Package org.apache.wiki.auth.user

Class JDBCUserDatabase

  • All Implemented Interfaces:
    UserDatabase
    public class JDBCUserDatabase
extends AbstractUserDatabase

    Implementation of UserDatabase that persists DefaultUserProfile objects to a JDBC DataSource, as might typically be provided by a web container. This implementation looks up the JDBC DataSource using JNDI. The JNDI name of the datasource, backing table and mapped columns used by this class can be overridden by adding settings in jspwiki.properties.

    Configurable properties are these:

    Property Default Definition
    jspwiki.userdatabase.datasource jdbc/UserDatabase The JNDI name of the DataSource
    jspwiki.userdatabase.table users The table that stores the user profiles
    jspwiki.userdatabase.attributes attributes The CLOB column containing the profile's custom attributes, stored as key/value strings, each separated by newline.
    jspwiki.userdatabase.created created The column containing the profile's creation timestamp
    jspwiki.userdatabase.email email The column containing the user's e-mail address
    jspwiki.userdatabase.fullName full_name The column containing the user's full name
    jspwiki.userdatabase.loginName login_name The column containing the user's login id
    jspwiki.userdatabase.password password The column containing the user's password
    jspwiki.userdatabase.modified modified The column containing the profile's last-modified timestamp
    jspwiki.userdatabase.uid uid The column containing the profile's unique identifier, as a long integer
    jspwiki.userdatabase.wikiName wiki_name The column containing the user's wiki name
    jspwiki.userdatabase.lockExpiry lock_expiry The column containing the date/time when the profile, if locked, should be unlocked.
    jspwiki.userdatabase.roleTable roles The table that stores user roles. When a new user is created, a new record is inserted containing user's initial role. The table will have an ID column whose name and values correspond to the contents of the user table's login name column. It will also contain a role column (see next row).
    jspwiki.userdatabase.role role The column in the role table that stores user roles. When a new user is created, this column will be populated with the value Authenticated. Once created, JDBCUserDatabase does not use this column again; it is provided strictly for the convenience of container-managed authentication services.

    This class hashes passwords using SHA-1. All of the underying SQL commands used by this class are implemented using prepared statements, so it is immune to SQL injection attacks.

    This class is typically used in conjunction with a web container's JNDI resource factory. For example, Tomcat provides a basic JNDI factory for registering DataSources. To give JSPWiki access to the JNDI resource named by , you would declare the datasource resource similar to this:

    <Context ...>
      ...
      <Resource name="jdbc/UserDatabase" auth="Container"
        type="javax.sql.DataSource" username="dbusername" password="dbpassword"
        driverClassName="org.hsql.jdbcDriver" url="jdbc:HypersonicSQL:database"
        maxActive="8" maxIdle="4"/>
     ...
    </Context>

    To configure JSPWiki to use JDBC support, first create a database with a structure similar to that provided by the HSQL and PostgreSQL scripts in src/main/config/db. If you have different table or column names you can either alias them with a database view and have JSPWiki use the views, or alter the WEB-INF/jspwiki.properties file: the jspwiki.userdatabase.* and jspwiki.groupdatabase.* properties change the names of the tables and columns that JSPWiki uses.

    A JNDI datasource (named jdbc/UserDatabase by default but can be configured in the jspwiki.properties file) will need to be created in your servlet container. JDBC driver JARs should be added, e.g. in Tomcat's lib directory. For more Tomcat JNDI configuration examples, see http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html. Once done, restart JSPWiki in the servlet container for it to read the new properties and switch to JDBC authentication.

    JDBCUserDatabase commits changes as transactions if the back-end database supports them. Changes are made immediately (during the save(UserProfile) method).

    Since:
    2.3