JDBC Auth Provider implementation
We provide an implementation of AuthProvider
which uses the Vert.x JDBCClient
to perform authentication and authorisation against any JDBC compliant database.
To use this project, add the following dependency to the dependencies section of your build descriptor:
-
Maven (in your
pom.xml
):
<dependency>
<groupId>io.vertx</groupId>
<artifactId>vertx-auth-jdbc</artifactId>
<version>3.3.0.CR2</version>
</dependency>
-
Gradle (in your
build.gradle
file):
compile 'io.vertx:vertx-auth-jdbc:3.3.0.CR2'
To create an instance you first need an instance of JDBCClient
. To learn how to create one
of those please consult the documentation for the JDBC client.
Once you’ve got one of those you can create a JDBCAuth
instance as follows:
require 'vertx-jdbc/jdbc_client'
require 'vertx-auth-jdbc/jdbc_auth'
jdbcClient = VertxJdbc::JDBCClient.create_shared(vertx, jdbcClientConfig)
authProvider = VertxAuthJdbc::JDBCAuth.create(jdbcClient)
Once you’ve got your instance you can authenticate and authorise with it just like any AuthProvider
.
The out of the box config assumes certain queries for authentication and authorisation, these can easily be changed
with the operations setAuthenticationQuery
,
setPermissionsQuery
and
setRolesQuery
, if you want to use them with a different
database schema.
The default implementation assumes that the password is stored in the database as a SHA-512 hash after being concatenated with a salt. It also assumes the salt is stored in the table too.
If you want to override this behaviour you can do so by providing an alternative hash strategy and setting it with
setHashStrategy
.
Warning
|
It is advised to always store your passwords as hashes in your database tables which have been created with a salt which should be stored in the row too. A strong hashing algorithm should be used. It is strongly advised never to store your passwords as plain text. |
Authentication
When authenticating using this implementation, it assumes username
and password
fields are present in the
authentication info:
authInfo = {
'username' => "tim",
'password' => "sausages"
}
authProvider.authenticate(authInfo) { |res_err,res|
if (res_err == nil)
user = res
else
# Failed!
end
}
Authorisation - Permission-Role Model
Although Vert.x auth itself does not mandate any specific model of permissions (they are just opaque strings), this implementation assumes a familiar user/role/permission model, where a user can have zero or more roles and a role can have zero or more permissions.
If validating if a user has a particular permission simply pass the permission into.
isAuthorised
as follows:
user.is_authorised("commit_code") { |res_err,res|
if (res_err == nil)
hasPermission = res
else
# Failed to
end
}
If validating that a user has a particular role then you should prefix the argument with the role prefix.
user.is_authorised("role:manager") { |res_err,res|
if (res_err == nil)
hasRole = res
else
# Failed to
end
}
The default role prefix is role:
. You can change this with setRolePrefix
.
<a href="mailto:julien@julienviet.com">Julien Viet</a><a href="http://tfox.org">Tim Fox</a>