http://download.igniterealtime.org/openfire/docs/latest/documentation/db-integration-guide.html

Introduction

This document provides instructions for integrating Openfire authentication, users, and groups with your custom database tables. This is useful when your users already have accounts in an external system and you do not wish to duplicate those accounts in Openfire. If your user information is available via an LDAP directory rather than custom database tables, see the LDAP guide.

Simple integration with a custom database lets users authenticate using their existing username and password. Optionally, you can configure Openfire to load user profile and group information from your custom database. Any group in Openfire can be designated as a shared group, which means that you can pre-populate user's rosters using groups.

Background

The integration requires that you enter customized database queries to access your database. You'll need to be familiar with your database table structure and simple SQL. Your custom database can be a different database on a different server from the Openfire database -- you'll enter database connection information as part of the configuration.

Configuration

In order to configure your server to integrate with your custom database tables:

  1. Stop Openfire.
  2. Edit conf/openfire.xml in your Openfire installation folder as described below using your favorite editor.
  3. Restart Openfire.

Database Connection Settings

You must specify the connection string for your database as well as the JDBC driver.

  • jdbcProvider.driver -- the class name of the JDBC driver used to connect to your custom database. The driver must also be in the Openfire classpath (for example, by placing it into the "lib/" directory of your Openfire installation. See the database guide for common driver names for major databases.
  • jdbcProvider.connectionString -- the full connection string for the database. Please consult your database driver documentation for syntax. Warning: it's common for connection string to contain "&" characters. That character has special meaning in XML, so you should escape it using "&".

Below is a sample config file section (note: the "..." sections in the examples indicate areas where the rest of the config file would exist):

<jive>

  ...

  <jdbcProvider>

    <driver>com.mysql.jdbc.Driver</driver>

    <connectionString>jdbc:mysql://localhost/dbname?user=username&amp;password=secret</connectionString>

  </jdbcProvider>

  ...

</jive>

Authentication Integration

The simplest possible integration with a custom external database is authentication integration. Use the following settings to enable authentication integration.

  • provider.auth.className -- set the value to org.jivesoftware.openfire.auth.JDBCAuthProvider.
  • jdbcAuthProvider.passwordSQL -- the SQL String to select a user's password. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcAuthProvider.passwordType -- the type of the password. Valid values are
    • "plain" (the password is stored as plain text)
    • "md5" (the password is stored as a hex-encoded MD5 hash)
    • "sha1" (the password is stored as a hex-encoded SHA-1 hash)
    • "sha256" (the password is stored as a hex-encoded SHA-256 hash)
    • "sha512" (the password is stored as a hex-encoded SHA-512 hash)

    If this value is not set, the password type is assumed to be plain.

Below is a sample config file section:

<jive>

  ...

  <provider>

    <auth>

      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>

    </auth>

  </provider>

  <jdbcAuthProvider>

     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>

     <passwordType>plain</passwordType>

   </jdbcAuthProvider>

   ...

  </jive>

You'll most likely want to change which usernames are authorized to login to the admin console. By default, only the user with username "admin" is allowed to login. However, you may have different users in your LDAP directory that you'd like to be administrators. The list of authorized usernames is controlled via the admin.authorizedUsernames property. For example, to let the usersnames "joe" and "jane" login to the admin console:

    <jive>

      ...

      <admin>

        ...

        <authorizedUsernames>joe, jane</authorizedUsernames>

      </admin>

      ...

    </jive>

Another option is to use an AdminProvider. AdminProvider instances are responsible for listing the administrators users dynamically. The default use the authorizedUsernames setting previously explained. JDBCAdminProvider allows to list the administrators from a SQL query. For example:

<jive>

  ...

  <provider>

    ...

    <admin>

      <className>org.jivesoftware.openfire.admin.JDBCAdminProvider</className>

    </admin>

    ...

  </provider>

  <jdbcAdminProvider>

    <getAdminsSQL>SELECT userid FROM user_account WHERE administrator='Y'</getAdminsSQL>

  </jdbcAdminProvider>

  ...

</jive>

User Integration

Optionally, Openfire can load user data from your custom database. If you enable user integration you must also enable authentication integration (see above). Use the following settings to enable user integration.

  • provider.user.className -- set the value to org.jivesoftware.openfire.user.JDBCUserProvider.
  • jdbcUserProvider.loadUserSQL -- the SQL statement to load the name and email address of a user (in that order) given a username. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcUserProvider.userCountSQL -- the SQL statement to load the total number of users in the database.
  • jdbcUserProvider.allUsersSQL -- the SQL statement to load all usernames in the database.
  • jdbcUserProvider.searchSQL -- the SQL statement fragment used to search your database for users. the statement should end with "WHERE" -- the username, name, and email fields will then be dynamically appended to the statement depending on the search. If this value is not set, searching will not be enabled.
  • usernameField -- the name of the username database field, which will be used for searches.
  • nameField -- the name of the name database field, which will be used for searches.
  • emailField -- the name of the email database field, which will be used for searches.

Below is a sample config file section. Note that the single provider section must include all providers that should be configured:

<jive>

  ...

  <provider>

    <auth>

      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>

    </auth>

    <user>

      <className>org.jivesoftware.openfire.user.JDBCUserProvider</className>

    </user>

  </provider>

  <jdbcAuthProvider>

     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>

     <passwordType>plain</passwordType>

  </jdbcAuthProvider>

  <jdbcUserProvider>

     <loadUserSQL>SELECT name,email FROM myUser WHERE username=?</loadUserSQL>

     <userCountSQL>SELECT COUNT(*) FROM myUser</userCountSQL>

     <allUsersSQL>SELECT username FROM myUser</allUsersSQL>

     <searchSQL>SELECT username FROM myUser WHERE</searchSQL>

     <usernameField>username</usernameField>

     <nameField>name</nameField>

     <emailField>email</emailField>

  </jdbcUserProvider>

   ...

 </jive>

Group Integration

Openfire can load group data from your custom database. If you enable group integration you must also enable authentication integration; you'll also likely want to enable user integration (see above). Use the following settings to enable group integration.

  • provider.group.className -- set the value to org.jivesoftware.openfire.group.JDBCGroupProvider.
  • jdbcGroupProvider.groupCountSQL -- the SQL statement to load the total number of groups in the database.
  • jdbcGroupProvider.allGroupsSQL -- the SQL statement to load all groups in the database.
  • jdbcGroupProvider.userGroupsSQL -- the SQL statement to load all groups for a particular user. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcGroupProvider.descriptionSQL -- the SQL statement to load the description of a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.
  • jdbcGroupProvider.loadMembersSQL -- the SQL statement to load all members in a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.
  • jdbcGroupProvider.loadAdminsSQL -- the SQL statement to load all administrators in a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.

Below is a sample config file section. Note that the single provider section must include all providers that should be configured:

<jive>

  ...

  <provider>

    <auth>

      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>

    </auth>

    <user>

      <className>org.jivesoftware.openfire.user.JDBCUserProvider</className>

    </user>

    <group>

      <className>org.jivesoftware.openfire.group.JDBCGroupProvider</className>

    </group>

  </provider>

  <jdbcAuthProvider>

     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>

     <passwordType>plain</passwordType>

  </jdbcAuthProvider>

  <jdbcUserProvider>

     <loadUserSQL>SELECT name,email FROM myUser WHERE username=?</loadUserSQL>

     <userCountSQL>SELECT COUNT(*) FROM myUser</userCountSQL>

     <allUsersSQL>SELECT username FROM myUser</allUsersSQL>

     <searchSQL>SELECT username FROM myUser WHERE</searchSQL>

     <usernameField>username</usernameField>

     <nameField>name</nameField>

     <emailField>email</emailField>

  </jdbcUserProvider>

  <jdbcGroupProvider>

       <groupCountSQL>SELECT count(*) FROM myGroups</groupCountSQL>

       <allGroupsSQL>SELECT groupName FROM myGroups</allGroupsSQL>

       <userGroupsSQL>SELECT groupName FROM myGroupUsers WHERE username=?</userGroupsSQL>

       <descriptionSQL>SELECT groupDescription FROM myGroups WHERE groupName=?</descriptionSQL>

       <loadMembersSQL>SELECT username FROM myGroupUsers WHERE groupName=? AND isAdmin='N'</loadMembersSQL>

       <loadAdminsSQL>SELECT username FROM myGroupUsers WHERE groupName=? AND isAdmin='Y'</loadAdminsSQL>

  </jdbcGroupProvider>

  ...

</jive>

openfire 使用已有的数据库作为用户认证数据库 Custom Database Integration Guide的更多相关文章

  1. openfire当中的Custom Database Integration Guide的配置

    openfire官网配置的链接为:Custom Database Integration Guide 按照上面的步骤一步步配置在xml当中,发现始终不起作用,最后在stackoverflow找到的链接 ...

  2. Spring Security笔记:使用数据库进行用户认证(form login using database)

    在前一节,学习了如何自定义登录页,但是用户名.密码仍然是配置在xml中的,这样显然太非主流,本节将学习如何把用户名/密码/角色存储在db中,通过db来实现用户认证 一.项目结构 与前面的示例相比,因为 ...

  3. Docker Mongo数据库开启用户认证

    一.启动mongo容器的几种方式 #简化版 docker run --name mongo1 -p 21117:27017 -d mongo --noprealloc --smallfiles #自定 ...

  4. SpringSecurity学习之基于数据库的用户认证

    SpringSecurity给我们提供了一套最基本的认证方式,可是这种方式远远不能满足大多数系统的需求.不过好在SpringSecurity给我们预留了许多可扩展的接口给我们,我们可以基于这些接口实现 ...

  5. sql server登录名、服务器角色、数据库用户、数据库角色、架构区别联系

    原创链接:https://www.cnblogs.com/lxf1117/p/6762315.html sql server登录名.服务器角色.数据库用户.数据库角色.架构区别联系 1.一个数据库用户 ...

  6. 阶段5 3.微服务项目【学成在线】_day17 用户认证 Zuul_02-用户认证-认证服务查询数据库-需求分析&搭建环境

    1.2 认证服务查询数据库 1.2.1 需求分析 认证服务根据数据库中的用户信息去校验用户的身份,即校验账号和密码是否匹配. 认证服务不直接连接数据库,而是通过用户中心服务去查询用户中心数据库. 完整 ...

  7. Nodejs之MEAN栈开发(八)---- 用户认证与会话管理详解

    用户认证与会话管理基本上是每个网站必备的一个功能.在Asp.net下做的比较多,大体的思路都是先根据用户提供的用户名和密码到数据库找到用户信息,然后校验,校验成功之后记住用户的姓名和相关信息,这个信息 ...

  8. Django 中的用户认证

    Django 自带一个用户认证系统,这个系统处理用户帐户.组.权限和基于 cookie 的 会话.本文说明这个系统是如何工作的. 概览 认证系统由以下部分组成: 用户 权限:控制用户进否可以执行某项任 ...

  9. Tornado web.authenticated 用户认证浅析

    在Web服务中会有用户登录后的一系列操作, 如果一个客户端的http请求要求是用户登录后才能做得操作, 那么 Web服务器接收请求时需要判断该请求里带的数据是否有用户认证的信息. 使用Tornado框 ...

随机推荐

  1. C++中变量做数组长度

    在Java中,这是完全可以的,比如我们运行如下程序: package cn.darrenchan.storm; import java.util.Arrays; public class Test { ...

  2. asp.net 列表样式

    找了好一段时间,找到一个不错的文章列表样式,留起来备用 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN&qu ...

  3. C#调用SQL Server有参的存储过程

    一.使用SqlParameter的方式 代码: using System; using System.Collections.Generic; using System.ComponentModel; ...

  4. Btrace的使用方法

    本文基于<深入理解Java虚拟机:JVM高级特性与最佳实践 第2版> 写在前面: Btrace有很多用法,比如说性能监视,连接泄露,内存泄漏,多线程竞争,而本文说的只是最基本的应用打印调用 ...

  5. python手册

    https://www.crummy.com/software/BeautifulSoup/bs4/doc.zh/

  6. phpstorm 中文版 支持BUG调试 IDE

    下载地址:http://dx2.7down.net/soft/P/phpstorm8_cn.zip

  7. [css]解决iframe在ios设备上无法滚动

    原因: safari的webkit内核特性 解决方案: 在iframe外包裹一层div并另外设置其css属性为如下: -webkit-overflow-scrolling:touch; overflo ...

  8. Machine Learning With Spark学习笔记(在10万电影数据上训练、使用推荐模型)

    我们如今開始训练模型,还输入參数例如以下: rank:ALS中因子的个数.通常来说越大越好,可是对内存占用率有直接影响,通常rank在10到200之间. iterations:迭代次数,每次迭代都会降 ...

  9. 自己开发iOS版按键精灵--TTouch

    利用闲余时间,把之前的按键录制和播放整理了一些,开发了一个iOS版按键录制.播放的越狱APP,类似按键精灵.触动精灵等按键类的基本功能.脚本采用lua语法格式,可直接执行lua脚本,通过lua和obj ...

  10. 3D分子构型该怎么优化

    很多的化学领域的专业人士都知道,分子的性质往往是有分子的结构所决定的,但是在实验室研究的过程中很难观察到稳定分子的结构,这往往是因为中间体寿命过短或者是混合物难以分离造成的,这个时候就需要通过计算化学 ...