Versions Compared

Old Version 2

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

  • Static inside the data service configuration itself
  • Provided at runtime through a Java class that implements the interface org.wso2.carbon.dataservices.core.auth.DynamicUserAuthenticator

The following topics explain both:

Table of Contents
maxLevel3
minLevel3

Static configuration

You can specify a code as shown in the following example in the data source configuration section of the data service.

...

The following screenshot shows a sample configuration of dynamic user mappings. For each entry, the Carbon user and the target database user/password can be mapped.

Runtime

...

configuration

In the runtime mode, the property dynamicUserAuthClass must be specified instead of the data source configuration property dynamicUserAuthMapping. The dynamicUserAuthClass property's value must have the fully-qualified class name of a Java class that implements the interface org.wso2.carbon.dataservices.core.auth.DynamicUserAuthenticator. The interface is as follows:

...

The dynamic user authentication class can be specified in the field shown in the screenshot below.

Dynamic user lookup order of precedence

In a single data source configuration, both the static and the runtime configurations can be available at once. The server processes them as follows:

  • Higher precedence goes to the static mapping in initially looking up the credentials. The "*" request setting is ignored in the first pass
  • If a request user/database credentials mapping cannot be found, the secondary runtime Java class implementation is used to look up the user
  • If the previous option also fails, the program returns for the primary static mapping and processes the "*" request mapping
  • The data service request returns an error only if all of the above options fail

Use of external data sources

When using data sources that are not inline like Carbon, JNDI etc. the data sources must be specified in a way that its connections can be created for selected users. Specifically in Carbon data sources, enable the setting alternateUsernameAllowed for dynamic user authentication to function.