This module allows users to create their own accounts for use with the system. Two main modes of operation are
- Create confirmed entries in an ldap directory
- Keep entries in a database and mark them when confirmed
Unconfirmed entries cannot be used for authentication.
Use:
- User goes to /selfreg/index.html and receives a form
- Fills in the form receives an email.
- Follows the link to confirm.
Configuration
Selfreg requires a database to hold data about users. If ldap authentication is desired the ldap parameters need to be set in the configuration. In both cases ensure an appropriate database has been created and there is a datasource present. There are sample data sources in the bedework/config/datasources directory. The datasource is used both by the selfreg module and by the DatabaseServerLoginModule if db authentication is desired.
Create the schema in the usual manner via the jmx console:
- set export true - apply changes
- start schema operation.
Make sure the following properties are set correctly
- Message Digest - set exactly to the value in the hashAlgorithm element below, SHA, MD5 are acceptable
- Account prefix - the accounts created may be the only accounts for your system in which case leave this empty. If you have multiple sets of accounts you need to ensure they will not overlap. Set this to a value that ensures that. For example, if all your accounts are 2 letters + 4 digits then prefixing with any letter will work. Selfreg generates acounts of that form in the absence of a prefix.
- ConfirmUrl - this is what prefixes the url to confirm the creation. Something of the form http://localhost:8080/selfreg - the host, port and context.
DatabaseServerLoginModule
This is the standard jboss module. For jboss 5 add the following to the login-config.xml file
<application-policy name="bwselfreg">
<authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/selfregDS</module-option>
<module-option name="principalsQuery">select bw_pw from bw_accounts where bw_account=? and bw_enabled='T'</module-option>
<module-option name="rolesQuery">select bw_role, 'Roles' from bw_roles where bw_account=?</module-option>
<module-option name="hashAlgorithm">SHA</module-option>
<module-option name="hashEncoding">base64</module-option>
</login-module>
</authentication>
</application-policy>