Skip to Content
Last modified by christoph_lechleitner@iteg_at on 2013-07-15 01.42:07
Show last authors
1 = {{id name="Configuringorg.clazzes.login.sql1.0to1.1-Configurationofsql-login-service1.0or1.1"/}}Configuration of sql-login-service 1.0 or 1.1 =
2
3 The SQL login service may be configured using the OSGi configuration PID {{code language="none"}}org.clazzes.login.sql{{/code}} using the configuration values shown in the table below.
4
5 Beginning with the version 1.1.0 (released 2013-02-13), all query strings default to the database structure used by the upcoming [[SDS (SQL Directory Service)>>doc:LOGIN.SDS (SQL Directory Service).WebHome]] bundle. When using another database structure that does not allow some of the queries, it is important set those configuration values to empty strings; deleting them will not help because default values would kick in right away.
6
7 Results of list queries (group memberships, group members) are sorted naturally in the Java layer, so there is no need to use ORDER BY clauses. ORDER BY clauses often provoke temporary tables and filesort, which is quite expensive for queries used quite often.
8
9 == {{id name="Configuringorg.clazzes.login.sql1.0to1.1-Applicationconfiguration"/}}Application configuration ==
10
11 (% class="wiki-content" %)
12 (((
13
14
15 |=(((
16 (% class="tablesorter-header-inner" %)
17 (((
18 Key
19 )))
20 )))|=(((
21 (% class="tablesorter-header-inner" %)
22 (((
23 Description
24 )))
25 )))
26 |(((
27 {{code language="none"}}
28 deactivateUserStatement
29 {{/code}}
30 )))|(((
31 Required non-empty for //deactivateUser// feature.
32
33 SQL template for a prepared statement to deactivate a user.
34
35 Default, appropriate for SDS' tables:
36 {{code language="none"}}UPDATE USERS SET PASSWORD='{disabled}' WHERE USERID=?{{/code}}
37 )))
38 |(((
39 {{code language="none"}}
40 defaultDomain
41 {{/code}}
42 )))|(((
43 Optional. Defaults to an empty string.
44
45 If set to an empty string, the domain parameter of request queries does not get checked but is filled in in returned principals.
46
47 If set to a non-empty string, requests for other domains are refused.
48
49 Support for databases maintaining multiple authentication domains might be added in the future, but I do not believe multi-domain setups even exist outside the LDAP/ADS world.
50 )))
51 |(((
52 {{code language="none"}}
53 groupsByUserIdQuery
54 {{/code}}
55 )))|(((
56 Required non-empty for //getGroups// feature.
57
58 SQL template for a prepared statement to query the group IDs and group names of the groups of which the user specified by a userId is a member.
59
60 Default, appropriate for SDS' tables:
61 {{code language="none"}}SELECT g.GROUPID, g.GROUPNAME FROM GROUPS AS g, USERS AS u, GROUPMEMBERSHIPS AS m WHERE u.USERID='?' AND m.USER_ID = u.ID AND g.ID = m.GROUP_ID{{/code}}
62 )))
63 |(((
64 {{code language="none"}}
65 defaultPasswordAlgorithm
66 {{/code}}
67 )))|(((
68 Optional. Defaults to {{code language="none"}}crypt{{/code}}
69
70 Values supported so far: {{code language="none"}}crypt{{/code}}, {{code language="none"}}ssha1{{/code}}, {{code language="none"}}plain{{/code}}.
71
72 Password fields may contain:
73
74 * the password encrypted using the default password algorithm, or
75 * a LDAP style algorithm prefix and the password encrypted with the algorithm specified in the prefix. Example: {{code language="none"}}{PLAIN}badPassword{{/code}}
76 )))
77 |(((
78 {{code language="none"}}
79 setUserPasswordStatement
80 {{/code}}
81 )))|(((
82 Required non-empty for //changePassword// feature.
83
84 SQL template for a prepared statement to set a new password for the user.
85
86 Default, appropriate for SDS' tables:
87 {{code language="none"}}UPDATE USERS SET PASSWORD=? WHERE USERID=?{{/code}}
88 )))
89 |(((
90 {{code language="none"}}
91 userByUserIdQuery
92 {{/code}}
93 )))|(((
94 SQL template for a prepared statement to query userId, encrypted password, pretty name and e-mail address of a user specified by a userId.
95 If the pretty name is not part of the database, reuse the userId field.
96 If the e-mail address is not part of the database, use a constant like '' or null.
97
98 Example:
99 {{code language="none"}}SELECT USERID, PASSWORD, USERNAME, EMAIL FROM USERS WHERE USERID=?{{/code}}
100 )))
101 |(((
102 {{code language="none"}}
103 usersByGroupIdQuery
104 {{/code}}
105 )))|(((
106 Required non-empty for //getGroupMembers// feature.
107
108 SQL template for a prepared statement to query the user IDs, user names and e-mail-addresses of the members of the group specified by a groupId.
109
110 Example:
111 {{code language="none"}}SELECT u.USERID, u.USERNAME, u.EMAIL FROM GROUPS AS g, USERS AS u, GROUPMEMBERSHIPS AS m WHERE g.GROUPID=? AND m.GROUP_ID = g.ID AND u.ID = m.USER_ID{{/code}}
112 )))
113
114 == {{id name="Configuringorg.clazzes.login.sql1.0to1.1-Databaseaccessconfiguration"/}}Database access configuration ==
115
116 These becomes totally obsolete with version 1.2.
117
118 |=(((
119 (% class="tablesorter-header-inner" %)
120 (((
121 Key
122 )))
123 )))|=(((
124 (% class="tablesorter-header-inner" %)
125 (((
126 Description
127 )))
128 )))
129 |(((
130 {{code language="none"}}
131 jdbcPassword
132 {{/code}}
133 )))|(((
134 Should be self explanatory 😉️
135 )))
136 |(((
137 {{code language="none"}}
138 jdbcUrl
139 {{/code}}
140 )))|(((
141 For examples look at our [[doc:KH.Database Tips.JDBC Snippets.WebHome]]
142 )))
143 |(((
144 {{code language="none"}}
145 jdbcUser
146 {{/code}}
147 )))|(((
148 Should be self explanatory 😉️
149 )))
150 |(((
151 {{code language="none"}}
152 validationQuery
153 {{/code}}
154 )))|(((
155 For proposals look at our [[doc:KH.Database Tips.JDBC Snippets.WebHome]]
156 )))
157 )))