1   // ========================================================================
2   // $Id: AbstractDatabaseLoginModule.java 335 2006-03-14 11:23:49Z janb $
3   // Copyright 1999-2004 Mort Bay Consulting Pty. Ltd.
4   // ------------------------------------------------------------------------
5   // Licensed under the Apache License, Version 2.0 (the "License");
6   // you may not use this file except in compliance with the License.
7   // You may obtain a copy of the License at 
8   // http://www.apache.org/licenses/LICENSE-2.0
9   // Unless required by applicable law or agreed to in writing, software
10  // distributed under the License is distributed on an "AS IS" BASIS,
11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  // See the License for the specific language governing permissions and
13  // limitations under the License.
14  // ========================================================================
15  
16  package org.mortbay.jetty.plus.jaas.spi;
17  
18  import java.sql.Connection;
19  import java.sql.PreparedStatement;
20  import java.sql.ResultSet;
21  import java.sql.SQLException;
22  import java.util.ArrayList;
23  import java.util.List;
24  import java.util.Map;
25  
26  import javax.security.auth.Subject;
27  import javax.security.auth.callback.CallbackHandler;
28  
29  import org.mortbay.jetty.security.Credential;
30  import org.mortbay.log.Log;
31  
32  /**
33   * AbstractDatabaseLoginModule
34   *
35   * Abstract base class for LoginModules that interact with a 
36   * database to retrieve authentication and authorization information.
37   * Used by the JDBCLoginModule and DataSourceLoginModule.
38   *
39   */
40  public abstract class AbstractDatabaseLoginModule extends AbstractLoginModule
41  {
42      private String userQuery;
43      private String rolesQuery;
44      private String dbUserTable;
45      private String dbUserTableUserField;
46      private String dbUserTableCredentialField;
47      private String dbUserRoleTable;
48      private String dbUserRoleTableUserField;
49      private String dbUserRoleTableRoleField;
50      
51      
52      
53      
54      /**
55       * @return a java.sql.Connection from the database
56       * @throws Exception
57       */
58      public abstract Connection getConnection () throws Exception;
59      
60     
61      
62      /* ------------------------------------------------ */
63      /** Load info from database
64       * @param userName user info to load
65       * @exception SQLException 
66       */
67      public UserInfo getUserInfo (String userName)
68          throws Exception
69      {
70          Connection connection = null;
71          
72          try
73          {
74              connection = getConnection();
75              
76              //query for credential
77              PreparedStatement statement = connection.prepareStatement (userQuery);
78              statement.setString (1, userName);
79              ResultSet results = statement.executeQuery();
80              String dbCredential = null;
81              if (results.next())
82              {
83                  dbCredential = results.getString(1);
84              }
85              results.close();
86              statement.close();
87              
88              //query for role names
89              statement = connection.prepareStatement (rolesQuery);
90              statement.setString (1, userName);
91              results = statement.executeQuery();
92              List roles = new ArrayList();
93              
94              while (results.next())
95              {
96                  String roleName = results.getString (1);
97                  roles.add (roleName);
98              }
99              
100             results.close();
101             statement.close();
102             
103             return new UserInfo (userName, Credential.getCredential(dbCredential), roles);
104         }
105         finally
106         {
107             if (connection != null) connection.close();
108         }
109     }
110     
111 
112     public void initialize(Subject subject,
113             CallbackHandler callbackHandler,
114             Map sharedState,
115             Map options)
116     {
117         super.initialize(subject, callbackHandler, sharedState, options);
118         
119         //get the user credential query out of the options
120         dbUserTable = (String)options.get("userTable");
121         dbUserTableUserField = (String)options.get("userField");
122         dbUserTableCredentialField = (String)options.get("credentialField");
123         
124         userQuery = "select "+dbUserTableCredentialField+" from "+dbUserTable+" where "+dbUserTableUserField+"=?";
125         
126         
127         //get the user roles query out of the options
128         dbUserRoleTable = (String)options.get("userRoleTable");
129         dbUserRoleTableUserField = (String)options.get("userRoleUserField");
130         dbUserRoleTableRoleField = (String)options.get("userRoleRoleField");
131         
132         rolesQuery = "select "+dbUserRoleTableRoleField+" from "+dbUserRoleTable+" where "+dbUserRoleTableUserField+"=?";
133         
134         if(Log.isDebugEnabled())Log.debug("userQuery = "+userQuery);
135         if(Log.isDebugEnabled())Log.debug("rolesQuery = "+rolesQuery);
136     }
137 }