http://download.igniterealtime.org/openfire/docs/latest/documentation/db-integration-guide.html

Introduction

This document provides instructions for integrating Openfire authentication, users, and groups with your custom database tables. This is useful when your users already have accounts in an external system and you do not wish to duplicate those accounts in Openfire. If your user information is available via an LDAP directory rather than custom database tables, see the LDAP guide.

Simple integration with a custom database lets users authenticate using their existing username and password. Optionally, you can configure Openfire to load user profile and group information from your custom database. Any group in Openfire can be designated as a shared group, which means that you can pre-populate user's rosters using groups.

Background

The integration requires that you enter customized database queries to access your database. You'll need to be familiar with your database table structure and simple SQL. Your custom database can be a different database on a different server from the Openfire database -- you'll enter database connection information as part of the configuration.

Configuration

In order to configure your server to integrate with your custom database tables:

  1. Stop Openfire.
  2. Edit conf/openfire.xml in your Openfire installation folder as described below using your favorite editor.
  3. Restart Openfire.

Database Connection Settings

You must specify the connection string for your database as well as the JDBC driver.

  • jdbcProvider.driver -- the class name of the JDBC driver used to connect to your custom database. The driver must also be in the Openfire classpath (for example, by placing it into the "lib/" directory of your Openfire installation. See the database guide for common driver names for major databases.
  • jdbcProvider.connectionString -- the full connection string for the database. Please consult your database driver documentation for syntax. Warning: it's common for connection string to contain "&" characters. That character has special meaning in XML, so you should escape it using "&".

Below is a sample config file section (note: the "..." sections in the examples indicate areas where the rest of the config file would exist):

<jive>

  ...

  <jdbcProvider>

    <driver>com.mysql.jdbc.Driver</driver>

    <connectionString>jdbc:mysql://localhost/dbname?user=username&amp;password=secret</connectionString>

  </jdbcProvider>

  ...

</jive>

Authentication Integration

The simplest possible integration with a custom external database is authentication integration. Use the following settings to enable authentication integration.

  • provider.auth.className -- set the value to org.jivesoftware.openfire.auth.JDBCAuthProvider.
  • jdbcAuthProvider.passwordSQL -- the SQL String to select a user's password. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcAuthProvider.passwordType -- the type of the password. Valid values are
    • "plain" (the password is stored as plain text)
    • "md5" (the password is stored as a hex-encoded MD5 hash)
    • "sha1" (the password is stored as a hex-encoded SHA-1 hash)
    • "sha256" (the password is stored as a hex-encoded SHA-256 hash)
    • "sha512" (the password is stored as a hex-encoded SHA-512 hash)

    If this value is not set, the password type is assumed to be plain.

Below is a sample config file section:

<jive>

  ...

  <provider>

    <auth>

      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>

    </auth>

  </provider>

  <jdbcAuthProvider>

     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>

     <passwordType>plain</passwordType>

   </jdbcAuthProvider>

   ...

  </jive>

You'll most likely want to change which usernames are authorized to login to the admin console. By default, only the user with username "admin" is allowed to login. However, you may have different users in your LDAP directory that you'd like to be administrators. The list of authorized usernames is controlled via the admin.authorizedUsernames property. For example, to let the usersnames "joe" and "jane" login to the admin console:

    <jive>

      ...

      <admin>

        ...

        <authorizedUsernames>joe, jane</authorizedUsernames>

      </admin>

      ...

    </jive>

Another option is to use an AdminProvider. AdminProvider instances are responsible for listing the administrators users dynamically. The default use the authorizedUsernames setting previously explained. JDBCAdminProvider allows to list the administrators from a SQL query. For example:

<jive>

  ...

  <provider>

    ...

    <admin>

      <className>org.jivesoftware.openfire.admin.JDBCAdminProvider</className>

    </admin>

    ...

  </provider>

  <jdbcAdminProvider>

    <getAdminsSQL>SELECT userid FROM user_account WHERE administrator='Y'</getAdminsSQL>

  </jdbcAdminProvider>

  ...

</jive>

User Integration

Optionally, Openfire can load user data from your custom database. If you enable user integration you must also enable authentication integration (see above). Use the following settings to enable user integration.

  • provider.user.className -- set the value to org.jivesoftware.openfire.user.JDBCUserProvider.
  • jdbcUserProvider.loadUserSQL -- the SQL statement to load the name and email address of a user (in that order) given a username. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcUserProvider.userCountSQL -- the SQL statement to load the total number of users in the database.
  • jdbcUserProvider.allUsersSQL -- the SQL statement to load all usernames in the database.
  • jdbcUserProvider.searchSQL -- the SQL statement fragment used to search your database for users. the statement should end with "WHERE" -- the username, name, and email fields will then be dynamically appended to the statement depending on the search. If this value is not set, searching will not be enabled.
  • usernameField -- the name of the username database field, which will be used for searches.
  • nameField -- the name of the name database field, which will be used for searches.
  • emailField -- the name of the email database field, which will be used for searches.

Below is a sample config file section. Note that the single provider section must include all providers that should be configured:

<jive>

  ...

  <provider>

    <auth>

      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>

    </auth>

    <user>

      <className>org.jivesoftware.openfire.user.JDBCUserProvider</className>

    </user>

  </provider>

  <jdbcAuthProvider>

     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>

     <passwordType>plain</passwordType>

  </jdbcAuthProvider>

  <jdbcUserProvider>

     <loadUserSQL>SELECT name,email FROM myUser WHERE username=?</loadUserSQL>

     <userCountSQL>SELECT COUNT(*) FROM myUser</userCountSQL>

     <allUsersSQL>SELECT username FROM myUser</allUsersSQL>

     <searchSQL>SELECT username FROM myUser WHERE</searchSQL>

     <usernameField>username</usernameField>

     <nameField>name</nameField>

     <emailField>email</emailField>

  </jdbcUserProvider>

   ...

 </jive>

Group Integration

Openfire can load group data from your custom database. If you enable group integration you must also enable authentication integration; you'll also likely want to enable user integration (see above). Use the following settings to enable group integration.

  • provider.group.className -- set the value to org.jivesoftware.openfire.group.JDBCGroupProvider.
  • jdbcGroupProvider.groupCountSQL -- the SQL statement to load the total number of groups in the database.
  • jdbcGroupProvider.allGroupsSQL -- the SQL statement to load all groups in the database.
  • jdbcGroupProvider.userGroupsSQL -- the SQL statement to load all groups for a particular user. The SQL statement should contain a single "?" character, which will be dynamically replaced with a username when being executed.
  • jdbcGroupProvider.descriptionSQL -- the SQL statement to load the description of a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.
  • jdbcGroupProvider.loadMembersSQL -- the SQL statement to load all members in a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.
  • jdbcGroupProvider.loadAdminsSQL -- the SQL statement to load all administrators in a group. The SQL statement should contain a single "?" character, which will be dynamically replaced with a group name when being executed.

Below is a sample config file section. Note that the single provider section must include all providers that should be configured:

<jive>

  ...

  <provider>

    <auth>

      <className>org.jivesoftware.openfire.auth.JDBCAuthProvider</className>

    </auth>

    <user>

      <className>org.jivesoftware.openfire.user.JDBCUserProvider</className>

    </user>

    <group>

      <className>org.jivesoftware.openfire.group.JDBCGroupProvider</className>

    </group>

  </provider>

  <jdbcAuthProvider>

     <passwordSQL>SELECT password FROM user_account WHERE username=?</passwordSQL>

     <passwordType>plain</passwordType>

  </jdbcAuthProvider>

  <jdbcUserProvider>

     <loadUserSQL>SELECT name,email FROM myUser WHERE username=?</loadUserSQL>

     <userCountSQL>SELECT COUNT(*) FROM myUser</userCountSQL>

     <allUsersSQL>SELECT username FROM myUser</allUsersSQL>

     <searchSQL>SELECT username FROM myUser WHERE</searchSQL>

     <usernameField>username</usernameField>

     <nameField>name</nameField>

     <emailField>email</emailField>

  </jdbcUserProvider>

  <jdbcGroupProvider>

       <groupCountSQL>SELECT count(*) FROM myGroups</groupCountSQL>

       <allGroupsSQL>SELECT groupName FROM myGroups</allGroupsSQL>

       <userGroupsSQL>SELECT groupName FROM myGroupUsers WHERE username=?</userGroupsSQL>

       <descriptionSQL>SELECT groupDescription FROM myGroups WHERE groupName=?</descriptionSQL>

       <loadMembersSQL>SELECT username FROM myGroupUsers WHERE groupName=? AND isAdmin='N'</loadMembersSQL>

       <loadAdminsSQL>SELECT username FROM myGroupUsers WHERE groupName=? AND isAdmin='Y'</loadAdminsSQL>

  </jdbcGroupProvider>

  ...

</jive>

openfire 使用已有的数据库作为用户认证数据库 Custom Database Integration Guide的更多相关文章

  1. openfire当中的Custom Database Integration Guide的配置

    openfire官网配置的链接为:Custom Database Integration Guide 按照上面的步骤一步步配置在xml当中,发现始终不起作用,最后在stackoverflow找到的链接 ...

  2. Spring Security笔记:使用数据库进行用户认证(form login using database)

    在前一节,学习了如何自定义登录页,但是用户名.密码仍然是配置在xml中的,这样显然太非主流,本节将学习如何把用户名/密码/角色存储在db中,通过db来实现用户认证 一.项目结构 与前面的示例相比,因为 ...

  3. Docker Mongo数据库开启用户认证

    一.启动mongo容器的几种方式 #简化版 docker run --name mongo1 -p 21117:27017 -d mongo --noprealloc --smallfiles #自定 ...

  4. SpringSecurity学习之基于数据库的用户认证

    SpringSecurity给我们提供了一套最基本的认证方式,可是这种方式远远不能满足大多数系统的需求.不过好在SpringSecurity给我们预留了许多可扩展的接口给我们,我们可以基于这些接口实现 ...

  5. sql server登录名、服务器角色、数据库用户、数据库角色、架构区别联系

    原创链接:https://www.cnblogs.com/lxf1117/p/6762315.html sql server登录名.服务器角色.数据库用户.数据库角色.架构区别联系 1.一个数据库用户 ...

  6. 阶段5 3.微服务项目【学成在线】_day17 用户认证 Zuul_02-用户认证-认证服务查询数据库-需求分析&搭建环境

    1.2 认证服务查询数据库 1.2.1 需求分析 认证服务根据数据库中的用户信息去校验用户的身份,即校验账号和密码是否匹配. 认证服务不直接连接数据库,而是通过用户中心服务去查询用户中心数据库. 完整 ...

  7. Nodejs之MEAN栈开发(八)---- 用户认证与会话管理详解

    用户认证与会话管理基本上是每个网站必备的一个功能.在Asp.net下做的比较多,大体的思路都是先根据用户提供的用户名和密码到数据库找到用户信息,然后校验,校验成功之后记住用户的姓名和相关信息,这个信息 ...

  8. Django 中的用户认证

    Django 自带一个用户认证系统,这个系统处理用户帐户.组.权限和基于 cookie 的 会话.本文说明这个系统是如何工作的. 概览 认证系统由以下部分组成: 用户 权限:控制用户进否可以执行某项任 ...

  9. Tornado web.authenticated 用户认证浅析

    在Web服务中会有用户登录后的一系列操作, 如果一个客户端的http请求要求是用户登录后才能做得操作, 那么 Web服务器接收请求时需要判断该请求里带的数据是否有用户认证的信息. 使用Tornado框 ...

随机推荐

  1. MySQL 5.6的72个新特性(译)

    一,安全提高 1.提供保存加密认证信息的方法,使用.mylogin.cnf文件.使用 mysql_config_editor可以创建此文件.这个文件可以进行连接数据库的访问授权. mysql_conf ...

  2. 在后台运行Python脚本服务

    在服务器,程序都是后台运行的,当写的python脚本时,需要:   你要是想python robot.py & 是不行的,一旦用户登出,脚本就自动退出了.用at, cron也可以实现不过我发现 ...

  3. JQuery Show()的几种效果 总有一种是你需要的

    1 show()方法和hide()方法 $("selector").show()  从display:none还原元素默认或已设置的display属性$("selecto ...

  4. selenium:chromedriver与chrome版本的对应关系

    转自:http://blog.csdn.NET/huilan_same/article/details/51896672 再使用selenium打开chrome浏览器的时候,需要用chromedriv ...

  5. Unity UGUI实现Button按钮长按状态的判断

    代码: using UnityEngine.EventSystems; using System.Collections; /// <summary> /// 脚本位置:UGUI按钮组件身 ...

  6. Java-----多线程sleep(),join(),interrupt(),wait(),notify()的作用

    关于Java多线程知识可以看看<Thinking in Java >中的多线程部分和<Java网络编程>中第5章多线程的部分 以下是参考<<Java多线程模式> ...

  7. i2c 异常之i2c1 prob 检测超时

    在没加atl 的fpga 时 i2c1上的tvp5150 vpss驱动加载没问题, 加了之后出现超时 I2C: timed out in wait_for_bb: I2C_IRQSTATUS=1000 ...

  8. 【BZOJ】1627: [Usaco2007 Dec]穿越泥地(bfs)

    http://www.lydsy.com/JudgeOnline/problem.php?id=1627 裸bfs不解释.. #include <cstdio> #include < ...

  9. hdu 2612:Find a way(经典BFS广搜题)

    Find a way Time Limit: 3000/1000 MS (Java/Others)    Memory Limit: 32768/32768 K (Java/Others)Total ...

  10. Linux性能调优、Linux集群与存储等

    http://freeloda.blog.51cto.com/    51cto