Skip to main content
Skip table of contents

JDBC Authentication Swiftlet

The JDBC Authentication Swiftlet is a replacement for the standard Authentication Swiftlet and utilizes a database server to authenticate users and authorize access to SwiftMQ resources via JDBC.

All known authentication entities such as users, groups, grants, and resource limit groups are used from the JDBC Authentication Swiftlet as well.

These entities are defined as a SQL table schema that is part of the JDBC Authentication Swiftlet distribution and which must be installed first. Default users and groups are created during the schema installation. The entities are the same as with the standard Authentication Swiftlet (e.g. user anonymous, group public etc).

The access from a SwiftMQ router to the database server takes place via JDBC. After the SQL schema has been installed and necessary entries (users etc) have been created, the JDBC Authentication Swiftlet must be configured concerning the JDBC driver class name, JDBC URL, database user, and password. This user has to have permission to read the tables. The JDBC Authentication Swiftlet does not write to the database server. Thereafter, the SwiftMQ router can be started and will use the configured database server for authentication. It is possible that different SwiftMQ routers use a single database server concurrently.

The JDBC Authentication Swiftlet uses a single JDBC connection. To speed up authentication, caching can be enabled. All fetched authentication objects (users, groups, resource limit groups) are stored in memory then and will be used during further authentication processing. They expire after a configurable time, and will be removed from the cache and fetched from the database server again the next time they are used. Therefore, database changes are visible in SwiftMQ after the particular objects have been expired in the cache and are being reloaded from the database server. Caching is enabled by default and uses an expiration of 5 minutes.

If the JDBC connection is closed, e.g. by an inactivity timeout, it will be transparently recreated by the JDBC Authentication Swiftlet when it accesses the database the next time.

SQL Schema

Installation

The distribution of the JDBC Authentication Swiftlet contains the following directories:

CODE 
    sql/mssqlserver
    sql/oracle

Directory sql/mssqlserver contains SwiftMQ's SQL table schema for Microsoft SQL Server.

Directory sql/oracle contains SwiftMQ's SQL table schema for Oracle.

Both schemes are identical. They differ only in the SQL syntax. The following tables are created during the installation:

  • USERS - contains users.

  • HOSTACCESSLISTS - contains optional host access lists per user.

  • QUEUEGRANTS - contains queue grants of authentication groups.

  • TOPICGRANTS - contains topic grants of authentication groups.

  • RESOURCELIMITGROUPS - contains resource limit groups.

Default users such as anonymous, admin are created during the installation.

To avoid BIT columns we use VARCHAR(1) types for the queue and topic grants. To grant a right, the value of the resp. column has to be Y, to revoke it, specify N.

SQL Statement Mapping

The SQL statements used from the JDBC Authentication Swiftlet are defined within the entity statements:

XML 
 <entity name="statements" display="SQL Statements" description="SQL Statements">
     <property name="schema-prefix"
               type="java.lang.String"
               display="Schema Prefix"
               description="Schema Prefix for Tables"
               reboot-required="true"/>
     <property name="user-select"
               type="java.lang.String"
               display="User/Select"
               description="Select a single User"
               default="select password,authgroupname,rlgroupname from ${schema-prefix}users where username = ?"
               reboot-required="true"/>
     <property name="hostaccesslist-select"
               type="java.lang.String"
               display="Host Access List/Select"
               description="Select Host Access List of a User"
               default="select hostnamepredicate from ${schema-prefix}hostaccesslists where username = ?"
               reboot-required="true"/>
     <property name="queuegrants-select"
               type="java.lang.String"
               display="Queue Grants/Select"
               description="Select Queue Grants of a Group"
               default="select queuename,browsegrant,sendgrant,receivegrant from ${schema-prefix}queuegrants where authgroupname = ?"
               reboot-required="true"/>
     <property name="topicgrants-select"
               type="java.lang.String"
               display="Topic Grants/Select"
               description="Select Topic Grants of a Group"
               default="select topicname,subscribegrant,publishgrant,durablegrant from ${schema-prefix}topicgrants where authgroupname = ?"
               reboot-required="true"/>
     <property name="resourcelimitgroups-select"
               type="java.lang.String"
               display="Resource Limit Groups/Select"
               description="Select a Resource Limit Group"
               default="select maxconnections,maxsessions,maxtempqueues,maxproducers,maxconsumers from ${schema-prefix}resourcelimitgroups where rlgroupname = ?"
               reboot-required="true"/>
 </entity>

The default values (statements) match with the default SQL schema, stored under the sql/<database>directory. However, you can overwrite any SQL statement and can use another SQL schema, therefore.

Each default statement contains a ${schema-prefix} in front of the table name. This variable will be substituted with the value of the schema-prefix attribute. For example, in case the SwiftMQ tables are stored under a schema swiftmq in the database, the table name needs to be prefixed sometimes with the schema name. In this case, the attribute schema-prefix must contain the name of the schema with a trailing dot '.', e.g. swiftmq.. This results in swiftmq.users for the users table name in the SQL statements.

Installation

You must stop the router before you install this Kernel Swiftlet. Then copy the content of the optional-swiftlets/kernel/sys_authentication_jdbc/deploy subdirectory of this Kernel Swiftlet into the directory kernel/sys$authentication.

Copy the JDBC driver jar files into kernel/sys$authentication. Note that you cannot use zip files. If your JDBC driver is provided as a zip file, then you have to convert it to a jar file.

Configuration

The configuration of the JDBC Authentication Swiftlet is defined within the element

XML 
      <swiftlet name="sys$authentication" .../>

of the router's configuration file.

Attributes of Element "swiftlet"

Definition

Attribute

Type

Mandatory

Description

authentication-enabled

java.lang.Boolean

No

Enabes/Disables Authentication

Values

Attribute

Values

authentication-enabled

Default: false

Element "jdbc-connection", Parent Element: "swiftlet"

JDBC Connection.

Definition

Attribute

Type

Mandatory

Description

driver-classname

java.lang.String

Yes

Name of the JDBC Driver Class

url

java.lang.String

Yes

JDBC URL

username

java.lang.String

No

JDBC Username

password

java.lang.String

No

JDBC Password

retry-interval

java.lang.Long

No

Retry Interval (0 disables retry)

retry-max

java.lang.Integer

No

Maximum Retries

Values

Attribute

Values

driver-classname

url

username

password

retry-interval

Default: 1000

retry-max

Min: 1
Default: 10

Element "statements", Parent Element: "swiftlet"

SQL Statements.

Definition

Attribute

Type

Mandatory

Description

schema-prefix

java.lang.String

No

Schema Prefix for Tables

user-select

java.lang.String

No

Select a single User

hostaccesslist-select

java.lang.String

No

Select Host Access List of a User

queuegrants-select

java.lang.String

No

Select Queue Grants of a Group

topicgrants-select

java.lang.String

No

Select Topic Grants of a Group

resourcelimitgroups-select

java.lang.String

No

Select a Resource Limit Group

Values

Attribute

Values

schema-prefix

user-select

Default: select password,authgroupname,rlgroupname from ${schema-prefix}users where username = ?

hostaccesslist-select

Default: select hostnamepredicate from ${schema-prefix}hostaccesslists where username = ?

queuegrants-select

Default: select queuename,browsegrant,sendgrant,receivegrant from ${schema-prefix}queuegrants where authgroupname = ?

topicgrants-select

Default: select topicname,subscribegrant,publishgrant,durablegrant from ${schema-prefix}topicgrants where authgroupname = ?

resourcelimitgroups-select

Default: select maxconnections,maxsessions,maxtempqueues,maxproducers,maxconsumers from ${schema-prefix}resourcelimitgroups where rlgroupname = ?

Element "cache", Parent Element: "swiftlet"

Cache.

Definition

Attribute

Type

Mandatory

Description

enabled

java.lang.Boolean

No

Enabes/Disables Caching

expiration

java.lang.Long

No

A cached Entity expires after this time (ms)

Values

Attribute

Values

enabled

Default: true

expiration

Min: 1000
Default: 300000

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close