Package org.apache.derby.iapi.jdbc

Examples of org.apache.derby.iapi.jdbc.AuthenticationService

1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
    // otherwise check if it is a valid user in the JBMS system.
    //
    // NOTE: We always expect an authentication service per database
    // and one at the system level.
    //
    AuthenticationService authenticationService = null;

        try {
            // Retrieve appropriate authentication service handle
            if (dbname == null)
                authenticationService =
                    getLocalDriver().getAuthenticationService();
            else
                authenticationService =
                    getTR().getDatabase().getAuthenticationService();

        } catch (StandardException se) {
            throw Util.generateCsSQLException(se);
        }

    // check that we do have a authentication service
    // it is _always_ expected.
    if (authenticationService == null)
    {
      String failedString = MessageService.getTextMessage(
        (dbname == null) ? MessageId.AUTH_NO_SERVICE_FOR_SYSTEM : MessageId.AUTH_NO_SERVICE_FOR_DB);

      throw newSQLException(SQLState.LOGIN_FAILED, failedString);
    }

    if (dbname != null) {
      checkUserIsNotARole();
    }

    // Let's authenticate now
     
    if (!authenticationService.authenticate(
                         dbname,
                         userInfo
                         )) {

      throw newSQLException(SQLState.NET_CONNECT_AUTH_FAILED,
View Full Code Here
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
    // otherwise check if it is a valid user in the JBMS system.
    //
    // NOTE: We always expect an authentication service per database
    // and one at the system level.
    //
    AuthenticationService authenticationService = null;

        try {
            // Retrieve appropriate authentication service handle
            if (dbname == null)
                authenticationService =
                    getLocalDriver().getAuthenticationService();
            else
                authenticationService =
                    getTR().getDatabase().getAuthenticationService();

        } catch (StandardException se) {
            throw Util.generateCsSQLException(se);
        }

    // check that we do have a authentication service
    // it is _always_ expected.
    if (authenticationService == null)
    {
      String failedString = MessageService.getTextMessage(
        (dbname == null) ? MessageId.AUTH_NO_SERVICE_FOR_SYSTEM : MessageId.AUTH_NO_SERVICE_FOR_DB);

      throw newSQLException(SQLState.LOGIN_FAILED, failedString);
    }

    if (dbname != null) {
      checkUserIsNotARole();
    }

    // Let's authenticate now
     
    if (!authenticationService.authenticate(
                         dbname,
                         userInfo
                         )) {

      throw newSQLException(SQLState.NET_CONNECT_AUTH_FAILED,
View Full Code Here
7920
7921
7922
7923
7924
7925
7926
7927
7928
7929
7930
7931
7932
7933
7934
7935
7936
7937
7938
7939
7940
7941
7942
7943
7944
7945
7946
7947
7948
7949
7950
7951
7952
7953
7954
7955
7956
7957
7958
7959
7960
7961
7962
7963
7964
7965
7966
7967
7968
7969
7970
7971
7972
7973
7974
7975
7976
7977
7978
7979
7980
7981
7982
7983
7984
7985
7986
7987
7988
7989
7990
7991
7992
7993
7994
7995
7996
7997
7998
7999
8000
8001
8002
8003
8004
8005
8006
8007
8008
8009
8010
8011
8012
8013
8014
8015
8016
8017
8018
8019
     @return security check code - 0 if everything O.K.
     */
    private int validateSecMecUSRSSBPWD() throws  DRDAProtocolException
    {
        String dbName = null;
        AuthenticationService authenticationService = null;
        org.apache.derby.iapi.db.Database databaseObj = null;
        String srvrlslv = appRequester.srvrlslv;

        // Check if application requester is the Derby Network Client (DNC)
        //
        // We use a trick here - as the product ID is not yet available
        // since ACCRDB message is only coming later, we check the server
        // release level field sent as part of the initial EXCSAT message;
        // indeed, the product ID (PRDID) is prefixed to in the field.
        // Derby always sets it as part of the EXCSAT message so if it is
        // not available, we stop here and inform the requester that
        // SECMEC_USRSSBPWD cannot be supported for this connection.
        if ((srvrlslv == null) || (srvrlslv.length() == 0) ||
            (srvrlslv.length() < CodePoint.PRDID_MAX) ||
            (srvrlslv.indexOf(DRDAConstants.DERBY_DRDA_CLIENT_ID)
                    == -1))
            return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported


        // Client product version is extracted from the srvrlslv field.
        // srvrlslv has the format <PRDID>/<ALTERNATE VERSION FORMAT>
        // typically, a known Derby client has a four part version number
        // with a pattern such as DNC10020/10.2.0.3 alpha. If the alternate
        // version format is not specified, clientProductVersion_ will just
        // be set to the srvrlslvl. Final fallback will be the product id.
        //
        // SECMEC_USRSSBPWD is only supported by the Derby engine and network
        // server code starting at version major '10' and minor '02'. Hence,
        // as this is the same for the derby client driver, we need to ensure
        // our DNC client is at version and release level of 10.2 at least.
        // We set the client version in the application requester and check
        // if it is at the level we require at a minimum.
        appRequester.setClientVersion(
                srvrlslv.substring(0, (int) CodePoint.PRDID_MAX));

        if (appRequester.supportsSecMecUSRSSBPWD() == false)
            return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported

        dbName = database.shortDbName;
        // Check if the database is available (booted)
        //
        // First we need to have the database name available and it should
        // have been set as part of the ACCSEC request (in the case of a Derby
        // 'DNC' client)
        if ((dbName == null) || (dbName.length() == 0))
        {
            // No database specified in the connection URL attributes
            //
            // In this case, we get the authentication service handle from the
            // local driver, as the requester may simply be trying to shutdown
            // the engine.
            authenticationService = ((InternalDriver)
              NetworkServerControlImpl.getDriver()).getAuthenticationService();
        }
        else
        {
            // We get the authentication service from the database as this
            // last one might have specified its own auth provider (at the
            // database level).
            //
            // if monitor is never setup by any ModuleControl, getMonitor
            // returns null and no cloudscape database has been booted.
            if (Monitor.getMonitor() != null)
                databaseObj = (org.apache.derby.iapi.db.Database)
                    Monitor.findService(Property.DATABASE_MODULE, dbName);

            if (databaseObj == null)
            {
                // If database is not found, try connecting to it.
                database.makeDummyConnection();

                // now try to find it again
                databaseObj = (org.apache.derby.iapi.db.Database)
                    Monitor.findService(Property.DATABASE_MODULE, dbName);
            }

            // If database still could not be found, it means the database
            // does not exist - we just return security mechanism not
            // supported down below as we could not verify we can handle
            // it.
            if (databaseObj != null)
                authenticationService =
                        databaseObj.getAuthenticationService();
        }

        // Now we check if the authentication provider is NONE or BUILTIN
        if (authenticationService != null)
        {
            String authClassName = authenticationService.getClass().getName();
               
            if (!authClassName.equals(AUTHENTICATION_PROVIDER_BUILTIN_CLASS) &&
                !authClassName.equals(AUTHENTICATION_PROVIDER_NONE_CLASS))
                return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported
        }
View Full Code Here
8080
8081
8082
8083
8084
8085
8086
8087
8088
8089
8090
8091
8092
8093
8094
8095
8096
8097
8098
8099
8100
8101
8102
8103
8104
8105
8106
8107
8108
8109
8110
8111
8112
8113
8114
8115
8116
8117
8118
8119
8120
8121
8122
8123
8124
8125
8126
8127
8128
8129
8130
8131
8132
8133
8134
8135
8136
8137
8138
8139
8140
8141
8142
8143
8144
8145
8146
8147
8148
8149
8150
8151
8152
8153
8154
8155
8156
8157
8158
8159
8160
8161
8162
8163
8164
8165
8166
8167
8168
8169
8170
8171
8172
8173
8174
8175
8176
8177
8178
8179
     @return security check code - 0 if everything O.K.
     */
    private int validateSecMecUSRSSBPWD() throws  DRDAProtocolException
    {
        String dbName = null;
        AuthenticationService authenticationService = null;
        org.apache.derby.iapi.db.Database databaseObj = null;
        String srvrlslv = appRequester.srvrlslv;

        // Check if application requester is the Derby Network Client (DNC)
        //
        // We use a trick here - as the product ID is not yet available
        // since ACCRDB message is only coming later, we check the server
        // release level field sent as part of the initial EXCSAT message;
        // indeed, the product ID (PRDID) is prefixed to in the field.
        // Derby always sets it as part of the EXCSAT message so if it is
        // not available, we stop here and inform the requester that
        // SECMEC_USRSSBPWD cannot be supported for this connection.
        if ((srvrlslv == null) || (srvrlslv.length() == 0) ||
            (srvrlslv.length() < CodePoint.PRDID_MAX) ||
            (srvrlslv.indexOf(DRDAConstants.DERBY_DRDA_CLIENT_ID)
                    == -1))
            return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported


        // Client product version is extracted from the srvrlslv field.
        // srvrlslv has the format <PRDID>/<ALTERNATE VERSION FORMAT>
        // typically, a known Derby client has a four part version number
        // with a pattern such as DNC10020/10.2.0.3 alpha. If the alternate
        // version format is not specified, clientProductVersion_ will just
        // be set to the srvrlslvl. Final fallback will be the product id.
        //
        // SECMEC_USRSSBPWD is only supported by the Derby engine and network
        // server code starting at version major '10' and minor '02'. Hence,
        // as this is the same for the derby client driver, we need to ensure
        // our DNC client is at version and release level of 10.2 at least.
        // We set the client version in the application requester and check
        // if it is at the level we require at a minimum.
        appRequester.setClientVersion(
                srvrlslv.substring(0, (int) CodePoint.PRDID_MAX));

        if (appRequester.supportsSecMecUSRSSBPWD() == false)
            return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported

        dbName = database.shortDbName;
        // Check if the database is available (booted)
        //
        // First we need to have the database name available and it should
        // have been set as part of the ACCSEC request (in the case of a Derby
        // 'DNC' client)
        if ((dbName == null) || (dbName.length() == 0))
        {
            // No database specified in the connection URL attributes
            //
            // In this case, we get the authentication service handle from the
            // local driver, as the requester may simply be trying to shutdown
            // the engine.
            authenticationService = ((InternalDriver)
              NetworkServerControlImpl.getDriver()).getAuthenticationService();
        }
        else
        {
            // We get the authentication service from the database as this
            // last one might have specified its own auth provider (at the
            // database level).
            //
            // if monitor is never setup by any ModuleControl, getMonitor
            // returns null and no Derby database has been booted.
            if (Monitor.getMonitor() != null)
                databaseObj = (org.apache.derby.iapi.db.Database)
                    Monitor.findService(Property.DATABASE_MODULE, dbName);

            if (databaseObj == null)
            {
                // If database is not found, try connecting to it.
                database.makeDummyConnection();

                // now try to find it again
                databaseObj = (org.apache.derby.iapi.db.Database)
                    Monitor.findService(Property.DATABASE_MODULE, dbName);
            }

            // If database still could not be found, it means the database
            // does not exist - we just return security mechanism not
            // supported down below as we could not verify we can handle
            // it.
            if (databaseObj != null)
                authenticationService =
                        databaseObj.getAuthenticationService();
        }

        // Now we check if the authentication provider is NONE or BUILTIN
        if (authenticationService != null)
        {
            String authClassName = authenticationService.getClass().getName();
               
            if (!authClassName.equals(AUTHENTICATION_PROVIDER_BUILTIN_CLASS) &&
                !authClassName.equals(AUTHENTICATION_PROVIDER_NONE_CLASS))
                return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported
        }
View Full Code Here
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
    // otherwise check if it is a valid user in the JBMS system.
    //
    // NOTE: We always expect an authentication service per database
    // and one at the system level.
    //
    AuthenticationService authenticationService = null;

    // Retrieve appropriate authentication service handle
    if (dbname == null)
      authenticationService = getLocalDriver().getAuthenticationService();
    else
      authenticationService = getTR().getDatabase().getAuthenticationService();

    // check that we do have a authentication service
    // it is _always_ expected.
    if (authenticationService == null)
    {
      String failedString = MessageService.getTextMessage(
        (dbname == null) ? MessageId.AUTH_NO_SERVICE_FOR_SYSTEM : MessageId.AUTH_NO_SERVICE_FOR_DB);

      throw newSQLException(SQLState.LOGIN_FAILED, failedString);
    }
   
    // Let's authenticate now
     
    if (!authenticationService.authenticate(
                         dbname,
                         userInfo
                         )) {

      throw newSQLException(SQLState.LOGIN_FAILED, MessageService.getTextMessage(MessageId.AUTH_INVALID));
View Full Code Here
8383
8384
8385
8386
8387
8388
8389
8390
8391
8392
8393
8394
8395
8396
8397
8398
8399
8400
8401
8402
8403
8404
8405
8406
8407
8408
8409
8410
8411
8412
8413
8414
8415
8416
8417
8418
8419
8420
8421
8422
8423
8424
8425
8426
8427
8428
8429
8430
8431
8432
8433
8434
8435
8436
8437
8438
8439
8440
8441
8442
8443
8444
8445
8446
8447
8448
8449
8450
8451
8452
8453
8454
8455
8456
8457
8458
8459
8460
8461
8462
8463
8464
8465
8466
8467
8468
8469
8470
8471
8472
8473
8474
8475
8476
8477
8478
8479
8480
8481
8482
8483
8484
8485
8486
8487
8488
8489
     @return security check code - 0 if everything O.K.
     */
    private int validateSecMecUSRSSBPWD() throws  DRDAProtocolException
    {
        String dbName = null;
        AuthenticationService authenticationService = null;
        org.apache.derby.iapi.db.Database databaseObj = null;
        String srvrlslv = appRequester.srvrlslv;

        // Check if application requester is the Derby Network Client (DNC)
        //
        // We use a trick here - as the product ID is not yet available
        // since ACCRDB message is only coming later, we check the server
        // release level field sent as part of the initial EXCSAT message;
        // indeed, the product ID (PRDID) is prefixed to in the field.
        // Derby always sets it as part of the EXCSAT message so if it is
        // not available, we stop here and inform the requester that
        // SECMEC_USRSSBPWD cannot be supported for this connection.
        if ((srvrlslv == null) || (srvrlslv.length() == 0) ||
            (srvrlslv.length() < CodePoint.PRDID_MAX) ||
            (srvrlslv.indexOf(DRDAConstants.DERBY_DRDA_CLIENT_ID)
                    == -1))
            return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported


        // Client product version is extracted from the srvrlslv field.
        // srvrlslv has the format <PRDID>/<ALTERNATE VERSION FORMAT>
        // typically, a known Derby client has a four part version number
        // with a pattern such as DNC10020/10.2.0.3 alpha. If the alternate
        // version format is not specified, clientProductVersion_ will just
        // be set to the srvrlslvl. Final fallback will be the product id.
        //
        // SECMEC_USRSSBPWD is only supported by the Derby engine and network
        // server code starting at version major '10' and minor '02'. Hence,
        // as this is the same for the derby client driver, we need to ensure
        // our DNC client is at version and release level of 10.2 at least.
        // We set the client version in the application requester and check
        // if it is at the level we require at a minimum.
        appRequester.setClientVersion(
                srvrlslv.substring(0, (int) CodePoint.PRDID_MAX));

        if (appRequester.supportsSecMecUSRSSBPWD() == false)
            return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported

        dbName = database.shortDbName;
        // Check if the database is available (booted)
        //
        // First we need to have the database name available and it should
        // have been set as part of the ACCSEC request (in the case of a Derby
        // 'DNC' client)
        if ((dbName == null) || (dbName.length() == 0))
        {
            // No database specified in the connection URL attributes
            //
            // In this case, we get the authentication service handle from the
            // local driver, as the requester may simply be trying to shutdown
            // the engine.
            authenticationService = ((InternalDriver)
              NetworkServerControlImpl.getDriver()).getAuthenticationService();
        }
        else
        {
            // We get the authentication service from the database as this
            // last one might have specified its own auth provider (at the
            // database level).
            //
            // if monitor is never setup by any ModuleControl, getMonitor
            // returns null and no Derby database has been booted.
            if (Monitor.getMonitor() != null)
                databaseObj = (org.apache.derby.iapi.db.Database)
                    Monitor.findService(Property.DATABASE_MODULE, dbName);

            if (databaseObj == null)
            {
                // If database is not found, try connecting to it.
                database.makeDummyConnection();

                // now try to find it again
                databaseObj = (org.apache.derby.iapi.db.Database)
                    Monitor.findService(Property.DATABASE_MODULE, dbName);
            }

            // If database still could not be found, it means the database
            // does not exist - we just return security mechanism not
            // supported down below as we could not verify we can handle
            // it.
            try {
                if (databaseObj != null)
                    authenticationService =
                        databaseObj.getAuthenticationService();
            } catch (StandardException se) {
                println2Log(null, session.drdaID, se.getMessage());
                // Local security service non-retryable error.
                return CodePoint.SECCHKCD_0A;
            }

        }

        // Now we check if the authentication provider is NONE or BUILTIN
        if (authenticationService != null)
        {
            String authClassName = authenticationService.getClass().getName();
               
            if (!authClassName.equals(AUTHENTICATION_PROVIDER_BUILTIN_CLASS) &&
                !authClassName.equals(AUTHENTICATION_PROVIDER_NONE_CLASS))
                return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported
        }
View Full Code Here
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
    /**
     * @throws SQLException if authentication or privileges check fails
     */
    public void checkShutdownPrivileges() throws SQLException {   
        // get the system's authentication service
        final AuthenticationService auth
            = ((AuthenticationService)
               Monitor.findService(AuthenticationService.MODULE,
                                   "authentication"));

        // authenticate user
        if (auth != null) {
            final Properties finfo = new Properties();
            if (userArg != null) {
                finfo.setProperty("user", userArg);
            }
            if (passwordArg != null) {
                finfo.setProperty("password", passwordArg);
            }
            if (!auth.authenticate((String)null, finfo)) {
                // not a valid user
                throw Util.generateCsSQLException(
                SQLState.NET_CONNECT_AUTH_FAILED,
                MessageService.getTextMessage(MessageId.AUTH_INVALID));
            }
View Full Code Here
154
155
156
157
158
159
160
161
162
163
164
                              LanguageConnectionContext lcc,
                              DataDictionary dd,
                              TransactionController tc)
            throws StandardException {
        //
        AuthenticationService s = lcc.getDatabase().getAuthenticationService();

        if (currentUser.equals(roleName)) {
            return true;
        }
View Full Code Here
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
    // otherwise check if it is a valid user in the JBMS system.
    //
    // NOTE: We always expect an authentication service per database
    // and one at the system level.
    //
    AuthenticationService authenticationService = null;

        try {
            // Retrieve appropriate authentication service handle
            if (dbname == null)
                authenticationService =
                    getLocalDriver().getAuthenticationService();
            else
                authenticationService =
                    getTR().getDatabase().getAuthenticationService();

        } catch (StandardException se) {
            throw Util.generateCsSQLException(se);
        }

    // check that we do have a authentication service
    // it is _always_ expected.
    if (authenticationService == null)
    {
      String failedString = MessageService.getTextMessage(
        (dbname == null) ? MessageId.AUTH_NO_SERVICE_FOR_SYSTEM : MessageId.AUTH_NO_SERVICE_FOR_DB);

      throw newSQLException(SQLState.LOGIN_FAILED, failedString);
    }

    if (dbname != null) {
      checkUserIsNotARole();
    }

    // Let's authenticate now
     
    if (!authenticationService.authenticate(
                         dbname,
                         userInfo
                         )) {

      throw newSQLException(SQLState.NET_CONNECT_AUTH_FAILED,
View Full Code Here
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
    /**
     * @throws SQLException if authentication or privileges check fails
     */
    public void checkShutdownPrivileges() throws SQLException {   
        // get the system's authentication service
        final AuthenticationService auth
            = ((AuthenticationService)
               Monitor.findService(AuthenticationService.MODULE,
                                   "authentication"));

        // authenticate user
        if (auth != null) {
            final Properties finfo = new Properties();
            if (userArg != null) {
                finfo.setProperty("user", userArg);
            }
            if (passwordArg != null) {
                finfo.setProperty("password", passwordArg);
            }
            if (!auth.authenticate((String)null, finfo)) {
                // not a valid user
                throw Util.generateCsSQLException(
                SQLState.NET_CONNECT_AUTH_FAILED,
                MessageService.getTextMessage(MessageId.AUTH_INVALID));
            }
View Full Code Here
TOP

Related Classes of org.apache.derby.iapi.jdbc.AuthenticationService

  • org.apache.derby.impl.drda.DRDAConnThread
  • org.apache.derby.impl.drda.NetworkServerControlImpl
  • org.apache.derby.impl.jdbc.EmbedConnection
  • org.apache.derby.impl.sql.execute.CreateRoleConstantAction
    • Copyright © 2018 www.massapicom. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.