[gatein-commits] gatein SVN: r6218 - in epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/WEB-INF: conf/organization and 1 other directory.

Author: hfnukal Date: 2011-04-14 09:52:46 -0400 (Thu, 14 Apr 2011) New Revision: 6218 Added: epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/WEB-INF/classes/picketlink-idm/idm-local-cache-config.xml Modified: epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/WEB-INF/conf/organization/idm-configuration.xml Log: JBEPP-772 Use JndiMultiplexedJBossCacheRegionFactory for IDM second level cache to make switching to TCP easier Added: epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/WEB-INF/classes/picketlink-idm/idm-local-cache-config.xml =================================================================== --- epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/WEB-INF/classes/picketlink-idm/idm-local-cache-config.xml (rev 0) +++ epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/WEB-INF/classes/picketlink-idm/idm-local-cache-config.xml 2011-04-14 13:52:46 UTC (rev 6218) @@ -0,0 +1,187 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!-- + ~ Hibernate, Relational Persistence for Idiomatic Java + ~ + ~ Copyright (c) 2007, Red Hat Middleware LLC or third-party contributors as + ~ indicated by the @author tags or express copyright attribution + ~ statements applied by the authors.  All third-party contributions are + ~ distributed under license by Red Hat Middleware LLC. + ~ + ~ This copyrighted material is made available to anyone wishing to use, modify, + ~ copy, or redistribute it subject to the terms and conditions of the GNU + ~ Lesser General Public License, as published by the Free Software Foundation. + ~ + ~ This program is distributed in the hope that it will be useful, + ~ but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + ~ or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License + ~ for more details. + ~ + ~ You should have received a copy of the GNU Lesser General Public License + ~ along with this distribution; if not, write to: + ~ Free Software Foundation, Inc. + ~ 51 Franklin Street, Fifth Floor + ~ Boston, MA 02110-1301 USA + --> +<cache-configs> + + <!-- + Various JBoss Cache configurations, suitable for different caching + uses (e.g. entities vs. queries). + + In all cases, TransactionManager configuration not required. + Hibernate will plug in its own transaction manager integration. + --> + + + <!-- A config appropriate for entity/collection caching. --> + <cache-config name="local-optimistic-entity"> + + <!-- Node locking scheme --> + <attribute name="NodeLockingScheme">OPTIMISTIC</attribute> + + <!-- Mode of communication with peer caches. + + LOCAL + --> + <attribute name="CacheMode">LOCAL</attribute> + + <!-- Name of cluster. Needs to be the same for all members, in order + to find each other --> + <attribute name="ClusterName">local-optimistic-entity</attribute> + + <!-- Use a UDP (multicast) based stack. A udp-sync stack might be + slightly better (no JGroups FC) but we stick with udp to + help ensure this cache and others like timestamps-cache + that require FC can use the same underlying JGroups resources. --> + <attribute name="MultiplexerStack"></attribute> + + <!-- Whether or not to fetch state on joining a cluster. --> + <attribute name="FetchInMemoryState">false</attribute> + + <!-- + The max amount of time (in milliseconds) we wait until the + state (ie. the contents of the cache) are retrieved from + existing members at startup. Ignored if FetchInMemoryState=false. + --> + <attribute name="StateRetrievalTimeout">20000</attribute> + + <!-- + Number of milliseconds to wait until all responses for a + synchronous call have been received. + --> + <attribute name="SyncReplTimeout">20000</attribute> + + <!-- Max number of milliseconds to wait for a lock acquisition --> + <attribute name="LockAcquisitionTimeout">15000</attribute> + + <!-- + Indicate whether to use marshalling or not. Set this to true if you + are running under a scoped class loader, e.g., inside an application + server. + --> + <attribute name="UseRegionBasedMarshalling">true</attribute> + <!-- Must match the value of "useRegionBasedMarshalling" --> + <attribute name="InactiveOnStartup">true</attribute> + + <!-- Eviction policy configurations. --> + <attribute name="EvictionPolicyConfig"> + <config> + <attribute name="wakeUpIntervalSeconds">5</attribute> + <!-- Name of the DEFAULT eviction policy class. --> + <attribute name="policyClass">org.jboss.cache.eviction.LRUPolicy</attribute> + <!-- Cache wide default --> + <region name="/_default_"> + <!-- Evict LRU node once we have more than this number of nodes --> + <attribute name="maxNodes">10000</attribute> + <!-- And, evict any node that hasn't been accessed in this many seconds --> + <attribute name="timeToLiveSeconds">1000</attribute> + <!-- Don't evict a node that's been accessed within this many seconds. + Set this to a value greater than your max expected transaction length. --> + <attribute name="minTimeToLiveSeconds">120</attribute> + </region> + <!-- Don't ever evict modification timestamps --> + <region name="/TS" policyClass="org.jboss.cache.eviction.NullEvictionPolicy"/> + </config> + </attribute> + + </cache-config> + + + + <!-- Optimized for timestamp caching. A clustered timestamp cache + is required if query caching is used, even if the query cache + itself is configured with CacheMode=LOCAL. + --> + <cache-config name="local-timestamps-cache"> + + <!-- Node locking scheme --> + <attribute name="NodeLockingScheme">PESSIMISTIC</attribute> + + <!-- + READ_COMMITTED is as strong as necessary. + --> + <attribute name="IsolationLevel">READ_COMMITTED</attribute> + + <!-- Cannot be INVALIDATION. ASYNC for improved performance. --> + <attribute name="CacheMode">LOCAL</attribute> + + <!-- Name of cluster. Needs to be the same for all members, in order + to find each other --> + <attribute name="ClusterName">local-timestamp-cache</attribute> + + <!-- Use a UDP (multicast) based stack --> + <attribute name="MultiplexerStack"></attribute> + + <!-- Used for timestamps, so must fetch state. --> + <attribute name="FetchInMemoryState">true</attribute> + + <!-- + The max amount of time (in milliseconds) we wait until the + state (ie. the contents of the cache) are retrieved from + existing members at startup. Ignored if FetchInMemoryState=false. + --> + <attribute name="StateRetrievalTimeout">20000</attribute> + + <!-- + Number of milliseconds to wait until all responses for a + synchronous call have been received. + --> + <attribute name="SyncReplTimeout">20000</attribute> + + <!-- Max number of milliseconds to wait for a lock acquisition --> + <attribute name="LockAcquisitionTimeout">15000</attribute> + + <!-- + Indicate whether to use marshalling or not. Set this to true if you + are running under a scoped class loader, e.g., inside an application + server. Default is "false". + --> + <attribute name="UseRegionBasedMarshalling">true</attribute> + <!-- Must match the value of "useRegionBasedMarshalling" --> + <attribute name="InactiveOnStartup">true</attribute> + + <!-- Eviction policy configurations. --> + <attribute name="EvictionPolicyConfig"> + <config> + <attribute name="wakeUpIntervalSeconds">5</attribute> + <!-- Name of the DEFAULT eviction policy class. --> + <attribute name="policyClass">org.jboss.cache.eviction.LRUPolicy</attribute> + <!-- Cache wide default --> + <region name="/_default_"> + <!-- Evict LRU node once we have more than this number of nodes --> + <attribute name="maxNodes">10000</attribute> + <!-- And, evict any node that hasn't been accessed in this many seconds --> + <attribute name="timeToLiveSeconds">1000</attribute> + <!-- Don't evict a node that's been accessed within this many seconds. + Set this to a value greater than your max expected transaction length. --> + <attribute name="minTimeToLiveSeconds">120</attribute> + </region> + <!-- Don't ever evict modification timestamps --> + <region name="/TS" policyClass="org.jboss.cache.eviction.NullEvictionPolicy"/> + </config> + </attribute> + + </cache-config> +</cache-configs> + Modified: epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/WEB-INF/conf/organization/idm-configuration.xml =================================================================== --- epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/WEB-INF/conf/organization/idm-configuration.xml 2011-04-14 12:14:56 UTC (rev 6217) +++ epp/portal/branches/EPP_5_1_Branch/web/portal/src/main/webapp/WEB-INF/conf/organization/idm-configuration.xml 2011-04-14 13:52:46 UTC (rev 6218) @@ -1,277 +1,319 @@ -<?xml version="1.0" encoding="ISO-8859-1"?> -<!-- - - Copyright (C) 2009 eXo Platform SAS. - - This is free software; you can redistribute it and/or modify it - under the terms of the GNU Lesser General Public License as - published by the Free Software Foundation; either version 2.1 of - the License, or (at your option) any later version. - - This software is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - - You should have received a copy of the GNU Lesser General Public - License along with this software; if not, write to the Free - Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - 02110-1301 USA, or see the FSF site: http://www.fsf.org. - ---> - -<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_1.xsd http://www.exoplaform.org/xml/ns/kernel_1_1.xsd" - xmlns="http://www.exoplaform.org/xml/ns/kernel_1_1.xsd"> - - - <component> - <key>org.exoplatform.services.organization.idm.PicketLinkIDMCacheService</key> - <type>org.exoplatform.services.organization.idm.PicketLinkIDMCacheService</type> - </component> - - <component> - <key>org.exoplatform.services.database.HibernateService</key> - <jmx-name>database:type=HibernateService</jmx-name> - <type>org.exoplatform.services.database.impl.HibernateServiceImpl</type> - <init-params> - <properties-param> - <name>hibernate.properties</name> - <description>Default Hibernate Service</description> - <property name="hibernate.cache.region.jbc2.query.localonly" value="true" /> - <property name="hibernate.cache.region.jbc2.cachefactory" value="java:CacheManager"/> - <property name="hibernate.cache.region.factory_class" value="org.hibernate.cache.jbc2.JndiMultiplexedJBossCacheRegionFactory" /> - <!--<property name="hibernate.cache.region.jbc2.query.localonly" value="true" />--> - <!--<property name="hibernate.cache.region.factory_class" value="org.hibernate.cache.jbc2.MultiplexedJBossCacheRegionFactory" />--> - <property name="hibernate.transaction.manager_lookup_class" value="org.hibernate.transaction.JBossTransactionManagerLookup" /> - <property name="hibernate.show_sql" value="false"/> - <property name="hibernate.current_session_context_class" value="thread"/> - <property name="hibernate.cache.use_second_level_cache" value="true"/> - <property name="hibernate.cache.use_query_cache" value="true"/> - <property name="hibernate.connection.datasource" value="${gatein.idm.datasource.name}${container.name.suffix}"/> - <property name="hibernate.connection.autocommit" value="true"/> - <!-- - Should be automatically detected. Force otherwise - <property name="hibernate.dialect" value="org.hibernate.dialect.XXXDialect"/> - --> - </properties-param> - </init-params> - </component> - - <component> - <key>org.exoplatform.services.organization.idm.PicketLinkIDMService</key> - <type>org.exoplatform.services.organization.idm.PicketLinkIDMServiceImpl</type> - <init-params> - <value-param> - <name>config</name> - <value>war:/conf/organization/picketlink-idm/picketlink-idm-config.xml</value> - - <!--Sample LDAP config--> - <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-config.xml</value>--> - - <!--Read Only "ACME" LDAP Example--> - <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml</value>--> - - <!--OpenLDAP LDAP config--> - <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-config.xml</value>--> - - <!--OpenLDAP ReadOnly "ACME" LDAP Example--> - <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-acme-config.xml</value>--> - - <!--MSAD LDAP Example--> - <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-msad-config.xml</value>--> - - <!--MSAD Read Only "ACME" LDAP Example--> - <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml</value>--> - - </value-param> - - <!-- In default PicketLink IDM configuration hibernate store will namespace identity objects using this realm name - if you want to share DB between portal and also share the same identity data remove the "${container.name.suffix}" part--> - <value-param> - <name>portalRealm</name> - <value>idm_realm${container.name.suffix}</value> - </value-param> - - <value-param> - <name>apiCacheConfig</name> - <value>war:/conf/organization/picketlink-idm/jboss-cache.xml</value> - </value-param> - - <value-param profiles="cluster"> - <name>apiCacheConfig</name> - <value>war:/conf/organization/picketlink-idm/jboss-cache-cluster.xml</value> - </value-param> - - <value-param> - <name>storeCacheConfig</name> - <value>war:/conf/organization/picketlink-idm/jboss-cache.xml</value> - </value-param> - - <value-param profiles="cluster"> - <name>storeCacheConfig</name> - <value>war:/conf/organization/picketlink-idm/jboss-cache-cluster.xml</value> - </value-param> - - </init-params> - </component> - - - <component> - <key>org.exoplatform.services.organization.OrganizationService</key> - <type>org.exoplatform.services.organization.idm.PicketLinkIDMOrganizationServiceImpl</type> - <init-params> - <object-param> - <name>configuration</name> - <object type="org.exoplatform.services.organization.idm.Config"> - <!-- For all ids not mapped with type in 'groupTypeMappings' use parent id path - as a group type to store group in PicketLink IDM. The effect of setting - this option to false and not providing any mappings under 'groupTypeMappings' option - is that there can be only one group with a given name in all GateIn group tree--> - <field name="useParentIdAsGroupType"> - <boolean>true</boolean> - </field> - <!-- Group stored in PicketLink IDM with a type mapped in 'groupTypeMappings' will - automatically be member under mapped parent. Normally groups are linked by - PicketLink IDM group association - such relationship won't be needed then. It can - be set to false if all groups are added via GateIn APIs - This option may be useful with LDAP config as it will make (if set to true) every entry - added to LDAP (not via GateIn management UI) appear in GateIn--> - <field name="forceMembershipOfMappedTypes"> - <boolean>true</boolean> - </field> - <!-- When 'userParentIdAsGroupType is set to true this value will be used to - replace all "/" chars in id. This is because "/" is not allowed to be - used in group type name in PicketLink IDM--> - <field name="pathSeparator"> - <string>.</string> - </field> - <!-- Name of a group stored in PicketLink IDM that acts as root group in GateIn - "/" --> - <field name="rootGroupName"> - <string>GTN_ROOT_GROUP</string> - </field> - <!-- Map groups added with GateIn API as a childs of a given group ID to be stored with a given - group type name in PicketLink IDM. If parent ID ends with "/*" then all child groups will - have the mapped group type. Otherwise only direct (first level) children will use this type. - - This can be leveraged by LDAP setup. Given LDAP DN configured in PicketLink IDM to - store specific group type will then store one given branch in GateIn group tree while - all other groups will remain in DB. --> - <field name="groupTypeMappings"> - <map type="java.util.HashMap"> - <entry> - <key><string>/</string></key> - <value><string>root_type</string></value> - </entry> - - <!-- Uncomment for sample LDAP configuration --> - <!-- - <entry> - <key><string>/platform/*</string></key> - <value><string>platform_type</string></value> - </entry> - <entry> - <key><string>/organization/*</string></key> - <value><string>organization_type</string></value> - </entry> - --> - - - <!-- Uncomment for ACME LDAP example --> - <!-- - <entry> - <key><string>/acme/roles/*</string></key> - <value><string>acme_roles_type</string></value> - </entry> - <entry> - <key><string>/acme/organization_units/*</string></key> - <value><string>acme_ou_type</string></value> - </entry> - --> - - <!-- Uncomment for MSAD ReadOnly LDAP example --> - <!-- - <entry> - <key><string>/acme/roles/*</string></key> - <value><string>msad_roles_type</string></value> - </entry> - --> - </map> - </field> - <!-- If this option is used then each Membership created with MembrshipType that is - equal to value specified here will be stored in PicketLink IDM as simple - Group-User association--> - <field name="associationMembershipType"> - <string>member</string> - </field> - <!-- if "associationMembershipType" option is used and this option is set to true - then Membership with MembershipType configured to be stored as PicketLink IDM association - will not be stored as PicketLink IDM Role --> - <field name="ignoreMappedMembershipType"> - <boolean>false</boolean> - </field> - <!-- If 'true' will use JTA UserTransaction. If 'false' will use IDM transaction API --> - <field name="useJTA"> - <boolean>false</boolean> - </field> - - <!-- If PLIDM group will have name containing slash "/" char than it will be replace with following string. - Slashes are used in group paths and if present in names may cause unpredictable behaviour --> - <field name="slashReplacement"> - <string>@_@_@</string> - </field> - - <!-- If groups should be displayed in a sorted order in the management UI--> - <field name="sortGroups"> - <boolean>true</boolean> - </field> - - <!-- If memberships should be displayed in a sorted order in the management UI--> - <field name="sortMemberships"> - <boolean>true</boolean> - </field> - </object> - </object-param> - </init-params> - </component> - - <external-component-plugins> - <target-component>org.exoplatform.services.database.HibernateService</target-component> - <component-plugin> - <name>add.hibernate.mapping</name> - <set-method>addPlugin</set-method> - <type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type> - <init-params> - <values-param> - <name>hibernate.mapping</name> - <value>picketlink-idm/mappings/HibernateRealm.hbm.xml</value> - <value>picketlink-idm/mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml</value> - <value>picketlink-idm/mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml</value> - <value>picketlink-idm/mappings/HibernateIdentityObject.hbm.xml</value> - <value>picketlink-idm/mappings/HibernateIdentityObjectCredential.hbm.xml</value> - <value>picketlink-idm/mappings/HibernateIdentityObjectCredentialType.hbm.xml</value> - <value>picketlink-idm/mappings/HibernateIdentityObjectAttribute.hbm.xml</value> - <value>picketlink-idm/mappings/HibernateIdentityObjectType.hbm.xml</value> - <value>picketlink-idm/mappings/HibernateIdentityObjectRelationship.hbm.xml</value> - <value>picketlink-idm/mappings/HibernateIdentityObjectRelationshipType.hbm.xml</value> - <value>picketlink-idm/mappings/HibernateIdentityObjectRelationshipName.hbm.xml</value> - </values-param> - <values-param profiles="sybase"> - <name>hibernate.mapping</name> - <value>picketlink-idm/sybase-mappings/HibernateRealm.hbm.xml</value> - <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml</value> - <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml</value> - <value>picketlink-idm/sybase-mappings/HibernateIdentityObject.hbm.xml</value> - <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectCredential.hbm.xml</value> - <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectCredentialType.hbm.xml</value> - <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectAttribute.hbm.xml</value> - <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectType.hbm.xml</value> - <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationship.hbm.xml</value> - <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationshipType.hbm.xml</value> - <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationshipName.hbm.xml</value> - </values-param> - </init-params> - </component-plugin> - </external-component-plugins> - -</configuration> +<?xml version="1.0" encoding="ISO-8859-1"?> +<!-- + + Copyright (C) 2009 eXo Platform SAS. + + This is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of + the License, or (at your option) any later version. + + This software is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this software; if not, write to the Free + Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + 02110-1301 USA, or see the FSF site: http://www.fsf.org. + +--> + +<configuration xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://www.exoplaform.org/xml/ns/kernel_1_1.xsd http://www.exoplaform.org/xml/ns/kernel_1_1.xsd" + xmlns="http://www.exoplaform.org/xml/ns/kernel_1_1.xsd"> + + + <component> + <key>org.exoplatform.services.organization.idm.PicketLinkIDMCacheService</key> + <type>org.exoplatform.services.organization.idm.PicketLinkIDMCacheService</type> + </component> + + + <!-- non-clustered profile --> + <component> + <key>org.exoplatform.services.database.HibernateService</key> + <jmx-name>database:type=HibernateService</jmx-name> + <type>org.exoplatform.services.database.impl.HibernateServiceImpl</type> + <init-params> + <properties-param> + <name>hibernate.properties</name> + <description>Default Hibernate Service</description> + <property name="hibernate.cache.region.jbc2.query.localonly" value="true" /> + <property name="hibernate.cache.region.factory_class" value="org.hibernate.cache.jbc2.MultiplexedJBossCacheRegionFactory" /> + <!-- force usage of LOCAL cache configurations --> + <property name="hibernate.cache.region.jbc2.configs" value="picketlink-idm/idm-local-cache-config.xml" /> + <property name="hibernate.cache.region.jbc2.cfg.entity" value="local-optimistic-entity" /> + <property name="hibernate.cache.region.jbc2.cfg.ts" value="local-timestamps-cache" /> + + <property name="hibernate.transaction.manager_lookup_class" value="org.hibernate.transaction.JBossTransactionManagerLookup" /> + <property name="hibernate.show_sql" value="false"/> + <property name="hibernate.current_session_context_class" value="thread"/> + <property name="hibernate.cache.use_second_level_cache" value="true"/> + <property name="hibernate.cache.use_query_cache" value="true"/> + <property name="hibernate.connection.datasource" value="${gatein.idm.datasource.name}${container.name.suffix}"/> + <property name="hibernate.connection.autocommit" value="true"/> + <!-- + Should be automatically detected. Force otherwise + <property name="hibernate.dialect" value="org.hibernate.dialect.XXXDialect"/> + --> + </properties-param> + </init-params> + </component> + + <!-- clustered profile --> + <component profiles="cluster"> + <key>org.exoplatform.services.database.HibernateService</key> + <jmx-name>database:type=HibernateService</jmx-name> + <type>org.exoplatform.services.database.impl.HibernateServiceImpl</type> + <init-params> + <properties-param> + <name>hibernate.properties</name> + <description>Default Hibernate Service</description> + <property name="hibernate.cache.region.jbc2.query.localonly" value="true" /> + <property name="hibernate.cache.region.jbc2.cachefactory" value="java:CacheManager"/> + <property name="hibernate.cache.region.factory_class" value="org.hibernate.cache.jbc2.JndiMultiplexedJBossCacheRegionFactory" /> + <property name="hibernate.transaction.manager_lookup_class" value="org.hibernate.transaction.JBossTransactionManagerLookup" /> + <property name="hibernate.show_sql" value="false"/> + <property name="hibernate.current_session_context_class" value="thread"/> + <property name="hibernate.cache.use_second_level_cache" value="true"/> + <property name="hibernate.cache.use_query_cache" value="true"/> + <property name="hibernate.connection.datasource" value="${gatein.idm.datasource.name}${container.name.suffix}"/> + <property name="hibernate.connection.autocommit" value="true"/> + <!-- + Should be automatically detected. Force otherwise + <property name="hibernate.dialect" value="org.hibernate.dialect.XXXDialect"/> + --> + </properties-param> + </init-params> + </component> + + + <component> + <key>org.exoplatform.services.organization.idm.PicketLinkIDMService</key> + <type>org.exoplatform.services.organization.idm.PicketLinkIDMServiceImpl</type> + <init-params> + <value-param> + <name>config</name> + <value>war:/conf/organization/picketlink-idm/picketlink-idm-config.xml</value> + + <!--Sample LDAP config--> + <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-config.xml</value>--> + + <!--Read Only "ACME" LDAP Example--> + <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml</value>--> + + <!--OpenLDAP LDAP config--> + <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-config.xml</value>--> + + <!--OpenLDAP ReadOnly "ACME" LDAP Example--> + <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-acme-config.xml</value>--> + + <!--MSAD LDAP Example--> + <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-msad-config.xml</value>--> + + <!--MSAD Read Only "ACME" LDAP Example--> + <!--<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml</value>--> + + </value-param> + + <!-- In default PicketLink IDM configuration hibernate store will namespace identity objects using this realm name + if you want to share DB between portal and also share the same identity data remove the "${container.name.suffix}" part--> + <value-param> + <name>portalRealm</name> + <value>idm_realm${container.name.suffix}</value> + </value-param> + + <value-param> + <name>apiCacheConfig</name> + <value>war:/conf/organization/picketlink-idm/jboss-cache.xml</value> + </value-param> + + <value-param profiles="cluster"> + <name>apiCacheConfig</name> + <value>war:/conf/organization/picketlink-idm/jboss-cache-api-cluster.xml</value> + </value-param> + + <value-param> + <name>storeCacheConfig</name> + <value>war:/conf/organization/picketlink-idm/jboss-cache.xml</value> + </value-param> + + <value-param profiles="cluster"> + <name>storeCacheConfig</name> + <value>war:/conf/organization/picketlink-idm/jboss-cache-store-cluster.xml</value> + </value-param> + + <value-param profiles="cluster"> + <name>jgroups-configuration</name> + <value>${gatein.jcr.jgroups.config}</value> + </value-param> + + <value-param profiles="cluster"> + <name>jgroups-multiplexer-stack</name> + <value>true</value> + </value-param> + + </init-params> + </component> + + + <component> + <key>org.exoplatform.services.organization.OrganizationService</key> + <type>org.exoplatform.services.organization.idm.PicketLinkIDMOrganizationServiceImpl</type> + <init-params> + <object-param> + <name>configuration</name> + <object type="org.exoplatform.services.organization.idm.Config"> + <!-- For all ids not mapped with type in 'groupTypeMappings' use parent id path + as a group type to store group in PicketLink IDM. The effect of setting + this option to false and not providing any mappings under 'groupTypeMappings' option + is that there can be only one group with a given name in all GateIn group tree--> + <field name="useParentIdAsGroupType"> + <boolean>true</boolean> + </field> + <!-- Group stored in PicketLink IDM with a type mapped in 'groupTypeMappings' will + automatically be member under mapped parent. Normally groups are linked by + PicketLink IDM group association - such relationship won't be needed then. It can + be set to false if all groups are added via GateIn APIs + This option may be useful with LDAP config as it will make (if set to true) every entry + added to LDAP (not via GateIn management UI) appear in GateIn--> + <field name="forceMembershipOfMappedTypes"> + <boolean>true</boolean> + </field> + <!-- When 'userParentIdAsGroupType is set to true this value will be used to + replace all "/" chars in id. This is because "/" is not allowed to be + used in group type name in PicketLink IDM--> + <field name="pathSeparator"> + <string>.</string> + </field> + <!-- Name of a group stored in PicketLink IDM that acts as root group in GateIn - "/" --> + <field name="rootGroupName"> + <string>GTN_ROOT_GROUP</string> + </field> + <!-- Map groups added with GateIn API as a childs of a given group ID to be stored with a given + group type name in PicketLink IDM. If parent ID ends with "/*" then all child groups will + have the mapped group type. Otherwise only direct (first level) children will use this type. + + This can be leveraged by LDAP setup. Given LDAP DN configured in PicketLink IDM to + store specific group type will then store one given branch in GateIn group tree while + all other groups will remain in DB. --> + <field name="groupTypeMappings"> + <map type="java.util.HashMap"> + <entry> + <key><string>/</string></key> + <value><string>root_type</string></value> + </entry> + + <!-- Uncomment for sample LDAP configuration --> + <!-- + <entry> + <key><string>/platform/*</string></key> + <value><string>platform_type</string></value> + </entry> + <entry> + <key><string>/organization/*</string></key> + <value><string>organization_type</string></value> + </entry> + --> + + + <!-- Uncomment for ACME LDAP example --> + <!-- + <entry> + <key><string>/acme/roles/*</string></key> + <value><string>acme_roles_type</string></value> + </entry> + <entry> + <key><string>/acme/organization_units/*</string></key> + <value><string>acme_ou_type</string></value> + </entry> + --> + + <!-- Uncomment for MSAD ReadOnly LDAP example --> + <!-- + <entry> + <key><string>/acme/roles/*</string></key> + <value><string>msad_roles_type</string></value> + </entry> + --> + </map> + </field> + <!-- If this option is used then each Membership created with MembrshipType that is + equal to value specified here will be stored in PicketLink IDM as simple + Group-User association--> + <field name="associationMembershipType"> + <string>member</string> + </field> + <!-- if "associationMembershipType" option is used and this option is set to true + then Membership with MembershipType configured to be stored as PicketLink IDM association + will not be stored as PicketLink IDM Role --> + <field name="ignoreMappedMembershipType"> + <boolean>false</boolean> + </field> + <!-- If 'true' will use JTA UserTransaction. If 'false' will use IDM transaction API --> + <field name="useJTA"> + <boolean>false</boolean> + </field> + + <!-- If PLIDM group will have name containing slash "/" char than it will be replace with following string. + Slashes are used in group paths and if present in names may cause unpredictable behaviour --> + <field name="slashReplacement"> + <string>@_@_@</string> + </field> + + <!-- If groups should be displayed in a sorted order in the management UI--> + <field name="sortGroups"> + <boolean>true</boolean> + </field> + + <!-- If memberships should be displayed in a sorted order in the management UI--> + <field name="sortMemberships"> + <boolean>true</boolean> + </field> + </object> + </object-param> + </init-params> + </component> + + <external-component-plugins> + <target-component>org.exoplatform.services.database.HibernateService</target-component> + <component-plugin> + <name>add.hibernate.mapping</name> + <set-method>addPlugin</set-method> + <type>org.exoplatform.services.database.impl.AddHibernateMappingPlugin</type> + <init-params> + <values-param> + <name>hibernate.mapping</name> + <value>picketlink-idm/mappings/HibernateRealm.hbm.xml</value> + <value>picketlink-idm/mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml</value> + <value>picketlink-idm/mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml</value> + <value>picketlink-idm/mappings/HibernateIdentityObject.hbm.xml</value> + <value>picketlink-idm/mappings/HibernateIdentityObjectCredential.hbm.xml</value> + <value>picketlink-idm/mappings/HibernateIdentityObjectCredentialType.hbm.xml</value> + <value>picketlink-idm/mappings/HibernateIdentityObjectAttribute.hbm.xml</value> + <value>picketlink-idm/mappings/HibernateIdentityObjectType.hbm.xml</value> + <value>picketlink-idm/mappings/HibernateIdentityObjectRelationship.hbm.xml</value> + <value>picketlink-idm/mappings/HibernateIdentityObjectRelationshipType.hbm.xml</value> + <value>picketlink-idm/mappings/HibernateIdentityObjectRelationshipName.hbm.xml</value> + </values-param> + <values-param profiles="sybase"> + <name>hibernate.mapping</name> + <value>picketlink-idm/sybase-mappings/HibernateRealm.hbm.xml</value> + <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectCredentialBinaryValue.hbm.xml</value> + <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectAttributeBinaryValue.hbm.xml</value> + <value>picketlink-idm/sybase-mappings/HibernateIdentityObject.hbm.xml</value> + <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectCredential.hbm.xml</value> + <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectCredentialType.hbm.xml</value> + <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectAttribute.hbm.xml</value> + <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectType.hbm.xml</value> + <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationship.hbm.xml</value> + <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationshipType.hbm.xml</value> + <value>picketlink-idm/sybase-mappings/HibernateIdentityObjectRelationshipName.hbm.xml</value> + </values-param> + </init-params> + </component-plugin> + </external-component-plugins> + +</configuration>