Skip to Content

Changes for page org.clazzes.login.sql

Last modified by christoph_lechleitner@iteg_at on 2013-07-15 01.30:42
From version 1.1
edited by christoph_lechleitner@iteg_at
on 2013-01-18 02.49:21
Change comment: There is no comment for this version
To version 6.1
edited by christoph_lechleitner@iteg_at
on 2013-02-02 06.01:11
Change comment: Usable now, not pure WIP

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -org.clazzes.login.sql (work in progress)
1 +org.clazzes.login.sql
Content
... ... @@ -16,8 +16,10 @@
16 16  
17 17  === {{id name="org.clazzes.login.sql-Functionality"/}}Functionality ===
18 18  
19 -The SQL login service authenticates against users in a SQL database.
19 +The SQL login service authenticates against users in a SQL database, using configurable SQL queries.
20 20  
21 +There are no plans to support authentication domains, because typical standalone login systems do not care for domains.
22 +
21 21  === {{id name="org.clazzes.login.sql-Configuration"/}}Configuration ===
22 22  
23 23  The SQL login service may be configured using the OSGi configuration PID {{code language="none"}}org.clazzes.login.sql{{/code}} using these configuration values:
... ... @@ -24,6 +24,8 @@
24 24  
25 25  (% class="wiki-content" %)
26 26  (((
29 +
30 +
27 27  |=(((
28 28  (% class="tablesorter-header-inner" %)
29 29  (((
... ... @@ -32,22 +32,103 @@
32 32  )))|=(((
33 33  (% class="tablesorter-header-inner" %)
34 34  (((
35 -Default Value
36 -)))
37 -)))|=(((
38 -(% class="tablesorter-header-inner" %)
39 -(((
40 40  Description
41 41  )))
42 42  )))
43 43  |(((
44 44  {{code language="none"}}
44 +deactivateUserStatement
45 +{{/code}}
46 +)))|(((
47 +Not implemented yet. Optional. Required for //deactivateUser// feature.
48 +
49 +SQL template for a prepared statement to deactivate a user.
50 +
51 +Example:
52 +{{code language="none"}}UPDATE users SET encryptedPassword='{disabled}' WHERE userId=?{{/code}}
53 +)))
54 +|(((
55 +{{code language="none"}}
45 45  defaultDomain
46 46  {{/code}}
47 47  )))|(((
48 -(% style="font-family: monospace;" %)-
59 +Optional. Defaults to an empty string.
60 +
61 +If set to an empty string, the domain parameter of request queries does not get checked but is filled in in returned principals.
62 +
63 +If set to a non-empty string, requests for other domains are refused.
64 +
65 +Support for databases maintaining multiple authentication domains might be added in the future, but I do not believe multi-domain setups even exist outside the LDAP/ADS world.
66 +)))
67 +|(((
68 +{{code language="none"}}
69 +groupsByUserIdQuery
70 +{{/code}}
49 49  )))|(((
50 -The login domain to use for principals, which do not contain a domain.
51 -May be left null for domain-less databases
72 +Optional. Required for //getGroups// feature.
73 +
74 +SQL template for a prepared statement to query the group IDs and group names of the groups of which the user specified by a userId is a member.
75 +
76 +Example:
77 +{{code language="none"}}SELECT g.groupId, g.groupName FROM groups AS g, users AS u, memberships AS mgroupName
78 + WHERE u.userId=?
79 +AND m.userId = u.id
80 + AND g.id = m.groupId
81 + ORDER BY g.groupId {{/code}}
52 52  )))
83 +|(((
84 +{{code language="none"}}
85 +defaultPasswordAlgorithm
86 +{{/code}}
87 +)))|(((
88 +Optional. Defaults to {{code language="none"}}crypt{{/code}}
89 +
90 +Values supported so far: {{code language="none"}}crypt{{/code}}, {{code language="none"}}ssha1{{/code}}, {{code language="none"}}plain{{/code}}.
91 +
92 +Password fields may contain:
93 +
94 +* the password encrypted using the default password algorithm, or
95 +* a LDAP style algorithm prefix and the password encrypted with the algorithm specified in the prefix. Example: {{code language="none"}}{PLAIN}badPassword{{/code}}
53 53  )))
97 +|(((
98 +{{code language="none"}}
99 +setUserPasswordStatement
100 +{{/code}}
101 +)))|(((
102 +Optional. Required for //changePassword// feature.
103 +
104 +SQL template for a prepared statement to set a new password for the user.
105 +
106 +Example:
107 +{{code language="none"}}UPDATE users SET encryptedPassword=? WHERE userId=?{{/code}}
108 +)))
109 +|(((
110 +{{code language="none"}}
111 +userByUserIdQuery
112 +{{/code}}
113 +)))|(((
114 +SQL template for a prepared statement to query userId, encrypted password, pretty name and e-mail address of a user specified by a userId.
115 +If the pretty name is not part of the database, reuse the userId field.
116 +If the e-mail address is not part of the database, use a constant like '' or null.
117 +
118 +Example:
119 +{{code language="none"}}SELECT userId, encryptedPassword, userName, mailAdr FROM users WHERE userId=?{{/code}}
120 +)))
121 +|(((
122 +{{code language="none"}}
123 +usersByGroupIdQuery
124 +{{/code}}
125 +)))|(((
126 +Optional. Required for //getGroupMembers// feature.
127 +
128 +SQL template for a prepared statement to query the user IDs, user names and e-mail-addresses of the members of the group specified by a groupId.
129 +
130 +Example:
131 +{{code language="none"}}SELECT u.userId, u.userName, u.mailAdr
132 + FROM groups AS g, users AS u, memberships AS mgroupName
133 + WHERE g.groupId=?
134 +AND m.groupId = g.id
135 + AND u.id = m.userId
136 + ORDER BY g.userId {{/code}}
137 +)))
138 +)))
Confluence.Code.ConfluencePageClass[0]
Id
... ... @@ -1,1 +1,1 @@
1 -688785
1 +688821
Title
... ... @@ -1,1 +1,1 @@
1 -org.clazzes.login.sql (work in progress)
1 +org.clazzes.login.sql
URL
... ... @@ -1,1 +1,1 @@
1 -https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688785/org.clazzes.login.sql (work in progress)
1 +https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688821/org.clazzes.login.sql