Package org.kawanfw.sql.api.server.auth

Class JdbcUserAuthenticator

java.lang.Object

org.kawanfw.sql.api.server.auth.JdbcUserAuthenticator

All Implemented Interfaces:

UserAuthenticator

public class JdbcUserAuthenticator
extends Object
implements UserAuthenticator

A concrete UserAuthenticator that allows zero-code remote client (username, password) authentication using a JDBC query run against an SQL table.

The request that is executed is defined in the jdbcUserAuthenticator.authenticationQuery property in the aceql-server.properties file.

The default SQL table to create and populate is defined by the jdbcUserAuthenticator.authenticationQuery value: SELECT encrypted_password FROM aceql_user WHERE username = ? and is thus in the format:

 
create table aceql_user
(               
  username              varchar(254)    not null,     
  encrypted_password    varchar(4000)   not null,
        primary key (username)
);
 
 

The database that contains the users table should be defined in the aceql-server.properties file with the property:
jdbcUserAuthenticator.database

The hash encryption algorithm, iterations and salt may be set using the following properties:

• jdbcUserAuthenticator.hashAlgorithm
• jdbcUserAuthenticator.hashIterations
• jdbcUserAuthenticator.salt

Per default, if these 3 previous properties are not set: passwords contained in users table must be encrypted with SHA-256 (with no supplemental iterations and no salt).

The JdbcPasswordEncryptor tooling class is provided for generating encrypted passwords from their clear value.

Since:

10.1

Author:

Nicolas de Pomereu

See Also:

UserAuthenticator, JdbcPasswordEncryptor

Constructor Summary

Constructors

Constructor	Description
JdbcUserAuthenticator()

Method Summary

Modifier and Type	Method	Description
boolean	login(String username, char[] password, String database, String ipAddress)	Allows to authenticate the remote (username, password) couple sent by the client side.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

JdbcUserAuthenticator

public JdbcUserAuthenticator()

Method Details

login

public boolean login(String username,
char[] password,
String database,
String ipAddress)
              throws IOException,
SQLException

Description copied from interface: UserAuthenticator

Allows to authenticate the remote (username, password) couple sent by the client side.

The AceQL HTTP Server will call the method in order to grant or not client access.

Typical usage would be to check the (username, password) couple against a LDAP server or against a SSH server, etc. The method allows to retrieve:

• The name of the database to which the client wants to connect.
• The IP address of the client.

Specified by:

login in interface UserAuthenticator

Parameters:

username - the username sent by the client

password - the password to connect to the server

database - the database name to which the client wants to connect

ipAddress - the IP address of the client user

Returns:

true if the client is authenticated by the method. If false, the client side will not be authorized to send any command.

Throws:

IOException - if an IOException occurs

SQLException - if a SQLException occurs