将 Derby 数据库用于持久 OAuth 服务

可以将 Derby 数据库用于持久 OAuth 服务。为了方便起见和供您参考,本主题说明了为 OAuth 持久服务配置 Derby 数据库(相对于 OAuth 服务而言处于远程位置或本地位置)时需要执行的步骤。

要为持久 OAuth 服务配置 Derby 数据库,请完成下列步骤:
  1. 创建数据库和表。
    编辑并运行以下 SQL 语句以创建 OAuth 数据库和表:
    --- Change oauth2db to the name you want for the database
    --- Connect to Derby, choose one connection option to uncomment
    --- if connecting to Derby as network server
    --- CONNECT 'jdbc:derby://localhost:1527/oauth2db;create=true';
    
    --- if connecting to embedded derby, you can change D:\oauth2db to location of database
    --- CONNECT 'jdbc:derby:D:\oauth2db;create=true';
    
    --- if creating tables in existing Derby database, remove the create=true parameter. 
    
    ----- CREATE TABLES -----
    CREATE TABLE OAuthDBSchema.OAUTH20CACHE (
      LOOKUPKEY VARCHAR(256) NOT NULL, 
      UNIQUEID VARCHAR(128) NOT NULL, 
      COMPONENTID VARCHAR(256) NOT NULL, 
      TYPE VARCHAR(64) NOT NULL, 
      SUBTYPE VARCHAR(64), 
      CREATEDAT BIGINT, 
      LIFETIME INT, 
      EXPIRES BIGINT, 
      TOKENSTRING VARCHAR(2048) NOT NULL, 
      CLIENTID VARCHAR(64) NOT NULL, 
      USERNAME VARCHAR(64) NOT NULL, 
      SCOPE VARCHAR(512) NOT NULL, 
      REDIRECTURI VARCHAR(2048), 
      STATEID VARCHAR(64) NOT NULL
      EXTENDEDFIELDS CLOB NOT NULL DEFAULT '{}' 
    );
    
    CREATE TABLE OAuthDBSchema.OAUTH20CLIENTCONFIG (
      COMPONENTID VARCHAR(256) NOT NULL, 
      CLIENTID VARCHAR(256) NOT NULL, 
      CLIENTSECRET VARCHAR(256), 
      DISPLAYNAME VARCHAR(256) NOT NULL, 
      REDIRECTURI VARCHAR(2048), 
      ENABLED INT
      CLIENTMETADATA CLOB NOT NULL DEFAULT '{}'
    );
    
    CREATE TABLE OAuthDBSchema.OAUTH20CONSENTCACHE (
      CLIENTID VARCHAR(256) NOT NULL, 
      USERID VARCHAR(256),
      PROVIDERID VARCHAR(256) NOT NULL, 
      SCOPE VARCHAR(1024) NOT NULL, 
      EXPIRES BIGINT, 
      EXTENDEDFIELDS CLOB NOT NULL DEFAULT '{}' 
    );
    
    ----- ADD CONSTRAINTS -----
    ALTER TABLE OAuthDBSchema.OAUTH20CACHE 
      ADD CONSTRAINT PK_LOOKUPKEY PRIMARY KEY (LOOKUPKEY);
    
    ALTER TABLE OAuthDBSchema.OAUTH20CLIENTCONFIG 
      ADD CONSTRAINT PK_COMPIDCLIENTID PRIMARY KEY (COMPONENTID,CLIENTID);
    
    ----- CREATE INDEXES -----
    CREATE INDEX OAUTH20CACHE_EXPIRES ON OAUTHDBSCHEMA.OAUTH20CACHE (EXPIRES ASC);
    
    DISCONNECT CURRENT;
    通过使用以下命令启动 ij 来运行 createTables.sql 文件:
    ij createTables.sql
  2. 配置 WebSphere® Application Server Liberty 服务器。
    以下示例是使用 Derby 数据库存储器的 OAuth 提供程序的样本 server.xml 文件:
    <server>
    
      <featureManager>
        <feature>oauth-2.0</feature>
        <feature>ssl-1.0</feature>
        <feature>jdbc-4.0</feature>
        <feature>jndi-1.0</feature>
      </featureManager>
    
      <keyStore password="keyspass" />
    
      <oauth-roles>
        <authenticated>
          <user>testuser</user>
        </authenticated>
      </oauth-roles>
    
      <oauthProvider id="OAuthConfigDerby" filter="request-url%=ssodemo"
                     oauthOnly="false">
        <databaseStore dataSourceRef="OAuthDerbyDataSource" />
      </oauthProvider>
    
      <jdbcDriver id="DerbyEmbedded" libraryRef="DerbyLib" />
    
      <library id="DerbyLib" filesetRef="DerbyFileset" />
    
      <fileset id="DerbyFileset" dir="${DERBY_JDBC_DRIVER_PATH}"
               includes="derby.jar" />
    
      <dataSource id="OAuthDerbyDataSource" jndiName="jdbc/OAuth2DB"
                  jdbcDriverRef="DerbyEmbedded">
        <properties.derby.embedded databaseName="D:\oauth2db"
                                   createDatabase="create"/>
      </dataSource>
    
      <webAppSecurity allowFailOverToBasicAuth="true" />
    
      <basicRegistry id="basic" realm="BasicRealm">
        <user name="testuser" password="testuserpwd" />
      </basicRegistry>
    </server>
    注: Componentid 必须与 server.xml 文件中 oauthProvider 元素的标识相同。

用于指示主题类型的图标 概念主题



时间戳记图标 最近一次更新时间: Monday, 5 December 2016
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-libcore-mp&topic=cwlp_oauth_derby
文件名:cwlp_oauth_derby.html