The internal JDBC user store reads/writes into the default database of the carbon server. Internal JDBC user stores can be configured using <PRODUCT_HOME>/repository/conf/user-mgt.xml file's internal JDBC user store configuration section.
The default configuration is shown below. Change the values according to your requirements.
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"> <Property name="ReadOnly">false</Property> <Property name="MaxUserNameListLength">100</Property> <Property name="IsEmailUserName">false</Property> <Property name="DomainCalculation">default</Property> <Property name="PasswordDigest">SHA-256</Property> <Property name="StoreSaltedPassword">true</Property> <Property name="UserNameUniqueAcrossTenants">false</Property> <Property name="PasswordJavaRegEx">[\S]{5,30}$</Property> <Property name="PasswordJavaScriptRegEx">[\\S]{5,30}</Property> <Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property> <Property name="UsernameJavaScriptRegEx">[\\S]{3,30}</Property> <Property name="RolenameJavaRegEx">^[^~!@#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property> <Property name="RolenameJavaScriptRegEx">[\\S]{3,30}</Property> <Property name="UserRolesCacheEnabled">true</Property> </UserStoreManager>
The main elements of the above configuration are described below.
Property Name | Description |
---|---|
ReadOnly | Indicates whether the user store of this realm operates in the user read only mode or not. |
MaxUserNameListLength | Maximum number of users retrieved at once by user real. |
IsEmailUserName | Indicates whether Email is used as user name (apply when realm operates in read only mode). |
DomainCalculation | Can be either default or custom (apply when realm operates in read only mode). |
PasswordDigest | Digesting algorithm of the password. Has values such as PLAIN_TEXT, SHA etc. |
StoreSaltedPassword | Indicates whether to salt the password. |
UserNameUniqueAcrossTenants | An attribute used for multi-tenancy. |
PasswordJavaRegEx | A regular expression to validate passwords. By default, strings having length 5 to 30 non-empty characters are allowed. |
PasswordJavaScriptRegEx | The regular expression used by the font-end components for password validation. |
UsernameJavaRegEx | A regular expression to validate usernames. By default, strings having length 5 to 30 non-empty characters are allowed. |
UsernameJavaScriptRegEx | The regular expression used by the font-end components for username validation. |
RolenameJavaRegEx | A regular expression to validate rolenames. By default, strings having length 5 to 30 non-empty characters are allowed. |
RolenameJavaScriptRegEx | The regular expression used by the font-end components for rolename validation. |
UserRolesCacheEnabled | This is to indicate whether to cache the role list of a user. By default it is 'true'. Set it to 'falese' if user-roles are changed by external means and those changes should be instantly reflected in the carbon instance. |
In addition to the above properties, set the following also in <PRODUCT_HOME>/repository/conf/user-mgt.xml file.
1. 'MultiTenantRealmConfigBuilder' property should be set to 'org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder'. For example,
<Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder</Property>
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"> ... <Property name="passwordHashMethod">SHA</Property> ... </UserStoreManager>
3. Go to $PRODUCT_HOME/repository/conf/tenant-mgt.xml file and comment out the 'CommonHybridLDAPTenantManager' which is used by default and uncomment JDBCTenantManager. For example,
<TenantManager class="org.wso2.carbon.user.core.tenant.JDBCTenantManager"></TenantManager>