6.x XML User Source

Note: This configuration is also valid for 7.x and 8.x versions.

Note: There are two supported sources: XML User Source, and LDAP User Source.

Provides users via XML declarations. Since its configuration is via XML it can not be included in the XML of the configuration file. However, it can be embedded in the configuration file as the default value of a macro as exhibited in Embedding Users in the Config File. The configuration properties supported by this source are as shown below.

Sample Config File

    <user name='JohnDoe' pwd='password'>
        <att name='preferredName' value='John Doe'/>
        <att name='givenName' value='John'/>
        <att name='preferredLanguage' value='eng'/>
        <att name="ldsgender" value="M"/>

Source Properties

Property Name Type Description
enforce-uniqueness Literal text or macro A comma separated list of attributes that should have unique values across all users defined within the source. If a user is loaded with such an attribute whose value is already had in an attribute with the same name in an already loaded user and IllegalArgumentException will be thrown.
xml Literal text or macro Due to this property being defined in java.util.Properties simple line-oriented format, if literal text is used all XML content must be on a single line or care must be taken to escape line termination sequences. Alternatively, an alias macro can be used and the xml content including line terminators can be embedded in the config file as shown in Embedding Users in the Config File. Or users can be declared in one or more external files.
preload-only Literal text If 'true' then users will never be found via this source and searching will continue with the next source in document order. This is typically done in combination explicitly specifying the att directive's aggregation for one or more attributes which enables having most attributes from a user come from a coda or ldap source but allow for specific overrides. If 'false', which is the default if not specified, then users loaded into the internal User Manager will be found and returned.

Embedding Users in the Config File

The <?system-alias?> processing instruction supports declaration of an alias whose value is loaded from a system property or, if not found, from a declared default and either can include white space characters such as line terminators. This means that V6.x can still have user embedded within the configuration file as alias default content as shown below. Remember, that property value macros are not resolved until after the Properties object is loaded. Notice the processing instruction termination sequence on the line immediately above the <config> element allowing for all user XML to be loaded as the value of the alias.

<?xml version='1.0' encoding='UTF-8'?>
<?system-alias usr-src-xml=non-existent-sys-prop default="
  <user name='ngiwb1' pwd='password1'/>
   <att name='acctid'             value='555'/>
   <att name='apps'               value='aaa'/>
   <att name='apps'               value='bbb'/>
   <att name='apps'               value='ccc'/>
   <att name='preferredname'      value='Jay Admin Man'/>
   <att name='givenname'          value='Jay Admin'/>
   <att name='preferredlanguage'  value='eng'/>
   <att name='att-2'              value='val2-1'/>
   <att name='att-2'              value='val2-2'/>
 ... other users ...
<config console-port='auto' proxy-port='auto'>

 ... other directives ...
 <user-source type='xml'>

XML Syntax

The directives supported in the XML for this store are as follows:


The <users> directive is the document root of the XML syntax. It does not support any attributes but serves only as a container for nested <user> directives.


This directive is used to declare users and their names and passwords. If the store is marked as 'preload-only' in a multiple user-source chain configuration then user declarations serve to "preload" users into the internal User Manager allowing for the set of expected users found in an external following source to be listed prior to being loaded during signing in. Furthermore, in such a scenario, the <att> directive's aggregation attribute can be used to override or add to attribute values held in the following sources.


Attribute Name Type Description
name Literal text or Alias The username of the user and the value of the policy-cn header injected for requests associated with a session for this user. Should not contain spaces.
pwd Literal text or Alias The password of the user if necessary at all. Can be left blank.


This directive supports the attributes listed below and is used to inject an attribute, its name, value, and optional aggregation strategy between attributes injected by this XML user source configured as preload-only and and attributes injected by other following sources for the same user. Each occurrence of this element within a <user> element contributes that attribute's name and value to the set of attributes for a user. If more than one value for an attribute is desired then additional copies of this directive with the same name but with each having a corresponding additional value can be declared. If there are duplicate identical values for a single attribute they will be reduced to only one such value. These user attributes are then leveraged by access controls and header injection.


Attribute Name Type Description
name Literal text The name of the attribute whose value is to be set or whose set of values is to be added to.
value Literal text The value of the attribute or if more than one the value to be added to the set of values for this attribute.
aggregation Literal text (Optional) Must be one of 'fix', 'merge', or 'replace'. Defaults to 'merge'.
fix: prevents any user sources following after this one from changing the value(s) or such an attribute.
merge: causes all additional values injected by following user sources to be accepted.
replace: causes the last user source to inject values for the attribute to replace all values set by any previous source for that attribute.
This page was last modified on 15 December 2020, at 18:19.

Note: Content found in this wiki may not always reflect official Church information.