Authenticate User from Java application using JDBC

Question

Question

David Clifte da... · Aug 26, 2016

#HealthShare #Java #JDBC #ODBC #Authentication #System Administration #Caché

Hello everyone,

I'm trying to authenticate a user(Health Share clinician) from a Java Application.

I 'm already connected to Caché and able to run SQL commands.

My question is: How can I authenticate a user using only SQL? In fact, what I want is verify if the users exists in the base and if the given password is the same used in Health Share.

There is a column 'password' in Security.users table but I'm not able to see its content, even so, I don't know which hash function to use to compare with.

Discussion (7)0

Log in or sign up to continue

Dmitry Maslennikov · Aug 26, 2016

I did not show how you made connection to the Caché, and looks like, your Java application has hardcoded login password which used to connect to server.

so, I may only suggest, that you use code like this

Class.forName ("com.intersys.jdbc.CacheDriver").newInstance();
CacheDataSource ds = new CacheDataSource();
ds.setURL("jdbc:Cache://127.0.0.1:1972/SAMPLES");
Connection dbconn = ds.getConnection("_SYSTEM","SYS");

Last string is Caché login password, so you should use here user's login and password. Any works from your application should be with user's login.

1 0

score 0 · Answer 1 · 2016-08-26T09:13:20-04:00

David Clifte da... Aug 26, 2016 to Dmitry Maslennikov

So I have to open a connection with caché using the clinician credentials?

0 0

score 0 · Answer 2 · 2016-08-26T09:16:25-04:00

Yes, you still have to ask user for login password, and should check it in Caché, so, you just should try to connect with user's login/pass, and so, you can validate him.

score 0 · Answer 3 · 2016-08-26T09:17:39-04:00

David Clifte da... Aug 26, 2016 to Dmitry Maslennikov

Thank you so much!
I'm going to test this.

0 0

score 0 · Answer 4 · 2016-08-26T14:17:23-04:00

Hello, I'm back.

I tryied, but as our clinicians aren't database users they aren't able to connect with caché.

Considering I'm connected with the database and able to run SQL commands, is there a way of run a SQL command that matches the user name and password?

PS.: I don't know the hash function.

score 0 · Answer 5 · 2016-08-26T17:58:14-04:00

I don't understand what you mean when you say that your clinicians aren't database users, but it sounds like you need to give them access to the %Service_SQL service.

score 0 · Answer 6 · 2016-08-29T07:09:24-04:00

When you use

Connection dbconn = ds.getConnection("_SYSTEM","SYS");

"_SYSTEM" is a database user.

An clinician 'dr Thomas' isn't a database user therefore the connection won't establish.

I really appreciate to do the user validation by myself.

In other words:

Get the user password, encode using the hash function and match with the database one.