karaf-2.2.x/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java - karaf - Git at Google

 /*
  *
  *  Licensed under the Apache License, Version 2.0 (the "License");
  *  you may not use this file except in compliance with the License.
  *  You may obtain a copy of the License at
  *
  *       http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS,
  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  *  under the License.
  */
 package org.apache.karaf.jaas.modules.jdbc;

 import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
 import org.apache.karaf.jaas.modules.RolePrincipal;
 import org.apache.karaf.jaas.modules.UserPrincipal;
 import org.apache.karaf.jaas.modules.properties.PropertiesLoginModule;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import javax.security.auth.Subject;
 import javax.security.auth.callback.*;
 import javax.security.auth.login.LoginException;
 import javax.sql.DataSource;
 import javax.sql.XADataSource;
 import java.io.IOException;
 import java.security.Principal;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.HashSet;
 import java.util.Map;

 /**
  * @author iocanel
  */
 public class JDBCLoginModule extends AbstractKarafLoginModule {

     private final Logger logger = LoggerFactory.getLogger(PropertiesLoginModule.class);

     public static final String PASSWORD_QUERY = "query.password";
     public static final String ROLE_QUERY = "query.role";
     public static final String INSERT_USER_STATEMENT = "insert.user";
     public static final String INSERT_ROLE_STATEMENT = "insert.role";
     public static final String DELETE_ROLE_STATEMENT = "delete.role";
     public static final String DELETE_ROLES_STATEMENT = "delete.roles";
     public static final String DELETE_USER_STATEMENT = "delete.roles";

     private String datasourceURL;
     protected String passwordQuery = "SELECT PASSWORD FROM USERS WHERE USERNAME=?";
     protected String roleQuery = "SELECT ROLE FROM ROLES WHERE USERNAME=?";

     public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
         super.initialize(subject, callbackHandler, options);
         datasourceURL = (String) options.get(JDBCUtils.DATASOURCE);
         passwordQuery = (String) options.get(PASSWORD_QUERY);
         roleQuery = (String) options.get(ROLE_QUERY);
         if (datasourceURL == null || datasourceURL.trim().length() == 0) {
             logger.error("No datasource was specified ");
         } else if (!datasourceURL.startsWith(JDBCUtils.JNDI) && !datasourceURL.startsWith(JDBCUtils.OSGI)) {
             logger.error("Invalid datasource lookup protocol");
         }
     }


     public boolean login() throws LoginException {
         Connection connection = null;

         PreparedStatement passwordStatement = null;
         PreparedStatement roleStatement = null;

         ResultSet passwordResultSet = null;
         ResultSet roleResultSet = null;

         Callback[] callbacks = new Callback[2];
         callbacks[0] = new NameCallback("Username: ");
         callbacks[1] = new PasswordCallback("Password: ", false);

         try {
             callbackHandler.handle(callbacks);
         } catch (IOException ioe) {
             throw new LoginException(ioe.getMessage());
         } catch (UnsupportedCallbackException uce) {
             throw new LoginException(uce.getMessage() + " not available to obtain information from user");
         }

         user = ((NameCallback) callbacks[0]).getName();

         char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
         if (tmpPassword == null) {
             tmpPassword = new char[0];
         }

         String password = new String(tmpPassword);
         principals = new HashSet<Principal>();

         try {
             Object credentialsDatasource = JDBCUtils.createDatasource(bundleContext, datasourceURL);

             if (credentialsDatasource == null) {
                 throw new LoginException("Cannot obtain data source:" + datasourceURL);
             } else if (credentialsDatasource instanceof DataSource) {
                 connection = ((DataSource) credentialsDatasource).getConnection();
             } else if (credentialsDatasource instanceof XADataSource) {
                 connection = ((XADataSource) credentialsDatasource).getXAConnection().getConnection();
             } else {
                 throw new LoginException("Unknow dataSource type " + credentialsDatasource.getClass());
             }

             //Retrieve user credentials from database.
             passwordStatement = connection.prepareStatement(passwordQuery);
             passwordStatement.setString(1, user);
             passwordResultSet = passwordStatement.executeQuery();

             if (!passwordResultSet.next()) {
             	if (!this.detailedLoginExcepion) {
             		throw new LoginException("login failed");
             	} else {
             		throw new LoginException("User " + user + " does not exist");
             	}
             } else {
                 String storedPassword = passwordResultSet.getString(1);

                 if (!checkPassword(password, storedPassword)) {
                 	if (!this.detailedLoginExcepion) {
                 		throw new LoginException("login failed");
                 	} else {
                 		throw new LoginException("Password for " + user + " does not match");
                 	}
                 }
                 principals.add(new UserPrincipal(user));
             }

             //Retrieve user roles from database
             roleStatement = connection.prepareStatement(roleQuery);
             roleStatement.setString(1, user);
             roleResultSet = roleStatement.executeQuery();
             while (roleResultSet.next()) {
                 String role = roleResultSet.getString(1);
                 principals.add(new RolePrincipal(role));
             }
         } catch (Exception ex) {
             throw new LoginException("Error has occured while retrieving credentials from database:" + ex.getMessage());
         } finally {
             try {
                 if (passwordResultSet != null) {
                     passwordResultSet.close();
                 }
                 if (passwordStatement != null) {
                     passwordStatement.close();
                 }
                 if (roleResultSet != null) {
                     roleResultSet.close();
                 }
                 if (roleStatement != null) {
                     roleStatement.close();
                 }
                 if (connection != null) {
                     connection.close();
                 }
             } catch (SQLException ex) {
                 logger.warn("Failed to clearly close connection to the database:", ex);
             }
         }
         return true;
     }

     public boolean abort() throws LoginException {
         return true;
     }

     public boolean logout() throws LoginException {
         subject.getPrincipals().removeAll(principals);
         principals.clear();
         if (debug) {
             logger.debug("logout");
         }
         return true;
     }
 }
	/*
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	* under the License.
	*/
	package org.apache.karaf.jaas.modules.jdbc;

	import org.apache.karaf.jaas.modules.AbstractKarafLoginModule;
	import org.apache.karaf.jaas.modules.RolePrincipal;
	import org.apache.karaf.jaas.modules.UserPrincipal;
	import org.apache.karaf.jaas.modules.properties.PropertiesLoginModule;
	import org.slf4j.Logger;
	import org.slf4j.LoggerFactory;

	import javax.security.auth.Subject;
	import javax.security.auth.callback.*;
	import javax.security.auth.login.LoginException;
	import javax.sql.DataSource;
	import javax.sql.XADataSource;
	import java.io.IOException;
	import java.security.Principal;
	import java.sql.Connection;
	import java.sql.PreparedStatement;
	import java.sql.ResultSet;
	import java.sql.SQLException;
	import java.util.HashSet;
	import java.util.Map;

	/**
	* @author iocanel
	*/
	public class JDBCLoginModule extends AbstractKarafLoginModule {

	private final Logger logger = LoggerFactory.getLogger(PropertiesLoginModule.class);

	public static final String PASSWORD_QUERY = "query.password";
	public static final String ROLE_QUERY = "query.role";
	public static final String INSERT_USER_STATEMENT = "insert.user";
	public static final String INSERT_ROLE_STATEMENT = "insert.role";
	public static final String DELETE_ROLE_STATEMENT = "delete.role";
	public static final String DELETE_ROLES_STATEMENT = "delete.roles";
	public static final String DELETE_USER_STATEMENT = "delete.roles";

	private String datasourceURL;
	protected String passwordQuery = "SELECT PASSWORD FROM USERS WHERE USERNAME=?";
	protected String roleQuery = "SELECT ROLE FROM ROLES WHERE USERNAME=?";

	public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {
	super.initialize(subject, callbackHandler, options);
	datasourceURL = (String) options.get(JDBCUtils.DATASOURCE);
	passwordQuery = (String) options.get(PASSWORD_QUERY);
	roleQuery = (String) options.get(ROLE_QUERY);
	if (datasourceURL == null \|\| datasourceURL.trim().length() == 0) {
	logger.error("No datasource was specified ");
	} else if (!datasourceURL.startsWith(JDBCUtils.JNDI) && !datasourceURL.startsWith(JDBCUtils.OSGI)) {
	logger.error("Invalid datasource lookup protocol");
	}
	}


	public boolean login() throws LoginException {
	Connection connection = null;

	PreparedStatement passwordStatement = null;
	PreparedStatement roleStatement = null;

	ResultSet passwordResultSet = null;
	ResultSet roleResultSet = null;

	Callback[] callbacks = new Callback[2];
	callbacks[0] = new NameCallback("Username: ");
	callbacks[1] = new PasswordCallback("Password: ", false);

	try {
	callbackHandler.handle(callbacks);
	} catch (IOException ioe) {
	throw new LoginException(ioe.getMessage());
	} catch (UnsupportedCallbackException uce) {
	throw new LoginException(uce.getMessage() + " not available to obtain information from user");
	}

	user = ((NameCallback) callbacks[0]).getName();

	char[] tmpPassword = ((PasswordCallback) callbacks[1]).getPassword();
	if (tmpPassword == null) {
	tmpPassword = new char[0];
	}

	String password = new String(tmpPassword);
	principals = new HashSet<Principal>();

	try {
	Object credentialsDatasource = JDBCUtils.createDatasource(bundleContext, datasourceURL);

	if (credentialsDatasource == null) {
	throw new LoginException("Cannot obtain data source:" + datasourceURL);
	} else if (credentialsDatasource instanceof DataSource) {
	connection = ((DataSource) credentialsDatasource).getConnection();
	} else if (credentialsDatasource instanceof XADataSource) {
	connection = ((XADataSource) credentialsDatasource).getXAConnection().getConnection();
	} else {
	throw new LoginException("Unknow dataSource type " + credentialsDatasource.getClass());
	}

	//Retrieve user credentials from database.
	passwordStatement = connection.prepareStatement(passwordQuery);
	passwordStatement.setString(1, user);
	passwordResultSet = passwordStatement.executeQuery();

	if (!passwordResultSet.next()) {
	if (!this.detailedLoginExcepion) {
	throw new LoginException("login failed");
	} else {
	throw new LoginException("User " + user + " does not exist");
	}
	} else {
	String storedPassword = passwordResultSet.getString(1);

	if (!checkPassword(password, storedPassword)) {
	if (!this.detailedLoginExcepion) {
	throw new LoginException("login failed");
	} else {
	throw new LoginException("Password for " + user + " does not match");
	}
	}
	principals.add(new UserPrincipal(user));
	}

	//Retrieve user roles from database
	roleStatement = connection.prepareStatement(roleQuery);
	roleStatement.setString(1, user);
	roleResultSet = roleStatement.executeQuery();
	while (roleResultSet.next()) {
	String role = roleResultSet.getString(1);
	principals.add(new RolePrincipal(role));
	}
	} catch (Exception ex) {
	throw new LoginException("Error has occured while retrieving credentials from database:" + ex.getMessage());
	} finally {
	try {
	if (passwordResultSet != null) {
	passwordResultSet.close();
	}
	if (passwordStatement != null) {
	passwordStatement.close();
	}
	if (roleResultSet != null) {
	roleResultSet.close();
	}
	if (roleStatement != null) {
	roleStatement.close();
	}
	if (connection != null) {
	connection.close();
	}
	} catch (SQLException ex) {
	logger.warn("Failed to clearly close connection to the database:", ex);
	}
	}
	return true;
	}

	public boolean abort() throws LoginException {
	return true;
	}

	public boolean logout() throws LoginException {
	subject.getPrincipals().removeAll(principals);
	principals.clear();
	if (debug) {
	logger.debug("logout");
	}
	return true;
	}
	}