Wiki source code of org.clazzes.login.sql (work in progress)
Version 4.1 by christoph_lechleitner@iteg_at on 2013-01-22 12.10:58
Hide last authors
| author | version | line-number | content |
|---|---|---|---|
 |
1.1 | 1 | The jaas-login-service is provided as an OSGi bundle, which may be activated by |
| 2 | |||
| 3 | (% class="code" %) | ||
| 4 | ((( | ||
| 5 | obr:addurl http:~/~/maven.clazzes.org/repository.xml | ||
| 6 | obr:deploy sql-login-service | ||
| 7 | ))) | ||
| 8 | |||
| 9 | The maven artifact is: | ||
| 10 | |||
| 11 | (% class="code" %) | ||
| 12 | ((( | ||
| 13 | <groupId>org.clazzes.login</groupId> | ||
| 14 | <artifactId>sql-login-service</artifactId> | ||
| 15 | ))) | ||
| 16 | |||
| 17 | === {{id name="org.clazzes.login.sql-Functionality"/}}Functionality === | ||
| 18 | |||
| |
2.1 | 19 | The SQL login service authenticates against users in a SQL database, using configurable SQL queries. |
| |
1.1 | 20 | |
| |
2.1 | 21 | There are no plans to support authentication domains, because typical standalone login systems do not care for domains. |
| 22 | |||
| |
1.1 | 23 | === {{id name="org.clazzes.login.sql-Configuration"/}}Configuration === |
| 24 | |||
| 25 | The SQL login service may be configured using the OSGi configuration PID {{code language="none"}}org.clazzes.login.sql{{/code}} using these configuration values: | ||
| 26 | |||
| 27 | (% class="wiki-content" %) | ||
| 28 | ((( | ||
| |
2.1 | 29 | |
| 30 | |||
| |
1.1 | 31 | |=((( |
| 32 | (% class="tablesorter-header-inner" %) | ||
| 33 | ((( | ||
| 34 | Key | ||
| 35 | ))) | ||
| 36 | )))|=((( | ||
| 37 | (% class="tablesorter-header-inner" %) | ||
| 38 | ((( | ||
| 39 | Description | ||
| 40 | ))) | ||
| 41 | ))) | ||
| 42 | |((( | ||
| 43 | {{code language="none"}} | ||
| |
3.1 | 44 | deactivateUserStatement |
| 45 | {{/code}} | ||
| 46 | )))|((( | ||
| 47 | Not implemented yet. Optional. Required for //deactivateUser// feature. | ||
| 48 | |||
| 49 | SQL template for a prepared statement to deactivate a user. | ||
| 50 | |||
| 51 | Example: | ||
| 52 | {{code language="none"}}UPDATE users SET encryptedPassword='{disabled}' WHERE userId=?{{/code}} | ||
| 53 | ))) | ||
| 54 | |((( | ||
| 55 | {{code language="none"}} | ||
| |
1.1 | 56 | defaultDomain |
| 57 | {{/code}} | ||
| 58 | )))|((( | ||
| |
2.1 | 59 | Optional. Defaults to an empty string. |
| 60 | |||
| |
4.1 | 61 | If set to an empty string, the domain parameter of request queries does not get checked but is filled in in returned principals. |
| 62 | |||
| 63 | If set to a non-empty string, requests for other domains are refused. | ||
| 64 | |||
| 65 | Support for databases maintaining multiple authentication domains might be added in the future, but I do not believe multi-domain setups even exist outside the LDAP/ADS world. | ||
| |
2.1 | 66 | ))) |
| 67 | |((( | ||
| 68 | {{code language="none"}} | ||
| 69 | groupsByUserIdQuery | ||
| 70 | {{/code}} | ||
| |
1.1 | 71 | )))|((( |
| |
2.1 | 72 | Optional. Required for //getGroups// feature. |
| 73 | |||
| 74 | SQL template for a prepared statement to query the group IDs and group names of the groups of which the user specified by a userId is a member. | ||
| 75 | |||
| 76 | Example: | ||
| 77 | {{code language="none"}}SELECT g.groupId, g.groupName FROM groups AS g, users AS u, memberships AS mgroupName | ||
| 78 | WHERE u.userId=? | ||
| 79 | AND m.userId = u.id | ||
| 80 | AND g.id = m.groupId | ||
| 81 | ORDER BY g.groupId {{/code}} | ||
| |
1.1 | 82 | ))) |
| |
2.1 | 83 | |((( |
| 84 | {{code language="none"}} | ||
| 85 | defaultPasswordAlgorithm | ||
| 86 | {{/code}} | ||
| 87 | )))|((( | ||
| 88 | Optional. Defaults to {{code language="none"}}crypt{{/code}} | ||
| 89 | |||
| 90 | Values supported so far: {{code language="none"}}crypt{{/code}}, {{code language="none"}}ssha1{{/code}}, {{code language="none"}}plain{{/code}}. | ||
| 91 | |||
| 92 | Password fields may contain: | ||
| 93 | |||
| 94 | * the password encrypted using the default password algorithm, or | ||
| 95 | * a LDAP style algorithm prefix and the password encrypted with the algorithm specified in the prefix. Example: {{code language="none"}}{PLAIN}badPassword{{/code}} | ||
| |
1.1 | 96 | ))) |
| |
2.1 | 97 | |((( |
| 98 | {{code language="none"}} | ||
| 99 | setUserPasswordStatement | ||
| 100 | {{/code}} | ||
| 101 | )))|((( | ||
| 102 | Optional. Required for //changePassword// feature. | ||
| 103 | |||
| 104 | SQL template for a prepared statement to set a new password for the user. | ||
| 105 | |||
| 106 | Example: | ||
| 107 | {{code language="none"}}UPDATE users SET encryptedPassword=? WHERE userId=?{{/code}} | ||
| 108 | ))) | ||
| 109 | |((( | ||
| 110 | {{code language="none"}} | ||
| 111 | userByUserIdQuery | ||
| 112 | {{/code}} | ||
| 113 | )))|((( | ||
| 114 | SQL template for a prepared statement to query userId, encrypted password, pretty name and e-mail address of a user specified by a userId. | ||
| 115 | If the pretty name is not part of the database, reuse the userId field. | ||
| 116 | If the e-mail address is not part of the database, use a constant like '' or null. | ||
| 117 | |||
| 118 | Example: | ||
| 119 | {{code language="none"}}SELECT userId, encryptedPassword, userName, mailAdr FROM users WHERE userId=?{{/code}} | ||
| 120 | ))) | ||
| 121 | |((( | ||
| 122 | {{code language="none"}} | ||
| |
3.1 | 123 | usersByGroupIdQuery |
| |
2.1 | 124 | {{/code}} |
| 125 | )))|((( | ||
| 126 | Optional. Required for //getGroupMembers// feature. | ||
| 127 | |||
| |
3.1 | 128 | SQL template for a prepared statement to query the user IDs, user names and e-mail-addresses of the members of the group specified by a groupId. |
| |
2.1 | 129 | |
| 130 | Example: | ||
| |
3.1 | 131 | {{code language="none"}}SELECT u.userId, u.userName, u.mailAdr |
| 132 | FROM groups AS g, users AS u, memberships AS mgroupName | ||
| |
2.1 | 133 | WHERE g.groupId=? |
| 134 | AND m.groupId = g.id | ||
| 135 | AND u.id = m.userId | ||
| 136 | ORDER BY g.userId {{/code}} | ||
| 137 | ))) | ||
| 138 | ))) |