将 IBM DB2 用于持久 OAuth 服务

IBM® DB2® 可用于持久 OAuth 服务。为了便利和参考的目的,此主题记录了为 OAuth 持久服务配置 DB2 所需的步骤。

要为持久 OAuth 服务配置 DB2,请完成下列步骤:
  1. 创建数据库和表。
    编辑并运行以下 SQL 语句以创建 OAuth 数据库和表:
    -- Change oauth2db to the name you want for the database
    
    CREATE DATABASE oauth2db USING CODESET UTF8 TERRITORY US;
    CONNECT TO oauth2db;
    
    ---- CREATE TABLES ----
    CREATE TABLE OAuthDBSchema.OAUTH20CACHE 
    (
      LOOKUPKEY VARCHAR(256) NOT NULL, 
      UNIQUEID VARCHAR(128) NOT NULL, 
      COMPONENTID VARCHAR(256) NOT NULL, 
      TYPE VARCHAR(64) NOT NULL, 
      SUBTYPE VARCHAR(64), 
      CREATEDAT BIGINT, 
      LIFETIME INT, 
      EXPIRES BIGINT, 
      TOKENSTRING VARCHAR(2048) NOT NULL, 
      CLIENTID VARCHAR(64) NOT NULL, 
      USERNAME VARCHAR(64) NOT NULL, 
      SCOPE VARCHAR(512) NOT NULL, 
      REDIRECTURI VARCHAR(2048), 
      STATEID VARCHAR(64) NOT NULL
      EXTENDEDFIELDS CLOB NOT NULL DEFAULT '{}' 
    );
    
    CREATE TABLE OAuthDBSchema.OAUTH20CLIENTCONFIG 
    (
      COMPONENTID VARCHAR(256) NOT NULL, 
      CLIENTID VARCHAR(256) NOT NULL, 
      CLIENTSECRET VARCHAR(256), 
      DISPLAYNAME VARCHAR(256) NOT NULL, 
      REDIRECTURI VARCHAR(2048), 
      ENABLED INT
      CLIENTMETADATA CLOB NOT NULL DEFAULT '{}'
    );
    
    CREATE TABLE OAuthDBSchema.OAUTH20CONSENTCACHE (
      CLIENTID VARCHAR(256) NOT NULL, 
      USERID VARCHAR(256),
      PROVIDERID VARCHAR(256) NOT NULL, 
      SCOPE VARCHAR(1024) NOT NULL, 
      EXPIRES BIGINT, 
      EXTENDEDFIELDS CLOB NOT NULL DEFAULT '{}' 
    );
    
    ---- ADD CONSTRAINTS ----
    ALTER TABLE OAuthDBSchema.OAUTH20CACHE 
      ADD CONSTRAINT PK_LOOKUPKEY PRIMARY KEY (LOOKUPKEY);
    
    ALTER TABLE OAuthDBSchema.OAUTH20CLIENTCONFIG 
      ADD CONSTRAINT PK_COMPIDCLIENTID PRIMARY KEY (COMPONENTID,CLIENTID);
    
    ---- CREATE INDEXES ----
    CREATE INDEX OAUTH20CACHE_EXPIRES ON OAUTHDBSCHEMA.OAUTH20CACHE (EXPIRES ASC);
    
    ---- GRANT PRIVILEGES ----
    ---- UNCOMMENT THE FOLLOWING IF YOU USE AN ACCOUNT OTHER THAN ADMINISTRATOR FOR DB ACCESS ----
    
    -- Change dbuser to the account you want to use to access your database 
    -- GRANT ALL ON OAuthDBSchema.OAUTH20CACHE TO USER dbuser;
    -- GRANT ALL ON OAuthDBSchema.OAUTH20CLIENTCONFIG TO USER dbuser;
    
    ---- END OF GRANT PRIVILIGES ----
    
    DISCONNECT CURRENT;
    缺省 DB2 侦听端口是 50000。如果您想要查找此端口,请运行以下命令并查找 SVCENAME 参数的值。如果它是一个数字,那么它是端口号。如果是名称,请在 /etc/services 文件中查找名称,或者查找 Windows 等价项(如果使用的是 Windows)。
    Linux/Unix: db2 get dbm cfg | grep SVCENAME
    Windows:    db2 get dbm cfg | findstr SVCENAME
    可以通过运行下列语句,在 DB2 中创建数据库和表:
    db2 -tvf createTables.sql
  2. 配置 WebSphere® Application Server Liberty 服务器。
    以下示例是使用 DB2 存储器的 OAuth 提供者的样本 server.xml 文件:
    <server>
      <featureManager>
        <feature>oauth-2.0</feature>
        <feature>ssl-1.0</feature>
        <feature>jdbc-4.0</feature>
        <feature>jndi-1.0</feature>
      </featureManager>
    
      <keyStore password="keyspass" />
    
      <oauth-roles>
        <authenticated>
          <user>testuser</user>
        </authenticated>
      </oauth-roles>
    
      <oauthProvider id="DBOAuth20Provider" oauthOnly="true"
                     filter="request-url%=AnnuityOAuthWeb/index.jsp">
        <databaseStore dataSourceRef="OAUTH2DBDS" />
      </oauthProvider>
    
      <jdbcDriver id="db2Universal" libraryRef="DB2JCC4LIB" />
    
      <library apiTypeVisibility="spec,ibm-api,third-party" filesetRef="db2jcc4"
               id="DB2JCC4LIB" />
    
      <fileset dir="${shared.resource.dir}/db2" id="db2jcc4"
               includes="db2jcc4.jar db2jcc_license_cu.jar" />
    
      <dataStore id="OAUTH2DBDS" jdbcDriverRef="db2Universal"
                 jndiName="jdbc/oauthProvider">
        <properties.db2.jcc databaseName="OAUTH2DB" driverType="4"
                            user="bob" password="abcdefg="
                            portNumber="50000"
                            serverName="db2.server.mycompany.com" />
      </dataStore>
    
      <webAppSecurity allowFailOverToBasicAuth="true" />
    
      <basicRegistry id="basic" realm="BasicRealm">
        <user name="testuser" password="testuserpwd" />
      </basicRegistry>
    </server
以下示例将客户机添加到 DB2:
INSERT INTO OAuthDBSchema.OAUTH20CLIENTCONFIG 
(
  COMPONENTID, 
  CLIENTID, 
  CLIENTSECRET, 
  DISPLAYNAME, 
  REDIRECTURI, 
  ENABLED
) 
VALUES 
(
  'DBOAuth20Provider', 
  'key', 
  'secret', 
  'My Client', 
  'https://localhost:9443/oauth/redirect.jsp', 
  1
)
注: Componentid 必须与 server.xml 文件中 oauthProvider 元素的标识相同。

用于指示主题类型的图标 概念主题



时间戳记图标 最近一次更新时间: Monday, 5 December 2016
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=cord&product=was-libcore-mp&topic=cwlp_oauth_db2
文件名:cwlp_oauth_db2.html