java.lang.Object
- org.jivesoftware.openfire.auth.JDBCAuthProvider

All Implemented Interfaces:

AuthProvider, PropertyEventListener
```
public class JDBCAuthProvider
extends Object
implements AuthProvider, PropertyEventListener
```
The JDBC auth provider allows you to authenticate users against any database that you can connect to with JDBC. It can be used along with the hybrid auth provider, so that you can also have XMPP-only users that won't pollute your external data.
To enable this provider, set the following in the system properties:
- provider.auth.className = org.jivesoftware.openfire.auth.JDBCAuthProvider
You'll also need to set your JDBC driver, connection string, and SQL statements:
- jdbcProvider.driver = com.mysql.jdbc.Driver
- jdbcProvider.connectionString = jdbc:mysql://localhost/dbname?user=username&password=secret
- jdbcAuthProvider.passwordSQL = SELECT password FROM user_account WHERE username=?
- jdbcAuthProvider.passwordType = plain
- jdbcAuthProvider.allowUpdate = true
- jdbcAuthProvider.setPasswordSQL = UPDATE user_account SET password=? WHERE username=?
- jdbcAuthProvider.bcrypt.cost = 12
jdbcAuthProvider.passwordType can accept a comma separated string of password types. This can be useful in situations where legacy (ex/md5) password hashes were stored and then "upgraded" to a stronger hash algorithm. Hashes are executed left to right.

Example Setting: "md5,sha1"
Usage: password ->
(md5) 286755fad04869ca523320acce0dc6a4 ->
(sha1) 0524b1fc84d315b08db890413e65260040b08caa ->

Bcrypt is supported as a passwordType; however, when chaining password types it MUST be the last type given. (bcrypt hashes are different every time they are generated)

Optional bcrypt configuration:
- jdbcAuthProvider.bcrypt.cost: The BCrypt cost. Default: BCrypt.GENSALT_DEFAULT_LOG2_ROUNDS (currently: 10)
In order to use the configured JDBC connection provider do not use a JDBC connection string, set the following property
- jdbcAuthProvider.useConnectionProvider = true
The passwordType setting tells Openfire how the password is stored. Setting the value is optional (when not set, it defaults to "plain"). The valid values are:
Author:

David Snopek

Nested Class Summary

Nested Classes
Modifier and Type Class Description

static class JDBCAuthProvider.PasswordType
Indicates how the password is stored.

Constructor Summary

Constructors
Constructor Description

JDBCAuthProvider()
Constructs a new JDBC authentication provider.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected boolean`	`assumePersistedDataIsEscaped()`	XMPP disallows some characters in identifiers, requiring them to be escaped.
`void`	`authenticate(String username, String password)`	Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.
`protected boolean`	`comparePasswords(String plainText, String hashed)`
`protected void`	`createUser(String username)`	Checks to see if the user exists; if not, a new user is created.
`int`	`getIterations(String username)`
`String`	`getPassword(String username)`	Returns the user's password.
`String`	`getSalt(String username)`
`String`	`getServerKey(String username)`
`String`	`getStoredKey(String username)`
`protected String`	`hashPassword(String password, JDBCAuthProvider.PasswordType type)`
`boolean`	`isScramSupported()`
`void`	`propertyDeleted(String property, Map<String,Object> params)`	A property was deleted.
`void`	`propertySet(String property, Map<String,Object> params)`	Support a subset of JDBCAuthProvider properties when updated via REST, web GUI, or other sources.
`void`	`setPassword(String username, String password)`	Sets the users's password.
`boolean`	`supportsPasswordRetrieval()`	Returns true if this UserProvider is able to retrieve user passwords from the backend user store.
`void`	`xmlPropertyDeleted(String property, Map<String,Object> params)`	An XML property was deleted.
`void`	`xmlPropertySet(String property, Map<String,Object> params)`	An XML property was set.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - JDBCAuthProvider
```
public JDBCAuthProvider()
```
    Constructs a new JDBC authentication provider.
- Method Detail
  - assumePersistedDataIsEscaped
```
protected boolean assumePersistedDataIsEscaped()
```
    XMPP disallows some characters in identifiers, requiring them to be escaped. This implementation assumes that the database returns properly escaped identifiers, but can apply escaping by setting the value of the 'jdbcAuthProvider.isEscaped' property to 'false'.
    
    Returns:
    
    'false' if this implementation needs to escape database content before processing.
  - authenticate
```
public void authenticate(String username,
                         String password)
                  throws UnauthorizedException
```
    Description copied from interface: AuthProvider
    
    Returns if the username and password are valid; otherwise this method throws an UnauthorizedException.
    
    Specified by:
    
    authenticate in interface AuthProvider
    
    Parameters:
    
    username - the username or full JID.
    
    password - the password
    
    Throws:
    
    UnauthorizedException - if the username and password do not match any existing user.
  - comparePasswords
```
protected boolean comparePasswords(String plainText,
                                   String hashed)
```
  - hashPassword
```
protected String hashPassword(String password,
                              JDBCAuthProvider.PasswordType type)
```
  - getPassword
```
public String getPassword(String username)
                   throws UserNotFoundException,
                          UnsupportedOperationException
```
    Description copied from interface: AuthProvider
    
    Returns the user's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.
    
    Specified by:
    
    getPassword in interface AuthProvider
    
    Parameters:
    
    username - the username of the user.
    
    Returns:
    
    the user's password.
    
    Throws:
    
    UserNotFoundException - if the given user's password could not be loaded.
    
    UnsupportedOperationException - if the provider does not support the operation (this is an optional operation).
  - setPassword
```
public void setPassword(String username,
                        String password)
                 throws UserNotFoundException,
                        UnsupportedOperationException
```
    Description copied from interface: AuthProvider
    
    Sets the users's password. This method should throw an UnsupportedOperationException if this operation is not supported by the backend user store.
    
    Specified by:
    
    setPassword in interface AuthProvider
    
    Parameters:
    
    username - the username of the user.
    
    password - the new plaintext password for the user.
    
    Throws:
    
    UserNotFoundException - if the given user could not be loaded.
    
    UnsupportedOperationException - if the provider does not support the operation (this is an optional operation).
  - supportsPasswordRetrieval
```
public boolean supportsPasswordRetrieval()
```
    Description copied from interface: AuthProvider
    
    Returns true if this UserProvider is able to retrieve user passwords from the backend user store. If this operation is not supported then AuthProvider.getPassword(String) will throw an UnsupportedOperationException if invoked.
    
    Specified by:
    
    supportsPasswordRetrieval in interface AuthProvider
    
    Returns:
    
    true if this UserProvider is able to retrieve user passwords from the backend user store.
  - createUser
```
protected void createUser(String username)
```
    Checks to see if the user exists; if not, a new user is created.
    
    Parameters:
    
    username - the username.
  - isScramSupported
```
public boolean isScramSupported()
```
    Specified by:
    
    isScramSupported in interface AuthProvider
  - getSalt
```
public String getSalt(String username)
               throws UnsupportedOperationException,
                      UserNotFoundException
```
    Specified by:
    
    getSalt in interface AuthProvider
    
    Throws:
    
    UnsupportedOperationException
    
    UserNotFoundException
  - getIterations
```
public int getIterations(String username)
                  throws UnsupportedOperationException,
                         UserNotFoundException
```
    Specified by:
    
    getIterations in interface AuthProvider
    
    Throws:
    
    UnsupportedOperationException
    
    UserNotFoundException
  - getServerKey
```
public String getServerKey(String username)
                    throws UnsupportedOperationException,
                           UserNotFoundException
```
    Specified by:
    
    getServerKey in interface AuthProvider
    
    Throws:
    
    UnsupportedOperationException
    
    UserNotFoundException
  - getStoredKey
```
public String getStoredKey(String username)
                    throws UnsupportedOperationException,
                           UserNotFoundException
```
    Specified by:
    
    getStoredKey in interface AuthProvider
    
    Throws:
    
    UnsupportedOperationException
    
    UserNotFoundException
  - propertySet
```
public void propertySet(String property,
                        Map<String,Object> params)
```
    Support a subset of JDBCAuthProvider properties when updated via REST, web GUI, or other sources. Provider strings (and related settings) must be set via XML.
    
    Specified by:
    
    propertySet in interface PropertyEventListener
    
    Parameters:
    
    property - the name of the property.
    
    params - event parameters.
  - propertyDeleted
```
public void propertyDeleted(String property,
                            Map<String,Object> params)
```
    Description copied from interface: PropertyEventListener
    
    A property was deleted.
    
    Specified by:
    
    propertyDeleted in interface PropertyEventListener
    
    Parameters:
    
    property - the name of the property deleted.
    
    params - event parameters.
  - xmlPropertySet
```
public void xmlPropertySet(String property,
                           Map<String,Object> params)
```
    Description copied from interface: PropertyEventListener
    
    An XML property was set. The parameter map params will contain the the value of the property under the key value.
    
    Specified by:
    
    xmlPropertySet in interface PropertyEventListener
    
    Parameters:
    
    property - the name of the property.
    
    params - event parameters.
  - xmlPropertyDeleted
```
public void xmlPropertyDeleted(String property,
                               Map<String,Object> params)
```
    Description copied from interface: PropertyEventListener
    
    An XML property was deleted.
    
    Specified by:
    
    xmlPropertyDeleted in interface PropertyEventListener
    
    Parameters:
    
    property - the name of the property.
    
    params - event parameters.

Class JDBCAuthProvider

Nested Class Summary

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

JDBCAuthProvider

Method Detail

assumePersistedDataIsEscaped

authenticate

comparePasswords

hashPassword

getPassword

setPassword

supportsPasswordRetrieval

createUser

isScramSupported

getSalt

getIterations

getServerKey

getStoredKey

propertySet

propertyDeleted

xmlPropertySet

xmlPropertyDeleted