Class NativeAuthenticationServiceImpl
- All Implemented Interfaces:
UserAuthenticator
,AuthenticationService
,ModuleControl
,ModuleSupportable
,PropertySetCallback
This authentication service supports Derby NATIVE authentication.
To activate this service, set the derby.authentication.provider database or system property to a value beginning with the token "NATIVE:".
This service instantiates and calls the basic User authentication scheme at runtime.
User credentials are defined in the SYSUSERS table.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate boolean
private String
private boolean
private String
private double
private long
Fields inherited from class org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase
authenticationScheme, AuthenticationTrace, SECMEC_USRSSBPWD
Fields inherited from interface org.apache.derby.iapi.jdbc.AuthenticationService
MODULE
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprivate boolean
authenticateLocally
(String userName, String userPassword, String databaseName) Authenticate the passed-in credentials against the local database.private boolean
authenticateRemotely
(String userName, String userPassword, String databaseName) Authenticate the passed-in credentials against another Derby database.boolean
authenticateUser
(String userName, String userPassword, String databaseName, Properties info) Authenticate the passed-in user's credentials.private boolean
authenticatingInThisDatabase
(String userVisibleDatabaseName) Return true if we are authenticating in this database.private boolean
authenticatingInThisService
(String canonicalDatabaseName) Return true if we are authenticating in this service.void
boot
(boolean create, Properties properties) Start this module.boolean
canSupport
(Properties properties) Check if we should activate this authentication service.private String
Get the canonical name of the current database serviceprivate String
getCanonicalServiceName
(String rawName) Turn a service name into its normalized, standard formprivate static ModuleFactory
Privileged Monitor lookup.private static String
getServiceName
(Object serviceModule) Privileged Monitor lookup.Override behavior in superclassprivate boolean
isCredentialsService
(String canonicalDatabaseName) Return true if the passed in service is the credentials database.private void
parseNativeSpecification
(Properties properties) Parse the specification of NATIVE authentication.private boolean
Return true if AUTHENTICATION_PROVIDER_PARAMETER was well formatted.private StandardException
Methods inherited from class org.apache.derby.impl.jdbc.authentication.AuthenticationServiceBase
apply, authenticate, getDatabaseProperties, getDatabaseProperty, getProperty, getServiceModule, getServiceName, getSystemProperty, getTransaction, hashPasswordSHA1Scheme, hashUsingDefaultAlgorithm, init, map, parsePasswordLifetime, parsePasswordThreshold, requireAuthentication, setAuthenticationService, stop, substitutePassword, validate
-
Field Details
-
_creatingCredentialsDB
private boolean _creatingCredentialsDB -
_credentialsDB
-
_authenticateDatabaseOperationsLocally
private boolean _authenticateDatabaseOperationsLocally -
_passwordLifetimeMillis
private long _passwordLifetimeMillis -
_passwordExpirationThreshold
private double _passwordExpirationThreshold -
_badlyFormattedPasswordProperty
-
-
Constructor Details
-
NativeAuthenticationServiceImpl
public NativeAuthenticationServiceImpl()
-
-
Method Details
-
canSupport
Check if we should activate this authentication service.- Specified by:
canSupport
in interfaceModuleSupportable
- Returns:
- true if this instance can be used, false otherwise.
-
parseNativeSpecification
Parse the specification of NATIVE authentication. It can take 3 forms:
- NATIVE:$credentialsDB - Here $credentialsDB is the name of a Derby database. This means that all authentication should take place in $credentialsDB.
- NATIVE:$credentialsDB:LOCAL- This means that system-wide operations (like engine shutdown) are authenticated in $credentialsDB but connections to existing databases are authenticated in those databases.
- NATIVE::LOCAL - This means that connections to a given database are authenticated in that database.
-
validAuthenticationProvider
Return true if AUTHENTICATION_PROVIDER_PARAMETER was well formatted. The property must have designated some database as the authentication authority.
- Throws:
StandardException
-
boot
Description copied from class:AuthenticationServiceBase
Start this module. In this case, nothing needs to be done.- Specified by:
boot
in interfaceModuleControl
- Overrides:
boot
in classAuthenticationServiceBase
- Throws:
StandardException
- upon failure to load/boot the expected authentication service.- See Also:
-
getSystemCredentialsDatabaseName
Override behavior in superclass- Specified by:
getSystemCredentialsDatabaseName
in interfaceAuthenticationService
- Overrides:
getSystemCredentialsDatabaseName
in classAuthenticationServiceBase
-
authenticateUser
public boolean authenticateUser(String userName, String userPassword, String databaseName, Properties info) throws SQLException Authenticate the passed-in user's credentials.- Specified by:
authenticateUser
in interfaceUserAuthenticator
- Parameters:
userName
- The user's name used to connect to JBMS systemuserPassword
- The user's password used to connect to JBMS systemdatabaseName
- The database which the user wants to connect to.info
- Additional jdbc connection info.- Returns:
- false if the connection request should be denied, true if the connection request should proceed. If false is returned the connection attempt will receive a SQLException with SQL State 08004.
- Throws:
SQLException
- An exception processing the request, connection request will be denied. The SQL exception will be returned to the connection attempt.
-
authenticatingInThisDatabase
private boolean authenticatingInThisDatabase(String userVisibleDatabaseName) throws StandardException Return true if we are authenticating in this database.
- Throws:
StandardException
-
authenticatingInThisService
Return true if we are authenticating in this service.
- Throws:
StandardException
-
isCredentialsService
Return true if the passed in service is the credentials database.
- Throws:
StandardException
-
getCanonicalServiceName
Get the canonical name of the current database service- Throws:
StandardException
-
getCanonicalServiceName
Turn a service name into its normalized, standard form- Throws:
StandardException
-
authenticateRemotely
private boolean authenticateRemotely(String userName, String userPassword, String databaseName) throws StandardException, SQLWarning Authenticate the passed-in credentials against another Derby database. This is done by getting a connection to the credentials database using the supplied username and password. If the connection attempts succeeds, then authentication succeeds.- Parameters:
userName
- The user's name used to connect to JBMS systemuserPassword
- The user's password used to connect to JBMS systemdatabaseName
- The database which the user wants to connect to.- Throws:
StandardException
SQLWarning
-
wrap
-
authenticateLocally
private boolean authenticateLocally(String userName, String userPassword, String databaseName) throws StandardException, SQLException Authenticate the passed-in credentials against the local database.- Parameters:
userName
- The user's name used to connect to JBMS systemuserPassword
- The user's password used to connect to JBMS systemdatabaseName
- The database which the user wants to connect to.- Throws:
StandardException
SQLException
-
getMonitor
Privileged Monitor lookup. Must be private so that user code can't call this entry point. -
getServiceName
Privileged Monitor lookup. Must be private so that user code can't call this entry point.
-