Class JdbcRealm
java.lang.Object
org.apache.shiro.realm.CachingRealm
org.apache.shiro.realm.AuthenticatingRealm
org.apache.shiro.realm.AuthorizingRealm
org.apache.shiro.realm.jdbc.JdbcRealm
- All Implemented Interfaces:
LogoutAware,Authorizer,PermissionResolverAware,RolePermissionResolverAware,org.apache.shiro.cache.CacheManagerAware,org.apache.shiro.lang.util.Initializable,org.apache.shiro.lang.util.Nameable,Realm
Realm that allows authentication and authorization via JDBC calls. The default queries suggest a potential schema
for retrieving the user's password for authentication, and querying for a user's roles and permissions. The
default queries can be overridden by setting the query properties of the realm.
If the default implementation
of authentication and authorization cannot handle your schema, this class can be subclassed and the
appropriate methods overridden. (usually
doGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken),
getRoleNamesForUser(java.sql.Connection, String),
and/or getPermissions(java.sql.Connection, String, java.util.Collection)
This realm supports caching by extending from AuthorizingRealm.- Since:
- 0.2
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionstatic enumPassword hash salt configuration. -
Field Summary
FieldsModifier and TypeFieldDescriptionprotected Stringprotected DataSourceprotected static final StringThe default query used to retrieve account data for the user.protected static final StringThe default query used to retrieve permissions that apply to a particular role.protected static final StringThe default query used to retrieve account data for the user whensaltStyleis COLUMN.protected static final StringThe default query used to retrieve the roles that apply to a user.protected booleanprotected Stringprotected booleanprotected JdbcRealm.SaltStyleprotected String -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected AuthenticationInfoRetrieves authentication data from an implementation-specific datasource (RDBMS, LDAP, etc.) for the given authentication token.protected AuthorizationInfodoGetAuthorizationInfo(PrincipalCollection principals) This implementation of the interface expects the principals collection to return a String username keyed off of this realm'snamegetPermissions(Connection conn, String username, Collection<String> roleNames) getRoleNamesForUser(Connection conn, String username) protected StringgetSaltForUser(String username) voidsetAuthenticationQuery(String authenticationQuery) Overrides the default query used to retrieve a user's password during authentication.voidsetDataSource(DataSource dataSource) Sets the datasource that should be used to retrieve connections used by this realm.voidsetPermissionsLookupEnabled(boolean permissionsLookupEnabled) Enables lookup of permissions during authorization.voidsetPermissionsQuery(String permissionsQuery) Overrides the default query used to retrieve a user's permissions during authorization.voidsetSaltIsBase64Encoded(boolean saltIsBase64Encoded) Makes it possible to switch off base64 encoding of password salt.voidsetSaltStyle(JdbcRealm.SaltStyle saltStyle) Sets the salt style.voidsetUserRolesQuery(String userRolesQuery) Overrides the default query used to retrieve a user's roles during authorization.Methods inherited from class org.apache.shiro.realm.AuthorizingRealm
afterCacheManagerSet, checkPermission, checkPermission, checkPermission, checkPermissions, checkPermissions, checkPermissions, checkRole, checkRole, checkRoles, checkRoles, checkRoles, clearCachedAuthorizationInfo, doClearCache, getAuthorizationCache, getAuthorizationCacheKey, getAuthorizationCacheName, getAuthorizationInfo, getPermissionResolver, getPermissions, getRolePermissionResolver, hasAllRoles, hasRole, hasRole, hasRoles, hasRoles, isAuthorizationCachingEnabled, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isPermittedAll, onInit, setAuthorizationCache, setAuthorizationCacheName, setAuthorizationCachingEnabled, setName, setPermissionResolver, setRolePermissionResolverMethods inherited from class org.apache.shiro.realm.AuthenticatingRealm
assertCredentialsMatch, clearCachedAuthenticationInfo, getAuthenticationCache, getAuthenticationCacheKey, getAuthenticationCacheKey, getAuthenticationCacheName, getAuthenticationInfo, getAuthenticationTokenClass, getCredentialsMatcher, init, isAuthenticationCachingEnabled, isAuthenticationCachingEnabled, setAuthenticationCache, setAuthenticationCacheName, setAuthenticationCachingEnabled, setAuthenticationTokenClass, setCredentialsMatcher, supportsMethods inherited from class org.apache.shiro.realm.CachingRealm
clearCache, getAvailablePrincipal, getCacheManager, getName, isCachingEnabled, onLogout, setCacheManager, setCachingEnabledMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.apache.shiro.lang.util.Initializable
init
-
Field Details
-
DEFAULT_AUTHENTICATION_QUERY
The default query used to retrieve account data for the user.- See Also:
-
DEFAULT_SALTED_AUTHENTICATION_QUERY
The default query used to retrieve account data for the user whensaltStyleis COLUMN.- See Also:
-
DEFAULT_USER_ROLES_QUERY
The default query used to retrieve the roles that apply to a user.- See Also:
-
DEFAULT_PERMISSIONS_QUERY
The default query used to retrieve permissions that apply to a particular role.- See Also:
-
dataSource
-
authenticationQuery
-
userRolesQuery
-
permissionsQuery
-
permissionsLookupEnabled
-
saltStyle
-
saltIsBase64Encoded
-
-
Constructor Details
-
JdbcRealm
public JdbcRealm()
-
-
Method Details
-
setDataSource
Sets the datasource that should be used to retrieve connections used by this realm.- Parameters:
dataSource- the SQL data source.
-
setAuthenticationQuery
Overrides the default query used to retrieve a user's password during authentication. When using the default implementation, this query must take the user's username as a single parameter and return a single result with the user's password as the first column. If you require a solution that does not match this query structure, you can overridedoGetAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken)or justgetPasswordForUser(java.sql.Connection, String)- Parameters:
authenticationQuery- the query to use for authentication.- See Also:
-
setUserRolesQuery
Overrides the default query used to retrieve a user's roles during authorization. When using the default implementation, this query must take the user's username as a single parameter and return a row per role with a single column containing the role name. If you require a solution that does not match this query structure, you can overridedoGetAuthorizationInfo(PrincipalCollection)or justgetRoleNamesForUser(java.sql.Connection, String)- Parameters:
userRolesQuery- the query to use for retrieving a user's roles.- See Also:
-
setPermissionsQuery
Overrides the default query used to retrieve a user's permissions during authorization. When using the default implementation, this query must take a role name as the single parameter and return a row per permission with a single column, containing the permission. If you require a solution that does not match this query structure, you can overridedoGetAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)or justgetPermissions(java.sql.Connection, String, java.util.Collection)Permissions are only retrieved if you setpermissionsLookupEnabledto true. Otherwise, this query is ignored.- Parameters:
permissionsQuery- the query to use for retrieving permissions for a role.- See Also:
-
setPermissionsLookupEnabled
Enables lookup of permissions during authorization. The default is "false" - meaning that only roles are associated with a user. Set this to true in order to lookup roles and permissions.- Parameters:
permissionsLookupEnabled- true if permissions should be looked up during authorization, or false if only roles should be looked up.
-
setSaltStyle
Sets the salt style. SeesaltStyle.- Parameters:
saltStyle- new SaltStyle to set.
-
setSaltIsBase64Encoded
Makes it possible to switch off base64 encoding of password salt. The default value is true, i.e. expect the salt from a string value in a database to be base64 encoded.- Parameters:
saltIsBase64Encoded- the saltIsBase64Encoded to set
-
doGetAuthenticationInfo
protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException Description copied from class:AuthenticatingRealmRetrieves authentication data from an implementation-specific datasource (RDBMS, LDAP, etc.) for the given authentication token. For most datasources, this means just 'pulling' authentication data for an associated subject/user and nothing more and letting Shiro do the rest. But in some systems, this method could actually perform EIS specific log-in logic in addition to just retrieving data - it is up to the Realm implementation. Anullreturn value means that no account could be associated with the specified token.- Specified by:
doGetAuthenticationInfoin classAuthenticatingRealm- Parameters:
token- the authentication token containing the user's principal and credentials.- Returns:
- an
AuthenticationInfoobject containing account data resulting from the authentication ONLY if the lookup is successful (i.e. account exists and is valid, etc.) - Throws:
AuthenticationException- if there is an error acquiring data or performing realm-specific authentication logic for the specified token
-
doGetAuthorizationInfo
This implementation of the interface expects the principals collection to return a String username keyed off of this realm'sname- Specified by:
doGetAuthorizationInfoin classAuthorizingRealm- Parameters:
principals- the primary identifying principals of the AuthorizationInfo that should be retrieved.- Returns:
- the AuthorizationInfo associated with this principals.
- See Also:
-
getRoleNamesForUser
- Throws:
SQLException
-
getPermissions
protected Set<String> getPermissions(Connection conn, String username, Collection<String> roleNames) throws SQLException - Throws:
SQLException
-
getSaltForUser
-