Annotation Type DatabaseIdentityStoreDefinition


@Retention(RUNTIME)
@Target(TYPE)
public @interface DatabaseIdentityStoreDefinition
Annotation used to define a container-provided IdentityStore that stores caller credentials and identity attributes in a relational database, and make that implementation available as an enabled CDI bean.

The container-provided IdentityStore must support validating UsernamePasswordCredential, and may support validating other credential types.

  • Optional Element Summary

    Optional Elements 
    Modifier and Type Optional Element Description
    java.lang.String callerQuery
    SQL query to validate the {caller, password} pair.
    java.lang.String dataSourceLookup
    Full JNDI name of the data source that provides access to the data base where the caller identities are stored.
    java.lang.String groupsQuery
    SQL query to retrieve the groups associated with the caller when authentication succeeds.
    java.lang.Class<? extends PasswordHash> hashAlgorithm
    A PasswordHash implementation used to verify plaintext passwords by generating a hash of the password and comparing it against the hashed value returned from the database via the callerQuery().
    java.lang.String[] hashAlgorithmParameters
    Used to specify algorithm-specific parameters.
    int priority
    Determines the order in case multiple IdentityStores are found.
    java.lang.String priorityExpression
    Allow priority to be specified as a Jakarta Expression Language expression.
    IdentityStore.ValidationType[] useFor
    Determines what the identity store is used for
    java.lang.String useForExpression
    Allow useFor to be specified as an Jakarta Expression Language expression.
  • Element Details

    • dataSourceLookup

      java.lang.String dataSourceLookup
      Full JNDI name of the data source that provides access to the data base where the caller identities are stored.
      Returns:
      Full JNDI name of the data source
      Default:
      "java:comp/DefaultDataSource"
    • callerQuery

      java.lang.String callerQuery
      SQL query to validate the {caller, password} pair. Only needed when useFor() contains IdentityStore.ValidationType.VALIDATE.

      The name of the caller that is to be authenticated has to be set as the one and only placeholder. The (hashed) password should be in the first column of the result.

      Example query:

       
       select password from callers where name = ?
       
       
      Returns:
      SQL query to validate
      Default:
      ""
    • groupsQuery

      java.lang.String groupsQuery
      SQL query to retrieve the groups associated with the caller when authentication succeeds. Only needed when useFor() contains IdentityStore.ValidationType.PROVIDE_GROUPS.

      The name of the caller that has been authenticated has to be set as the one and only placeholder. The group name should be in the first column of the result.

      Example query:

       
       select group_name from caller_groups where caller_name = ?
       
       
      Returns:
      SQL query to retrieve the groups
      Default:
      ""
    • hashAlgorithm

      java.lang.Class<? extends PasswordHash> hashAlgorithm
      A PasswordHash implementation used to verify plaintext passwords by generating a hash of the password and comparing it against the hashed value returned from the database via the callerQuery().
      Returns:
      The password hash used to verify plaintext passwords.
      Default:
      jakarta.security.enterprise.identitystore.Pbkdf2PasswordHash.class
    • hashAlgorithmParameters

      java.lang.String[] hashAlgorithmParameters
      Used to specify algorithm-specific parameters.

      Parameters are specified as a list of name/value pairs, using the format below:

      parameterName=parameterValue
       

      For example:

       Algorithm.param1="value"
       Algorithm.param2=32
       

      This attribute supports immediate Jakarta Expression Language expressions (${} syntax) for both the parameterValue as well as for a full array element. If an EL expression is used for a full array element, the expression must evaluate to either a single string, a string array or a string Stream where in each case every string must adhere to the above specified format.

      Returns:
      The algorithm parameters.
      Default:
      {}
    • priority

      int priority
      Determines the order in case multiple IdentityStores are found.
      Returns:
      the priority.
      Default:
      70
    • priorityExpression

      java.lang.String priorityExpression
      Allow priority to be specified as a Jakarta Expression Language expression. If set, overrides any value set with priority.
      Returns:
      the priority Jakarta Expression Language expression
      Default:
      ""
    • useFor

      Determines what the identity store is used for
      Returns:
      the type the identity store is used for
      Default:
      {jakarta.security.enterprise.identitystore.IdentityStore.ValidationType.VALIDATE, jakarta.security.enterprise.identitystore.IdentityStore.ValidationType.PROVIDE_GROUPS}
    • useForExpression

      java.lang.String useForExpression
      Allow useFor to be specified as an Jakarta Expression Language expression. If set, overrides any value set with useFor.
      Returns:
      the useFor Jakarta Expression Language expression
      Default:
      ""