com.sibvisions.rad.server.security
Class DBSecurityManager

java.lang.Object
  com.sibvisions.rad.server.security.AbstractSecurityManager
      com.sibvisions.rad.server.security.DBSecurityManager

All Implemented Interfaces:

ISecurityManager, IPasswordValidator

Direct Known Subclasses:

NtlmDBSecurityManager

public class DBSecurityManager
extends AbstractSecurityManager

The DBSecurityManager uses a database to validate/authenticate users. It requires the following information to establish a database connection:

• driver (jdbc driver classname)
• url (jdbc connect url)
• username (database username)
• database (database password)

To use automatic login the session property:
IConnectionConstants.PREFIX_CLIENT + "login.auto" should be set to true when the user logs on. After a successful logon the property: IConnectionConstants.PREFIX_CLIENT + "login.key" will be set to a unique login key. The client should store the key in its local registry. When the property IConnectionConstants.PREFIX_CLIENT + "login.key" is set before opening the connection, then the user will be logged in if the login is possible!

Field Summary

protected static String	TABLE_AUTOLOGIN the name of the autologin table.
protected static String	TABLE_USERS the name of the users table.

Constructor Summary

DBSecurityManager()

Method Summary

void	changePassword(ISession pSession) Changes the password for a user.
protected void	finalize()
protected boolean	isActive(ISession pSession, String pActive) Checks if a user is active.
protected boolean	isChangePassword(ISession pSession, String pChangePassword) Checks if the change password flag is set.
protected boolean	isPasswordValid(ISession pSession, String pPassword) Checks if the user password is valid.
protected boolean	isValid(ISession pSession, Timestamp pFrom, Timestamp pTo) Checks if a user is valid.
void	logout(ISession pSession) Performs a manual or automatic logout.
protected Connection	openConnection(ISession pSession) Opens a database connection to the database of an application.
void	validateAuthentication(ISession pSession) Validates if a session has valid credentials to access an application.

Methods inherited from class com.sibvisions.rad.server.security.AbstractSecurityManager

checkPassword, comparePassword, getPasswordValidator, validatePassword

Methods inherited from class java.lang.Object

clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TABLE_USERS

protected static final String TABLE_USERS

the name of the users table.

See Also:

Constant Field Values

TABLE_AUTOLOGIN

protected static final String TABLE_AUTOLOGIN

the name of the autologin table.

See Also:

Constant Field Values

Constructor Detail

DBSecurityManager

public DBSecurityManager()

Method Detail

validateAuthentication

public void validateAuthentication(ISession pSession)
                            throws Exception

Validates if a session has valid credentials to access an application.

Parameters:

pSession - the session which needs access

Throws:

Exception - if the access is denied (invalid username or password, password needs to be changed, ...)

changePassword

public void changePassword(ISession pSession)
                    throws Exception

Changes the password for a user.

Parameters:

pSession - the session which wants to change the password

Throws:

Exception - if it's not possible to change the password

logout

public void logout(ISession pSession)

Performs a manual or automatic logout.

Parameters:

pSession - the session which performs the logout

finalize

protected void finalize()
                 throws Throwable

Overrides:

finalize in class Object

Throws:

Throwable

openConnection

protected Connection openConnection(ISession pSession)
                             throws Exception

Opens a database connection to the database of an application.

Parameters:

pSession - the session for which the connection should be opened

Returns:

a new or reused connection to the database

Throws:

Exception - if the application zone is invalid or the connection can not be opened

IllegalArgumentException - if the database configuration is invalid (parameters are missing, ...)

isActive

protected boolean isActive(ISession pSession,
                           String pActive)
                    throws Exception

Checks if a user is active.

Parameters:

pSession - the session which needs access

pActive - the active flag or null if the flag is not available

Returns:

true if the active flag is missing or the flag equals the yes value

Throws:

Exception - if the configuration of the session is invalid

isValid

protected boolean isValid(ISession pSession,
                          Timestamp pFrom,
                          Timestamp pTo)

Checks if a user is valid.

Parameters:

pSession - the session which needs access

pFrom - the from date/time or null for undefined

pTo - the to date/time or null for undefined

Returns:

true if the from/to combination is possible, false otherwise

isPasswordValid

protected boolean isPasswordValid(ISession pSession,
                                  String pPassword)

Checks if the user password is valid.

Parameters:

pSession - the session which needs access

pPassword - the configured password

Returns:

true if the user password is valid

isChangePassword

protected boolean isChangePassword(ISession pSession,
                                   String pChangePassword)
                            throws Exception

Checks if the change password flag is set.

Parameters:

pSession - the session which needs access

pChangePassword - the change password flag or null if the flag is not available

Returns:

true if the change password flag is set or false if the flag is null or is not set

Throws:

Exception - if the configuration of the session is invalid