Commit f18a7bd5 authored by Jay Kline's avatar Jay Kline Committed by jay

Implemented a setPassword(String,String) method that works. Discussion here:

http://www.igniterealtime.org/community/thread/33591



git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10590 b35dd754-fafc-0310-a699-88a17e54d16e
parent a9d4767d
...@@ -40,6 +40,8 @@ import java.sql.*; ...@@ -40,6 +40,8 @@ import java.sql.*;
* <li><tt>jdbcProvider.connectionString = jdbc:mysql://localhost/dbname?user=username&amp;password=secret</tt></li> * <li><tt>jdbcProvider.connectionString = jdbc:mysql://localhost/dbname?user=username&amp;password=secret</tt></li>
* <li><tt>jdbcAuthProvider.passwordSQL = SELECT password FROM user_account WHERE username=?</tt></li> * <li><tt>jdbcAuthProvider.passwordSQL = SELECT password FROM user_account WHERE username=?</tt></li>
* <li><tt>jdbcAuthProvider.passwordType = plain</tt></li> * <li><tt>jdbcAuthProvider.passwordType = plain</tt></li>
* <li><tt>jdbcAuthProvider.allowUpdate = true</tt></li>
* <li><tt>jdbcAuthProvider.setPasswordSQL = UPDATE user_account SET password=? WHERE username=?</tt></li>
* </ul> * </ul>
* *
* The passwordType setting tells Openfire how the password is stored. Setting the value * The passwordType setting tells Openfire how the password is stored. Setting the value
...@@ -56,7 +58,9 @@ public class JDBCAuthProvider implements AuthProvider { ...@@ -56,7 +58,9 @@ public class JDBCAuthProvider implements AuthProvider {
private String connectionString; private String connectionString;
private String passwordSQL; private String passwordSQL;
private String setPasswordSQL;
private PasswordType passwordType; private PasswordType passwordType;
private boolean allowUpdate;
/** /**
* Constructs a new JDBC authentication provider. * Constructs a new JDBC authentication provider.
...@@ -67,6 +71,8 @@ public class JDBCAuthProvider implements AuthProvider { ...@@ -67,6 +71,8 @@ public class JDBCAuthProvider implements AuthProvider {
JiveGlobals.migrateProperty("jdbcProvider.connectionString"); JiveGlobals.migrateProperty("jdbcProvider.connectionString");
JiveGlobals.migrateProperty("jdbcAuthProvider.passwordSQL"); JiveGlobals.migrateProperty("jdbcAuthProvider.passwordSQL");
JiveGlobals.migrateProperty("jdbcAuthProvider.passwordType"); JiveGlobals.migrateProperty("jdbcAuthProvider.passwordType");
JiveGlobals.migrateProperty("jdbcAuthProvider.setPasswordSQL");
JiveGlobals.migrateProperty("jdbcAuthProvider.allowUpdate");
// Load the JDBC driver and connection string. // Load the JDBC driver and connection string.
String jdbcDriver = JiveGlobals.getProperty("jdbcProvider.driver"); String jdbcDriver = JiveGlobals.getProperty("jdbcProvider.driver");
...@@ -81,6 +87,10 @@ public class JDBCAuthProvider implements AuthProvider { ...@@ -81,6 +87,10 @@ public class JDBCAuthProvider implements AuthProvider {
// Load SQL statements. // Load SQL statements.
passwordSQL = JiveGlobals.getProperty("jdbcAuthProvider.passwordSQL"); passwordSQL = JiveGlobals.getProperty("jdbcAuthProvider.passwordSQL");
setPasswordSQL = JiveGlobals.getProperty("jdbcAuthProvider.setPasswordSQL");
allowUpdate = JiveGlobals.getBooleanProperty("jdbcAuthProvider.allowUpdate",false);
passwordType = PasswordType.plain; passwordType = PasswordType.plain;
try { try {
passwordType = PasswordType.valueOf( passwordType = PasswordType.valueOf(
...@@ -202,8 +212,12 @@ public class JDBCAuthProvider implements AuthProvider { ...@@ -202,8 +212,12 @@ public class JDBCAuthProvider implements AuthProvider {
public void setPassword(String username, String password) public void setPassword(String username, String password)
throws UserNotFoundException, UnsupportedOperationException throws UserNotFoundException, UnsupportedOperationException
{ {
if (allowUpdate && setPasswordSQL != null) {
setPasswordValue(username, password);
} else {
throw new UnsupportedOperationException(); throw new UnsupportedOperationException();
} }
}
public boolean supportsPasswordRetrieval() { public boolean supportsPasswordRetrieval() {
return (passwordSQL != null && passwordType == PasswordType.plain); return (passwordSQL != null && passwordType == PasswordType.plain);
...@@ -257,6 +271,46 @@ public class JDBCAuthProvider implements AuthProvider { ...@@ -257,6 +271,46 @@ public class JDBCAuthProvider implements AuthProvider {
return password; return password;
} }
private void setPasswordValue(String username, String password) throws UserNotFoundException {
Connection con = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
if (username.contains("@")) {
// Check that the specified domain matches the server's domain
int index = username.indexOf("@");
String domain = username.substring(index + 1);
if (domain.equals(XMPPServer.getInstance().getServerInfo().getXMPPDomain())) {
username = username.substring(0, index);
} else {
// Unknown domain.
throw new UserNotFoundException();
}
}
try {
con = DriverManager.getConnection(connectionString);
pstmt = con.prepareStatement(setPasswordSQL);
pstmt.setString(1, username);
if (passwordType == PasswordType.md5) {
password = StringUtils.hash(password, "MD5");
}
else if (passwordType == PasswordType.sha1) {
password = StringUtils.hash(password, "SHA-1");
}
pstmt.setString(2, password);
rs = pstmt.executeQuery();
}
catch (SQLException e) {
Log.error("Exception in JDBCAuthProvider", e);
throw new UserNotFoundException();
}
finally {
DbConnectionManager.closeConnection(rs, pstmt, con);
}
}
/** /**
* Indicates how the password is stored. * Indicates how the password is stored.
*/ */
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment