For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.

Define security checks

Learn how to define custom security checks.

Before you begin

Ensure that the security-check class that we want to use in your definition is available in your adapter project, either as part of the source code or via an external library. See Security-checks implementation.

A security check is an instance of a security-check class, which is defined in the adapter descriptor. The defined security check can be used within a security scope to apply a specific resource-protection logic. Follow the outlined procedure to define a custom security check:

Procedure

1. Add a security-check definition: in the adapter-descriptor file (adapter.xml), add a <securityCheckDefinition> element of a security-check class that is available in your adapter project. For a detailed reference of the security-check definition element and usage guidelines, see The <securityCheckDefinition> element.
2. To apply your changes and make your security check available for inclusion in security scopes, build your adapter and deploy it to an instance of MobileFirst Server (the server). See Work with Java adapters and Work with JavaScript adapters.

Results

After you successfully deploy an adapter with a security-check definition to the server, this security check can be used within security scopes and scope elements of any adapter or application that are deployed or registered to the same server instance. See OAuth resource protection.

We can also see your security check and its configuration information, and make runtime configuration changes, from IBM MobileFirst™ Platform Operations Console (the console):

Note: When deploying an adapter during an active console session, you need to refresh the console page to reflect your changes.

• Select your adapter from the Adapters section of the console's navigation sidebar, and then select the adapter Configuration Files tab. In the Adapter-Descriptor XML File section, we can see the server copy of your adapter descriptor, including the <securityCheckDefinition> element that defines your custom security check and its configurable properties.
• Select the Security Checks tab for our adapter. Search for the name of your security check, as set in the name attribute of your security-check definition element (<securityCheckDefinition>). We can see a list of all the configuration properties that you exposed in the security-check definition. The properties are referenced by the value of their configured displayName attribute, or by the value of the name attribute when no display name is configured. If you set the property's description attribute in the definition, this description is also displayed.
  For each property, the value that is configured in the defaultValue attribute is shown as the current value. We can change the value to override the default value from your security-check definition. We can also restore, at any time, the original default values from your security-check definition.
  We can modify the property values on this page to customize the security-check configuration for this specific MobileFirst Server instance. See Configure runtime adapter security-check properties.
• Select an application version from the Applications section of the console's navigation sidebar (provided at least one application is registered with this instance of the server). Then select the application Security tab. If you choose to map scope elements or define a mandatory application scope, we can select your security check from among the custom security checks: see Mapping scope elements and Configure a mandatory application scope. If you choose to configure security-check properties, we can see your defined properties and their descriptions (if provided). We can also see the default property values, as set it the security-check definition or overwritten in the adapter runtime configuration. See Configure application security-check properties.

• The <securityCheckDefinition> element
  Learn how to use the <securityCheckDefinition> adapter-descriptor element to define a custom security check.

Parent topic: Security-checks implementation