|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.shiro.realm.CachingRealm org.apache.shiro.realm.AuthenticatingRealm org.apache.shiro.realm.AuthorizingRealm org.apache.shiro.realm.jdbc.JdbcRealm
public class JdbcRealm
Realm that allows authentication and authorization via JDBC calls. The default queries suggest a potential schema for retrieving the user's password for authentication, and querying for a user's roles and permissions. The default queries can be overridden by setting the query properties of the realm.
If the default implementation of authentication and authorization cannot handle your schema, this class can be subclassed and the appropriate methods overridden. (usuallydoGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
,
getRoleNamesForUser(java.sql.Connection,String)
, and/or getPermissions(java.sql.Connection,String,java.util.Collection)
This realm supports caching by extending from AuthorizingRealm
.
Nested Class Summary | |
---|---|
static class |
JdbcRealm.SaltStyle
Password hash salt configuration. |
Field Summary | |
---|---|
protected String |
authenticationQuery
|
protected DataSource |
dataSource
|
protected static String |
DEFAULT_AUTHENTICATION_QUERY
The default query used to retrieve account data for the user. |
protected static String |
DEFAULT_PERMISSIONS_QUERY
The default query used to retrieve permissions that apply to a particular role. |
protected static String |
DEFAULT_SALTED_AUTHENTICATION_QUERY
The default query used to retrieve account data for the user when saltStyle is COLUMN. |
protected static String |
DEFAULT_USER_ROLES_QUERY
The default query used to retrieve the roles that apply to a user. |
protected boolean |
permissionsLookupEnabled
|
protected String |
permissionsQuery
|
protected JdbcRealm.SaltStyle |
saltStyle
|
protected String |
userRolesQuery
|
Constructor Summary | |
---|---|
JdbcRealm()
|
Method Summary | |
---|---|
protected AuthenticationInfo |
doGetAuthenticationInfo(AuthenticationToken token)
Retrieves authentication data from an implementation-specific datasource (RDBMS, LDAP, etc) for the given authentication token. |
protected AuthorizationInfo |
doGetAuthorizationInfo(PrincipalCollection principals)
This implementation of the interface expects the principals collection to return a String username keyed off of this realm's name |
protected Set<String> |
getPermissions(Connection conn,
String username,
Collection<String> roleNames)
|
protected Set<String> |
getRoleNamesForUser(Connection conn,
String username)
|
protected String |
getSaltForUser(String username)
|
void |
setAuthenticationQuery(String authenticationQuery)
Overrides the default query used to retrieve a user's password during authentication. |
void |
setDataSource(DataSource dataSource)
Sets the datasource that should be used to retrieve connections used by this realm. |
void |
setPermissionsLookupEnabled(boolean permissionsLookupEnabled)
Enables lookup of permissions during authorization. |
void |
setPermissionsQuery(String permissionsQuery)
Overrides the default query used to retrieve a user's permissions during authorization. |
void |
setSaltStyle(JdbcRealm.SaltStyle saltStyle)
Sets the salt style. |
void |
setUserRolesQuery(String userRolesQuery)
Overrides the default query used to retrieve a user's roles during authorization. |
Methods inherited from class org.apache.shiro.realm.CachingRealm |
---|
clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabled |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface org.apache.shiro.util.Initializable |
---|
init |
Field Detail |
---|
protected static final String DEFAULT_AUTHENTICATION_QUERY
protected static final String DEFAULT_SALTED_AUTHENTICATION_QUERY
saltStyle
is COLUMN.
protected static final String DEFAULT_USER_ROLES_QUERY
protected static final String DEFAULT_PERMISSIONS_QUERY
protected DataSource dataSource
protected String authenticationQuery
protected String userRolesQuery
protected String permissionsQuery
protected boolean permissionsLookupEnabled
protected JdbcRealm.SaltStyle saltStyle
Constructor Detail |
---|
public JdbcRealm()
Method Detail |
---|
public void setDataSource(DataSource dataSource)
dataSource
- the SQL data source.public void setAuthenticationQuery(String authenticationQuery)
doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)
or
just getPasswordForUser(java.sql.Connection,String)
authenticationQuery
- the query to use for authentication.DEFAULT_AUTHENTICATION_QUERY
public void setUserRolesQuery(String userRolesQuery)
doGetAuthorizationInfo(PrincipalCollection)
or just
getRoleNamesForUser(java.sql.Connection,String)
userRolesQuery
- the query to use for retrieving a user's roles.DEFAULT_USER_ROLES_QUERY
public void setPermissionsQuery(String permissionsQuery)
doGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
or just
getPermissions(java.sql.Connection,String,java.util.Collection)
Permissions are only retrieved if you set permissionsLookupEnabled
to true. Otherwise,
this query is ignored.
permissionsQuery
- the query to use for retrieving permissions for a role.DEFAULT_PERMISSIONS_QUERY
,
setPermissionsLookupEnabled(boolean)
public void setPermissionsLookupEnabled(boolean permissionsLookupEnabled)
permissionsLookupEnabled
- true if permissions should be looked up during authorization, or false if only
roles should be looked up.public void setSaltStyle(JdbcRealm.SaltStyle saltStyle)
saltStyle
.
saltStyle
- new SaltStyle to set.protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException
AuthenticatingRealm
null
return value means that no account could be associated with the specified token.
doGetAuthenticationInfo
in class AuthenticatingRealm
token
- the authentication token containing the user's principal and credentials.
AuthenticationInfo
object containing account data resulting from the
authentication ONLY if the lookup is successful (i.e. account exists and is valid, etc.)
AuthenticationException
- if there is an error acquiring data or performing
realm-specific authentication logic for the specified tokenprotected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals)
name
doGetAuthorizationInfo
in class AuthorizingRealm
principals
- the primary identifying principals of the AuthorizationInfo that should be retrieved.
AuthorizingRealm.getAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
protected Set<String> getRoleNamesForUser(Connection conn, String username) throws SQLException
SQLException
protected Set<String> getPermissions(Connection conn, String username, Collection<String> roleNames) throws SQLException
SQLException
protected String getSaltForUser(String username)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |