PostgreSQLLoginModule

Last modified by RaffaelloPelagalli on 2005/10/01 16:31

PostgreSQLLoginModule

description

This loginModule permits a PostgreSQL database-based authentication for your web application.

General parameters

namemandatoryvaluesdescription
JG_USERnoAny value valid for a database table nameThis optional parameter permits to override the default user table name (JG_USER) used when this parameter is not set
JG_ROLEnoAny value valid for a database table nameThis optional parameter permits to override the default role table name (JG_ROLE) used when this parameter is not set
JG_USER_ROLEnoAny value valid for a database table nameThis optional parameter permits to override the default name (JG_USER_ROLE),for the table which link user and role, used when this parameter is not set
JG_CREDENTIALnoAny value valid for a database table nameThis optional parameter permits to override the default credentials table name (JG_CREDENTIAL) used when this parameter is not set

DriverManager-related parameters

these parameters are mandatory if JNDI parameters are not set.

namemandataoryvaluesdescription
authenticationUrlyesa jdbc-like URL valueThis URL permits to establish a connection through the driver to the database.
authenticationLoginyesany valueThis parameter defines the database login used to establish the connection.
authenticationPasswordyesany valueThis parameter defines the database password used to establish the connection.
authenticationDriveryesany valueThis parameter defines the driver class name used to establish the connection.

JNDI-related parameters

these parameters, permits to reach a DataSource. there are optional. *note: JNDI parameters are EXPERIMENTAL, and have not been tested.

It appears JNDI references on TOMCAT cannot be reach from outside: jGuard requires this until a better solution will be find, for a classloader reason.
So, these parameters will NOT work on TOMCAT (if you find a way to do it, say it!), but should work on application servers which permit to reach JNDI references from outside the servlet container.*

namemandatoryvaluesdescription
JNDInotrue or falseThis parameter is mandatory if you want to use the JNDI stuff. if this parameter is set to true, DriverManager-related parameters will be ignored, and JNDI-related parameters will be used; otherwise, only DriverManager-related parameters will be used.
INITIAL_CONTEXT_FACTORYnofactory class nameparameter used to retrieve an InitialContext.
PROVIDER_URLno URL of the provider
OBJECT_FACTORIESno  
URL_PKG_PREFIXESno  
DNS_URLno  
STATE_FACTORIESno  
AUTHORITATIVEno  
BATCHSIZEno  
REFERRALno  
SECURITY_PROTOCOLno  
SECURITY_AUTHENTICATIONno  
SECURITY_PRINCIPALno  
SECURITY_CREDENTIALSno  
LANGUAGEno  

SQL installation script

--drop constraints
alter table jg_user_role drop constraint fk_user_user_role;
alter table jg_user_role drop constraint fk_role_user_role;
alter table jg_role drop constraint uq_role_name;
alter table jg_credential drop constraint fk_credential_user_id;
-- drop tables
drop table jg_user_role cascade;
drop table jg_role cascade;
drop table jg_user cascade;
drop table jg_credential cascade;
-- drop sequences
drop sequence jg_role_seq;
drop sequence jg_user_seq;
drop sequence jg_credential_seq;
-- table which links users and roles in a many-to-many relationship
create table jg_user_role (
   user_id int8 not null,
   role_id int8 not null,
   primary key (role_id, user_id)
);
-- table which hosts roles
create table jg_role (
   id int8 not null,
   name varchar(255) not null,
   application_name varchar(255) not null,
   primary key (id)
);
-- table which hosts users
create table jg_user (
   id int8 not null,
   primary key (id)
);
-- table which hosts user's credentials
create table jg_credential (
   id int8 not null,
   user_id int8 not null,
   public_visibility boolean not null,
   cred_name varchar(255) not null,
   cred_value varchar(255) not null,
   primary key (id)
);
-- we add the constraint relationship between
-- jg_user_role and jg_user and jg_role to have a many-to-many relationship
alter table jg_user_role add constraint fk_user_user_role foreign key (role_id) references jg_role;
alter table jg_user_role add constraint fk_role_user_role foreign key (user_id) references jg_user;
alter table jg_role add constraint uq_role_name unique (name);
alter table jg_credential add constraint fk_credential_user_id foreign key (user_id) references jg_user;
-- create sequences
create sequence jg_role_seq;
create sequence jg_user_seq;
create sequence jg_credential_seq;

usual configuration in the web.xml

....
....
<init-param>
    <param-name>loginModules</param-name>
    <param-value>net.sf.jguard.loginmodules.PostgreSQLLoginModule</param-value>
    <description>loginModules used for authentication, and splitted with the ',' character</description>
</init-param>
<init-param>
    <param-name>net.sf.jguard.loginmodules.PostgreSQLLoginModule.Flag</param-name>
    <param-value>REQUIRED</param-value>
    <description>flag corresponding to the first loginModule. each loginModule defined
    above must have his own Flag which can be 'REQUIRED','OPTIONAL','REQUISITE',
    or 'SUFFICIENT'</description>
</init-param>
<init-param>
    <param-name>net.sf.jguard.loginmodules.PostgreSQLLoginModule.Options</param-name>
    <param-value>authenticationUrl="jdbc:postgresql://192.168.0.2:5434/DIABOLO",authenticationLogin="charles",authenticationPassword="charles",authenticationDriver="org.postgresql.Driver"</param-value>
    <description>options related to one of the loginModule defined in the 'loginModules' init parameters</description>
</init-param>
....
....

jGuard.loginScheme example

below is an appConfigurationEntry example of a webapp configured with a PostgreSQLLoginModule.

jGuardExample{
net.sf.jguard.loginmodules.PostgreSQLLoginModule required
     secured="false"
     applicationName="jGuardExample"
     applicationPassword="mystery"
     digestAlgorithm="NONE"
     authenticationUrl="jdbc:postgresql://192.168.0.2:5434/DIABOLO"
     authenticationLogin="postgres"
     authenticationPassword="JBOARD"
     authenticationDriver="org.postgresql.Driver";
};
Tags:
Created by diabolo512 on 2005/10/01 13:20

jGuard team copyright 2004-2009
3.1.1