http://download.igniterealtime.org/openfire/docs/latest/documentation/db-integration-guide.html

Introduction

This document provides instructions for integrating Openfire authentication, users, and groups with your custom database tables. This is useful when your users already have accounts in an external system and you do not wish to duplicate those accounts in Openfire. If your user information is available via an LDAP directory rather than custom database tables, see the LDAP guide.

Simple integration with a custom database lets users authenticate using their existing username and password. Optionally, you can configure Openfire to load user profile and group information from your custom database. Any group in Openfire can be designated as a shared group, which means that you can pre-populate user's rosters using groups.

Background

The integration requires that you enter customized database queries to access your database. You'll need to be familiar with your database table structure and simple SQL. Your custom database can be a different database on a different server from the Openfire database -- you'll enter database connection information as part of the configuration.

Configuration

In order to configure your server to integrate with your custom database tables:

  1. Stop Openfire.
  2. Edit conf/openfire.xml in your Openfire installation folder as described below using your favorite editor.
  3. Restart Openfire.

Database Connection Settings

You must specify the connection string for your database as well as the JDBC driver.

  • jdbcProvider.driver -- the class name of the JDBC driver used to connect to your custom database. The driver must also be in the Openfire classpath (for example, by placing it into the "lib/" directory of your Openfire installation. See the database guide for common driver names for major databases.
  • jdbcProvider.connectionString -- the full connection string for the database. Please consult your database driver documentation for syntax. Warning: it's common for connection string to contain "&" characters. That character has special meaning in XML, so you should escape it using "&".

Below is a sample config file section (note: the "..." sections in the examples indicate areas where the rest of the config file would exist):

<jive>

  ...

  <jdbcProvider>

    <driver>com.mysql.jdbc.Driver</driver>

    <connectionString>jdbc:mysql://localhost/dbname?user=username&amp;password=secret</connectionString>

  </jdbcProvider>

  ...

</jive>

Authentication Integration

The simplest possible integration with a custom external database is authentication integration. Use the following settings to enable authentication integration.

  • provider.auth.className -- set the value to org.jivesoftware.openfire.auth.JDBCAuthProvider.
  • jdbcAuthProvider.passwordSQL -- the SQL String to select a user's password. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcAuthProvider.passwordType -- the type of the password. Valid values are
    • "plain" (the password is stored as plain text)
    • "md5" (the password is stored as a hex-encoded MD5 hash)
    • "sha1" (the password is stored as a hex-encoded SHA-1 hash)
    • "sha256" (the password is stored as a hex-encoded SHA-256 hash)
    • "sha512" (the password is stored as a hex-encoded SHA-512 hash)

    If this value is not set, the password type is assumed to be plain.

Below is a sample config file section:

<jive>

  ...

  <provider>

    <auth>

      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>

    </auth>

  </provider>

  <jdbcAuthProvider>

     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>

     <passwordType>plain</passwordType>

   </jdbcAuthProvider>

   ...

  </jive>

You'll most likely want to change which usernames are authorized to login to the admin console. By default, only the user with username "admin" is allowed to login. However, you may have different users in your LDAP directory that you'd like to be administrators. The list of authorized usernames is controlled via the admin.authorizedUsernames property. For example, to let the usersnames "joe" and "jane" login to the admin console:

    <jive>

      ...

      <admin>

        ...

        <authorizedUsernames>joe, jane</authorizedUsernames>

      </admin>

      ...

    </jive>

Another option is to use an AdminProvider. AdminProvider instances are responsible for listing the administrators users dynamically. The default use the authorizedUsernames setting previously explained. JDBCAdminProvider allows to list the administrators from a SQL query. For example:

<jive>

  ...

  <provider>

    ...

    <admin>

      <className>org.jivesoftware.openfire.admin.JDBCAdminProvider</className>

    </admin>

    ...

  </provider>

  <jdbcAdminProvider>

    <getAdminsSQL>SELECT userid FROM user_account WHERE administrator='Y'</getAdminsSQL>

  </jdbcAdminProvider>

  ...

</jive>

User Integration

Optionally, Openfire can load user data from your custom database. If you enable user integration you must also enable authentication integration (see above). Use the following settings to enable user integration.

  • provider.user.className -- set the value to org.jivesoftware.openfire.user.JDBCUserProvider.
  • jdbcUserProvider.loadUserSQL -- the SQL statement to load the name and email address of a user (in that order) given a username. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcUserProvider.userCountSQL -- the SQL statement to load the total number of users in the database.
  • jdbcUserProvider.allUsersSQL -- the SQL statement to load all usernames in the database.
  • jdbcUserProvider.searchSQL -- the SQL statement fragment used to search your database for users. the statement should end with "WHERE" -- the username, name, and email fields will then be dynamically appended to the statement depending on the search. If this value is not set, searching will not be enabled.
  • usernameField -- the name of the username database field, which will be used for searches.
  • nameField -- the name of the name database field, which will be used for searches.
  • emailField -- the name of the email database field, which will be used for searches.

Below is a sample config file section. Note that the single provider section must include all providers that should be configured:

<jive>

  ...

  <provider>

    <auth>

      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>

    </auth>

    <user>

      <className>org.jivesoftware.openfire.user.JDBCUserProvider</className>

    </user>

  </provider>

  <jdbcAuthProvider>

     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>

     <passwordType>plain</passwordType>

  </jdbcAuthProvider>

  <jdbcUserProvider>

     <loadUserSQL>SELECT name,email FROM myUser WHERE username=?</loadUserSQL>

     <userCountSQL>SELECT COUNT(*) FROM myUser</userCountSQL>

     <allUsersSQL>SELECT username FROM myUser</allUsersSQL>

     <searchSQL>SELECT username FROM myUser WHERE</searchSQL>

     <usernameField>username</usernameField>

     <nameField>name</nameField>

     <emailField>email</emailField>

  </jdbcUserProvider>

   ...

 </jive>

Group Integration

Openfire can load group data from your custom database. If you enable group integration you must also enable authentication integration; you'll also likely want to enable user integration (see above). Use the following settings to enable group integration.

  • provider.group.className -- set the value to org.jivesoftware.openfire.group.JDBCGroupProvider.
  • jdbcGroupProvider.groupCountSQL -- the SQL statement to load the total number of groups in the database.
  • jdbcGroupProvider.allGroupsSQL -- the SQL statement to load all groups in the database.
  • jdbcGroupProvider.userGroupsSQL -- the SQL statement to load all groups for a particular user. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcGroupProvider.descriptionSQL -- the SQL statement to load the description of a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.
  • jdbcGroupProvider.loadMembersSQL -- the SQL statement to load all members in a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.
  • jdbcGroupProvider.loadAdminsSQL -- the SQL statement to load all administrators in a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.

Below is a sample config file section. Note that the single provider section must include all providers that should be configured:

<jive>

  ...

  <provider>

    <auth>

      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>

    </auth>

    <user>

      <className>org.jivesoftware.openfire.user.JDBCUserProvider</className>

    </user>

    <group>

      <className>org.jivesoftware.openfire.group.JDBCGroupProvider</className>

    </group>

  </provider>

  <jdbcAuthProvider>

     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>

     <passwordType>plain</passwordType>

  </jdbcAuthProvider>

  <jdbcUserProvider>

     <loadUserSQL>SELECT name,email FROM myUser WHERE username=?</loadUserSQL>

     <userCountSQL>SELECT COUNT(*) FROM myUser</userCountSQL>

     <allUsersSQL>SELECT username FROM myUser</allUsersSQL>

     <searchSQL>SELECT username FROM myUser WHERE</searchSQL>

     <usernameField>username</usernameField>

     <nameField>name</nameField>

     <emailField>email</emailField>

  </jdbcUserProvider>

  <jdbcGroupProvider>

       <groupCountSQL>SELECT count(*) FROM myGroups</groupCountSQL>

       <allGroupsSQL>SELECT groupName FROM myGroups</allGroupsSQL>

       <userGroupsSQL>SELECT groupName FROM myGroupUsers WHERE username=?</userGroupsSQL>

       <descriptionSQL>SELECT groupDescription FROM myGroups WHERE groupName=?</descriptionSQL>

       <loadMembersSQL>SELECT username FROM myGroupUsers WHERE groupName=? AND isAdmin='N'</loadMembersSQL>

       <loadAdminsSQL>SELECT username FROM myGroupUsers WHERE groupName=? AND isAdmin='Y'</loadAdminsSQL>

  </jdbcGroupProvider>

  ...

</jive>

openfire 使用已有的数据库作为用户认证数据库 Custom Database Integration Guide的更多相关文章

  1. openfire当中的Custom Database Integration Guide的配置

    openfire官网配置的链接为:Custom Database Integration Guide 按照上面的步骤一步步配置在xml当中,发现始终不起作用,最后在stackoverflow找到的链接 ...

  2. Spring Security笔记:使用数据库进行用户认证(form login using database)

    在前一节,学习了如何自定义登录页,但是用户名.密码仍然是配置在xml中的,这样显然太非主流,本节将学习如何把用户名/密码/角色存储在db中,通过db来实现用户认证 一.项目结构 与前面的示例相比,因为 ...

  3. Docker Mongo数据库开启用户认证

    一.启动mongo容器的几种方式 #简化版 docker run --name mongo1 -p 21117:27017 -d mongo --noprealloc --smallfiles #自定 ...

  4. SpringSecurity学习之基于数据库的用户认证

    SpringSecurity给我们提供了一套最基本的认证方式,可是这种方式远远不能满足大多数系统的需求.不过好在SpringSecurity给我们预留了许多可扩展的接口给我们,我们可以基于这些接口实现 ...

  5. sql server登录名、服务器角色、数据库用户、数据库角色、架构区别联系

    原创链接:https://www.cnblogs.com/lxf1117/p/6762315.html sql server登录名.服务器角色.数据库用户.数据库角色.架构区别联系 1.一个数据库用户 ...

  6. 阶段5 3.微服务项目【学成在线】_day17 用户认证 Zuul_02-用户认证-认证服务查询数据库-需求分析&搭建环境

    1.2 认证服务查询数据库 1.2.1 需求分析 认证服务根据数据库中的用户信息去校验用户的身份,即校验账号和密码是否匹配. 认证服务不直接连接数据库,而是通过用户中心服务去查询用户中心数据库. 完整 ...

  7. Nodejs之MEAN栈开发(八)---- 用户认证与会话管理详解

    用户认证与会话管理基本上是每个网站必备的一个功能.在Asp.net下做的比较多,大体的思路都是先根据用户提供的用户名和密码到数据库找到用户信息,然后校验,校验成功之后记住用户的姓名和相关信息,这个信息 ...

  8. Django 中的用户认证

    Django 自带一个用户认证系统,这个系统处理用户帐户.组.权限和基于 cookie 的 会话.本文说明这个系统是如何工作的. 概览 认证系统由以下部分组成: 用户 权限:控制用户进否可以执行某项任 ...

  9. Tornado web.authenticated 用户认证浅析

    在Web服务中会有用户登录后的一系列操作, 如果一个客户端的http请求要求是用户登录后才能做得操作, 那么 Web服务器接收请求时需要判断该请求里带的数据是否有用户认证的信息. 使用Tornado框 ...

随机推荐

  1. 网页抓取信息(php正則表達式、php操作excel)

    1.问题描写叙述 实现对固定网页上自己须要的信息抓取,以表格形式存储. 我是拿wustoj上的一个排行榜来练习的,地址:wustoj 2.思路 网页自己就简单学习了一下php,刚好用它来做点事情吧,我 ...

  2. C++ 类的对象管理模型初讲

    //类的对象管理模型初讲 #include<iostream> using namespace std; class PointA{ private: int x;//占据4个字节大小的内 ...

  3. [浪风分享] PHP开发必看 我现在是这样编程的

    我在做什么 曾经,我试过接到一些需求.一眼带过后,脑袋马上随着高昂的斗志沉溺在代码的世界中 ,马不停蹄地敲着键盘直到最后测试的完成.我从思绪中恢复过来,乍一看自己写的功能,和需求差了十万八千里,我TM ...

  4. annexb模式

    h264有两种封装,一种是annexb模式,传统模式,有startcode,SPS和PPS是在ES中一种是mp4模式,一般mp4 mkv会有,没有startcode,SPS和PPS以及其它信息被封装在 ...

  5. c++开发之对应Linux下的sem_t和lock

    http://www.cnblogs.com/P_Chou/archive/2012/07/13/semaphore-and-mutex-in-thread-sync.html http://blog ...

  6. php -- 修改字符串的编码格式

    网上的都是这样用的 $content = iconv("utf-8","gb2312",$content); 这样做其实也对着了,看着确实是把utf-8转化为g ...

  7. angularJs多文件上传

    <input type="file" id="file{{$index}}" class="file{{$index}}" ngf-s ...

  8. 转:解决Python2.7的UnicodeEncodeError: ‘ascii’ codec can’t encode异常错误

    操作SQL数据库,Python使用的是版本2.7,但是在运行的时候出现了异常错误UnicodeEncodeError:'ascii' codec can't encode characters in ...

  9. Struts2_day01--导入源文件_Struts2的执行过程_查看源代码

    导入源文件 选中按ctrl + shift + t进入 Struts2执行过程 画图分析过程 过滤器在服务器启动时创建,servlet在第一次访问时创建 查看源代码 public class Stru ...

  10. iOS开发之--如何使用自定义字体

    一.首先把字体导入到工程中 二.选择Build Phases -->Copy Boundle Resources ,把所用的字体添加进去,一般x-code会自定导入 三.在info.plist中 ...