...
You can download the sample here.
The sample scenario
Consider a scenario where a company has a simple user store which contains the customer_id, customer_name and password (for the moment let's not worry about salting etc., as the purpose of this scenario is to demonstrate getting a custom user store into action). The company may want to keep this as it is, as there may be other services depending on this and still require to have identities managed. Obviously it is not a good practice to duplicate this sort of sensitive data to another database to be used by the Identity Server as the cost of securing both databases is high and can potentially lead to conflicts. This is where a custom User Store Manager comes handy, with the high extensibility of the Carbon platform.
...
| Code Block |
|---|
@Override
public boolean doAuthenticate(String userName, Object credential) throws UserStoreException {
if (CarbonConstants.REGISTRY_ANONNYMOUS_USERNAME.equals(userName)) {
log.error("Anonymous user trying to login");
return false;
}
Connection dbConnection = null;
ResultSet rs = null;
PreparedStatement prepStmt = null;
String sqlstmt = null;
String password = (String) credential;
boolean isAuthed = false;
try {
dbConnection = getDBConnection();
dbConnection.setAutoCommit(false);
sqlstmt = realmConfig.getUserStoreProperty(JDBCRealmConstants.SELECT_USER);
prepStmt = dbConnection.prepareStatement(sqlstmt);
prepStmt.setString(1, userName);
rs = prepStmt.executeQuery();
if (rs.next()) {
String storedPassword = rs.getString(2"PASSWORD");
if ((storedPassword != null) && (storedPassword.trim().equals(password))) {
isAuthed = true;
}
}
} catch (SQLException e) {
throw new UserStoreException("Authentication Failure. Using sql :" + sqlstmt);
} finally {
DatabaseUtil.closeAllConnections(dbConnection, rs, prepStmt);
}
if (log.isDebugEnabled()) {
log.debug("User " + userName + " login attempt. Login success :: " + isAuthed);
}
return isAuthed;
} |
...