2 // ========================================================================
3 // Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
19 package org.eclipse.jetty.security;
21 import java.io.IOException;
22 import java.io.InputStream;
23 import java.sql.Connection;
24 import java.sql.DriverManager;
25 import java.sql.PreparedStatement;
26 import java.sql.ResultSet;
27 import java.sql.SQLException;
28 import java.util.ArrayList;
29 import java.util.List;
30 import java.util.Properties;
32 import org.eclipse.jetty.server.UserIdentity;
33 import org.eclipse.jetty.util.Loader;
34 import org.eclipse.jetty.util.log.Log;
35 import org.eclipse.jetty.util.log.Logger;
36 import org.eclipse.jetty.util.resource.Resource;
37 import org.eclipse.jetty.util.security.Credential;
39 /* ------------------------------------------------------------ */
41 * HashMapped User Realm with JDBC as data source.
42 * The login() method checks the inherited Map for the user. If the user is not
43 * found, it will fetch details from the database and populate the inherited
44 * Map. It then calls the superclass login() method to perform the actual
45 * authentication. Periodically (controlled by configuration parameter),
46 * internal hashes are cleared. Caching can be disabled by setting cache refresh
47 * interval to zero. Uses one database connection that is initialized at
48 * startup. Reconnect on failures. authenticate() is 'synchronized'.
50 * An example properties file for configuration is in
51 * $JETTY_HOME/etc/jdbcRealm.properties
53 * @version $Id: JDBCLoginService.java 4792 2009-03-18 21:55:52Z gregw $
60 public class JDBCLoginService extends MappedLoginService
62 private static final Logger LOG = Log.getLogger(JDBCLoginService.class);
64 protected String _config;
65 protected String _jdbcDriver;
66 protected String _url;
67 protected String _userName;
68 protected String _password;
69 protected String _userTableKey;
70 protected String _userTablePasswordField;
71 protected String _roleTableRoleField;
72 protected int _cacheTime;
73 protected long _lastHashPurge;
74 protected Connection _con;
75 protected String _userSql;
76 protected String _roleSql;
79 /* ------------------------------------------------------------ */
80 public JDBCLoginService()
85 /* ------------------------------------------------------------ */
86 public JDBCLoginService(String name)
92 /* ------------------------------------------------------------ */
93 public JDBCLoginService(String name, String config)
100 /* ------------------------------------------------------------ */
101 public JDBCLoginService(String name, IdentityService identityService, String config)
105 setIdentityService(identityService);
110 /* ------------------------------------------------------------ */
112 * @see org.eclipse.jetty.security.MappedLoginService#doStart()
115 protected void doStart() throws Exception
117 Properties properties = new Properties();
118 Resource resource = Resource.newResource(_config);
119 try (InputStream in = resource.getInputStream())
123 _jdbcDriver = properties.getProperty("jdbcdriver");
124 _url = properties.getProperty("url");
125 _userName = properties.getProperty("username");
126 _password = properties.getProperty("password");
127 String _userTable = properties.getProperty("usertable");
128 _userTableKey = properties.getProperty("usertablekey");
129 String _userTableUserField = properties.getProperty("usertableuserfield");
130 _userTablePasswordField = properties.getProperty("usertablepasswordfield");
131 String _roleTable = properties.getProperty("roletable");
132 String _roleTableKey = properties.getProperty("roletablekey");
133 _roleTableRoleField = properties.getProperty("roletablerolefield");
134 String _userRoleTable = properties.getProperty("userroletable");
135 String _userRoleTableUserKey = properties.getProperty("userroletableuserkey");
136 String _userRoleTableRoleKey = properties.getProperty("userroletablerolekey");
137 _cacheTime = new Integer(properties.getProperty("cachetime"));
139 if (_jdbcDriver == null || _jdbcDriver.equals("")
143 || _userName.equals("")
147 LOG.warn("UserRealm " + getName() + " has not been properly configured");
151 _userSql = "select " + _userTableKey + "," + _userTablePasswordField + " from " + _userTable + " where " + _userTableUserField + " = ?";
152 _roleSql = "select r." + _roleTableRoleField
158 + _userRoleTableUserKey
163 + _userRoleTableRoleKey;
165 Loader.loadClass(this.getClass(), _jdbcDriver).newInstance();
170 /* ------------------------------------------------------------ */
171 public String getConfig()
176 /* ------------------------------------------------------------ */
178 * Load JDBC connection configuration from properties file.
180 * @param config Filename or url of user properties file.
182 public void setConfig(String config)
185 throw new IllegalStateException("Running");
189 /* ------------------------------------------------------------ */
191 * (re)Connect to database with parameters setup by loadConfig()
193 public void connectDatabase()
197 Class.forName(_jdbcDriver);
198 _con = DriverManager.getConnection(_url, _userName, _password);
200 catch (SQLException e)
202 LOG.warn("UserRealm " + getName() + " could not connect to database; will try later", e);
204 catch (ClassNotFoundException e)
206 LOG.warn("UserRealm " + getName() + " could not connect to database; will try later", e);
210 /* ------------------------------------------------------------ */
212 public UserIdentity login(String username, Object credentials)
214 long now = System.currentTimeMillis();
215 if (now - _lastHashPurge > _cacheTime || _cacheTime == 0)
218 _lastHashPurge = now;
222 return super.login(username,credentials);
225 /* ------------------------------------------------------------ */
227 protected void loadUsers()
231 /* ------------------------------------------------------------ */
233 protected UserIdentity loadUser(String username)
241 throw new SQLException("Can't connect to database");
243 try (PreparedStatement stat1 = _con.prepareStatement(_userSql))
245 stat1.setObject(1, username);
246 try (ResultSet rs1 = stat1.executeQuery())
250 int key = rs1.getInt(_userTableKey);
251 String credentials = rs1.getString(_userTablePasswordField);
252 List<String> roles = new ArrayList<String>();
254 try (PreparedStatement stat2 = _con.prepareStatement(_roleSql))
256 stat2.setInt(1, key);
257 try (ResultSet rs2 = stat2.executeQuery())
260 roles.add(rs2.getString(_roleTableRoleField));
263 return putUser(username, credentials, roles.toArray(new String[roles.size()]));
268 catch (SQLException e)
270 LOG.warn("UserRealm " + getName() + " could not load user information from database", e);
276 /* ------------------------------------------------------------ */
277 protected UserIdentity putUser (String username, String credentials, String[] roles)
279 return putUser(username, Credential.getCredential(credentials),roles);
284 * Close an existing connection
286 private void closeConnection ()
290 if (LOG.isDebugEnabled()) LOG.debug("Closing db connection for JDBCUserRealm");
291 try { _con.close(); }catch (Exception e) {LOG.ignore(e);}