This development provides considerable flexibility in adapting WebSphere Application Server security to various environments where some notion of a user registry, other than LDAP or Local OS, already exists in the operational environment.
WebSphere Application Server security supports the use of custom user registries in addition to Local OS and Lightweight Directory Access Protocol (LDAP) registries for authentication and authorization purposes. A custom implemented user registry uses the UserRegistry Java interface as provided by WebSphere Application Server. A custom-implemented user registry can support virtually any type or notion of an accounts repository from a relational database, flat file, and so on.
Implementing a custom user registry is a software development effort. Use the methods that are defined in the UserRegistry interface to make calls to the appropriate user registry to obtain user and group information. The interface defines a general set of methods for encapsulating a wide variety of registries. You can configure a custom user registry as the active user registry when configuring WebSphere Application Server global security.
Make sure that your implementation of the custom user registry does not depend on any WebSphere Application Server components such as data sources, EJB and Java Naming and Directory Interface (JNDI). Do not have this dependency because security is initialized and enabled prior to most of the other WebSphere Application Server components during startup. If your previous implementation used these components, make a change that eliminates the dependency. For example, if your previous implementation used data sources to connect to a database, use DriverManager to connect to the database.
Refer to the Migrating custom user registries for more information on migrating. If your previous implementation uses data sources to connect to a database, change the implementation to use Java database connectivity (JDBC) connections. However, it is recommended that you use the new interface to implement your custom registry.
Attention: The sample provided is intended to familiarize you with this feature. Do not use this sample in an actual production environment.
To compile your code, you need the app_server_install_rootBase/plugins/com.ibm.ws.runtime_6.1.0.jar and the app_server_install_rootBase/plugins/com.ibm.ws.security.crypto_6.1.0/cryptosf.jar files in your class path. For example:
%install_root%/java/bin/javac -classpath %install_root%app_server_install_rootBase/plugins/com.ibm.ws.runtime_6.1.0.jar; %install_root%app_server_install_rootBase/plugins/com.ibm.ws.security.crypto_6.1.0 /cryptosf.jar your_implementation_file.java
The preferred location is the %install_root%/lib/ext directory. Copy these class files to all of the product process class paths.
If you enable security, make sure that you complete the remaining steps:
Related reference
UserRegistry_javfiles.html
FileRegistrySample_javfile.html
Custom user registry settings