Class JDBCAuthProvider

  • All Implemented Interfaces:
    AuthProvider, PropertyEventListener

    public class JDBCAuthProvider
    extends Object
    implements AuthProvider, PropertyEventListener
    The JDBC auth provider allows you to authenticate users against any database that you can connect to with JDBC. It can be used along with the hybrid auth provider, so that you can also have XMPP-only users that won't pollute your external data.

    To enable this provider, set the following in the system properties:

    • provider.auth.className = org.jivesoftware.openfire.auth.JDBCAuthProvider
    You'll also need to set your JDBC driver, connection string, and SQL statements:
    • jdbcProvider.driver = com.mysql.jdbc.Driver
    • jdbcProvider.connectionString = jdbc:mysql://localhost/dbname?user=username&password=secret
    • jdbcAuthProvider.passwordSQL = SELECT password FROM user_account WHERE username=?
    • jdbcAuthProvider.passwordType = plain
    • jdbcAuthProvider.allowUpdate = true
    • jdbcAuthProvider.setPasswordSQL = UPDATE user_account SET password=? WHERE username=?
    • jdbcAuthProvider.bcrypt.cost = 12

    jdbcAuthProvider.passwordType can accept a comma separated string of password types. This can be useful in situations where legacy (ex/md5) password hashes were stored and then "upgraded" to a stronger hash algorithm. Hashes are executed left to right.

    Example Setting: "md5,sha1"
    Usage: password ->
    (md5) 286755fad04869ca523320acce0dc6a4 ->
    (sha1) 0524b1fc84d315b08db890413e65260040b08caa ->

    Bcrypt is supported as a passwordType; however, when chaining password types it MUST be the last type given. (bcrypt hashes are different every time they are generated)

    Optional bcrypt configuration:

    • jdbcAuthProvider.bcrypt.cost: The BCrypt cost. Default: BCrypt.GENSALT_DEFAULT_LOG2_ROUNDS (currently: 10)
    In order to use the configured JDBC connection provider do not use a JDBC connection string, set the following property
    • jdbcAuthProvider.useConnectionProvider = true
    The passwordType setting tells Openfire how the password is stored. Setting the value is optional (when not set, it defaults to "plain"). The valid values are:
    David Snopek