Class JdbcUserAuthenticator

java.lang.Object
org.kawanfw.sql.api.server.auth.JdbcUserAuthenticator
All Implemented Interfaces:
UserAuthenticator

public class JdbcUserAuthenticator
extends Object
implements UserAuthenticator
A concrete UserAuthenticator that allows zero-code remote client (username, password) authentication using a JDBC query run against an SQL table.

The request that is executed is defined in the jdbcUserAuthenticator.authenticationQuery property in the aceql-server.properties file.

The default SQL table to create and populate is defined by the jdbcUserAuthenticator.authenticationQuery value: SELECT encrypted_password FROM aceql_user WHERE username = ? and is thus in the format:
 
create table aceql_user
(               
  username              varchar(254)    not null,     
  encrypted_password    varchar(4000)   not null,
        primary key (username)
);
 
 
The database that contains the users table should be defined in the aceql-server.properties file with the property:
jdbcUserAuthenticator.database

The hash encryption algorithm, iterations and salt may be set using the following properties:
  • jdbcUserAuthenticator.hashAlgorithm
  • jdbcUserAuthenticator.hashIterations
  • jdbcUserAuthenticator.salt
Per default, if these 3 previous properties are not set: passwords contained in users table must be encrypted with SHA-256 (with no supplemental iterations and no salt).

The JdbcPasswordEncryptor tooling class is provided for generating encrypted passwords from their clear value.

Since:
10.1
Author:
Nicolas de Pomereu
See Also:
UserAuthenticator, JdbcPasswordEncryptor
  • Constructor Details

    • JdbcUserAuthenticator

      public JdbcUserAuthenticator()
  • Method Details

    • login

      public boolean login​(String username, char[] password, String database, String ipAddress) throws IOException, SQLException
      Description copied from interface: UserAuthenticator
      Allows to authenticate the remote (username, password) couple sent by the client side.

      The AceQL HTTP Server will call the method in order to grant or not client access.

      Typical usage would be to check the (username, password) couple against a LDAP server or against a SSH server, etc. The method allows to retrieve:

      • The name of the database to which the client wants to connect.
      • The IP address of the client.
      Specified by:
      login in interface UserAuthenticator
      Parameters:
      username - the username sent by the client
      password - the password to connect to the server
      database - the database name to which the client wants to connect
      ipAddress - the IP address of the client user
      Returns:
      true if the client is authenticated by the method. If false, the client side will not be authorized to send any command.
      Throws:
      IOException - if an IOException occurs
      SQLException - if a SQLException occurs