com.ibm.websphere.security

Interface SAFRoleMapper



  • public interface SAFRoleMapper
    Map application defined role names to SAF profile names. This interface may be implemented by customers to effect the way that WebSphere for z/OS builds the SAF profile names used for authorization and to obtain a delegation user identifier for delegation.

    In order to have WebSphere instantiate and call an implementation of this interface, the security custom property com.ibm.websphere.security.SAF.RoleMapper must be set to the name of the class to instantiate.

    Please note that this interface is non-standard and is likely to be removed in future release.

    • Field Summary

      Fields 
      Modifier and Type Field and Description
      static java.lang.String CELL_NAME
      The context Map key to use to obtain the cell name.
      static java.lang.String CELL_SHORT_NAME
      The context Map key to use to obtain the cell name.
      static java.lang.String DOMAIN_NAME
      Deprecated. 
      As of WebSphere V7.0, replaced by PROFILE_PREFIX The context Map key to use to obtain the domain name.
      static java.lang.String DOMAIN_TYPE
      Deprecated. 
      As of WebSphere V7.0, replaced by PROFILE_PREFIX The context Map key to use to determine whether or not to use a prefix for SAF profile names.
      static java.lang.String PROFILE_PREFIX
      The context Map key to use to determine the SAF profile prefix
      static java.lang.String SERVER_NAME
      The context Map key to use to obtain the server name.
      static java.lang.String SERVER_SHORT_NAME
      The context Map key to use to obtain the server short name.
    • Method Summary

      Methods 
      Modifier and Type Method and Description
      java.lang.String getProfileFromRole(java.lang.String applicationName, java.lang.String role)
      Map a role name to a valid SAF profile.
      void initialize(java.util.Properties context)
      This method is called by the WebSphere security component to provide a cell and server context to the SAFRoleMapper instance.
    • Field Detail

      • SERVER_NAME

        static final java.lang.String SERVER_NAME
        The context Map key to use to obtain the server name.
        See Also:
        Constant Field Values
      • SERVER_SHORT_NAME

        static final java.lang.String SERVER_SHORT_NAME
        The context Map key to use to obtain the server short name.
        See Also:
        Constant Field Values
      • CELL_NAME

        static final java.lang.String CELL_NAME
        The context Map key to use to obtain the cell name.
        See Also:
        Constant Field Values
      • CELL_SHORT_NAME

        static final java.lang.String CELL_SHORT_NAME
        The context Map key to use to obtain the cell name.
        See Also:
        Constant Field Values
      • DOMAIN_NAME

        static final java.lang.String DOMAIN_NAME
        Deprecated. As of WebSphere V7.0, replaced by PROFILE_PREFIX The context Map key to use to obtain the domain name.
        See Also:
        Constant Field Values
      • DOMAIN_TYPE

        static final java.lang.String DOMAIN_TYPE
        Deprecated. As of WebSphere V7.0, replaced by PROFILE_PREFIX The context Map key to use to determine whether or not to use a prefix for SAF profile names.
        See Also:
        Constant Field Values
      • PROFILE_PREFIX

        static final java.lang.String PROFILE_PREFIX
        The context Map key to use to determine the SAF profile prefix
        See Also:
        Constant Field Values
    • Method Detail

      • initialize

        void initialize(java.util.Properties context)
        This method is called by the WebSphere security component to provide a cell and server context to the SAFRoleMapper instance.

        The context is an instance of a java.util.Properties object that contains the following information:

        • Server Name - Keyed by SERVER_NAME.
        • Server Short Name - Keyed by SERVER_SHORT_NAME.
        • Cell Name - Keyed by CELL_NAME.
        • Cell Short Name - Keyed by CELL_SHORT_NAME.
        • Domain Name - Keyed by DOMAIN_NAME. This property will be null if a z/OS security domain name was not configured.
        • Profile prefix - Keyed by PROFILE_PREFIX. This property will be null if a z/OS SAF profile prefix was not configured.

        The context information can be used when building the profile used for SAF authorization and delegation.

        Parameters:
        context - the server instance execution context
      • getProfileFromRole

        java.lang.String getProfileFromRole(java.lang.String applicationName,
                                          java.lang.String role)
        Map a role name to a valid SAF profile. This method is called by the security component to build a profile name in the EJBROLE SAF class that will be used for authorization and delegation decisions.
        Parameters:
        applicationName - the application name from the application deployment descriptor
        role - the application defined role name from the application deployment descriptor
        Returns:
        the mapped profile of the role
IBM WebSphere Application ServerTM
Release 8.5