...
- Static inside the data service configuration itself
- Provided at runtime through a Java class that implements the interface
org.wso2.carbon.dataservices.core.auth.DynamicUserAuthenticator
The following topics explain both:
Table of Contents | ||||
---|---|---|---|---|
|
Static configuration
You can specify a code as shown in the following example in the data source configuration section of the data service.
...
The following screenshot shows a sample configuration of dynamic user mappings. For each entry, the Carbon user and the target database user/password can be mapped.
Runtime
...
configuration
In the runtime mode, the property dynamicUserAuthClass
must be specified instead of the data source configuration property dynamicUserAuthMapping
. The dynamicUserAuthClass
property's value must have the fully-qualified class name of a Java class that implements the interface org.wso2.carbon.dataservices.core.auth.DynamicUserAuthenticator.
The interface is as follows:
...
The dynamic user authentication class can be specified in the field shown in the screenshot below.
Dynamic user lookup order of precedence
In a single data source configuration, both the static and the runtime configurations can be available at once. The server processes them as follows:
- Higher precedence goes to the static mapping in initially looking up the credentials. The "*" request setting is ignored in the first pass
- If a request user/database credentials mapping cannot be found, the secondary runtime Java class implementation is used to look up the user
- If the previous option also fails, the program returns for the primary static mapping and processes the "*" request mapping
- The data service request returns an error only if all of the above options fail
Use of external data sources
When using data sources that are not inline like Carbon, JNDI etc. the data sources must be specified in a way that its connections can be created for selected users. Specifically in Carbon data sources, enable the setting alternateUsernameAllowed
for dynamic user authentication to function.