Integrating JGuard with Database
Status: Beta
Brought to you by:
diabolo512
Menu
▾
▴
Hello,
I'm able to launch the JGuard Example app. Now i'm trying to integrate with Oracle Database and I have the following questions.
1. authentication and authorization is done using DB - which means we will have the user information and user-role mapping information in the DB. From the authorization.oracle.properties file, i see that the Roles and Role-Permission are also defined in the DB, in that case why do we need jGuardPrincipalsPermissions.xml?
2. Is there a way we can change the DB structure of the tables? Atleast the User Table. Or if need any other (extra) information in User table, should i create a new table to store these information with foreign key as the User_Id?
3. Is it possible to change the table names? Because my project have some rectrictions on table names
4. Using JGuard, I can achieve authentication and authorization. Also I can add/update/delete permissions. Please correct me if i'm wrong
Thanks for your help!
1. You don't need the jGuardPrincipalsPermissions.xml in that case. This file is the backend of XML base authorization only.
2. You can use the subjectTemplate to compose a subject with extra data. You can supose that any information related to a user is a credential (public or private). Note that you don't need to change the DB structure to do it. But if you want change the DB structure by another reason, you can. Just rewrite the SQL queries from the properties file.
3. Yes again. Change the SQL queries from the oracle properties files and it is done!
4. You are right! You can do CRUD operations on permissions, roles and users through a WEB interface provided with the jGuard or make your own interface. All of those operations are independents of the storage technology.
[]'s
Vinícius Pitta Lima de Araújo
QUOTE:
>3. Yes again. Change the SQL queries from the oracle properties files and it is done! <
Hi,
maybe I just have overread the relevant passages in the forum. Sorry, if so. At the moment I use jguard 1.0.3.
What I have understood from this thread is, that I can change the table names in the case of the usage of a JDBCAuthenticationManager (chnage takes place in the corresponding .properties file).
OK. now my question:
Can I also change the column names? I would be very interested to know because I do have to integrate an already (damned hardcoded and) existing user table.
Please help, any hint appreciated.
Regards, Christian
Hi,
initially, the column name was the reference.
but in last releases, the column order 'should' be the only reference.
so, it should be possible to change the column name, but keep the column type and order in the SQL statement present in the properties file.
hope it helps,
charles.
> 4. You are right! You can do CRUD operations on permissions, roles and users through a WEB interface provided with the jGuard or make your own interface. All of those operations are independents of the storage technology.
Where is this maintenance example placed within jGuard?
I tried the struts example where you can do some of these things within but it is producing Exceptions on most of the operations and it is not very self explaining (since I do not know how to create a role containing some "permissions" [principals?] to do sth. and attach this role to a user as well as to attach a permission to this role which can be evaluated within a web app - a short tutorial on doing this with jGuard or using jGuard to do this for personal needs would be very great and helpful!).
Best Regards
Hi,
"Where is this maintenance example placed within jGuard? "
=> it is present in the webapp called jGuard-struts-example.
about the tutorial,you're right, it would be very useful.
i've added your request here:
https://sourceforge.net/tracker/index.php?func=detail&aid=1793864&group_id=107276&atid=647958
thanks for your feedback!
cheers,
Charles.
Hello,
another question on this:
Can I adjust the table layout in order to have another principal structure with no app name and no class name but a permission name/code that can be checked within the application?
Or generally asked: What is necessary (if even possible) to adjust jguard and its DB-layout to other needs regarding authorization?
Or is the better approach to use the jguard DB-layout and adjust the permissions the project needs in some way to it?
But if so: How is the class name within the table jg_principal used within jguard?
Best Regards
Hi,
the easier way is to follow the jguard structure.
but if you need to have a different structure, you have to crete your own Loginmodule and AuthorizationManager/authenticationManager.
you can look towards JdbcLoginModule, JDBCAuthorizationManager and JDBCAuthenticationManager classes to see how they deal with databases.
about the classname, it is used to invoke dynamically the required permissions.
so, any subclass of java.security.permission are supported.
hope it helps,
Charles.