diff --git a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java index 93255af..1e29723 100644 --- a/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java +++ b/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/jdbc/JDBCLoginModule.java @@ -28,13 +28,8 @@ import javax.security.auth.callback.*; import javax.security.auth.login.LoginException; import javax.sql.DataSource; -import javax.sql.XADataSource; import java.io.IOException; -import java.security.Principal; import java.sql.Connection; -import java.sql.PreparedStatement; -import java.sql.ResultSet; -import java.sql.SQLException; import java.util.HashSet; import java.util.List; import java.util.Map; @@ -53,8 +48,8 @@ public static final String DELETE_USER_STATEMENT = "delete.user"; private String datasourceURL; - protected String passwordQuery = "SELECT PASSWORD FROM USERS WHERE USERNAME=?"; - protected String roleQuery = "SELECT ROLE FROM ROLES WHERE USERNAME=?"; + protected String passwordQuery; + protected String roleQuery; public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { super.initialize(subject, callbackHandler, options); @@ -64,12 +59,11 @@ } else if (!datasourceURL.startsWith(JDBCUtils.JNDI) && !datasourceURL.startsWith(JDBCUtils.OSGI)) { LOGGER.error("Invalid datasource lookup protocol"); } - if (options.containsKey(PASSWORD_QUERY)) { - passwordQuery = (String) options.get(PASSWORD_QUERY); + passwordQuery = (String) options.get(PASSWORD_QUERY); + if (passwordQuery == null) { + LOGGER.error("No password query was specified "); } - if (options.containsKey(ROLE_QUERY)) { - roleQuery = (String) options.get(ROLE_QUERY); - } + roleQuery = (String) options.get(ROLE_QUERY); } public boolean login() throws LoginException { @@ -115,15 +109,17 @@ } principals.add(new UserPrincipal(user)); - List roles = JDBCUtils.rawSelect(connection, roleQuery, user); - for (String role : roles) { - if (role.startsWith(BackingEngine.GROUP_PREFIX)) { - principals.add(new GroupPrincipal(role.substring(BackingEngine.GROUP_PREFIX.length()))); - for (String r : JDBCUtils.rawSelect(connection, roleQuery, role)) { - principals.add(new RolePrincipal(r)); + if (roleQuery != null) { + List roles = JDBCUtils.rawSelect(connection, roleQuery, user); + for (String role : roles) { + if (role.startsWith(BackingEngine.GROUP_PREFIX)) { + principals.add(new GroupPrincipal(role.substring(BackingEngine.GROUP_PREFIX.length()))); + for (String r : JDBCUtils.rawSelect(connection, roleQuery, role)) { + principals.add(new RolePrincipal(r)); + } + } else { + principals.add(new RolePrincipal(role)); } - } else { - principals.add(new RolePrincipal(role)); } } } diff --git a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/jdbc/JdbcLoginModuleTest.java b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/jdbc/JdbcLoginModuleTest.java index 7fe9a7f..6a6535c 100644 --- a/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/jdbc/JdbcLoginModuleTest.java +++ b/jaas/modules/src/test/java/org/apache/karaf/jaas/modules/jdbc/JdbcLoginModuleTest.java @@ -97,6 +97,8 @@ // Create options options = new HashMap<>(); options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName()); + options.put(JDBCLoginModule.PASSWORD_QUERY, "SELECT PASSWORD FROM USERS WHERE USERNAME=?"); + options.put(JDBCLoginModule.ROLE_QUERY, "SELECT ROLE FROM ROLES WHERE USERNAME=?"); options.put(BundleContext.class.getName(), context); expect(context.getServiceReferences(DataSource.class.getName(), null)).andReturn(new ServiceReference[] { reference });