public class JDBCAuthProvider extends Object implements AuthProvider, PropertyEventListener
hybrid
auth provider, so that you can also have
XMPP-only users that won't pollute your external data.To enable this provider, set the following in the system properties:
jdbcAuthProvider.passwordType can accept a comma separated string of password types. This can be useful in situations where legacy (ex/md5) password hashes were stored and then "upgraded" to a stronger hash algorithm. Hashes are executed left to right.
Example Setting: "md5,sha1"
Usage: password ->
(md5) 286755fad04869ca523320acce0dc6a4 ->
(sha1) 0524b1fc84d315b08db890413e65260040b08caa ->
Bcrypt is supported as a passwordType; however, when chaining password types it MUST be the last type given. (bcrypt hashes are different every time they are generated)
Optional bcrypt configuration:
Modifier and Type | Class and Description |
---|---|
static class |
JDBCAuthProvider.PasswordType
Indicates how the password is stored.
|
Constructor and Description |
---|
JDBCAuthProvider()
Constructs a new JDBC authentication provider.
|
Modifier and Type | Method and Description |
---|---|
void |
authenticate(String username,
String password)
Returns if the username and password are valid; otherwise this
method throws an UnauthorizedException.
|
void |
authenticate(String username,
String token,
String digest)
Returns if the username, token, and digest are valid; otherwise this
method throws an UnauthorizedException.
|
protected boolean |
comparePasswords(String plainText,
String hashed) |
protected void |
createUser(String username)
Checks to see if the user exists; if not, a new user is created.
|
String |
getPassword(String username)
Returns the user's password.
|
protected String |
hashPassword(String password,
JDBCAuthProvider.PasswordType type) |
boolean |
isDigestSupported()
Returns true if this AuthProvider supports digest authentication
according to JEP-0078.
|
boolean |
isPlainSupported()
Returns true if this AuthProvider supports authentication using plain-text
passwords according to JEP--0078.
|
boolean |
isScramSupported() |
void |
propertyDeleted(String property,
Map<String,Object> params)
A property was deleted.
|
void |
propertySet(String property,
Map<String,Object> params)
Support a subset of JDBCAuthProvider properties when updated via REST,
web GUI, or other sources.
|
void |
setPassword(String username,
String password)
Sets the users's password.
|
boolean |
supportsPasswordRetrieval()
Returns true if this UserProvider is able to retrieve user passwords from
the backend user store.
|
void |
xmlPropertyDeleted(String property,
Map<String,Object> params)
An XML property was deleted.
|
void |
xmlPropertySet(String property,
Map<String,Object> params)
An XML property was set.
|
public JDBCAuthProvider()
public void authenticate(String username, String password) throws UnauthorizedException
AuthProvider
If AuthProvider.isPlainSupported()
returns false, this method should
throw an UnsupportedOperationException.
authenticate
in interface AuthProvider
username
- the username or full JID.password
- the passwordUnauthorizedException
- if the username and password do
not match any existing user.protected String hashPassword(String password, JDBCAuthProvider.PasswordType type)
public void authenticate(String username, String token, String digest) throws UnauthorizedException
AuthProvider
If AuthProvider.isDigestSupported()
returns false, this method should
throw an UnsupportedOperationException.
authenticate
in interface AuthProvider
username
- the username or full JID.token
- the token that was used with plain-text password to
generate the digest.digest
- the digest generated from plain-text password and unique token.UnauthorizedException
- if the username and password
do not match any existing user.public boolean isPlainSupported()
AuthProvider
isPlainSupported
in interface AuthProvider
public boolean isDigestSupported()
AuthProvider
isDigestSupported
in interface AuthProvider
public String getPassword(String username) throws UserNotFoundException, UnsupportedOperationException
AuthProvider
getPassword
in interface AuthProvider
username
- the username of the user.UserNotFoundException
- if the given user's password could not be loaded.UnsupportedOperationException
- if the provider does not
support the operation (this is an optional operation).public void setPassword(String username, String password) throws UserNotFoundException, UnsupportedOperationException
AuthProvider
setPassword
in interface AuthProvider
username
- the username of the user.password
- the new plaintext password for the user.UserNotFoundException
- if the given user could not be loaded.UnsupportedOperationException
- if the provider does not
support the operation (this is an optional operation).public boolean supportsPasswordRetrieval()
AuthProvider
AuthProvider.getPassword(String)
will throw an UnsupportedOperationException
if invoked.supportsPasswordRetrieval
in interface AuthProvider
protected void createUser(String username)
username
- the username.public boolean isScramSupported()
isScramSupported
in interface AuthProvider
public void propertySet(String property, Map<String,Object> params)
propertySet
in interface PropertyEventListener
property
- the name of the property.params
- event parameters.public void propertyDeleted(String property, Map<String,Object> params)
PropertyEventListener
propertyDeleted
in interface PropertyEventListener
property
- the name of the property deleted.params
- event parameters.public void xmlPropertySet(String property, Map<String,Object> params)
PropertyEventListener
xmlPropertySet
in interface PropertyEventListener
property
- the name of the property.params
- event parameters.public void xmlPropertyDeleted(String property, Map<String,Object> params)
PropertyEventListener
xmlPropertyDeleted
in interface PropertyEventListener
property
- the name of the property.params
- event parameters.Copyright © 2003-2008 Jive Software.