Why josso has no DataSource Credential Store?

Hello everyone,

Do you take care of studying the josso-gateway-config.xml

and find the Credential Stroe block is lacking of a way to store the username/passport pairs by DataSource?

this is the josso-gateway-config.xml listed as below:

<?xml version="1.0" encoding="ISO-8859-1" ?>

<!--

~Redistribution and use in source and binary forms, with or

~without modification, are permitted provided that the following

~conditions are met:

~* Redistributions of source code must retain the above copyright

~notice, this list of conditions and the following disclaimer.

~* Redistributions in binary form must reproduce the above copyright

~notice, this list of conditions and the following disclaimer in

~the documentation and/or other materials provided with the

~distribution.

~* Neither the name of the JOSSO team nor the names of its

~contributors may be used to endorse or promote products derived

~from this software without specific prior written permission.

~THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND

~CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,

~INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF

~MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE

~DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS

~BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

~EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED

~TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

~DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON

~ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,

~OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

~OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE

~POSSIBILITY OF SUCH DAMAGE.

-->

<name>JOSSO</name>

<!-- Optional : The URL where the user will be redirected after a successfull login only if josso_back_to request parameter

is not present when accessing the login url

<loginBackToURL>http://localhost:8080/partnerapp/protected/</loginBackToURL>

-->

<!-- Optional : The URL where the user will be redirected after a logout only if josso_back_to is not present

when accessing the logout url

<logoutBackToURL>http://localhost:8080/partnerapp/protected/</logoutBackToURL>

-->

<!-- Optional : Use a secure session token, a secure channel like SSL must be available for this to work

<secure>false</secure>

-->

<class>org.josso.auth.AuthenticatorImpl</class>

<authentication-schemes>

<authentication-scheme>

<name>basic-authentication</name>

<class>org.josso.auth.scheme.UsernamePasswordAuthScheme</class>

<!--

The message digest algorithm to be used when hashing passwords.

This must be an algorithm supported by the java.security.MessageDigest class

on your platform.

In J2SE 1.4.2 you can check :

Java Cryptography Architecture API Specification & Reference - Apendix B : Algorithms

Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512,etc.

To provide LDAP support, also CRYPT is available.

-->

<!-- Some hash algorithms, like CRYPT, use this property. The default value is 2.

-->

<ignorePasswordCase>false</ignorePasswordCase>

<ignoreUserCase>false</ignoreUserCase>

<!--

<credential-store>

<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>

SELECT login AS username , password AS password FROM josso_user WHERE login = ?

</credentialsQueryString>

<connectionName>josso</connectionName>

<connectionPassword>josso</connectionPassword>

<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>

<driverName>oracle.jdbc.driver.OracleDriver</driverName>

</credential-store>

<credential-store>

<class>org.josso.gateway.identity.service.store.db.DataSourceIdentityStore</class>

<credentialsQueryString>SELECT login AS username , password AS password FROM josso_user WHERE login = ?</credentialsQueryString>

<dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>

</credential-store>

-->

<!--

<credential-store>

<class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>

<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>

<providerUrl>ldap://ldaphost</providerUrl>

<securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>

<securityCredential>secret</securityCredential>

<securityAuthentication>simple</securityAuthentication>

<ldapSearchScope>SUBTREE</ldapSearchScope>

<usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>

<rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>

<uidAttributeID>uniquemember</uidAttributeID>

<credentialQueryString>uid=username,userPassword=password</credentialQueryString>

<userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>

</credential-store>

-->

<credential-store>

<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>

<credentialsFileName>josso-credentials.xml</credentialsFileName>

</credential-store>

<credential-store-key-adapter>

<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>

</credential-store-key-adapter>

</authentication-scheme>

<authentication-scheme>

<name>strong-authentication</name>

<class>org.josso.auth.scheme.X509CertificateAuthScheme</class>

<!--

<credential-store>

<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>

SELECT login AS username , password AS password FROM josso_user WHERE login = ?

</credentialsQueryString>

<connectionName>josso</connectionName>

<connectionPassword>josso</connectionPassword>

<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>

<driverName>oracle.jdbc.driver.OracleDriver</driverName>

</credential-store>

-->

<!--

<credential-store>

<class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>

<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>

<providerUrl>ldap://ldaphost</providerUrl>

<securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>

<securityCredential>secret</securityCredential>

<securityAuthentication>simple</securityAuthentication>

<ldapSearchScope>SUBTREE</ldapSearchScope>

<usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>

<rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>

<uidAttributeID>uniquemember</uidAttributeID>

<credentialQueryString>uid=username,userCertificate;binary=userCertificate</credentialQueryString>

<userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>

</credential-store>

-->

<credential-store>

<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>

<credentialsFileName>josso-credentials.xml</credentialsFileName>

</credential-store>

<credential-store-key-adapter>

<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>

</credential-store-key-adapter>

</authentication-scheme>

</authentication-schemes>

</authenticator>

<sso-identity-manager>

<class>org.josso.gateway.identity.service.SSOIdentityManagerImpl</class>

<!--

<sso-identity-store>

<class>org.josso.gateway.identity.service.store.db.DataSourceIdentityStore</class>

SELECT login FROM josso_user WHERE login = ?

</userQueryString>

SELECT 'user.description' AS name , description AS value FROM josso_user WHERE login = ?

UNION

SELECT name AS name , value AS value FROM josso_user_property WHERE login = ?

</userPropertiesQueryString>

SELECT josso_role.name FROM josso_role , josso_user_role , josso_user WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login AND josso_role.name = josso_user_role.name

</rolesQueryString>

<dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>

</sso-identity-store>

-->

<!--sso-identity-store>

<class>org.josso.gateway.identity.service.store.db.JDBCIdentityStore</class>

SELECT login FROM josso_user WHERE login = ?

</userQueryString>

You could use a UNION to select properties from different tables/columns :

SELECT 'user.lastName' AS name , lastName AS value FROM josso_user WHERE login = ?

UNION

SELECT 'user.name' AS name , name AS value FROM josso_user WHERE login = ?

UNION

SELECT name AS name , value AS value FROM josso_user_properties WHERE login = ?

SELECT 'user.description' AS name , description AS value FROM josso_user WHERE login = ?

UNION

SELECT name AS name , value AS value FROM josso_user_property WHERE login = ?

</userPropertiesQueryString>

SELECT josso_role.name FROM josso_role , josso_user_role , josso_user WHERE josso_user.login = ? AND josso_user.login = josso_user_role.login AND josso_role.name = josso_user_role.name

</rolesQueryString>

<connectionName>josso</connectionName>

<connectionPassword>josso</connectionPassword>

<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>

<driverName>oracle.jdbc.driver.OracleDriver</driverName>

</sso-identity-store-->

<!--

<sso-identity-store>

<class>org.josso.gateway.identity.service.store.ldap.LDAPIdentityStore</class>

<initialContextFactory>com.sun.jndi.ldap.LdapCtxFactory</initialContextFactory>

<providerUrl>ldap://ldaphost</providerUrl>

<securityPrincipal>cn=Manager,dc=my-domain,dc=com</securityPrincipal>

<securityCredential>secret</securityCredential>

<securityAuthentication>simple</securityAuthentication>

<ldapSearchScope>SUBTREE</ldapSearchScope>

<usersCtxDN>ou=People,dc=my-domain,dc=com</usersCtxDN>

<rolesCtxDN>ou=Roles,dc=my-domain,dc=com</rolesCtxDN>

<uidAttributeID>uniquemember</uidAttributeID>

<credentialQueryString>uid=username,userPassword=password</credentialQueryString>

<userPropertiesQueryString>mail=mail,cn=description</userPropertiesQueryString>

</sso-identity-store>

-->

<sso-identity-store>

<class>org.josso.gateway.identity.service.store.MemoryIdentityStore</class>

<usersFileName>josso-users.xml</usersFileName>

</sso-identity-store>

<sso-identity-store-key-adapter>

<class>org.josso.gateway.identity.service.store.SimpleIdentityStoreKeyAdapter</class>

</sso-identity-store-key-adapter>

</sso-identity-manager>

<sso-session-manager>

<class>org.josso.gateway.session.service.SSOSessionManagerImpl</class>

<!--

Set the maximum time interval, in minutes, between client requests before the SSO Service will invalidate

the session. A negative time indicates that the session should never time out.

-->

<!-- Max number of sessions per user, default 1

A negative value indicates that an unlimited number of sessions per user is allowed.

-->

<!--

If true, when the max number of sessions per user is exceeded,

an already existing session will be invalidated to create a new one.

If false, when the max number of sessions per user is exceeded,

an exception is thrown and the new session is not created.

-->

<invalidateExceedingSessions>false</invalidateExceedingSessions>

<!--

Time interval, in milliseconds, between exired sessions cleanup.

-->

<!--

<sso-session-store>

<class>org.josso.gateway.session.service.store.SerializedSessionStore</class>

file where serialized sessions will be stored (optional)

<serializedFile>/tmp/josso_sessions.ser</serializedFile>

</sso-session-store>

-->

<!--

<sso-session-store>

<class>org.josso.gateway.session.service.store.db.DataSourceSessionStore</class>

<dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>

<sizeQuery>SELECT COUNT(*) FROM JOSSO_SESSION</sizeQuery>

<keysQuery>SELECT session_id FROM JOSSO_SESSION</keysQuery>

<loadAllQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION</loadAllQuery>

<loadQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE session_id = ?</loadQuery>

<loadByUserNameQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE username = ?</loadByUserNameQuery>

<loadByLastAccessTimeQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE last_access_time < ?</loadByLastAccessTimeQuery>

<loadByValidQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE valid = ?</loadByValidQuery>

<deleteDml>DELETE FROM JOSSO_SESSION WHERE session_id = ?</deleteDml>

<deleteAllDml>DELETE FROM JOSSO_SESSION</deleteAllDml>

<insertDml>INSERT INTO JOSSO_SESSION (session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid) VALUES (?, ?, ?, ?, ?, ?, ?) </insertDml>

<dsJndiName>java:jdbc/JossoSamplesDB</dsJndiName>

</sso-session-store>

-->

<!--

<sso-session-store>

<class>org.josso.gateway.session.service.store.db.JdbcSessionStore</class>

<connectionName>josso</connectionName>

<connectionPassword>josso</connectionPassword>

<connectionURL>jdbc:oracle:thin:@localhost:1521:josso_db</connectionURL>

<driverName>oracle.jdbc.driver.OracleDriver</driverName>

<sizeQuery>SELECT COUNT(*) FROM JOSSO_SESSION</sizeQuery>

<keysQuery>SELECT session_id FROM JOSSO_SESSION</keysQuery>

<loadAllQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION</loadAllQuery>

<loadQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE session_id = ?</loadQuery>

<loadByUserNameQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE username = ?</loadByUserNameQuery>

<loadByValidQuery>SELECT session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid FROM JOSSO_SESSION WHERE valid = ?</loadByValidQuery>

<deleteDml>DELETE FROM JOSSO_SESSION WHERE session_id = ?</deleteDml>

<deleteAllDml>DELETE FROM JOSSO_SESSION</deleteAllDml>

<insertDml>INSERT INTO JOSSO_SESSION (session_id, userName, creation_time, last_access_time, access_count, max_inactive_interval, valid) VALUES (?, ?, ?, ?, ?, ?, ?) </insertDml>

</sso-session-store>

-->

<sso-session-store>

<class>org.josso.gateway.session.service.store.MemorySessionStore</class>

</sso-session-store>

<sso-session-id-generator>

<class>org.josso.gateway.session.service.SessionIdGeneratorImpl</class>

<!--

The message digest algorithm to be used when generating session

identifiers. This must be an algorithm supported by the

java.security.MessageDigest class on your platform.

In J2SE 1.4.2 you can check :

Java Cryptography Architecture API Specification & Reference - Apendix A : Standard Names

Values are : MD2, MD5, SHA-1, SHA-256, SHA-384, SHA-512

-->

</sso-session-id-generator>

</sso-session-manager>

<sso-audit-manager>

<class>org.josso.gateway.audit.service.SSOAuditManagerImpl</class>

<!--

List of handlers that will process this request

Every handler must have its own unique name.

-->

<class>org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler</class>

<name>LoggerAuditTrailHandler</name>

<category>org.josso.gateway.audit.SSO_AUDIT</category>

</handler>

<!--

<class>MyOtherHandler</class>

<name>MyOhterHandlerName</name>

<myProperty>value</myProperty>

</handler>

-->

</handlers>

</sso-audit-manager>

<sso-event-manager>

<class>org.josso.gateway.event.security.JMXSSOEventManagerImpl</class>

<!--

JMX Name of the EventManager MBean that will send SSO Events as JMX Notifications

The MBean will be registered by the MBeanComponentKeeper.

-->

<oname>josso:type=SSOEventManager</oname>

<!--

<class>com.myCompany.MyEventListener</class>

<name>MyEventListener</name>

<property1>MyListenerProperty1Value</property1>

</listener>

<class>com.myCompany.MyOtherEventListener</class>

<name>MyOtherEventListener</name>

<propertyA>MyOtherListenerPropertyAValue</propertyA>

</listener>

</listeners>

-->

</sso-event-manager>

</domain>

Is it means there is only way in Josso to save the username/passport by use of JDBC?

If you find the datasource can be used, plz tell me how?

[27948 byte] By [eingmarraa] at [2007-11-27 6:05:53]

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Why josso has no DataSource Credential Store?

Security Hot Topic

Security

All Classified