Bedework Homepage
Other Versions
This module allows users to create their own accounts for use with the system. Two main modes of operation are
Unconfirmed entries cannot be used for authentication.
Selfreg requires a database to hold data about users. If ldap authentication is desired the ldap parameters need to be set in the configuration. In both cases ensure an appropriate database has been created and there is a datasource present. There are sample data sources in the bedework/config/datasources directory. The datasource is used both by the selfreg module and by the DatabaseServerLoginModule if db authentication is desired.
Create the schema in the usual manner via the jmx console:
Make sure the following properties are set correctly
This is the standard jboss module. For jboss 5 add the following to the login-config.xml file
<application-policy name="bwselfreg"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:/selfregDS</module-option> <module-option name="principalsQuery">select bw_pw from bw_accounts where bw_account=? and bw_enabled='T'</module-option> <module-option name="rolesQuery">select bw_role, 'Roles' from bw_roles where bw_account=?</module-option> <module-option name="hashAlgorithm">SHA</module-option> <module-option name="hashEncoding">base64</module-option> </login-module> </authentication> </application-policy>
For Wildfly add the following in the security-domains
<security-domain name="bwselfreg"> <authentication> <login-module code="Database" flag="required"> <module-option name="dsJndiName" value="java:/selfregDS"/> <module-option name="principalsQuery" value="select bw_pw from bw_accounts where bw_account=? and bw_enabled='T'"/> <module-option name="rolesQuery" value="select bw_role, 'Roles' from bw_roles where bw_account=?"/> <module-option name="hashAlgorithm" value="SHA"/> <module-option name="hashEncoding" value="base64"/> </login-module> </authentication> </security-domain>
As usual with these we use a combination of web pages, captcha and email to try to produce a secure transaction. Fields of importance are the email, userid, a confirmation id (confid), current password (curPw), new password (newPw)
If a malevolent user starts the process they need not only the account but access to the users email.