WebSphere Application Server - Express, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Developing custom user registries

Before you begin

WebSphere Application Server security supports the use of custom user registries in addition to Local OS and Lightweight Directory Access Protocol (LDAP) registries for authentication and authorization purposes. A custom implemented user registry uses the UserRegistry Java interface as provided by WebSphere Application Server. A custom-implemented user registry can support virtually any type or notion of an accounts repository from a relational database, flat file, and so on. The custom user registry provides considerable flexibility in adapting WebSphere Application Server security to various environments where some notion of a user registry, other than LDAP or Local OS, already exists in the operational environment.

Implementing a custom user registry is a software development effort. Use the methods that are defined in the UserRegistry interface to make calls to the appropriate user registry to obtain user and group information. The interface defines a general set of methods for encapsulating a wide variety of registries. You can configure a custom user registry as the active user registry when configuring WebSphere Application Server global security.

In WebSphere Application Server Version 6.0.x, data sources are not supported for use within a custom registries. Data sources are intended for use within J2EE applications and designed to operate within the EJB and Web containers.
Note: Custom registries do not run within a container, and while data sources may function in this environment, they are untested and not guaranteed to function properly.

Make sure that your implementation of the custom registry does not depend on any WebSphere Application Server components such as data sources, EJBs, and JNDI. Do not have this dependency because security is initialized and enabled prior to most of the other WebSphere Application Server components during startup. If your previous implementation used these components, make a change that eliminates the dependency. For example, if your previous implementation used data sources to connect to a database, use DriverManager to connect to the database.

Refer to the Migrating custom user registries for more information on migrating. If your previous implementation uses data sources to connect to a database, change the implementation to use JDBC connections. However, it is recommended that you use the new interface to implement your custom registry.

Steps for this task

  1. If you are not familiar with the custom user registry concept, refer to the article, Custom user registries.
  2. Implement all the methods in the interface except for the CreateCredential method, which is implemented by WebSphere Application Server. FileRegistrySample.java file is provided for reference.
  3. Build your implementation. To compile your code, you need the %install_root%/lib/sas.jar and the %install_root%/lib/wssec.jar files in your class path. For example:
    %install_root%/java/bin/javac -classpath 
    %install_root%/lib/wssec.jar;
    %install_root%/lib/sas.jar your_implementation_file.java
  4. Copy the class files that are generated in the previous step to the product class path. The preferred location is the %install_root%/lib/ext directory. Copy these class files to all of the product process class paths.
  5. Follow the steps in Configuring custom user registries to configure your implementation using the administrative console. This step is required to implement custom user registries.

What to do next

If you enable security, make sure that you complete the remaining steps:
  1. Save and synchronize the configuration and restart all of the servers.
  2. Try accessing some Java 2 Platform, Enterprise Edition (J2EE) resources to verify that the custom registry implementation is correct.



Sub-topics
Example: Custom user registries
UserRegistry interface methods

Related concepts
Custom user registries

Related tasks
Configuring custom user registries

Related reference
UserRegistry.java files
FileRegistrySample.java file
Custom user registry settings

Task topic    

Terms of Use | Feedback

Last updated: Jun 8, 2005 12:45:23 PM EDT
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_tbucs.html

© Copyright IBM Corporation 2002, 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)