Use the following information to configure stand-alone
custom registries through the administrative console.
Before you begin
Before you begin this task, implement
and build the UserRegistry interface. For more information on developing
stand-alone custom registries refer to Developing stand-alone custom registries. The following steps are required to configure
stand-alone custom registries through the administrative console.
Procedure
- Click Security > Global security.
- Under User account repositories, select Stand-alone
custom registry and click Configure.
- Enter a valid user name in the Primary administrative user
name field. This ID is the security server ID, which is
only used for WebSphere Application Server security
and is not associated with the system process that runs the server.
The server calls the local operating system registry to authenticate
and obtain privilege information about users by calling the native
APIs in that particular registry.
- Enter the dot-separated class name that implements the
com.ibm.websphere.security.UserRegistry interface in the Custom registry
class name field. For the sample, this file name is com.ibm.websphere.security.FileRegistrySample.
Attention: The sample provided is intended
to familiarize you with this feature. Do not use this sample in an
actual production environment.
- Add your custom registry class name to the class path.
- Optional: Select the Ignore case for authorization option
for the authorization to perform a case insensitive check. Enabling
this option is necessary only when your user registry is case insensitive
and does not provide a consistent case when queried for users and
groups.
- Click Apply if you have any other additional properties
to enter for the registry initialization.
- Optional: Enter additional properties to initialize
your implementation.
- Click Custom properties > New.
- Enter the property name and value.
For
the sample, enter the following two properties. It is assumed that
the users.props file and the groups.props file
are in the customer_sample directory under the
product installation directory. You can place these properties in
any directory that you choose and reference their locations through
custom properties. However, make sure that the directory has the appropriate
access permissions.
Table 1. Additional
properties. This table lists additional custom properties
when configuring stand-alone custom registries.
Property name |
Property value |
usersFile |
${USER_INSTALL_ROOT}/customer_sample /users.props |
groupsFile |
${USER_INSTALL_ROOT}/customer_sample /groups.props |
Attention: The QEJBSVR user
profile must have Execute (*X) authority for the directory that contains
user.props and
groups.props files.
Additionally, QEJBSVR must have Read and Execute (*RX) authority for
the
user.props and
groups.props files.
Samples
of these two properties are available in users.props file and groups.props file.
The Description, Required,
and Validation Expression fields are not used and can remain
blank.
WebSphere Application Server version 4-based
custom user registry is migrated to the custom user registry based
on the com.ibm.websphere.security.UserRegistry interface.
- Click Apply.
- Repeat this step to add other additional properties.
- Click Security > Global security.
- Under User account repository, click the Available realm
definitions drop-down list, select Stand-alone custom registry,
and click Configure.
- Select either the Automatically generated server identity or Server
identity that is stored in the repository option. If
you select the Server identity that is stored in the repository option,
enter the following information:
- Server user ID or administrative user on a Version 6.0.x node
- Specify the short name of the account that is chosen in the second
step.
- Server user password
- Specify the password of the account that is chosen in the second
step.
- Click OK and complete the required steps to turn
on security.
Results
This set of steps is required to set
up the stand-alone custom registry and to enable security in WebSphere Application Server.
Note: The
security component of WebSphere Application Server expands
a selected list of variables when enabling security. See the information
about variable settings for more details.
What to do next
- Complete the remaining steps, if you are
enabling security.
- Validate the user and password. Save and synchronize in the cell
environment.
- After security is turned on, save, stop,
and start all the product servers, including cell, nodes, and all
of the application servers, for any changes to take effect. If the
server comes up without any problems, the setup is correct.