You can create a classes subdirectory in the profile in
which you can place your custom security components.
About this task
WebSphere® Application Server resides in
two main default directories:
- app_server_root
- Contains product Java archive
(JAR) files, scripts, and the master copies of the administrative
application, samples, and properties files. This directory is referred
to by the ${WAS_INSTALL_ROOT} WebSphere Application
Server variable. Do not modify files in these directories.
- profile_root
- Contains user profile data, that is a combination of unique files
and symmetric links to files in the app_server_root directories.
This directory is referred to by the ${USER_INSTALL_ROOT} WebSphere Application Server variable.
The product files are separated for the following
reasons:
- To separate the files that run the product from files that you
can modify, either by editing or through the administrative interfaces.
When you apply product fixes, the separate directory structure keeps
these fixes from overwriting user-defined data, such as modifying
properties files.
- To isolate configuration differences between profiles. For example,
each profile subdirectory can have its own copy of the Java 2 Security files, by which the profile
can have a unique Java 2 Security configuration, rather
than all profiles conforming to one product-wide configuration only.
WebSphere Application Server provides application
programming interfaces (APIs) that you can use to develop your own
security components for WebSphere Application Server.
For example, you can create custom user registries, custom trust association
interceptors, and custom login modules. For other WebSphere Application
Server platforms, place the files for your custom security component
in the app_server_root/classes directory.
For the IBM® i
platform, this action is not recommended because the files are accessible
from all server profiles, which might not be a desirable or secure
behavior. Additionally, the classes directory is granted Java 2 Security AllPermissions authority, which
might not be appropriate for your secured environment.
Therefore,
create a /classes subdirectory in the profile in which you
can place your custom security components. Additionally, the QEJBSVR
user profile must have authority to the directory. To create the classes
subdirectory and grant the necessary authorities, complete the following
steps: