@Retention(value=RUNTIME) @Target(value=TYPE) public @interface DatabaseIdentityStoreDefinition
IdentityStore
that
stores caller credentials and identity attributes in a relational database,
and make that implementation available as an enabled CDI bean.
The container-provided IdentityStore
must support validating UsernamePasswordCredential
,
and may support validating other credential types.
Modifier and Type | Optional Element and Description |
---|---|
String |
callerQuery
SQL query to validate the {caller, password} pair.
|
String |
dataSourceLookup
Full JNDI name of the data source that provides access to the data base
where the caller identities are stored.
|
String |
groupsQuery
SQL query to retrieve the groups associated with the caller when
authentication succeeds.
|
Class<? extends PasswordHash> |
hashAlgorithm
A
PasswordHash implementation used to verify plaintext passwords
by generating a hash of the password and comparing it against the hashed
value returned from the database via the callerQuery() . |
String[] |
hashAlgorithmParameters
Used to specify algorithm-specific parameters.
|
int |
priority
Determines the order in case multiple IdentityStores are found.
|
String |
priorityExpression
Allow
priority to be specified as a Jakarta Expression Language expression. |
IdentityStore.ValidationType[] |
useFor
Determines what the identity store is used for
|
String |
useForExpression
Allow
useFor to be specified as an Jakarta Expression Language expression. |
public abstract String dataSourceLookup
public abstract String callerQuery
useFor()
contains
IdentityStore.ValidationType.VALIDATE
.
The name of the caller that is to be authenticated has to be set as the one and only placeholder. The (hashed) password should be in the first column of the result.
Example query:
select password from callers where name = ?
public abstract String groupsQuery
useFor()
contains
IdentityStore.ValidationType.PROVIDE_GROUPS
.
The name of the caller that has been authenticated has to be set as the one and only placeholder. The group name should be in the first column of the result.
Example query:
select group_name from caller_groups where caller_name = ?
public abstract Class<? extends PasswordHash> hashAlgorithm
PasswordHash
implementation used to verify plaintext passwords
by generating a hash of the password and comparing it against the hashed
value returned from the database via the callerQuery()
.public abstract String[] hashAlgorithmParameters
Parameters are specified as a list of name/value pairs, using the format below:
parameterName=parameterValue
For example:
Algorithm.param1="value" Algorithm.param2=32
This attribute supports immediate Jakarta Expression Language expressions (${} syntax) for both the
parameterValue
as well as for a full array element. If an EL
expression is used for a full array element, the expression must evaluate
to either a single string, a string array or a string Stream
where
in each case every string must adhere to the above specified format.
public abstract int priority
public abstract String priorityExpression
priority
to be specified as a Jakarta Expression Language expression.
If set, overrides any value set with priority
.priority
Jakarta Expression Language expressionpublic abstract IdentityStore.ValidationType[] useFor
public abstract String useForExpression
useFor
to be specified as an Jakarta Expression Language expression.
If set, overrides any value set with useFor.useFor
Jakarta Expression Language expressionCopyright © 2018,2020 Eclipse Foundation.
Use is subject to license terms.