français

jGuard

• overview
• licence
• useful links
• quick start guide
• which jGuard authentication configuration?
• faq
• 0.64 web site (old)
• api (0.65)

jGuard install on j2ee

1. required librairies
2. AccessFilter and web.xml
3. integrate jGuard in your jsp
4. integrate jGuard in your servlets

Login Modules

• XmlLoginModule
• OracleLoginModule
• PostgreSQLLoginModule
• MySQLLoginModule
• DB2LoginModule
• SQLServerLoginModule

Authorization Managers

• XmlAuthorizationManager
• OracleAuthorizationManager
• PostgreSQLAuthorizationManager
• MySQLAuthorizationManager
• DB2AuthorizationManager
• SQLServerAuthorizationManager

Advanced jGuard

jGuard install on jvm

1. java.home
2. libraries and bootclasspath
3. java.security
4. jGuard.loginScheme
5. jGuard.policy

• jGuard and the SecurityManager

PostgreSQLAuthorizationManager

Les implémentations de AuthorizationManager sont dédiées au développeur de webapp. Cette implémentation de AuthorizationManager permet une méthode d'autorisation basée sur la base de données PostgreSQL.

1. PostgreSQLAuthorizationManager paramètres

La DTD (jGuardPrincipalsPermissions_x.xx.dtd), doit être placée dans le même répertoire. Ces paramètres doivent être placés dans la liste de paramètres de l'AccessFilter situé dans le fichier web.xml.

• permissionManager

  valeurs

  net.sf.jguard.authorization.PostgreSQLAuthorizationManager

  description

  Il configure l'utilisation de l'implémentation PostgreSQL du AuthorizationManager.

  exemple

      .....
          <init-param>
              <param-name>permissionManager</param-name>
              <param-value>net.sf.jguard.authorization.PostgreSQLAuthorizationManager</param-value>
              <description>class which handle to collect permissionsCollection</description>
          </init-param>
      .....
      

• authorizationDriver

  valeurs

  org.postgresql.Driver

  description

  Il indique l'implementation PostgreSQL de l'interface java.sql.Driver.

  exemple

      .....
          <init-param>
              <param-name>authorizationDriver</param-name>
              <param-value>org.postgresql.Driver</param-value>
              <description>jdbc driver for authorizations</description>
          </init-param>    ....
      

• authorizationUrl

  valeurs

  any JDBC compliant url

  description

  Ce paramètre permet d'établir une connexion à la base de données.

  exemple

      .....
          <init-param>
              <param-name>authorizationUrl</param-name>
              <param-value>jdbc:postgresql://192.168.0.6:5434/dbName</param-value>
              <description>jdbc url for authorizations</description>
          </init-param>
      ....
      

• authorizationLogin

  valeurs

  toute valeur

  description

  this paramètre est l'identifiant utilisé pour établir la connexion.

  example

      .....
          <init-param>
              <param-name>authorizationLogin</param-name>
              <param-value>system</param-value>
              <description>login to establish authorizations connection</description>
          </init-param>
      ....
      

• authorizationPassword

  valeurs

  toute valeur

  description

  Ce paramètre est le mot de passe the utilisé pour établir la connexion.

  exemple

      .....
          <init-param>
              <param-name>authorizationPassword</param-name>
              <param-value>manager</param-value>
              <description>password to establish authorizations connection</description>
          </init-param>
      ....
      

• debug

  valeurs

  true or false

  description

  permet l'affichae d'informations de debug avec la valeur true.

  exemple

      .....
          <init-param>
              <param-name>debug</param-name>
              <param-value>false</param-value>
              <description>enable debug with true to trace authorization settings</description>
          </init-param>
      ....
      

2. script d'installation SQL

alter table jg_role_permission drop constraint fk_permission_role;
alter table jg_role_permission drop constraint fk_role_permission;
alter table jg_urlquery drop constraint fk_permission_parameter;
alter table jg_permission drop constraint fk_permission_domain;

drop table jg_role_domain;
drop table jg_role_permission;
drop table jg_urlquery;
drop table jg_app_role;
drop table jg_permission;
drop table jg_domain;

drop sequence jg_urlquery_seq;
drop sequence jg_app_role_seq;
drop sequence jg_domain_seq;
drop sequence jg_permission_seq;


create table jg_role_domain (
   domain_name varchar(255) ,
   role_name varchar(255),
   primary key (role_name, domain_name)
);

create table jg_role_permission (
   permission_name varchar(255),
   role_name  varchar(255),
   primary key (role_name, permission_name)
);
create table jg_urlquery (
   id int8 not null,
   parameter varchar(255),
   value varchar(255),
   permission_name  varchar(255),
   primary key (id)
);
-- role declared for the application
create table jg_app_role (
   name varchar(255),
   primary key (name)
);

create table jg_domain(
  name varchar(255),
  primary key(name)
);

create table jg_permission (
   name varchar(255) ,
   uri varchar(255),
   description varchar(255),
   scheme varchar(5),
   domain_name varchar(255),
   primary key (name)
);

-- add constraints
alter table jg_role_permission add constraint fk_permission_role foreign key (role_name) references jg_app_role;
alter table jg_role_permission add constraint fk_role_permission foreign key (permission_name) references jg_permission;

alter table jg_role_domain add constraint fk_domain_role foreign key (role_name) references jg_app_role;
alter table jg_role_domain add constraint fk_role_domain foreign key (domain_name) references jg_domain;

alter table jg_urlquery add constraint fk_permission_parameter foreign key (permission_name) references jg_permission;
alter table jg_permission add constraint fk_permission_domain foreign key (domain_name) references jg_domain;

--create sequences
create sequence jg_urlquery_seq;
create sequence jg_app_role_seq;
create sequence jg_permission_seq;
create sequence jg_domain_seq;