org.apache.derby.impl.jdbc.authentication
Class NativeAuthenticationServiceImpl

java.lang.Object
  org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase
      org.apache.derby.impl.jdbc.authentication.NativeAuthenticationServiceImpl

All Implemented Interfaces:

UserAuthenticator, AuthenticationService, ModuleControl, ModuleSupportable, PropertySetCallback

public final class NativeAuthenticationServiceImpl
extends AuthenticationServiceBase
implements UserAuthenticator

This authentication service supports Derby NATIVE authentication.

To activate this service, set the derby.authentication.provider database or system property to a value beginning with the token "NATIVE:".

This service instantiates and calls the basic User authentication scheme at runtime.

User credentials are defined in the SYSUSERS table.

Field Summary

private boolean	_authenticateDatabaseOperationsLocally
private java.lang.String	_badlyFormattedPasswordProperty
private boolean	_creatingCredentialsDB
private java.lang.String	_credentialsDB
private double	_passwordExpirationThreshold
private long	_passwordLifetimeMillis

Fields inherited from class org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase

authenticationScheme, AuthenticationTrace, SECMEC_USRSSBPWD

Fields inherited from interface org.apache.derby.iapi.jdbc.AuthenticationService

MODULE

Constructor Summary

NativeAuthenticationServiceImpl()

Method Summary

private boolean	authenticateLocally(java.lang.String userName, java.lang.String userPassword, java.lang.String databaseName) Authenticate the passed-in credentials against the local database.
private boolean	authenticateRemotely(java.lang.String userName, java.lang.String userPassword, java.lang.String databaseName) Authenticate the passed-in credentials against another Derby database.
boolean	authenticateUser(java.lang.String userName, java.lang.String userPassword, java.lang.String databaseName, java.util.Properties info) Authenticate the passed-in user's credentials.
private boolean	authenticatingInThisDatabase(java.lang.String userVisibleDatabaseName) Return true if we are authenticating in this database.
private boolean	authenticatingInThisService(java.lang.String canonicalDatabaseName) Return true if we are authenticating in this service.
void	boot(boolean create, java.util.Properties properties) Start this module.
private void	callDataSourceSetter(javax.sql.DataSource ds, java.lang.String methodName, java.lang.String value) Call a setter method on a DataSource via reflection
boolean	canSupport(java.util.Properties properties) Check if we should activate this authentication service.
private java.lang.String	getCanonicalServiceName() Get the canonical name of the current database service
private java.lang.String	getCanonicalServiceName(java.lang.String rawName) Turn a service name into its normalized, standard form
java.lang.String	getSystemCredentialsDatabaseName() Override behavior in superclass
private boolean	isCredentialsService(java.lang.String canonicalDatabaseName) Return true if the passed in service is the credentials database.
private void	parseNativeSpecification(java.util.Properties properties) Parse the specification of NATIVE authentication.
private boolean	validAuthenticationProvider() Return true if AUTHENTICATION_PROVIDER_PARAMETER was well formatted.
private StandardException	wrap(java.lang.Throwable t)

Methods inherited from class org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase

apply, authenticate, getDatabaseProperties, getDatabaseProperty, getProperty, getServiceName, getSystemProperty, getTransaction, hashPasswordSHA1Scheme, hashUsingDefaultAlgorithm, init, map, parsePasswordLifetime, parsePasswordThreshold, requireAuthentication, setAuthenticationService, stop, substitutePassword, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

_creatingCredentialsDB

private boolean _creatingCredentialsDB

_credentialsDB

private java.lang.String _credentialsDB

_authenticateDatabaseOperationsLocally

private boolean _authenticateDatabaseOperationsLocally

_passwordLifetimeMillis

private long _passwordLifetimeMillis

_passwordExpirationThreshold

private double _passwordExpirationThreshold

_badlyFormattedPasswordProperty

private java.lang.String _badlyFormattedPasswordProperty

Constructor Detail

NativeAuthenticationServiceImpl

public NativeAuthenticationServiceImpl()

Method Detail

canSupport

public boolean canSupport(java.util.Properties properties)

Check if we should activate this authentication service.

Specified by:

canSupport in interface ModuleSupportable

Returns:

true if this instance can be used, false otherwise.

parseNativeSpecification

private void parseNativeSpecification(java.util.Properties properties)

Parse the specification of NATIVE authentication. It can take 3 forms:

• NATIVE:$credentialsDB - Here $credentialsDB is the name of a Derby database. This means that all authentication should take place in $credentialsDB.
• NATIVE:$credentialsDB:LOCAL- This means that system-wide operations (like engine shutdown) are authenticated in $credentialsDB but connections to existing databases are authenticated in those databases.
• NATIVE::LOCAL - This means that connections to a given database are authenticated in that database.

validAuthenticationProvider

private boolean validAuthenticationProvider()
                                     throws StandardException

Return true if AUTHENTICATION_PROVIDER_PARAMETER was well formatted. The property must have designated some database as the authentication authority.

Throws:

StandardException

boot

public void boot(boolean create,
                 java.util.Properties properties)
          throws StandardException

Description copied from class: AuthenticationServiceBase

Start this module. In this case, nothing needs to be done.

Specified by:

boot in interface ModuleControl

Overrides:

boot in class AuthenticationServiceBase

Throws:

StandardException - upon failure to load/boot the expected authentication service.

See Also:

ModuleControl.boot(boolean, java.util.Properties)

getSystemCredentialsDatabaseName

public java.lang.String getSystemCredentialsDatabaseName()

Override behavior in superclass

Specified by:

getSystemCredentialsDatabaseName in interface AuthenticationService

Overrides:

getSystemCredentialsDatabaseName in class AuthenticationServiceBase

authenticateUser

public boolean authenticateUser(java.lang.String userName,
                                java.lang.String userPassword,
                                java.lang.String databaseName,
                                java.util.Properties info)
                         throws java.sql.SQLException

Authenticate the passed-in user's credentials.

Specified by:

authenticateUser in interface UserAuthenticator

Parameters:

userName - The user's name used to connect to JBMS system

userPassword - The user's password used to connect to JBMS system

databaseName - The database which the user wants to connect to.

info - Additional jdbc connection info.

Returns:

false if the connection request should be denied, true if the connection request should proceed. If false is returned the connection attempt will receive a SQLException with SQL State 08004.

Throws:

java.sql.SQLException - An exception processing the request, connection request will be denied. The SQL exception will be returned to the connection attempt.

authenticatingInThisDatabase

private boolean authenticatingInThisDatabase(java.lang.String userVisibleDatabaseName)
                                      throws StandardException

Return true if we are authenticating in this database.

Throws:

StandardException

authenticatingInThisService

private boolean authenticatingInThisService(java.lang.String canonicalDatabaseName)
                                     throws StandardException

Return true if we are authenticating in this service.

Throws:

StandardException

isCredentialsService

private boolean isCredentialsService(java.lang.String canonicalDatabaseName)
                              throws StandardException

Return true if the passed in service is the credentials database.

Throws:

StandardException

getCanonicalServiceName

private java.lang.String getCanonicalServiceName()
                                          throws StandardException

Get the canonical name of the current database service

Throws:

StandardException

getCanonicalServiceName

private java.lang.String getCanonicalServiceName(java.lang.String rawName)
                                          throws StandardException

Turn a service name into its normalized, standard form

Throws:

StandardException

authenticateRemotely

private boolean authenticateRemotely(java.lang.String userName,
                                     java.lang.String userPassword,
                                     java.lang.String databaseName)
                              throws StandardException,
                                     java.sql.SQLWarning

Authenticate the passed-in credentials against another Derby database. This is done by getting a connection to the credentials database using the supplied username and password. If the connection attempts succeeds, then authentication succeeds.

Parameters:

userName - The user's name used to connect to JBMS system

userPassword - The user's password used to connect to JBMS system

databaseName - The database which the user wants to connect to.

Throws:

StandardException

java.sql.SQLWarning

callDataSourceSetter

private void callDataSourceSetter(javax.sql.DataSource ds,
                                  java.lang.String methodName,
                                  java.lang.String value)
                           throws StandardException

Call a setter method on a DataSource via reflection

Throws:

StandardException

wrap

private StandardException wrap(java.lang.Throwable t)

authenticateLocally

private boolean authenticateLocally(java.lang.String userName,
                                    java.lang.String userPassword,
                                    java.lang.String databaseName)
                             throws StandardException,
                                    java.sql.SQLException

Authenticate the passed-in credentials against the local database.

Parameters:

userName - The user's name used to connect to JBMS system

userPassword - The user's password used to connect to JBMS system

databaseName - The database which the user wants to connect to.

Throws:

StandardException

java.sql.SQLException