public class WordPressSecurityProvider extends SecurityProvider
|bindstr||The JDBC URL. This property is required.||jdbc:mysql://localhost/wordpress|
|service.acctname||The username for connecting to the database identified by the bindstr. This property is required.||wpuser|
|service.password||The password for connecting to the database identified by the bindstr. This property is required.||wppass|
|jdbc.driver.classname||The class name of a JDBC driver to load. If this property is not set, no driver will be loaded. Unless the MySQL driver has already been loaded elsewhere, this property will need to be set (probably to "com.mysql.jdbc.Driver").||com.mysql.jdbc.Driver|
|table.prefix||The database table prefix. The default is "wp_".|
|account.name.regex||The regular expression used to validate account names. The default value is "\S+" to indicate that an account name with one or more non-space characters is valid.|
|account.canonicalForm||An integer indicating the form account names should be canonicalized to. The default value is 0 to indicate that account canonicalization should not be performed. See the Account Name Canonicalization section below.||4|
|domain.dns.name||The fake DNS domain name used for account name canonicalization. See the Account Name Canonicalization section below.||wp5.busicorp.local|
|domain.netbios.name||The fake NetBIOS domain name used for account name canonicalization. See the Account Name Canonicalization section below.||WP5|
|domain.dns.name||A domain identifier used to canonicalize principal names like email@example.com. The actual value is not meaningful to logic other than account name canonicalization but it should conform to typical DNS nameing conventions. If this property is not specified, canonicalizing principal names is not supported.||wp5.busicorp.local|
|domain.netbios.name||A domain identifier used to canonicalize Windows backslash style names like WP5\alice. The actual value is not meaningful to logic other than account name canonicalization but it should conform to NetBIOS nameing conventions (at most 12 usually alphanumeric characters). If this property is not specified, canonicalizing backslash style names is not supported.||WP5|
|account.canonicalForm||An integer indicating the form account names should be canonicalized to after authentication. Values are 0 - no canonicalization; 2 - username; 3 - backslash; 4 - principal. For example, if a canonical form of 4 is specified, the getIdentity method will always return a principal name form like firstname.lastname@example.org regardless of what was supplied whether it was WP5\alice, email@example.com or just alice, etc.||4|
|Constructor and Description|
|Modifier and Type||Method and Description|
Validates the supplied credential with this provider's authority.
Destroy any sensitive cryptographic material used by this SecurityProvider.
Returns an Object representing the current state of this SecurityProvider.
Retrieve an Account object representing the named account and populate it (an Account is also a Map) with the attributes listed in the attrs array.
Retrieve a property by name or return the supplied default value if the property is not set.
Initializes a SecurityProvider with the state Object returned in a previous call to
acceptSecContext, getDomain, getFlag, getIdentity, getName, initSecContext, isComplete, setFlag, setProperty, unwrap, wrap
public WordPressSecurityProvider(java.util.Map properties)
protected void encodeObject(ByteBuffer bb, java.lang.Object obj) throws EncodingException
protected java.lang.Object decodeObject(ByteBuffer bb) throws EncodingException
public java.lang.Object exportState() throws SecurityProviderException
SecurityProvider.importState(java.lang.Object)into a different instance of the same type of SecurityProvider initialized with the same properties. The result should be a transfer of all state such that the new SecurityProvider instance should behave like the original within limits defined by the SecurityProvider type.
Transference of state between SecurityProvider instances may be used for a number of reasons including but not limited to:
Exported SecurityProvider state may be limited in how it can be
transferred. The reason may be to protect the integrity of the
SecurityProvider data such as not writing potentially sensitive
cryptographic material to an unprotected disk file. Or the reason
may be a technical limitation such as the fact that the state
may only be valid if the new SecurityProvider instance has access to
a resource in the current VM like a database connection or network
socket. If such a limitation is reached, an exception should be thrown
Once the state of a SecurityProvider has been exported, performing further operations may be invalid or may invalidate the exported state.
The return value should be a type that can easily be
serialized such as a
byte array or a
Serializable object that can be used efficiently
with I/O streams.
public void importState(java.lang.Object ostate) throws SecurityProviderException
SecurityProvider.exportState(). Before the state is imported, this SecurityProvider must be initialized with the same properties as the original SecurityProvider.
ostate- an Object (or
bytearray) that represets the state to be imported.
SecurityProviderException- if the state could not be imported such as because the state being imported has been transferred beyond it's acceptable boundries.
public java.lang.Object getProperty(java.lang.String name, java.lang.Object def) throws SecurityProviderException
public Account getAccount(java.lang.String acctname, java.lang.String attrs) throws SecurityProviderException
acctname parameter is
null, this method will return a default Account or
null if this SecurityProvider has not been sufficiently initialized (such as by performing authentication).
attrsparameter is the special constant
Account.ALL_ATTRS, this indicates that "all attributes" should be returned although the interpretation of this value depends greatly on the SecurityProvider (such as with the case of constructed attributes in Active Directory which can only be retrieved by explicitly requesting them by name). If the
null, a default set of attributes will be retrieved. This default set may be determined only by what is convenient or efficent for the SecurityProvider implementation. With the exception of the attribute used to uniquely identify the account, the specific set of attributes returned if the
nullis not defined unless stated otherwise in the API documentation of the SecurityProvider being used. Generally an
nullshould only be used when the caller has no interest in attributes or their values such as when checking for the existance of an account, deleting an account or checking group membership with
Account.isMemberOf(java.lang.String). If the
attrsparameters are both
null, a cached
Accountobject may be returned.
acctnameparameter should not be
nullwhen when performing
Account.update(java.lang.String)operations to ensure that the
Accountobject has current data. If data is not current, unexpected update behavior can result.
attrsparameters should both be
nullwhen retrieving the
Accountused for checking group membership with
Account.isMemberOf(java.lang.String). Otherwise, if cached group membership data is not utilized, the performance of
isMemberOfmay be poor.
acctname- the name of the account to retrieve or
nullto indicate that a default account should be retrieved
attrs- the names of the account attributes to retrieve or
nullto indicate that a default set of attriubutes should be retrieved or the special constant
Account.ALL_ATTRSto indicate that "all attributes" should be retrieved.
SecurityProviderException- if the named account could not be found or if a catostrophic error occurs.
public void authenticate(java.lang.Object credential) throws SecurityProviderException
A SecurityProvider authority could be an LDAP database, a simple in-memory list of accounts, or a stub for the local host security authority such as nsswitch on UNIX or the LSA on Microsoft Windows.
credential- a credential to be validated. Providers should support the generic
SecurityProviderException- if the validation fails. The exception code should be
SecurityProviderException.STATUS_ACCOUNT_NOT_FOUNDif the credential identity was not found by the provider authority or
SecurityProviderException.STATUS_INVALID_CREDENTIALSif the credential was cryptographically incorrect. If the authority only indicated that the authentication failed in general and does not distinguish between the two cases,
STATUS_INVALID_CREDENTIALSshould be favored.