A custom user registry is a customer-implemented user registry that implements the UserRegistry Java interface, as provided by the product. A custom-implemented user registry can support virtually any type of an account repository from a relational database, flat file, and so on. The custom user registry provides considerable flexibility in adapting product security to various environments where some form of a user registry other than Lightweight Directory Access Protocol (LDAP) or Local Operating System (Local OS) already exists in the operational environment.
WebSphere Application Server security provides an implementation that uses various local operating system-based user registries and various Lightweight Directory Access Protocol (LDAP)-based user registries. However, situations can exist where your user and group data resides in other repositories or custom user registries, such as a database, and moving this information to either a Local OS or an LDAP user registry implementation might not be feasible. For these situations, WebSphere Application Server security provides a service provider interface (SPI) that you can implement to interact with your current registry.
The SPI is the UserRegistry interface. The UserRegistry interface is a collection of methods that are required to authenticate individual users using either password or certificates and to collect information about the user (privilege attributes) for authorization purposes. This interface also includes methods that obtain user and group information so that they can be given access to resources. When implementing the methods in the interface, you must decide how to map the information that is manipulated by the UserRegistry interface to the information in your user registry.
This interface has a set of methods to implement for the product security to interact with your registries for all security-related tasks. The Local OS and LDAP user registry implementations that are provided also implement this interface. Custom user registries are sometimes called the pluggable user registries or custom registries for short. Your custom user registry implementation is expected to be thread-safe.
Make sure that your implementation of the custom registry does not depend on any WebSphere Application Server components such as data sources, enterprise beans, and so on. Do not have this dependency because security is initialized and enabled prior to most of the other WebSphere Application Server components during startup. If your previous implementation used these components, make a change that eliminates the dependency.
The topic on UserRegistry interface describes each of the methods in the interface that need implementing. An explanation of each of the methods and their usage in the sample and any changes from the Version 4 interface are provided. The Related references section provides links to all other custom user registries documentation, including a file-based registry sample. The Sample provided is very simple and is intended to familiarize you with this feature. Do not use this sample in an actual production environment.
Related concepts
Lightweight Third Party Authentication
Lightweight Directory Access Protocol
Local operating system user registries
Related reference
UserRegistry interface methods
UserRegistry.java files
FileRegistrySample.java file
Custom user registry settings