Configure custom user registries

this task, implement and build the UserRegistry interface. For more information on developing custom user registries refer to the article, Developing custom user registries. The following steps are required to configure custom user registries through the administrative console.

1. Click Security > Global security

2. Under User registries, click Custom .

3. Enter a valid user name in the Server user ID field.

4. Enter the password of the user in the Server user password field.

5. Enter the full name of the location of the implementation class file in the Custom registry class name field as a dot-separated file name. For the sample, this file name is com.ibm.websphere.security.FileRegistrySample. The file can be located in any directory in the integrated file system as long as this condition is true:
   • IBM recommends that the directory is not located in a product directory. Copy the custom trust association interceptor class files to the profile_root/classes directory. See Creating a classes subdirectory in your instance for custom classes for more information.

6. Select the Ignore case for authorization option for the authorization to perform a case insensitive check. Enabling this option is necessary only when your registry is case insensitive and does not provide a consistent case when queried for users and groups.

7. Click Apply if you have any other additional properties to enter for the registry initialization. Otherwise click OK and complete the steps required to turn on security.

8. If you need to enter additional properties to initialize your implementation, click Custom properties . Click New. Enter the property name and value. Click OK . Repeat this step to add other additional properties. For the sample, enter the following two properties. It is assumed that the users.props and the groups.props file are in the customer_sample directory under the product installation directory. You can place these properties in any directory that you chose and reference their location through Custom properties. However, make sure that the directory has the appropriate access permissions.

   Property name	Property value
   usersFile	$USER_INSTALL_ROOT/customer_sample/users.props
   groupsFile	$USER_INSTALL_ROOT/customer_sample/groups.props

   Note: The QEJBSVR user profile must have Execute (*X) authority for the directory that contains user.props and groups.props. Additionally, QEJBSVR must have Read and Execute (*RX) authority for the user.props and groups.props files.

   Samples of these two properties are available at users.props file and groups.props file.

   The Description, Required, and Validation Expression fields are not used and you can leave them blank.

   Note: In a Network Deployment environment where multiple WebSphere Application Server processes exist (cell and multiple nodes in different machines), these properties are available for each process. Use the relative name profile_root to locate any files, as this name expands to your WebSphere Application Server profile root directory. If this name is not used, ensure that the files exist in the same location in all the nodes.

ResultThis step is required to set up the custom user registry and to enable
security in WebSphere Application Server.

What to do next

1. Complete the remaining steps, if you are enabling security.

2. After security is turned on, save, stop, and start all the product servers (cell, nodes and all the application servers) for any changes in this panel to take effect.

3. If the server comes up without any problems, the setup is correct.

4. Validate the user and password by clicking OK or Apply on the Global security panel. Save, synchronize (in the cell environment), stop and restart all the product servers.

Related concepts
Custom user registries

Related tasks
Developing custom user registries
Migrating custom user registries

Related reference
UserRegistry interface methods