Package org.jivesoftware.openfire.auth
Class JDBCAuthProvider
java.lang.Object
org.jivesoftware.openfire.auth.JDBCAuthProvider
- All Implemented Interfaces:
AuthProvider
,PropertyEventListener
The JDBC auth provider allows you to authenticate users against any database
that you can connect to with JDBC. It can be used along with the
hybrid
auth provider, so that you can also have
XMPP-only users that won't pollute your external data.To enable this provider, set the following in the system properties:
provider.auth.className = org.jivesoftware.openfire.auth.JDBCAuthProvider
jdbcProvider.driver = com.mysql.jdbc.Driver
jdbcProvider.connectionString = jdbc:mysql://localhost/dbname?user=username&password=secret
jdbcAuthProvider.passwordSQL = SELECT password FROM user_account WHERE username=?
jdbcAuthProvider.passwordType = plain
jdbcAuthProvider.allowUpdate = true
jdbcAuthProvider.setPasswordSQL = UPDATE user_account SET password=? WHERE username=?
jdbcAuthProvider.bcrypt.cost = 12
jdbcAuthProvider.passwordType can accept a comma separated string of password types. This can be useful in situations where legacy (ex/md5) password hashes were stored and then "upgraded" to a stronger hash algorithm. Hashes are executed left to right.
Example Setting: "md5,sha1"
Usage: password ->
(md5) 286755fad04869ca523320acce0dc6a4 ->
(sha1) 0524b1fc84d315b08db890413e65260040b08caa ->
Bcrypt is supported as a passwordType; however, when chaining password types it MUST be the last type given. (bcrypt hashes are different every time they are generated)
Optional bcrypt configuration:
- jdbcAuthProvider.bcrypt.cost: The BCrypt cost. Default: BCrypt.GENSALT_DEFAULT_LOG2_ROUNDS (currently: 10)
jdbcAuthProvider.useConnectionProvider = true
- Author:
- David Snopek
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic enum
Indicates how the password is stored. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
XMPP disallows some characters in identifiers, requiring them to be escaped.void
authenticate
(String username, String password) Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.protected boolean
comparePasswords
(String plainText, String hashed) protected void
createUser
(String username) Checks to see if the user exists; if not, a new user is created.int
getIterations
(String username) getPassword
(String username) Returns the user's password.getServerKey
(String username) getStoredKey
(String username) protected String
hashPassword
(String password, JDBCAuthProvider.PasswordType type) boolean
void
propertyDeleted
(String property, Map<String, Object> params) A property was deleted.void
propertySet
(String property, Map<String, Object> params) Support a subset of JDBCAuthProvider properties when updated via REST, web GUI, or other sources.void
setPassword
(String username, String password) Sets the user's password.boolean
Returns true if this UserProvider is able to retrieve user passwords from the backend user store.void
xmlPropertyDeleted
(String property, Map<String, Object> params) An XML property was deleted.void
xmlPropertySet
(String property, Map<String, Object> params) An XML property was set.
-
Constructor Details
-
JDBCAuthProvider
public JDBCAuthProvider()Constructs a new JDBC authentication provider.
-
-
Method Details
-
assumePersistedDataIsEscaped
protected boolean assumePersistedDataIsEscaped()XMPP disallows some characters in identifiers, requiring them to be escaped. This implementation assumes that the database returns properly escaped identifiers, but can apply escaping by setting the value of the 'jdbcAuthProvider.isEscaped' property to 'false'.- Returns:
- 'false' if this implementation needs to escape database content before processing.
-
authenticate
Description copied from interface:AuthProvider
Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.- Specified by:
authenticate
in interfaceAuthProvider
- Parameters:
username
- the username or full JID.password
- the password- Throws:
UnauthorizedException
- if the username and password do not match any existing user.
-
comparePasswords
-
hashPassword
-
getPassword
public String getPassword(String username) throws UserNotFoundException, UnsupportedOperationException Description copied from interface:AuthProvider
Returns the user's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.- Specified by:
getPassword
in interfaceAuthProvider
- Parameters:
username
- the username of the user.- Returns:
- the user's password.
- Throws:
UserNotFoundException
- if the given user's password could not be loaded.UnsupportedOperationException
- if the provider does not support the operation (this is an optional operation).
-
setPassword
public void setPassword(String username, String password) throws UserNotFoundException, UnsupportedOperationException Description copied from interface:AuthProvider
Sets the user's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.- Specified by:
setPassword
in interfaceAuthProvider
- Parameters:
username
- the username of the user.password
- the new plaintext password for the user.- Throws:
UserNotFoundException
- if the given user could not be loaded.UnsupportedOperationException
- if the provider does not support the operation (this is an optional operation).
-
supportsPasswordRetrieval
public boolean supportsPasswordRetrieval()Description copied from interface:AuthProvider
Returns true if this UserProvider is able to retrieve user passwords from the backend user store. If this operation is not supported thenAuthProvider.getPassword(String)
will throw anUnsupportedOperationException
if invoked.- Specified by:
supportsPasswordRetrieval
in interfaceAuthProvider
- Returns:
- true if this UserProvider is able to retrieve user passwords from the backend user store.
-
createUser
Checks to see if the user exists; if not, a new user is created.- Parameters:
username
- the username.
-
isScramSupported
public boolean isScramSupported()- Specified by:
isScramSupported
in interfaceAuthProvider
-
getSalt
- Specified by:
getSalt
in interfaceAuthProvider
- Throws:
UnsupportedOperationException
UserNotFoundException
-
getIterations
public int getIterations(String username) throws UnsupportedOperationException, UserNotFoundException - Specified by:
getIterations
in interfaceAuthProvider
- Throws:
UnsupportedOperationException
UserNotFoundException
-
getServerKey
public String getServerKey(String username) throws UnsupportedOperationException, UserNotFoundException - Specified by:
getServerKey
in interfaceAuthProvider
- Throws:
UnsupportedOperationException
UserNotFoundException
-
getStoredKey
public String getStoredKey(String username) throws UnsupportedOperationException, UserNotFoundException - Specified by:
getStoredKey
in interfaceAuthProvider
- Throws:
UnsupportedOperationException
UserNotFoundException
-
propertySet
Support a subset of JDBCAuthProvider properties when updated via REST, web GUI, or other sources. Provider strings (and related settings) must be set via XML.- Specified by:
propertySet
in interfacePropertyEventListener
- Parameters:
property
- the name of the property.params
- event parameters.
-
propertyDeleted
Description copied from interface:PropertyEventListener
A property was deleted.- Specified by:
propertyDeleted
in interfacePropertyEventListener
- Parameters:
property
- the name of the property deleted.params
- event parameters.
-
xmlPropertySet
Description copied from interface:PropertyEventListener
An XML property was set. The parameter mapparams
will contain the the value of the property under the keyvalue
.- Specified by:
xmlPropertySet
in interfacePropertyEventListener
- Parameters:
property
- the name of the property.params
- event parameters.
-
xmlPropertyDeleted
Description copied from interface:PropertyEventListener
An XML property was deleted.- Specified by:
xmlPropertyDeleted
in interfacePropertyEventListener
- Parameters:
property
- the name of the property.params
- event parameters.
-