Package org.jivesoftware.openfire.auth
Class JDBCAuthProvider
- java.lang.Object
-
- org.jivesoftware.openfire.auth.JDBCAuthProvider
-
- All Implemented Interfaces:
AuthProvider
,PropertyEventListener
public class JDBCAuthProvider extends Object implements AuthProvider, PropertyEventListener
The JDBC auth provider allows you to authenticate users against any database that you can connect to with JDBC. It can be used along with thehybrid
auth provider, so that you can also have XMPP-only users that won't pollute your external data.To enable this provider, set the following in the system properties:
provider.auth.className = org.jivesoftware.openfire.auth.JDBCAuthProvider
jdbcProvider.driver = com.mysql.jdbc.Driver
jdbcProvider.connectionString = jdbc:mysql://localhost/dbname?user=username&password=secret
jdbcAuthProvider.passwordSQL = SELECT password FROM user_account WHERE username=?
jdbcAuthProvider.passwordType = plain
jdbcAuthProvider.allowUpdate = true
jdbcAuthProvider.setPasswordSQL = UPDATE user_account SET password=? WHERE username=?
jdbcAuthProvider.bcrypt.cost = 12
jdbcAuthProvider.passwordType can accept a comma separated string of password types. This can be useful in situations where legacy (ex/md5) password hashes were stored and then "upgraded" to a stronger hash algorithm. Hashes are executed left to right.
Example Setting: "md5,sha1"
Usage: password ->
(md5) 286755fad04869ca523320acce0dc6a4 ->
(sha1) 0524b1fc84d315b08db890413e65260040b08caa ->Bcrypt is supported as a passwordType; however, when chaining password types it MUST be the last type given. (bcrypt hashes are different every time they are generated)
Optional bcrypt configuration:
- jdbcAuthProvider.bcrypt.cost: The BCrypt cost. Default: BCrypt.GENSALT_DEFAULT_LOG2_ROUNDS (currently: 10)
jdbcAuthProvider.useConnectionProvider = true
- Author:
- David Snopek
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
JDBCAuthProvider.PasswordType
Indicates how the password is stored.
-
Constructor Summary
Constructors Constructor Description JDBCAuthProvider()
Constructs a new JDBC authentication provider.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected boolean
assumePersistedDataIsEscaped()
XMPP disallows some characters in identifiers, requiring them to be escaped.void
authenticate(String username, String password)
Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.protected boolean
comparePasswords(String plainText, String hashed)
protected void
createUser(String username)
Checks to see if the user exists; if not, a new user is created.int
getIterations(String username)
String
getPassword(String username)
Returns the user's password.String
getSalt(String username)
String
getServerKey(String username)
String
getStoredKey(String username)
protected String
hashPassword(String password, JDBCAuthProvider.PasswordType type)
boolean
isScramSupported()
void
propertyDeleted(String property, Map<String,Object> params)
A property was deleted.void
propertySet(String property, Map<String,Object> params)
Support a subset of JDBCAuthProvider properties when updated via REST, web GUI, or other sources.void
setPassword(String username, String password)
Sets the users's password.boolean
supportsPasswordRetrieval()
Returns true if this UserProvider is able to retrieve user passwords from the backend user store.void
xmlPropertyDeleted(String property, Map<String,Object> params)
An XML property was deleted.void
xmlPropertySet(String property, Map<String,Object> params)
An XML property was set.
-
-
-
Method Detail
-
assumePersistedDataIsEscaped
protected boolean assumePersistedDataIsEscaped()
XMPP disallows some characters in identifiers, requiring them to be escaped. This implementation assumes that the database returns properly escaped identifiers, but can apply escaping by setting the value of the 'jdbcAuthProvider.isEscaped' property to 'false'.- Returns:
- 'false' if this implementation needs to escape database content before processing.
-
authenticate
public void authenticate(String username, String password) throws UnauthorizedException
Description copied from interface:AuthProvider
Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.- Specified by:
authenticate
in interfaceAuthProvider
- Parameters:
username
- the username or full JID.password
- the password- Throws:
UnauthorizedException
- if the username and password do not match any existing user.
-
hashPassword
protected String hashPassword(String password, JDBCAuthProvider.PasswordType type)
-
getPassword
public String getPassword(String username) throws UserNotFoundException, UnsupportedOperationException
Description copied from interface:AuthProvider
Returns the user's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.- Specified by:
getPassword
in interfaceAuthProvider
- Parameters:
username
- the username of the user.- Returns:
- the user's password.
- Throws:
UserNotFoundException
- if the given user's password could not be loaded.UnsupportedOperationException
- if the provider does not support the operation (this is an optional operation).
-
setPassword
public void setPassword(String username, String password) throws UserNotFoundException, UnsupportedOperationException
Description copied from interface:AuthProvider
Sets the users's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.- Specified by:
setPassword
in interfaceAuthProvider
- Parameters:
username
- the username of the user.password
- the new plaintext password for the user.- Throws:
UserNotFoundException
- if the given user could not be loaded.UnsupportedOperationException
- if the provider does not support the operation (this is an optional operation).
-
supportsPasswordRetrieval
public boolean supportsPasswordRetrieval()
Description copied from interface:AuthProvider
Returns true if this UserProvider is able to retrieve user passwords from the backend user store. If this operation is not supported thenAuthProvider.getPassword(String)
will throw anUnsupportedOperationException
if invoked.- Specified by:
supportsPasswordRetrieval
in interfaceAuthProvider
- Returns:
- true if this UserProvider is able to retrieve user passwords from the backend user store.
-
createUser
protected void createUser(String username)
Checks to see if the user exists; if not, a new user is created.- Parameters:
username
- the username.
-
isScramSupported
public boolean isScramSupported()
- Specified by:
isScramSupported
in interfaceAuthProvider
-
getSalt
public String getSalt(String username) throws UnsupportedOperationException, UserNotFoundException
- Specified by:
getSalt
in interfaceAuthProvider
- Throws:
UnsupportedOperationException
UserNotFoundException
-
getIterations
public int getIterations(String username) throws UnsupportedOperationException, UserNotFoundException
- Specified by:
getIterations
in interfaceAuthProvider
- Throws:
UnsupportedOperationException
UserNotFoundException
-
getServerKey
public String getServerKey(String username) throws UnsupportedOperationException, UserNotFoundException
- Specified by:
getServerKey
in interfaceAuthProvider
- Throws:
UnsupportedOperationException
UserNotFoundException
-
getStoredKey
public String getStoredKey(String username) throws UnsupportedOperationException, UserNotFoundException
- Specified by:
getStoredKey
in interfaceAuthProvider
- Throws:
UnsupportedOperationException
UserNotFoundException
-
propertySet
public void propertySet(String property, Map<String,Object> params)
Support a subset of JDBCAuthProvider properties when updated via REST, web GUI, or other sources. Provider strings (and related settings) must be set via XML.- Specified by:
propertySet
in interfacePropertyEventListener
- Parameters:
property
- the name of the property.params
- event parameters.
-
propertyDeleted
public void propertyDeleted(String property, Map<String,Object> params)
Description copied from interface:PropertyEventListener
A property was deleted.- Specified by:
propertyDeleted
in interfacePropertyEventListener
- Parameters:
property
- the name of the property deleted.params
- event parameters.
-
xmlPropertySet
public void xmlPropertySet(String property, Map<String,Object> params)
Description copied from interface:PropertyEventListener
An XML property was set. The parameter mapparams
will contain the the value of the property under the keyvalue
.- Specified by:
xmlPropertySet
in interfacePropertyEventListener
- Parameters:
property
- the name of the property.params
- event parameters.
-
xmlPropertyDeleted
public void xmlPropertyDeleted(String property, Map<String,Object> params)
Description copied from interface:PropertyEventListener
An XML property was deleted.- Specified by:
xmlPropertyDeleted
in interfacePropertyEventListener
- Parameters:
property
- the name of the property.params
- event parameters.
-
-