Users
User Configuration
Users are stored in the repository as children of the node /hippo:configuration/hippo:users.
Structure
+ hippo:configuration + hippo:users + admin [hipposys:user] - hipposys:securityprovider = internal - hipposys:password = secret - hipposys:active = true + myuser [hipposys:user] - hipposys:securityprovider = internal - hipposys:password = secret - hipposys:active = true - hipposys:firstname = John - hipposys:lastname = Doe - hipposys:email = [email protected]
hipposys:user
Name |
Type |
Required |
Description |
---|---|---|---|
node name |
String |
yes |
The username |
hipposys:securityprovider | String | yes | default 'internal'. Mandatory property indicating which security provider to use. |
hipposys:active |
Boolean |
yes |
Can be used to (temporary) disable the user.A user MUST have hipposys:active set to true to be able to login. |
hipposys:system |
Boolean |
no |
Can be used to indicate that the user is a system user. |
hipposys:password |
String |
no |
The hipposys:password can be stored in plain text or with a hash. A hash has the following form: $<hash alogrith>$<salt>$<hash> For example the password "admin" could result in the following hash: $SHA-256$HIlytXwnqSU=$NqCi2sJoM4qAwQ8136GYueUVA/TSyidpAI3Evn+y/hc= The hashing alogrithm can be any alogrith supported by MessageDigest like MD5, SHA-1 and SHA-256. The password utility class " PasswordHelper" can be used to generate hashes with the static method PasswordHelper.getHash(String password). |
hipposys:passkey | String | no |
Since 10.0 : hipposys:passkey is in general not present, but in case it is present and its value is 'jvm://' , the user can be accessed as a JVM enabled user. Typically the HST site users are JVM enabled. |
hipposys:firstname |
String |
no |
user's first name |
hipposys:lastname |
String |
no |
user's last name |
hipposys:email |
String |
no |
user's email |