openfire 使用已有的数据库作为用户认证数据库 Custom Database Integration Guide「建议收藏」

openfire 使用已有的数据库作为用户认证数据库 Custom Database Integration Guide

大家好,又见面了,我是全栈君。

http://download.igniterealtime.org/openfire/docs/latest/documentation/db-integration-guide.html

 

Introduction

This document provides instructions for integrating Openfire authentication, users, and groups with your custom database tables. This is useful when your users already have accounts in an external system and you do not wish to duplicate those accounts in Openfire. If your user information is available via an LDAP directory rather than custom database tables, see the LDAP guide.

Simple integration with a custom database lets users authenticate using their existing username and password. Optionally, you can configure Openfire to load user profile and group information from your custom database. Any group in Openfire can be designated as a shared group, which means that you can pre-populate user’s rosters using groups.

Background

The integration requires that you enter customized database queries to access your database. You’ll need to be familiar with your database table structure and simple SQL. Your custom database can be a different database on a different server from the Openfire database — you’ll enter database connection information as part of the configuration.

Configuration

In order to configure your server to integrate with your custom database tables:

  1. Stop Openfire.
  2. Edit conf/openfire.xml in your Openfire installation folder as described below using your favorite editor.
  3. Restart Openfire.

Database Connection Settings

You must specify the connection string for your database as well as the JDBC driver.

  • jdbcProvider.driver — the class name of the JDBC driver used to connect to your custom database. The driver must also be in the Openfire classpath (for example, by placing it into the “lib/” directory of your Openfire installation. See the database guide for common driver names for major databases.
  • jdbcProvider.connectionString — the full connection string for the database. Please consult your database driver documentation for syntax. Warning: it’s common for connection string to contain “&” characters. That character has special meaning in XML, so you should escape it using “&”.

Below is a sample config file section (note: the “…” sections in the examples indicate areas where the rest of the config file would exist):

<jive>
  ...
  <jdbcProvider>
    <driver>com.mysql.jdbc.Driver</driver>
    <connectionString>jdbc:mysql://localhost/dbname?user=username&amp;password=secret</connectionString>
  </jdbcProvider>
  ...
</jive>

Authentication Integration

The simplest possible integration with a custom external database is authentication integration. Use the following settings to enable authentication integration.

  • provider.auth.className — set the value to org.jivesoftware.openfire.auth.JDBCAuthProvider.
  • jdbcAuthProvider.passwordSQL — the SQL String to select a user’s password. The SQL statement should contain a single “?” character, which will be dynamically replaced with a username when being executed.
  • jdbcAuthProvider.passwordType — the type of the password. Valid values are
    • “plain” (the password is stored as plain text)
    • “md5” (the password is stored as a hex-encoded MD5 hash)
    • “sha1” (the password is stored as a hex-encoded SHA-1 hash)
    • “sha256” (the password is stored as a hex-encoded SHA-256 hash)
    • “sha512” (the password is stored as a hex-encoded SHA-512 hash)

    If this value is not set, the password type is assumed to be plain.

Below is a sample config file section:

<jive>
  ...
  <provider>
    <auth>
      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>
    </auth>
  </provider>
  <jdbcAuthProvider>
     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>
     <passwordType>plain</passwordType>
   </jdbcAuthProvider>
   ...
  </jive>

You’ll most likely want to change which usernames are authorized to login to the admin console. By default, only the user with username “admin” is allowed to login. However, you may have different users in your LDAP directory that you’d like to be administrators. The list of authorized usernames is controlled via the admin.authorizedUsernames property. For example, to let the usersnames “joe” and “jane” login to the admin console:

    <jive>
      ...
      <admin>
        ...
        <authorizedUsernames>joe, jane</authorizedUsernames>
      </admin>

      ...
    </jive>

Another option is to use an AdminProvider. AdminProvider instances are responsible for listing the administrators users dynamically. The default use the authorizedUsernames setting previously explained. JDBCAdminProvider allows to list the administrators from a SQL query. For example:

<jive>
  ...
  <provider>
    ...
    <admin>
      <className>org.jivesoftware.openfire.admin.JDBCAdminProvider</className>
    </admin>
    ...
  </provider>
  <jdbcAdminProvider>
    <getAdminsSQL>SELECT userid FROM user_account WHERE administrator='Y'</getAdminsSQL>
  </jdbcAdminProvider>
  ...
</jive>

User Integration

Optionally, Openfire can load user data from your custom database. If you enable user integration you must also enable authentication integration (see above). Use the following settings to enable user integration.

  • provider.user.className — set the value to org.jivesoftware.openfire.user.JDBCUserProvider.
  • jdbcUserProvider.loadUserSQL — the SQL statement to load the name and email address of a user (in that order) given a username. The SQL statement should contain a single “?” character, which will be dynamically replaced with a username when being executed.
  • jdbcUserProvider.userCountSQL — the SQL statement to load the total number of users in the database.
  • jdbcUserProvider.allUsersSQL — the SQL statement to load all usernames in the database.
  • jdbcUserProvider.searchSQL — the SQL statement fragment used to search your database for users. the statement should end with “WHERE” — the username, name, and email fields will then be dynamically appended to the statement depending on the search. If this value is not set, searching will not be enabled.
  • usernameField — the name of the username database field, which will be used for searches.
  • nameField — the name of the name database field, which will be used for searches.
  • emailField — the name of the email database field, which will be used for searches.

Below is a sample config file section. Note that the single provider section must include all providers that should be configured:

<jive>
  ...
  <provider>
    <auth>
      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>
    </auth>
    <user>
      <className>org.jivesoftware.openfire.user.JDBCUserProvider</className>
    </user>
  </provider>
  <jdbcAuthProvider>
     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>
     <passwordType>plain</passwordType>
  </jdbcAuthProvider>
  <jdbcUserProvider>
     <loadUserSQL>SELECT name,email FROM myUser WHERE username=?</loadUserSQL>
     <userCountSQL>SELECT COUNT(*) FROM myUser</userCountSQL>
     <allUsersSQL>SELECT username FROM myUser</allUsersSQL>
     <searchSQL>SELECT username FROM myUser WHERE</searchSQL>
     <usernameField>username</usernameField>
     <nameField>name</nameField>
     <emailField>email</emailField>
  </jdbcUserProvider>
   ...
 </jive>

Group Integration

Openfire can load group data from your custom database. If you enable group integration you must also enable authentication integration; you’ll also likely want to enable user integration (see above). Use the following settings to enable group integration.

  • provider.group.className — set the value to org.jivesoftware.openfire.group.JDBCGroupProvider.
  • jdbcGroupProvider.groupCountSQL — the SQL statement to load the total number of groups in the database.
  • jdbcGroupProvider.allGroupsSQL — the SQL statement to load all groups in the database.
  • jdbcGroupProvider.userGroupsSQL — the SQL statement to load all groups for a particular user. The SQL statement should contain a single “?” character, which will be dynamically replaced with a username when being executed.
  • jdbcGroupProvider.descriptionSQL — the SQL statement to load the description of a group. The SQL statement should contain a single “?” character, which will be dynamically replaced with a group name when being executed.
  • jdbcGroupProvider.loadMembersSQL — the SQL statement to load all members in a group. The SQL statement should contain a single “?” character, which will be dynamically replaced with a group name when being executed.
  • jdbcGroupProvider.loadAdminsSQL — the SQL statement to load all administrators in a group. The SQL statement should contain a single “?” character, which will be dynamically replaced with a group name when being executed.

Below is a sample config file section. Note that the single provider section must include all providers that should be configured:

<jive>
  ...
  <provider>
    <auth>
      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>
    </auth>
    <user>
      <className>org.jivesoftware.openfire.user.JDBCUserProvider</className>
    </user>
    <group>
      <className>org.jivesoftware.openfire.group.JDBCGroupProvider</className>
    </group>
  </provider>
  <jdbcAuthProvider>
     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>
     <passwordType>plain</passwordType>
  </jdbcAuthProvider>
  <jdbcUserProvider>
     <loadUserSQL>SELECT name,email FROM myUser WHERE username=?</loadUserSQL>
     <userCountSQL>SELECT COUNT(*) FROM myUser</userCountSQL>
     <allUsersSQL>SELECT username FROM myUser</allUsersSQL>
     <searchSQL>SELECT username FROM myUser WHERE</searchSQL>
     <usernameField>username</usernameField>
     <nameField>name</nameField>
     <emailField>email</emailField>
  </jdbcUserProvider>
  <jdbcGroupProvider>
       <groupCountSQL>SELECT count(*) FROM myGroups</groupCountSQL>
       <allGroupsSQL>SELECT groupName FROM myGroups</allGroupsSQL>
       <userGroupsSQL>SELECT groupName FROM myGroupUsers WHERE username=?</userGroupsSQL>
       <descriptionSQL>SELECT groupDescription FROM myGroups WHERE groupName=?</descriptionSQL>
       <loadMembersSQL>SELECT username FROM myGroupUsers WHERE groupName=? AND isAdmin='N'</loadMembersSQL>
       <loadAdminsSQL>SELECT username FROM myGroupUsers WHERE groupName=? AND isAdmin='Y'</loadAdminsSQL>
  </jdbcGroupProvider>
  ...
</jive>

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/108466.html原文链接:https://javaforall.cn

【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛

【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...

(0)


相关推荐

  • scipy安装失败

    scipy安装失败pipinstallscipy安装失败可以从uci网站下载wheel安装包然后执行pipinstallxx.whl进行安装http://www.lfd.uci.edu/~gohlke/pythonlibs/#scipy转载于:https://www.cnblogs.com/timlong/p/6068370.html…

  • mybatis log plugin 激活码[最新免费获取][通俗易懂]

    (mybatis log plugin 激活码)这是一篇idea技术相关文章,由全栈君为大家提供,主要知识点是关于2021JetBrains全家桶永久激活码的内容IntelliJ2021最新激活注册码,破解教程可免费永久激活,亲测有效,下面是详细链接哦~https://javaforall.cn/100143.html1M3Q9SD5XW-eyJsa…

  • matlab 画图的颜色

    matlab 画图的颜色plot函数代表不同颜色的标示符一共有八种:y:黄色;k:黑色;w:白色;b:蓝色;g:绿色;r:红色;c:亮青色;m:锰紫色;其他的就要自己设定了,‘color’,[000];三原色你值得拥有;…

  • SVM——支持向量回归(SVR)[通俗易懂]

    SVM——支持向量回归(SVR)[通俗易懂]1、支持向量回归的原始问题先来看看SVM线性支持向量机(软间隔)的原始问题:其中ξi是松弛变量,但它实际上是hinge(合页)损失函数,所以ξi也作为对应的点(xi,yi)的损失,如下图所示:当点(xi,yi)位于间隔面上或者间隔面之外(这两种都是正确分类的情况)则ξi=0,若点(xi,yi)位于分割面上或者正确分类且位于间隔面之内或者位于分错的那一侧,这三种情况都是有损失的,损失…

  • aop 实现原理_简述aop的原理

    aop 实现原理_简述aop的原理概述:最近在开发中遇到了一个刚好可以用AOP实现的例子,就顺便研究了AOP的实现原理,把学习到的东西进行一个总结。文章中用到的编程语言为kotlin,需要的可以在IDEA中直接转为java。这篇文章将会按照如下目录展开:AOP简介 代码中实现举例 AOP实现原理 部分源码解析1.AOP简介相信大家或多或少的了解过AOP,都知道它是面向切面编程,在网上搜索可以找到很多的解释。…

  • 想入行3D游戏建模,看我这个你还敢想吗?

    想入行3D游戏建模,看我这个你还敢想吗?所有行业都是一样的,没有什么容易的,只不过这一行是偏向于技术的,一个有好的建模师月薪10k+是很常见的,这个需要有自己刻苦学习的成果。游戏建模前景在游戏模型行业,你基本不用担心找不到工作,因为游戏模型师人才缺口非常大。举个例子:游戏制作公司的人员配比大多数是这样的:比如100人的三维制作组,可能有60人在做模型贴图,10个人在K动画。只要你保证技能在手,一定是抢手的人才。在几年前游戏建模这个行业不仅仅缺人才,甚至连新手都非常稀缺,那个时候公司愿意招聘实习生,培养他们然后给公司干活,但是工资一定不会给开的很

发表回复

您的电子邮箱地址不会被公开。

关注全栈程序员社区公众号