Skip to main content

JDBC Auth Provider implementation

We provide an implementation of AuthProvider which uses the Vert.x JDBCClient to perform authentication and authorisation against any JDBC compliant database.

To use this project, add the following dependency to the dependencies section of your build descriptor:

  • Maven (in your pom.xml):

<dependency>
  <groupId>io.vertx</groupId>
  <artifactId>vertx-auth-jdbc</artifactId>
  <version>3.3.3</version>
</dependency>
  • Gradle (in your build.gradle file):

compile 'io.vertx:vertx-auth-jdbc:3.3.3'

To create an instance you first need an instance of JDBCClient. To learn how to create one of those please consult the documentation for the JDBC client.

Once you’ve got one of those you can create a JDBCAuth instance as follows:

require 'vertx-jdbc/jdbc_client'
require 'vertx-auth-jdbc/jdbc_auth'

jdbcClient = VertxJdbc::JDBCClient.create_shared(vertx, jdbcClientConfig)

authProvider = VertxAuthJdbc::JDBCAuth.create(jdbcClient)

Once you’ve got your instance you can authenticate and authorise with it just like any AuthProvider.

The out of the box config assumes certain queries for authentication and authorisation, these can easily be changed with the operations setAuthenticationQuery, setPermissionsQuery and setRolesQuery, if you want to use them with a different database schema.

The default implementation assumes that the password is stored in the database as a SHA-512 hash after being concatenated with a salt. It also assumes the salt is stored in the table too.

If you want to override this behaviour you can do so by providing an alternative hash strategy and setting it with setHashStrategy.

Warning
It is advised to always store your passwords as hashes in your database tables which have been created with a salt which should be stored in the row too. A strong hashing algorithm should be used. It is strongly advised never to store your passwords as plain text.

Authentication

When authenticating using this implementation, it assumes username and password fields are present in the authentication info:

authInfo = {
  'username' => "tim",
  'password' => "sausages"
}

authProvider.authenticate(authInfo) { |res_err,res|
  if (res_err == nil)
    user = res
  else
    # Failed!
  end
}

Authorisation - Permission-Role Model

Although Vert.x auth itself does not mandate any specific model of permissions (they are just opaque strings), this implementation assumes a familiar user/role/permission model, where a user can have zero or more roles and a role can have zero or more permissions.

If validating if a user has a particular permission simply pass the permission into. isAuthorised as follows:

user.is_authorised("commit_code") { |res_err,res|
  if (res_err == nil)
    hasPermission = res
  else
    # Failed to
  end
}

If validating that a user has a particular role then you should prefix the argument with the role prefix.

user.is_authorised("role:manager") { |res_err,res|
  if (res_err == nil)
    hasRole = res
  else
    # Failed to
  end
}

The default role prefix is role:. You can change this with setRolePrefix. <a href="mailto:julien@julienviet.com">Julien Viet</a><a href="http://tfox.org">Tim Fox</a>