目前支持的有
At the moment the Tigase server offers following authentication connectors:
- ‘mysql’, ‘pgsql’, ‘derby’ – standard authentication connector used to load user login data from the main user database used by the Tigase server. In fact the same physical implementation is used for all JDBC databases.
- ‘drupal’ – is the authentication connector used to integrate the Tigase server with Drupal CMS.
- ‘libresource’ – is the authentication connector used to integrate the Tigase server with Libresource Collaboration platform.
- ‘tigase-auth’ – is the authentication connector which can be used with any database. It executes stored procedures to perform all actions. Therefore it is a very convenient way to integrate the server with an external database if you don’t want to expose the database structure. You just have to provide a set of stored procedures in the database. While implementing all stored procedures expected by the server might be a bit of work it allows you to hide the database structure and change the SP implementation at any time. You can add more actions on user login/logout without restarting or touching the server. And the configuration on the server side is very simple. For detailed description of this implementation please refer to Tigase Auth documentation.
- ‘tigase-custom’ – is the authentication connector which can be used with any database. Unlike the ‘tigase-auth’ connector it allows you to define SQL queries in the configuration file. The advantage of this implementation is that you don’t have to touch your database. You can use either simple plain SQL queries or stored procedures. The configuration is more difficult as you have to enter carefully all SQL queries in the config file and changing the query usually involves restarting the server. For more details about this implementation and all configuration parameters please refer to Tigase Custom Auth documentation.
1、tigase-custom
需要处理:只需通过init.properties,配置用户数据库和对应的sql语句(或者存储过程)
缺点:很多业务系统都服务化,包括用户系统,直接sql访问有违服务化目的,也不易做进一步处理;
Tigase Custom Auth connector
2、tigase-auth
至上需要写2个存储过程,
The absolute minimum of stored procedures you have to implement is:
- TigUserLoginPlainPw – to perform user authentication. The procedure is always called when the user tries to login to the XMPP server. This is the only procedure which must be implemented and actually must work.
- TigUserLogout – to perform user logout. The procedure is always called when the user logouts or disconnects from the server. This procedure must be implemented but it can be empty and can do nothing. It just needs to exist because Tigase expect it to exist and attempts to call it.
3、LDAP authentication connector
需要有LDAP服务,目前没有,对LDAP也不熟悉,也不做选择;
4、implement tigase.db.AuthRepository
看下jdbc的处理JDBCRepository.java;因为我们有统一的用户系统,选择使用rpc服务做验证;
tigase默认用的是 TigaseCustomAuth,在getAuthRepository里被创建;
currently Tigase use “tigase.db.jdbc.TigaseCustomAuth” if no –auth-db was configured
禁用匿名认证
处理之前,先要了解下auth的机制,参考www.tigase.org/content/sas…,tigase默认
The factory which is available and registered by default is’tigase.auth.TigaseSaslServerFactory’ which provides PLAIN and ANONYMOUS mechanisms.
也没太搞明白匿名认证的作用,所以就把他先禁用了
my.codeweblog.com/greki/blog/…
继承AuthRepository 接口;
纠结的是里面*Auth的3个方法;5.1的release说明,其他2个以备抛弃,全走otherAuth,
所有主要实现otherAuth方法。
但是如果你是覆盖TigaseCustomAuth,那就要注意跟其他方法数据库操作的兼容
主要是登录的时候,online_status要+1;看下原先的存储过程
流程
设置验证完自动创建用户
添加autoCreateUser=true
user-db-uri=jdbc:mysql://192.168.1.15:3306/tigasedb?user=tigase&password=tigase&useUnicode=true&characterEncoding=UTF-8&autoCreateUser=true
tigase自动创建流程在,JDBCRepository.java
(这里有个问题,主要默认创建的密码,密码为空的话,tig_users.account-status的状态为-1,禁用)
privatelonggetUserUID(DataRepository repo, BareJID user_id, boolean autoCreate)throws SQLException, UserNotFoundException { // OKlong result = getUserUID(repo, user_id); if (result <= 0) { if (autoCreate) { // OK result = addUserRepo(repo, user_id); } else { thrownew UserNotFoundException(“User does not exist: ” + user_id); } // end of if (autoCreate) else } // end of if (isnext) elsereturn result; }
客户端登录成功,发送设置昵称等信息,主要通过iq设置vcard
admin swr
如何配置依赖的环境配置
以为要调用外部服务验证,也许你需要配置验证服务的地址等;
1、增加自定义配置项
直接在init.properties里配置,如–my-config-xxx=xxxx
通过System.getProperty(“my-config-xxx”);//调试发现的,不一定是最好的方式
2、借用–auth-db-uri
借用–auth-db-uri=http://xxxxxx配置自定义;
通过initRepository(final String connection_str, Map<String, String> params)
参数connection_str获取,当然这样就不能再根据connection_str创建连接user_db的repository了;
所以我采用的是第一种,来配置验证的,user_db依然保留,来实现查询用户数等其他方法;
开发工程搭建和调试
新建maven工程,依赖tigaseserver,配置启动类为Xmppserver.
需要拷贝几个cert、etc、scripts(可选)、jars到目录下;
设置参考:my.codeweblog.com/greki/blog/…
<projectxmlns=”maven.apache.org/POM/4.0.0″x… maven.apache.org/xsd/maven-4…“>4.0.0com.greenline.imtigase-ext0.0.1-SNAPSHOTjartigasemaven.apache.orgorg.apache.maven.pluginsmaven-compiler-plugin2.3.21.71.7org.apache.felixmaven-bundle-plugin2.4.0true<instructionscombine.inherited=”append”>
{project.version}-b
{buildNumber}
{buildNumber} (
{project.artifactId};singleton=truesrc/main/resourcesorg.apache.maven.wagonwagon-ssh-external2.2org.apache.maven.wagonwagon-ssh2.2tigasetigase-server5.2.1-SNAPSHOTprovidedorg.slf4jslf4j-api1.6.4providedorg.apache.felixorg.osgi.core1.4.0providedbundlejunitjunit3.8.1testtigaseTigase repositorymaven.tigase.orgtigase-snapshotTigase repositorybuild.xmpp-test.net/maven/truetigaseTigase repositoryscp://maven.tigase.org:/home/webapp/maven-repositorytigase-snapshotTigase snapshot repositoryscp://build.xmpp-test.net:/home/maven/repository
5、debug tigase
–debug=xmpp.XMPPIOService