Skip to Content

Changes for page org.clazzes.login.sql

Last modified by christoph_lechleitner@iteg_at on 2013-07-15 01.30:42
From version 4.1
edited by christoph_lechleitner@iteg_at
on 2013-01-22 12.10:58
Change comment: Clarifying semantics of defaultDomain config property and domain parameter
To version 1.1
edited by christoph_lechleitner@iteg_at
on 2013-01-18 02.49:21
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -16,10 +16,8 @@
16 16  
17 17  === {{id name="org.clazzes.login.sql-Functionality"/}}Functionality ===
18 18  
19 -The SQL login service authenticates against users in a SQL database, using configurable SQL queries.
19 +The SQL login service authenticates against users in a SQL database.
20 20  
21 -There are no plans to support authentication domains, because typical standalone login systems do not care for domains.
22 -
23 23  === {{id name="org.clazzes.login.sql-Configuration"/}}Configuration ===
24 24  
25 25  The SQL login service may be configured using the OSGi configuration PID {{code language="none"}}org.clazzes.login.sql{{/code}} using these configuration values:
... ... @@ -26,8 +26,6 @@
26 26  
27 27  (% class="wiki-content" %)
28 28  (((
29 -
30 -
31 31  |=(((
32 32  (% class="tablesorter-header-inner" %)
33 33  (((
... ... @@ -36,103 +36,22 @@
36 36  )))|=(((
37 37  (% class="tablesorter-header-inner" %)
38 38  (((
35 +Default Value
36 +)))
37 +)))|=(((
38 +(% class="tablesorter-header-inner" %)
39 +(((
39 39  Description
40 40  )))
41 41  )))
42 42  |(((
43 43  {{code language="none"}}
44 -deactivateUserStatement
45 -{{/code}}
46 -)))|(((
47 -Not implemented yet. Optional. Required for //deactivateUser// feature.
48 -
49 -SQL template for a prepared statement to deactivate a user.
50 -
51 -Example:
52 -{{code language="none"}}UPDATE users SET encryptedPassword='{disabled}' WHERE userId=?{{/code}}
53 -)))
54 -|(((
55 -{{code language="none"}}
56 56  defaultDomain
57 57  {{/code}}
58 58  )))|(((
59 -Optional. Defaults to an empty string.
60 -
61 -If set to an empty string, the domain parameter of request queries does not get checked but is filled in in returned principals.
62 -
63 -If set to a non-empty string, requests for other domains are refused.
64 -
65 -Support for databases maintaining multiple authentication domains might be added in the future, but I do not believe multi-domain setups even exist outside the LDAP/ADS world.
66 -)))
67 -|(((
68 -{{code language="none"}}
69 -groupsByUserIdQuery
70 -{{/code}}
48 +(% style="font-family: monospace;" %)-
71 71  )))|(((
72 -Optional. Required for //getGroups// feature.
73 -
74 -SQL template for a prepared statement to query the group IDs and group names of the groups of which the user specified by a userId is a member.
75 -
76 -Example:
77 -{{code language="none"}}SELECT g.groupId, g.groupName FROM groups AS g, users AS u, memberships AS mgroupName
78 - WHERE u.userId=?
79 -AND m.userId = u.id
80 - AND g.id = m.groupId
81 - ORDER BY g.groupId {{/code}}
50 +The login domain to use for principals, which do not contain a domain.
51 +May be left null for domain-less databases
82 82  )))
83 -|(((
84 -{{code language="none"}}
85 -defaultPasswordAlgorithm
86 -{{/code}}
87 -)))|(((
88 -Optional. Defaults to {{code language="none"}}crypt{{/code}}
89 -
90 -Values supported so far: {{code language="none"}}crypt{{/code}}, {{code language="none"}}ssha1{{/code}}, {{code language="none"}}plain{{/code}}.
91 -
92 -Password fields may contain:
93 -
94 -* the password encrypted using the default password algorithm, or
95 -* a LDAP style algorithm prefix and the password encrypted with the algorithm specified in the prefix. Example: {{code language="none"}}{PLAIN}badPassword{{/code}}
96 96  )))
97 -|(((
98 -{{code language="none"}}
99 -setUserPasswordStatement
100 -{{/code}}
101 -)))|(((
102 -Optional. Required for //changePassword// feature.
103 -
104 -SQL template for a prepared statement to set a new password for the user.
105 -
106 -Example:
107 -{{code language="none"}}UPDATE users SET encryptedPassword=? WHERE userId=?{{/code}}
108 -)))
109 -|(((
110 -{{code language="none"}}
111 -userByUserIdQuery
112 -{{/code}}
113 -)))|(((
114 -SQL template for a prepared statement to query userId, encrypted password, pretty name and e-mail address of a user specified by a userId.
115 -If the pretty name is not part of the database, reuse the userId field.
116 -If the e-mail address is not part of the database, use a constant like '' or null.
117 -
118 -Example:
119 -{{code language="none"}}SELECT userId, encryptedPassword, userName, mailAdr FROM users WHERE userId=?{{/code}}
120 -)))
121 -|(((
122 -{{code language="none"}}
123 -usersByGroupIdQuery
124 -{{/code}}
125 -)))|(((
126 -Optional. Required for //getGroupMembers// feature.
127 -
128 -SQL template for a prepared statement to query the user IDs, user names and e-mail-addresses of the members of the group specified by a groupId.
129 -
130 -Example:
131 -{{code language="none"}}SELECT u.userId, u.userName, u.mailAdr
132 - FROM groups AS g, users AS u, memberships AS mgroupName
133 - WHERE g.groupId=?
134 -AND m.groupId = g.id
135 - AND u.id = m.userId
136 - ORDER BY g.userId {{/code}}
137 -)))
138 -)))
Confluence.Code.ConfluencePageClass[0]
Id
... ... @@ -1,1 +1,1 @@
1 -688979
1 +688785
URL
... ... @@ -1,1 +1,1 @@
1 -https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688979/org.clazzes.login.sql (work in progress)
1 +https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688785/org.clazzes.login.sql (work in progress)