...
- Change the default H2 database or set up another RDBMS for storing permissions. See the documentation on setting up databases for instructions.
- When you set up an RDBMS for your system, it is necessary to create a corresponding datasource, which allows the system to connect to the database.
- If you are replacing the default H2 database with a new RDBMS, update the
master-datasource.xmlfile (stored in the<PRODUCT_HOME>/repository/conf/datasources/directory) with the relevant information. - Alternatively, create a new XML file with the datasource information of your new RDBMS and store it in the same
<PRODUCT_HOME>/repository/conf/datasources/directory.
- If you are replacing the default H2 database with a new RDBMS, update the
Refer the related topics for detailed information on setting up databases and configuring datasources.
Step 2: Updating the user realm configurations
...
Set up the database connection by update the datasource information using the
<Property>element under<Configuration>. The jndi name of the datasource should be used to refer to the datasource. In the following example, the jndi name of the default datasource defined in the<PRODUCT_HOME>/repository/conf/datasources/master-datasources.xmlfile is linked from theuser-mgt.xmlfile.Code Block language html/xml linenumbers true <Realm> <Configuration> .......... <Property name="dataSource">jdbc/WSO2CarbonDB</Property> </Configuration> ... </Realm>
You can add more configurations using the
<Property>element:Property Name
Description
Mandatory/Optional testOnBorrowIt is recommended to set this property to 'true' so that object connections will be validated before being borrowed from the JDBC pool. For this property to be effective, the
validationQueryparameter in the<PRODUCT_HOME>/repository/conf/datasources/master-datasources.xmlfile should be a non-string value. This setting will avoid connection failures. See the section on performance tuning of WSO2 products for more information.Optional The default Authorization Manager section in the
user-mgt.xmlfile is shown below. This can be updated accordingly.Code Block <AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager"> <Property name="AdminRoleManagementPermissions">/permission</Property> <Property name="AuthorizationCacheEnabled">true</Property> </AuthorizationManager>- The
org.wso2.carbon.user.core.authorization.JDBCAuthorizationManagerclass enables the Authorization Manager for your product. - The
AdminRoleManagementPermissionsproperty sets the registry path where the authorization information (role-based permissions) are stored. Note that this links to the repository that you defined in Step 1. It is recommended to enable the
GetAllRolesOfUserEnabledproperty in theAuthorizationManageras follows:Code Block <Property name="GetAllRolesOfUserEnabled">true</Property>
Although using the user store manager does not depend on this property, you must consider enabling this if there are any performance issues in your production environment. Enabling this property affects the performance when the user logs in. This depends on the users, roles and permission stats.
By default, the rules linked to a permission (role name, action, resource) are not case sensitive. If you want to make them case sensitive, enable the following property:
Code Block <Property name="CaseSensitiveAuthorizationRules">true</Property>
- The
Related topics
| Excerpt | ||
|---|---|---|
| ||
NOTE to WRITERS: The 'Related topics' heading is bookmarked in this page. Add the relevant links in your respective spaces under related topics. See example:
|