français

jGuard

• overview
• licence
• useful links
• quick start guide
• which jGuard authentication configuration?
• faq
• 0.64 web site (old)
• api (0.65)

jGuard install on j2ee

1. required librairies
2. AccessFilter and web.xml
3. integrate jGuard in your jsp
4. integrate jGuard in your servlets

Login Modules

• XmlLoginModule
• OracleLoginModule
• PostgreSQLLoginModule
• MySQLLoginModule
• DB2LoginModule
• SQLServerLoginModule

Authorization Managers

• XmlAuthorizationManager
• OracleAuthorizationManager
• PostgreSQLAuthorizationManager
• MySQLAuthorizationManager
• DB2AuthorizationManager
• SQLServerAuthorizationManager

Advanced jGuard

jGuard install on jvm

1. java.home
2. libraries and bootclasspath
3. java.security
4. jGuard.loginScheme
5. jGuard.policy

• jGuard and the SecurityManager

MySQLAuthorizationManager

AuthorizationManager implementations are dedicated to the webapp developer. this AuthorizationManager implementation permits an MySQL database-based authorization method.

1. MySQLAuthorizationManager parameters

The corresponding DTD (jGuardPrincipalsPermissions_x.xx.dtd), must be in the same directory.

• permissionManager

  values

  net.sf.jguard.authorization.MySQLAuthorizationManager

  description

  this parameter must be placed in the AccessFilter parameters list, in the web.xml file. It refers to the MySQL AuthorizationManager implementation.

  example

      .....
          <init-param>
              <param-name>permissionManager</param-name>
              <param-value>net.sf.jguard.authorization.MySQLAuthorizationManager</param-value>
              <description>class which handle to collect permissionsCollection</description>
          </init-param>
      .....
      

• authorizationDriver

  values

  com.mysql.jdbc.Driver

  description

  this parameter must be placed in the AccessFilter parameters list, in the web.xml file. It refers to the MySQL implementation of the java.sql.Driver interface.

  example

      .....
          <init-param>
              <param-name>authorizationDriver</param-name>
              <param-value>com.mysql.jdbc.Driver</param-value>
              <description>jdbc driver for authorizations</description>
          </init-param>    ....
      

• authorizationUrl

  values

  any JDBC compliant url

  description

  this parameter permits to establish a database connection.

  example

      .....
          <init-param>
              <param-name>authorizationUrl</param-name>
              <param-value>jdbc:mysql://mysweethome.net/diabolo</param-value>
              <description>jdbc url for authorizations</description>
          </init-param>
      ....
      

• authorizationLogin

  values

  any value

  description

  this parameter is the login value used to establish the connection.

  example

      .....
          <init-param>
              <param-name>authorizationLogin</param-name>
              <param-value>system</param-value>
              <description>login to establish authorizations connection</description>
          </init-param>
      ....
      

• authorizationPassword

  values

  any value

  description

  this parameter is the password value used to establish the connection.

  example

      .....
          <init-param>
              <param-name>authorizationPassword</param-name>
              <param-value>manager</param-value>
              <description>password to establish authorizations connection</description>
          </init-param>
      ....
      

• debug

  values

  true or false

  description

  enable debug information with the true value.

  example

      .....
          <init-param>
              <param-name>debug</param-name>
              <param-value>false</param-value>
              <description>enable debug with true to trace authorization settings</description>
          </init-param>
      ....
      

2. SQL installation script

alter table jg_role_permission drop foreign key fk_permission_role;
alter table jg_role_permission drop foreign key fk_role_permission;
alter table jg_urlquery drop foreign key fk_permission_parameter;
alter table jg_permission drop foreign key fk_permission_domain;

drop table if exists jg_role_domain;
drop table if exists jg_role_permission;
drop table if exists jg_urlquery;
drop table if exists jg_app_role;
drop table if exists jg_permission;
drop table if exists jg_domain;


create table jg_role_domain (
   domain_name varchar(249) not null,
   role_name varchar(249) not null,
   primary key (role_name, domain_name)
);


create table jg_role_permission (
   permission_name varchar(249) not null,
   role_name varchar(249) not null,
   primary key (role_name, permission_name)
);
create table jg_urlquery (
   urlquery_id bigint not null auto_increment,
   parameter varchar(249),
   value varchar(249),
   permission_name varchar(249),
   primary key (urlquery_id)
);
create table jg_app_role (
   name varchar(249),
   primary key (name)
);


create table jg_domain(
  name varchar(249),
  primary key(name)
);

create table jg_permission (
   name varchar(249) not null,
   uri varchar(249),
   description varchar(249),
   scheme varchar(5),
   domain_name varchar(249),
   primary key (name)
);

alter table jg_role_permission add constraint fk_permission_role foreign key (role_name) references jg_app_role(name);
alter table jg_role_permission add constraint fk_role_permission foreign key (permission_name) references jg_permission(name);
alter table jg_role_domain add constraint fk_domain_role foreign key (role_name) references jg_app_role(name);
alter table jg_role_domain add constraint fk_role_domain foreign key (domain_name) references jg_domain(name);

alter table jg_urlquery add constraint fk_permission_parameter foreign key (permission_name) references jg_permission(name);
alter table jg_permission add constraint fk_permission_domain foreign key (domain_name) references jg_domain(name);