Package org.apache.derby.iapi.jdbc

Examples of org.apache.derby.iapi.jdbc.AuthenticationService


    /**
     * @throws SQLException if authentication or privileges check fails
     */
    public void checkShutdownPrivileges() throws SQLException {   
        // get the system's authentication service
        final AuthenticationService auth
            = ((AuthenticationService)
               Monitor.findService(AuthenticationService.MODULE,
                                   "authentication"));

        // authenticate user
        if (auth != null) {
            final Properties finfo = new Properties();
            if (userArg != null) {
                finfo.setProperty("user", userArg);
            }
            if (passwordArg != null) {
                finfo.setProperty("password", passwordArg);
            }
            if (!auth.authenticate((String)null, finfo)) {
                // not a valid user
                throw Util.generateCsSQLException(
                SQLState.NET_CONNECT_AUTH_FAILED,
                MessageService.getTextMessage(MessageId.AUTH_INVALID));
            }
View Full Code Here


     *
     *  @return security check code - 0 if everything O.K.
     */
    private int validateSecMecUSRSSBPWD() throws  DRDAProtocolException
    {
        AuthenticationService authenticationService = null;
        org.apache.derby.iapi.db.Database databaseObj = null;
        String srvrlslv = appRequester.srvrlslv;

        // Check if application requester is the Derby Network Client (DNC)
        //
        // We use a trick here - as the product ID is not yet available
        // since ACCRDB message is only coming later, we check the server
        // release level field sent as part of the initial EXCSAT message;
        // indeed, the product ID (PRDID) is prefixed to in the field.
        // Derby always sets it as part of the EXCSAT message so if it is
        // not available, we stop here and inform the requester that
        // SECMEC_USRSSBPWD cannot be supported for this connection.
        if ((srvrlslv == null) || (srvrlslv.length() == 0) ||
            (srvrlslv.length() < CodePoint.PRDID_MAX) ||
            (srvrlslv.indexOf(DRDAConstants.DERBY_DRDA_CLIENT_ID)
                    == -1)) {
            return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported
        }


        // Client product version is extracted from the srvrlslv field.
        // srvrlslv has the format <PRDID>/<ALTERNATE VERSION FORMAT>
        // typically, a known Derby client has a four part version number
        // with a pattern such as DNC10020/10.2.0.3 alpha. If the alternate
        // version format is not specified, clientProductVersion_ will just
        // be set to the srvrlslvl. Final fallback will be the product id.
        //
        // SECMEC_USRSSBPWD is only supported by the Derby engine and network
        // server code starting at version major '10' and minor '02'. Hence,
        // as this is the same for the derby client driver, we need to ensure
        // our DNC client is at version and release level of 10.2 at least.
        // We set the client version in the application requester and check
        // if it is at the level we require at a minimum.
        appRequester.setClientVersion(
                srvrlslv.substring(0, (int) CodePoint.PRDID_MAX));

        if (appRequester.supportsSecMecUSRSSBPWD() == false) {
            return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported
        }

        String dbName = database.getShortDbName();
        // Check if the database is available (booted)
        //
        // First we need to have the database name available and it should
        // have been set as part of the ACCSEC request (in the case of a Derby
        // 'DNC' client)
        if ((dbName == null) || (dbName.length() == 0))
        {
            // No database specified in the connection URL attributes
            //
            // In this case, we get the authentication service handle from the
            // local driver, as the requester may simply be trying to shutdown
            // the engine.
            authenticationService = ((InternalDriver)
              NetworkServerControlImpl.getDriver()).getAuthenticationService();
        }
        else
        {
            // We get the authentication service from the database as this
            // last one might have specified its own auth provider (at the
            // database level).
            //
            // if monitor is never setup by any ModuleControl, getMonitor
            // returns null and no Derby database has been booted.
            if (Monitor.getMonitor() != null) {
                databaseObj = (org.apache.derby.iapi.db.Database)
                    Monitor.findService(Property.DATABASE_MODULE, dbName);
            }

            if (databaseObj == null)
            {
                // If database is not found, try connecting to it.
                database.makeDummyConnection();

                // now try to find it again
                databaseObj = (org.apache.derby.iapi.db.Database)
                    Monitor.findService(Property.DATABASE_MODULE, dbName);
            }

            // If database still could not be found, it means the database
            // does not exist - we just return security mechanism not
            // supported down below as we could not verify we can handle
            // it.
            try {
                if (databaseObj != null) {
                    authenticationService =
                        databaseObj.getAuthenticationService();
                }
            } catch (StandardException se) {
                println2Log(null, session.drdaID, se.getMessage());
                // Local security service non-retryable error.
                return CodePoint.SECCHKCD_0A;
            }

        }

        // Now we check if the authentication provider is NONE or BUILTIN
        if (authenticationService != null)
        {
            String authClassName = authenticationService.getClass().getName();
               
            if (!authClassName.equals(AUTHENTICATION_PROVIDER_BUILTIN_CLASS) &&
                !authClassName.equals(AUTHENTICATION_PROVIDER_NONE_CLASS)) {
                return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported
            }
View Full Code Here

    // otherwise check if it is a valid user in the JBMS system.
    //
    // NOTE: We always expect an authentication service per database
    // and one at the system level.
    //
    AuthenticationService authenticationService = null;

        try {
            // Retrieve appropriate authentication service handle
            if (dbname == null)
                authenticationService =
                    getLocalDriver().getAuthenticationService();
            else
                authenticationService =
                    getTR().getDatabase().getAuthenticationService();

        } catch (StandardException se) {
            throw Util.generateCsSQLException(se);
        }

    // check that we do have a authentication service
    // it is _always_ expected.
    if (authenticationService == null)
    {
      String failedString = MessageService.getTextMessage(
        (dbname == null) ? MessageId.AUTH_NO_SERVICE_FOR_SYSTEM : MessageId.AUTH_NO_SERVICE_FOR_DB);

      throw newSQLException(SQLState.LOGIN_FAILED, failedString);
    }

        //
        // We must handle the special case when the system uses NATIVE
        // authentication for system-wide operations but we are being
        // asked to create the system-wide credentials database. In this situation,
        // the database holding the credentials does not exist yet. In this situation,
        // we are supposed to create the credentials database and store the
        // creation credentials in that database as the credentials of the system administrator.
        //
        if (
            creatingDatabase &&
            compareDatabaseNames( getDBName(), authenticationService.getSystemCredentialsDatabaseName() )
            )
        {
            //
            // NATIVE authentication using a system-wide credentials database
            // which is being created now. Allow this to succeed. However, here we make sure that
            // the credentials are legal. This prevents the credentials db from being
            // created with a bad DBO or password.
            //
            String  user = userInfo.getProperty(Attribute.USERNAME_ATTR);
            String  password = userInfo.getProperty(Attribute.PASSWORD_ATTR);

            if ( emptyCredential( user ) || emptyCredential( password ) )
            {
                throw newSQLException( SQLState.AUTH_EMPTY_CREDENTIALS );
            }
           
            return;
        }

        //
        // If we are creating a database, we set the dbname
        //

        if (dbname != null) {
      checkUserIsNotARole();
    }

    // Let's authenticate now

        boolean authenticationSucceeded = true;

        try {
            authenticationSucceeded = authenticationService.authenticate( dbname, userInfo );
        }
        catch (SQLWarning warnings)
        {
            //
            // Let the user handle the warning that her password is about to expire.
View Full Code Here

     @return security check code - 0 if everything O.K.
     */
    private int validateSecMecUSRSSBPWD() throws  DRDAProtocolException
    {
        String dbName = null;
        AuthenticationService authenticationService = null;
        org.apache.derby.iapi.db.Database databaseObj = null;
        String srvrlslv = appRequester.srvrlslv;

        // Check if application requester is the Derby Network Client (DNC)
        //
        // We use a trick here - as the product ID is not yet available
        // since ACCRDB message is only coming later, we check the server
        // release level field sent as part of the initial EXCSAT message;
        // indeed, the product ID (PRDID) is prefixed to in the field.
        // Derby always sets it as part of the EXCSAT message so if it is
        // not available, we stop here and inform the requester that
        // SECMEC_USRSSBPWD cannot be supported for this connection.
        if ((srvrlslv == null) || (srvrlslv.length() == 0) ||
            (srvrlslv.length() < CodePoint.PRDID_MAX) ||
            (srvrlslv.indexOf(DRDAConstants.DERBY_DRDA_CLIENT_ID)
                    == -1))
            return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported


        // Client product version is extracted from the srvrlslv field.
        // srvrlslv has the format <PRDID>/<ALTERNATE VERSION FORMAT>
        // typically, a known Derby client has a four part version number
        // with a pattern such as DNC10020/10.2.0.3 alpha. If the alternate
        // version format is not specified, clientProductVersion_ will just
        // be set to the srvrlslvl. Final fallback will be the product id.
        //
        // SECMEC_USRSSBPWD is only supported by the Derby engine and network
        // server code starting at version major '10' and minor '02'. Hence,
        // as this is the same for the derby client driver, we need to ensure
        // our DNC client is at version and release level of 10.2 at least.
        // We set the client version in the application requester and check
        // if it is at the level we require at a minimum.
        appRequester.setClientVersion(
                srvrlslv.substring(0, (int) CodePoint.PRDID_MAX));

        if (appRequester.supportsSecMecUSRSSBPWD() == false)
            return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported

        dbName = database.getShortDbName();
        // Check if the database is available (booted)
        //
        // First we need to have the database name available and it should
        // have been set as part of the ACCSEC request (in the case of a Derby
        // 'DNC' client)
        if ((dbName == null) || (dbName.length() == 0))
        {
            // No database specified in the connection URL attributes
            //
            // In this case, we get the authentication service handle from the
            // local driver, as the requester may simply be trying to shutdown
            // the engine.
            authenticationService = ((InternalDriver)
              NetworkServerControlImpl.getDriver()).getAuthenticationService();
        }
        else
        {
            // We get the authentication service from the database as this
            // last one might have specified its own auth provider (at the
            // database level).
            //
            // if monitor is never setup by any ModuleControl, getMonitor
            // returns null and no Derby database has been booted.
            if (Monitor.getMonitor() != null)
                databaseObj = (org.apache.derby.iapi.db.Database)
                    Monitor.findService(Property.DATABASE_MODULE, dbName);

            if (databaseObj == null)
            {
                // If database is not found, try connecting to it.
                database.makeDummyConnection();

                // now try to find it again
                databaseObj = (org.apache.derby.iapi.db.Database)
                    Monitor.findService(Property.DATABASE_MODULE, dbName);
            }

            // If database still could not be found, it means the database
            // does not exist - we just return security mechanism not
            // supported down below as we could not verify we can handle
            // it.
            try {
                if (databaseObj != null)
                    authenticationService =
                        databaseObj.getAuthenticationService();
            } catch (StandardException se) {
                println2Log(null, session.drdaID, se.getMessage());
                // Local security service non-retryable error.
                return CodePoint.SECCHKCD_0A;
            }

        }

        // Now we check if the authentication provider is NONE or BUILTIN
        if (authenticationService != null)
        {
            String authClassName = authenticationService.getClass().getName();
               
            if (!authClassName.equals(AUTHENTICATION_PROVIDER_BUILTIN_CLASS) &&
                !authClassName.equals(AUTHENTICATION_PROVIDER_NONE_CLASS))
                return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported
        }
View Full Code Here

    /**
     * @throws SQLException if authentication or privileges check fails
     */
    public void checkShutdownPrivileges() throws SQLException {   
        // get the system's authentication service
        final AuthenticationService auth
            = ((AuthenticationService)
               Monitor.findService(AuthenticationService.MODULE,
                                   "authentication"));

        // authenticate user
        if (auth != null) {
            final Properties finfo = new Properties();
            if (userArg != null) {
                finfo.setProperty("user", userArg);
            }
            if (passwordArg != null) {
                finfo.setProperty("password", passwordArg);
            }
            if (!auth.authenticate((String)null, finfo)) {
                // not a valid user
                throw Util.generateCsSQLException(
                SQLState.NET_CONNECT_AUTH_FAILED,
                MessageService.getTextMessage(MessageId.AUTH_INVALID));
            }
View Full Code Here

    // otherwise check if it is a valid user in the JBMS system.
    //
    // NOTE: We always expect an authentication service per database
    // and one at the system level.
    //
    AuthenticationService authenticationService = null;

        try {
            // Retrieve appropriate authentication service handle
            if (dbname == null)
                authenticationService =
                    getLocalDriver().getAuthenticationService();
            else
                authenticationService =
                    getTR().getDatabase().getAuthenticationService();

        } catch (StandardException se) {
            throw Util.generateCsSQLException(se);
        }

    // check that we do have a authentication service
    // it is _always_ expected.
    if (authenticationService == null)
    {
      String failedString = MessageService.getTextMessage(
        (dbname == null) ? MessageId.AUTH_NO_SERVICE_FOR_SYSTEM : MessageId.AUTH_NO_SERVICE_FOR_DB);

      throw newSQLException(SQLState.LOGIN_FAILED, failedString);
    }

    if (dbname != null) {
      checkUserIsNotARole();
    }

    // Let's authenticate now
     
    if (!authenticationService.authenticate(
                         dbname,
                         userInfo
                         )) {

      throw newSQLException(SQLState.NET_CONNECT_AUTH_FAILED,
View Full Code Here

    // otherwise check if it is a valid user in the JBMS system.
    //
    // NOTE: We always expect an authentication service per database
    // and one at the system level.
    //
    AuthenticationService authenticationService = null;

        try {
            // Retrieve appropriate authentication service handle
            if (dbname == null)
                authenticationService =
                    getLocalDriver().getAuthenticationService();
            else
                authenticationService =
                    getTR().getDatabase().getAuthenticationService();

        } catch (StandardException se) {
            throw Util.generateCsSQLException(se);
        }

    // check that we do have a authentication service
    // it is _always_ expected.
    if (authenticationService == null)
    {
      String failedString = MessageService.getTextMessage(
        (dbname == null) ? MessageId.AUTH_NO_SERVICE_FOR_SYSTEM : MessageId.AUTH_NO_SERVICE_FOR_DB);

      throw newSQLException(SQLState.LOGIN_FAILED, failedString);
    }

        //
        // We must handle the special case when the system uses NATIVE
        // authentication for system-wide operations but we are being
        // asked to create the system-wide credentials database. In this situation,
        // the database holding the credentials does not exist yet. In this situation,
        // we are supposed to create the credentials database and store the
        // creation credentials in that database as the credentials of the system administrator.
        //
        if (
            creatingDatabase &&
            compareDatabaseNames( getDBName(), authenticationService.getSystemCredentialsDatabaseName() )
            )
        {
            //
            // NATIVE authentication using a system-wide credentials database
            // which is being created now. Allow this to succeed. However, here we make sure that
            // the credentials are legal. This prevents the credentials db from being
            // created with a bad DBO or password.
            //
            String  user = userInfo.getProperty(Attribute.USERNAME_ATTR);
            String  password = userInfo.getProperty(Attribute.PASSWORD_ATTR);

            if ( emptyCredential( user ) || emptyCredential( password ) )
            {
                throw newSQLException( SQLState.AUTH_EMPTY_CREDENTIALS );
            }
           
            return;
        }

        //
        // If we are creating a database, we set the dbname
        //

        if (dbname != null) {
      checkUserIsNotARole();
    }

    // Let's authenticate now

        boolean authenticationSucceeded = true;

        try {
            authenticationSucceeded = authenticationService.authenticate( dbname, userInfo );
        }
        catch (SQLWarning warnings)
        {
            //
            // Let the user handle the warning that her password is about to expire.
View Full Code Here

    /**
     * @throws SQLException if authentication or privileges check fails
     */
    public void checkShutdownPrivileges() throws SQLException {   
        // get the system's authentication service
        final AuthenticationService auth
            = ((AuthenticationService)
               Monitor.findService(AuthenticationService.MODULE,
                                   "authentication"));

        // authenticate user
        if (auth != null) {
            final Properties finfo = new Properties();
            if (userArg != null) {
                finfo.setProperty("user", userArg);
            }
            if (passwordArg != null) {
                finfo.setProperty("password", passwordArg);
            }
            if (!auth.authenticate((String)null, finfo)) {
                // not a valid user
                throw Util.generateCsSQLException(
                SQLState.NET_CONNECT_AUTH_FAILED,
                MessageService.getTextMessage(MessageId.AUTH_INVALID));
            }
View Full Code Here

     *
     *  @return security check code - 0 if everything O.K.
     */
    private int validateSecMecUSRSSBPWD() throws  DRDAProtocolException
    {
        AuthenticationService authenticationService = null;
        org.apache.derby.iapi.db.Database databaseObj = null;
        String srvrlslv = appRequester.srvrlslv;

        // Check if application requester is the Derby Network Client (DNC)
        //
        // We use a trick here - as the product ID is not yet available
        // since ACCRDB message is only coming later, we check the server
        // release level field sent as part of the initial EXCSAT message;
        // indeed, the product ID (PRDID) is prefixed to in the field.
        // Derby always sets it as part of the EXCSAT message so if it is
        // not available, we stop here and inform the requester that
        // SECMEC_USRSSBPWD cannot be supported for this connection.
        if ((srvrlslv == null) || (srvrlslv.length() == 0) ||
            (srvrlslv.length() < CodePoint.PRDID_MAX) ||
            (srvrlslv.indexOf(DRDAConstants.DERBY_DRDA_CLIENT_ID)
                    == -1)) {
            return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported
        }


        // Client product version is extracted from the srvrlslv field.
        // srvrlslv has the format <PRDID>/<ALTERNATE VERSION FORMAT>
        // typically, a known Derby client has a four part version number
        // with a pattern such as DNC10020/10.2.0.3 alpha. If the alternate
        // version format is not specified, clientProductVersion_ will just
        // be set to the srvrlslvl. Final fallback will be the product id.
        //
        // SECMEC_USRSSBPWD is only supported by the Derby engine and network
        // server code starting at version major '10' and minor '02'. Hence,
        // as this is the same for the derby client driver, we need to ensure
        // our DNC client is at version and release level of 10.2 at least.
        // We set the client version in the application requester and check
        // if it is at the level we require at a minimum.
        appRequester.setClientVersion(
                srvrlslv.substring(0, (int) CodePoint.PRDID_MAX));

        if (appRequester.supportsSecMecUSRSSBPWD() == false) {
            return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported
        }

        String dbName = database.getShortDbName();
        // Check if the database is available (booted)
        //
        // First we need to have the database name available and it should
        // have been set as part of the ACCSEC request (in the case of a Derby
        // 'DNC' client)
        if ((dbName == null) || (dbName.length() == 0))
        {
            // No database specified in the connection URL attributes
            //
            // In this case, we get the authentication service handle from the
            // local driver, as the requester may simply be trying to shutdown
            // the engine.
            authenticationService = ((InternalDriver)
              NetworkServerControlImpl.getDriver()).getAuthenticationService();
        }
        else
        {
            // We get the authentication service from the database as this
            // last one might have specified its own auth provider (at the
            // database level).
            //
            // if monitor is never setup by any ModuleControl, getMonitor
            // returns null and no Derby database has been booted.
            if (Monitor.getMonitor() != null) {
                databaseObj = (org.apache.derby.iapi.db.Database)
                    Monitor.findService(Property.DATABASE_MODULE, dbName);
            }

            if (databaseObj == null)
            {
                // If database is not found, try connecting to it.
                database.makeDummyConnection();

                // now try to find it again
                databaseObj = (org.apache.derby.iapi.db.Database)
                    Monitor.findService(Property.DATABASE_MODULE, dbName);
            }

            // If database still could not be found, it means the database
            // does not exist - we just return security mechanism not
            // supported down below as we could not verify we can handle
            // it.
            try {
                if (databaseObj != null) {
                    authenticationService =
                        databaseObj.getAuthenticationService();
                }
            } catch (StandardException se) {
                println2Log(null, session.drdaID, se.getMessage());
                // Local security service non-retryable error.
                return CodePoint.SECCHKCD_0A;
            }

        }

        // Now we check if the authentication provider is NONE or BUILTIN
        if (authenticationService != null)
        {
            String authClassName = authenticationService.getClass().getName();
               
            if (!authClassName.equals(AUTHENTICATION_PROVIDER_BUILTIN_CLASS) &&
                !authClassName.equals(AUTHENTICATION_PROVIDER_NONE_CLASS)) {
                return CodePoint.SECCHKCD_NOTSUPPORTED; // Not Supported
            }
View Full Code Here

    /**
     * @throws SQLException if authentication or privileges check fails
     */
    public void checkShutdownPrivileges() throws SQLException {   
        // get the system's authentication service
        final AuthenticationService auth
            = ((AuthenticationService)
               Monitor.findService(AuthenticationService.MODULE,
                                   "authentication"));

        // authenticate user
        if (auth != null) {
            final Properties finfo = new Properties();
            if (userArg != null) {
                finfo.setProperty("user", userArg);
            }
            if (passwordArg != null) {
                finfo.setProperty("password", passwordArg);
            }
            if (!auth.authenticate((String)null, finfo)) {
                // not a valid user
                throw Util.generateCsSQLException(
                SQLState.NET_CONNECT_AUTH_FAILED,
                MessageService.getTextMessage(MessageId.AUTH_INVALID));
            }
View Full Code Here

TOP

Related Classes of org.apache.derby.iapi.jdbc.AuthenticationService

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.