------------------------------------------------------- Properties /** * @return the username to use to connect to the database. */ public String getConnectionName() { return connectionName; } /** * Set the username to use to connect to the database. * * @param connectionName Username */ public void setConnectionName(String connectionName) { this.connectionName = connectionName; } /** * @return the password to use to connect to the database. */ public String getConnectionPassword() { return connectionPassword; } /** * Set the password to use to connect to the database. * * @param connectionPassword User password */ public void setConnectionPassword(String connectionPassword) { this.connectionPassword = connectionPassword; } /** * @return the URL to use to connect to the database. */ public String getConnectionURL() { return connectionURL; } /** * Set the URL to use to connect to the database. * * @param connectionURL The new connection URL */ public void setConnectionURL( String connectionURL ) { this.connectionURL = connectionURL; } /** * @return the JDBC driver that will be used. */ public String getDriverName() { return driverName; } /** * Set the JDBC driver that will be used. * * @param driverName The driver name */ public void setDriverName( String driverName ) { this.driverName = driverName; } /** * @return the column in the user role table that names a role. */ public String getRoleNameCol() { return roleNameCol; } /** * Set the column in the user role table that names a role. * * @param roleNameCol The column name */ public void setRoleNameCol( String roleNameCol ) { this.roleNameCol = roleNameCol; } /** * @return the column in the user table that holds the user's credentials. */ public String getUserCredCol() { return userCredCol; } /** * Set the column in the user table that holds the user's credentials. * * @param userCredCol The column name */ public void setUserCredCol( String userCredCol ) { this.userCredCol = userCredCol; } /** * @return the column in the user table that holds the user's name. */ public String getUserNameCol() { return userNameCol; } /** * Set the column in the user table that holds the user's name. * * @param userNameCol The column name */ public void setUserNameCol( String userNameCol ) { this.userNameCol = userNameCol; } /** * @return the table that holds the relation between user's and roles. */ public String getUserRoleTable() { return userRoleTable; } /** * Set the table that holds the relation between user's and roles. * * @param userRoleTable The table name */ public void setUserRoleTable( String userRoleTable ) { this.userRoleTable = userRoleTable; } /** * @return the table that holds user data.. */ public String getUserTable() { return userTable; } /** * Set the table that holds user data. * * @param userTable The table name */ public void setUserTable( String userTable ) { this.userTable = userTable; } // --------------------------------------------------------- Public Methods /** * Return the Principal associated with the specified username and * credentials, if there is one; otherwise return null. * * If there are any errors with the JDBC connection, executing * the query or anything we return null (don't authenticate). This * event is also logged, and the connection will be closed so that * a subsequent request will automatically re-open it. * * * @param username Username of the Principal to look up * @param credentials Password or other credentials to use in * authenticating this username * @return the associated principal, or null if there is none. */ @Override public synchronized Principal authenticate(String username, String credentials) { // Number of tries is the number of attempts to connect to the database // during this login attempt (if we need to open the database) // This needs rewritten with better pooling support, the existing code // needs signature changes since the Prepared statements needs cached // with the connections. // The code below will try twice if there is a SQLException so the // connection may try to be opened again. On normal conditions (including // invalid login - the above is only used once. int numberOfTries = 2; while (numberOfTries>0) { try { // Ensure that we have an open database connection open(); // Acquire a Principal object for this user Principal principal = authenticate(dbConnection, username, credentials); // Return the Principal (if any) return principal; } catch (SQLException e) { // Log the problem for posterity containerLog.error(sm.getString("jdbcRealm.exception"), e); // Close the connection so that it gets reopened next time if (dbConnection != null) close(dbConnection); } numberOfTries--; } // Worst case scenario return null; } // -------------------------------------------------------- Package Methods // ------------------------------------------------------ Protected Methods /** * Attempt to authenticate the user with the provided credentials. * * @param dbConnection The database connection to be used * @param username Username of the Principal to look up * @param credentials Password or other credentials to use in authenticating * this username * * @return Return the Principal associated with the specified username and * credentials, if there is one; otherwise return null. */ public synchronized Principal authenticate(Connection dbConnection, String username, String credentials) { // No user or no credentials // Can't possibly authenticate, don't bother the database then if (username == null || credentials == null) { if (containerLog.isTraceEnabled()) containerLog.trace(sm.getString("jdbcRealm.authenticateFailure", username)); return null; } // Look up the user's credentials String dbCredentials = getPassword(username); if (dbCredentials == null) { // User was not found in the database. // Waste a bit of time as not to reveal that the user does not exist. getCredentialHandler().mutate(credentials); if (containerLog.isTraceEnabled()) containerLog.trace(sm.getString("jdbcRealm.authenticateFailure", username)); return null; } // Validate the user's credentials boolean validated = getCredentialHandler().matches(credentials, dbCredentials); if (validated) { if (containerLog.isTraceEnabled()) containerLog.trace(sm.getString("jdbcRealm.authenticateSuccess", username)); } else { if (containerLog.isTraceEnabled()) containerLog.trace(sm.getString("jdbcRealm.authenticateFailure", username)); return null; } ArrayList roles = getRoles(username); // Create and return a suitable Principal for this user return new GenericPrincipal(username, credentials, roles); } @Override public boolean isAvailable() { return (dbConnection != null); } /** * Close the specified database connection. * * @param dbConnection The connection to be closed */ protected void close(Connection dbConnection) { // Do nothing if the database connection is already closed if (dbConnection == null) return; // Close our prepared statements (if any) try { preparedCredentials.close(); } catch (Throwable f) { ExceptionUtils.handleThrowable(f); } this.preparedCredentials = null; try { preparedRoles.close(); } catch (Throwable f) { ExceptionUtils.handleThrowable(f); } this.preparedRoles = null; // Close this database connection, and log any errors try { dbConnection.close(); } catch (SQLException e) { containerLog.warn(sm.getString("jdbcRealm.close"), e); // Just log it here } finally { this.dbConnection = null; } } /** * Return a PreparedStatement configured to perform the SELECT required * to retrieve user credentials for the specified username. * * @param dbConnection The database connection to be used * @param username Username for which credentials should be retrieved * @return the prepared statement * @exception SQLException if a database error occurs */ protected PreparedStatement credentials(Connection dbConnection, String username) throws SQLException { if (preparedCredentials == null) { StringBuilder sb = new StringBuilder("SELECT "); sb.append(userCredCol); sb.append(" FROM "); sb.append(userTable); sb.append(" WHERE "); sb.append(userNameCol); sb.append(" = ?"); if(containerLog.isDebugEnabled()) { containerLog.debug("credentials query: " + sb.toString()); } preparedCredentials = dbConnection.prepareStatement(sb.toString()); } if (username == null) { preparedCredentials.setNull(1,java.sql.Types.VARCHAR); } else { preparedCredentials.setString(1, username); } return preparedCredentials; } @Override @Deprecated protected String getName() { return name; } /** * Get the password for the specified user. * @param username The user name * @return the password associated with the given principal's user name. */ @Override protected synchronized String getPassword(String username) { // Look up the user's credentials String dbCredentials = null; // Number of tries is the number of attempts to connect to the database // during this login attempt (if we need to open the database) // This needs rewritten with better pooling support, the existing code // needs signature changes since the Prepared statements needs cached // with the connections. // The code below will try twice if there is a SQLException so the // connection may try to be opened again. On normal conditions (including // invalid login - the above is only used once. int numberOfTries = 2; while (numberOfTries > 0) { try { // Ensure that we have an open database connection open(); PreparedStatement stmt = credentials(dbConnection, username); try (ResultSet rs = stmt.executeQuery()) { if (rs.next()) { dbCredentials = rs.getString(1); } dbConnection.commit(); if (dbCredentials != null) { dbCredentials = dbCredentials.trim(); } return dbCredentials; } } catch (SQLException e) { // Log the problem for posterity containerLog.error(sm.getString("jdbcRealm.exception"), e); } // Close the connection so that it gets reopened next time if (dbConnection != null) { close(dbConnection); } numberOfTries--; } return null; } /** * Get the principal associated with the specified user. * @param username The user name * @return the Principal associated with the given user name. */ @Override protected synchronized Principal getPrincipal(String username) { return new GenericPrincipal(username, getPassword(username), getRoles(username)); } /** * Return the roles associated with the given user name. * @param username The user name * @return an array list of the role names */ protected ArrayList getRoles(String username) { if (allRolesMode != AllRolesMode.STRICT_MODE && !isRoleStoreDefined()) { // Using an authentication only configuration and no role store has // been defined so don't spend cycles looking return null; } // Number of tries is the number of attempts to connect to the database // during this login attempt (if we need to open the database) // This needs rewritten wuth better pooling support, the existing code // needs signature changes since the Prepared statements needs cached // with the connections. // The code below will try twice if there is a SQLException so the // connection may try to be opened again. On normal conditions (including // invalid login - the above is only used once. int numberOfTries = 2; while (numberOfTries>0) { try { // Ensure that we have an open database connection open(); PreparedStatement stmt = roles(dbConnection, username); try (ResultSet rs = stmt.executeQuery()) { // Accumulate the user's roles ArrayList roleList = new ArrayList<>(); while (rs.next()) { String role = rs.getString(1); if (null!=role) { roleList.add(role.trim()); } } return roleList; } finally { dbConnection.commit(); } } catch (SQLException e) { // Log the problem for posterity containerLog.error(sm.getString("jdbcRealm.exception"), e); // Close the connection so that it gets reopened next time if (dbConnection != null) close(dbConnection); } numberOfTries--; } return null; } /** * Open (if necessary) and return a database connection for use by * this Realm. * @return the opened connection * @exception SQLException if a database error occurs */ protected Connection open() throws SQLException { // Do nothing if there is a database connection already open if (dbConnection != null) return dbConnection; // Instantiate our database driver if necessary if (driver == null) { try { Class clazz = Class.forName(driverName); driver = (Driver) clazz.getConstructor().newInstance(); } catch (Throwable e) { ExceptionUtils.handleThrowable(e); throw new SQLException(e.getMessage(), e); } } // Open a new connection Properties props = new Properties(); if (connectionName != null) props.put("user", connectionName); if (connectionPassword != null) props.put("password", connectionPassword); dbConnection = driver.connect(connectionURL, props); if (dbConnection == null) { throw new SQLException(sm.getString( "jdbcRealm.open.invalidurl",driverName, connectionURL)); } dbConnection.setAutoCommit(false); return dbConnection; } /** * Return a PreparedStatement configured to perform the SELECT required * to retrieve user roles for the specified username. * * @param dbConnection The database connection to be used * @param username Username for which roles should be retrieved * @return the prepared statement * @exception SQLException if a database error occurs */ protected synchronized PreparedStatement roles(Connection dbConnection, String username) throws SQLException { if (preparedRoles == null) { StringBuilder sb = new StringBuilder("SELECT "); sb.append(roleNameCol); sb.append(" FROM "); sb.append(userRoleTable); sb.append(" WHERE "); sb.append(userNameCol); sb.append(" = ?"); preparedRoles = dbConnection.prepareStatement(sb.toString()); } preparedRoles.setString(1, username); return preparedRoles; } private boolean isRoleStoreDefined() { return userRoleTable != null || roleNameCol != null; } // ------------------------------------------------------ Lifecycle Methods /** * Prepare for the beginning of active use of the public methods of this * component and implement the requirements of * {@link org.apache.catalina.util.LifecycleBase#startInternal()}. * * @exception LifecycleException if this component detects a fatal error * that prevents this component from being used */ @Override protected void startInternal() throws LifecycleException { // Validate that we can open our connection - but let tomcat // startup in case the database is temporarily unavailable try { open(); } catch (SQLException e) { containerLog.error(sm.getString("jdbcRealm.open"), e); } super.startInternal(); } /** * Gracefully terminate the active use of the public methods of this * component and implement the requirements of * {@link org.apache.catalina.util.LifecycleBase#stopInternal()}. * * @exception LifecycleException if this component detects a fatal error * that needs to be reported */ @Override protected void stopInternal() throws LifecycleException { super.stopInternal(); // Close any open DB connection close(this.dbConnection); } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy