1 | XmlUserManager (com.bowman.cardserv.XmlUserManager)
|
---|
2 | ---------------------------------------------------
|
---|
3 |
|
---|
4 | XmlUserManager is a small extension of the built in example SimpleUserManager. Instead of reading user definitions
|
---|
5 | only from proxy.xml it can fetch an external xml file from any url. This can be a simpler alternative to a full
|
---|
6 | database usermanager, when maintaining the same set of users in a cluster of multiple proxies.
|
---|
7 |
|
---|
8 | - XmlUserManager uses the exact same xml format as SimpleUserManager (see proxy-reference.html).
|
---|
9 | - It will accept user definitions included in proxy.xml, just like SimpleUserManager. These are parsed before any
|
---|
10 | attempts are made to get external definitions, making it possible to have some local users in addition to the main
|
---|
11 | user db.
|
---|
12 | - If the same username exists both in proxy.xml and in the fetched user file, the local definition will be overwritten.
|
---|
13 |
|
---|
14 | ------------------------------------------------------
|
---|
15 |
|
---|
16 | The following are settings are available for XmlUserManager:
|
---|
17 |
|
---|
18 | <user-manager class="com.bowman.cardserv.XmlUserManager" log-failures="true">
|
---|
19 |
|
---|
20 | - To load the XmlUserManager, use the following user-manager class name: com.bowman.cardserv.XmlUserManager
|
---|
21 | Changing from one user-manager to another requires a proxy restart.
|
---|
22 |
|
---|
23 | <auth-config>
|
---|
24 | <user-file-url>http://192.168.0.5/users.xml</user-file-url>
|
---|
25 |
|
---|
26 | - The url of the xml file with user definitions. The file should match the auth-config for SimpleUserManager, but
|
---|
27 | the top level element is ignored. See config/users.example.xml for an example.
|
---|
28 | Any url can be used, including https/ftp with user:passwd@hostname type auth info.
|
---|
29 | File urls are also accepted. NOTE: Relative file urls are written with no initial slashes, e.g: file:etc/users.xml
|
---|
30 |
|
---|
31 | NOTE: When using a http/https url, it doesn't have to point to an actual static xml file. A php/jsp/asp page that
|
---|
32 | renders the xml dynamically from an underlying database is a more flexible solution.
|
---|
33 |
|
---|
34 | <user-file-key>asdf22</user-file-key>
|
---|
35 |
|
---|
36 | - Optionally, the user file can be blowfish encrypted using the included fishenc.jar tool (found in lib). If the
|
---|
37 | file is not encrypted, omit the user-file-key element entirely.
|
---|
38 |
|
---|
39 | <update-interval>5</update-interval> <!-- minutes -->
|
---|
40 |
|
---|
41 | - How often to check for changes in the user file. If no changes have occured, the file will not be fetched/parsed.
|
---|
42 |
|
---|
43 | <user name="local1" password="test" ip-mask="192.168.0.*" profiles="cable" admin="true"/>
|
---|
44 | <user name="local2" password="test" debug="true"/>
|
---|
45 |
|
---|
46 | </auth-config>
|
---|
47 | </user-manager>
|
---|
48 |
|
---|
49 | ------------------------------------------------------
|
---|
50 |
|
---|
51 | NOTE: Errors in the user file will not prevent the proxy from starting, it will only log warnings if unable to
|
---|
52 | fetch/parse the file. Local users in proxy.xml will still be available.
|
---|
53 | Should the user file become temporarily unavailable or broken, the proxy will keep using the last known working one.
|
---|
54 | To see exactly what XmlUserManager is doing, use log-level FINE.
|
---|
55 |
|
---|
56 | As of 0.8.8 it is possible to specify multiple source urls, using the following format:
|
---|
57 |
|
---|
58 | <auth-config>
|
---|
59 |
|
---|
60 | <user-source name="someusers">
|
---|
61 | <user-file-url>http://192.168.0.5/users.xml</user-file-url>
|
---|
62 | <user-file-key>asdf22</user-file-key>
|
---|
63 | </user-source>
|
---|
64 | <user-source name="otherusers">
|
---|
65 | <user-file-url>https://admin:secret@some.host.com/users.php</user-file-url>
|
---|
66 | </user-source>
|
---|
67 | <user-source name="localusers">
|
---|
68 | <user-file-url>file:///tmp/users.xml</user-file-url>
|
---|
69 | </user-source>
|
---|
70 |
|
---|
71 | <update-interval>5</update-interval> <!-- minutes -- >
|
---|
72 |
|
---|
73 | </auth-config>
|
---|