将 IBM DB2 用于持久 OAuth 服务
IBM® DB2® 可用于持久 OAuth 服务。为了便利和参考的目的,此主题记录了为 OAuth 持久服务配置 DB2 所需的步骤。
要为持久 OAuth 服务配置 DB2,请完成下列步骤:
注: Componentid 必须与 server.xml 文件中 oauthProvider 元素的标识相同。
- 创建数据库和表。编辑并运行以下 SQL 语句以创建 OAuth 数据库和表:
缺省 DB2 侦听端口是 50000。如果您想要查找此端口,请运行以下命令并查找 SVCENAME 参数的值。如果它是一个数字,那么它是端口号。如果是名称,请在 /etc/services 文件中查找名称,或者查找 Windows 等价项(如果使用的是 Windows)。-- Change oauth2db to the name you want for the database CREATE DATABASE oauth2db USING CODESET UTF8 TERRITORY US; CONNECT TO oauth2db; ---- CREATE TABLES ---- CREATE TABLE OAuthDBSchema.OAUTH20CACHE ( LOOKUPKEY VARCHAR(256) NOT NULL, UNIQUEID VARCHAR(128) NOT NULL, COMPONENTID VARCHAR(256) NOT NULL, TYPE VARCHAR(64) NOT NULL, SUBTYPE VARCHAR(64), CREATEDAT BIGINT, LIFETIME INT, EXPIRES BIGINT, TOKENSTRING VARCHAR(2048) NOT NULL, CLIENTID VARCHAR(64) NOT NULL, USERNAME VARCHAR(64) NOT NULL, SCOPE VARCHAR(512) NOT NULL, REDIRECTURI VARCHAR(2048), STATEID VARCHAR(64) NOT NULL EXTENDEDFIELDS CLOB NOT NULL DEFAULT '{}' ); CREATE TABLE OAuthDBSchema.OAUTH20CLIENTCONFIG ( COMPONENTID VARCHAR(256) NOT NULL, CLIENTID VARCHAR(256) NOT NULL, CLIENTSECRET VARCHAR(256), DISPLAYNAME VARCHAR(256) NOT NULL, REDIRECTURI VARCHAR(2048), ENABLED INT CLIENTMETADATA CLOB NOT NULL DEFAULT '{}' ); CREATE TABLE OAuthDBSchema.OAUTH20CONSENTCACHE ( CLIENTID VARCHAR(256) NOT NULL, USERID VARCHAR(256), PROVIDERID VARCHAR(256) NOT NULL, SCOPE VARCHAR(1024) NOT NULL, EXPIRES BIGINT, EXTENDEDFIELDS CLOB NOT NULL DEFAULT '{}' ); ---- ADD CONSTRAINTS ---- ALTER TABLE OAuthDBSchema.OAUTH20CACHE ADD CONSTRAINT PK_LOOKUPKEY PRIMARY KEY (LOOKUPKEY); ALTER TABLE OAuthDBSchema.OAUTH20CLIENTCONFIG ADD CONSTRAINT PK_COMPIDCLIENTID PRIMARY KEY (COMPONENTID,CLIENTID); ---- CREATE INDEXES ---- CREATE INDEX OAUTH20CACHE_EXPIRES ON OAUTHDBSCHEMA.OAUTH20CACHE (EXPIRES ASC); ---- GRANT PRIVILEGES ---- ---- UNCOMMENT THE FOLLOWING IF YOU USE AN ACCOUNT OTHER THAN ADMINISTRATOR FOR DB ACCESS ---- -- Change dbuser to the account you want to use to access your database -- GRANT ALL ON OAuthDBSchema.OAUTH20CACHE TO USER dbuser; -- GRANT ALL ON OAuthDBSchema.OAUTH20CLIENTCONFIG TO USER dbuser; ---- END OF GRANT PRIVILIGES ---- DISCONNECT CURRENT;
可以通过运行下列语句,在 DB2 中创建数据库和表:Linux/Unix: db2 get dbm cfg | grep SVCENAME Windows: db2 get dbm cfg | findstr SVCENAME
db2 -tvf createTables.sql
- 配置 WebSphere® Application Server Liberty 概要文件服务器。以下示例是使用 DB2 存储器的 OAuth 提供者的样本 server.xml 文件:
<server> <featureManager> <feature>oauth-2.0</feature> <feature>ssl-1.0</feature> <feature>jdbc-4.0</feature> <feature>jndi-1.0</feature> </featureManager> <keyStore password="keyspass" /> <oauth-roles> <authenticated> <user>testuser</user> </authenticated> </oauth-roles> <oauthProvider id="DBOAuth20Provider" oauthOnly="true" filter="request-url%=AnnuityOAuthWeb/index.jsp"> <databaseStore dataSourceRef="OAUTH2DBDS" /> </oauthProvider> <jdbcDriver id="db2Universal" libraryRef="DB2JCC4LIB" /> <library apiTypeVisibility="spec,ibm-api,third-party" filesetRef="db2jcc4" id="DB2JCC4LIB" /> <fileset dir="${shared.resource.dir}/db2" id="db2jcc4" includes="db2jcc4.jar db2jcc_license_cu.jar" /> <dataStore id="OAUTH2DBDS" jdbcDriverRef="db2Universal" jndiName="jdbc/oauthProvider"> <properties.db2.jcc databaseName="OAUTH2DB" driverType="4" user="bob" password="abcdefg=" portNumber="50000" serverName="db2.server.mycompany.com" /> </dataStore> <webAppSecurity allowFailOverToBasicAuth="true" /> <basicRegistry id="basic" realm="BasicRealm"> <user name="testuser" password="testuserpwd" /> </basicRegistry> </server
INSERT INTO OAuthDBSchema.OAUTH20CLIENTCONFIG
(
COMPONENTID,
CLIENTID,
CLIENTSECRET,
DISPLAYNAME,
REDIRECTURI,
ENABLED
)
VALUES
(
'DBOAuth20Provider',
'key',
'secret',
'My Client',
'https://localhost:9443/oauth/redirect.jsp',
1
)
![[8.5.5.2 或更高版本]](../ng_v8552.gif)