Wiki source code of org.clazzes.login.sql

Version 8.1 by christoph_lechleitner@iteg_at on 2013-02-12 05.00:28

Manage
- Copy
Actions
- Export
- Print Preview
Viewers
- Source
- Children
- Content
- Comments
- Attachments
- History
- Information

version	line-number	content
1.1	1	The jaas-login-service is provided as an OSGi bundle, which may be activated by
	2
	3	(% class="code" %)
	4	(((
	5	obr:addurl http:~/~/maven.clazzes.org/repository.xml
	6	obr:deploy sql-login-service
	7	)))
	8
	9	The maven artifact is:
	10
	11	(% class="code" %)
	12	(((
	13	<groupId>org.clazzes.login</groupId>
	14	<artifactId>sql-login-service</artifactId>
	15	)))
	16
	17	=== {{id name="org.clazzes.login.sql-Functionality"/}}Functionality ===
	18
2.1	19	The SQL login service authenticates against users in a SQL database, using configurable SQL queries.
1.1	20
2.1	21	There are no plans to support authentication domains, because typical standalone login systems do not care for domains.
	22
1.1	23	=== {{id name="org.clazzes.login.sql-Configuration"/}}Configuration ===
	24
8.1	25	The SQL login service may be configured using the OSGi configuration PID {{code language="none"}}org.clazzes.login.sql{{/code}} using the configuration values shown in the table below.
1.1	26
8.1	27	Beginning with the upcoming 1.1.0 release, all query strings default to the database structure used by the upcoming [[SDS (SQL Directory Service)>>confluencePage:page:LOGIN.SDS (SQL Directory Service) (work in progress)]] bundle. When using another database structure that does not allow some of the queries, it is important set those configuration values to empty strings; deleting them will not help because default values would kick in right away.
	28
	29	1.1.0 will also start to "naturally" order resulting lists, so there is no need to use ORDER BY clauses which often provoke temporary tables and filesort.
	30
1.1	31	(% class="wiki-content" %)
	32	(((
	33	\|=(((
	34	(% class="tablesorter-header-inner" %)
	35	(((
	36	Key
	37	)))
	38	)))\|=(((
	39	(% class="tablesorter-header-inner" %)
	40	(((
	41	Description
	42	)))
	43	)))
	44	\|(((
	45	{{code language="none"}}
3.1	46	deactivateUserStatement
	47	{{/code}}
	48	)))\|(((
8.1	49	Required non-empty for //deactivateUser// feature.
3.1	50
	51	SQL template for a prepared statement to deactivate a user.
	52
8.1	53	Default, appropriate for SDS' tables:
	54	{{code language="none"}}UPDATE USERS SET PASSWORD='{disabled}' WHERE USERID=?{{/code}}
3.1	55	)))
	56	\|(((
	57	{{code language="none"}}
1.1	58	defaultDomain
	59	{{/code}}
	60	)))\|(((
2.1	61	Optional. Defaults to an empty string.
	62
4.1	63	If set to an empty string, the domain parameter of request queries does not get checked but is filled in in returned principals.
	64
	65	If set to a non-empty string, requests for other domains are refused.
	66
	67	Support for databases maintaining multiple authentication domains might be added in the future, but I do not believe multi-domain setups even exist outside the LDAP/ADS world.
2.1	68	)))
	69	\|(((
	70	{{code language="none"}}
	71	groupsByUserIdQuery
	72	{{/code}}
1.1	73	)))\|(((
8.1	74	Required non-empty for //getGroups// feature.
2.1	75
	76	SQL template for a prepared statement to query the group IDs and group names of the groups of which the user specified by a userId is a member.
	77
8.1	78	Default, appropriate for SDS' tables:
	79	{{code language="none"}}SELECT g.GROUPID, g.GROUPNAME FROM GROUPS AS g, USERS AS u, GROUPMEMBERSHIPS AS m WHERE u.USERID='?' AND m.USER_ID = u.ID AND g.ID = m.GROUP_ID{{/code}}
1.1	80	)))
2.1	81	\|(((
	82	{{code language="none"}}
	83	defaultPasswordAlgorithm
	84	{{/code}}
	85	)))\|(((
	86	Optional. Defaults to {{code language="none"}}crypt{{/code}}
	87
	88	Values supported so far: {{code language="none"}}crypt{{/code}}, {{code language="none"}}ssha1{{/code}}, {{code language="none"}}plain{{/code}}.
	89
	90	Password fields may contain:
	91
	92	* the password encrypted using the default password algorithm, or
	93	* a LDAP style algorithm prefix and the password encrypted with the algorithm specified in the prefix. Example: {{code language="none"}}{PLAIN}badPassword{{/code}}
1.1	94	)))
2.1	95	\|(((
	96	{{code language="none"}}
	97	setUserPasswordStatement
	98	{{/code}}
	99	)))\|(((
8.1	100	Required non-empty for //changePassword// feature.
2.1	101
	102	SQL template for a prepared statement to set a new password for the user.
	103
8.1	104	Default, appropriate for SDS' tables:
	105	{{code language="none"}}UPDATE USERS SET PASSWORD=? WHERE USERID=?{{/code}}
2.1	106	)))
	107	\|(((
	108	{{code language="none"}}
	109	userByUserIdQuery
	110	{{/code}}
	111	)))\|(((
	112	SQL template for a prepared statement to query userId, encrypted password, pretty name and e-mail address of a user specified by a userId.
	113	If the pretty name is not part of the database, reuse the userId field.
	114	If the e-mail address is not part of the database, use a constant like '' or null.
	115
	116	Example:
8.1	117	{{code language="none"}}SELECT USERID, PASSWORD, USERNAME, EMAIL FROM USERS WHERE USERID=?{{/code}}
2.1	118	)))
	119	\|(((
	120	{{code language="none"}}
3.1	121	usersByGroupIdQuery
2.1	122	{{/code}}
	123	)))\|(((
8.1	124	Required non-empty for //getGroupMembers// feature.
2.1	125
3.1	126	SQL template for a prepared statement to query the user IDs, user names and e-mail-addresses of the members of the group specified by a groupId.
2.1	127
	128	Example:
8.1	129	{{code language="none"}}SELECT u.USERID, u.USERNAME, u.EMAIL FROM GROUPS AS g, USERS AS u, GROUPMEMBERSHIPS AS m WHERE g.GROUPID=? AND m.GROUP_ID = g.ID AND u.ID = m.USER_ID{{/code}}
2.1	130	)))
	131	)))

Wiki source code of org.clazzes.login.sql

Applications

Tips

Need help?