Author: bdaw Date: 2007-03-03 16:34:34 -0500 (Sat, 03 Mar 2007) New Revision: 6510 Modified: docs/trunk/referenceGuide/en/modules/identity.xml Log: update Modified: docs/trunk/referenceGuide/en/modules/identity.xml =================================================================== --- docs/trunk/referenceGuide/en/modules/identity.xml 2007-03-03 21:03:18 UTC (rev 6509) +++ docs/trunk/referenceGuide/en/modules/identity.xml 2007-03-03 21:34:34 UTC (rev 6510) @@ -815,6 +815,90 @@ </sect2> <sect2> <title>Delegating UserProfile module</title> + <para>Delegating UserProfile module implementation has very specific role. When we use storage mechanism like LDAP we may not be able to map all + user properties into LDAP attributes because of schema limitations. To solve this problem we use database to store such not mapped properties. + Delegating user profile module will recognize if property is mapped as <emphasis role="bold">ldap</emphasis> or <emphasis role="bold">database</emphasis> + end delegate <emphasis>setProperty()/getProperty()</emphasis> method invocation to proper module implementation. This is implemented in + <emphasis role="bold">org.jboss.portal.identity.DelegatingUserProfileModuleImpl</emphasis>. If property is mapped either as + <emphasis role="bold">ldap</emphasis> and <emphasis role="bold">database</emphasis> the <emphasis role="bold">ldap</emphasis> mapping will + have higher priority. + </para> + <programlisting> + <![CDATA[ + <module> + <!--type used to correctly map in IdentityContext registry--> + <type>UserProfile</type> + <implementation>DELEGATING</implementation> + + <!--name of service and class for creating mbean--> + <service-name>portal:service=Module,type=UserProfile</service-name> + <class>org.jboss.portal.identity.DelegatingUserProfileModuleImpl</class> + <!--set of options that are set in instantiated object--> + <config> + <option> + <name>jndiName</name> + <value>java:/portal/UserProfileModule</value> + </option> + <option> + <name>dbModuleJNDIName</name> + <value>java:/portal/DBUserProfileModule</value> + </option> + <option> + <name>profileConfigFile</name> + <value>conf/identity/profile-config.xml</value> + </option> + </config> + </module> + ]]> + </programlisting> + <para> + Module options are: + <itemizedlist> + <listitem> + <emphasis role="bold">dbModuleJNDIName</emphasis> - JNDI name under which database implementation of UserProfileModule is registered. + </listitem> + <listitem> + <emphasis role="bold">ldapModuleJNDIName</emphasis> - JNDI name under which ldap implementation of UserProfileModule is registered. + </listitem> + <listitem> + <emphasis role="bold">profileConfigFile</emphasis> - configuration file for user properties. + </listitem> + </itemizedlist> + </para> </sect2> + <sect2> + <title>Database UserProfile module implementation</title> + <para>Because of behaviour described in previous section database UserProfile module needs some special capabilities. If user is present in + LDAP server but property we want to store isn't mapped as LDAP attribute such property need to be stored in database. But to store + the property user need to be synchronized from ldap into database first</para> + <para>Class <emphasis>org.jboss.portal.identity.db.HibernateUserProfileModuleImpl</emphasis> has additional synchronization features. + Here are the options: + <itemizedlist> + <listitem> + <emphasis role="bold">synchronizeNonExistingUsers</emphasis> - when set to "true" if user on which we want to perform operation doesn't exist it will + create it in database + </listitem> + <listitem> + <emphasis role="bold">acceptOtherImplementations</emphasis> - if set to "true" module will accept user objects other than + <emphasis>org.jboss.portal.identity.db.HibernateUserImpl</emphasis>. This is needed to enable cooperation with UserModule implementations other + than <emphasis>org.jboss.portal.identity.db.HibernateUserModuleImpl</emphasis> + </listitem> + <listitem> + <emphasis role="bold">defaultSynchronizePassword</emphasis> - if this option is set the value will be used as password for synchronized user. + </listitem> + <listitem> + <emphasis role="bold">randomSynchronizePassword</emphasis> - if this option is set to "true" synchronized user will have random generated password. + This is mostly for the security reasons. + </listitem> + <listitem> + <emphasis role="bold">sessionFactoryJNDIName</emphasis> - JNDI name under which this user will be registered. + </listitem> + <listitem> + <emphasis role="bold">profileConfigFile</emphasis> - file with user profile configuration + </listitem> + </itemizedlist> + </para> + + </sect2> </sect1> </chapter>