Class NativeAuthenticationServiceImpl

java.lang.Object
org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase
org.apache.derby.impl.jdbc.authentication.NativeAuthenticationServiceImpl
All Implemented Interfaces:
UserAuthenticator, AuthenticationService, ModuleControl, ModuleSupportable, PropertySetCallback

public final class NativeAuthenticationServiceImpl extends AuthenticationServiceBase implements UserAuthenticator

This authentication service supports Derby NATIVE authentication.

To activate this service, set the derby.authentication.provider database or system property to a value beginning with the token "NATIVE:".

This service instantiates and calls the basic User authentication scheme at runtime.

User credentials are defined in the SYSUSERS table.

  • Field Details

    • _creatingCredentialsDB

      private boolean _creatingCredentialsDB
    • _credentialsDB

      private String _credentialsDB
    • _authenticateDatabaseOperationsLocally

      private boolean _authenticateDatabaseOperationsLocally
    • _passwordLifetimeMillis

      private long _passwordLifetimeMillis
    • _passwordExpirationThreshold

      private double _passwordExpirationThreshold
    • _badlyFormattedPasswordProperty

      private String _badlyFormattedPasswordProperty
  • Constructor Details

    • NativeAuthenticationServiceImpl

      public NativeAuthenticationServiceImpl()
  • Method Details

    • canSupport

      public boolean canSupport(Properties properties)
      Check if we should activate this authentication service.
      Specified by:
      canSupport in interface ModuleSupportable
      Returns:
      true if this instance can be used, false otherwise.
    • parseNativeSpecification

      private void parseNativeSpecification(Properties properties)

      Parse the specification of NATIVE authentication. It can take 3 forms:

      • NATIVE:$credentialsDB - Here $credentialsDB is the name of a Derby database. This means that all authentication should take place in $credentialsDB.
      • NATIVE:$credentialsDB:LOCAL- This means that system-wide operations (like engine shutdown) are authenticated in $credentialsDB but connections to existing databases are authenticated in those databases.
      • NATIVE::LOCAL - This means that connections to a given database are authenticated in that database.
    • validAuthenticationProvider

      private boolean validAuthenticationProvider() throws StandardException

      Return true if AUTHENTICATION_PROVIDER_PARAMETER was well formatted. The property must have designated some database as the authentication authority.

      Throws:
      StandardException
    • boot

      public void boot(boolean create, Properties properties) throws StandardException
      Description copied from class: AuthenticationServiceBase
      Start this module. In this case, nothing needs to be done.
      Specified by:
      boot in interface ModuleControl
      Overrides:
      boot in class AuthenticationServiceBase
      Throws:
      StandardException - upon failure to load/boot the expected authentication service.
      See Also:
    • getSystemCredentialsDatabaseName

      public String getSystemCredentialsDatabaseName()
      Override behavior in superclass
      Specified by:
      getSystemCredentialsDatabaseName in interface AuthenticationService
      Overrides:
      getSystemCredentialsDatabaseName in class AuthenticationServiceBase
    • authenticateUser

      public boolean authenticateUser(String userName, String userPassword, String databaseName, Properties info) throws SQLException
      Authenticate the passed-in user's credentials.
      Specified by:
      authenticateUser in interface UserAuthenticator
      Parameters:
      userName - The user's name used to connect to JBMS system
      userPassword - The user's password used to connect to JBMS system
      databaseName - The database which the user wants to connect to.
      info - Additional jdbc connection info.
      Returns:
      false if the connection request should be denied, true if the connection request should proceed. If false is returned the connection attempt will receive a SQLException with SQL State 08004.
      Throws:
      SQLException - An exception processing the request, connection request will be denied. The SQL exception will be returned to the connection attempt.
    • authenticatingInThisDatabase

      private boolean authenticatingInThisDatabase(String userVisibleDatabaseName) throws StandardException

      Return true if we are authenticating in this database.

      Throws:
      StandardException
    • authenticatingInThisService

      private boolean authenticatingInThisService(String canonicalDatabaseName) throws StandardException

      Return true if we are authenticating in this service.

      Throws:
      StandardException
    • isCredentialsService

      private boolean isCredentialsService(String canonicalDatabaseName) throws StandardException

      Return true if the passed in service is the credentials database.

      Throws:
      StandardException
    • getCanonicalServiceName

      private String getCanonicalServiceName() throws StandardException
      Get the canonical name of the current database service
      Throws:
      StandardException
    • getCanonicalServiceName

      private String getCanonicalServiceName(String rawName) throws StandardException
      Turn a service name into its normalized, standard form
      Throws:
      StandardException
    • authenticateRemotely

      private boolean authenticateRemotely(String userName, String userPassword, String databaseName) throws StandardException, SQLWarning
      Authenticate the passed-in credentials against another Derby database. This is done by getting a connection to the credentials database using the supplied username and password. If the connection attempts succeeds, then authentication succeeds.
      Parameters:
      userName - The user's name used to connect to JBMS system
      userPassword - The user's password used to connect to JBMS system
      databaseName - The database which the user wants to connect to.
      Throws:
      StandardException
      SQLWarning
    • wrap

      private StandardException wrap(Throwable t)
    • authenticateLocally

      private boolean authenticateLocally(String userName, String userPassword, String databaseName) throws StandardException, SQLException
      Authenticate the passed-in credentials against the local database.
      Parameters:
      userName - The user's name used to connect to JBMS system
      userPassword - The user's password used to connect to JBMS system
      databaseName - The database which the user wants to connect to.
      Throws:
      StandardException
      SQLException
    • getMonitor

      private static ModuleFactory getMonitor()
      Privileged Monitor lookup. Must be private so that user code can't call this entry point.
    • getServiceName

      private static String getServiceName(Object serviceModule)
      Privileged Monitor lookup. Must be private so that user code can't call this entry point.