From e982e91846154c9dbf67c6a951f3e05d98df3621 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Fri, 1 Aug 2008 13:57:42 +0000
Subject: [PATCH] SEC-944: Added db schema reference (and start of namespace
 appendix)

---
 src/docbkx/appendix-db-schema.xml | 119 ++++++++++++++++++++++++++++++
 src/docbkx/appendix-namespace.xml |  23 ++++++
 src/docbkx/springsecurity.xml     |   2 +
 3 files changed, 144 insertions(+)
 create mode 100644 src/docbkx/appendix-db-schema.xml
 create mode 100644 src/docbkx/appendix-namespace.xml

diff --git a/src/docbkx/appendix-db-schema.xml b/src/docbkx/appendix-db-schema.xml
new file mode 100644
index 0000000000..d501aa5a06
--- /dev/null
+++ b/src/docbkx/appendix-db-schema.xml
@@ -0,0 +1,119 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<appendix version="5.0" xml:id="appendix-schema" xmlns="http://docbook.org/ns/docbook"
+  xmlns:xlink="http://www.w3.org/1999/xlink" 
+  xmlns:xi="http://www.w3.org/2001/XInclude">
+
+  <info>
+    <title>Security Database Schema</title>
+  </info>
+  <para>
+    There are various database schema used by the framework and this appendix 
+    provides a single reference point to them all. You only need to 
+    provide the tables for the areas of functonality you require. 
+  </para>
+  <para>
+    DDL statements are given for the HSQLDB database. You can use these as a guideline for defining the
+    schema for the database you are using.
+  </para>
+  
+  <section>
+    <title>User Schema</title>
+    <para>
+      The standard JDBC implementation of the <interfacename>UserDetailsService</interfacename> requires tables
+      to load the password, account status (enabled or disabled) and a list of authorities (roles) for the user.
+<programlisting xml:id="db_schema_users_authorities">
+  create table users(
+      username varchar_ignorecase(50) not null primary key,
+      password varchar_ignorecase(50) not null,
+      enabled boolean not null);
+
+  create table authorities (
+      username varchar_ignorecase(50) not null,
+      authority varchar_ignorecase(50) not null,
+      constraint fk_authorities_users foreign key(username) references users(username));
+      create unique index ix_auth_username on authorities (username,authority);;
+</programlisting>      
+    </para>
+    
+    <section>
+      <title>Group Authorities</title>
+      <para>
+        Spring Security 2.0 introduced support for group authorities
+        <programlisting xml:id="db-schema-groups">
+create table groups (
+  id bigint generated by default as identity(start with 0) primary key, 
+  group_name varchar_ignorecase(50) not null);
+
+create table group_authorities (
+  group_id bigint not null, 
+  authority varchar(50) not null, 
+  constraint fk_group_authorities_group foreign key(group_id) references groups(id));
+
+create table group_members (
+  id bigint generated by default as identity(start with 0) primary key, 
+  username varchar(50) not null, 
+  group_id bigint not null, 
+  constraint fk_group_members_group foreign key(group_id) references groups(id));
+        </programlisting>
+      </para>
+    </section>
+  </section>
+
+  <section>
+    <title>Persistent Login (Remember-Me) Schema</title>
+    <para>
+<programlisting xml:id="db-schema-remeber-me">
+create table persistent_logins (
+  username varchar(64) not null, 
+  series varchar(64) primary key,
+  token varchar(64) not null, 
+  last_used timestamp not null);
+</programlisting>      
+    </para>
+  </section>
+
+  <section>
+    <title>ACL Schema</title>
+    <para>
+      
+<programlisting xml:id="dbschema-acl"> 
+create table acl_sid (
+  id bigint generated by default as identity(start with 100) not null primary key,
+  principal boolean not null,
+  sid varchar_ignorecase(100) not null,
+  constraint unique_uk_1 unique(sid,principal) );
+
+create table acl_class (
+  id bigint generated by default as identity(start with 100) not null primary key, 
+  class varchar_ignorecase(100) not null, 
+  constraint unique_uk_2 unique(class) );
+
+create table acl_object_identity (
+  id bigint generated by default as identity(start with 100) not null primary key, 
+  object_id_class bigint not null, 
+  object_id_identity bigint not null, 
+  parent_object bigint, 
+  owner_sid bigint, 
+  entries_inheriting boolean not null, 
+  constraint unique_uk_3 unique(object_id_class,object_id_identity), 
+  constraint foreign_fk_1 foreign key(parent_object)references acl_object_identity(id), 
+  constraint foreign_fk_2 foreign key(object_id_class)references acl_class(id), 
+  constraint foreign_fk_3 foreign key(owner_sid)references acl_sid(id) );
+
+create table acl_entry ( 
+  id bigint generated by default as identity(start with 100) not null primary key, 
+  acl_object_identity bigint not null,ace_order int not null,sid bigint not null, 
+  mask integer not null,granting boolean not null,audit_success boolean not null, 
+  audit_failure boolean not null,constraint unique_uk_4 unique(acl_object_identity,ace_order), 
+  constraint foreign_fk_4 foreign key(acl_object_identity) references acl_object_identity(id), 
+  constraint foreign_fk_5 foreign key(sid) references acl_sid(id) );
+
+</programlisting>      
+      
+      
+    </para>
+  </section>
+  
+
+
+</appendix>
\ No newline at end of file
diff --git a/src/docbkx/appendix-namespace.xml b/src/docbkx/appendix-namespace.xml
new file mode 100644
index 0000000000..9101e17959
--- /dev/null
+++ b/src/docbkx/appendix-namespace.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<appendix version="5.0" xml:id="appendix-namespace" xmlns="http://docbook.org/ns/docbook"
+  xmlns:xlink="http://www.w3.org/1999/xlink" 
+  xmlns:xi="http://www.w3.org/2001/XInclude">
+
+  <info>
+    <title>The Security Namespace</title>
+  </info>
+  
+  <para>
+    This provides a reference to the elements available in the security namespace and infromation on 
+    the underlying beans they create. If you haven't used the namespace before, please read the 
+    <link xlink:href="#ns-config">introductory chapter</link>.
+  </para>
+  
+  <section>
+    <title>The <literal>&lt;http&gt;</literal> Element</title>
+    <para>
+      This element encapsulates the security configuration for the web layer of your application.
+    </para>
+  </section>
+  
+</appendix>
\ No newline at end of file
diff --git a/src/docbkx/springsecurity.xml b/src/docbkx/springsecurity.xml
index a22a7c2887..e44bdad0aa 100644
--- a/src/docbkx/springsecurity.xml
+++ b/src/docbkx/springsecurity.xml
@@ -195,6 +195,8 @@
     <xi:include href="runas-auth-provider.xml" />
 
     <xi:include href="container-adapters.xml"/>
+    
+    <xi:include href="appendix-db-schema.xml"/>    
 
   </part>