Configuring custom user registries

Use the following information to configure standalone custom registries through the administrative console.

Before you begin

Before you begin this task, implement and build the UserRegistry interface. For more information on developing custom user registries refer to Developing custom user registries. The following steps are required to configure custom user registries through the administrative console.

Procedure

  1. Click Security > Global security.
  2. Under User registries, click Custom.
  3. Enter a valid user name in the Server user ID field. This ID is the security server ID, which is only used for WebSphere Application Server security and is not associated with the system process that runs the server. The server calls the local OS user registry to authenticate and obtain privilege information about users by calling the native APIs in that particular user registry.
  4. Enter the password of the user in the Server user password field.
  5. Enter the dot-separated class name that implements the com.ibm.websphere.security.UserRegistry interface in the Custom registry class name field. For the sample, this file name is com.ibm.websphere.security.FileRegistrySample.
    Attention: The sample provided is intended to familiarize you with this feature. Do not use this sample in an actual production environment.
  6. Add your custom registry class name to the class path. It is recommended that you add the Java Archive (JAR) file that contains your custom user registry implementation to the following directory:
  7. Optional: Select the Ignore case for authorization option for the authorization to perform a case insensitive check. Enabling this option is necessary only when your user registry is case insensitive and does not provide a consistent case when queried for users and groups.
  8. Click Apply if you have any other additional properties to enter for the registry initialization.
  9. Optional: Enter additional properties to initialize your implementation.
    1. Click Custom properties > New.
    2. Enter the property name and value.

      For the sample, enter the following two properties. It is assumed that the users.props file and the groups.props file are in the customer_sample directory under the product installation directory. You can place these properties in any directory that you choose and reference their locations through custom properties. However, make sure that the directory has the appropriate access permissions.

      Property name Property value
      usersFile ${USER_INSTALL_ROOT}/customer_sample /users.props
      groupsFile ${USER_INSTALL_ROOT}/customer_sample /groups.props

      Samples of these two properties are available in users.props file and groups.props file.

      The Description, Required, and Validation Expression fields are not used and can remain blank.

      WebSphere Application Server version 4-based custom user registry is migrated to the custom user registry based on the com.ibm.websphere.security.UserRegistry interface.

    3. Click Apply.
    4. Repeat this step to add other additional properties.
  10. Click OK and complete the required steps to turn on security.

Results

This set of steps is required to set up the custom user registry and to enable security in WebSphere Application Server.

Note: The security component of WebSphere Application Server expands a selected list of variables when enabling security. See Variable settings for more detail.

What to do next

  1. Complete the remaining steps, if you are enabling security.
  2. Validate the user and password by clicking OK or Apply on the Global security panel. Save and synchronize in the cell environment.
  3. After security is turned on, save, stop, and start all the product servers, including cell, nodes, and all of the application servers, for any changes to take effect. If the server comes up without any problems, the setup is correct.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic    

Terms of Use | Feedback

Last updated: Aug 29, 2010 5:25:00 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-base-dist&topic=tsectdaman
File name: tsec_tdaman.html