Default JDBC User Store Configuration
- Former user (Deleted)
- Former user (Deleted)
The default JDBC user store reads/writes into the internal database of the Carbon server. Internal JDBC user stores can be configured using <PRODUCT_HOME>/repository/conf/user-mgt.xml file's JDBCUserStoreManager configuration section.
The default configuration is shown below. Change the values according to your requirements. Note that the order in which the properties are listed does not impact their usage in the system.
<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager">
<Property name="ReadOnly">false</Property>
<Property name="MaxUserNameListLength">100</Property>
<Property name="IsEmailUserName">false</Property>
<Property name="DomainCalculation">default</Property>
 <Property name="PasswordDigest">SHA-256</Property>
<Property name="StoreSaltedPassword">true</Property>
<Property name="UserNameUniqueAcrossTenants">false</Property>
<Property name="PasswordJavaRegEx">[\S]{5,30}$</Property>
<Property name="PasswordJavaScriptRegEx">[\\S]{5,30}</Property>
<Property name="UsernameJavaRegEx">^[^~!#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property>
<Property name="UsernameJavaScriptRegEx">[\\S]{3,30}</Property>
<Property name="RolenameJavaRegEx">^[^~!@#$;%^*+={}\\|\\\\<>,\'\"]{3,30}$</Property>
<Property name="RolenameJavaScriptRegEx">[\\S]{3,30}</Property>
<Property name="UserRolesCacheEnabled">true</Property>
</UserStoreManager>
The main elements of the above configuration are described below.
Property Name | Description |
|---|---|
ReadOnly | Indicates whether the user store of this realm operates in the user read only mode or not. |
MaxUserNameListLength | Maximum number of users retrieved at once by user real. |
IsEmailUserName | Indicates whether the email is used as username (apply when realm operates in read only mode). |
DomainCalculation | Can be either default or custom (apply when realm operates in read only mode). |
PasswordDigest | Digesting algorithm of the password. Has values such as PLAIN_TEXT, SHA etc. |
StoreSaltedPassword | Indicates whether to salt the password. |
UserNameUniqueAcrossTenants | An attribute used for multi-tenancy. |
PasswordJavaRegEx | A regular expression to validate passwords. By default, strings having length 5 to 30 non-empty characters are allowed. |
PasswordJavaScriptRegEx | The regular expression used by the font-end components for password validation. |
UsernameJavaRegEx | A regular expression to validate usernames. By default, strings having length 5 to 30 non-empty characters are allowed. |
| UsernameJavaScriptRegEx | The regular expression used by the font-end components for username validation. |
RolenameJavaRegEx | A regular expression to validate role names. By default, strings having length 5 to 30 non-empty characters are allowed. |
RolenameJavaScriptRegEx | The regular expression used by the font-end components for role name validation. |
UserRolesCacheEnabled | This is to indicate whether to cache the role list of a user. By default it is 'true'. Set it to 'false' if user-roles are changed by external means and those changes should be instantly reflected in the Carbon instance. |
In addition to the above properties, set the following also in the <PRODUCT_HOME>/repository/conf/user-mgt.xml file.
MultiTenantRealmConfigBuilderproperty should be set toorg.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder. For example,<Property name="MultiTenantRealmConfigBuilder">org.wso2.carbon.user.core.config.multitenancy.SimpleRealmConfigBuilder</Property>
This property is described in section Realm ConfigurationAdd a property by the name
passwordHashMethodtoJDBCUserStoreManager default configuration shown above and set the value to 'SHA' or 'PLAIN_TEXT'. For example,<UserStoreManager class="org.wso2.carbon.user.core.jdbc.JDBCUserStoreManager"> ... <Property name="passwordHashMethod">SHA</Property> ... </UserStoreManager>Go to
$PRODUCT_HOME/repository/conf/tenant-mgt.xmlfile and comment out theCommonHybridLDAPTenantManagerthat is used by default and remove the comment forÂJDBCTenantManager. For example,<TenantManager class="org.wso2.carbon.user.core.tenant.JDBCTenantManager"></TenantManager>