z/OS® Connect provides a framework that enables interceptors, or methods, to work with
operations such as service invoke, status, start, or stop. Interceptors are OSGi services
that implement the com.ibm.wsspi.zos.connect.Interceptor Service
Provider Interface (SPI) that is provided by z/OS Connect.
About this task
You can use interceptors for various purposes. z/OS Connect
has no visibility into what an interceptor is used for. For example,
an interceptor might be written to perform some infrastructure setup
that is based on the message payload before the request is processed.
z/OS Connect provides a copy of the input request payload to all
interceptors.
z/OS Connect provides the <zosConnectService> configuration
element that enables the administrator to configure a set of attributes
that apply to a particular service. One of these attributes is interceptorsRef,
which points to a configuration element that lists one or more interceptors
to run for a specific service.
This task describes how to define
a z/OS Connect interceptor and a list of interceptors and also explains
how to associate the interceptors with one or more services in the
configuration for a server. This task also includes a description
of how to enable the z/OS Connect-provided audit and authorization
interceptors for services.
Procedure
- Update the <zosConnectService> element
for each service in your server.xml configuration
for which you want to enable an interceptor or list of interceptors
for.
<!--z/OS Connect service definitions -->
<zosConnectService id="zcs1"
serviceName="recordOpsCreate"
serviceRef="wolaOpsCreateService"
interceptorsRef="opsCreateInterceptorList"/>
- Create the associated <zosConnectInterceptors> element.
<!-- User Interceptor definitions -->
<usr_userInterceptorOne id="userI1" sequence="1"/>
<usr_userInterceptorTwo id="userI2" sequence="2"/>
<zosConnectInterceptors id="opsCreateInterceptorList" interceptorRef="userI1, userI2"/>
The name of the interceptor list in this example is greetingsInterceptorList.
There are two interceptors referred to here, userI1 and
userI2. Interceptor implementations use the Liberty SPI extensions. These interceptors must
define their metatypes to the Liberty server
and create an implementation of the com.ibm.wsspi.zos.connect.Interceptor
class. In this example, an implementation of this class was created with a metatype that defines the
elements usr_userInterceptorOne and usr_userInterceptorTwo . The name of the configuration element
where the list of interceptors is provided is called interceptorsRef. It is not a required
attribute.
- Optional: Create a global interceptor list and enable it
in the <zosConnectManager> element. The
globalInterceptorsRef item is the name of the element in the configuration
that describes the set of z/OS Connect interceptors that apply to
all of the services in the configuration.
<zosConnectManager id="zosConnectGlobals" globalInterceptorsRef="GlobalInterceptors"/>
<!-- User Interceptor definitions -->
<usr_userInterceptorOne id="userI1" sequence="1"/>
<usr_userInterceptorTwo id="userI2" sequence="2"/>
<zosConnectInterceptors id="globalInterceptors" interceptorRef="userI1, userI2"/>
- Optional: Enable the z/OS Connect-provided audit, authorization, or logging interceptors for a
service or set of services. The z/OS Connect-supplied audit interceptor implements the
com.ibm.wsspi.zos.connect.Interceptor SPI to store audit or tracking
information in the z/OS System Management Facility (SMF) data sets. The authorization interceptor
gives the ability to verify that the current authenticated user has the authority to perform the
requested action. Examples of actions that are checked include service action=invoke, start, or
stop. You enable these interceptors for one or more services in the z/OS Connect server
configuration. The following example shows how to enable both the audit and authorization
interceptors for a single
service:
<!-- z/OS Connect service definition -->
<zosConnectService id="zcs1"
serviceName="recordOpsCreate"
serviceRef="wolaOpsCreateService"
interceptorsRef="opsCreateInterceptorList1"/>
<!-- Audit and authorization interceptor definitions -->
<authorizationInterceptor id="authInterceptor1" sequence="1"/>
<auditInterceptor id="auditInterceptor1" sequence="2"/>
<zosConnectInterceptors id="opsCreateInterceptorList1" interceptorRef="auditInterceptor1, authInterceptor1"/>