com.sibvisions.rad.server.security
Class DBSecurityManager

java.lang.Object
  com.sibvisions.rad.server.security.AbstractSecurityManager
      com.sibvisions.rad.server.security.DBSecurityManager

All Implemented Interfaces:

ISecurityManager, IPasswordValidator

Direct Known Subclasses:

NtlmDBSecurityManager

public class DBSecurityManager
extends AbstractSecurityManager

The DBSecurityManager uses a database to validate/authenticate users. It requires the following information to establish a database connection:

• driver (jdbc driver classname)
• url (jdbc connect url)
• username (database username)
• database (database password)

To use automatic login the session property:
IConnectionConstants.PREFIX_CLIENT + "login.auto" should be set to true when the user logs on. After a successful logon the property: IConnectionConstants.PREFIX_CLIENT + "login.key" will be set to a unique login key. The client should store the key in its local registry. When the property IConnectionConstants.PREFIX_CLIENT + "login.key" is set before opening the connection, then the user will be logged in if the login is possible!

Nested Class Summary

static class

DBSecurityManager.DBAccessController The DBAccessController controls the access to server side objects based on the configuration in the database.

Field Summary

protected static String	TABLE_AUTOLOGIN the name of the autologin table.
protected static String	TABLE_USERS the name of the users table.
protected static String	VIEW_ACCESSRULES the name of the accessrules table.

Constructor Summary

DBSecurityManager()

Method Summary

void	changePassword(ISession pSession) Changes the password for a user.
protected void	closeConnection() Close all statements and the connection.
protected IAccessController	createAccessController(ISession pSession) Creates an access controller for a ISession.
protected void	finalize()
IAccessController	getAccessController(ISession pSession) Gets the access controller for a session.
Connection	getConnection() Gets the current connection to the database.
Connection	getConnection(ISession pSession) Gets the connection to the database.
static DBCredentials	getCredentials(IConfiguration pConfig) Gets the configured database credentials from a given configuration.
protected DBCredentials	getCredentials(ISession pSession) Gets the configured database credentials for the given session.
protected void	initStatements(Connection pConnection) Initializes all prepared statements with current table and column names.
protected boolean	isActive(ISession pSession, String pActive) Checks if a user is active.
protected boolean	isChangePassword(ISession pSession, String pChangePassword) Checks if the change password flag is set.
protected boolean	isPasswordValid(ISession pSession, String pPassword) Checks if the user password is valid.
protected boolean	isValid(ISession pSession, Timestamp pFrom, Timestamp pTo) Checks if a user is valid.
void	logout(ISession pSession) Performs a manual or automatic logout.
protected Connection	openConnection(ISession pSession) Opens a database connection to the database of an application.
void	release() Releases all used resources.
void	validateAuthentication(ISession pSession) Validates if a session has valid credentials to access an application.

Methods inherited from class com.sibvisions.rad.server.security.AbstractSecurityManager

addHiddenPackage, checkPassword, comparePassword, createSecurityManager, createSecurityManager, getEncryptedPassword, getPasswordValidator, isHiddenPackage, isPasswordEncryptionEnabled, prepareException, prepareException, removeHiddenPackage, validatePassword

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TABLE_USERS

protected static final String TABLE_USERS

the name of the users table.

See Also:

Constant Field Values

TABLE_AUTOLOGIN

protected static final String TABLE_AUTOLOGIN

the name of the autologin table.

See Also:

Constant Field Values

VIEW_ACCESSRULES

protected static final String VIEW_ACCESSRULES

the name of the accessrules table.

See Also:

Constant Field Values

Constructor Detail

DBSecurityManager

public DBSecurityManager()

Method Detail

validateAuthentication

public void validateAuthentication(ISession pSession)
                            throws Exception

Validates if a session has valid credentials to access an application.

Parameters:

pSession - the session which needs access

Throws:

Exception - if the access is denied (invalid username or password, password needs to be changed, ...)

changePassword

public void changePassword(ISession pSession)
                    throws Exception

Changes the password for a user.

Parameters:

pSession - the session which wants to change the password

Throws:

Exception - if it's not possible to change the password

logout

public void logout(ISession pSession)

Performs a manual or automatic logout.

Parameters:

pSession - the session which performs the logout

getAccessController

public IAccessController getAccessController(ISession pSession)
                                      throws Exception

Gets the access controller for a session. The controller handles the access to server side objects.

Parameters:

pSession - the session for which the access controller is needed

Returns:

the access controller or null if no access controller should be used

Throws:

Exception - if the access controller could not be created

release

public void release()

Releases all used resources.

finalize

protected void finalize()
                 throws Throwable

Overrides:

finalize in class Object

Throws:

Throwable

openConnection

protected Connection openConnection(ISession pSession)
                             throws Exception

Opens a database connection to the database of an application.

Parameters:

pSession - the session for which the connection should be opened

Returns:

a new or reused connection to the database

Throws:

Exception - if the application zone is invalid or the connection can not be opened

IllegalArgumentException - if the database configuration is invalid (parameters are missing, ...)

closeConnection

protected void closeConnection()
                        throws Exception

Close all statements and the connection.

Throws:

Exception - if one statement can not be closed

initStatements

protected void initStatements(Connection pConnection)
                       throws Exception

Initializes all prepared statements with current table and column names.

Parameters:

pConnection - the connection to use

Throws:

Exception - if an exception occurs during statement creation

isActive

protected boolean isActive(ISession pSession,
                           String pActive)
                    throws Exception

Checks if a user is active.

Parameters:

pSession - the session which needs access

pActive - the active flag or null if the flag is not available

Returns:

true if the active flag is missing or the flag equals the yes value

Throws:

Exception - if the configuration of the session is invalid

isValid

protected boolean isValid(ISession pSession,
                          Timestamp pFrom,
                          Timestamp pTo)

Checks if a user is valid.

Parameters:

pSession - the session which needs access

pFrom - the from date/time or null for undefined

pTo - the to date/time or null for undefined

Returns:

true if the from/to combination is possible, false otherwise

isPasswordValid

protected boolean isPasswordValid(ISession pSession,
                                  String pPassword)
                           throws Exception

Checks if the user password is valid.

Parameters:

pSession - the session which needs access

pPassword - the confirmation password (encrypted or plain text)

Returns:

true if the user password is valid

Throws:

Exception - if the password validation failed (e.g. encryption problems)

isChangePassword

protected boolean isChangePassword(ISession pSession,
                                   String pChangePassword)
                            throws Exception

Checks if the change password flag is set.

Parameters:

pSession - the session which needs access

pChangePassword - the change password flag or null if the flag is not available

Returns:

true if the change password flag is set or false if the flag is null or is not set

Throws:

Exception - if the configuration of the session is invalid

createAccessController

protected IAccessController createAccessController(ISession pSession)

Creates an access controller for a ISession.

Parameters:

pSession - the session which requests the access controller

Returns:

the access controller

getCredentials

protected DBCredentials getCredentials(ISession pSession)

Gets the configured database credentials for the given session.

Parameters:

pSession - the session

Returns:

the configured credentials

See Also:

getCredentials(IConfiguration)

getCredentials

public static DBCredentials getCredentials(IConfiguration pConfig)

Gets the configured database credentials from a given configuration. This method handles credentials, set in the security manager and credentials configured as datasource.

Parameters:

pConfig - the configuration

Returns:

the configured credentials

getConnection

public Connection getConnection()
                         throws Exception

Gets the current connection to the database. The connection is validated to ensure that it is usable.

Returns:

the connection for the security manager or null if the security manager did not open a connection

Throws:

Exception - if db access fails

getConnection

public Connection getConnection(ISession pSession)
                         throws Exception

Gets the connection to the database. The connection is validated to ensure that it is usable.

Parameters:

pSession - the session that wants access to the database

Returns:

the connection

Throws:

Exception - if db access fails