Change to Remote H2¶
By default, WSO2 Identity Server uses the embedded H2 database as the database for storing user management and registry data. The following sections describe how to replace the default H2 databases with Remote H2:
H2 is not recommended in production
The embedded H2 database is NOT recommended in enterprise testing and production environments. It has lower performance, clustering limitations, and can cause file corruption failures. Please use an industry-standard RDBMS such as Oracle, PostgreSQL, MySQL, or MS SQL instead.
You can use the embedded H2 database in development environments and as the local registry in a registry mount.
Datasource configurations¶
A datasource is used to establish the connection to a database. By
default, WSO2_IDENTITY_DB
and WSO2_SHARED_DB
datasources are used to connect
to the default H2 database.
WSO2_SHARED_DB
- The datasource which stores registry and user management data.WSO2_IDENTITY_DB
- The datasource specific to the identity server which stores identity related data.
After setting up the H2 database, You can point the WSO2_IDENTITY_DB
or
WSO2_SHARED_DB
, or both to that H2 database by following the instructions given below.
Change the default datasource¶
Minimum configurations for changing default datasource to H2¶
You can configure the datasource by editing the default configurations in <IS-HOME>/repository/conf/deployment.toml
.
Following are the basic configurations and their descriptions.
Element | Description |
---|---|
username and password | The name and password of the database user. |
driver | The jdbc driver of the database. |
url | The url of the database. |
A sample configuration is given below.
-
WSO2_IDENTITY_DB
-
Configure the
deployment.toml
file.[database.identity_db] url = "jdbc:h2:tcp://localhost/~/registryDB;create=true" username = "regadmin" password = "regadmin" driver = "org.h2.Driver" [database.identity_db.pool_options] maxActive = "80" maxWait = "60000" minIdle = "5" testOnBorrow = true validationQuery="SELECT 1" validationInterval="30000" defaultAutoCommit=false
-
Execute database scripts.
Navigate to
<IS-HOME>/dbscripts
. Execute the scripts in the following files against the database created.<IS-HOME>/dbscripts/identity/h2.sql
<IS-HOME>/dbscripts/consent/h2.sql
-
-
WSO2_SHARED_DB
-
Configure the
deployment.toml
file.[database.shared_db] url = "jdbc:h2:tcp://localhost/~/registryDB;create=true" username = "regadmin" password = "regadmin" driver = "org.h2.Driver" [database.identity_db.pool_options] maxActive = "80" maxWait = "60000" minIdle = "5" testOnBorrow = true validationQuery="SELECT 1" validationInterval="30000" defaultAutoCommit=false
-
Execute the database scripts.
Execute the scripts in the
<IS-HOME>/dbscripts/h2.sql
file against the database created.
-
-
Download the H2 JDBC driver for the version, you are using and copy it to the
<IS_HOME>/repository/components/lib
folder
Advanced database configurations¶
Apart from the basic configurations specified above, WSO2 Identity Server supports some advanced database configurations as well.
-
WSO2_IDENTITY_DB
related configurations that should be added to thedeployment.toml
file.[database.identity_db.pool_options] maxActive = "80" maxWait = "360000" minIdle ="5" testOnBorrow = true validationQuery="SELECT 1" validationInterval="30000" defaultAutoCommit=false commitOnReturn=true
-
WSO2_SHARED_DB
deployment.toml
related configurations that should be added to thedeployment.toml
file.[database.shared_db.pool_options] maxActive = "80" maxWait = "360000" minIdle ="5" testOnBorrow = true validationQuery="SELECT 1" validationInterval="30000" defaultAutoCommit=false commitOnReturn=true
The elements in the above configuration are described below:
maxActive | This is the maximum number of active connections that can be allocated at the same time from this pool. Enter any negative value to denote an unlimited number of active connections. |
maxWait | This is the maximum number of milliseconds that the pool will wait (when there are no available connections) for a connection to be returned before throwing an exception. You can enter zero or a negative value to wait indefinitely. |
minIdle | The minimum number of active connections that can remain idle in the pool without extra ones being created. Enter zero to create none. |
testOnBorrow |
This indicates whether objects will be validated before being borrowed from the pool. If the object fails to be validated, it will be dropped from the pool and another attempt will be made to borrow another. |
defaultAutoCommit |
Indicates whether to commit database changes automatically or not |
validationInterval | This is the indication to avoid excess validation and only run validation after the specified frequency (time in milliseconds). If a connection is due for validation, but has been validated previously within this interval, it will not be validated again. |
defaultAutoCommit | This property is not applicable to the carbon database in WSO2 Identity Server because auto committing is usually handled at the code level, i.e., the default auto commit configuration specified for the RDBMS driver will be effective instead of this property element. Typically, auto committing is enabled for RDBMS drivers by default. When auto committing is enabled, each SQL statement will be committed to the database as an individual transaction, as opposed to committing multiple statements as a single transaction. |
Info
For more information on other parameters that can be defined in
the <IS_HOME>/repository/conf/deployment.toml
file, see Tomcat JDBC Connection Pool.
Support for case-sensitive usernames
Usernames in WSO2 Identity Server are case-insensitive by default. If you wish to enable case-sensitive usernames, configure the following properties.
To enable the case-sensitivity for the primary user store, open the deployment.toml
file found in the <IS-HOME>/repository/conf/
directory and add the following configurations to the primary user store.
[user_store.properties]
CaseInsensitiveUsername = false
UseCaseSensitiveUsernameForCacheKeys = false
For secondary user stores, add the following configurations to the <userstore>.xml
file found in the <IS_HOME>/repository/deployment/server/userstores
directory.
<Property name="CaseInsensitiveUsername">false</Property>
<Property name="UseCaseSensitiveUsernameForCacheKeys">false</Property>
<IS_HOME>/dbscripts/
.
Eg:
CREATE UNIQUE INDEX INDEX_UM_USERNAME_UM_TENANT_ID ON UM_USER(LOWER(UM_USER_NAME), UM_TENANT_ID);
Configure the connection pool behavior on return¶
By default, when a database connection is returned to the pool, the product rolls back the pending transactions if defaultAutoCommit=true
.
However, if required, you can disable the latter mentioned default behavior by disabling the JDBC-Pool JDBC interceptor, ConnectionRollbackOnReturnInterceptor
, and setting the connection pool behavior on return via the datasource configurations.
Configure the connection pool to commit pending transactions on connection return¶
-
Navigate to either one of the following locations based on your OS.
<IS_HOME>/bin/wso2server.sh/
<IS_HOME>\bin\wso2server.bat
-
Add the following JVM option:
-Dndatasource.disable.rollbackOnReturn=true \
-
Navigate to the
<IS_HOME>/repository/conf/deployment.toml
file. -
Disable the
defaultAutoCommit
property by defining it asfalse
. -
Add the
commitOnReturn
property and set it totrue
.-
WSO2_IDENTITY_DB
related configurations that should be added to the<IS_HOME>/repository/conf/deployment.toml
file.[database.identity_db.pool_options] defaultAutoCommit="false" commitOnReturn="true"
-
WSO2_SHARED_DB
related configurations that should be added to the<IS_HOME>/repository/conf/deployment.toml
file.[database.shared_db.pool_options] defaultAutoCommit="false" commitOnReturn="true"
-
Configure the connection pool to rollback pending transactions on connection return¶
-
Navigate to the
<IS_HOME>/repository/conf/deployment.toml
file. -
Disable the
defaultAutoCommit
property by defining it asfalse
. -
Set the
rollbackOnReturn
property to the datasources astrue
.-
WSO2_IDENTITY_DB
related configurations that should be added to the<IS_HOME>/repository/conf/deployment.toml
file.[database.identity_db.pool_options] defaultAutoCommit="false" rollbackOnReturn="true"
-
WSO2_SHARED_DB
related configurations that should be added to the<IS_HOME>/repository/conf/deployment.toml
file.[database.shared_db.pool_options] defaultAutoCommit="false" rollbackOnReturn="true"
-
The elements in the above configuration are described below.
Element | Description |
commitOnReturn | If defaultAutoCommit=false , then you can set commitOnReturn=true , so that the pool can complete the transaction by calling the commit on the connection as it is returned to the pool. However, if the rollbackOnReturn=true then this attribute is ignored. The default value is false. |
rollbackOnReturn | If defaultAutoCommit=false , then you can set rollbackOnReturn=true so that the pool can terminate the transaction by calling rollback on the connection as it is returned to the pool. The default value is false. |