Annotation Type DatabaseIdentityStoreDefinition
- 
 @Retention(RUNTIME) @Target(TYPE) public @interface DatabaseIdentityStoreDefinition Annotation used to define a container-providedIdentityStorethat stores caller credentials and identity attributes in a relational database, and make that implementation available as an enabled CDI bean.The container-provided IdentityStoremust support validatingUsernamePasswordCredential, and may support validating other credential types.
- 
- 
Optional Element SummaryOptional Elements Modifier and Type Optional Element Description StringcallerQuerySQL query to validate the {caller, password} pair.StringdataSourceLookupFull JNDI name of the data source that provides access to the data base where the caller identities are stored.StringgroupsQuerySQL query to retrieve the groups associated with the caller when authentication succeeds.Class<? extends PasswordHash>hashAlgorithmAPasswordHashimplementation used to verify plaintext passwords by generating a hash of the password and comparing it against the hashed value returned from the database via thecallerQuery().String[]hashAlgorithmParametersUsed to specify algorithm-specific parameters.intpriorityDetermines the order in case multiple IdentityStores are found.StringpriorityExpressionAllowpriorityto be specified as a Jakarta Expression Language expression.IdentityStore.ValidationType[]useForDetermines what the identity store is used forStringuseForExpressionAllowuseForto be specified as an Jakarta Expression Language expression.
 
- 
- 
- 
Element Detail- 
dataSourceLookupString dataSourceLookup Full JNDI name of the data source that provides access to the data base where the caller identities are stored.- Returns:
- Full JNDI name of the data source
 - Default:
- "java:comp/DefaultDataSource"
 
 
- 
 - 
- 
callerQueryString callerQuery SQL query to validate the {caller, password} pair. Only needed whenuseFor()containsIdentityStore.ValidationType.VALIDATE.The name of the caller that is to be authenticated has to be set as the one and only placeholder. The (hashed) password should be in the first column of the result. Example query: select password from callers where name = ?- Returns:
- SQL query to validate
 - Default:
- ""
 
 
- 
 - 
- 
groupsQueryString groupsQuery SQL query to retrieve the groups associated with the caller when authentication succeeds. Only needed whenuseFor()containsIdentityStore.ValidationType.PROVIDE_GROUPS.The name of the caller that has been authenticated has to be set as the one and only placeholder. The group name should be in the first column of the result. Example query: select group_name from caller_groups where caller_name = ?- Returns:
- SQL query to retrieve the groups
 - Default:
- ""
 
 
- 
 - 
- 
hashAlgorithmClass<? extends PasswordHash> hashAlgorithm APasswordHashimplementation used to verify plaintext passwords by generating a hash of the password and comparing it against the hashed value returned from the database via thecallerQuery().- Returns:
- The password hash used to verify plaintext passwords.
 - Default:
- jakarta.security.enterprise.identitystore.Pbkdf2PasswordHash.class
 
 
- 
 - 
- 
hashAlgorithmParametersString[] hashAlgorithmParameters Used to specify algorithm-specific parameters.Parameters are specified as a list of name/value pairs, using the format below: parameterName=parameterValue For example: Algorithm.param1="value" Algorithm.param2=32 This attribute supports immediate Jakarta Expression Language expressions (${} syntax) for both the parameterValueas well as for a full array element. If an EL expression is used for a full array element, the expression must evaluate to either a single string, a string array or a stringStreamwhere in each case every string must adhere to the above specified format.- Returns:
- The algorithm parameters.
 - Default:
- {}
 
 
- 
 - 
- 
priorityExpressionString priorityExpression Allowpriorityto be specified as a Jakarta Expression Language expression. If set, overrides any value set withpriority.- Returns:
- the priorityJakarta Expression Language expression
 - Default:
- ""
 
 
- 
 - 
- 
useForIdentityStore.ValidationType[] useFor Determines what the identity store is used for- Returns:
- the type the identity store is used for
 - Default:
- {jakarta.security.enterprise.identitystore.IdentityStore.ValidationType.VALIDATE, jakarta.security.enterprise.identitystore.IdentityStore.ValidationType.PROVIDE_GROUPS}
 
 
- 
 - 
- 
useForExpressionString useForExpression AllowuseForto be specified as an Jakarta Expression Language expression. If set, overrides any value set with useFor.- Returns:
- the useForJakarta Expression Language expression
 - Default:
- ""
 
 
- 
 
-