Annotation Interface DatabaseIdentityStoreDefinition
IdentityStore
that
stores caller credentials and identity attributes in a relational database,
and make that implementation available as an enabled CDI bean.
The container-provided IdentityStore
must support validating UsernamePasswordCredential
,
and may support validating other credential types.
-
Optional Element Summary
Modifier and TypeOptional ElementDescriptionSQL query to validate the {caller, password} pair.Full JNDI name of the data source that provides access to the data base where the caller identities are stored.SQL query to retrieve the groups associated with the caller when authentication succeeds.Class<? extends PasswordHash>
APasswordHash
implementation used to verify plaintext passwords by generating a hash of the password and comparing it against the hashed value returned from the database via thecallerQuery()
.String[]
Used to specify algorithm-specific parameters.int
Determines the order in case multiple IdentityStores are found.Allow priority to be specified as an EL expression.Determines what the identity store is used forAllow useFor to be specified as an EL expression.
-
Element Details
-
dataSourceLookup
String dataSourceLookupFull JNDI name of the data source that provides access to the data base where the caller identities are stored.- Returns:
- Full JNDI name of the data source
- Default:
- "java:comp/DefaultDataSource"
-
callerQuery
String callerQuerySQL query to validate the {caller, password} pair. Only needed whenuseFor()
containsIdentityStore.ValidationType.VALIDATE
.The name of the caller that is to be authenticated has to be set as the one and only placeholder. The (hashed) password should be in the first column of the result.
Example query:
select password from callers where name = ?
- Returns:
- SQL query to validate
- Default:
- ""
-
groupsQuery
String groupsQuerySQL query to retrieve the groups associated with the caller when authentication succeeds. Only needed whenuseFor()
containsIdentityStore.ValidationType.PROVIDE_GROUPS
.The name of the caller that has been authenticated has to be set as the one and only placeholder. The group name should be in the first column of the result.
Example query:
select group_name from caller_groups where caller_name = ?
- Returns:
- SQL query to retrieve the groups
- Default:
- ""
-
hashAlgorithm
Class<? extends PasswordHash> hashAlgorithmAPasswordHash
implementation used to verify plaintext passwords by generating a hash of the password and comparing it against the hashed value returned from the database via thecallerQuery()
.- Returns:
- The password hash used to verify plaintext passwords.
- Default:
- javax.security.enterprise.identitystore.Pbkdf2PasswordHash.class
-
hashAlgorithmParameters
String[] hashAlgorithmParametersUsed to specify algorithm-specific parameters.Parameters are specified as a list of name/value pairs, using the format below:
parameterName=parameterValue
For example:
Algorithm.param1="value" Algorithm.param2=32
This attribute supports immediate EL expressions (${} syntax) for both the
parameterValue
as well as for a full array element. If an EL expression is used for a full array element, the expression must evaluate to either a single string, a string array or a stringStream
where in each case every string must adhere to the above specified format.- Returns:
- The algorithm parameters.
- Default:
- {}
-
priority
int priorityDetermines the order in case multiple IdentityStores are found.- Returns:
- the priority.
- Default:
- 70
-
priorityExpression
String priorityExpressionAllow priority to be specified as an EL expression. If set, overrides any value set with priority.- Returns:
- the priority EL expression
- Default:
- ""
-
useFor
IdentityStore.ValidationType[] useForDetermines what the identity store is used for- Returns:
- the type the identity store is used for
- Default:
- {VALIDATE, PROVIDE_GROUPS}
-
useForExpression
String useForExpressionAllow useFor to be specified as an EL expression. If set, overrides any value set with useFor.- Returns:
- the useFor EL expression
- Default:
- ""
-