Virtual member manager enables applications to define and use more
than one repository. The application can use a specific repository, a subset
of a repository, multiple subsets of repositories, or a set of repositories.
One application can define a different set of repositories from another.
The multiple repository support in virtual member manager provides for:
- Aggregation
- allows one or more registries to be defined for WebSphere Application
Server security. Virtual member manager provides a User Registry implementation
that is aware of the configured repositories.
- provides backward compatibility for existing applications and customer
configurations with dependencies on the User Registry API and behavior.
- enables logical joining of the entries across multiple repositories when
searching and retrieving entries from the repositories. For example, when
searching for a sorted list of all people whose age is greater than twenty,
the search is conducted for all the repositories and the results are combined
and sorted before being returned to the application.
- Separation of the user population
- enables applications to define a subset of a user population to be used
for operations.
- enables applications to have overlapping definitions of user populations.
For example, two Portal applications running as virtual portals can service
overlapping sets of users, where one portal is intended just for US and Canadian
employees, and the other portal applies to all US, Canadian, and international
employees.
- Management
- enables applications to access a repository or subset of a repository
that is not part of the WebSphere Application Server or Portal security definitions.
This enables management applications to manage a repository that is not directly
consumed by WebSphere Application Server or Portal, but still needs to be
managed in a customer enterprise.
Note: Virtual member manager uses an entry mapping adapter to support multiple
repositories. If you want to manage multiple repositories without using the
entry mapping adapter you must:
- guarantee that all repositories under virtual member manager provide globally
unique, static, and never-reused identifiers.
- not use Person and PersonAccount data objects at the same
time.