...
System administrators can implement database authentication manually, using a separate database to the JobScheduler(s) and, if required, a separate DBMSthe tables stored in the reporting database.
The JOC Cockpit configuration required to use database authentication is described in this section along with an example set of database tables. System administrators have to configure and maintain the database and tables manually as well as their query strings - there is neither a GUI available for this nor is batch support provided. The user management in the JOC Cockpit can not be used, when users and roles are stored in the database.
The [users] and [roles] sections of the shiro.ini file can be deleted or completely commented out when database authentication is to be used. Please note that until 1.13.4 there must be empty sections for users and roles.
The information required in the [main] section for database authentication is shown in the following listing:
Hibernate is used to access the database - in the example listed above an Oracle database is specified. System administrators must organize the necessary configuration information to address the database to be used to store authentication information themselves.
It should only be necessary for system administrators to modify two parts of this section of the shiro.ini file:
- the location of the Hibernate configuration file in line 3 of the listing,
- the default timeout setting, which is in the example is 15 minutes (specified in milliseconds as shown).
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
[users]
[roles]
[main]
hibernateRealm = com.sos.auth.shiro.SOSHibernateAuthorizingRealm
| ||||||
| Code Block | ||||||
| ||||||
[main] hibernateRealm = com.sos.dialog.auth.SOSHibernateAuthorizingRealm hibernateRealm.hibernateConfigurationFile=C:\Users\userName\Documents\sos-berlin.com\jobscheduler\scheduler_current\config\hibernate.cfg.oracle.xml securityManager.realms = $hibernateRealm cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $cacheManager securityManager.sessionManager.globalSessionTimeout = 900000 |
Hibernate is used to access the database - in the example listed above an Oracle database is specified. System administrators must organize the necessary configuration information to address the database to be used to store authentication information themselves.
It should only be necessary for system administrators to modify two parts of this section of the shiro.ini file:
...
$cacheManager
securityManager.sessionManager.globalSessionTimeout = 900000 |
Maintenance and Security Considerations
...
The following table names and structure have to be used when configuring database authentication:
Table of User Names and Passwords (SOS_USER) - Structure
| COLUMN_NAME | DATA_TYPE | NULLABLE | DATA_DEFAULT | COLUMN_ID | COMMENTS | |
|---|---|---|---|---|---|---|
| 1 | ID | NUMBER(9,0) | No | (null) | 1 | (null) |
| 2 | SOS_USER_NAME | VARCHAR2(250 BYTE) | Yes | (null) | 2 | (null) |
| 3 | SOS_USER_PASSWORD | VARCHAR2(250 BYTE) | Yes | (null) | 3 | (null) |
Table of User Names and Passwords (SOS_USER) - Contents
The password is stored MD5 encrypted. E.g. secret is 5ebe2294ecd0e0f08eab7690d2a6ee69
| ID | SOS_USER_NAME | SOS_USER_PASSWORD | |
|---|---|---|---|
| 1 | 1 | administrator |
...
| 5ebe2294ecd0e0f08eab7690d2a6ee69 | ||
| 2 | 2 | application_manager |
...
| 5ebe2294ecd0e0f08eab7690d2a6ee69 | ||
| 3 | 3 | it_operator |
...
| 5ebe2294ecd0e0f08eab7690d2a6ee69 | ||
| 4 | 4 | incident_manager |
...
| 5ebe2294ecd0e0f08eab7690d2a6ee69 | ||
| 5 | 5 | business_user |
...
| 5ebe2294ecd0e0f08eab7690d2a6ee69 | ||
| 6 | 6 | api_user |
...
| 5ebe2294ecd0e0f08eab7690d2a6ee69 | |||
| 7 | 7 | root | 63a9f0ea7bb98050796b649e85481845 |
Table of Roles (SOS_USER_ROLE) - Structure
...
| COLUMN_NAME | DATA_TYPE | NULLABLE | DATA_DEFAULT |
|---|---|---|---|
| ID | NUMBER(9,0) | No | (null) |
| SOS_USER_ROLE |
...
| VARCHAR2(250 BYTE) | Yes | (null) |
Table mapping users to roles
| COLUMN_NAME | DATA_TYPE | NULLABLE | DATA_DEFAULT |
|---|
...
| ID |
...
| NUMBER(9,0) | No | (null) |
| ROLE_ID | NUMBER(9,0) |
...
| Yes | (null) |
...
| USER_ |
...
| ID |
...
| NUMBER(9,0) | Yes |
...
...
| (null) |
Table of Roles (SOS_USER_ROLE) - Contents
| ID | SOS_USER_ROLE |
|---|---|
| 1 | administrator |
| 2 | application_manager |
| 3 | it_operator |
| 4 | incident_manager |
| 5 | business_user |
| 6 | api_user |
| 7 | all |
Table Mapping
...
users and roles to Permissions (SOS_USER_PERMISSION) - Structure
| COLUMN_NAME | DATA_TYPE | NULLABLE | DATA_DEFAULT |
|---|
...
| ID |
...
| NUMBER(9,0) | No |
...
| (null) | |||
| ROLE_ID | NUMBER(9,0) | Yes | (null) |
...
...
| USER_ID | NUMBER(9,0) | Yes | (null) |
...
| SOS_USER_ |
...
| PERMISSION | VARCHAR2(250 BYTE) | Yes |
...
| (null) |
Table Mapping Roles to Permissions (SOS_USER_PERMISSION) - Contents
| ID | ROLE_ID | USER_ID | SOS_USER_PERMISSION |
|---|---|---|---|
| 1 | 1 | 7 | (null) |
| 2 | 2 | 1 | (null) |
| 3 | 1 | (null) | sos:products |
| 4 | 2 | (null) | sos:products:joc_cockpit:jobscheduler_master:view |
| 5 | 2 | (null) | sos:products:joc_cockpit:jobscheduler_master:pause |
| 6 | 2 | (null) | sos:products:joc_cockpit:jobscheduler_master:continue |
| 7 | 2 | (null) | sos:products:joc_cockpit:jobscheduler_master:restart |
| 8 | 2 | (null) | sos:products:joc_cockpit:jobscheduler_master:terminate |
| 9 | 2 | (null) | sos:products:joc_cockpit:jobscheduler_master:abort |
| 10 | 2 | (null) | sos:products:joc_cockpit:jobscheduler_master_cluster |
| 11 | 2 | (null) | sos:products:joc_cockpit:jobscheduler_universal_agent |
Shown are the default permissions for user root (ID=7) mapped to role all (ID=1) and user administrator (ID=1) mapped to role administrator (ID=2).
[folders] Configuration
| Display feature availability | ||
|---|---|---|
|
...