public class WordPressSecurityProvider extends SecurityProvider
This example interfaces with the wp_users and wp_usermeta tables of the WordPress SQL database to implement most of the SecurityProvider and Account interfaces including but not limited to the follow operations:
Like all Jespa examples, the source code for the WordPressSecurityProvider and the WordPressAccount class may be freely copied and distributed in accordance with the Copyright statement at the top of each source file.
The WordPressSecurityProvider understands the following properties:
|bindstr||The JDBC URL. This property is required.||jdbc:mysql://localhost/wordpress|
|service.acctname||The username for connecting to the database identified by the bindstr. This property is required.||wpuser|
|service.password||The password for connecting to the database identified by the bindstr. This property is required.||wppass|
|jdbc.driver.classname||The class name of a JDBC driver to load. If this property is not set, no driver will be loaded. Unless the MySQL driver has already been loaded elsewhere, this property will need to be set (probably to "com.mysql.jdbc.Driver").||com.mysql.jdbc.Driver|
|table.prefix||The database table prefix. The default is "wp_".|
|account.name.regex||The regular expression used to validate account names. The default value is "\S+" to indicate that an account name with one or more non-space characters is valid.|
|account.canonicalForm||An integer indicating the form account names should be canonicalized to. The default value is 0 to indicate that account canonicalization should not be performed. See the Account Name Canonicalization section below.||4|
|domain.dns.name||The fake DNS domain name used for account name canonicalization. See the Account Name Canonicalization section below.||wp5.busicorp.local|
|domain.netbios.name||The fake NetBIOS domain name used for account name canonicalization. See the Account Name Canonicalization section below.||WP5|
The following properties control account name canonicalization.
|domain.dns.name||A domain identifier used to canonicalize principal names like firstname.lastname@example.org. The actual value is not meaningful to logic other than account name canonicalization but it should conform to typical DNS nameing conventions. If this property is not specified, canonicalizing principal names is not supported.||wp5.busicorp.local|
|domain.netbios.name||A domain identifier used to canonicalize Windows backslash style names like WP5\alice. The actual value is not meaningful to logic other than account name canonicalization but it should conform to NetBIOS nameing conventions (at most 12 usually alphanumeric characters). If this property is not specified, canonicalizing backslash style names is not supported.||WP5|
|account.canonicalForm||An integer indicating the form account names should be canonicalized to after authentication. Values are 0 - no canonicalization; 2 - username; 3 - backslash; 4 - principal. For example, if a canonical form of 4 is specified, the getIdentity method will always return a principal name form like email@example.com regardless of what was supplied whether it was WP5\alice, firstname.lastname@example.org or just alice, etc.||4|
These properties affect the behavior of the WordPressAccount constructor, setting the user_login attribute with WordPressAcccount.setProperty and the WordPressSecurityProvider getAccount, authenticate and getIdentity methods.
|Constructor and Description|
|Modifier and Type||Method and Description|
Validates the supplied credential with this provider's authority.
Destroy any sensitive cryptographic material used by this SecurityProvider.
Returns an Object representing the current state of this SecurityProvider.
Retrieve an Account object representing the named account and populate it (an Account is also a Map) with the attributes listed in the attrs array.
Retrieve a property by name or return the supplied default value if the property is not set.
Initializes a SecurityProvider with the state Object returned in a previous call to
acceptSecContext, getDomain, getFlag, getIdentity, getName, initSecContext, isComplete, setFlag, setProperty, unwrap, wrap
getEncryptedProperty, getFilteredProperties, getFilteredProperties, getProperty, getPropertyAsBoolean, getPropertyAsLong, setEncryptedProperty
clear, clone, compute, computeIfAbsent, computeIfPresent, containsKey, containsValue, entrySet, forEach, get, getOrDefault, isEmpty, keySet, merge, put, putAll, putIfAbsent, remove, remove, replace, replace, replaceAll, size, values
finalize, getClass, notify, notifyAll, wait, wait, wait
public WordPressSecurityProvider(java.util.Map properties)
protected void encodeObject(ByteBuffer bb, java.lang.Object obj) throws EncodingException
protected java.lang.Object decodeObject(ByteBuffer bb) throws EncodingException
public java.lang.Object exportState() throws SecurityProviderException
SecurityProvider.importState(java.lang.Object)into a different instance of the same type of SecurityProvider initialized with the same properties. The result should be a transfer of all state such that the new SecurityProvider instance should behave like the original within limits defined by the SecurityProvider type.
Transference of state between SecurityProvider instances may be used for a number of reasons including but not limited to:
Exported SecurityProvider state may be limited in how it can be transferred. The reason may be to protect the integrity of the SecurityProvider data such as not writing potentially sensitive cryptographic material to an unprotected disk file. Or the reason may be a technical limitation such as the fact that the state may only be valid if the new SecurityProvider instance has access to a resource in the current VM like a database connection or network socket. If such a limitation is reached, an exception should be thrown from importState.
Once the state of a SecurityProvider has been exported, performing further operations may be invalid or may invalidate the exported state.
The return value should be a type that can easily be serialized such as a byte array or a java.io.Serializable object that can be used efficiently with I/O streams.
SecurityProviderException- if the state could not or cannot be exported.
public void importState(java.lang.Object ostate) throws SecurityProviderException
SecurityProvider.exportState(). Before the state is imported, this SecurityProvider must be initialized with the same properties as the original SecurityProvider.
ostate- an Object (or byte array) that represets the state to be imported.
SecurityProviderException- if the state could not be imported such as because the state being imported has been transferred beyond it's acceptable boundries.
public java.lang.Object getProperty(java.lang.String name, java.lang.Object def) throws SecurityProviderException
name- the name of the property to retrieve.
def- the default value to return of the named property is not set.
SecurityProviderException- if the name is invalid or it's value cannot be retrieved.
public Account getAccount(java.lang.String acctname, java.lang.String attrs) throws SecurityProviderException
If the acctname parameter is null, this method will return a default Account or null if this SecurityProvider has not been sufficiently initialized (such as by performing authentication).
If the attrs parameter is the special constant Account.ALL_ATTRS, this indicates that "all attributes" should be returned although the interpretation of this value depends greatly on the SecurityProvider (such as with the case of constructed attributes in Active Directory which can only be retrieved by explicitly requesting them by name).
If the attrs parameter is null, a default set of attributes will be retrieved.
This default set may be determined only by what is convenient or efficent for the SecurityProvider implementation.
With the exception of the attribute used to uniquely identify the account, the specific set of attributes returned if the attrs parameter is null is not defined unless stated otherwise in the API documentation of the SecurityProvider being used.
Generally an attrs parameter of null should only be used when the caller has no interest in attributes or their values such as when checking for the existance of an account, deleting an account or checking group membership with
If the acctname and attrs parameters are both null, a cached Account object may be returned.
Account.update(java.lang.String)operations to ensure that the Account object has current data. If data is not current, unexpected update behavior can result.
Account.isMemberOf(java.lang.String). Otherwise, if cached group membership data is not utilized, the performance of isMemberOf may be poor.
The behavior of this method depends greatly on the specific SecurityProvider implementation being used.
acctname- the name of the account to retrieve or null to indicate that a default account should be retrieved
attrs- the names of the account attributes to retrieve or null to indicate that a default set of attriubutes should be retrieved or the special constant Account.ALL_ATTRS to indicate that "all attributes" should be retrieved.
SecurityProviderException- if the named account could not be found or if a catostrophic error occurs.
public void authenticate(java.lang.Object credential) throws SecurityProviderException
A SecurityProvider authority could be an LDAP database, a simple in-memory list of accounts, or a stub for the local host security authority such as nsswitch on UNIX or the LSA on Microsoft Windows.
credential- a credential to be validated. Providers should support the generic
SecurityProviderException- if the validation fails. The exception code should be
SecurityProviderException.STATUS_ACCOUNT_NOT_FOUNDif the credential identity was not found by the provider authority or
SecurityProviderException.STATUS_INVALID_CREDENTIALSif the credential was cryptographically incorrect. If the authority only indicated that the authentication failed in general and does not distinguish between the two cases, STATUS_INVALID_CREDENTIALS should be favored.
public void dispose() throws SecurityProviderException