Package org.apache.derby.iapi.sql.dictionary

Examples of org.apache.derby.iapi.sql.dictionary.UserDescriptor


            ** We tell the data dictionary we're done writing at the end of
            ** the transaction.
            */
            dd.startWriting(lcc);

            UserDescriptor  userDescriptor = makeUserDescriptor( dd, tc, userName, password );

            dd.addDescriptor( userDescriptor, null, DataDictionary.SYSUSERS_CATALOG_NUM, false, tc );

            // turn on NATIVE::LOCAL authentication
            if ( dd.getAuthorizationDatabaseOwner().equals( userName ) )
View Full Code Here


        String  hashingScheme = hasher.encodeHashingScheme();
        String  hashedPassword = hasher.hashPasswordIntoString( userName, password );
           
        Timestamp   currentTimestamp = new Timestamp( (new java.util.Date()).getTime() );

        UserDescriptor  userDescriptor = ddg.newUserDescriptor
            ( userName, hashingScheme, hashedPassword.toCharArray(), currentTimestamp );

        return userDescriptor;
    }
View Full Code Here

            ** We tell the data dictionary we're done writing at the end of
            ** the transaction.
            */
            dd.startWriting(lcc);

            UserDescriptor  userDescriptor = makeUserDescriptor( dd, tc, userName, password );

            dd.updateUser( userDescriptor, tc );
           
        } catch (StandardException se) { throw PublicAPI.wrapStandardException(se); }
    }
View Full Code Here

       
        //
        // we expect to find a data dictionary
        //
        DataDictionary      dd = (DataDictionary) Monitor.getServiceModule( this, DataDictionary.MODULE );       
        UserDescriptor      userDescriptor = dd.getUser( userName );
       
        if ( userDescriptor == null )
        {
            //
            // Before returning, we pretend to evaluate the password.
            // This helps prevent blackhats from discovering legal usernames
            // by measuring how long password evaluation takes. For more context,
            // see the 2012-02-22 comment on DERBY-5539.
            //
            PasswordHasher          hasher = dd.makePasswordHasher( getDatabaseProperties() );
           
            hasher.hashPasswordIntoString( userName, userPassword ).toCharArray();

            return false;
        }
       
        PasswordHasher      hasher = new PasswordHasher( userDescriptor.getHashingScheme() );
        char[]                     candidatePassword = hasher.hashPasswordIntoString( userName, userPassword ).toCharArray();
        char[]                     actualPassword = userDescriptor.getAndZeroPassword();

        try {
            if ( (candidatePassword == null) || (actualPassword == null)) { return false; }
            if ( candidatePassword.length != actualPassword.length ) { return false; }
       
            for ( int i = 0; i < candidatePassword.length; i++ )
            {
                if ( candidatePassword[ i ] != actualPassword[ i ] ) { return false; }
            }
        } finally
        {
            if ( candidatePassword != null ) { Arrays.fill( candidatePassword, (char) 0 ); }
            if ( actualPassword != null ) { Arrays.fill( actualPassword, (char) 0 ); }
        }

        //
        // Password is good. Check whether the password has expired or will expire soon.
        //
        if ( _passwordLifetimeMillis > 0 )
        {
            long    passwordAge = System.currentTimeMillis() - userDescriptor.getLastModified().getTime();
            long    remainingLifetime = _passwordLifetimeMillis - passwordAge;

            //
            // Oops, the password has expired. Fail the authentication. Say nothing more
            // so that we give password crackers as little information as possible.
View Full Code Here

       
        //
        // we expect to find a data dictionary
        //
        DataDictionary      dd = (DataDictionary) Monitor.getServiceModule( this, DataDictionary.MODULE );       
        UserDescriptor      userDescriptor = dd.getUser( userName );
       
        if ( userDescriptor == null )
        {
            //
            // Before returning, we pretend to evaluate the password.
            // This helps prevent blackhats from discovering legal usernames
            // by measuring how long password evaluation takes. For more context,
            // see the 2012-02-22 comment on DERBY-5539.
            //
            PasswordHasher          hasher = dd.makePasswordHasher( getDatabaseProperties() );
           
            hasher.hashPasswordIntoString( userName, userPassword ).toCharArray();

            return false;
        }
       
        PasswordHasher      hasher = new PasswordHasher( userDescriptor.getHashingScheme() );
        char[]                     candidatePassword = hasher.hashPasswordIntoString( userName, userPassword ).toCharArray();
        char[]                     actualPassword = userDescriptor.getAndZeroPassword();

        try {
            if ( (candidatePassword == null) || (actualPassword == null)) { return false; }
            if ( candidatePassword.length != actualPassword.length ) { return false; }
       
            for ( int i = 0; i < candidatePassword.length; i++ )
            {
                if ( candidatePassword[ i ] != actualPassword[ i ] ) { return false; }
            }
        } finally
        {
            if ( candidatePassword != null ) { Arrays.fill( candidatePassword, (char) 0 ); }
            if ( actualPassword != null ) { Arrays.fill( actualPassword, (char) 0 ); }
        }

        //
        // Password is good. Check whether the password has expired or will expire soon.
        //
        if ( _passwordLifetimeMillis > 0 )
        {
            long    passwordAge = System.currentTimeMillis() - userDescriptor.getLastModified().getTime();
            long    remainingLifetime = _passwordLifetimeMillis - passwordAge;

            //
            // Oops, the password has expired. Fail the authentication. Say nothing more
            // so that we give password crackers as little information as possible.
View Full Code Here

            // because you can't store credentials in a pre-10.9 database.
            if ( settingToNativeLocal )
            {
                DataDictionary  dd = getDataDictionary();
                String              dbo = dd.getAuthorizationDatabaseOwner();
                UserDescriptor  userCredentials = dd.getUser( dbo );

                if ( userCredentials == null )
                {
                    throw StandardException.newException( SQLState.PROPERTY_DBO_LACKS_CREDENTIALS );
                }
View Full Code Here

    ExecRow              row;

        try {
            if ( td != null
            {
                UserDescriptor descriptor = (UserDescriptor) td;
                userName = descriptor.getUserName();
                hashingScheme = descriptor.getHashingScheme();
                password = descriptor.getAndZeroPassword();
                lastModified = descriptor.getLastModified();
            }
 
            /* Build the row to insert  */
            row = getExecutionFactory().getValueRow( SYSUSERS_COLUMN_COUNT );

View Full Code Here

    char[]  password = null;
    Timestamp   lastModified;
    DataValueDescriptor  col;
    SQLVarchar  passwordCol = null;

    UserDescriptor  result;

        try {
            /* 1st column is USERNAME */
            col = row.getColumn( USERNAME_COL_NUM );
            userName = col.getString();
View Full Code Here

            ** We tell the data dictionary we're done writing at the end of
            ** the transaction.
            */
            dd.startWriting(lcc);

            UserDescriptor  userDescriptor = makeUserDescriptor( dd, tc, userName, password );

            dd.addDescriptor( userDescriptor, null, DataDictionary.SYSUSERS_CATALOG_NUM, false, tc );

            // turn on NATIVE::LOCAL authentication
            if ( dd.getAuthorizationDatabaseOwner().equals( userName ) )
View Full Code Here

        String  hashingScheme = hasher.encodeHashingScheme();
        String  hashedPassword = hasher.hashPasswordIntoString( userName, password );
           
        Timestamp   currentTimestamp = new Timestamp( (new java.util.Date()).getTime() );

        UserDescriptor  userDescriptor = ddg.newUserDescriptor
            ( userName, hashingScheme, hashedPassword.toCharArray(), currentTimestamp );

        return userDescriptor;
    }
View Full Code Here

TOP

Related Classes of org.apache.derby.iapi.sql.dictionary.UserDescriptor

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.