For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.


Security checks

Learn how to create custom security checks, use the predefined MobileFirst security checks, and configure the behavior of your security checks at the adapter and application levels.


Security checks

Security checks constitute the basic server-side building block of the MobileFirst security framework. A security check is a server-side entity that implements a specific authorization logic. You protect a resource by assigning it a scope that maps to zero or more security checks. The security framework ensures that only a client that passes all of the security checks of the protecting scope is granted access to the resource. See Overview of the MobileFirst security framework. We can use security checks to authorize access both to resources hosted on MobileFirst Server and to resources on an external resource server. See OAuth resource protection.

A security check can be used to validate data from different sources, including

Custom security checks are implemented and defined within MobileFirst adapters: the developer implements a security-check class in Java™ code, and configures it in the adapter descriptor. See Security-checks implementation.

The architecture of the security framework is modular and flexible. The implementation of the security check is not inherently dependent of any specific resource or application. We can reuse the same security check to protect different resources, and use different security-check combinations for various authorization flows. For enhanced flexibility, a security-check class exposes configuration properties that can be customized at the adapter level both in the security-check definition and during run time. We can also customize the configuration logic at the application level. See Security-checks configuration.

We can create custom security checks, and use any of the predefined MobileFirst security checks. See Security-checks implementation and Predefined MobileFirst security checks..

Parent topic: MobileFirst security framework