Develop standalone custom registries


This development provides considerable flexibility in adapting WAS security to various environments where some notion of a user registry, other than LDAP or Local OS, already exists in the operational environment.

WAS security supports the use of standalone custom registries in addition to the local operating system registry, standalone LDAP registries, and federated repositories for authentication and authorization purposes. A standalone custom-implemented registry uses the UserRegistry Java interface as provided by WAS. A standalone custom-implemented registry can support virtually any type or notion of an accounts repository from a relational database, flat file, and so on.

Implement a standalone custom registry is a software development effort. Implement the methods defined in the com.ibm.websphere.security.UserRegistry interface to make calls to the appropriate registry to obtain user and group information. The interface defines a general set of methods for encapsulating a wide variety of registries. Configure a standalone custom registry as the selected repository when configuring WAS security on the Global security panel.

In WAS V7.0, make sure that your implementation of the standalone custom registry does not depend on any WAS components such as data sources, EJB and JNDI. We can not have this dependency because security is initialized and enabled prior to most of the other WAS components during startup. If the previous implementation used these components, make a change that eliminates the dependency. For example, if the previous implementation used data sources to connect to a database, instead use the JDBC java.sql.DriverManager interface to connect to the database.

Refer to the Migrate custom user registries for more information on migrating. If the previous implementation uses data sources to connect to a database, change the implementation to use Java database connectivity (JDBC) connections.

 

  1. Implement all the methods in the interface except for the CreateCredential method, which is implemented by WAS. FileRegistrySample.java file is provided for reference.

    The sample provided is intended to familiarize you with this feature. Do not use this sample in an actual production environment.

  2. Build the implementation. To compile the code, we need the app_server_install_root/Base/plugins/com.ibm.ws.runtime.jar and the app_server_install_root/Base/plugins/com.ibm.ws.security.crypto.jar files in the class path. For example:

    %install_root%/java/bin/javac -classpath 
    app_server_install_root/Base/plugins/com.ibm.ws.runtime.jar;
    app_server_install_root/Base/plugins/com.ibm.ws.security.crypto.jar my_implementation_file.java
    

  3. Copy the class files that are generated in the previous step to WAS class path.

    The preferred location is the %install_root%/lib/ext directory. Copy these class files to all of WAS process class paths.

  4. Follow the steps in Set standalone custom registries to configure the implementation using the admin console. This step is required to implement custom user registries.

 

Next steps

If we enable security, make sure that you complete the remaining steps:

  1. Save and synchronize the configuration and restart all of the servers.

  2. Try accessing some J2EE resources to verify that the custom registry implementation is correct.


Example: Standalone custom registries
Result.java file
UserRegistry.java files

 

Related tasks


Set standalone custom registries
Develop extensions to the WebSphere security infrastructure

 

Related


UserRegistry.java files
FileRegistrySample.java file
Standalone custom registry settings