Annotation Type DatabaseIdentityStoreDefinition
-
@Retention(RUNTIME) @Target(TYPE) public @interface DatabaseIdentityStoreDefinition
Annotation used to define a container-providedIdentityStore
that stores caller credentials and identity attributes in a relational database, and make that implementation available as an enabled CDI bean.The container-provided
IdentityStore
must support validatingUsernamePasswordCredential
, and may support validating other credential types.
-
-
Optional Element Summary
Optional Elements Modifier and Type Optional Element Description java.lang.String
callerQuery
SQL query to validate the {caller, password} pair.java.lang.String
dataSourceLookup
Full JNDI name of the data source that provides access to the data base where the caller identities are stored.java.lang.String
groupsQuery
SQL query to retrieve the groups associated with the caller when authentication succeeds.java.lang.Class<? extends PasswordHash>
hashAlgorithm
APasswordHash
implementation used to verify plaintext passwords by generating a hash of the password and comparing it against the hashed value returned from the database via thecallerQuery()
.java.lang.String[]
hashAlgorithmParameters
Used to specify algorithm-specific parameters.int
priority
Determines the order in case multiple IdentityStores are found.java.lang.String
priorityExpression
Allowpriority
to be specified as a Jakarta Expression Language expression.IdentityStore.ValidationType[]
useFor
Determines what the identity store is used forjava.lang.String
useForExpression
AllowuseFor
to be specified as an Jakarta Expression Language expression.
-
-
-
-
callerQuery
java.lang.String callerQuery
SQL query to validate the {caller, password} pair. Only needed whenuseFor()
containsIdentityStore.ValidationType.VALIDATE
.The name of the caller that is to be authenticated has to be set as the one and only placeholder. The (hashed) password should be in the first column of the result.
Example query:
select password from callers where name = ?
- Returns:
- SQL query to validate
- Default:
- ""
-
-
-
groupsQuery
java.lang.String groupsQuery
SQL query to retrieve the groups associated with the caller when authentication succeeds. Only needed whenuseFor()
containsIdentityStore.ValidationType.PROVIDE_GROUPS
.The name of the caller that has been authenticated has to be set as the one and only placeholder. The group name should be in the first column of the result.
Example query:
select group_name from caller_groups where caller_name = ?
- Returns:
- SQL query to retrieve the groups
- Default:
- ""
-
-
-
hashAlgorithm
java.lang.Class<? extends PasswordHash> hashAlgorithm
APasswordHash
implementation used to verify plaintext passwords by generating a hash of the password and comparing it against the hashed value returned from the database via thecallerQuery()
.- Returns:
- The password hash used to verify plaintext passwords.
- Default:
- jakarta.security.enterprise.identitystore.Pbkdf2PasswordHash.class
-
-
-
hashAlgorithmParameters
java.lang.String[] hashAlgorithmParameters
Used to specify algorithm-specific parameters.Parameters are specified as a list of name/value pairs, using the format below:
parameterName=parameterValue
For example:
Algorithm.param1="value" Algorithm.param2=32
This attribute supports immediate Jakarta Expression Language expressions (${} syntax) for both the
parameterValue
as well as for a full array element. If an EL expression is used for a full array element, the expression must evaluate to either a single string, a string array or a stringStream
where in each case every string must adhere to the above specified format.- Returns:
- The algorithm parameters.
- Default:
- {}
-
-
-
useFor
IdentityStore.ValidationType[] useFor
Determines what the identity store is used for- Returns:
- the type the identity store is used for
- Default:
- {jakarta.security.enterprise.identitystore.IdentityStore.ValidationType.VALIDATE, jakarta.security.enterprise.identitystore.IdentityStore.ValidationType.PROVIDE_GROUPS}
-
-