http://download.igniterealtime.org/openfire/docs/latest/documentation/db-integration-guide.html

Introduction

This document provides instructions for integrating Openfire authentication, users, and groups with your custom database tables. This is useful when your users already have accounts in an external system and you do not wish to duplicate those accounts in Openfire. If your user information is available via an LDAP directory rather than custom database tables, see the LDAP guide.

Simple integration with a custom database lets users authenticate using their existing username and password. Optionally, you can configure Openfire to load user profile and group information from your custom database. Any group in Openfire can be designated as a shared group, which means that you can pre-populate user's rosters using groups.

Background

The integration requires that you enter customized database queries to access your database. You'll need to be familiar with your database table structure and simple SQL. Your custom database can be a different database on a different server from the Openfire database -- you'll enter database connection information as part of the configuration.

Configuration

In order to configure your server to integrate with your custom database tables:

  1. Stop Openfire.
  2. Edit conf/openfire.xml in your Openfire installation folder as described below using your favorite editor.
  3. Restart Openfire.

Database Connection Settings

You must specify the connection string for your database as well as the JDBC driver.

  • jdbcProvider.driver -- the class name of the JDBC driver used to connect to your custom database. The driver must also be in the Openfire classpath (for example, by placing it into the "lib/" directory of your Openfire installation. See the database guide for common driver names for major databases.
  • jdbcProvider.connectionString -- the full connection string for the database. Please consult your database driver documentation for syntax. Warning: it's common for connection string to contain "&" characters. That character has special meaning in XML, so you should escape it using "&".

Below is a sample config file section (note: the "..." sections in the examples indicate areas where the rest of the config file would exist):

  1. <jive>
  2.   ...
  3.   <jdbcProvider>
  4.     <driver>com.mysql.jdbc.Driver</driver>
  5.     <connectionString>jdbc:mysql://localhost/dbname?user=username&amp;password=secret</connectionString>
  6.   </jdbcProvider>
  7.   ...
  8. </jive>

Authentication Integration

The simplest possible integration with a custom external database is authentication integration. Use the following settings to enable authentication integration.

  • provider.auth.className -- set the value to org.jivesoftware.openfire.auth.JDBCAuthProvider.
  • jdbcAuthProvider.passwordSQL -- the SQL String to select a user's password. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcAuthProvider.passwordType -- the type of the password. Valid values are
    • "plain" (the password is stored as plain text)
    • "md5" (the password is stored as a hex-encoded MD5 hash)
    • "sha1" (the password is stored as a hex-encoded SHA-1 hash)
    • "sha256" (the password is stored as a hex-encoded SHA-256 hash)
    • "sha512" (the password is stored as a hex-encoded SHA-512 hash)

    If this value is not set, the password type is assumed to be plain.

Below is a sample config file section:

  1. <jive>
  2.   ...
  3.   <provider>
  4.     <auth>
  5.       <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>
  6.     </auth>
  7.   </provider>
  8.   <jdbcAuthProvider>
  9.      <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>
  10.      <passwordType>plain</passwordType>
  11.    </jdbcAuthProvider>
  12.    ...
  13.   </jive>

You'll most likely want to change which usernames are authorized to login to the admin console. By default, only the user with username "admin" is allowed to login. However, you may have different users in your LDAP directory that you'd like to be administrators. The list of authorized usernames is controlled via the admin.authorizedUsernames property. For example, to let the usersnames "joe" and "jane" login to the admin console:

  1.     <jive>
  2.       ...
  3.       <admin>
  4.         ...
  5.         <authorizedUsernames>joe, jane</authorizedUsernames>
  6.       </admin>
  7.  
  8.       ...
  9.     </jive>

Another option is to use an AdminProvider. AdminProvider instances are responsible for listing the administrators users dynamically. The default use the authorizedUsernames setting previously explained. JDBCAdminProvider allows to list the administrators from a SQL query. For example:

  1. <jive>
  2.   ...
  3.   <provider>
  4.     ...
  5.     <admin>
  6.       <className>org.jivesoftware.openfire.admin.JDBCAdminProvider</className>
  7.     </admin>
  8.     ...
  9.   </provider>
  10.   <jdbcAdminProvider>
  11.     <getAdminsSQL>SELECT userid FROM user_account WHERE administrator='Y'</getAdminsSQL>
  12.   </jdbcAdminProvider>
  13.   ...
  14. </jive>

User Integration

Optionally, Openfire can load user data from your custom database. If you enable user integration you must also enable authentication integration (see above). Use the following settings to enable user integration.

  • provider.user.className -- set the value to org.jivesoftware.openfire.user.JDBCUserProvider.
  • jdbcUserProvider.loadUserSQL -- the SQL statement to load the name and email address of a user (in that order) given a username. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcUserProvider.userCountSQL -- the SQL statement to load the total number of users in the database.
  • jdbcUserProvider.allUsersSQL -- the SQL statement to load all usernames in the database.
  • jdbcUserProvider.searchSQL -- the SQL statement fragment used to search your database for users. the statement should end with "WHERE" -- the username, name, and email fields will then be dynamically appended to the statement depending on the search. If this value is not set, searching will not be enabled.
  • usernameField -- the name of the username database field, which will be used for searches.
  • nameField -- the name of the name database field, which will be used for searches.
  • emailField -- the name of the email database field, which will be used for searches.

Below is a sample config file section. Note that the single provider section must include all providers that should be configured:

  1. <jive>
  2.   ...
  3.   <provider>
  4.     <auth>
  5.       <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>
  6.     </auth>
  7.     <user>
  8.       <className>org.jivesoftware.openfire.user.JDBCUserProvider</className>
  9.     </user>
  10.   </provider>
  11.   <jdbcAuthProvider>
  12.      <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>
  13.      <passwordType>plain</passwordType>
  14.   </jdbcAuthProvider>
  15.   <jdbcUserProvider>
  16.      <loadUserSQL>SELECT name,email FROM myUser WHERE username=?</loadUserSQL>
  17.      <userCountSQL>SELECT COUNT(*) FROM myUser</userCountSQL>
  18.      <allUsersSQL>SELECT username FROM myUser</allUsersSQL>
  19.      <searchSQL>SELECT username FROM myUser WHERE</searchSQL>
  20.      <usernameField>username</usernameField>
  21.      <nameField>name</nameField>
  22.      <emailField>email</emailField>
  23.   </jdbcUserProvider>
  24.    ...
  25.  </jive>

Group Integration

Openfire can load group data from your custom database. If you enable group integration you must also enable authentication integration; you'll also likely want to enable user integration (see above). Use the following settings to enable group integration.

  • provider.group.className -- set the value to org.jivesoftware.openfire.group.JDBCGroupProvider.
  • jdbcGroupProvider.groupCountSQL -- the SQL statement to load the total number of groups in the database.
  • jdbcGroupProvider.allGroupsSQL -- the SQL statement to load all groups in the database.
  • jdbcGroupProvider.userGroupsSQL -- the SQL statement to load all groups for a particular user. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcGroupProvider.descriptionSQL -- the SQL statement to load the description of a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.
  • jdbcGroupProvider.loadMembersSQL -- the SQL statement to load all members in a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.
  • jdbcGroupProvider.loadAdminsSQL -- the SQL statement to load all administrators in a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.

Below is a sample config file section. Note that the single provider section must include all providers that should be configured:

  1. <jive>
  2.   ...
  3.   <provider>
  4.     <auth>
  5.       <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>
  6.     </auth>
  7.     <user>
  8.       <className>org.jivesoftware.openfire.user.JDBCUserProvider</className>
  9.     </user>
  10.     <group>
  11.       <className>org.jivesoftware.openfire.group.JDBCGroupProvider</className>
  12.     </group>
  13.   </provider>
  14.   <jdbcAuthProvider>
  15.      <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>
  16.      <passwordType>plain</passwordType>
  17.   </jdbcAuthProvider>
  18.   <jdbcUserProvider>
  19.      <loadUserSQL>SELECT name,email FROM myUser WHERE username=?</loadUserSQL>
  20.      <userCountSQL>SELECT COUNT(*) FROM myUser</userCountSQL>
  21.      <allUsersSQL>SELECT username FROM myUser</allUsersSQL>
  22.      <searchSQL>SELECT username FROM myUser WHERE</searchSQL>
  23.      <usernameField>username</usernameField>
  24.      <nameField>name</nameField>
  25.      <emailField>email</emailField>
  26.   </jdbcUserProvider>
  27.   <jdbcGroupProvider>
  28.        <groupCountSQL>SELECT count(*) FROM myGroups</groupCountSQL>
  29.        <allGroupsSQL>SELECT groupName FROM myGroups</allGroupsSQL>
  30.        <userGroupsSQL>SELECT groupName FROM myGroupUsers WHERE username=?</userGroupsSQL>
  31.        <descriptionSQL>SELECT groupDescription FROM myGroups WHERE groupName=?</descriptionSQL>
  32.        <loadMembersSQL>SELECT username FROM myGroupUsers WHERE groupName=? AND isAdmin='N'</loadMembersSQL>
  33.        <loadAdminsSQL>SELECT username FROM myGroupUsers WHERE groupName=? AND isAdmin='Y'</loadAdminsSQL>
  34.   </jdbcGroupProvider>
  35.   ...
  36. </jive>

openfire 使用已有的数据库作为用户认证数据库 Custom Database Integration Guide的更多相关文章

  1. openfire当中的Custom Database Integration Guide的配置

    openfire官网配置的链接为:Custom Database Integration Guide 按照上面的步骤一步步配置在xml当中,发现始终不起作用,最后在stackoverflow找到的链接 ...

  2. Spring Security笔记:使用数据库进行用户认证(form login using database)

    在前一节,学习了如何自定义登录页,但是用户名.密码仍然是配置在xml中的,这样显然太非主流,本节将学习如何把用户名/密码/角色存储在db中,通过db来实现用户认证 一.项目结构 与前面的示例相比,因为 ...

  3. Docker Mongo数据库开启用户认证

    一.启动mongo容器的几种方式 #简化版 docker run --name mongo1 -p 21117:27017 -d mongo --noprealloc --smallfiles #自定 ...

  4. SpringSecurity学习之基于数据库的用户认证

    SpringSecurity给我们提供了一套最基本的认证方式,可是这种方式远远不能满足大多数系统的需求.不过好在SpringSecurity给我们预留了许多可扩展的接口给我们,我们可以基于这些接口实现 ...

  5. sql server登录名、服务器角色、数据库用户、数据库角色、架构区别联系

    原创链接:https://www.cnblogs.com/lxf1117/p/6762315.html sql server登录名.服务器角色.数据库用户.数据库角色.架构区别联系 1.一个数据库用户 ...

  6. 阶段5 3.微服务项目【学成在线】_day17 用户认证 Zuul_02-用户认证-认证服务查询数据库-需求分析&搭建环境

    1.2 认证服务查询数据库 1.2.1 需求分析 认证服务根据数据库中的用户信息去校验用户的身份,即校验账号和密码是否匹配. 认证服务不直接连接数据库,而是通过用户中心服务去查询用户中心数据库. 完整 ...

  7. Nodejs之MEAN栈开发(八)---- 用户认证与会话管理详解

    用户认证与会话管理基本上是每个网站必备的一个功能.在Asp.net下做的比较多,大体的思路都是先根据用户提供的用户名和密码到数据库找到用户信息,然后校验,校验成功之后记住用户的姓名和相关信息,这个信息 ...

  8. Django 中的用户认证

    Django 自带一个用户认证系统,这个系统处理用户帐户.组.权限和基于 cookie 的 会话.本文说明这个系统是如何工作的. 概览 认证系统由以下部分组成: 用户 权限:控制用户进否可以执行某项任 ...

  9. Tornado web.authenticated 用户认证浅析

    在Web服务中会有用户登录后的一系列操作, 如果一个客户端的http请求要求是用户登录后才能做得操作, 那么 Web服务器接收请求时需要判断该请求里带的数据是否有用户认证的信息. 使用Tornado框 ...

随机推荐

  1. 07 Test结构

    Test 有多种实现方式, [ 等价于 test, 并且 [ 是一个内建命令, 效率很高 另外, [[]] 也是测试, [[]]结构比bash[]更灵活, 这是一个扩展test命令, 从ksh88继承 ...

  2. MVC已经是现代Web开发中的一个很重要的部分,下面介绍一下Spring MVC的一些使用心得。

    MVC已经是现代Web开发中的一个很重要的部分,下面介绍一下Spring MVC的一些使用心得. 之前的项目比较简单,多是用JSP .Servlet + JDBC 直接搞定,在项目中尝试用 Strut ...

  3. OAuth2.0 介绍

    一.基本协议流程: (1) Client请求RO(Resource Owner)的授权:请求中一般包含:要访问的资源路径,操作类型,Client的身份等信息.(2) RO批准授权:并将“授权证据”发送 ...

  4. 验证:record项元的多少影响修改速度。

    验证erlang官网提供的思想:record的修改是复制. -module (test_record). -record (record_5,{ aa1 = 0, aa2 = 0, aa3 = 0, ...

  5. jqgrid demo

    本人是用php写的,相信只要稍微用点时间看本人写的,就一定能看懂 前台代码 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//E ...

  6. UNIQLO

    UNIQLO品牌的迅销公司建立于1963年,当年是一家销售西服的小服装店.公司现任董事长兼总经理柳井正早年毕业于早稻田大学经济学专业,1972年8月进入迅销公司,1984年9月就任公司董事长兼总经理. ...

  7. VC++ GetSafeHwnd()和GetSafeHandle()

    GetSafeHwnd()和GetSafeHandle()的主要区别: 使用者不同: (1)窗体使用:GetSafeHwnd()用于获取窗体的安全句柄(即HWND),有了HWND我们就可以方便的对HW ...

  8. Spring Cache 自定义注解

    1.在使用spring cache注解如cacheable.cacheevict.cacheput过程中有一些问题: 比如,我们在查到一个list后,可以将list缓存到一个键对应的区域里:当新增.修 ...

  9. 转载 -- iOS中SDK的简单封装与使用

    一.功能总述 在博客开始的第一部分,我们先来看一下我们最终要实现的效果.下图中所表述的就是我们今天博客中要做的事情,下方的App One和App Two都植入了我们将要封装的LoginSDK, 两个A ...

  10. $_SERVER,IP,域名常用方法

    PHP $_SERVER详解   $_SERVER['HTTP_ACCEPT_LANGUAGE']//浏览器语言 $_SERVER['REMOTE_ADDR'] //当前用户 IP . $_SERVE ...