com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm Maven / Gradle / Ivy
/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 1997-2010 Oracle and/or its affiliates. All rights reserved.
*
* The contents of this file are subject to the terms of either the GNU
* General Public License Version 2 only ("GPL") or the Common Development
* and Distribution License("CDDL") (collectively, the "License"). You
* may not use this file except in compliance with the License. You can
* obtain a copy of the License at
* https://glassfish.dev.java.net/public/CDDL+GPL_1_1.html
* or packager/legal/LICENSE.txt. See the License for the specific
* language governing permissions and limitations under the License.
*
* When distributing the software, include this License Header Notice in each
* file and include the License file at packager/legal/LICENSE.txt.
*
* GPL Classpath Exception:
* Oracle designates this particular file as subject to the "Classpath"
* exception as provided by Oracle in the GPL Version 2 section of the License
* file that accompanied this code.
*
* Modifications:
* If applicable, add the following below the License Header, with the fields
* enclosed by brackets [] replaced by your own identifying information:
* "Portions Copyright [year] [name of copyright owner]"
*
* Contributor(s):
* If you wish your version of this file to be governed by only the CDDL or
* only the GPL Version 2, indicate your decision by adding "[Contributor]
* elects to include this software in this distribution under the [CDDL or GPL
* Version 2] license." If you don't indicate a single choice of license, a
* recipient has the option to distribute your version of this file under
* either the CDDL, the GPL Version 2 or to extend the choice of license to
* its licensees as provided above. However, if you add GPL Version 2 code
* and therefore, elected the GPL Version 2 license, then the option applies
* only if the new code is made subject to such option by the copyright
* holder.
*/
package com.sun.enterprise.security.auth.realm.jdbc;
import java.nio.charset.CharacterCodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Vector;
import java.util.logging.Level;
import javax.sql.DataSource;
//import com.sun.enterprise.connectors.ConnectorRuntime;
import com.sun.appserv.connectors.internal.api.ConnectorRuntime;
import com.sun.enterprise.universal.GFBase64Encoder;
import javax.security.auth.login.LoginException;
import com.sun.enterprise.security.auth.realm.IASRealm;
import com.sun.enterprise.security.auth.realm.BadRealmException;
import com.sun.enterprise.security.auth.realm.NoSuchUserException;
import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
import com.sun.enterprise.security.auth.realm.InvalidOperationException;
import com.sun.enterprise.security.auth.digest.api.DigestAlgorithmParameter;
import com.sun.enterprise.security.auth.digest.api.Password;
import com.sun.enterprise.security.auth.realm.DigestRealmBase;
import com.sun.enterprise.security.common.Util;
import com.sun.enterprise.util.Utility;
import java.io.CharArrayReader;
import java.io.Reader;
import java.io.StringReader;
import java.nio.CharBuffer;
import java.util.Arrays;
import org.jvnet.hk2.annotations.Service;
/**
* Realm for supporting JDBC authentication.
*
* The JDBC realm needs the following properties in its configuration:
*
* - jaas-context : JAAS context name used to access LoginModule for
* authentication (for example JDBCRealm).
*
- datasource-jndi : jndi name of datasource
*
- db-user : user name to access the datasource
*
- db-password : password to access the datasource
*
- digest: digest mechanism
*
- charset: charset encoding
*
- user-table: table containing user name and password
*
- group-table: table containing user name and group name
*
- user-name-column: column corresponding to user name in user-table and group-table
*
- password-column : column corresponding to password in user-table
*
- group-name-column : column corresponding to group in group-table
*
*
* @see com.sun.enterprise.security.auth.login.SolarisLoginModule
*
*/
@Service
public final class JDBCRealm extends DigestRealmBase {
// Descriptive string of the authentication type of this realm.
public static final String AUTH_TYPE = "jdbc";
public static final String PRE_HASHED = "HASHED";
public static final String PARAM_DATASOURCE_JNDI = "datasource-jndi";
public static final String PARAM_DB_USER = "db-user";
public static final String PARAM_DB_PASSWORD = "db-password";
public static final String PARAM_DIGEST_ALGORITHM = "digest-algorithm";
public static final String NONE = "none";
public static final String PARAM_ENCODING = "encoding";
public static final String HEX = "hex";
public static final String BASE64 = "base64";
public static final String DEFAULT_ENCODING = HEX; // for digest only
public static final String PARAM_CHARSET = "charset";
public static final String PARAM_USER_TABLE = "user-table";
public static final String PARAM_USER_NAME_COLUMN = "user-name-column";
public static final String PARAM_PASSWORD_COLUMN = "password-column";
public static final String PARAM_GROUP_TABLE = "group-table";
public static final String PARAM_GROUP_NAME_COLUMN = "group-name-column";
public static final String PARAM_GROUP_TABLE_USER_NAME_COLUMN = "group-table-user-name-column";
private static final char[] HEXADECIMAL = { '0', '1', '2', '3',
'4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
private Map groupCache;
private Vector emptyVector;
private String passwordQuery = null;
private String groupQuery = null;
private MessageDigest md = null;
private ConnectorRuntime cr ;
/**
* Initialize a realm with some properties. This can be used
* when instantiating realms from their descriptions. This
* method may only be called a single time.
*
* @param props Initialization parameters used by this realm.
* @exception BadRealmException If the configuration parameters
* identify a corrupt realm.
* @exception NoSuchRealmException If the configuration parameters
* specify a realm which doesn't exist.
*/
public synchronized void init(Properties props)
throws BadRealmException, NoSuchRealmException{
super.init(props);
String jaasCtx = props.getProperty(IASRealm.JAAS_CONTEXT_PARAM);
String dbUser = props.getProperty(PARAM_DB_USER);
String dbPassword = props.getProperty(PARAM_DB_PASSWORD);
String dsJndi = props.getProperty(PARAM_DATASOURCE_JNDI);
String digestAlgorithm = props.getProperty(PARAM_DIGEST_ALGORITHM,
getDefaultDigestAlgorithm());
String encoding = props.getProperty(PARAM_ENCODING);
String charset = props.getProperty(PARAM_CHARSET);
String userTable = props.getProperty(PARAM_USER_TABLE);
String userNameColumn = props.getProperty(PARAM_USER_NAME_COLUMN);
String passwordColumn = props.getProperty(PARAM_PASSWORD_COLUMN);
String groupTable = props.getProperty(PARAM_GROUP_TABLE);
String groupNameColumn = props.getProperty(PARAM_GROUP_NAME_COLUMN);
String groupTableUserNameColumn = props.getProperty(PARAM_GROUP_TABLE_USER_NAME_COLUMN,userNameColumn);
cr = Util.getDefaultHabitat().getByContract(ConnectorRuntime.class);
if (jaasCtx == null) {
String msg = sm.getString(
"realm.missingprop", IASRealm.JAAS_CONTEXT_PARAM, "JDBCRealm");
throw new BadRealmException(msg);
}
if (dsJndi == null) {
String msg = sm.getString(
"realm.missingprop", PARAM_DATASOURCE_JNDI, "JDBCRealm");
throw new BadRealmException(msg);
}
if (userTable == null) {
String msg = sm.getString(
"realm.missingprop", PARAM_USER_TABLE, "JDBCRealm");
throw new BadRealmException(msg);
}
if (groupTable == null) {
String msg = sm.getString(
"realm.missingprop", PARAM_GROUP_TABLE, "JDBCRealm");
throw new BadRealmException(msg);
}
if (userNameColumn == null) {
String msg = sm.getString(
"realm.missingprop", PARAM_USER_NAME_COLUMN, "JDBCRealm");
throw new BadRealmException(msg);
}
if (passwordColumn == null) {
String msg = sm.getString(
"realm.missingprop", PARAM_PASSWORD_COLUMN, "JDBCRealm");
throw new BadRealmException(msg);
}
if (groupNameColumn == null) {
String msg = sm.getString(
"realm.missingprop", PARAM_GROUP_NAME_COLUMN, "JDBCRealm");
throw new BadRealmException(msg);
}
passwordQuery = "SELECT " + passwordColumn + " FROM " + userTable +
" WHERE " + userNameColumn + " = ?";
groupQuery = "SELECT " + groupNameColumn + " FROM " + groupTable +
" WHERE " + groupTableUserNameColumn + " = ? ";
if (!NONE.equalsIgnoreCase(digestAlgorithm)) {
try {
md = MessageDigest.getInstance(digestAlgorithm);
} catch(NoSuchAlgorithmException e) {
String msg = sm.getString("jdbcrealm.notsupportdigestalg",
digestAlgorithm);
throw new BadRealmException(msg);
}
}
if (md != null && encoding == null) {
encoding = DEFAULT_ENCODING;
}
this.setProperty(IASRealm.JAAS_CONTEXT_PARAM, jaasCtx);
if (dbUser != null && dbPassword != null) {
this.setProperty(PARAM_DB_USER, dbUser);
this.setProperty(PARAM_DB_PASSWORD, dbPassword);
}
this.setProperty(PARAM_DATASOURCE_JNDI, dsJndi);
this.setProperty(PARAM_DIGEST_ALGORITHM, digestAlgorithm);
if (encoding != null) {
this.setProperty(PARAM_ENCODING, encoding);
}
if (charset != null) {
this.setProperty(PARAM_CHARSET, charset);
}
if (_logger.isLoggable(Level.FINEST)) {
_logger.finest("JDBCRealm : " +
IASRealm.JAAS_CONTEXT_PARAM + "= " + jaasCtx + ", " +
PARAM_DATASOURCE_JNDI + " = " + dsJndi + ", " +
PARAM_DB_USER + " = " + dbUser + ", " +
PARAM_DIGEST_ALGORITHM + " = " + digestAlgorithm + ", " +
PARAM_ENCODING + " = " + encoding + ", " +
PARAM_CHARSET + " = " + charset);
}
groupCache = new HashMap();
emptyVector = new Vector();
}
/**
* Returns a short (preferably less than fifteen characters) description
* of the kind of authentication which is supported by this realm.
*
* @return Description of the kind of authentication that is directly
* supported by this realm.
*/
public String getAuthType(){
return AUTH_TYPE;
}
/**
* Returns the name of all the groups that this user belongs to.
* It loads the result from groupCache first.
* This is called from web path group verification, though
* it should not be.
*
* @param username Name of the user in this realm whose group listing
* is needed.
* @return Enumeration of group names (strings).
* @exception InvalidOperationException thrown if the realm does not
* support this operation - e.g. Certificate realm does not support
* this operation.
*/
public Enumeration getGroupNames(String username)
throws InvalidOperationException, NoSuchUserException {
Vector vector = groupCache.get(username);
if (vector == null) {
String[] grps = findGroups(username);
setGroupNames(username, grps);
vector = groupCache.get(username);
}
return vector.elements();
}
private void setGroupNames(String username, String[] groups) {
Vector v = null;
if (groups == null) {
v = emptyVector;
} else {
v = new Vector(groups.length + 1);
for (int i=0; i> 4);
sb.append(HEXADECIMAL[high]);
sb.append(HEXADECIMAL[low]);
}
char[] result = new char[sb.length()];
sb.getChars(0, sb.length(), result, 0);
return result;
}
private String base64Encode(byte[] bytes) {
GFBase64Encoder encoder = new GFBase64Encoder();
return encoder.encode(bytes);
}
/**
* Delegate method for retreiving users groups
* @param user user's identifier
* @return array of group key
*/
private String[] findGroups(String user) {
Connection connection = null;
PreparedStatement statement = null;
ResultSet rs = null;
try{
connection = getConnection();
statement = connection.prepareStatement(groupQuery);
statement.setString(1, user);
rs = statement.executeQuery();
final List groups = new ArrayList();
while (rs.next()) {
groups.add(rs.getString(1));
}
final String[] groupArray = new String[groups.size()];
return groups.toArray(groupArray);
} catch(Exception ex) {
_logger.log(Level.SEVERE, "jdbcrealm.grouperror", user);
if (_logger.isLoggable(Level.FINE)) {
_logger.log(Level.FINE, "Cannot load group", ex);
}
return null;
} finally {
close(connection, statement, rs);
}
}
private void close(Connection conn, PreparedStatement stmt,
ResultSet rs) {
if (rs != null) {
try {
rs.close();
} catch(Exception ex) {
}
}
if (stmt != null) {
try {
stmt.close();
} catch(Exception ex) {
}
}
if (conn != null) {
try {
conn.close();
} catch(Exception ex) {
}
}
}
/**
* Return a connection from the properties configured
* @return a connection
*/
private Connection getConnection() throws LoginException {
final String dsJndi = this.getProperty(PARAM_DATASOURCE_JNDI);
final String dbUser = this.getProperty(PARAM_DB_USER);
final String dbPassword = this.getProperty(PARAM_DB_PASSWORD);
try{
String nonTxJndiName = dsJndi +"__nontx";
/*InitialContext ic = new InitialContext();
final DataSource dataSource =
//V3 Commented (DataSource)ConnectorRuntime.getRuntime().lookupNonTxResource(dsJndi,false);
//replacement code suggested by jagadish
(DataSource)ic.lookup(nonTxJndiName);*/
final DataSource dataSource =
(DataSource)cr.lookupNonTxResource(dsJndi,false);
//(DataSource)ConnectorRuntime.getRuntime().lookupNonTxResource(dsJndi,false);
Connection connection = null;
if (dbUser != null && dbPassword != null) {
connection = dataSource.getConnection(dbUser, dbPassword);
} else {
connection = dataSource.getConnection();
}
return connection;
} catch(Exception ex) {
String msg = sm.getString("jdbcrealm.cantconnect", dsJndi, dbUser);
LoginException loginEx = new LoginException(msg);
loginEx.initCause(ex);
throw loginEx;
}
}
}