For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.


The <securityCheckDefinition> element

Learn how to use the <securityCheckDefinition> adapter-descriptor element to define a custom security check.


Overview

You define a security check by adding a <securityCheckDefinition> XML element within the <mfp:adapter> element of your adapter-descriptor file (adapter.xml). Each security check is an instance of a security-check class. See Defining security checks. The security-check definition can contain zero or more <property> subelements that represent configurable security-check properties. Following is a reference of the <securityCheckDefinition> element, its attributes, and subelements.


Syntax

<securityCheckDefinition name="securityCheckName" class="securityCheckClass"> [<property name="propertyName" defaultValue="defaultPropertyValue" [displayName="propertyDisplayName"] [description="propertyDescription>"]/>] [<property .../> ...] </securityCheckDefinition>


Attributes

The <securityCheckDefinition> element accepts the following mandatory attributes:

name
The name of the defined security check.
class
The type of the security check, as a full path to a security-check class implementation that is available in the same adapter as the definition (either as source code or via an external library). For example, com.my_company.package.SampleSecurityCheck for a SampleSecurityCheck class that is implemented in a com.my_company.package package.


The <property> subelement

The security-check definition can contain <property> elements for any configuration property that is supported by the security-check's class. The supported configurations are defined in the security-check configuration class (of the SecurityCheckConfiguration interface type) that is created by the security-check class. When defining your security check, we can decide which of the supported properties to expose, and override the configuration class's default property values. For supported properties that are not referenced in the security-check definition, the security check relies on the default configuration-class values.
The properties that you expose in the security-check definition can be further customized, at run time, both at the adapter level and at the application level.

<property> attributes
The <property> subelement of the <securityCheckDefinition> element accepts the following attributes:

Mandatory attributes

name
The name of a security-check configuration property that is supported by the class of the security-check definition (via its security-check configuration class).
defaultValue
The default value to use for this property. This value overrides the default value set in the related security-check configuration class.

Optional attributes

displayName
The display name to use for this property. MobileFirst Operations Console uses the display name when referencing the property. The default display name is the value of the name attribute.
description
A textual description of the property and its purpose. When provided, MobileFirst Operations Console displays the description as a hint for fields that contain the property's value.

Note: For the purposes of using the console, you do not need to include the default property value in the description string. The console displays the default-value information based on the value of the defaultValue attribute.


Example

The following example defines a UserAuthenticationSC security check of a custom MyUserAuthenticationSecurityCheck security-check class, which is implemented in the com.my_company.package Java™ package.
The custom security-check class extends the sample MobileFirst abstract UserAuthenticationSecurityCheck base class, and creates a custom MyUserAuthenticationSecurityCheckConfiguration class that extends the sample UserAuthenticationSecurityCheckConfig class. The custom security check inherits all the configuration properties of the extended sample class and its ancestor classes (CredentialsValidationSecurityCheckConfig and ExternalizableSecurityCheckConfig): inactivityTimeoutSec (default value = 0), maxAttempts (default value = 1), attemptingStateExpirationSec (default value = 120), successStateExpirationSec (default value = 3,600), failureStateExpirationSec (default value = 0), rememberMeDurationSec (default value = 0).In addition, the custom configuration class defines a pinCode property (default value = 1234).
The custom security-check definition exposes only the pinCode, maxAttempts, attemptingStateExpirationSec, and failureStateExpirationSec properties. Of these properties, it customizes the default values of the pinCode, maxAttempts, and failureStateExpirationSec properties, changing them to 9876, 3, and 180.

<securityCheckDefinition name="UserAuthenticationSC" class="com.my_company.package.MyUserAuthenticationSecurityCheck"> <property name="pinCode" displayName="Pin Code" defaultValue="9876" description="A four-digit pin code"/> <property name="maxAttempts" displayName="Maximum attempts" defaultValue="3" description="Maximum allowed user-authentication attempts"/> <property name="attemptingStateExpirationSec" displayName="Expiration Period, Attempting State (seconds)" defaultValue="120" description="Expiration period for an attepmpting security-check state, in seconds"/> <property name="failureStateExpirationSec" displayName="Expiration Period, Failed State (seconds)" defaultValue="180" description="Expiration period for a failed security-check state, in seconds"/> </securityCheckDefinition>

Parent topic: Defining security checks