Annotation Type DatabaseIdentityStoreDefinition
-
@Retention(RUNTIME) @Target(TYPE) public @interface DatabaseIdentityStoreDefinitionAnnotation used to define a container-providedIdentityStorethat stores caller credentials and identity attributes in a relational database, and make that implementation available as an enabled CDI bean.The container-provided
IdentityStoremust support validatingUsernamePasswordCredential, and may support validating other credential types.
-
-
Optional Element Summary
Optional Elements Modifier and Type Optional Element Description java.lang.StringcallerQuerySQL query to validate the {caller, password} pair.java.lang.StringdataSourceLookupFull JNDI name of the data source that provides access to the data base where the caller identities are stored.java.lang.StringgroupsQuerySQL query to retrieve the groups associated with the caller when authentication succeeds.java.lang.Class<? extends PasswordHash>hashAlgorithmAPasswordHashimplementation used to verify plaintext passwords by generating a hash of the password and comparing it against the hashed value returned from the database via thecallerQuery().java.lang.String[]hashAlgorithmParametersUsed to specify algorithm-specific parameters.intpriorityDetermines the order in case multiple IdentityStores are found.java.lang.StringpriorityExpressionAllowpriorityto be specified as a Jakarta Expression Language expression.IdentityStore.ValidationType[]useForDetermines what the identity store is used forjava.lang.StringuseForExpressionAllowuseForto be specified as an Jakarta Expression Language expression.
-
-
-
-
callerQuery
java.lang.String callerQuery
SQL query to validate the {caller, password} pair. Only needed whenuseFor()containsIdentityStore.ValidationType.VALIDATE.The name of the caller that is to be authenticated has to be set as the one and only placeholder. The (hashed) password should be in the first column of the result.
Example query:
select password from callers where name = ?- Returns:
- SQL query to validate
- Default:
- ""
-
-
-
groupsQuery
java.lang.String groupsQuery
SQL query to retrieve the groups associated with the caller when authentication succeeds. Only needed whenuseFor()containsIdentityStore.ValidationType.PROVIDE_GROUPS.The name of the caller that has been authenticated has to be set as the one and only placeholder. The group name should be in the first column of the result.
Example query:
select group_name from caller_groups where caller_name = ?- Returns:
- SQL query to retrieve the groups
- Default:
- ""
-
-
-
hashAlgorithm
java.lang.Class<? extends PasswordHash> hashAlgorithm
APasswordHashimplementation used to verify plaintext passwords by generating a hash of the password and comparing it against the hashed value returned from the database via thecallerQuery().- Returns:
- The password hash used to verify plaintext passwords.
- Default:
- jakarta.security.enterprise.identitystore.Pbkdf2PasswordHash.class
-
-
-
hashAlgorithmParameters
java.lang.String[] hashAlgorithmParameters
Used to specify algorithm-specific parameters.Parameters are specified as a list of name/value pairs, using the format below:
parameterName=parameterValue
For example:
Algorithm.param1="value" Algorithm.param2=32
This attribute supports immediate Jakarta Expression Language expressions (${} syntax) for both the
parameterValueas well as for a full array element. If an EL expression is used for a full array element, the expression must evaluate to either a single string, a string array or a stringStreamwhere in each case every string must adhere to the above specified format.- Returns:
- The algorithm parameters.
- Default:
- {}
-
-
-
useFor
IdentityStore.ValidationType[] useFor
Determines what the identity store is used for- Returns:
- the type the identity store is used for
- Default:
- {jakarta.security.enterprise.identitystore.IdentityStore.ValidationType.VALIDATE, jakarta.security.enterprise.identitystore.IdentityStore.ValidationType.PROVIDE_GROUPS}
-
-