This documentation is for WSO2 Carbon 4.4.3. View documentation for the latest release.
Page Comparison - Configuring the Authorization Manager (v.7 vs v.8) - Carbon 4.4.3 - WSO2 Documentation
Due to a known issue do not use JDK1.8.0_151 with WSO2 products. Use JDK 1.8.0_144 until JDK 1.8.0_162-ea is released.

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Once you have set up a new RDBMS and configured the datasource, the the user-mgt.xml file  file (user realm configuration) should be updated as explained below.

...

Update the datasource information using the the <Property> element under <Configuration>. The jndi name of the datasource should be used to refer to the datasource element under <Configuration>. Given below are the properties that are set by default.

Property Name

Description

Mandatory/Optional
dataSource

This is the jndi name of the datasource that is used for referring to the datasourceIn the following example,

...

the jndi name of the

...

default datasource defined in the <PRODUCT_HOME>/repository/conf/datasources/master-datasources.xml file is linked from the user-mgt.xml file.

...

Mandatory

...

languagehtml/xml
linenumberstrue
isCascadeDeleteEnabled
This property is set to 'true' by default, which enables cascade delete for the UM_USER_PERMISSION and UM_ROLE_PERMISSION tables when a permission gets deleted from the UM_PERMISSION table. That is, if a record in the parent table is deleted the corresponding records in the child table will be automatically deleted.Mandatory

You can add more optional configurations using the the <Property> element element:

Property Name

Description

Mandatory/Optional
testOnBorrow

It is recommended to set this property to 'true' so that object connections will be validated before being borrowed from the JDBC pool. For this property to be effective, the validationQuery parameter in the <PRODUCT_HOME>/repository/conf/datasources/master-datasources.xml file should be a non-string value. This setting will avoid connection failures. See the section on performance tuning of WSO2 products for more information.

Optional

Configuring the Authorization Manager

Shown below is how the Authorization Manager is enabled in the user-mgt.xml file.

Code Block
<AuthorizationManager class="org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager">
        <Property name="AdminRoleManagementPermissions">/permission</Property>
	    <Property name="AuthorizationCacheEnabled">true</Property>
</AuthorizationManager>
  • The The org.wso2.carbon.user.core.authorization.JDBCAuthorizationManager class  class enables the Authorization Manager for your product.
  • The AdminRoleManagementPermissions property  property sets the registry path where the authorization information (role-based permissions) are stored. Note that this links to the repository that you defined in in Step 1.
  • It is recommended to enable the the GetAllRolesOfUserEnabled property  property in the the AuthorizationManager as  as follows:

    Code Block
    <Property name="GetAllRolesOfUserEnabled">true</Property>

    Although using the user store manager does not depend on this property, you must consider enabling this if there are any performance issues in your production environment. Enabling this property affects the performance when the user logs in. This depends on the users, roles and permission stats.

  • By default, the rules linked to a permission (role name, action, resource) are not case sensitive. If you want to make them case sensitive, enable the following property:

    Code Block
    <Property name="CaseSensitiveAuthorizationRules">true</Property>