Package org.apache.shiro.realm.jdbc

Class JdbcRealm

    • Field Detail

      • DEFAULT_AUTHENTICATION_QUERY

        protected static final  DEFAULT_AUTHENTICATION_QUERY
        The default query used to retrieve account data for the user.
        See Also:
        Constant Field Values

      • DEFAULT_SALTED_AUTHENTICATION_QUERY

        protected static final  DEFAULT_SALTED_AUTHENTICATION_QUERY
        The default query used to retrieve account data for the user when saltStyle is COLUMN.
        See Also:
        Constant Field Values

      • DEFAULT_USER_ROLES_QUERY

        protected static final  DEFAULT_USER_ROLES_QUERY
        The default query used to retrieve the roles that apply to a user.
        See Also:
        Constant Field Values

      • DEFAULT_PERMISSIONS_QUERY

        protected static final  DEFAULT_PERMISSIONS_QUERY
        The default query used to retrieve permissions that apply to a particular role.
        See Also:
        Constant Field Values

      • dataSource

        protected  dataSource

      • authenticationQuery

        protected  authenticationQuery

      • userRolesQuery

        protected  userRolesQuery

      • permissionsQuery

        protected  permissionsQuery

      • permissionsLookupEnabled

        protected boolean permissionsLookupEnabled

      • saltIsBase64Encoded

        protected boolean saltIsBase64Encoded

    • Constructor Detail

      • JdbcRealm

        public JdbcRealm()

    • Method Detail

      • setDataSource

        public void setDataSource​( dataSource)
        Sets the datasource that should be used to retrieve connections used by this realm.
        Parameters:
        dataSource - the SQL data source.

      • setUserRolesQuery

        public void setUserRolesQuery​( userRolesQuery)
        Overrides the default query used to retrieve a user's roles during authorization. When using the default implementation, this query must take the user's username as a single parameter and return a row per role with a single column containing the role name. If you require a solution that does not match this query structure, you can override doGetAuthorizationInfo(PrincipalCollection) or just getRoleNamesForUser(java.sql.Connection,String)
        Parameters:
        userRolesQuery - the query to use for retrieving a user's roles.
        See Also:
        DEFAULT_USER_ROLES_QUERY

      • setPermissionsLookupEnabled

        public void setPermissionsLookupEnabled​(boolean permissionsLookupEnabled)
        Enables lookup of permissions during authorization. The default is "false" - meaning that only roles are associated with a user. Set this to true in order to lookup roles and permissions.
        Parameters:
        permissionsLookupEnabled - true if permissions should be looked up during authorization, or false if only roles should be looked up.

      • setSaltStyle

        public void setSaltStyle​(JdbcRealm.SaltStyle saltStyle)
        Sets the salt style. See saltStyle.
        Parameters:
        saltStyle - new SaltStyle to set.

      • setSaltIsBase64Encoded

        public void setSaltIsBase64Encoded​(boolean saltIsBase64Encoded)
        Makes it possible to switch off base64 encoding of password salt. The default value is true, ie. expect the salt from a string value in a database to be base64 encoded.
        Parameters:
        saltIsBase64Encoded - the saltIsBase64Encoded to set

      • doGetAuthenticationInfo

        protected AuthenticationInfo doGetAuthenticationInfo​(AuthenticationToken token)
                                              throws AuthenticationException
        Description copied from class: AuthenticatingRealm
        Retrieves authentication data from an implementation-specific datasource (RDBMS, LDAP, etc) for the given authentication token.

        For most datasources, this means just 'pulling' authentication data for an associated subject/user and nothing more and letting Shiro do the rest. But in some systems, this method could actually perform EIS specific log-in logic in addition to just retrieving data - it is up to the Realm implementation.

        A null return value means that no account could be associated with the specified token.

        Specified by:
        doGetAuthenticationInfo in class AuthenticatingRealm
        Parameters:
        token - the authentication token containing the user's principal and credentials.
        Returns:
        an AuthenticationInfo object containing account data resulting from the authentication ONLY if the lookup is successful (i.e. account exists and is valid, etc.)
        Throws:
        AuthenticationException - if there is an error acquiring data or performing realm-specific authentication logic for the specified token

      • getRoleNamesForUser

        protected <> getRoleNamesForUser​( conn,
                                           username)
                                   throws
        Throws:

      • getPermissions

        protected <> getPermissions​( conn,
                                      username,
                                     <> roleNames)
                              throws
        Throws:

      • getSaltForUser

        protected  getSaltForUser​( username)