This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

The default internal JDBC user store reads/writes into the internal database of the Carbon server. JDBC user stores can be configured using the <PRODUCT_HOME>/repository/conf/user-mgt.xml file's JDBCUserStoreManager configuration section. Additionally, all Carbon-based products can work with an external RDBMS. You can configure Carbon to read users/roles from your company RDBMS and even write to it. Therefore, in this scenario, the user core connects to two databases:

  • The Carbon database where authorization information is stored internally.
  • Your company database where users/roles reside.

Therefore, the user-mgt.xml file must contain details for two database connections. The connection details mentioned earlier are used by the authorization manager. If we specify another set of database connection details inside the UserStoreManager, it reads/writes users to that database. The following are step-by-step guidelines for connecting to an internal and external JDBC user store in read-only mode:

  1. Uncomment the following section in <PRODUCT_HOME>/repository/conf/user-mgmt.xml:

    <UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">

    The following are samples for the internal and external JDBC user store configuration:

    The sample for the external JDBC user store consists of properties pertaining to various SQL statements. This is because the schema may be different for an external user store, and these adjustments need to be made in order to streamline the configurations with WSO2 products.

    You can define a data source in <PRODUCT_HOME>/repository/conf/datasources/master-datasources.xml and refer to it from the user-mgt.xml file. This takes the properties defined in the master-datasources.xml file and reuses them in the user-mgt.xml file. To do this, you need to define the following property:

    <Property   name = "dataSource">jdbc/WSO2CarbonDB</Property>

  2. Find a valid user that resides in the RDBMS. For example, say a valid username is AdminSOA. Update the Admin user section of your configuration as follows. You do not have to update the password element; leave it as is.

    <AdminUser>
   <UserName>AdminSOA</UserName>
   <Password>XXXXXX</Password>
</AdminUser>

  3. Add the PasswordHashMethod property to the UserStoreManager configuration for JDBCUserStoreManager. For example:

    <UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
     <Property name="PasswordHashMethod">SHA</Property>
     ...
</UserStoreManager>

    The PasswordHashMethod property specifies how the password should be stored. It usually has the following values:


    • SHA - Uses SHA digest method.
    • MD5 - Uses MD 5 digest method.
    • PLAIN_TEXT - Plain text passwords.

    In addition, it also supports all digest methods in http://docs.oracle.com/javase/6/docs/api/java/security/MessageDigest.html.

  4. Update the connection details found within the <UserStoreManager> class based on your preferences. 

  5. In the realm configuration section, set the value of the MultiTenantRealmConfigBuilder property to org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder. For example:

    <Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder</Property>
  6. Add the JDBC driver to the classpath by copying its JAR file into the <PRODUCT_HOME>/repository/components/lib directory.
  7. Edit the SQLs in the user-mgt.xml file according to your requirements, and then start the server.
  • No labels