Set standalone custom registries


Use the following information to configure standalone custom registries through the admin console.

Before beginning this task, implement and build the UserRegistry interface.

See on developing standalone custom registries refer to Develop standalone custom registries.

The following steps are required to configure standalone custom registries through the admin console.

 

  1. Click...

      Security | Global security

  2. Under User account repositories, select Standalone custom registry and click Configure.

  3. Enter a valid user name in the Primary administrative user name field. This ID is the security server ID, which is only used for WAS security and is not associated with the system process that runs the server. The server calls the local operating system registry to authenticate and obtain privilege information about users by calling the native APIs in that particular registry.

  4. Enter the complete location of the dot-separated class name that implements the com.ibm.websphere.security.UserRegistry interface in the Custom registry class name field. For the sample, this file name is com.ibm.websphere.security.FileRegistrySample.

    The file exists in the WAS class path preferably in the APP_ROOT/lib/ext directory.

    This file exists in all the product processes. Thus, this file exists in the cell class path and in all of the node class paths.

    The sample provided is intended to familiarize you with this feature. Do not use this sample in an actual production environment.

  5. Add the custom registry class name to the class path.

    IBM recommends that you add the JAR file that contains the custom user registry implementation to the APP_ROOT/classes directory.

  6. Select the Ignore case for authorization option for the authorization to perform a case insensitive check. Enabling this option is necessary only when the user registry is case insensitive and does not provide a consistent case when queried for users and groups.

  7. Click Apply if we have any other additional properties to enter for the registry initialization.

  8. Enter additional properties to initialize your implementation.

    1. Click Custom properties > New.

    2. Enter the property name and value.

      For the sample, enter the following two properties. It is assumed that the users.props file and the groups.props file are in the customer_sample directory under the product installation directory. We can place these properties in any directory that you choose and reference their locations through custom properties. However, make sure that the directory has the appropriate access permissions.


      Table 1. Additional properties

      Property name Property value
      usersFile ${USER_INSTALL_ROOT}/customer_sample /users.props
      groupsFile ${USER_INSTALL_ROOT}/customer_sample /groups.props

      Samples of these two properties are available in users.props file and groups.props file.

      The Description, Required, and Validation Expression fields are not used and can remain blank.

      In an ND environment where multiple WAS processes exist, such as cell and multiple nodes in different machines, these properties are available for each process. Use the USER_INSTALL_ROOT relative name to locate any files, as this name expands to WAS installation directory. If this name is not used, verify the files exist in the same location in all the nodes.

      WAS version 4-based custom user registry is migrated to the custom user registry based on the com.ibm.websphere.security.UserRegistry interface.

    3. Click Apply.

    4. Repeat this step to add other additional properties.

  9. Click...

      Security | Global security

  10. Under User account repository, click the Available realm definitions drop-down list, select Standalone custom registry, and click Configure.

  11. Select either the Automatically generated server identity or Server identity that is stored in the repository option. If we select the Server identity that is stored in the repository option, enter the following information:

    Server user ID or admin user on a V6.0.x node

    Specify the short name of the account that is chosen in the second step.

    Server user password

    Specify the password of the account that is chosen in the second step.

  12. Click OK and complete the required steps to turn on security.

 

Results

This set of steps is required to set up the standalone custom registry and to enable security in WAS.

The security component of WAS expands a selected list of variables when enabling security. See Variable settings for more detail.

 

Next steps

  1. Complete the remaining steps, if we are enabling security.

  2. Validate the user and password. Save and synchronize in the cell environment.

  3. After security is turned on, save, stop, and start all WAS servers, including cell, nodes, and all of the appservers, for any changes to take effect. If the server comes up without any problems, the setup is correct.


Standalone custom registry settings
Standalone custom registry wizard settings
FileRegistrySample.java file
Develop the UserRegistry interface for using custom registries

 

Related tasks


Develop standalone custom registries
Migrate custom user registries
Select a registry or repository