Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SEC-944: Added db schema reference (and start of namespace appendix)

This commit is contained in:
Luke Taylor 2008-08-01 13:57:42 +00:00
parent 54ac7b3e46
commit e982e91846
3 changed files with 144 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
src/docbkx/appendix-db-schema.xml Normal file
View File

@ -0,0 +1,119 @@
<?xml version="1.0" encoding="UTF-8"?>
<appendix version="5.0" xml:id="appendix-schema" xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<info>
<title>Security Database Schema</title>
</info>
<para>
There are various database schema used by the framework and this appendix
provides a single reference point to them all. You only need to
provide the tables for the areas of functonality you require.
</para>
<para>
DDL statements are given for the HSQLDB database. You can use these as a guideline for defining the
schema for the database you are using.
</para>
<section>
<title>User Schema</title>
<para>
The standard JDBC implementation of the <interfacename>UserDetailsService</interfacename> requires tables
to load the password, account status (enabled or disabled) and a list of authorities (roles) for the user.
<programlisting xml:id="db_schema_users_authorities">
create table users(
username varchar_ignorecase(50) not null primary key,
password varchar_ignorecase(50) not null,
enabled boolean not null);
create table authorities (
username varchar_ignorecase(50) not null,
authority varchar_ignorecase(50) not null,
constraint fk_authorities_users foreign key(username) references users(username));
create unique index ix_auth_username on authorities (username,authority);;
</programlisting>
</para>
<section>
<title>Group Authorities</title>
<para>
Spring Security 2.0 introduced support for group authorities
<programlisting xml:id="db-schema-groups">
create table groups (
id bigint generated by default as identity(start with 0) primary key,
group_name varchar_ignorecase(50) not null);
create table group_authorities (
group_id bigint not null,
authority varchar(50) not null,
constraint fk_group_authorities_group foreign key(group_id) references groups(id));
create table group_members (
id bigint generated by default as identity(start with 0) primary key,
username varchar(50) not null,
group_id bigint not null,
constraint fk_group_members_group foreign key(group_id) references groups(id));
</programlisting>
</para>
</section>
</section>
<section>
<title>Persistent Login (Remember-Me) Schema</title>
<para>
<programlisting xml:id="db-schema-remeber-me">
create table persistent_logins (
username varchar(64) not null,
series varchar(64) primary key,
token varchar(64) not null,
last_used timestamp not null);
</programlisting>
</para>
</section>
<section>
<title>ACL Schema</title>
<para>
<programlisting xml:id="dbschema-acl">
create table acl_sid (
id bigint generated by default as identity(start with 100) not null primary key,
principal boolean not null,
sid varchar_ignorecase(100) not null,
constraint unique_uk_1 unique(sid,principal) );
create table acl_class (
id bigint generated by default as identity(start with 100) not null primary key,
class varchar_ignorecase(100) not null,
constraint unique_uk_2 unique(class) );
create table acl_object_identity (
id bigint generated by default as identity(start with 100) not null primary key,
object_id_class bigint not null,
object_id_identity bigint not null,
parent_object bigint,
owner_sid bigint,
entries_inheriting boolean not null,
constraint unique_uk_3 unique(object_id_class,object_id_identity),
constraint foreign_fk_1 foreign key(parent_object)references acl_object_identity(id),
constraint foreign_fk_2 foreign key(object_id_class)references acl_class(id),
constraint foreign_fk_3 foreign key(owner_sid)references acl_sid(id) );
create table acl_entry (
id bigint generated by default as identity(start with 100) not null primary key,
acl_object_identity bigint not null,ace_order int not null,sid bigint not null,
mask integer not null,granting boolean not null,audit_success boolean not null,
audit_failure boolean not null,constraint unique_uk_4 unique(acl_object_identity,ace_order),
constraint foreign_fk_4 foreign key(acl_object_identity) references acl_object_identity(id),
constraint foreign_fk_5 foreign key(sid) references acl_sid(id) );
</programlisting>
</para>
</section>
</appendix>

23
src/docbkx/appendix-namespace.xml Normal file
View File

@ -0,0 +1,23 @@
<?xml version="1.0" encoding="UTF-8"?>
<appendix version="5.0" xml:id="appendix-namespace" xmlns="http://docbook.org/ns/docbook"
xmlns:xlink="http://www.w3.org/1999/xlink"
xmlns:xi="http://www.w3.org/2001/XInclude">
<info>
<title>The Security Namespace</title>
</info>
<para>
This provides a reference to the elements available in the security namespace and infromation on
the underlying beans they create. If you haven't used the namespace before, please read the
<link xlink:href="#ns-config">introductory chapter</link>.
</para>
<section>
<title>The <literal>&lt;http&gt;</literal> Element</title>
<para>
This element encapsulates the security configuration for the web layer of your application.
</para>
</section>
</appendix>

2
src/docbkx/springsecurity.xml
View File

@ -195,6 +195,8 @@
<xi:include href="runas-auth-provider.xml" /> <xi:include href="runas-auth-provider.xml" />
<xi:include href="container-adapters.xml"/> <xi:include href="container-adapters.xml"/>
<xi:include href="appendix-db-schema.xml"/>
</part> </part>