For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.

Define security checks

Learn how to define custom security checks.

Before you begin

Ensure that the security-check class that we want to use in your definition is available in your adapter project, either as part of the source code or via an external library. See Security-checks implementation.


A security check is an instance of a security-check class, which is defined in the adapter descriptor. The defined security check can be used within a security scope to apply a specific resource-protection logic. Follow the outlined procedure to define a custom security check:


  1. Add a security-check definition: in the adapter-descriptor file (adapter.xml), add a <securityCheckDefinition> element of a security-check class that is available in your adapter project. For a detailed reference of the security-check definition element and usage guidelines, see The <securityCheckDefinition> element.
  2. To apply your changes and make your security check available for inclusion in security scopes, build your adapter and deploy it to an instance of MobileFirst Server (the server). See Working with Java adapters and Working with JavaScript adapters.


After you successfully deploy an adapter with a security-check definition to the server, this security check can be used within security scopes and scope elements of any adapter or application that are deployed or registered to the same server instance. See OAuth resource protection.

We can also see your security check and its configuration information, and make runtime configuration changes, from IBM MobileFirstâ„¢ Platform Operations Console (the console):

Note: When deploying an adapter during an active console session, you need to refresh the console page to reflect your changes.

Parent topic: Security-checks implementation