Author: bdaw
Date: 2007-03-03 16:34:34 -0500 (Sat, 03 Mar 2007)
New Revision: 6510
Modified:
docs/trunk/referenceGuide/en/modules/identity.xml
Log:
update
Modified: docs/trunk/referenceGuide/en/modules/identity.xml
===================================================================
--- docs/trunk/referenceGuide/en/modules/identity.xml 2007-03-03 21:03:18 UTC (rev 6509)
+++ docs/trunk/referenceGuide/en/modules/identity.xml 2007-03-03 21:34:34 UTC (rev 6510)
@@ -815,6 +815,90 @@
</sect2>
<sect2>
<title>Delegating UserProfile module</title>
+ <para>Delegating UserProfile module implementation has very specific role.
When we use storage mechanism like LDAP we may not be able to map all
+ user properties into LDAP attributes because of schema limitations. To solve
this problem we use database to store such not mapped properties.
+ Delegating user profile module will recognize if property is mapped as
<emphasis role="bold">ldap</emphasis> or <emphasis
role="bold">database</emphasis>
+ end delegate <emphasis>setProperty()/getProperty()</emphasis> method
invocation to proper module implementation. This is implemented in
+ <emphasis
role="bold">org.jboss.portal.identity.DelegatingUserProfileModuleImpl</emphasis>.
If property is mapped either as
+ <emphasis role="bold">ldap</emphasis> and <emphasis
role="bold">database</emphasis> the <emphasis
role="bold">ldap</emphasis> mapping will
+ have higher priority.
+ </para>
+ <programlisting>
+ <![CDATA[
+ <module>
+ <!--type used to correctly map in IdentityContext registry-->
+ <type>UserProfile</type>
+ <implementation>DELEGATING</implementation>
+
+ <!--name of service and class for creating mbean-->
+ <service-name>portal:service=Module,type=UserProfile</service-name>
+
<class>org.jboss.portal.identity.DelegatingUserProfileModuleImpl</class>
+ <!--set of options that are set in instantiated object-->
+ <config>
+ <option>
+ <name>jndiName</name>
+ <value>java:/portal/UserProfileModule</value>
+ </option>
+ <option>
+ <name>dbModuleJNDIName</name>
+ <value>java:/portal/DBUserProfileModule</value>
+ </option>
+ <option>
+ <name>profileConfigFile</name>
+ <value>conf/identity/profile-config.xml</value>
+ </option>
+ </config>
+ </module>
+ ]]>
+ </programlisting>
+ <para>
+ Module options are:
+ <itemizedlist>
+ <listitem>
+ <emphasis role="bold">dbModuleJNDIName</emphasis>
- JNDI name under which database implementation of UserProfileModule is registered.
+ </listitem>
+ <listitem>
+ <emphasis
role="bold">ldapModuleJNDIName</emphasis> - JNDI name under which ldap
implementation of UserProfileModule is registered.
+ </listitem>
+ <listitem>
+ <emphasis
role="bold">profileConfigFile</emphasis> - configuration file for user
properties.
+ </listitem>
+ </itemizedlist>
+ </para>
</sect2>
+ <sect2>
+ <title>Database UserProfile module implementation</title>
+ <para>Because of behaviour described in previous section database
UserProfile module needs some special capabilities. If user is present in
+ LDAP server but property we want to store isn't mapped as LDAP attribute
such property need to be stored in database. But to store
+ the property user need to be synchronized from ldap into database
first</para>
+ <para>Class
<emphasis>org.jboss.portal.identity.db.HibernateUserProfileModuleImpl</emphasis>
has additional synchronization features.
+ Here are the options:
+ <itemizedlist>
+ <listitem>
+ <emphasis
role="bold">synchronizeNonExistingUsers</emphasis> - when set to
"true" if user on which we want to perform operation doesn't exist it will
+ create it in database
+ </listitem>
+ <listitem>
+ <emphasis
role="bold">acceptOtherImplementations</emphasis> - if set to
"true" module will accept user objects other than
+
<emphasis>org.jboss.portal.identity.db.HibernateUserImpl</emphasis>. This is
needed to enable cooperation with UserModule implementations other
+ than
<emphasis>org.jboss.portal.identity.db.HibernateUserModuleImpl</emphasis>
+ </listitem>
+ <listitem>
+ <emphasis
role="bold">defaultSynchronizePassword</emphasis> - if this option is
set the value will be used as password for synchronized user.
+ </listitem>
+ <listitem>
+ <emphasis
role="bold">randomSynchronizePassword</emphasis> - if this option is
set to "true" synchronized user will have random generated password.
+ This is mostly for the security reasons.
+ </listitem>
+ <listitem>
+ <emphasis
role="bold">sessionFactoryJNDIName</emphasis> - JNDI name under which
this user will be registered.
+ </listitem>
+ <listitem>
+ <emphasis role="bold">profileConfigFile</emphasis> -
file with user profile configuration
+ </listitem>
+ </itemizedlist>
+ </para>
+
+ </sect2>
</sect1>
</chapter>