SuperMap GIS server stores security information in SQLite database by default, including users, user groups, amd role access rights, and supports storing security information in MySQL/Oracle/PostgreSQL databases, and other custom storage locations.
Administrators can set the storage location for security information on the Security->Security Config page. Specifically, the administrator can:
Use SQLite database storage
The SuperMap GIS server stores security information and service information in a SQLite database by default, For example, the storage directory is located in 【SuperMap iServer installation directory】\webapps\iserver\WEB-INF, which corresponds to iserver-security.db and iserver-services.db respectively.
You can modify the location and name of the SQLite database that stores the security and service information as needed. For example, change security info storage location to ./WEB-INF/iserver-security2016, click the Switch button, and the iServer will automatically initialize the administrator information (when starting the iServer for the first time) synchronizing to 【SuperMap iServer installation directory】\webapps\iserver\WEB-INF\iserver-security2016.db. The database is also used to store subsequently generated security information.
Use MySQL database storage
SuperMap GIS server supports security info storage in MySQL database. If you don't already have MySQL available service, you need to install and configure the data library first. For details, please refer to MySQL installation and configuration . The configuration of using MySQL database to store security information is as follows:
- Storage type: Select the MySQL database.
- Service address: The service address of MySQL is {ip}:{port}/{database}. Where {IP} is the IP address of the machine where MySQL is located. {port} is the service port of MySQL, which is 3306 by default. {database} is the name of the database. These parameters you can use according to your installed MySQL to configure the actual situation.
- User name: a user with database {database} permissions.
- Password: The password for this user.
- Use the administrator stored in the database: for the case that the initial administrator (for example: admin 1) has been stored in the database, there are two options: if it is not checked by default, the current administrator will be used Initialization administrator of iServer (admin 2), overwriting the initialization administrator stored in the database (the administrator stored in the database will be overwritten as admin2); if checked, the initialization administrator already stored in the database (admin 1) will be used instead of the current administrator of the iServer (for example, admin 2).
Using Oracle Database Storage
The SuperMap GIS server supports security info storage in an Oracle database. If you do not already have Oracle available service, you need to install and configure the data library first. For specific methods, please refer to Oracle installation and configuration . Use The Oracle database is configured to store security information as follows:
- Storage type: Select the Oracle database.
- Service address: Oracle's service address is {ip}:{port}/{database}. Where {IP} is the IP address of the Oracle machine. {port} is the service port of Oracle, which is 1521 by default. {database} is the name of the database, which is set when you install the database instance name in Oracle. The default is ORCL. These parameters can be configured according to your Oracle installation.
- User name: a user who has been assigned a tablespace and has permissions for the tablespace.
- Password: The password for this user.
- Use the administrator stored in the database: for the case that the initial administrator (for example: admin 1) has been stored in the database, there are two options: if it is not checked by default, the current administrator will be used Initialization administrator of iServer (admin 2), overwriting the initialization administrator stored in the database (the administrator stored in the database will be overwritten as admin2); if checked, the initialization administrator already stored in the database (admin 1) will be used instead of the current administrator of the iServer (for example, admin 2).
Use PostgreSQL, Kingbase, GaussDB, Vastbase, GBase 8c, HighGoDB database storage
SuperMap GIS server supports security info storage in PostgreSQL, Kingbase, GaussDB. Vastbase, HighGoDB and GBase 8c databases, and the configuration methods for the five databases are the same.
Using PostgreSQL as an example, if you don't have the PostgreSQL service available, you need to install and configure the data library first For details, please refer to: PostgreSQL installation and configuration . Use the PostgreSQL database is configured to store security information as follows:
- Storage type: Select the PostgreSQL database.
- Service address: The service address of PostgreSQL is {ip}:{port}/{database}. Where {IP} is the IP address of the machine where PostgreSQL is located. {port} is the service port of PostgreSQL. The default is 5432. {database} is the database name. These parameters can be configured according to the PostgreSQL you have installed.
- User name: a user with database {database} permissions.
- Password: The password for this user.
- Use the administrator stored in the database: for the case that the initial administrator (for example: admin 1) has been stored in the database, there are two options: if it is not checked by default, the current administrator will be used Initialization administrator of iServer (admin 2), overwriting the initialization administrator stored in the database (the administrator stored in the database will be overwritten as admin2); if checked, the initialization administrator already stored in the database (admin 1) will be used instead of the current administrator of the iServer (for example, admin 2).
Note:
If you need to store security information in non-public mode in databases such as PostgreSQL, Kingbase, GaussDB, Vastbase, GBase, HighGoDB, etc., there are two configuration methods:
1. In iServer Service Manager, add the currentSchema configuration in the Security Config ->Security Info storage ->Service address configuration option, for example: 172.16.112.200:5432/postgres? currentSchema=postgres_schema
2. Add the currentSchema configuration to the jdbcUrl parameter in the storage node of the iserver-system.xml system configuration file, for example: jdbc: p ostgresql://172.16.112.200:5432/postgres?currentSchema=postgres_schema
When the Switch button is clicked, the iServer will automatically initialize the administrator information (when starting the iServer for the first time) synchronizing to the configured database, which is also used to store subsequently generated security information.
In addition, if you want to switch back to the default local SQLite database, just select the storage location as SQLite database.
If the above user storage methods cannot meet the requirements, you can customize the storage method of user information based on the SecurityInfoStorage interface. For a detailed description of the extension method, please refer to: Storage Method of Extended User Information.