Skip to Content

org.clazzes.login.sql (work in progress)

Version 2.1 by christoph_lechleitner@iteg_at on 2013-01-18 05.10:06

The jaas-login-service is provided as an OSGi bundle, which may be activated by

obr:addurl http://maven.clazzes.org/repository.xml
obr:deploy sql-login-service

The maven artifact is:

<groupId>org.clazzes.login</groupId>
<artifactId>sql-login-service</artifactId>

Functionality

The SQL login service authenticates against users in a SQL database, using configurable SQL queries.

There are no plans to support authentication domains, because typical standalone login systems do not care for domains.

Configuration

The SQL login service may be configured using the OSGi configuration PID org.clazzes.login.sql using these configuration values:

 

Key

Description

defaultDomain

Optional. Defaults to an empty string.

The login domain to use for principals when the request did not contain a domain.

groupsByUserIdQuery

Optional. Required for getGroups feature.

SQL template for a prepared statement to query the group IDs and group names of the groups of which the user specified by a userId is a member.

Example:
SELECT g.groupId, g.groupName FROM groups AS g, users AS u, memberships AS mgroupName
 WHERE u.userId=?
AND m.userId = u.id
 AND g.id = m.groupId
 ORDER BY g.groupId 

defaultPasswordAlgorithm

Optional. Defaults to crypt

Values supported so far: crypt, ssha1, plain.

Password fields may contain:

  • the password encrypted using the default password algorithm, or
  • a LDAP style algorithm prefix and the password encrypted with the algorithm specified in the prefix. Example: {PLAIN}badPassword
setUserPasswordStatement

Optional. Required for changePassword feature.

SQL template for a prepared statement to set a new password for the user.

Example:
UPDATE users SET encryptedPassword=? WHERE userId=?

userByUserIdQuery

SQL template for a prepared statement to query userId, encrypted password, pretty name and e-mail address of a user specified by a userId.
If the pretty name is not part of the database, reuse the userId field.
If the e-mail address is not part of the database, use a constant like '' or null.

Example:
SELECT userId, encryptedPassword, userName, mailAdr FROM users WHERE userId=?

userIdsByGroupIdQuery

Optional. Required for getGroupMembers feature.

SQL template for a prepared statement to query the user IDs of the members of the group specified by a groupId.

Example:
SELECT u.userId FROM groups AS g, users AS u, memberships AS mgroupName
 WHERE g.groupId=?
AND m.groupId = g.id
 AND u.id = m.userId
 ORDER BY g.userId