vertx / io.vertx.ext.auth.jdbc / JDBCAuth

JDBCAuth

interface JDBCAuth : AuthProvider

Factory interface for creating io.vertx.ext.auth.AuthProvider instances that use the Vert.x JDBC client. By default the hashing strategy is SHA-512. If you're already running in production this is backwards compatible, however for new deployments or security upgrades it is recommended to use the PBKDF2 strategy as it is the current OWASP recommendation for password storage.

Author
Tim Fox

Properties

DEFAULT_AUTHENTICATE_QUERY

static val DEFAULT_AUTHENTICATE_QUERY: String

The default query to be used for authentication

DEFAULT_PERMISSIONS_QUERY

static val DEFAULT_PERMISSIONS_QUERY: String

The default query to retrieve all permissions for the role

DEFAULT_ROLES_QUERY

static val DEFAULT_ROLES_QUERY: String

The default query to retrieve all roles for the user

DEFAULT_ROLE_PREFIX

static val DEFAULT_ROLE_PREFIX: String

The default role prefix

Functions

computeHash

open fun computeHash(password: String, salt: String): String

Compute the hashed password given the unhashed password and the salt without nonce The implementation relays to the JDBCHashStrategy provided.

abstract fun computeHash(password: String, salt: String, version: Int): String

Compute the hashed password given the unhashed password and the salt The implementation relays to the JDBCHashStrategy provided.

create

open static fun create(vertx: Vertx, client: JDBCClient): JDBCAuth

Create a JDBC auth provider implementation

generateSalt

abstract fun generateSalt(): String

Compute a salt string. The implementation relays to the JDBCHashStrategy provided.

setAuthenticationQuery

abstract fun setAuthenticationQuery(authenticationQuery: String): JDBCAuth

Set the authentication query to use. Use this if you want to override the default authentication query.

setHashStrategy

abstract fun setHashStrategy(strategy: JDBCHashStrategy): JDBCAuth

Set the hash strategy to use. Use this if you want override the default hash strategy

setNonces

abstract fun setNonces(nonces: JsonArray): JDBCAuth

Provide a application configuration level on hash nonce's as a ordered list of nonces where each position corresponds to a version. The nonces are supposed not to be stored in the underlying jdbc storage but to be provided as a application configuration. The idea is to add one extra variable to the hash function in order to make breaking the passwords using rainbow tables or precomputed hashes harder. Leaving the attacker only with the brute force approach. The implementation relays to the JDBCHashStrategy provided.

setPermissionsQuery

abstract fun setPermissionsQuery(permissionsQuery: String): JDBCAuth

Set the permissions query to use. Use this if you want to override the default permissions query.

setRolePrefix

abstract fun setRolePrefix(rolePrefix: String): JDBCAuth

Set the role prefix to distinguish from permissions when checking for isPermitted requests.

setRolesQuery

abstract fun setRolesQuery(rolesQuery: String): JDBCAuth

Set the roles query to use. Use this if you want to override the default roles query.