Skip to Content
Version 1.1 by christoph_lechleitner@iteg_at on 2013-07-15 01.29:14
Show last authors
1 = {{id name="Configuringorg.clazzes.login.sql1.2+-Configurationofsql-login-service1.2"/}}Configuration of sql-login-service 1.2 =
2
3 The SQL login service may be configured using the OSGi configuration PID {{code language="none"}}org.clazzes.login.sql{{/code}} using the configuration values shown in the table below.
4
5 Beginning with the version 1.1.0 (released 2013-02-13), all query strings default to the database structure used by the upcoming [[SDS (SQL Directory Service)>>doc:LOGIN.SDS (SQL Directory Service).WebHome]] bundle. When using another database structure that does not allow some of the queries, it is important set those configuration values to empty strings; deleting them will not help because default values would kick in right away.
6
7 Results of list queries (group memberships, group members) are sorted naturally in the Java layer, so there is no need to use ORDER BY clauses. ORDER BY clauses often provoke temporary tables and filesort, which is quite expensive for queries used quite often.
8
9 == {{id name="Configuringorg.clazzes.login.sql1.2+-Globalconfigurationdirectives"/}}Global configuration directives ==
10
11 |=(((
12 (% class="tablesorter-header-inner" %)
13 (((
14 Key
15 )))
16 )))|=(((
17 (% class="tablesorter-header-inner" %)
18 (((
19 Description
20 )))
21 )))
22 |(((
23 {{code language="none"}}
24 defaultDomain
25 {{/code}}
26 )))|(((
27 Optional. Defaults to an empty string.
28 )))
29
30 == {{id name="Configuringorg.clazzes.login.sql1.2+-Per-Domainconfigurationdirectives"/}}Per-Domain configuration directives ==
31
32 Starting with version 1.2.0 sql-login-service supports multiple authentication domains, and therefore began to introduce authentication domain in the names of configuration keys.
33
34 The current approach presumes that one database usually provides authentication data for one authentication domain. Support for databases maintaining multiple authentication domains (in one database) might be added in the future (see [[LOGIN-11>>url:https://jira.clazzes.org/browse/LOGIN-11||shape="rect"]]), but I do not believe multi-domain-databases even exist outside the LDAP/ADS world.
35
36 (% class="wiki-content" %)
37 (((
38
39
40 |=(((
41 (% class="tablesorter-header-inner" %)
42 (((
43 Key
44 )))
45 )))|=(((
46 (% class="tablesorter-header-inner" %)
47 (((
48 Description
49 )))
50 )))
51 |(((
52 {{code language="none"}}
53 domain.<domain>.dataSourceName
54 {{/code}}
55 )))|(((
56 Required. Introduced with 1.2.0.
57
58 Name of the [[JDBC-Provider>>doc:UTIL.Multi-DataSource pooling with JDBC-Provider.WebHome]]'s DataSource that provides access to the database containing the authentication data for this authentication domain.
59
60 Example: {{code language="none"}}domain.MYAUTHDOMAIN.dataSourceName = MYDATASOURCE{{/code}}
61 )))
62 |(((
63 {{code language="none"}}
64 domain.<domain>.deactivateUserStatement
65 {{/code}}
66 )))|(((
67 Required non-empty for //deactivateUser// feature.
68
69 SQL template for a prepared statement to deactivate a user.
70
71 Default, appropriate for SDS' tables:
72 {{code language="none"}}UPDATE USERS SET PASSWORD='{disabled}' WHERE USERID=?{{/code}}
73 )))
74 |(((
75 {{code language="none"}}
76 domain.<domain>.groupsByUserIdQuery
77 {{/code}}
78 )))|(((
79 Required non-empty for //getGroups// feature.
80
81 SQL template for a prepared statement to query the group IDs and group names of the groups of which the user specified by a userId is a member.
82
83 Default, appropriate for SDS' tables:
84 {{code language="none"}}SELECT g.GROUPID, g.GROUPNAME FROM GROUPS AS g, USERS AS u, GROUPMEMBERSHIPS AS m WHERE u.USERID='?' AND m.USER_ID = u.ID AND g.ID = m.GROUP_ID{{/code}}
85 )))
86 |(((
87 {{code language="none"}}
88 domain.<domain>.defaultPasswordAlgorithm
89 {{/code}}
90 )))|(((
91 Optional. Defaults to {{code language="none"}}crypt{{/code}}
92
93 Values supported so far: {{code language="none"}}crypt{{/code}}, {{code language="none"}}ssha1{{/code}}, {{code language="none"}}plain{{/code}}.
94
95 Password fields may contain:
96
97 * the password encrypted using the default password algorithm, or
98 * a LDAP style algorithm prefix and the password encrypted with the algorithm specified in the prefix. Example: {{code language="none"}}{PLAIN}badPassword{{/code}}
99 )))
100 |(((
101 {{code language="none"}}
102 domain.<domain>.setUserPasswordStatement
103 {{/code}}
104 )))|(((
105 Required non-empty for //changePassword// feature.
106
107 SQL template for a prepared statement to set a new password for the user.
108
109 Default, appropriate for SDS' tables:
110 {{code language="none"}}UPDATE USERS SET PASSWORD=? WHERE USERID=?{{/code}}
111 )))
112 |(((
113 {{code language="none"}}
114 domain.<domain>.userByUserIdQuery
115 {{/code}}
116 )))|(((
117 SQL template for a prepared statement to query userId, encrypted password, pretty name and e-mail address of a user specified by a userId.
118 If the pretty name is not part of the database, reuse the userId field.
119 If the e-mail address is not part of the database, use a constant like '' or null.
120
121 Example:
122 {{code language="none"}}SELECT USERID, PASSWORD, USERNAME, EMAIL FROM USERS WHERE USERID=?{{/code}}
123 )))
124 |(((
125 {{code language="none"}}
126 domain.<domain>.usersByGroupIdQuery
127 {{/code}}
128 )))|(((
129 Required non-empty for //getGroupMembers// feature.
130
131 SQL template for a prepared statement to query the user IDs, user names and e-mail-addresses of the members of the group specified by a groupId.
132
133 Example:
134 {{code language="none"}}SELECT u.USERID, u.USERNAME, u.EMAIL FROM GROUPS AS g, USERS AS u, GROUPMEMBERSHIPS AS m WHERE g.GROUPID=? AND m.GROUP_ID = g.ID AND u.ID = m.USER_ID{{/code}}
135 )))
136 )))