interface JDBCAuth : AuthProvider
Factory interface for creating io.vertx.ext.auth.AuthProvider instances that use the Vert.x JDBC client. By default the hashing strategy is SHA-512. If you're already running in production this is backwards compatible, however for new deployments or security upgrades it is recommended to use the PBKDF2 strategy as it is the current OWASP recommendation for password storage.
Author
Tim Fox
static val DEFAULT_AUTHENTICATE_QUERY: String
The default query to be used for authentication |
|
static val DEFAULT_PERMISSIONS_QUERY: String
The default query to retrieve all permissions for the role |
|
static val DEFAULT_ROLES_QUERY: String
The default query to retrieve all roles for the user |
|
static val DEFAULT_ROLE_PREFIX: String
The default role prefix |
open fun computeHash(password: String, salt: String): String
Compute the hashed password given the unhashed password and the salt without nonce The implementation relays to the JDBCHashStrategy provided. abstract fun computeHash(password: String, salt: String, version: Int): String
Compute the hashed password given the unhashed password and the salt The implementation relays to the JDBCHashStrategy provided. |
|
open static fun create(vertx: Vertx, client: JDBCClient): JDBCAuth
Create a JDBC auth provider implementation |
|
abstract fun generateSalt(): String
Compute a salt string. The implementation relays to the JDBCHashStrategy provided. |
|
abstract fun setAuthenticationQuery(authenticationQuery: String): JDBCAuth
Set the authentication query to use. Use this if you want to override the default authentication query. |
|
abstract fun setHashStrategy(strategy: JDBCHashStrategy): JDBCAuth
Set the hash strategy to use. Use this if you want override the default hash strategy |
|
abstract fun setNonces(nonces: JsonArray): JDBCAuth
Provide a application configuration level on hash nonce's as a ordered list of nonces where each position corresponds to a version. The nonces are supposed not to be stored in the underlying jdbc storage but to be provided as a application configuration. The idea is to add one extra variable to the hash function in order to make breaking the passwords using rainbow tables or precomputed hashes harder. Leaving the attacker only with the brute force approach. The implementation relays to the JDBCHashStrategy provided. |
|
abstract fun setPermissionsQuery(permissionsQuery: String): JDBCAuth
Set the permissions query to use. Use this if you want to override the default permissions query. |
|
abstract fun setRolePrefix(rolePrefix: String): JDBCAuth
Set the role prefix to distinguish from permissions when checking for isPermitted requests. |
|
abstract fun setRolesQuery(rolesQuery: String): JDBCAuth
Set the roles query to use. Use this if you want to override the default roles query. |