français

jGuard

• overview
• licence
• useful links
• quick start guide
• which jGuard authentication configuration?
• faq
• 0.64 web site (old)
• api (0.65)

jGuard install on j2ee

1. required librairies
2. AccessFilter and web.xml
3. integrate jGuard in your jsp
4. integrate jGuard in your servlets

Login Modules

• XmlLoginModule
• OracleLoginModule
• PostgreSQLLoginModule
• MySQLLoginModule
• DB2LoginModule
• SQLServerLoginModule

Authorization Managers

• XmlAuthorizationManager
• OracleAuthorizationManager
• PostgreSQLAuthorizationManager
• MySQLAuthorizationManager
• DB2AuthorizationManager
• SQLServerAuthorizationManager

Advanced jGuard

jGuard install on jvm

1. java.home
2. libraries and bootclasspath
3. java.security
4. jGuard.loginScheme
5. jGuard.policy

• jGuard and the SecurityManager

MySQLAuthorizationManager

Les implémentations de AuthorizationManager sont dédiées au développeur de webapp. Cette implémentation de AuthorizationManager permet une méthode d'autorisation basée sur la base de données MySQL.

1. MySQLAuthorizationManager paramètres

La DTD (jGuardPrincipalsPermissions_x.xx.dtd), doit être placée dans le même répertoire. Ces paramètres doivent être placés dans la liste de paramètres de l'AccessFilter situé dans le fichier web.xml.

• permissionManager

  valurs

  net.sf.jguard.authorization.MySQLAuthorizationManager

  description

  Il configure l'utilisation de l'implémentation MySQL du AuthorizationManager.

  exemple

      .....
          <init-param>
              <param-name>permissionManager</param-name>
              <param-value>net.sf.jguard.authorization.MySQLAuthorizationManager</param-value>
              <description>class which handle to collect permissionsCollection</description>
          </init-param>
      .....
      

• authorizationDriver

  valeurs

  com.mysql.jdbc.Driver

  description

  Il indique l'implementation MySQL de l'interface java.sql.Driver.

  exemple

      .....
          <init-param>
              <param-name>authorizationDriver</param-name>
              <param-value>com.mysql.jdbc.Driver</param-value>
              <description>jdbc driver for authorizations</description>
          </init-param>    ....
      

• authorizationUrl

  valeurs

  any JDBC compliant url

  description

  Ce paramètre permet d'établir une connexion à la base de données.

  exemple

      .....
          <init-param>
              <param-name>authorizationUrl</param-name>
              <param-value>jdbc:mysql://mysweethome.net/diabolo</param-value>
              <description>jdbc url for authorizations</description>
          </init-param>
      ....
      

• authorizationLogin

  valeurs

  toute valeur

  description

  this paramètre est l'identifiant utilisé pour établir la connexion.

  example

      .....
          <init-param>
              <param-name>authorizationLogin</param-name>
              <param-value>system</param-value>
              <description>login to establish authorizations connection</description>
          </init-param>
      ....
      

• authorizationPassword

  valeurs

  toute valeur

  description

  Ce paramètre est le mot de passe the utilisé pour établir la connexion.

  exemple

      .....
          <init-param>
              <param-name>authorizationPassword</param-name>
              <param-value>manager</param-value>
              <description>password to establish authorizations connection</description>
          </init-param>
      ....
      

• debug

  valeurs

  true or false

  description

  permet l'affichae d'informations de debug avec la valeur true.

  exemple

      .....
          <init-param>
              <param-name>debug</param-name>
              <param-value>false</param-value>
              <description>enable debug with true to trace authorization settings</description>
          </init-param>
      ....
      

2. script d'installation SQL

alter table jg_role_permission drop foreign key fk_permission_role;
alter table jg_role_permission drop foreign key fk_role_permission;
alter table jg_urlquery drop foreign key fk_permission_parameter;
alter table jg_permission drop foreign key fk_permission_domain;

drop table if exists jg_role_domain;
drop table if exists jg_role_permission;
drop table if exists jg_urlquery;
drop table if exists jg_app_role;
drop table if exists jg_permission;
drop table if exists jg_domain;


create table jg_role_domain (
   domain_name varchar(249) not null,
   role_name varchar(249) not null,
   primary key (role_name, domain_name)
);


create table jg_role_permission (
   permission_name varchar(249) not null,
   role_name varchar(249) not null,
   primary key (role_name, permission_name)
);
create table jg_urlquery (
   urlquery_id bigint not null auto_increment,
   parameter varchar(249),
   value varchar(249),
   permission_name varchar(249),
   primary key (urlquery_id)
);
create table jg_app_role (
   name varchar(249),
   primary key (name)
);


create table jg_domain(
  name varchar(249),
  primary key(name)
);

create table jg_permission (
   name varchar(249) not null,
   uri varchar(249),
   description varchar(249),
   scheme varchar(5),
   domain_name varchar(249),
   primary key (name)
);

alter table jg_role_permission add constraint fk_permission_role foreign key (role_name) references jg_app_role(name);
alter table jg_role_permission add constraint fk_role_permission foreign key (permission_name) references jg_permission(name);
alter table jg_role_domain add constraint fk_domain_role foreign key (role_name) references jg_app_role(name);
alter table jg_role_domain add constraint fk_role_domain foreign key (domain_name) references jg_domain(name);

alter table jg_urlquery add constraint fk_permission_parameter foreign key (permission_name) references jg_permission(name);
alter table jg_permission add constraint fk_permission_domain foreign key (domain_name) references jg_domain(name);