français

jGuard

• overview
• licence
• useful links
• quick start guide
• which jGuard authentication configuration?
• faq
• 0.64 web site (old)
• api (0.65)

jGuard install on j2ee

1. required librairies
2. AccessFilter and web.xml
3. integrate jGuard in your jsp
4. integrate jGuard in your servlets

Login Modules

• XmlLoginModule
• OracleLoginModule
• PostgreSQLLoginModule
• MySQLLoginModule
• DB2LoginModule
• SQLServerLoginModule

Authorization Managers

• XmlAuthorizationManager
• OracleAuthorizationManager
• PostgreSQLAuthorizationManager
• MySQLAuthorizationManager
• DB2AuthorizationManager
• SQLServerAuthorizationManager

Advanced jGuard

jGuard install on jvm

1. java.home
2. libraries and bootclasspath
3. java.security
4. jGuard.loginScheme
5. jGuard.policy

• jGuard and the SecurityManager

PostgreSQLAuthorizationManager

AuthorizationManager implementations are dedicated to the webapp developer. this AuthorizationManager implementation permits an PostgreSQL database-based authorization method.

1. PostgreSQLAuthorizationManager parameters

The corresponding DTD (jGuardPrincipalsPermissions_x.xx.dtd), must be in the same directory.

• permissionManager

  values

  net.sf.jguard.authorization.PostgreSQLAuthorizationManager

  description

  this parameter must be placed in the AccessFilter parameters list, in the web.xml file. It refers to the PostgreSQL AuthorizationManager implementation.

  example

      .....
          <init-param>
              <param-name>permissionManager</param-name>
              <param-value>net.sf.jguard.authorization.PostgreSQLAuthorizationManager</param-value>
              <description>class which handle to collect permissionsCollection</description>
          </init-param>
      .....
      

• authorizationDriver

  values

  org.postgresql.Driver

  description

  this parameter must be placed in the AccessFilter parameters list, in the web.xml file. It refers to the PostgreSQL implementation of the java.sql.Driver interface.

  example

      .....
          <init-param>
              <param-name>authorizationDriver</param-name>
              <param-value>org.postgresql.Driver</param-value>
              <description>jdbc driver for authorizations</description>
          </init-param>    ....
      

• authorizationUrl

  values

  any JDBC compliant url

  description

  this parameter permits to establish a database connection.

  example

      .....
          <init-param>
              <param-name>authorizationUrl</param-name>
              <param-value>jdbc:postgresql://192.168.0.6:5434/dbName</param-value>
              <description>jdbc url for authorizations</description>
          </init-param>
      ....
      

• authorizationLogin

  values

  any value

  description

  this parameter is the login value used to establish the connection.

  example

      .....
          <init-param>
              <param-name>authorizationLogin</param-name>
              <param-value>system</param-value>
              <description>login to establish authorizations connection</description>
          </init-param>
      ....
      

• authorizationPassword

  values

  any value

  description

  this parameter is the password value used to establish the connection.

  example

      .....
          <init-param>
              <param-name>authorizationPassword</param-name>
              <param-value>manager</param-value>
              <description>password to establish authorizations connection</description>
          </init-param>
      ....
      

• debug

  values

  true or false

  description

  enable debug information with the true value.

  example

      .....
          <init-param>
              <param-name>debug</param-name>
              <param-value>false</param-value>
              <description>enable debug with true to trace authorization settings</description>
          </init-param>
      ....
      

2. SQL installation script

alter table jg_role_permission drop constraint fk_permission_role;
alter table jg_role_permission drop constraint fk_role_permission;
alter table jg_urlquery drop constraint fk_permission_parameter;
alter table jg_permission drop constraint fk_permission_domain;

drop table jg_role_domain;
drop table jg_role_permission;
drop table jg_urlquery;
drop table jg_app_role;
drop table jg_permission;
drop table jg_domain;

drop sequence jg_urlquery_seq;
drop sequence jg_app_role_seq;
drop sequence jg_domain_seq;
drop sequence jg_permission_seq;


create table jg_role_domain (
   domain_name varchar(255) ,
   role_name varchar(255),
   primary key (role_name, domain_name)
);

create table jg_role_permission (
   permission_name varchar(255),
   role_name  varchar(255),
   primary key (role_name, permission_name)
);
create table jg_urlquery (
   id int8 not null,
   parameter varchar(255),
   value varchar(255),
   permission_name  varchar(255),
   primary key (id)
);
-- role declared for the application
create table jg_app_role (
   name varchar(255),
   primary key (name)
);

create table jg_domain(
  name varchar(255),
  primary key(name)
);

create table jg_permission (
   name varchar(255) ,
   uri varchar(255),
   description varchar(255),
   scheme varchar(5),
   domain_name varchar(255),
   primary key (name)
);

-- add constraints
alter table jg_role_permission add constraint fk_permission_role foreign key (role_name) references jg_app_role;
alter table jg_role_permission add constraint fk_role_permission foreign key (permission_name) references jg_permission;

alter table jg_role_domain add constraint fk_domain_role foreign key (role_name) references jg_app_role;
alter table jg_role_domain add constraint fk_role_domain foreign key (domain_name) references jg_domain;

alter table jg_urlquery add constraint fk_permission_parameter foreign key (permission_name) references jg_permission;
alter table jg_permission add constraint fk_permission_domain foreign key (domain_name) references jg_domain;

--create sequences
create sequence jg_urlquery_seq;
create sequence jg_app_role_seq;
create sequence jg_permission_seq;
create sequence jg_domain_seq;