Package tigase.db.jdbc
Class TigaseCustomAuth
java.lang.Object
tigase.db.AbstractAuthRepositoryWithCredentials
tigase.db.jdbc.TigaseCustomAuth
- All Implemented Interfaces:
AuthRepository
,DataSourceAware<DataRepository>
,Repository
,RepositoryVersionAware
- Direct Known Subclasses:
TigaseSPAuth
public class TigaseCustomAuth
extends AbstractAuthRepositoryWithCredentials
implements DataSourceAware<DataRepository>, RepositoryVersionAware
The user authentication connector allows for customized SQL queries to be used. Queries are defined in the
configuration file and they can be either plain SQL queries or stored procedures.
If the query starts with characters:
Please don't use semicolon
Some queries take arguments. Arguments are marked by question marks
Example configuration.
The first example shows how to put a stored procedure as a query with 2 required parameters.
The same query with plain SQL parameters instead:
Created: Sat Nov 11 22:22:04 2006
If the query starts with characters:
{ call
then the server assumes this is a stored procedure call,
otherwise it is executed as a plain SQL query. Each configuration value is stripped from white characters on both
ends before processing.
Please don't use semicolon
';'
at the end of the query as many JDBC drivers get confused and the query
may not work for unknown obvious reason.
Some queries take arguments. Arguments are marked by question marks
'?'
in the query. Refer to the
configuration parameters description for more details about what parameters are expected in each query.
Example configuration.
The first example shows how to put a stored procedure as a query with 2 required parameters.
add-user-query={ call TigAddUserPlainPw(?, ?) }
The same query with plain SQL parameters instead:
add-user-query=insert into users (user_id, password) values (?, ?)
Created: Sat Nov 11 22:22:04 2006
- Author:
- Artur Hefczyc
-
Nested Class Summary
Nested classes/interfaces inherited from interface tigase.db.AuthRepository
AuthRepository.AccountStatus, AuthRepository.DefaultCredentials, AuthRepository.SingleCredential
Nested classes/interfaces inherited from interface tigase.db.Repository
Repository.Meta, Repository.SchemaId
Nested classes/interfaces inherited from interface tigase.db.util.RepositoryVersionAware
RepositoryVersionAware.SchemaVersion
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
static final String
static final String
static final String
static final String
Query adding a new user to the database.static final String
static final String
Query executing periodically to ensure active connection with the database.static final String
Removes a user from the database.static final String
static final String
Deprecated.static final String
Deprecated.static final String
Retrieves user password from the database for given user_id (JID).static final String
static final String
Database initialization query which is run after the server is started.static final String
static final String
static final String
static final String
static final String
Comma separated list of NON-SASL authentication mechanisms.static final String
static final String
Comma separated list of SASL authentication mechanisms.static final String
static final String
static final String
static final String
Updates (changes) password for a given user_id (JID).static final String
Performs user login.static final String
This query is called when user logs out or disconnects.static final String
static final String
static final String
static final String
static final String
static final String
Fields inherited from interface tigase.db.AuthRepository
DATA_KEY, DIGEST_ID_KEY, DIGEST_KEY, MACHANISM_KEY, PASSWORD_KEY, PROTOCOL_KEY, PROTOCOL_VAL_NONSASL, PROTOCOL_VAL_SASL, REALM_KEY, RESULT_KEY, SERVER_NAME_KEY, USER_ID_KEY
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
getAccountStatus
(BareJID user) long
getActiveUsersCountIn
(Duration duration) getCredentialIds
(BareJID user) getCredentials
(BareJID user, String credentialId) protected String
getResourceUri
method returns database connection string.long
getUsersCount
method is thread safe.long
getUsersCount
(String domain) This method is only used by the server statistics component to report number of registered users for given domain.void
initRepository
(String connection_str, Map<String, String> params) Deprecated.boolean
isMechanismSupported
(String domain, String mechanism) void
Do some actions on repository, when user logs in.void
boolean
void
queryAuth
returns mechanisms available for authentication.void
removeCredential
(BareJID user, String credentialId) void
removeUser
(BareJID user) void
setAccountStatus
(BareJID user, AuthRepository.AccountStatus value) void
setDataSource
(DataRepository data_repo) Method called to provide class with instance of a data source.void
updateCredential
(BareJID user, String credentialId, String password) void
updatePassword
(BareJID user, String password) Methods inherited from class tigase.db.AbstractAuthRepositoryWithCredentials
getCredentialsDecoder, getCredentialsEncoder, getPassword, setCredentialsCodecs
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
Methods inherited from interface tigase.db.AuthRepository
getUsernames, isUserDisabled, setUserDisabled
Methods inherited from interface tigase.db.util.RepositoryVersionAware
getVersion, updateSchema
-
Field Details
-
DEF_CONNVALID_KEY
Query executing periodically to ensure active connection with the database.
Takes no arguments.
Example query:
select 1
- See Also:
-
DEF_INITDB_KEY
Database initialization query which is run after the server is started.
Takes no arguments.
Example query:
update tig_users set online_status = 0
- See Also:
-
DEF_ADDUSER_KEY
Query adding a new user to the database.
Takes 2 arguments:(user_id (JID), password)
Example query:
insert into tig_users (user_id, user_pw) values (?, ?)
- See Also:
-
DEF_DELUSER_KEY
Removes a user from the database.
Takes 1 argument:(user_id (JID))
Example query:
delete from tig_users where user_id = ?
- See Also:
-
DEF_GETPASSWORD_KEY
Retrieves user password from the database for given user_id (JID).
Takes 1 argument:(user_id (JID))
Example query:
select user_pw from tig_users where user_id = ?
- See Also:
-
DEF_UPDATEPASSWORD_KEY
Updates (changes) password for a given user_id (JID).
Takes 2 arguments:(password, user_id (JID))
Example query:
update tig_users set user_pw = ? where user_id = ?
- See Also:
-
DEF_USERLOGIN_KEY
Performs user login. Normally used when there is a special SP used for this purpose. This is an alternative way to a method requiring retrieving user password. Therefore at least one of those queries must be defined:user-login-query
orget-password-query
.
If both queries are defined thenuser-login-query
is used. Normally this method should be only used with plain text password authentication or sasl-plain.
The Tigase server expects a result set with user_id to be returned from the query if login is successful and empty results set if the login is unsuccessful.
Takes 2 arguments:(user_id (JID), password)
Example query:
select user_id from tig_users where (user_id = ?) AND (user_pw = ?)
- See Also:
-
DEF_USERLOGOUT_KEY
This query is called when user logs out or disconnects. It can record that event in the database.
Takes 1 argument:(user_id (JID))
Example query:
update tig_users, set online_status = online_status - 1 where user_id = ?
- See Also:
-
DEF_UPDATELOGINTIME_KEY
- See Also:
-
DEF_USERS_COUNT_KEY
- See Also:
-
DEF_ACTIVE_USERS_COUNT_KEY
- See Also:
-
DEF_USERS_DOMAIN_COUNT_KEY
- See Also:
-
DEF_LISTDISABLEDACCOUNTS_KEY
- See Also:
-
DEF_DISABLEACCOUNT_KEY
Deprecated.- See Also:
-
DEF_ENABLEACCOUNT_KEY
Deprecated.- See Also:
-
DEF_UPDATEACCOUNTSTATUS_KEY
- See Also:
-
DEF_ACCOUNTSTATUS_KEY
- See Also:
-
DEF_NONSASL_MECHS_KEY
Comma separated list of NON-SASL authentication mechanisms. Possible mechanisms are:password
anddigest
.digest
mechanism can work only withget-password-query
active and only when password are stored in plain text format in the database.- See Also:
-
DEF_SASL_MECHS_KEY
Comma separated list of SASL authentication mechanisms. Possible mechanisms are all mechanisms supported by Java implementation. The most common are:PLAIN
,DIGEST-MD5
,CRAM-MD5
.
"Non-PLAIN" mechanisms will work only with theget-password-query
active and only when passwords are stored in plain text format in the database.- See Also:
-
NO_QUERY
- See Also:
-
DEF_INITDB_QUERY
- See Also:
-
DEF_ADDUSER_QUERY
- See Also:
-
DEF_DELUSER_QUERY
- See Also:
-
DEF_GETPASSWORD_QUERY
- See Also:
-
DEF_USERS_COUNT_QUERY
- See Also:
-
DEF_ACTIVE_USERS_COUNT_QUERY
- See Also:
-
DEF_USERS_DOMAIN_COUNT_QUERY
- See Also:
-
DEF_LISTDISABLEDACCOUNTS_QUERY
- See Also:
-
DEF_UPDATEACCOUNTSTATUS_QUERY
- See Also:
-
DEF_ACCOUNTSTATUS_QUERY
- See Also:
-
DEF_NONSASL_MECHS
- See Also:
-
DEF_SASL_MECHS
- See Also:
-
SP_STARTS_WITH
- See Also:
-
-
Constructor Details
-
TigaseCustomAuth
public TigaseCustomAuth()
-
-
Method Details
-
addUser
- Specified by:
addUser
in interfaceAuthRepository
- Throws:
TigaseDBException
-
getAccountStatus
- Specified by:
getAccountStatus
in interfaceAuthRepository
- Throws:
TigaseDBException
-
getCredentials
- Specified by:
getCredentials
in interfaceAuthRepository
- Throws:
TigaseDBException
-
getParamWithDef
-
getResourceUri
Description copied from interface:AuthRepository
getResourceUri
method returns database connection string.- Specified by:
getResourceUri
in interfaceAuthRepository
- Returns:
- a
String
value of database connection string.
-
getCredentialIds
- Specified by:
getCredentialIds
in interfaceAuthRepository
- Throws:
TigaseDBException
-
getActiveUsersCountIn
- Specified by:
getActiveUsersCountIn
in interfaceAuthRepository
- Parameters:
duration
- Time range within which active users should be counted. Method is only used by statistics.- Returns:
- number of active users in required range
-
getUsersCount
public long getUsersCount()getUsersCount
method is thread safe. It uses local variable for storingStatement
.- Specified by:
getUsersCount
in interfaceAuthRepository
- Returns:
- a
long
number of user accounts in database.
-
getUsersCount
Description copied from interface:AuthRepository
This method is only used by the server statistics component to report number of registered users for given domain.- Specified by:
getUsersCount
in interfaceAuthRepository
- Parameters:
domain
- for which get the statistics- Returns:
- a
long
number of registered users in the repository.
-
initRepository
@Deprecated public void initRepository(String connection_str, Map<String, String> params) throws DBInitExceptionDeprecated.Description copied from interface:Repository
Method is deprecated and should not be user any more.
The method is called to initialize the data repository. Depending on the implementation all the initialization parameters can be passed either viaresource_uri
parameter as the database connection string or viaparams
map if the required repository parameters are more complex or both.- Specified by:
initRepository
in interfaceRepository
- Parameters:
connection_str
- value in most cases representing the database connection string.params
- is aMap
with repository properties necessary to initialize and perform all the functions. The initialization parameters are implementation dependent.- Throws:
DBInitException
- if there was an error during repository initialization. Some implementations, though, perform so called lazy initialization so even though there is a problem with the underlying repository it may not be signaled through this method call.
-
isMechanismSupported
- Specified by:
isMechanismSupported
in interfaceAuthRepository
- Overrides:
isMechanismSupported
in classAbstractAuthRepositoryWithCredentials
-
loggedIn
Description copied from interface:AuthRepository
Do some actions on repository, when user logs in. (for example updatelast_login_time
)- Specified by:
loggedIn
in interfaceAuthRepository
- Parameters:
user
- JID of logged user.- Throws:
TigaseDBException
- if an error occurs
-
logout
- Specified by:
logout
in interfaceAuthRepository
- Throws:
TigaseDBException
-
otherAuth
- Specified by:
otherAuth
in interfaceAuthRepository
- Throws:
TigaseDBException
AuthorizationException
-
queryAuth
Description copied from interface:AuthRepository
queryAuth
returns mechanisms available for authentication.- Specified by:
queryAuth
in interfaceAuthRepository
- Parameters:
authProps
- aMap
value with parameters for authentication.
-
removeCredential
- Specified by:
removeCredential
in interfaceAuthRepository
- Throws:
TigaseDBException
-
removeUser
- Specified by:
removeUser
in interfaceAuthRepository
- Throws:
TigaseDBException
-
setAccountStatus
public void setAccountStatus(BareJID user, AuthRepository.AccountStatus value) throws TigaseDBException - Specified by:
setAccountStatus
in interfaceAuthRepository
- Throws:
TigaseDBException
-
setDataSource
Description copied from interface:DataSourceAware
Method called to provide class with instance of a data source.- Specified by:
setDataSource
in interfaceDataSourceAware<DataRepository>
- Throws:
DBInitException
-
updateCredential
public void updateCredential(BareJID user, String credentialId, String password) throws TigaseDBException - Specified by:
updateCredential
in interfaceAuthRepository
- Throws:
TigaseDBException
-
updatePassword
- Specified by:
updatePassword
in interfaceAuthRepository
- Throws:
TigaseDBException
-