[Version 5.0.1]FileRegistrySample.java file for WebSphere Application Server Version 5 and Version 5.0.1

[Version 5.0.2 and later]If you are using WebSphere Application Server Version 5.0.2 or later, see FileRegistrySample.java file for WebSphere Application Server Version 5.0.2. The user and group information required by this sample is contained in the users.props and groups.props files.

The contents of the FileRegistrySample.java file:

package com.ibm.websphere.security;
//
// 5639-D57, 5630-A36, 5630-A37, 5724-D18 (C) COPYRIGHT International Business Machines Corp. 1997, 2002
// All Rights Reserved * Licensed Materials - Property of IBM
//

//----------------------------------------------------------------------
// This program may be used, executed, copied, modified and distributed 
// without royalty for the purpose of developing, using, marketing, or 
// distributing.
//----------------------------------------------------------------------
// 

// This sample is for the Custom User Registry feature in WebSphere

//----------------------------------------------------------------------
// The main purpose of this sample is to demonstrate the use of the
// Custom Registry feature available in WebSphere. This sample is a very 
// simple File based registry sample where the users and the groups information
// is listed in files (users.props and groups.props). As such simplicity and
// not the performance was a major factor behind this. This sample should be
// used only to get familiarized with this feature. An actual implementation
// of a realistic registry should consider various factors like performance, 
// scalability etc.
//----------------------------------------------------------------------
import java.util.*;
import java.io.*;
import java.security.cert.X509Certificate;
import com.ibm.websphere.security.*;

public class FileRegistrySample implements UserRegistry {

   private static String USERFILENAME = null;        
   private static String GROUPFILENAME = null;

   // Default Constructor
   public FileRegistrySample() throws java.rmi.RemoteException {
   }

   /**
   * Initializes the registry. This method is called when creating the
   * registry.
   *
   * @param         props   the registry-specific properties with which to
   *                       initialize the  custom registry
   * @exception    CustomRegistryException
   *                       if there is any registry specific problem
   **/
      public void initialize(java.util.Properties props)
         throws CustomRegistryException {

try {
          /* try getting the USERFILENAME and the GROUPFILENAME from 
          * properties that are passed in (for example, from the 
          * administrative console). These values should be set in the 
          * security center administrative console in the Special Custom
          * Settings in the Custom User Registry section of the Authentication 
          * panel.
          * For example: 
          * usersFile   c:/temp/users.props
          * groupsFile  c:/temp/groups.props
          */
       if (props != null) {
             USERFILENAME = props.getProperty("usersFile");
             GROUPFILENAME = props.getProperty("groupsFile");
          }

      } catch(Exception ex) {
         throw new CustomRegistryException(ex.getMessage());
      }

      if (USERFILENAME == null || GROUPFILENAME == null) {
         throw new CustomRegistryException("users/groups information missing");
      }

   }

   /**
   * Checks the password of the user. This method is called to authenticate a
   * user when the user's name and password are given.
   *
   * @param       userSecurityName the name of user
   * @param       password the password of the user
   * @return       a valid userSecurityName. Normally this is
   *                     the name of same user whose password was checked but if the
   *                      implementation wants to return any other valid
   *                     userSecurityName in the registry it can do so
   * @exception   CheckPasswordFailedException if userSecurityName/
   *                     password combination does not exist in the registry
   * @exception    CustomRegistryException if there is any registry specific
   *                       problem
   **/
   public String checkPassword(String userSecurityName, String passwd) 
      throws PasswordCheckFailedException,
             CustomRegistryException {
      String s,userName = null;
      BufferedReader in = null;
    
      try {
         in = fileOpen(USERFILENAME);
         while ((s=in.readLine())!=null)
         {
            if (!(s.startsWith("#") || s.trim().length() <=0 )) {
               int index = s.indexOf(":");
               int index1 = s.indexOf(":",index+1);
               // check if the userSecurityName:passwd combination exists
               if ((s.substring(0,index)).equals(userSecurityName) && 
                       s.substring(index+1,index1).equals(passwd)) {
                  // Authentication successful, return the userId.
                  userName = userSecurityName;
                  break;
               }
            }
         }
      } catch(Exception ex) {
         throw new CustomRegistryException(ex.getMessage());
      } finally {
         fileClose(in);
      }
       

      if (userName == null) {
         throw new PasswordCheckFailedException(userSecurityName);
      } 

      return userName;
   }

  /**
   * Maps a Certificate (of X509 format) to a valid user in the Registry.
   * This is used to map the name in the certificate supplied by a browser
   * to a valid userSecurityName in the registry
   *
   * @param        cert the X509 certificate chain
   * @return         the mapped name of the user userSecurityName
   * @exception    CertificateMapNotSupportedException if the particular
   *                      certificate is not supported.
   * @exception    CertificateMapFailedException if the mapping of the
   *                       certificate fails.
   * @exception    CustomRegistryException if there is any registry specific
   *                       problem
   **/
    public String mapCertificate(X509Certificate[] cert)
      throws CertificateMapNotSupportedException,
             CertificateMapFailedException,
             CustomRegistryException {
      String name=null;
      X509Certificate cert1 = cert[0];
      try {
         // map the SubjectDN in the certificate to a userID.
         name = cert1.getSubjectDN().getName();
      } catch(Exception ex) {
         throw new CertificateMapNotSupportedException(ex.getMessage());
      }

      if(!isValidUser(name)) {
         throw new CertificateMapFailedException(name);
      }
      return name;
   }

 /**
   * Returns the realm of the registry.
   *
   * @return        the realm. The realm is a registry-specific string indicating
   *                     the realm or domain for which this registry
   *                     applies.  For example, for OS400 or AIX this would be the
   *                      host name of the system whose user registry this object
   *                      represents.
   *                      If null is returned by this method realm defaults to the
   *                      value of "customRealm". It is recommended that you use
   *                      your own value for realm.
   * @exception   CustomRegistryException if there is any registry specific
   *                      problem
   **/
   public String getRealm()
      throws CustomRegistryException {
      String name = "customRealm";
      return name;
   }

  /**
   * Gets a list of users that match a pattern  in the registry.
   * The maximum number of users returned is defined by the limit
   * argument.
   * This method is called by the administrative console and scripting 
   * (command line) to make available the users in the registry for adding 
   * them (users) to roles.
   *
   * @param       pattern the pattern to match. (For example., a* will match all
   *                     userSecurityNames starting with a)
   * @param        limit the maximum number of users that should be returned.
   *                     This is very useful in situations where there are thousands of
   *                      users in the registry and getting all of them at once is not
   *                      practical. The default is 100. A value of 0 implies get all the
   *                      users and hence must be used with care.
   * @return          a Result object that contains the list of users
   *                       requested and a flag to indicate if more users exist.
   * @exception    CustomRegistryException if there is any registry specific
   *                       problem
   **/
   public Result getUsers(String pattern, int limit)
      throws CustomRegistryException {
      String s;
      BufferedReader in = null;
      List allUsers = new ArrayList();
      Result result = new Result();
      int count = 0;
      int newLimit = limit+1;
      try {
         in = fileOpen(USERFILENAME);
         while ((s=in.readLine())!=null)
         {
            if (!(s.startsWith("#") || s.trim().length() <=0 )) {
               int index = s.indexOf(":");
               String user = s.substring(0,index);
               if (match(user,pattern)) {
                  allUsers.add(user);
                  if (limit !=0 && ++count == newLimit) {
                     allUsers.remove(user);
                     result.setHasMore();
                     break;
                  }
               }
            }
         }
      } catch (Exception ex) {
         throw new CustomRegistryException(ex.getMessage());
      } finally {
         fileClose(in);
      }

      result.setList(allUsers);
      return result;
   }

/**
   * Returns the display name for the user specified by userSecurityName.
   *
   * This method may be called only when the user information is displayed
   * (i.e information purposes only, for example, in the administrative console) 
   * and hence not used in the actual authentication or authorization purposes. 
   * If there are no display names in the registry return null or empty string.
   *
   * In WebSphere Application Server Version 4 custom registry, if you had a display 
   * name for the user and if it was different from the security name, the 
   * display name was returned for the EJB methods getCallerPrincipal() and the
   * servlet methods getUserPrincipal() and  getRemoteUser().
   * In WebSphere Application Server Version 5 for the same methods the security 
   * name will be returned by default. This is the recommended way as the display 
   * name is not unique and might create security holes.
   * However, for backward compatibility if one needs the display name to
   * be returned set the property WAS_UseDisplayName to true.
   *
   * See the documentation for more information.
   *
   * @param       userSecurityName the name of the user.
   * @return        the display name for the user. The display name
   *                     is a registry-specific string that represents a descriptive, not
   *                     necessarily unique, name for a user. If a display name does
   *                      not exist return null or empty string.
   * @exception   EntryNotFoundException if userSecurityName does not exist.
   * @exception   CustomRegistryException if there is any registry specific
   *                      problem
   **/
   public String getUserDisplayName(String userSecurityName)
      throws CustomRegistryException,
             EntryNotFoundException {

      String s,displayName = null;
      BufferedReader in = null;

      if(!isValidUser(userSecurityName)) {
         EntryNotFoundException nsee = new EntryNotFoundException(userSecurityName);
         throw nsee;
      }

      try {
         in = fileOpen(USERFILENAME);
         while ((s=in.readLine())!=null)
         {
            if (!(s.startsWith("#") || s.trim().length() <=0 )) {
               int index = s.indexOf(":");
               int index1 = s.lastIndexOf(":");
               if ((s.substring(0,index)).equals(userSecurityName)) {
                  displayName = s.substring(index1+1);
                  break;
               }
            }
         }
      } catch(Exception ex) {
         throw new CustomRegistryException(ex.getMessage());
      } finally {
         fileClose(in);
      }

      return displayName;
   }

 /**
   * Returns the UniqueId for a userSecurityName. This method is called when
   * creating a credential for a user.
   *
   * @param         userSecurityName the name of the user.
   * @return         the UniqueId of the user. The UniqueId for an user is
   *                       the stringified form of some unique, registry-specific, data
   *                       that serves to represent the user.  For example, for the UNIX
   *                       user registry, the UniqueId for a user can be the UID.
   * @exception    EntryNotFoundException if userSecurityName does not exist.
   * @exception    CustomRegistryException if there is any registry specific
   *                       problem
   **/
   public String getUniqueUserId(String userSecurityName)
      throws CustomRegistryException, 
             EntryNotFoundException {

      String s,uniqueUsrId = null;
      BufferedReader in = null;
      try {
         in = fileOpen(USERFILENAME);
         while ((s=in.readLine())!=null)
         {
            if (!(s.startsWith("#") || s.trim().length() <=0 )) {
               int index = s.indexOf(":");
               int index1 = s.indexOf(":", index+1);
               if ((s.substring(0,index)).equals(userSecurityName)) {
                  int index2 = s.indexOf(":", index1+1);
                  uniqueUsrId = s.substring(index1+1,index2);
                  break;
               }
            }
         }
      } catch(Exception ex) {
         throw new CustomRegistryException(ex.getMessage());
      } finally {
         fileClose(in);
      }

      if (uniqueUsrId == null) {
         EntryNotFoundException nsee = new EntryNotFoundException(userSecurityName);
         throw nsee;
      }

      return uniqueUsrId;
   }

  /**
   * Returns the name for a user given its uniqueId.
   *
   * @param       uniqueUserId the UniqueId of the user.
   * @return        the userSecurityName of the user.
   * @exception   EntryNotFoundException if the uniqueUserId does not exist.
   * @exception   CustomRegistryException if there is any registry specific
   *                      problem
   **/   public String getUserSecurityName(String uniqueUserId)
      throws CustomRegistryException,
             EntryNotFoundException {
      String s,usrSecName = null;
      BufferedReader in = null;
      try {
         in = fileOpen(USERFILENAME);
         while ((s=in.readLine())!=null)
         {
            if (!(s.startsWith("#") || s.trim().length() <=0 )) {
               int index = s.indexOf(":");
               int index1 = s.indexOf(":", index+1);
               int index2 = s.indexOf(":", index1+1);
               if ((s.substring(index1+1,index2)).equals(uniqueUserId)) {
                  usrSecName = s.substring(0,index);
                  break;
               }
            }
         }
      } catch (Exception ex) {
         throw new CustomRegistryException(ex.getMessage());
      } finally {
         fileClose(in);
      }

      if (usrSecName == null) {
         EntryNotFoundException ex =
            new EntryNotFoundException(uniqueUserId);
         throw ex;
      }

      return usrSecName;

   }

  /**
   * Determines if the userSecurityName  exists in the registry
   *
   * @param     userSecurityName the name of the user
   * @return    true if the user is valid. false otherwise
   * @exception CustomRegistryException if there is any registry specific
   *            problem
   * @exception RemoteException as this extends java.rmi.Remote
   **/
   public boolean isValidUser(String userSecurityName)
      throws CustomRegistryException {
      String s;
      boolean isValid = false;
      BufferedReader in = null;
      try {
         in = fileOpen(USERFILENAME);
         while ((s=in.readLine())!=null)
         {
            if (!(s.startsWith("#") || s.trim().length() <=0 )) {
               int index = s.indexOf(":");
               if ((s.substring(0,index)).equals(userSecurityName)) {
                  isValid=true;
                  break;
               }
            }
         }
      } catch (Exception ex) {
         throw new CustomRegistryException(ex.getMessage());
      } finally {
         fileClose(in);
      }

      return isValid;
   }

  /**
   * Gets a list of groups that match a pattern  in the registy.
   * The maximum number of groups returned is defined by the limit
   * argument.
   * This method is called by the administrative console) and scripting (command line) to
   * make available the groups in the registry for adding them (groups) to
   * roles.
   *
   * @param      pattern the pattern to match. (For example., a* will match all
   *                    groupSecurityNames starting with a)
   * @param       limit the maximum number of groups that should be returned.
   *                     This is very useful in situations where there are thousands of
   *                     groups in the registry and getting all of them at once is not
   *                     practical. The default is 100. A value of 0 implies get all the
   *                     groups and hence must be used with care.
   * @return        a Result object that contains the list of groups
   *                     requested and a flag to indicate if more groups exist.
   * @exception   CustomRegistryException if there is any registry specific
   *                      problem
   **/
   public Result getGroups(String pattern, int limit)
      throws CustomRegistryException {
      String s;
      BufferedReader in = null;
      List allGroups = new ArrayList();
      Result result = new Result();
      int count = 0;
      int newLimit = limit+1;
      try {
         in = fileOpen(GROUPFILENAME);
         while ((s=in.readLine())!=null)
         {
            if (!(s.startsWith("#") || s.trim().length() <=0 )) {
               int index = s.indexOf(":");
               String group = s.substring(0,index);
               if (match(group,pattern)) {
                  allGroups.add(group);
                  if (limit !=0 && ++count == newLimit) {
                     allGroups.remove(group);
                     result.setHasMore();
                     break;
                  }
               }
            }
         }
      } catch (Exception ex) {
         throw new CustomRegistryException(ex.getMessage());
      } finally {
         fileClose(in);
      }
  
      result.setList(allGroups);
      return result;
   }

  /**
   * Returns the display name for the group specified by groupSecurityName.
   * For this version of WebSphere Application Server, the only usage of this 
   * method is by the clients (administrative console and scripting) to 
   * present a descriptive name of the user if it exists.
   *
   * @param        groupSecurityName the name of the group.
   * @return         the display name for the group. The display name
   *                       is a registry-specific string that represents a descriptive, not
   *                       necessarily unique, name for a group. If a display name does
   *                       not exist return null or empty string.
   * @exception    EntryNotFoundException if groupSecurityName does not exist.
   * @exception    CustomRegistryException if there is any registry specific
   *                      problem
   **/
   public String getGroupDisplayName(String groupSecurityName)
      throws CustomRegistryException,
             EntryNotFoundException {
      String s,displayName = null;
      BufferedReader in = null;

      if(!isValidGroup(groupSecurityName)) {
         EntryNotFoundException nsee = new EntryNotFoundException(groupSecurityName);
         throw nsee;
      }
      
      try {
         in = fileOpen(GROUPFILENAME);
         while ((s=in.readLine())!=null)
         {
            if (!(s.startsWith("#") || s.trim().length() <=0 )) {
               int index = s.indexOf(":");
               int index1 = s.lastIndexOf(":");
               if ((s.substring(0,index)).equals(groupSecurityName)) {
                  displayName = s.substring(index1+1);
                  break;
               }
            }
         }
      } catch(Exception ex) {
         throw new CustomRegistryException(ex.getMessage());
      } finally {
         fileClose(in);
      }
   
      return displayName;
   }

 /**
   * Returns the Unique id for a group.

   * @param      groupSecurityName the name of the group.
   * @return       the Unique id of the group. The Unique id for
   *                    a group is the stringified form of some unique,
   *                     registry-specific, data that serves to represent the group.
   *                     For example, for the Unix user registry, the Unique id could
   *                      be the GID.
   * @exception   EntryNotFoundException if groupSecurityName does not exist.
   * @exception   CustomRegistryException if there is any registry specific
   *                      problem
   * @exception RemoteException as this extends java.rmi.Remote
   **/
   public String getUniqueGroupId(String groupSecurityName)
      throws CustomRegistryException,
             EntryNotFoundException {
      String s,uniqueGrpId = null;
      BufferedReader in = null;
      try {
         in = fileOpen(GROUPFILENAME);
         while ((s=in.readLine())!=null)
         {
            if (!(s.startsWith("#") || s.trim().length() <=0 )) {
               int index = s.indexOf(":");
               int index1 = s.indexOf(":", index+1);
               if ((s.substring(0,index)).equals(groupSecurityName)) {
                  uniqueGrpId = s.substring(index+1,index1);
                  break;
               }
            }
         }
      } catch(Exception ex) {
         throw new CustomRegistryException(ex.getMessage());
      } finally {
         fileClose(in);
      }

      if (uniqueGrpId == null) {
         EntryNotFoundException nsee = new EntryNotFoundException(groupSecurityName);
         throw nsee;
      }
      
      return uniqueGrpId;
   }

 /**
   * Returns the Unique ids for all the groups that contain the UniqueId of
   * a user. Called during creation of a user's credential.
   *
   * @param        uniqueUserId the uniqueId of the user.
   * @return        a List of all the group UniqueIds that the uniqueUserId
   *                      belongs to. The Unique id for an entry is the stringified
   *                      form of some unique, registry-specific, data that serves
   *                      to represent the entry.  For example, for the
   *                      Unix user registry, the Unique id for a group could be the GID
   *                      and the Unique Id for the user could be the UID.
   * @exception    EntryNotFoundException if uniqueUserId does not exist.
   * @exception    CustomRegistryException if there is any registry specific
   *                       problem
   **/
   public List getUniqueGroupIds(String uniqueUserId)
      throws CustomRegistryException,
             EntryNotFoundException {
      String s,uniqueGrpId = null;
      BufferedReader in = null;
      List uniqueGrpIds=new ArrayList();
      try {
         in = fileOpen(USERFILENAME);
         while ((s=in.readLine())!=null)
         {
            if (!(s.startsWith("#") || s.trim().length() <=0 )) {
               int index = s.indexOf(":");
               int index1 = s.indexOf(":", index+1);
               int index2 = s.indexOf(":", index1+1);
               if ((s.substring(index1+1,index2)).equals(uniqueUserId)) {
                  int lastIndex = s.lastIndexOf(":");
                  String subs = s.substring(index2+1,lastIndex);
                  StringTokenizer st1 = new StringTokenizer(subs, ",");
                  while (st1.hasMoreTokens()) 
                     uniqueGrpIds.add(st1.nextToken());
                  break;
               }
            }
         }
      } catch(Exception ex) {
         throw new CustomRegistryException(ex.getMessage());
      } finally {
         fileClose(in);
      }

      return uniqueGrpIds;
   }

  /**
   * Returns the name for a group given its uniqueId.
   *
   * @param         uniqueGroupId the UniqueId of the group.
   * @return         the name of the group.
   * @exception    EntryNotFoundException if the uniqueGroupId does not exist.
   * @exception    CustomRegistryException if there is any registry specific
   *                       problem
   **/
   public String getGroupSecurityName(String uniqueGroupId)
      throws CustomRegistryException,
             EntryNotFoundException {
      String s,grpSecName = null;
      BufferedReader in = null;
      try {
         in = fileOpen(GROUPFILENAME);
         while ((s=in.readLine())!=null)
         {
            if (!(s.startsWith("#") || s.trim().length() <=0 )) {
               int index = s.indexOf(":");
               int index1 = s.indexOf(":", index+1);
               if ((s.substring(index+1,index1)).equals(uniqueGroupId)) {
                  grpSecName = s.substring(0,index);
                  break;
               }
            }
         }
      } catch (Exception ex) {
         throw new CustomRegistryException(ex.getMessage());
      } finally {
         fileClose(in);
      }

      if (grpSecName == null) {
         EntryNotFoundException ex = 
            new EntryNotFoundException(uniqueGroupId);
         throw ex;
      }

      return grpSecName;

   }

 /**
   * Determines if the groupSecurityName  exists in the registry
   *
   * @param        groupSecurityName the name of the group
   * @return         true if the groups exists, false otherwise
   * @exception    CustomRegistryException if there is any registry specific
   *                       problem
   **/
   public boolean isValidGroup(String groupSecurityName)
      throws CustomRegistryException {
      String s;
      boolean isValid = false;
      BufferedReader in = null;
      try {
         in = fileOpen(GROUPFILENAME);
         while ((s=in.readLine())!=null)
         {
            if (!(s.startsWith("#") || s.trim().length() <=0 )) {
               int index = s.indexOf(":");
               if ((s.substring(0,index)).equals(groupSecurityName)) {
                  isValid=true;
                  break;
               }
            }
         }
      } catch (Exception ex) {
         throw new CustomRegistryException(ex.getMessage());
      } finally {
         fileClose(in);
      }

      return isValid;
   }

  /**
   * Returns the securityNames of all the groups that contain the user
   *
   * This method is called by administrative console and scripting (command line)
   * to verify the user entered for RunAsRole mapping belongs to that role
   * in the roles to user mapping. Initially, the check is done to see if
   * the role contains the user. If the role does not contain the user
   * explicitly, this method is called to get the groups that this user
   * belongs to so that check can be made on the groups that the role contains.
   *
   * @param       userSecurityName the name of the user
   * @return        a List of all the group securityNames that the user
   *                      belongs to.
   * @exception   EntryNotFoundException if user does not exist.
   * @exception   CustomRegistryException if there is any registry specific
   *                      problem
   * @exception    RemoteException as this extends java.rmi.Remote
   **/
   public List getGroupsForUser(String userName)
      throws CustomRegistryException,
             EntryNotFoundException {
      String s;
      List grpsForUser = new ArrayList();
      BufferedReader in = null;
      try {
         in = fileOpen(GROUPFILENAME);
         while ((s=in.readLine())!=null)
         {
            if (!(s.startsWith("#") || s.trim().length() <=0 )) {
               StringTokenizer st = new StringTokenizer(s, ":");
               for (int i=0; i<2; i++)
                  st.nextToken();
               String subs = st.nextToken();
               StringTokenizer st1 = new StringTokenizer(subs, ",");
               while (st1.hasMoreTokens()) {
                  if((st1.nextToken()).equals(userName)) {
                     int index = s.indexOf(":");
                     grpsForUser.add(s.substring(0,index));
                  }
               }
            }
         }
      } catch (Exception ex) {
         if (!isValidUser(userName)) {
            throw new EntryNotFoundException(userName);
         }
         throw new CustomRegistryException(ex.getMessage());
      } finally {
         fileClose(in);
      }

      return grpsForUser;
   }

 /**
   * Gets a list of users in a group.  
   *
   * The maximum number of users returned is defined by the limit
   * argument.
   *
   * This method is not used by WebSphere Application Server for
   * authenticating or authorization purposes. This is, however, 
   * used by some of the WebSphere Application Server  clients 
   * like Workflow.
   *
   * If you are working with a registry where getting all the users
   * from any of your groups is not practical (for example if there 
   * are a large number of users) you can through the NotImplementedException. 
   * Also, if you implement this method, you can still throw this 
   * exception if the limit exceeds some practical value.
   * When the NotImplementedException is thrown the client program 
   * falls back to some default implementation which should be documented
   * by the client.
   *
   * @param	       groupSecurityName the name of the group
   * @param	       limit the maximum number of users that should 
   *		            be returned. This is very useful in situations  
   *               where there are many users in the registry and 
   *               getting all of them at once is not practical. A 
   *               value of 0 implies all the users and hence 
   *               must be used with care. 
   * @return	       a Result object that contains the list 
   * 		         of users requested and a flag to indicate if 
   *               more users exist.
   * @deprecated   This method will be deprecated in future.
   * @exception	  NotImplementedException throw this exception 
   *               if it is not practical to get this information 
   *               from your registry.
   * @exception	  EntryNotFoundException if the group does not 
   *               exist in the registry
   * @exception 	  CustomRegistryException if there is any registry- 
   *               specific problem
   **/
   public Result getUsersForGroup(String groupSecurityName, int limit)
      throws NotImplementedException,
             EntryNotFoundException,
             CustomRegistryException {
      String s, user;
      BufferedReader in = null;
      List usrsForGroup = new ArrayList();
      int count = 0;
      int newLimit = limit+1;
      Result result = new Result();

      // As mentioned in the Javadoc if the registry cannot handle a 
      // large limit value it can throw the NotImplementedException. 
      // For example.
      if (limit > 50)
         throw new NotImplementedException("Limit exceeds 50");

      try {
         in = fileOpen(GROUPFILENAME);
         while ((s=in.readLine())!=null)
         {
            if (!(s.startsWith("#") || s.trim().length() <=0 )) {
               int index = s.indexOf(":");
               if ((s.substring(0,index)).equals(groupSecurityName))
               {
                  StringTokenizer st = new StringTokenizer(s, ":");
                  for (int i=0; i<2; i++)
                     st.nextToken();
                  String subs = st.nextToken();
                  StringTokenizer st1 = new StringTokenizer(subs, ",");
                  while (st1.hasMoreTokens()) {
                     user = st1.nextToken();
                     usrsForGroup.add(user);
                     if (limit !=0 && ++count == newLimit) {
                        usrsForGroup.remove(user);
                        result.setHasMore();
                        break;
                     }
                  }
               }
            }
         }
      } catch (Exception ex) {
         if (!isValidGroup(groupSecurityName)) {
            throw new EntryNotFoundException(groupSecurityName);
         }
         throw new CustomRegistryException(ex.getMessage());
      } finally {
         fileClose(in);
      }

      result.setList(usrsForGroup);
      return result;
   }

 /**
   * Create Credential for a user. For this version of WebSphere Application 
   * Server, one should throw an NotImplementedException. This will be 
   * implemented internally by the WebSphere Application Server code and 
   * should not be implemented by the custom user registry.
   *
   * @param        userSecurityName the name of the user.
   * @return       com.ibm.websphere.security.cred.WSCredential
   * @exception    CustomRegistryException if there is any problem.
   * @exception    EntryNotFoundException if the uniqueGroupId does not exist.
   * @exception    CustomRegistryException if there is any registry-specific
   *               problem
   **/
   public com.ibm.websphere.security.cred.WSCredential createCredential(
      String userSecurityName)
         throws CustomRegistryException,
                NotImplementedException,
                EntryNotFoundException {
      NotImplementedException ex =
                     new NotImplementedException("createCredential 
                     not implemented");
      throw ex;
   }

   // private methods
   private BufferedReader fileOpen(String fileName)
      throws FileNotFoundException {
      try {
         return new BufferedReader(new FileReader(fileName));
      } catch(FileNotFoundException e) {
         throw e;
      }
   }

   private void fileClose(BufferedReader in) {
      try {
         if (in != null) in.close();
      } catch(Exception e) {
         System.out.println("Error closing file" + e);
      }
   }

   private boolean match(String name, String pattern) {
      RegExpSample regexp = new RegExpSample(pattern);
      boolean matches = false;
      if(regexp.match(name))
          matches = true;
      return matches;
   }
}

//----------------------------------------------------------------------
// The program provides the Regular Expression implementation used in the
// Sample for the Custom User Registry (FileRegistrySample). The pattern 
// matching in the sample uses this program to search for the pattern (for
// users and groups).
//----------------------------------------------------------------------
class RegExpSample
{

    private boolean match(String s, int i, int j, int k)
    {
        for(; k < expr.length; k++)
label0:
            {
                Object obj = expr[k];
                if(obj == STAR)
                {
                    if(++k >= expr.length)
                        return true;
                    if(expr[k] instanceof String)
                    {
                        String s1 = (String)expr[k++];
                        int l = s1.length();
                        for(; (i = s.indexOf(s1, i)) >= 0; i++)
                            if(match(s, i + l, j, k))
                                return true;

                        return false;
                    }
                    for(; i < j; i++)
                        if(match(s, i, j, k))
                            return true;

                    return false;
                }
                if(obj == ANY)
                {
                    if(++i > j)
                        return false;
                    break label0;
                }
                if(obj instanceof char[][])
                {
                    if(i >= j)
                        return false;
                    char c = s.charAt(i++);
                    char ac[][] = (char[][])obj;
                    if(ac[0] == NOT)
                    {
                        for(int j1 = 1; j1 < ac.length; j1++)
                            if(ac[j1][0] <= c && c <= ac[j1][1])
                                return false;

                        break label0;
                    }
                    for(int k1 = 0; k1 < ac.length; k1++)
                        if(ac[k1][0] <= c && c <= ac[k1][1])
                            break label0;

                    return false;
                }
                if(obj instanceof String)
                {
                    String s2 = (String)obj;
                    int i1 = s2.length();
                    if(!s.regionMatches(i, s2, 0, i1))
                        return false;
                    i += i1;
                }
            }

        return i == j;
    }

    public boolean match(String s)
    {
        return match(s, 0, s.length(), 0);
    }

    public boolean match(String s, int i, int j)
    {
        return match(s, i, j, 0);
    }

    public RegExpSample(String s)
    {
        Vector vector = new Vector();
        int i = s.length();
        StringBuffer stringbuffer = null;
        Object obj = null;
        for(int j = 0; j < i; j++)
        {
            char c = s.charAt(j);
            switch(c)
            {
            case 63: /* '?' */
                obj = ANY;
                break;

            case 42: /* '*' */
                obj = STAR;
                break;

            case 91: /* '[' */
                int k = ++j;
                Vector vector1 = new Vector();
                for(; j < i; j++)
                {
                    c = s.charAt(j);
                    if(j == k && c == '^')
                    {
                        vector1.addElement(NOT);
                        continue;
                    }
                    if(c == '\\')
                    {
                        if(j + 1 < i)
                            c = s.charAt(++j);
                    }
                    else
                    if(c == ']')
                        break;
                    char c1 = c;
                    if(j + 2 < i && s.charAt(j + 1) == '-')
                        c1 = s.charAt(j += 2);
                    char ac1[] = {
                        c, c1
                    };
                    vector1.addElement(ac1);
                }

                char ac[][] = new char[vector1.size()][];
                vector1.copyInto(ac);
                obj = ac;
                break;

            case 92: /* '\\' */
                if(j + 1 < i)
                    c = s.charAt(++j);
                break;

            }
            if(obj != null)
            {
                if(stringbuffer != null)
                {
                    vector.addElement(stringbuffer.toString());
                    stringbuffer = null;
                }
                vector.addElement(obj);
                obj = null;
            }
            else
            {
                if(stringbuffer == null)
                    stringbuffer = new StringBuffer();
                stringbuffer.append(c);
            }
        }

        if(stringbuffer != null)
            vector.addElement(stringbuffer.toString());
        expr = new Object[vector.size()];
        vector.copyInto(expr);
    }

    static final char NOT[] = new char[2];
    static final Integer ANY = new Integer(0);
    static final Integer STAR = new Integer(1);
    Object expr[];

}


Related reference
users.props file
groups.props file



Searchable topic ID:   rsecfrsjf
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/rsec_frsjf.html

Library | Support | Terms of Use | Feedback