From 68174723248632875875863661d412ecc7382097 Mon Sep 17 00:00:00 2001
From: Patrick Schmitz <pschmitz@berkeley.edu>
Date: Tue, 7 Jun 2011 16:27:51 +0000
Subject: [PATCH] CSPACE-3546, CSPACE-2903, CSPACE-2421, CSPACE-2170,
 CSPACE-2000, CSPACE-1894. Reworking lots of repository and hibernate
 configuration and build process to be less DB specific, and to support
 injection of passwords from environment variables. NOTE: this also enforces
 ownership of each of the three databases/datasources by three respective
 users (jboss, nuxeo, and cspace), with associated passwords. You MUST set the
 environment variables: DB_PASSWORD_JBOSS, DB_PASSWORD_NUXEO,
 DB_PASSWORD_CSPACE in addition to DB_PASSWORD. The current default values are
 (still) embedded in src/main/resources/db/mysql/init_db.sql, but this will
 get changed to use the environment variables as well. Also added the
 jboss-ds.xml datasource configuration to our source tree to simplify managing
 the default jboss datasource.

---
 .../nuxeo/nuxeo-database-templates/build.xml  |   2 +
 .../config/default-repository-config.xml      | 371 ++++++++++++++++++
 .../config/default-repository-config.xml.orig |  32 ++
 .../config/sql.properties                     |   3 +
 .../datasources/default-repository-ds.xml     |  20 +
 .../default-repository-ds.xml.orig            |  20 +
 .../datasources/unified-nuxeo-ds.xml          |  14 +
 .../datasources/unified-nuxeo-ds.xml.orig     |  14 +
 .../collectionspace_postgresql/nuxeo.defaults |   8 +
 build.properties                              |  36 +-
 build.xml                                     |  66 +++-
 installer/build.xml                           |  12 +-
 services/account/client/build.xml             |   6 +-
 services/account/pstore/build.xml             |  33 +-
 services/authentication/client/build.xml      |   6 +-
 services/authentication/pstore/build.xml      |  42 +-
 services/authorization-mgt/import/build.xml   |  10 +-
 .../applicationContext-authorization-test.xml |   8 +-
 services/authorization/pstore/build.xml       |  46 ++-
 services/id/service/build.xml                 |  22 +-
 services/security/client/build.xml            |  17 +-
 src/main/resources/config/cspace-ds.xml       |  24 +-
 src/main/resources/config/jboss-ds.xml        |  27 ++
 src/main/resources/db/mysql/init_db.sql       |   6 +-
 src/main/resources/db/postgresql/init_db.sql  |  28 ++
 25 files changed, 738 insertions(+), 135 deletions(-)
 create mode 100644 3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/config/default-repository-config.xml
 create mode 100644 3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/config/default-repository-config.xml.orig
 create mode 100644 3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/config/sql.properties
 create mode 100644 3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/default-repository-ds.xml
 create mode 100644 3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/default-repository-ds.xml.orig
 create mode 100644 3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/unified-nuxeo-ds.xml
 create mode 100644 3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/unified-nuxeo-ds.xml.orig
 create mode 100644 3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/nuxeo.defaults
 create mode 100644 src/main/resources/config/jboss-ds.xml
 create mode 100644 src/main/resources/db/postgresql/init_db.sql

diff --git a/3rdparty/nuxeo/nuxeo-database-templates/build.xml b/3rdparty/nuxeo/nuxeo-database-templates/build.xml
index e015286f8..f2a1e73b4 100644
--- a/3rdparty/nuxeo/nuxeo-database-templates/build.xml
+++ b/3rdparty/nuxeo/nuxeo-database-templates/build.xml
@@ -45,6 +45,8 @@
         <echo message="Setting the Nuxeo database templates directory ..."/>
         <propertyfile file="${nuxeo.active.config.file}">
              <entry key="nuxeo.templates" operation="=" value="${collectionspace.template.dir}"/>
+             <entry key="nuxeo.db.user" operation="=" value="${db.nuxeo.user}"/>
+             <entry key="nuxeo.db.password" operation="=" value="${db.nuxeo.user.password}"/>
         </propertyfile>
     </target>
     
diff --git a/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/config/default-repository-config.xml b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/config/default-repository-config.xml
new file mode 100644
index 000000000..bde5bdb80
--- /dev/null
+++ b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/config/default-repository-config.xml
@@ -0,0 +1,371 @@
+<?xml version="1.0"?>
+<component name="default-repository-config">
+  <extension target="org.nuxeo.ecm.core.repository.RepositoryService"
+    point="repository">
+    <repository name="default"
+      factory="org.nuxeo.ecm.core.storage.sql.coremodel.SQLRepositoryFactory">
+      <repository name="default">
+        <schema>
+          <field type="largetext">imd:user_comment</field> <!-- Needed for large image metadata (image_metadata) that gets inserted here. -->
+          <field type="largetext">note</field>
+          <field type="largetext">webp:content</field>
+          <field type="largetext">webc:welcomeText</field>
+          <field type="largetext">comment:comment</field>
+          <field type="largetext">post</field>
+          <field type="largetext">mail:mail</field>
+          
+          <!-- Text fields that may possibly not require largetext -->
+          <!-- designation and might need further review are marked as follows: -->
+          <!-- * -->
+          
+          <!-- =========================================================== -->
+          <!-- Acquisition -->
+          <!-- =========================================================== -->
+
+          <field type="largetext">acquisitionFundingSourceProvisos</field>
+          <field type="largetext">acquisitions_common:acquisitionNote</field>
+          <field type="largetext">acquisitions_common:acquisitionProvisos</field>
+          <field type="largetext">acquisitions_common:acquisitionReason</field>
+          <field type="largetext">acquisitions_common:creditLine</field>
+
+          
+          <!-- =========================================================== -->
+          <!-- Blob -->
+          <!-- =========================================================== -->
+
+          <!-- No largetext fields identified to date -->
+
+
+          <!-- =========================================================== -->
+          <!-- CollectionObject / Cataloging -->
+          <!-- =========================================================== -->
+          
+          <!-- Object Identification Information -->
+          <!-- ================================= -->
+          
+          <!-- FIXME: The following field may be removed from this configuration when it is confirmed -->
+          <!-- that the App/UI layers are using a repeatable other number group. -->
+          <field type="largetext">collectionobjects_common:otherNumber</field> <!-- * -->
+
+          <!-- FIXME: Change this to otherNumberValue if and when the field name itself is so changed. -->
+          <field type="largetext">numberValue</field> <!-- * -->
+
+          <!-- FIXME: multivalued field - need to verify schema and field name -->
+          <field type="largetext">collectionobjects_common:briefDescriptions</field>
+         
+          <!-- FIXME: multivalued field - need to verify schema and field name -->
+          <field type="largetext">collectionobjects_common:comments</field>
+          
+          <field type="largetext">collectionobjects_common:distinguishingFeatures</field>
+          
+          <field type="largetext">objectNameNote</field>
+
+          <field type="largetext">title</field>
+          <field type="largetext">titleTranslation</field>
+                   
+          <!-- Object Description Information -->
+          <!-- ============================== -->
+
+          <field type="largetext">collectionobjects_common:ageQualifier</field>
+          <field type="largetext">collectionobjects_common:color</field>
+          <field type="largetext">collectionobjects_common:contentDescription</field>
+          <field type="largetext">collectionobjects_common:contentNote</field>
+          <field type="largetext">collectionobjects_common:contentObject</field>
+          <field type="largetext">collectionobjects_common:copyNumber</field> <!-- * -->
+          <field type="largetext">collectionobjects_common:editionNumber</field> <!-- * -->
+          
+          <!-- FIXME: Will become group repeatable in a post-1.3 release -->
+          <!-- Remove the schema name(s) from the value(s) below when this occurs. -->
+          <field type="largetext">collectionobjects_common:inscriptionContent</field>
+          <field type="largetext">collectionobjects_common:inscriptionContentInterpretation</field>
+          <field type="largetext">collectionobjects_common:inscriptionContentTranslation</field>
+          <field type="largetext">collectionobjects_common:inscriptionContentTransliteration</field>
+          
+          <!-- FIXME: Will become group repeatable in a post-1.3 release -->
+          <!-- Remove the schema name(s) from the value(s) below when this occurs. -->
+          <field type="largetext">collectionobjects_common:inscriptionDescriptionInterpretation</field>
+          
+          <field type="largetext">materialComponentNote</field>
+          <field type="largetext">materialName</field>  <!-- * -->
+          
+          <!-- FIXME: multivalued field - need to verify schema and field name -->
+          <field type="largetext">collectionobjects_common:physicalDescription</field>
+          
+          <field type="largetext">objectComponentInformation</field>
+
+          <!-- Object Production Information -->
+          <!-- ============================= -->
+          
+          <field type="largetext">collectionobjects_common:objectProductionNote</field>
+          
+          <!-- FIXME: multivalued field - need to verify schema and field name -->
+          <field type="largetext">collectionobjects_common:objectProductionReason</field>
+
+          <!-- Object History and Association Information -->
+          <!-- ========================================== -->
+          
+          <field type="largetext">assocActivityNote</field>
+          <field type="largetext">assocConceptNote</field>
+          <field type="largetext">assocCulturalContextNote</field>
+          <field type="largetext">assocDateNote</field>
+
+          <!-- FIXME: Will become group repeatable in a post-1.3 release. -->
+          <!-- Remove the schema name(s) from the value(s) below when this occurs. -->
+          <field type="largetext">collectionobjects_common:assocEventName</field>   <!-- * -->
+          <field type="largetext">collectionobjects_common:assocEventNote</field>
+          <field type="largetext">collectionobjects_common:assocEventType</field>   <!-- * -->
+
+          <field type="largetext">assocObject</field>
+          <field type="largetext">assocOrganizationNote</field>
+          <field type="largetext">assocPeopleNote</field>
+          <field type="largetext">assocPersonNote</field>
+          <field type="largetext">assocPlaceNote</field>
+          
+          <field type="largetext">collectionobjects_common:objectHistoryNote</field>
+          <field type="largetext">collectionobjects_common:ownershipExchangeNote</field>
+          <field type="largetext">usageNote</field>
+
+           <!-- Object Owner's Contribution Information -->
+           <!-- ======================================= -->  
+                
+          <field type="largetext">collectionobjects_common:ownersPersonalExperience</field>
+          <field type="largetext">collectionobjects_common:ownersPersonalResponse</field>
+          
+          <!-- FIXME: multivalued field - need to verify schema and field name -->
+          <field type="largetext">collectionobjects_common:ownersReference</field>
+          
+          <field type="largetext">collectionobjects_common:ownersContributionNote</field>
+         
+          <!-- Object Viewer's Contribution Information -->
+          <!-- ======================================== -->          
+          
+          <field type="largetext">collectionobjects_common:viewersRole</field>
+          <field type="largetext">collectionobjects_common:viewersPersonalExperience</field>
+          <field type="largetext">collectionobjects_common:viewersPersonalResponse</field>
+          
+          <!-- FIXME: multivalued field - need to verify schema and field name -->
+          <field type="largetext">collectionobjects_common:viewersReference</field>
+          
+          <field type="largetext">collectionobjects_common:viewersContributionNote</field>
+
+          <!-- Reference Information -->
+          <!-- ===================== -->
+          
+          <field type="largetext">collectionobjects_common:catalogNumber</field> <!-- * -->
+         
+          <!-- Object Collection Information -->
+          <!-- ============================= -->      
+
+          <field type="largetext">collectionobjects_common:fieldCollectionNote</field>
+          <field type="largetext">collectionobjects_common:fieldCollectionNumber</field> <!-- * -->
+          
+          <!--
+              Additional non-text fields configured as 'largetext' to
+              avoid the following error when Nuxeo is configured to use MySQL:
+              
+              com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException.
+              message: Row size too large. The maximum row size for the
+              used table type, not counting BLOBs, is 65535.
+              
+              Some of the fields below may be repeatable or in
+              repeatable groups, and the schema and field names
+              below might thus require verification to match actual values.
+          -->
+  
+          <field type="largetext">collectionobjects_common:objectNumber</field>
+          <field type="largetext">collectionobjects_common:otherNumber</field>
+          <field type="largetext">collectionobjects_common:otherNumberType</field>
+          <field type="largetext">collectionobjects_common:numberOfObjects</field>
+          <field type="largetext">collectionobjects_common:collection</field>
+          <field type="largetext">collectionobjects_common:recordStatus</field>
+          <field type="largetext">collectionobjects_common:age</field>
+          <field type="largetext">collectionobjects_common:ageQualifier</field>
+          <field type="largetext">collectionobjects_common:ageUnit</field>
+      
+          <field type="largetext">collectionobjects_common:contentDate</field>
+          <field type="largetext">collectionobjects_common:contentLanguages</field>
+          <field type="largetext">collectionobjects_common:contentOrganizations</field>
+          
+          <field type="largetext">collectionobjects_common:dimensionSummary</field>
+ 
+          <!-- FIXME: The set of dimensions-related fields below may be removed -->
+          <!-- altogether when it is confirmed that the App/UI layers are using -->
+          <!-- a repeatable dimensions group. -->
+          <field type="largetext">collectionobjects_common:dimension</field>
+          <field type="largetext">collectionobjects_common:dimensionMeasuredPart</field>
+          <field type="largetext">collectionobjects_common:dimensionMeasurementUnit</field>
+          <field type="largetext">collectionobjects_common:dimensionValue</field>
+          <field type="largetext">collectionobjects_common:dimensionValueDate</field>
+          <field type="largetext">collectionobjects_common:dimensionValueQualifier</field>
+          
+          <field type="largetext">collectionobjects_common:editionNumber</field>
+
+          <field type="largetext">collectionobjects_common:inscriptionContentInscriber</field>
+          <field type="largetext">collectionobjects_common:inscriptionContentDate</field>
+          <field type="largetext">collectionobjects_common:inscriptionContentLanguage</field>
+          <field type="largetext">collectionobjects_common:inscriptionContentMethod</field>
+          <field type="largetext">collectionobjects_common:inscriptionContentPosition</field>
+          <field type="largetext">collectionobjects_common:inscriptionContentScript</field>
+          <field type="largetext">collectionobjects_common:inscriptionContentType</field>
+
+          <field type="largetext">collectionobjects_common:inscriptionDescription</field>
+          <field type="largetext">collectionobjects_common:inscriptionDescriptionInscriber</field>
+          <field type="largetext">collectionobjects_common:inscriptionDescriptionDate</field>
+          <field type="largetext">collectionobjects_common:inscriptionDescriptionMethod</field>
+          <field type="largetext">collectionobjects_common:inscriptionDescriptionPosition</field>
+          <field type="largetext">collectionobjects_common:inscriptionDescriptionType</field>
+
+          <field type="largetext">collectionobjects_common:objectStatus</field>
+          <field type="largetext">collectionobjects_common:phase</field>
+          <field type="largetext">collectionobjects_common:sex</field>
+          <field type="largetext">collectionobjects_common:ownershipAccess</field>
+          <field type="largetext">collectionobjects_common:ownershipCategory</field>
+          <field type="largetext">collectionobjects_common:ownershipDates</field>
+          <field type="largetext">collectionobjects_common:ownershipExchangeMethod</field>
+          <field type="largetext">collectionobjects_common:ownershipExchangePriceCurrency</field>
+          <field type="largetext">collectionobjects_common:ownershipExchangePriceValue</field>
+          <field type="largetext">collectionobjects_common:ownershipPlace</field>
+          <field type="largetext">collectionobjects_common:fieldCollectionNumber</field>
+          <field type="largetext">collectionobjects_common:fieldCollectionMethod</field>
+          <field type="largetext">collectionobjects_common:fieldCollectionPlace</field>
+          <field type="largetext">collectionobjects_common:fieldCollectionDate</field>
+       
+          <!-- FIXME: This sample set of date field can be removed when Cataloging -->
+          <!-- records are using structured date fields, or earlier when it is confirmed that -->
+          <!-- the App/UI layers are not using this vestigial part of the Cataloging schema. -->
+          <field type="largetext">collectionobjects_common:dateAssociation</field>
+          <field type="largetext">collectionobjects_common:dateEarliestSingle</field>
+          <field type="largetext">collectionobjects_common:dateEarliestSingleCertainty</field>
+          <field type="largetext">collectionobjects_common:dateEarliestSingleQualifier</field>
+          <field type="largetext">collectionobjects_common:dateLatest</field>
+          <field type="largetext">collectionobjects_common:dateLatestCertainty</field>
+          <field type="largetext">collectionobjects_common:dateLatestQualifier</field>
+          <field type="largetext">collectionobjects_common:datePeriod</field>
+          <field type="largetext">collectionobjects_common:dateText</field>
+
+
+          <!-- =========================================================== -->
+          <!-- Contact -->
+          <!-- =========================================================== -->
+          <field type="largetext">contacts_common:addressPlace</field>
+          
+
+          <!-- =========================================================== -->
+          <!-- Group -->
+          <!-- =========================================================== -->
+          <field type="largetext">groups_common:scopeNote</field>
+          
+
+          <!-- =========================================================== -->
+          <!-- Intake -->
+          <!-- =========================================================== -->
+          
+          <field type="largetext">intakes_common:entryNote</field>
+          <field type="largetext">intakes_common:packingNote</field>
+          <field type="largetext">intakes_common:fieldCollectionNote</field>
+          <field type="largetext">intakes_common:insuranceNote</field>
+          <field type="largetext">intakes_common:conditionCheckNote</field>
+          <field type="largetext">currentLocationNote</field>
+
+
+          <!-- =========================================================== -->
+          <!-- Loan In -->
+          <!-- =========================================================== -->
+          
+          <field type="largetext">loansin_common:loanInConditions</field>
+          <field type="largetext">loansin_common:loanInNote</field>
+ 
+ 
+          <!-- =========================================================== -->
+          <!-- Loan Out -->
+          <!-- =========================================================== -->
+          
+          <field type="largetext">loansout_common:specialConditionsOfLoan</field>
+          <field type="largetext">loansout_common:loanOutNote</field>      
+          <field type="largetext">loansout_common:loanPurpose</field>
+          <field type="largetext">loanedObjectStatusNote</field>
+
+ 
+          <!-- =========================================================== -->
+          <!-- Movement / Location and Movement Control -->
+          <!-- =========================================================== -->
+          
+          <field type="largetext">movements_common:currentLocationNote</field>
+          <field type="largetext">movements_common:movementNote</field>
+
+
+          <!-- =========================================================== -->
+          <!-- Media / Media Handling -->
+          <!-- =========================================================== -->
+
+          <field type="largetext">media_common:copyrightStatement</field>
+          <field type="largetext">media_common:description</field>
+          <field type="largetext">media_common:title</field>
+
+
+          <!-- =========================================================== -->
+          <!-- Note -->
+          <!-- =========================================================== -->
+
+          <field type="largetext">notes_common:content</field>
+
+
+          <!-- =========================================================== -->
+          <!-- Object Exit -->
+          <!-- =========================================================== -->
+          
+          <field type="largetext">objectexit_common:exitNote</field>
+          <field type="largetext">objectexit_common:packingNote</field>
+
+
+          <!-- =========================================================== -->
+          <!-- Organization -->
+          <!-- =========================================================== -->
+          
+          <field type="largetext">shortName</field>
+          <field type="largetext">longName</field>
+          <field type="largetext">nameAdditions</field>
+          <field type="largetext">historyNote</field>
+
+
+          <!-- =========================================================== -->
+          <!-- Person -->
+          <!-- =========================================================== -->
+          <field type="largetext">persons_common:bioNote</field>
+          <field type="largetext">persons_common:nameNote</field>
+
+
+          <!-- =========================================================== -->
+          <!-- Relation -->
+          <!-- =========================================================== -->
+
+          <!-- No largetext fields identified to date -->
+
+
+          <!-- =========================================================== -->
+          <!-- Storage Location / Location -->
+          <!-- =========================================================== -->
+          <field type="largetext">locations_common:name</field>
+          <!-- conditionNote will be made part of a repeatable group of fields in a future release -->
+          <field type="largetext">locations_common:conditionNote</field>
+          <field type="largetext">locations_common:securityNote</field>
+          <field type="largetext">locations_common:accessNote</field>
+         
+        </schema>
+        <indexing>
+          <fulltext analyzer="english">
+            <index name="default">
+              <!-- all props implied -->
+            </index>
+            <index name="title">
+              <field>dc:title</field>
+            </index>
+            <index name="description">
+              <field>dc:description</field>
+            </index>
+          </fulltext>
+        </indexing>
+      </repository>
+    </repository>
+  </extension>
+</component>
diff --git a/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/config/default-repository-config.xml.orig b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/config/default-repository-config.xml.orig
new file mode 100644
index 000000000..75bb6f9ed
--- /dev/null
+++ b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/config/default-repository-config.xml.orig
@@ -0,0 +1,32 @@
+<?xml version="1.0"?>
+<component name="default-repository-config">
+  <extension target="org.nuxeo.ecm.core.repository.RepositoryService"
+    point="repository">
+    <repository name="default"
+      factory="org.nuxeo.ecm.core.storage.sql.coremodel.SQLRepositoryFactory">
+      <repository name="default">
+        <schema>
+          <field type="largetext">note</field>
+          <field type="largetext">webp:content</field>
+          <field type="largetext">webc:welcomeText</field>
+          <field type="largetext">comment:comment</field>
+          <field type="largetext">post</field>
+          <field type="largetext">mail:mail</field>
+        </schema>
+        <indexing>
+          <fulltext analyzer="english">
+            <index name="default"> 
+              <!-- all props implied -->
+            </index>
+            <index name="title">
+              <field>dc:title</field>
+            </index>
+            <index name="description">
+              <field>dc:description</field>
+            </index>
+          </fulltext> 
+        </indexing>
+      </repository>
+    </repository>
+  </extension>
+</component>
diff --git a/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/config/sql.properties b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/config/sql.properties
new file mode 100644
index 000000000..289bbf2b1
--- /dev/null
+++ b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/config/sql.properties
@@ -0,0 +1,3 @@
+# Jena database type and transaction mode
+org.nuxeo.ecm.sql.jena.databaseType=PostgreSQL
+org.nuxeo.ecm.sql.jena.databaseTransactionEnabled=true
diff --git a/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/default-repository-ds.xml b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/default-repository-ds.xml
new file mode 100644
index 000000000..d4049ce4d
--- /dev/null
+++ b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/default-repository-ds.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<connection-factories>
+  <tx-connection-factory>
+    <jndi-name>NXRepository/default</jndi-name>
+    <xa-transaction/>
+    <track-connection-by-tx/>
+    <adapter-display-name>Nuxeo SQL Repository DataSource</adapter-display-name>
+    <rar-name>nuxeo.ear#nuxeo-core-storage-sql-ra-1.6.2.rar</rar-name>
+    <connection-definition>org.nuxeo.ecm.core.storage.sql.Repository</connection-definition>
+    <config-property name="name">default</config-property>
+    <max-pool-size>${nuxeo.vcs.max-pool-size}</max-pool-size>
+    
+    <config-property name="xaDataSource" type="java.lang.String">org.postgresql.xa.PGXADataSource</config-property>
+    <config-property name="property" type="java.lang.String">ServerName=${nuxeo.db.host}</config-property>
+    <config-property name="property" type="java.lang.String">PortNumber/Integer=${nuxeo.db.port}</config-property>
+    <config-property name="property" type="java.lang.String">DatabaseName=${nuxeo.db.name}</config-property>
+    <config-property name="property" type="java.lang.String">User=${nuxeo.db.user}</config-property>
+    <config-property name="property" type="java.lang.String">Password=${nuxeo.db.password}</config-property>
+  </tx-connection-factory>
+</connection-factories>
diff --git a/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/default-repository-ds.xml.orig b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/default-repository-ds.xml.orig
new file mode 100644
index 000000000..d4049ce4d
--- /dev/null
+++ b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/default-repository-ds.xml.orig
@@ -0,0 +1,20 @@
+<?xml version="1.0"?>
+<connection-factories>
+  <tx-connection-factory>
+    <jndi-name>NXRepository/default</jndi-name>
+    <xa-transaction/>
+    <track-connection-by-tx/>
+    <adapter-display-name>Nuxeo SQL Repository DataSource</adapter-display-name>
+    <rar-name>nuxeo.ear#nuxeo-core-storage-sql-ra-1.6.2.rar</rar-name>
+    <connection-definition>org.nuxeo.ecm.core.storage.sql.Repository</connection-definition>
+    <config-property name="name">default</config-property>
+    <max-pool-size>${nuxeo.vcs.max-pool-size}</max-pool-size>
+    
+    <config-property name="xaDataSource" type="java.lang.String">org.postgresql.xa.PGXADataSource</config-property>
+    <config-property name="property" type="java.lang.String">ServerName=${nuxeo.db.host}</config-property>
+    <config-property name="property" type="java.lang.String">PortNumber/Integer=${nuxeo.db.port}</config-property>
+    <config-property name="property" type="java.lang.String">DatabaseName=${nuxeo.db.name}</config-property>
+    <config-property name="property" type="java.lang.String">User=${nuxeo.db.user}</config-property>
+    <config-property name="property" type="java.lang.String">Password=${nuxeo.db.password}</config-property>
+  </tx-connection-factory>
+</connection-factories>
diff --git a/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/unified-nuxeo-ds.xml b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/unified-nuxeo-ds.xml
new file mode 100644
index 000000000..517e34a7c
--- /dev/null
+++ b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/unified-nuxeo-ds.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<datasources>
+  <xa-datasource>
+    <jndi-name>NuxeoDS</jndi-name>
+    <xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
+    <xa-datasource-property name="ServerName">${nuxeo.db.host}</xa-datasource-property>
+    <xa-datasource-property name="PortNumber">${nuxeo.db.port}</xa-datasource-property>
+    <xa-datasource-property name="DatabaseName">${nuxeo.db.name}</xa-datasource-property>
+    <xa-datasource-property name="User">${nuxeo.db.user}</xa-datasource-property>
+    <xa-datasource-property name="Password">${nuxeo.db.password}</xa-datasource-property>
+    <max-pool-size>${nuxeo.db.max-pool-size}</max-pool-size>  
+    <track-connection-by-tx/>
+  </xa-datasource>
+</datasources>
diff --git a/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/unified-nuxeo-ds.xml.orig b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/unified-nuxeo-ds.xml.orig
new file mode 100644
index 000000000..517e34a7c
--- /dev/null
+++ b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/datasources/unified-nuxeo-ds.xml.orig
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<datasources>
+  <xa-datasource>
+    <jndi-name>NuxeoDS</jndi-name>
+    <xa-datasource-class>org.postgresql.xa.PGXADataSource</xa-datasource-class>
+    <xa-datasource-property name="ServerName">${nuxeo.db.host}</xa-datasource-property>
+    <xa-datasource-property name="PortNumber">${nuxeo.db.port}</xa-datasource-property>
+    <xa-datasource-property name="DatabaseName">${nuxeo.db.name}</xa-datasource-property>
+    <xa-datasource-property name="User">${nuxeo.db.user}</xa-datasource-property>
+    <xa-datasource-property name="Password">${nuxeo.db.password}</xa-datasource-property>
+    <max-pool-size>${nuxeo.db.max-pool-size}</max-pool-size>  
+    <track-connection-by-tx/>
+  </xa-datasource>
+</datasources>
diff --git a/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/nuxeo.defaults b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/nuxeo.defaults
new file mode 100644
index 000000000..f2df11912
--- /dev/null
+++ b/3rdparty/nuxeo/nuxeo-database-templates/postgresql/collectionspace_postgresql/nuxeo.defaults
@@ -0,0 +1,8 @@
+## DO NOT EDIT THIS FILE, USE nuxeo.conf  ##
+nuxeo.template.includes=common
+
+nuxeo.db.host=localhost
+nuxeo.db.port=5432
+nuxeo.db.name=nuxeo
+nuxeo.db.user=nuxeo
+nuxeo.db.password=password
diff --git a/build.properties b/build.properties
index 771622016..ddceb388b 100644
--- a/build.properties
+++ b/build.properties
@@ -65,15 +65,39 @@ nuxeo.templates.dir=${jboss.home}/${nuxeo.templates}
 #nuxeo main config file
 nuxeo.main.config.file=${jboss.bin}/nuxeo.conf
 
-#database
+#database - select one or the other (not both!), and then uncomment the
+# appropriate section below the common settings
+#db=mysql|postgresql
 db=mysql
-db.script.dir=${basedir}/src/main/resources/db/${db}
-db.user=${env.DB_USER}
-db.user.password=${env.DB_PASSWORD}
-db.host=localhost
+#For mysql, uncomment this, and comment out postgres section
 db.port=3306
 db.driver.jar=${jboss.lib.cspace}/mysql-connector-java-5.1.7-bin.jar
-db.jdbc.url=jdbc:${db}://${db.host}:${db.port}/cspace
 db.jdbc.driver.class=com.mysql.jdbc.Driver
 db.dialect=org.hibernate.dialect.MySQLDialect
+db.typemapping=mySQL
+db.exceptionsorter=org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter
+
+#For postgresql, uncomment this, and comment out mysql section
+#db.port=5432
+#db.driver.jar=${jboss.lib.cspace}/postgresql-8.3-604.jdbc3.jar
+#db.jdbc.driver.class=org.postgresql.Driver
+#db.dialect=org.hibernate.dialect.PostgreSQLDialect
+#db.typemapping=PostgreSQL 8.0
+#db.exceptionsorter=org.jboss.resource.adapter.jdbc.vendor.PostgreSQLExceptionSorter
 
+
+#database common settings
+db.script.dir=${basedir}/src/main/resources/db/${db}
+db.user=${env.DB_USER}
+db.user.password=${env.DB_PASSWORD}
+db.nuxeo.user=nuxeo
+db.nuxeo.user.password=${env.DB_PASSWORD_NUXEO}
+db.cspace.user=cspace
+db.cspace.user.password=${env.DB_PASSWORD_CSPACE}
+db.jboss.user=jboss
+db.jboss.user.password=${env.DB_PASSWORD_JBOSS}
+db.host=localhost
+db.jdbc.baseurl=jdbc:${db}://${db.host}:${db.port}
+db.jdbc.jboss.url=${db.jdbc.baseurl}/jbossdb
+db.jdbc.nuxeo.url=${db.jdbc.baseurl}/nuxeo
+db.jdbc.cspace.url=${db.jdbc.baseurl}/cspace
diff --git a/build.xml b/build.xml
index 849b79fb2..8d149d977 100644
--- a/build.xml
+++ b/build.xml
@@ -34,7 +34,7 @@
 
         <!-- copy datasources -->
         <copy todir="${basedir}/${dist.deploy.cspace}">
-            <fileset dir="${src}/main/resources/config"/>
+					<fileset dir="${src}/main/resources/config/${db}"/>
         </copy>
         <ant antfile="3rdparty/build.xml" target="dist" inheritAll="false"/>
         <ant antfile="services/build.xml" target="dist" inheritAll="false"/>
@@ -207,10 +207,10 @@
         <ant antfile="services/build.xml" target="gen_ddl" inheritAll="false"/>
     </target>
 
-    <target name="create_db"
+    <target name="create_db" 
             description="create database(s), grant privileges to test users">
-        <sql driver="com.mysql.jdbc.Driver"
-             url="jdbc:mysql://${db.host}:${db.port}"
+			<sql driver="${db.jdbc.driver.class}"
+             url="${db.jdbc.baseurl}"
              userid="${db.user}"
              password="${db.user.password}"
              src="${db.script.dir}/init_db.sql"
@@ -227,26 +227,70 @@
         <ant antfile="services/build.xml" target="import" inheritAll="false"/>
     </target>
 
-    <target name="deploy" depends="install"
+    <target name="deploy" depends="install,setup_jbossds.cfg,setup_cspaceds.cfg"
             description="deploy services in ${jboss.server.cspace}">
         <!-- copy db scripts, etc. -->
-        <copy todir="${jboss.server.cspace}/cspace/services">
-            <fileset dir="${src}/main/resources/"/>
+				<copy todir="${jboss.server.cspace}/cspace/services/scripts">
+					<fileset dir="${src}/main/resources/scripts/"/>
         </copy>
-        <!-- copy datasources -->
+        <!-- copy datasources, including default jboss ds -->
+				<!--
+				Now handled in dependent targets
         <copy todir="${jboss.deploy.cspace}">
-            <fileset dir="${src}/main/resources/config"/>
-        </copy>
+					<fileset dir="${src}/main/resources/config/${db}"/>
+				</copy>
+				-->
         <ant antfile="3rdparty/build.xml" target="deploy" inheritAll="false"/>
         <ant antfile="services/build.xml" target="deploy" inheritAll="false"/>
 
     </target>
 
+		<target name="setup_jbossds.cfg"
+					 description="copy jboss-ds.xml, replacing keywords">
+			<property name="src.jbossds.cfg" value="${src}/main/resources/config/jboss-ds.xml"/>
+			<delete file="${jboss.deploy.cspace}/jboss-ds.xml" failonerror="false" />
+			<copy file="${src.jbossds.cfg}" todir="${jboss.deploy.cspace}">
+				<filterset>
+					<filter token="DB_URL" value="${db.jdbc.jboss.url}" />
+					<filter token="DB_DRIVER_CLASS" value="${db.jdbc.driver.class}" />
+					<filter token="DB_USER" value="${db.jboss.user}" /> <!-- double-sub from ${db.user} fails -->
+					<filter token="DB_PASSWORD" value="${env.DB_PASSWORD_JBOSS}" /> <!-- double-sub from ${db.user.password} fails -->
+					<filter token="DB_DIALECT" value="${db.dialect}" />
+					<filter token="DB_TYPE_MAPPING" value="${db.typemapping}" />
+ 					<filter token="DB_EXCEPTION_SORTER" value="${db.exceptionsorter}" />
+				</filterset>
+			</copy>
+    </target>
+
+		<target name="setup_cspaceds.cfg"
+					 description="copy cspace-ds.xml, replacing keywords">
+			<property name="src.cspaceds.cfg" value="${src}/main/resources/config/cspace-ds.xml"/>
+			<delete file="${jboss.deploy.cspace}/cspace-ds.xml" failonerror="false" />
+			<copy file="${src.cspaceds.cfg}" todir="${jboss.deploy.cspace}">
+				<filterset>
+					<filter token="DB_CSPACE_URL" value="${db.jdbc.cspace.url}" />
+					<filter token="DB_NUXEO_URL" value="${db.jdbc.nuxeo.url}" />
+					<filter token="DB_DRIVER_CLASS" value="${db.jdbc.driver.class}" />
+					<filter token="DB_CSPACE_USER" value="${db.cspace.user}" />
+					<filter token="DB_NUXEO_USER" value="${db.nuxeo.user}" />
+					<filter token="DB_CSPACE_PASSWORD" value="${env.DB_PASSWORD_CSPACE}" /> <!-- double-sub from ${db.user.password} fails -->
+					<filter token="DB_NUXEO_PASSWORD" value="${env.DB_PASSWORD_NUXEO}" /> <!-- double-sub from ${db.user.password} fails -->
+					<filter token="DB_DIALECT" value="${db.dialect}" />
+					<filter token="DB_TYPE_MAPPING" value="${db.typemapping}" />
+ 					<filter token="DB_EXCEPTION_SORTER" value="${db.exceptionsorter}" />
+				</filterset>
+			</copy>
+    </target>
+
+
     <target name="undeploy"
             description="undeploy services from ${jboss.server.cspace}">
         <ant antfile="services/build.xml" target="undeploy" inheritAll="false"/>
         <ant antfile="3rdparty/build.xml" target="undeploy" inheritAll="false"/>
-        <delete failonerror="false"  file="${jboss.deploy.cspace}/cspace-ds.xml"/>
+				<!-- Delete mysql-ds.xml to clean up pre-1.8 bundles -->
+				<delete failonerror="false" file="${jboss.deploy.cspace}/mysql-ds.xml"/>
+				<delete failonerror="false" file="${jboss.deploy.cspace}/jboss-ds.xml"/>
+        <delete failonerror="false" file="${jboss.deploy.cspace}/cspace-ds.xml"/>
         <delete failonerror="false" dir="${jboss.server.cspace}/cspace/services"/>
         <delete failonerror="false" dir="${jboss.server.cspace}/cspace/config/services"/>
     </target>
diff --git a/installer/build.xml b/installer/build.xml
index 3b4014dd3..73021a717 100644
--- a/installer/build.xml
+++ b/installer/build.xml
@@ -8,7 +8,7 @@
     <property file="build.properties" />
     <property name="src" location="src"/>
 
-    <property name="db" value="mysql"/>
+		<!-- <property name="db" value="mysql"/> -->
     <property name="db.script.dir" location="${basedir}/db/${db}"/>
 
     <condition property="osfamily-unix">
@@ -59,13 +59,13 @@
         <exec executable="echo">
         		<arg value="Installer: Creating necessary databases and associated users and privileges." />
 				</exec>
-        <sql driver="com.mysql.jdbc.Driver"
-        url="jdbc:mysql://localhost:3306/cspace"
-        userid="root"
-        password="admin"
+        <sql driver="${db.jdbc.driver.class}"
+        url="${db.jdbc.baseurl}"
+        userid="${db.user}"
+        password="${db.user.password}"
         src="${db.script.dir}/init_db.sql">
             <classpath>
-                <pathelement path="${jboss.lib.cspace}/mysql-connector-java-5.1.7-bin.jar"/>
+                <pathelement path="${db.driver.jar}"/>
             </classpath>
         </sql>
 				
diff --git a/services/account/client/build.xml b/services/account/client/build.xml
index a51d2431d..633b8e161 100644
--- a/services/account/client/build.xml
+++ b/services/account/client/build.xml
@@ -114,10 +114,10 @@
         <property name="src.hibernate.cfg" value="${basedir}/src/test/resources/hibernate.cfg.xml"/>
         <property name="dest.hibernate.cfg" value="${basedir}/target/test-classes/hibernate.cfg.xml"/>
         <delete file="${dest.hibernate.cfg}" verbose="true" />
-        <filter token="DB_URL" value="${db.jdbc.url}" />
+        <filter token="DB_URL" value="${db.jdbc.cspace.url}" />
         <filter token="DB_DRIVER_CLASS" value="${db.jdbc.driver.class}" />
-        <filter token="DB_USER" value="${env.DB_USER}" /> <!-- double-sub from ${db.user} fails -->
-        <filter token="DB_PASSWORD" value="${env.DB_PASSWORD}" /> <!-- double-sub from ${db.user.password} fails -->
+        <filter token="DB_USER" value="${db.cspace.user}" /> <!-- double-sub from ${db.user} fails -->
+        <filter token="DB_PASSWORD" value="${env.DB_PASSWORD_CSPACE}" /> <!-- double-sub from ${db.user.password} fails -->
         <filter token="DB_DIALECT" value="${db.dialect}" />
         <copy todir="${basedir}/target/test-classes" filtering="true">
             <fileset dir="${basedir}/src/test/resources">
diff --git a/services/account/pstore/build.xml b/services/account/pstore/build.xml
index c158ba18b..12827d730 100644
--- a/services/account/pstore/build.xml
+++ b/services/account/pstore/build.xml
@@ -114,10 +114,10 @@
         <property name="src.hibernate.cfg" value="${basedir}/src/test/resources/hibernate.cfg.xml"/>
         <property name="dest.hibernate.cfg" value="${basedir}/target/test-classes/hibernate.cfg.xml"/>
         <delete file="${dest.hibernate.cfg}" verbose="true" />
-        <filter token="DB_URL" value="${db.jdbc.url}" />
+        <filter token="DB_URL" value="${db.jdbc.cspace.url}" />
         <filter token="DB_DRIVER_CLASS" value="${db.jdbc.driver.class}" />
-        <filter token="DB_USER" value="${env.DB_USER}" /> <!-- double-sub from ${db.user} fails -->
-        <filter token="DB_PASSWORD" value="${env.DB_PASSWORD}" /> <!-- double-sub from ${db.user.password} fails -->
+        <filter token="DB_USER" value="${db.cspace.user}" />
+        <filter token="DB_PASSWORD" value="${env.DB_PASSWORD_CSPACE}" /> <!-- double-sub from ${db.user.password} fails -->
         <filter token="DB_DIALECT" value="${db.dialect}" />
         <copy todir="${basedir}/target/test-classes" filtering="true">
             <fileset dir="${basedir}/src/test/resources">
@@ -153,27 +153,26 @@
 
     <target name="create_db"
             description="create tables(s), indices for account service">
-        <sql driver="com.mysql.jdbc.Driver"
-             url="jdbc:mysql://${db.host}:${db.port}/cspace"
-             userid="${db.user}"
-             password="${db.user.password}"
+				<sql driver="${db.jdbc.driver.class}"
+             url="${db.jdbc.cspace.url}"
+             userid="${db.cspace.user}"
+             password="${db.cspace.user.password}"
              src="${db.script.dir}/account.sql"
-             onerror="continue"
-             >
+             onerror="continue" >
             <classpath>
                 <pathelement path="${db.driver.jar}"/>
             </classpath>
         </sql>
-        <sql driver="com.mysql.jdbc.Driver"
-             url="jdbc:mysql://${db.host}:${db.port}/cspace"
-             userid="${db.user}"
-             password="${db.user.password}"
-             src="${db.script.dir}/account_index.sql"
-             >
+						<sql driver="${db.jdbc.driver.class}"
+             url="${db.jdbc.cspace.url}"
+             userid="${db.cspace.user}"
+             password="${db.cspace.user.password}"
+             src="${db.script.dir}/account_index.sql" >
             <classpath>
                 <pathelement path="${db.driver.jar}"/>
             </classpath>
-        </sql>
+					</sql>
+				<!-- No longer used.
         <sql driver="com.mysql.jdbc.Driver"
              url="jdbc:mysql://${db.host}:${db.port}/cspace"
              userid="${db.user}"
@@ -183,7 +182,7 @@
             <classpath>
                 <pathelement path="${db.driver.jar}"/>
             </classpath>
-        </sql>
+					</sql> -->
     </target>
     <target name="deploy" depends="install"
             description="deploy account service in ${jboss.server.cspace}">
diff --git a/services/authentication/client/build.xml b/services/authentication/client/build.xml
index d379ef979..26abbbff8 100644
--- a/services/authentication/client/build.xml
+++ b/services/authentication/client/build.xml
@@ -113,10 +113,10 @@
         <property name="src.hibernate.cfg" value="${basedir}/src/test/resources/hibernate.cfg.xml"/>
         <property name="dest.hibernate.cfg" value="${basedir}/target/test-classes/hibernate.cfg.xml"/>
         <delete file="${dest.hibernate.cfg}" verbose="true" />
-        <filter token="DB_URL" value="${db.jdbc.url}" />
+        <filter token="DB_URL" value="${db.jdbc.cspace.url}" />
         <filter token="DB_DRIVER_CLASS" value="${db.jdbc.driver.class}" />
-        <filter token="DB_USER" value="${env.DB_USER}" /> <!-- double-sub from ${db.user} fails -->
-        <filter token="DB_PASSWORD" value="${env.DB_PASSWORD}" /> <!-- double-sub from ${db.user.password} fails -->
+        <filter token="DB_USER" value="${db.cspace.user}" /> <!-- double-sub from ${db.user} fails -->
+        <filter token="DB_PASSWORD" value="${env.DB_PASSWORD_CSPACE}" /> <!-- double-sub from ${db.user.password} fails -->
         <filter token="DB_DIALECT" value="${db.dialect}" />
         <copy todir="${basedir}/target/test-classes" filtering="true">
             <fileset dir="${basedir}/src/test/resources">
diff --git a/services/authentication/pstore/build.xml b/services/authentication/pstore/build.xml
index 5d2473e15..dda450f83 100644
--- a/services/authentication/pstore/build.xml
+++ b/services/authentication/pstore/build.xml
@@ -113,10 +113,10 @@
         <property name="src.hibernate.cfg" value="${basedir}/src/test/resources/hibernate.cfg.xml"/>
         <property name="dest.hibernate.cfg" value="${basedir}/target/test-classes/hibernate.cfg.xml"/>
         <delete file="${dest.hibernate.cfg}" verbose="true" />
-        <filter token="DB_URL" value="${db.jdbc.url}" />
+        <filter token="DB_URL" value="${db.jdbc.cspace.url}" />
         <filter token="DB_DRIVER_CLASS" value="${db.jdbc.driver.class}" />
-        <filter token="DB_USER" value="${env.DB_USER}" /> <!-- double-sub from ${db.user} fails -->
-        <filter token="DB_PASSWORD" value="${env.DB_PASSWORD}" /> <!-- double-sub from ${db.user.password} fails -->
+        <filter token="DB_USER" value="${db.cspace.user}" /> <!-- double-sub from ${db.user} fails -->
+        <filter token="DB_PASSWORD" value="${env.DB_PASSWORD_CSPACE}" /> <!-- double-sub from ${db.user.password} fails -->
         <filter token="DB_DIALECT" value="${db.dialect}" />
         <copy todir="${basedir}/target/test-classes" filtering="true">
             <fileset dir="${basedir}/src/test/resources">
@@ -153,36 +153,34 @@
 
     <target name="create_db"
             description="create tables(s), indices for authentication service">
-        <sql driver="com.mysql.jdbc.Driver"
-             url="jdbc:mysql://${db.host}:${db.port}/cspace"
-             userid="${db.user}"
-             password="${db.user.password}"
-             src="${db.script.dir}/authentication.sql"
-             >
+				<sql driver="${db.jdbc.driver.class}"
+             url="${db.jdbc.cspace.url}"
+             userid="${db.cspace.user}"
+             password="${db.cspace.user.password}"
+             src="${db.script.dir}/authentication.sql" >
             <classpath>
                 <pathelement path="${db.driver.jar}"/>
             </classpath>
         </sql>
-        <sql driver="com.mysql.jdbc.Driver"
-             url="jdbc:mysql://${db.host}:${db.port}/cspace"
-             userid="${db.user}"
-             password="${db.user.password}"
-             src="${db.script.dir}/authentication_index.sql"
-             >
+				<sql driver="${db.jdbc.driver.class}"
+             url="${db.jdbc.cspace.url}"
+             userid="${db.cspace.user}"
+             password="${db.cspace.user.password}"
+             src="${db.script.dir}/authentication_index.sql" >
             <classpath>
                 <pathelement path="${db.driver.jar}"/>
             </classpath>
         </sql>
-        <sql driver="com.mysql.jdbc.Driver"
-             url="jdbc:mysql://${db.host}:${db.port}/cspace"
-             userid="${db.user}"
-             password="${db.user.password}"
-             src="${db.script.dir}/test_authentication.sql"
-             >
+				<!-- No longer used
+				<sql driver="${db.jdbc.driver.class}"
+             url="${db.jdbc.cspace.url}"
+             userid="${db.cspace.user}"
+             password="${db.cspace.user.password}"
+             src="${db.script.dir}/test_authentication.sql" >
             <classpath>
                 <pathelement path="${db.driver.jar}"/>
             </classpath>
-        </sql>
+					</sql> -->
     </target>
 
     <target name="deploy" depends="install"
diff --git a/services/authorization-mgt/import/build.xml b/services/authorization-mgt/import/build.xml
index 6b55f19a8..f328d3d41 100644
--- a/services/authorization-mgt/import/build.xml
+++ b/services/authorization-mgt/import/build.xml
@@ -137,13 +137,17 @@
     <target name="setup_hibernate.cfg" description="replace property keywords in hibernate.cfg.xml" depends="install">
         <property name="src.hibernate.cfg" value="${basedir}/src/main/resources/hibernate.cfg.xml"/>
         <property name="dest.hibernate.cfg" value="${basedir}/target/classes/hibernate.cfg.xml"/>
+        <property name="src.appContext.cfg" value="${basedir}/src/main/resources/applicationContext-authorization-test.xml"/>
+        <property name="dest.appContext.cfg" value="${basedir}/target/classes/applicationContext-authorization-test.xml"/>
         <delete file="${dest.hibernate.cfg}" verbose="true" />
-        <filter token="DB_URL" value="${db.jdbc.url}" />
+        <delete file="${dest.appContext.cfg}" verbose="true" />
+        <filter token="DB_URL" value="${db.jdbc.cspace.url}" />
         <filter token="DB_DRIVER_CLASS" value="${db.jdbc.driver.class}" />
-        <filter token="DB_USER" value="${env.DB_USER}" /> <!-- double-sub from ${db.user} fails -->
-        <filter token="DB_PASSWORD" value="${env.DB_PASSWORD}" /> <!-- double-sub from ${db.user.password} fails -->
+        <filter token="DB_USER" value="${db.cspace.user}" /> <!-- double-sub from ${db.user} fails -->
+        <filter token="DB_PASSWORD" value="${env.DB_PASSWORD_CSPACE}" /> <!-- double-sub from ${db.jboss.user.password} fails -->
         <filter token="DB_DIALECT" value="${db.dialect}" />
         <copy tofile="${dest.hibernate.cfg}" file="${src.hibernate.cfg}" filtering="true"/>
+        <copy tofile="${dest.appContext.cfg}" file="${src.appContext.cfg}" filtering="true"/>
     </target>
 
     
diff --git a/services/authorization-mgt/import/src/main/resources/applicationContext-authorization-test.xml b/services/authorization-mgt/import/src/main/resources/applicationContext-authorization-test.xml
index 2dcbb630b..f394cefdc 100644
--- a/services/authorization-mgt/import/src/main/resources/applicationContext-authorization-test.xml
+++ b/services/authorization-mgt/import/src/main/resources/applicationContext-authorization-test.xml
@@ -36,10 +36,10 @@
     </bean>
 
     <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
-        <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
-        <property name="url" value="jdbc:mysql://localhost:3306/cspace"/>
-        <property name="username" value="test"/>
-        <property name="password" value="test"/>
+        <property name="driverClassName" value="@DB_DRIVER_CLASS@"/>
+        <property name="url" value="@DB_URL@"/>
+        <property name="username" value="@DB_USER@"/>
+        <property name="password" value="@DB_PASSWORD@"/>
     </bean>
 
     <bean id="lookupStrategy" class="org.springframework.security.acls.jdbc.BasicLookupStrategy">
diff --git a/services/authorization/pstore/build.xml b/services/authorization/pstore/build.xml
index ad2bbcef0..ef4ea09c5 100644
--- a/services/authorization/pstore/build.xml
+++ b/services/authorization/pstore/build.xml
@@ -113,10 +113,10 @@
         <property name="src.hibernate.cfg" value="${basedir}/src/test/resources/hibernate.cfg.xml"/>
         <property name="dest.hibernate.cfg" value="${basedir}/target/test-classes/hibernate.cfg.xml"/>
         <delete file="${dest.hibernate.cfg}" verbose="true" />
-        <filter token="DB_URL" value="${db.jdbc.url}" />
+        <filter token="DB_URL" value="${db.jdbc.cspace.url}" />
         <filter token="DB_DRIVER_CLASS" value="${db.jdbc.driver.class}" />
-        <filter token="DB_USER" value="${env.DB_USER}" /> <!-- double-sub from ${db.user} fails -->
-        <filter token="DB_PASSWORD" value="${env.DB_PASSWORD}" /> <!-- double-sub from ${db.user.password} fails -->
+        <filter token="DB_USER" value="${db.cspace.user}" /> <!-- double-sub from ${db.user} fails -->
+        <filter token="DB_PASSWORD" value="${env.DB_PASSWORD_CSPACE}" /> <!-- double-sub from ${db.user.password} fails -->
         <filter token="DB_DIALECT" value="${db.dialect}" />
         <copy todir="${basedir}/target/test-classes" filtering="true">
             <fileset dir="${basedir}/src/test/resources">
@@ -153,47 +153,45 @@
 
     <target name="create_db"
             description="create tables(s), indices for authorization service">
-        <sql driver="com.mysql.jdbc.Driver"
-             url="jdbc:mysql://${db.host}:${db.port}/cspace"
-             userid="${db.user}"
-             password="${db.user.password}"
+				<sql driver="${db.jdbc.driver.class}"
+             url="${db.jdbc.cspace.url}"
+             userid="${db.cspace.user}"
+             password="${db.cspace.user.password}"
              src="${db.script.dir}/authorization.sql"
-             onerror="continue"
-             >
+             onerror="continue" >
             <classpath>
                 <pathelement path="${db.driver.jar}"/>
             </classpath>
         </sql>
-        <sql driver="com.mysql.jdbc.Driver"
-             url="jdbc:mysql://${db.host}:${db.port}/cspace"
-             userid="${db.user}"
-             password="${db.user.password}"
-             src="${db.script.dir}/authorization_index.sql"
-             >
+				<sql driver="${db.jdbc.driver.class}"
+						 url="${db.jdbc.cspace.url}"
+             userid="${db.cspace.user}"
+             password="${db.cspace.user.password}"
+             src="${db.script.dir}/authorization_index.sql" >
             <classpath>
                 <pathelement path="${db.driver.jar}"/>
             </classpath>
         </sql>
-        <sql driver="com.mysql.jdbc.Driver"
-             url="jdbc:mysql://${db.host}:${db.port}/cspace"
-             userid="${db.user}"
-             password="${db.user.password}"
-             src="${db.script.dir}/acl.sql"
-             >
+				<sql driver="${db.jdbc.driver.class}"
+             url="${db.jdbc.cspace.url}"
+             userid="${db.cspace.user}"
+             password="${db.cspace.user.password}"
+             src="${db.script.dir}/acl.sql" >
             <classpath>
                 <pathelement path="${db.driver.jar}"/>
             </classpath>
         </sql>
+				<!-- No longer used
         <sql driver="com.mysql.jdbc.Driver"
              url="jdbc:mysql://${db.host}:${db.port}/cspace"
-             userid="${db.user}"
-             password="${db.user.password}"
+             userid="${db.cspace.user}"
+             password="${db.cspace.user.password}"
              src="${db.script.dir}/test_authorization.sql"
              >
             <classpath>
                 <pathelement path="${db.driver.jar}"/>
             </classpath>
-        </sql>
+					</sql> -->
     </target>
 
     <target name="deploy" depends="install"
diff --git a/services/id/service/build.xml b/services/id/service/build.xml
index d38027be6..5c024266f 100644
--- a/services/id/service/build.xml
+++ b/services/id/service/build.xml
@@ -109,22 +109,20 @@
 
     <target name="create_db"
     description="create tables(s), indices for id service">
-        <sql driver="com.mysql.jdbc.Driver"
-        url="jdbc:mysql://${db.host}:${db.port}/cspace"
-        userid="${db.user}"
-        password="${db.user.password}"
-        src="${db.script.dir}/create_id_generators_table.sql"
-        >
+				<sql driver="${db.jdbc.driver.class}"
+            url="${db.jdbc.cspace.url}"
+            userid="${db.cspace.user}"
+            password="${db.cspace.user.password}"
+						src="${db.script.dir}/create_id_generators_table.sql" >
             <classpath>
                 <pathelement path="${db.driver.jar}"/>
             </classpath>
         </sql>
-        <sql driver="com.mysql.jdbc.Driver"
-        url="jdbc:mysql://${db.host}:${db.port}/cspace"
-        userid="${db.user}"
-        password="${db.user.password}"
-        src="${db.script.dir}/load_id_generators.sql"
-        >
+				<sql driver="${db.jdbc.driver.class}"
+            url="${db.jdbc.cspace.url}"
+            userid="${db.cspace.user}"
+            password="${db.cspace.user.password}"
+            src="${db.script.dir}/load_id_generators.sql" >
             <classpath>
                 <pathelement path="${db.driver.jar}"/>
             </classpath>
diff --git a/services/security/client/build.xml b/services/security/client/build.xml
index 736790c2f..4c3cb31a4 100644
--- a/services/security/client/build.xml
+++ b/services/security/client/build.xml
@@ -113,10 +113,10 @@
         <property name="src.hibernate.cfg" value="${basedir}/src/test/resources/hibernate.cfg.xml"/>
         <property name="dest.hibernate.cfg" value="${basedir}/target/test-classes/hibernate.cfg.xml"/>
         <delete file="${dest.hibernate.cfg}" verbose="true" />
-        <filter token="DB_URL" value="${db.jdbc.url}" />
+        <filter token="DB_URL" value="${db.jdbc.cspace.url}" />
         <filter token="DB_DRIVER_CLASS" value="${db.jdbc.driver.class}" />
-        <filter token="DB_USER" value="${env.DB_USER}" /> <!-- double-sub from ${db.user} fails -->
-        <filter token="DB_PASSWORD" value="${env.DB_PASSWORD}" /> <!-- double-sub from ${db.user.password} fails -->
+        <filter token="DB_USER" value="${db.cspace.user}" /> <!-- double-sub from ${db.user} fails -->
+        <filter token="DB_PASSWORD" value="${env.DB_PASSWORD_CSPACE}" /> <!-- double-sub from ${db.cspace.user.password} fails -->
         <filter token="DB_DIALECT" value="${db.dialect}" />
         <copy todir="${basedir}/target/test-classes" filtering="true">
             <fileset dir="${basedir}/src/test/resources">
@@ -127,12 +127,11 @@
 
     <target name="create_db"
     description="create tables(s), indices for security service">
-        <sql driver="com.mysql.jdbc.Driver"
-        url="jdbc:mysql://${db.host}:${db.port}/cspace"
-        userid="${db.user}"
-        password="${db.user.password}"
-        src="${db.script.dir}/test_authn.sql"
-        >
+        <sql driver="${db.jdbc.driver.class}"
+        url="${db.jdbc.cspace.url}"
+        userid="${db.cspace.user}"
+        password="${db.cspace.user.password}"
+        src="${db.script.dir}/test_authn.sql" >
             <classpath>
                 <pathelement path="${db.driver.jar}"/>
             </classpath>
diff --git a/src/main/resources/config/cspace-ds.xml b/src/main/resources/config/cspace-ds.xml
index b8bd83d22..d4831c2e7 100644
--- a/src/main/resources/config/cspace-ds.xml
+++ b/src/main/resources/config/cspace-ds.xml
@@ -9,11 +9,11 @@ http://www.mysql.com/downloads/api-jdbc-stable.html
   <local-tx-datasource>
     <jndi-name>CspaceDS</jndi-name>
     <use-java-context>false</use-java-context>
-    <connection-url>jdbc:mysql://localhost:3306/cspace</connection-url>
-    <driver-class>com.mysql.jdbc.Driver</driver-class>
-    <user-name>test</user-name>
-    <password>test</password>
-    <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter</exception-sorter-class-name>
+    <connection-url>@DB_CSPACE_URL@</connection-url>
+    <driver-class>@DB_DRIVER_CLASS@</driver-class>
+    <user-name>@DB_CSPACE_USER@</user-name>
+    <password>@DB_CSPACE_PASSWORD@</password>
+    <exception-sorter-class-name>@DB_EXCEPTION_SORTER@</exception-sorter-class-name>
     <!-- should only be used on drivers after 3.22.1 with "ping" support
     <valid-connection-checker-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLValidConnectionChecker</valid-connection-checker-class-name>
     -->
@@ -26,17 +26,17 @@ http://www.mysql.com/downloads/api-jdbc-stable.html
 
     <!-- corresponding type-mapping in the standardjbosscmp-jdbc.xml (optional) -->
     <metadata>
-       <type-mapping>mySQL</type-mapping>
+       <type-mapping>@DB_TYPE_MAPPING@</type-mapping>
     </metadata>
   </local-tx-datasource>
   <local-tx-datasource>
     <jndi-name>NuxeoDS</jndi-name>
     <use-java-context>false</use-java-context>
-    <connection-url>jdbc:mysql://localhost:3306/nuxeo</connection-url>
-    <driver-class>com.mysql.jdbc.Driver</driver-class>
-    <user-name>test</user-name>
-    <password>test</password>
-    <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLExceptionSorter</exception-sorter-class-name>
+    <connection-url>@DB_NUXEO_URL@</connection-url>
+    <driver-class>@DB_DRIVER_CLASS@</driver-class>
+    <user-name>@DB_NUXEO_USER@</user-name>
+    <password>@DB_NUXEO_PASSWORD@</password>
+    <exception-sorter-class-name>@DB_EXCEPTION_SORTER@</exception-sorter-class-name>
     <!-- should only be used on drivers after 3.22.1 with "ping" support
     <valid-connection-checker-class-name>org.jboss.resource.adapter.jdbc.vendor.MySQLValidConnectionChecker</valid-connection-checker-class-name>
     -->
@@ -49,7 +49,7 @@ http://www.mysql.com/downloads/api-jdbc-stable.html
 
     <!-- corresponding type-mapping in the standardjbosscmp-jdbc.xml (optional) -->
     <metadata>
-       <type-mapping>mySQL</type-mapping>
+       <type-mapping>@DB_TYPE_MAPPING@</type-mapping>
     </metadata>
   </local-tx-datasource>
 </datasources>
diff --git a/src/main/resources/config/jboss-ds.xml b/src/main/resources/config/jboss-ds.xml
new file mode 100644
index 000000000..e315846d9
--- /dev/null
+++ b/src/main/resources/config/jboss-ds.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!-- $Id: mysql-ds.xml 71535 2008-04-01 07:05:03Z adrian@jboss.org $ -->
+<!--  Datasource config for MySQL using 3.0.9 available from:
+http://www.mysql.com/downloads/api-jdbc-stable.html
+-->
+
+<datasources>
+  <local-tx-datasource>
+    <jndi-name>DefaultDS</jndi-name>
+    <connection-url>@DB_URL@</connection-url>
+    <driver-class>@DB_DRIVER_CLASS@</driver-class>
+    <user-name>@DB_USER@</user-name>
+    <password>@DB_PASSWORD@</password>
+		<!--
+			If and when there is a reliable Postgres exception sorter, can enable this
+			and remove the new-connect-sql
+    <exception-sorter-class-name>@DB_EXCEPTION_SORTER@</exception-sorter-class-name>
+		<new-connection-sql>select 1</new-connection-sql>
+		<check-valid-connection-sql>select 1</check-valid-connection-sql>
+		-->
+    <metadata>
+       <type-mapping>@DB_TYPE_MAPPING@</type-mapping>
+    </metadata>
+  </local-tx-datasource>
+</datasources>
+
diff --git a/src/main/resources/db/mysql/init_db.sql b/src/main/resources/db/mysql/init_db.sql
index 03e8875e4..18cf584bb 100644
--- a/src/main/resources/db/mysql/init_db.sql
+++ b/src/main/resources/db/mysql/init_db.sql
@@ -32,11 +32,11 @@ CREATE database nuxeo DEFAULT CHARACTER SET utf8;
 --
 -- grant privileges to test user on nuxeo and jbossdb databases
 --
-GRANT ALL PRIVILEGES ON jbossdb.* TO 'test'@'localhost' IDENTIFIED BY 'test' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON jbossdb.* TO 'jboss'@'localhost' IDENTIFIED BY 'jbpw' WITH GRANT OPTION;
 FLUSH PRIVILEGES;
-GRANT ALL PRIVILEGES ON cspace.* TO 'test'@'localhost' IDENTIFIED BY 'test' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON cspace.* TO 'cspace'@'localhost' IDENTIFIED BY 'cspw' WITH GRANT OPTION;
 FLUSH PRIVILEGES;
-GRANT ALL PRIVILEGES ON nuxeo.* TO 'test'@'localhost' IDENTIFIED BY 'test' WITH GRANT OPTION;
+GRANT ALL PRIVILEGES ON nuxeo.* TO 'nuxeo'@'localhost' IDENTIFIED BY 'nuxpw' WITH GRANT OPTION;
 --
 -- Grant privileges to read-only user on Nuxeo, for reporting. 
 --
diff --git a/src/main/resources/db/postgresql/init_db.sql b/src/main/resources/db/postgresql/init_db.sql
new file mode 100644
index 000000000..0d44a49f9
--- /dev/null
+++ b/src/main/resources/db/postgresql/init_db.sql
@@ -0,0 +1,28 @@
+-- drop all the objects before dropping roles
+DROP database IF EXISTS jbossdb;
+DROP database IF EXISTS cspace;
+DROP database IF EXISTS nuxeo;
+
+DROP USER IF EXISTS nuxeo;
+DROP USER IF EXISTS cspace;
+DROP USER IF EXISTS jboss;
+
+CREATE ROLE nuxeo WITH PASSWORD 'nuxpw' LOGIN;
+CREATE ROLE cspace WITH PASSWORD 'cspw' LOGIN;
+CREATE ROLE jboss WITH PASSWORD 'jbpw' LOGIN;
+CREATE ROLE reader WITH PASSWORD 'read' LOGIN;
+
+--
+-- recreate jbossdb, cspace, and nuxeo databases
+--
+CREATE database jbossdb OWNER jboss;
+CREATE DATABASE cspace ENCODING 'UTF8' OWNER cspace;
+CREATE DATABASE nuxeo ENCODING 'UTF8' OWNER nuxeo;
+
+--
+-- Grant privileges to read-only user on Nuxeo, for reporting. 
+--
+-- GRANT SELECT ON ALL TABLES IN DATABASE nuxeo TO reader;
+-- Will have to do this with a script after the nuxeo DB has been started,
+-- since there is no wildcard syntax for grants (!). If nuxeo used a schema, 
+-- it would be easy. Check that.
-- 
2.47.3