Versions Compared

Old Version 35

changes.mady.by.user Former user

Saved on

compared with

New Version 36

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Follow the steps given below to set up and configure the Authorization Manager.

Anchor
#Step 1 Setting up the repo
#Step 1 Setting up the repo
Step 1: Setting up the repository

By default, the embedded H2 database is used for storing permissions. You can change this as follows:

...

  1. Set up the database connection by update the datasource information using the <Property> element under <Configuration>. The jndi name of the datasource should be used to refer to the datasource. In the following example, the jndi name of the default datasource defined in the <PRODUCT_HOME>/repository/conf/datasources/master-datasources.xml file is linked from the user-mgt.xml file.

    Code Block
    languagehtml/xml
    linenumberstrue
    <Realm>
  <Configuration>
   ..........
   <Property name="dataSource">jdbc/WSO2CarbonDB</Property>
  </Configuration>
...
</Realm>

    You can add more configurations using the <Property> element:

    Property Name

    Description

    		Mandatory/Optional
    testOnBorrow

    It is recommended to set this property to 'true' so that object connections will be validated before being borrowed from the JDBC pool. For this property to be effective, the validationQuery parameter in the <PRODUCT_HOME>/repository/conf/datasources/master-datasources.xml file should be a non-string value. This setting will avoid connection failures. See the section on performance tuning of WSO2 products for more information.

    		Optional

  2. The default Authorization Manager section in the user-mgt.xml file is shown below. This can be updated accordingly.

    Code Block
    <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
        <Property name="AdminRoleManagementPermissions">/permission</Property>
	    <Property name="AuthorizationCacheEnabled">true</Property>
</AuthorizationManager>
    • The org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager class enables the Authorization Manager for your product.
    • The AdminRoleManagementPermissions property sets the registry path where the authorization information (role-based permissions) are stored. Note that this links to the repository that you defined in Step 1.

    • It is recommended to enable the GetAllRolesOfUserEnabled property in the AuthorizationManager as follows:

      Code Block
      <Property name="GetAllRolesOfUserEnabled">true</Property>

      Although using the user store manager does not depend on this property, you must consider enabling this if there are any performance issues in your production environment. Enabling this property affects the performance when the user logs in. This depends on the users, roles and permission stats.

    • By default, the rules linked to a permission (role name, action, resource) are not case sensitive. If you want to make them case sensitive, enable the following property:

      Code Block
      <Property name="CaseSensitiveAuthorizationRules">true</Property>