Developing custom user registries

Before you begin

WebSphere Application Server security supports the use of custom registries in addition to Local OS and Lightweight Directory Access Protocol (LDAP) registries for authentication and authorization purposes. A custom user registry is a customer implemented user registry which implements the UserRegistry Java interface as provided by WebSphere Application Server. A custom implemented user registry can support virtually any type or notion of an accounts repository from a relational database, flat file, and so on. The custom user registry provides considerable flexibility in adapting WebSphere Application Server security to various environments where some notion of a user registry, other than LDAP or LocalOS, already exist in the operational environment.

Implementing a custom user registry is a software development effort. Use the methods defined in the UserRegistry interface to make calls to the desired registry to obtain user and group information. The interface defines a very general set of methods, for encapsulating a wide variety of registries. You can configure a custom user registry as the active user registry when configuring WebSphere Application Server global security.

Make sure that your implementation of the custom registry does not depend on any WebSphere Application Server components such as data sources, enterprise beans, and so on. Do not have this dependency because security is initialized and enabled prior to most of the other WebSphere Application Server components during startup. If your previous implementation used these components, make a change that will eliminate the dependency. For example, if your previous implementation used data sources to connect to a database, use Java database connectivity (JDBC) to connect to the database.

For backward compatibility, the WebSphere Application Server Version 4 custom registry is also supported. Refer to the Migrating custom user registries for more information on migrating. If your previous implementation uses data sources to connect to a database, change the implementation to use Java database connectivity (JDBC) connections. However, it is recommended that you use the new interface to implement your custom registry.

Steps for this task

  1. If not familiar with the custom user registry concept, refer to the article, Custom user registries.
    This section explains each of the methods in the interface in detail and the changes for these methods from the version 4 release.
  2. Implement all the methods in the interface except for the CreateCredential method, which is implemented by WebSphere Application Server.
    FileRegistrySample.java file for WebSphere Application Server is provided for reference.

    Note: The sample that is provided is intended to familiarize you with this feature. Do not use this sample in an actual production environment.

  3. Build your implementation.
    You need the %install_root%/lib/sas.jar and %install_root%/lib/wssec.jar files in your class path. For example: %install_root%\java\bin\javac -classpath %install_root%\lib\wssec.jar;%install_root%\lib\sas.jar yourImplementationFile.java.
  4. Copy the class files generated in the previous step to the product class path.
    The preferred location is the %install_root%/lib/ext directory. This should be copied to all the product processes (cell, all NodeAgents) class path.
  5. Follow the steps in Configuring custom user registries to configure your implementation using the administrative console.

Example

What to do next

If you enabling security, make sure you complete the remaining steps. Once this is done, make sure you save and synchronize the configuration and restart all the servers. Try accessing some J2EE resources to verify that the custom registry implementation is successful.

Related concepts
Custom user registries
Related tasks
Configuring custom user registries
Related reference
UserRegistry interface methods
UserRegistry.java files
FileRegistrySample.java file for WebSphere Application Server Version 5 and Version 5.0.1[5.0 only][Version 5.0.1]
FileRegistrySample.java file for WebSphere Application Server[Version 5.0.2 and later]
Custom user registry settings



Searchable topic ID:   tsectbucs
Last updated: Jun 21, 2007 4:12:58 PM CDT    WebSphere Application Server Express, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.exp.doc/info/exp/ae/tsec_tbucs.html

Library | Support | Terms of Use | Feedback