InfoCenter Home >
5: Securing applications -- special topics >
5.2: Introduction to custom registries >
5.2.1: The CustomRegistry interface

5.2.1: The CustomRegistry interface

Developers can use a WebSphere interface to encapsulate registries that are otherwise unsupported. To encapsulate such registries, developers must implement the methods in the CustomRegistry interface, which is located in the Java package com.ibm.websphere.security. The source code is available from Custom-registry source code. The structure of the CustomRegistry interface is shown in Figure 1.

Figure 1. The CustomRegistry interface

package com.ibm.websphere.security;

import java.util.*;
import java.security.cert.X509Certificate;

public interface CustomRegistry
{
// General methods
public void initialize(java.util.Properties props)
throws CustomRegistryException;

public String getRealm()
throws CustomRegistryException;

// User-related methods
public boolean isValidUser(String userName)
throws CustomRegistryException;

public List getUsers()
throws CustomRegistryException;

public List getUsers(String pattern)
throws CustomRegistryException;

public String getUniqueUserId(String userName)
throws CustomRegistryException,
EntryNotFoundException;

public String getUserSecurityName(String uniqueUserId)
throws CustomRegistryException,
EntryNotFoundException;

public String getUserDisplayName(String securityName)
throws CustomRegistryException,
EntryNotFoundException;

public List getUsersForGroup(String groupName)
throws CustomRegistryException,
EntryNotFoundException;

public List getUniqueUserIds(String uniqueGroupId)
throws CustomRegistryException,
EntryNotFoundException;

// Group-related methods
public boolean isValidGroup(String groupName)
throws CustomRegistryException;

public List getGroups()
throws CustomRegistryException;

public List getGroups(String pattern)
throws CustomRegistryException;

public String getUniqueGroupId(String groupName)
throws CustomRegistryException,
EntryNotFoundException;

public String getGroupSecurityName(String uniqueGroupId)
throws CustomRegistryException,
EntryNotFoundException;

public String getGroupDisplayName(String groupName)
throws CustomRegistryException,
EntryNotFoundException;

public List getGroupsForUser(String userName)
throws CustomRegistryException,
EntryNotFoundException;

public List getUniqueGroupIds(String uniqueUserId)
throws CustomRegistryException,
EntryNotFoundException;

// Authentication methods
public String checkPassword(String userId, String password)
throws PasswordCheckFailedException,
CustomRegistryException;

public String mapCertificate(X509Certificate cert)
throws CertificateMapNotSupportedException,
CertificateMapFailedException,
CustomRegistryException;
}

The CustomRegistry interface supports authentication of individual users by password and by digital certificate. It also contains a set of methods for retrieving information about users and a set for retrieving the corresponding information about groups.

The CustomRegistry interface operates on the basis of the several pieces of information. When implementing the methods in the interface, you must decide how to map the information manipulated by the CustomRegistry interface to the information in your registry. The methods in the CustomRegistry interface operate on the following information for users:

  • User name: an identifier for a user. The CustomRegistry interface requires user names to be unique. For most registries, the user name logically maps to an identifier that is meaningful to the user; some common terms for this identifier include login name, account name, user name, and principal.
  • Unique identifier: a unique identifier for a user. The CustomRegistry interface requires this identifier to be unique. For most registries, the unique identifer logically maps to a numeric counterpart of a user name. For example, UNIX systems assign a user ID (UID) to each user name.
  • Display name: an optional string that describes a user. Display names are used by the CustomRegistry interface to provide a way to describe user names, which are typically single-word identifiers. Display names can be used to hold full names or other descriptive information. Some common terms for this kind of information in registries include annotations, full-name fields, string fields, and others. Some registries do not support this kind of information at all. The CustomRegistry implementation uses display names for informational purposes only; display names are not required to exist or be unique. Display names are shown, along with user names, in the administrative console when a search is done for users or groups. Although the display names are used only as annotations within the registry, the getRemoteUser and getUserPrincipal methods, used by servlets and JSPs, and the getCallerPrincipal method, used by enterprise beans, use the information differently; see The getUserDisplayName and getGroupDisplayName methods for more information.

The CustomRegistry interface also operates on parallel information for groups:

  • Group name: an identifier for a group.
  • Unique identifier: a unique identifier for a group.
  • Display name: an optional string that describes a group.

Go to previous article: Introduction to custom registries Go to next article: Implementing the CustomRegistry interface

 

 
Go to previous article: Introduction to custom registries Go to next article: Implementing the CustomRegistry interface