UserAdmin Server Properties

This user administration server has its own configuration server entry in the portalprotect configuration files. It configures database connectivity, plugins, etc.

For database connectivity description, see example the in section regarding Ceptor User Administration Server
The Ceptor distribution contains sample configuration listing and documenting all these properties.

Property	Value
db.username	Username to use when connecting to the database
db.credentials	Password to use for connecting with the database
db.dbtype	The type of database (flavor) used. SQL statements are modified slightly depending on the database flavor. Currently supported is DB2 cloudscape javadb derby mysql sqlserver oracle10 postgres
db.connectionurl	JDBC URL to access database (example: `jdbc:postgresql://10.1.1.1:5432/ppdata`)
db.drivername	Name of database JDB Driver - must be Java 1.6 or upwards compatible
db.testtable	The table to test on. If this string is prefixed with "SQL" the string after that will be used as the test SQL
db.testonreserve	Defines whether a check on the connection should be made when fetched from the pool
db.searchstartwithwildcard	If true, all searches will be prefixed with a wildcard to find characters in the middle of the search string
db.maxconnectionusage	The max. number of times a connection is reused (or 0 if no max)
db.maxconnectionlife	The max. number of seconds a connection is allowed to live (or 0 if no max)
db.initialpoolsize	Initial size of database connection pool
db.getconnectiontimeout	The maximum time to wait for a new connection from the connection pool
db.delaygetconnection	A delay is added inside the user administration server, simulating that it takes additional time to aquire a new database connection. The time is given in milliseconds. This will allow to test how the system (mostly applications connected to the user administration server) will react to a slow database For performance and failure testing purpose only
db.debug	If set to true, debug information on connections and queries are logged in the user admin server log
db.checkexecuteupdate	Check if SQL update returns 0 rows update (some database flavors will not support this!)

The database access layer caches the less frequent changed part of the user administration database. The properties to control this cache are these:

Property	Value
db.caching.status.time	Caching timeout for status objects, time is in seconds
db.caching.profile.time	Caching timeout for profile objects, time is in seconds
db.caching.group.time	Caching timeout for group objects, time is in seconds
db.caching.authmethod.time	Caching timeout for authentication method objects, time is in seconds
db.caching.acl.time	Caching timeout for ACL objects, time is in seconds

This section will contain documentation on additional properties apart from the properties described in the section above.

Property	Value
superuser	<super user name> If set it is the userid of the "super user" who has access to all users in the database. It only sets the userid – not how this user is authenticated – that is controlled by nmormal login mechanisms.
enableRevisionLogging	<true/false> Wether or not revision logging is done on certain tables in the database (old values are retained in history tables). False is the default value
users.multiorg	<true/false> Support multiple organisations per user in the database. This is done through a new table PP_ORG_USR that needs to be created using the scripts. The feature will fail if this table is not created. False is the default value Note: If the value on an existing system is changed from false to true – data MUST be migrated from pp_user table to the new table. The old value organisation_id in the pp_user table will be ignored after this value is set to true. Also in this scenario the organisation_id field should be cleared after migration (to avoid database constraint issues!).
search.user.max	The number of maximum users returned in the user search method. If not set, the default value is 256. It is not recommended to set this too high as it can put a high load on the database and the network between the user administration server and the application using it. Better to design the application with use cases limiting the searches to less users
enableRevisionLogging	<true/false> If set revision logging is done on certain updates in the user administration database

Some plugins can be added to the user administration server to serve for example infrastructure purposes or allow other systems to be notified on certain changes.

Property	Value
user.attribute	A class name of a class impementing the dk.itp.portalprotect.useradmin.plugin.IUserAttributeValidator interface which will be called to check if it is allowed to update, insert or delete certain attributes (or values thereof) on a user. The class can also be used to notify other systems of changes if needed
user.attributelist	A class name of a class implementing the dk.itp.portalprotect.useradmin.plugin.IAttributeList. This class must return a list of attribute names that is allowed to change no a user obbject from the user administration client - so this can be controlled centrally. By default the user administration client will allow changes to all user attributes (pending ACL check)
user.postcreate	A class name of a class implementing the dk.itp.portalprotect.useradmin.plugin.IUserCreate interface. The class will be called when the user has been created. This can for example be used to notify other systems that a user has been created.
user.precreate	A class name of a class implementing the dk.itp.portalprotect.useradmin.plugin.IUserCreate interface. The class will be called to check if it is allowed to create the user with the given logon id and credentials.
organisation.attributeslist	A class name of a class implementing the dk.itp.portalprotect.useradmin.plugin.IAttributeList. This class must return a list of attribute names that is allowed to change on an organisation from the user administration client - so this can be controlled centrally. By default the user administration client will allow changes to all organisation attributes (pending ACL check)

This section relates to the multi schema functionality, used to keep different users in the database physically separated by using different schemas.

Property	Value
schema.enable	<true/false> Enables the multi schema support for the user admin server - allowing users of the API to define through the "getInstance" or "getSchemaInstace" which schema to access and store users. False is the default value
schema.instance.root	<root schema name> The root schema name used when "schema.enable" is set to true. This schema name will be used when "null" is given as the instance name to the "getInstance" or "getSchemaInstace" methods on the user admin API. The value must be set if the property "schema.enable" is set to true. For the sample derby database provided with the Ceptor installation, "APP" is the schema name to provide here.
schema.instance.XXX	<schema name for instance XXX> The schema name used when "schema.enable" is set to true for a given instance XXX. This schema name will be used when "XXX" is given as the instance name to the "getInstance" or "getSchemaInstace" methods on the user admin API. The value must be set for each of the schemas/instances used in the API.