http://download.igniterealtime.org/openfire/docs/latest/documentation/db-integration-guide.html

Introduction

This document provides instructions for integrating Openfire authentication, users, and groups with your custom database tables. This is useful when your users already have accounts in an external system and you do not wish to duplicate those accounts in Openfire. If your user information is available via an LDAP directory rather than custom database tables, see the LDAP guide.

Simple integration with a custom database lets users authenticate using their existing username and password. Optionally, you can configure Openfire to load user profile and group information from your custom database. Any group in Openfire can be designated as a shared group, which means that you can pre-populate user's rosters using groups.

Background

The integration requires that you enter customized database queries to access your database. You'll need to be familiar with your database table structure and simple SQL. Your custom database can be a different database on a different server from the Openfire database -- you'll enter database connection information as part of the configuration.

Configuration

In order to configure your server to integrate with your custom database tables:

  1. Stop Openfire.
  2. Edit conf/openfire.xml in your Openfire installation folder as described below using your favorite editor.
  3. Restart Openfire.

Database Connection Settings

You must specify the connection string for your database as well as the JDBC driver.

  • jdbcProvider.driver -- the class name of the JDBC driver used to connect to your custom database. The driver must also be in the Openfire classpath (for example, by placing it into the "lib/" directory of your Openfire installation. See the database guide for common driver names for major databases.
  • jdbcProvider.connectionString -- the full connection string for the database. Please consult your database driver documentation for syntax. Warning: it's common for connection string to contain "&" characters. That character has special meaning in XML, so you should escape it using "&".

Below is a sample config file section (note: the "..." sections in the examples indicate areas where the rest of the config file would exist):

<jive>

  ...

  <jdbcProvider>

    <driver>com.mysql.jdbc.Driver</driver>

    <connectionString>jdbc:mysql://localhost/dbname?user=username&amp;password=secret</connectionString>

  </jdbcProvider>

  ...

</jive>

Authentication Integration

The simplest possible integration with a custom external database is authentication integration. Use the following settings to enable authentication integration.

  • provider.auth.className -- set the value to org.jivesoftware.openfire.auth.JDBCAuthProvider.
  • jdbcAuthProvider.passwordSQL -- the SQL String to select a user's password. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcAuthProvider.passwordType -- the type of the password. Valid values are
    • "plain" (the password is stored as plain text)
    • "md5" (the password is stored as a hex-encoded MD5 hash)
    • "sha1" (the password is stored as a hex-encoded SHA-1 hash)
    • "sha256" (the password is stored as a hex-encoded SHA-256 hash)
    • "sha512" (the password is stored as a hex-encoded SHA-512 hash)

    If this value is not set, the password type is assumed to be plain.

Below is a sample config file section:

<jive>

  ...

  <provider>

    <auth>

      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>

    </auth>

  </provider>

  <jdbcAuthProvider>

     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>

     <passwordType>plain</passwordType>

   </jdbcAuthProvider>

   ...

  </jive>

You'll most likely want to change which usernames are authorized to login to the admin console. By default, only the user with username "admin" is allowed to login. However, you may have different users in your LDAP directory that you'd like to be administrators. The list of authorized usernames is controlled via the admin.authorizedUsernames property. For example, to let the usersnames "joe" and "jane" login to the admin console:

    <jive>

      ...

      <admin>

        ...

        <authorizedUsernames>joe, jane</authorizedUsernames>

      </admin>

      ...

    </jive>

Another option is to use an AdminProvider. AdminProvider instances are responsible for listing the administrators users dynamically. The default use the authorizedUsernames setting previously explained. JDBCAdminProvider allows to list the administrators from a SQL query. For example:

<jive>

  ...

  <provider>

    ...

    <admin>

      <className>org.jivesoftware.openfire.admin.JDBCAdminProvider</className>

    </admin>

    ...

  </provider>

  <jdbcAdminProvider>

    <getAdminsSQL>SELECT userid FROM user_account WHERE administrator='Y'</getAdminsSQL>

  </jdbcAdminProvider>

  ...

</jive>

User Integration

Optionally, Openfire can load user data from your custom database. If you enable user integration you must also enable authentication integration (see above). Use the following settings to enable user integration.

  • provider.user.className -- set the value to org.jivesoftware.openfire.user.JDBCUserProvider.
  • jdbcUserProvider.loadUserSQL -- the SQL statement to load the name and email address of a user (in that order) given a username. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcUserProvider.userCountSQL -- the SQL statement to load the total number of users in the database.
  • jdbcUserProvider.allUsersSQL -- the SQL statement to load all usernames in the database.
  • jdbcUserProvider.searchSQL -- the SQL statement fragment used to search your database for users. the statement should end with "WHERE" -- the username, name, and email fields will then be dynamically appended to the statement depending on the search. If this value is not set, searching will not be enabled.
  • usernameField -- the name of the username database field, which will be used for searches.
  • nameField -- the name of the name database field, which will be used for searches.
  • emailField -- the name of the email database field, which will be used for searches.

Below is a sample config file section. Note that the single provider section must include all providers that should be configured:

<jive>

  ...

  <provider>

    <auth>

      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>

    </auth>

    <user>

      <className>org.jivesoftware.openfire.user.JDBCUserProvider</className>

    </user>

  </provider>

  <jdbcAuthProvider>

     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>

     <passwordType>plain</passwordType>

  </jdbcAuthProvider>

  <jdbcUserProvider>

     <loadUserSQL>SELECT name,email FROM myUser WHERE username=?</loadUserSQL>

     <userCountSQL>SELECT COUNT(*) FROM myUser</userCountSQL>

     <allUsersSQL>SELECT username FROM myUser</allUsersSQL>

     <searchSQL>SELECT username FROM myUser WHERE</searchSQL>

     <usernameField>username</usernameField>

     <nameField>name</nameField>

     <emailField>email</emailField>

  </jdbcUserProvider>

   ...

 </jive>

Group Integration

Openfire can load group data from your custom database. If you enable group integration you must also enable authentication integration; you'll also likely want to enable user integration (see above). Use the following settings to enable group integration.

  • provider.group.className -- set the value to org.jivesoftware.openfire.group.JDBCGroupProvider.
  • jdbcGroupProvider.groupCountSQL -- the SQL statement to load the total number of groups in the database.
  • jdbcGroupProvider.allGroupsSQL -- the SQL statement to load all groups in the database.
  • jdbcGroupProvider.userGroupsSQL -- the SQL statement to load all groups for a particular user. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcGroupProvider.descriptionSQL -- the SQL statement to load the description of a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.
  • jdbcGroupProvider.loadMembersSQL -- the SQL statement to load all members in a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.
  • jdbcGroupProvider.loadAdminsSQL -- the SQL statement to load all administrators in a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.

Below is a sample config file section. Note that the single provider section must include all providers that should be configured:

<jive>

  ...

  <provider>

    <auth>

      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>

    </auth>

    <user>

      <className>org.jivesoftware.openfire.user.JDBCUserProvider</className>

    </user>

    <group>

      <className>org.jivesoftware.openfire.group.JDBCGroupProvider</className>

    </group>

  </provider>

  <jdbcAuthProvider>

     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>

     <passwordType>plain</passwordType>

  </jdbcAuthProvider>

  <jdbcUserProvider>

     <loadUserSQL>SELECT name,email FROM myUser WHERE username=?</loadUserSQL>

     <userCountSQL>SELECT COUNT(*) FROM myUser</userCountSQL>

     <allUsersSQL>SELECT username FROM myUser</allUsersSQL>

     <searchSQL>SELECT username FROM myUser WHERE</searchSQL>

     <usernameField>username</usernameField>

     <nameField>name</nameField>

     <emailField>email</emailField>

  </jdbcUserProvider>

  <jdbcGroupProvider>

       <groupCountSQL>SELECT count(*) FROM myGroups</groupCountSQL>

       <allGroupsSQL>SELECT groupName FROM myGroups</allGroupsSQL>

       <userGroupsSQL>SELECT groupName FROM myGroupUsers WHERE username=?</userGroupsSQL>

       <descriptionSQL>SELECT groupDescription FROM myGroups WHERE groupName=?</descriptionSQL>

       <loadMembersSQL>SELECT username FROM myGroupUsers WHERE groupName=? AND isAdmin='N'</loadMembersSQL>

       <loadAdminsSQL>SELECT username FROM myGroupUsers WHERE groupName=? AND isAdmin='Y'</loadAdminsSQL>

  </jdbcGroupProvider>

  ...

</jive>

openfire 使用已有的数据库作为用户认证数据库 Custom Database Integration Guide的更多相关文章

  1. openfire当中的Custom Database Integration Guide的配置

    openfire官网配置的链接为:Custom Database Integration Guide 按照上面的步骤一步步配置在xml当中,发现始终不起作用,最后在stackoverflow找到的链接 ...

  2. Spring Security笔记:使用数据库进行用户认证(form login using database)

    在前一节,学习了如何自定义登录页,但是用户名.密码仍然是配置在xml中的,这样显然太非主流,本节将学习如何把用户名/密码/角色存储在db中,通过db来实现用户认证 一.项目结构 与前面的示例相比,因为 ...

  3. Docker Mongo数据库开启用户认证

    一.启动mongo容器的几种方式 #简化版 docker run --name mongo1 -p 21117:27017 -d mongo --noprealloc --smallfiles #自定 ...

  4. SpringSecurity学习之基于数据库的用户认证

    SpringSecurity给我们提供了一套最基本的认证方式,可是这种方式远远不能满足大多数系统的需求.不过好在SpringSecurity给我们预留了许多可扩展的接口给我们,我们可以基于这些接口实现 ...

  5. sql server登录名、服务器角色、数据库用户、数据库角色、架构区别联系

    原创链接:https://www.cnblogs.com/lxf1117/p/6762315.html sql server登录名.服务器角色.数据库用户.数据库角色.架构区别联系 1.一个数据库用户 ...

  6. 阶段5 3.微服务项目【学成在线】_day17 用户认证 Zuul_02-用户认证-认证服务查询数据库-需求分析&搭建环境

    1.2 认证服务查询数据库 1.2.1 需求分析 认证服务根据数据库中的用户信息去校验用户的身份,即校验账号和密码是否匹配. 认证服务不直接连接数据库,而是通过用户中心服务去查询用户中心数据库. 完整 ...

  7. Nodejs之MEAN栈开发(八)---- 用户认证与会话管理详解

    用户认证与会话管理基本上是每个网站必备的一个功能.在Asp.net下做的比较多,大体的思路都是先根据用户提供的用户名和密码到数据库找到用户信息,然后校验,校验成功之后记住用户的姓名和相关信息,这个信息 ...

  8. Django 中的用户认证

    Django 自带一个用户认证系统,这个系统处理用户帐户.组.权限和基于 cookie 的 会话.本文说明这个系统是如何工作的. 概览 认证系统由以下部分组成: 用户 权限:控制用户进否可以执行某项任 ...

  9. Tornado web.authenticated 用户认证浅析

    在Web服务中会有用户登录后的一系列操作, 如果一个客户端的http请求要求是用户登录后才能做得操作, 那么 Web服务器接收请求时需要判断该请求里带的数据是否有用户认证的信息. 使用Tornado框 ...

随机推荐

  1. 实践jQuery Easyui后本地化有感

    这个星期在忙着easyui的例子中的大部分功能的本地化.一开始给我的感觉就是把jquery easyui中的每个demo的代码粘贴复制一遍. 可是,真正在做的过程中,我才发现,我错了. 在仿写easy ...

  2. PyQt的QString 和 QStringList

    在Qt的C++实现中的QString 和 QStringList 在Python的实现中等效替换为 "str1" 和 ["str1","str2&qu ...

  3. hrbustoj 1306:再遇攻击(计算几何,判断点是否在多边形内,水题)

    再遇攻击 Time Limit: 1000 MS    Memory Limit: 65536 K Total Submit: 253(37 users)   Total Accepted: 56(2 ...

  4. RabbitMQ之Queues-5

    工作队列的主要任务是:避免立刻执行资源密集型任务,然后必须等待其完成.相反地,我们进行任务调度:我们把任务封装为消息发送给队列.工作进行在后台运行并不断的从队列中取出任务然后执行.当你运行了多个工作进 ...

  5. VS工程目录下的ipch文件夹和.sdf文件

    Visual Studio 2010工程目录下的ipch文件夹和.sdf文件 - web8 - 博客园http://www.cnblogs.com/web100/archive/2012/12/21/ ...

  6. 学习《深入理解C#》—— 数据类型、排序和过滤 (第一章1.1---1.2)

    引言 在开始看这本书之前看过一些技术博客,填补自己对于一些知识点的不足.无意中发现了<深入理解C#>这本书,本书主要探讨C# 2.C# 3和C# 4的细节与特性,所以做了一下阅读笔记,欢迎 ...

  7. 使用binlog日志还原数据详解

    1)看一下你的mysql服务器有没开启binlog日志(ON为开启,OFF为未开启) show variables like 'log_bin'; 2)找到你的binlog文件在哪 登录 mysql ...

  8. 将java项目发布到本地的linux虚拟机上

    1.首先安装虚拟机,这里就不介绍了. 2.然后要我下载了一个WinSCP用于windows和虚拟机之间的文件传输. 首先获得虚拟机的ip: 必须保持连接, 如果断开ip就是这样的 3.传输文件 将jd ...

  9. Django学习笔记第七篇--实战练习三--关于更有层级的url请求、404错误以及其他响应函数

    一.关于更有层级的URL: 可以实现每一个APP一个子URL目录,例如app1的所有操作都在http://www.localhost1.com:5443/app1/xxxx 在工程主文件夹下的工程同名 ...

  10. 【BZOJ2699】更新 动态规划

    [BZOJ2699]更新 Description        对于一个数列A[1..N],一种寻找最大值的方法是:依次枚举A[2]到A[N],如果A[i]比当前的A[1]值要大,那么就令A[1]=A ...