|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Implementing this interface enables WebSphere Security to use Custom Registries. This should extend java.rmi.Remote as the registry can be in a remote process. Implementation of this interface must provide implementations for:
Method Summary | |
---|---|
java.lang.String |
checkPassword(java.lang.String userSecurityName,
java.lang.String password)
Checks the password of the user. |
WSCredential |
createCredential(java.lang.String userSecurityName)
This method is implemented internally by the WebSphere code in this release. |
java.lang.String |
getGroupDisplayName(java.lang.String groupSecurityName)
Returns the display name for the group specified by groupSecurityName. |
Result |
getGroups(java.lang.String pattern,
int limit)
Gets a list of groups that match a pattern in the registy. |
java.lang.String |
getGroupSecurityName(java.lang.String uniqueGroupId)
Returns the name for a group given its uniqueId. |
java.util.List |
getGroupsForUser(java.lang.String userSecurityName)
Returns the securityNames of all the groups that contain the user |
java.lang.String |
getRealm()
Returns the realm of the registry. |
java.lang.String |
getUniqueGroupId(java.lang.String groupSecurityName)
Returns the Unique id for a group. |
java.util.List |
getUniqueGroupIds(java.lang.String uniqueUserId)
Returns the Unique ids for all the groups that contain the UniqueId of a user. |
java.lang.String |
getUniqueUserId(java.lang.String userSecurityName)
Returns the UniqueId for a userSecurityName. |
java.lang.String |
getUserDisplayName(java.lang.String userSecurityName)
Returns the display name for the user specified by userSecurityName. |
Result |
getUsers(java.lang.String pattern,
int limit)
Gets a list of users that match a pattern in the registy. |
java.lang.String |
getUserSecurityName(java.lang.String uniqueUserId)
Returns the name for a user given its uniqueId. |
Result |
getUsersForGroup(java.lang.String groupSecurityName,
int limit)
Deprecated. This method will be deprecated in future. |
void |
initialize(java.util.Properties props)
Initializes the registry. |
boolean |
isValidGroup(java.lang.String groupSecurityName)
Determines if the groupSecurityName exists in the registry |
boolean |
isValidUser(java.lang.String userSecurityName)
Determines if the userSecurityName exists in the registry |
java.lang.String |
mapCertificate(java.security.cert.X509Certificate[] cert)
Maps a Certificate (of X509 format) to a valid user in the Registry. |
Method Detail |
public void initialize(java.util.Properties props) throws CustomRegistryException, java.rmi.RemoteException
props
- the registry-specific properties with which to
initialize the custom registryCustomRegistryException
- if there is any registry specific problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic java.lang.String checkPassword(java.lang.String userSecurityName, java.lang.String password) throws PasswordCheckFailedException, CustomRegistryException, java.rmi.RemoteException
userSecurityName
- the name of userpassword
- the password of the userCheckPasswordFailedException
- if userSecurityName/
password combination does not exist in the registryCustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic java.lang.String mapCertificate(java.security.cert.X509Certificate[] cert) throws CertificateMapNotSupportedException, CertificateMapFailedException, CustomRegistryException, java.rmi.RemoteException
cert
- the X509 certificate chainCertificateMapNotSupportedException
- if the particular
certificate is not supported.CertificateMapFailedException
- if the mapping of the
certificate fails.CustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic java.lang.String getRealm() throws CustomRegistryException, java.rmi.RemoteException
CustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic Result getUsers(java.lang.String pattern, int limit) throws CustomRegistryException, java.rmi.RemoteException
This method is called by GUI(adminConsole) and Scripting(Command Line) to make available the users in the registry for adding them (users) to roles.
pattern
- the pattern to match. (For e.g., a* will match all
userSecurityNames starting with a)limit
- the maximum number of users that should be returned.
This is very useful in situations where there are thousands of
users in the registry and getting all of them at once is not
practical. A value of 0 implies get all the users and hence
must be used with care.CustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic java.lang.String getUserDisplayName(java.lang.String userSecurityName) throws EntryNotFoundException, CustomRegistryException, java.rmi.RemoteException
This method may be called only when the user information is displayed (i.e information purposes only, for example, in GUI) and hence not used in the actual authentication or authorization purposes. If there are no display names in the registry return null or empty string.
In WAS 4.0 custom registry, if you had a display name for the user and if it was different from the security name, the display name was returned for the EJB methods getCallerPrincipal() and the servlet methods getUserPrincipal() and getRemoteUser(). In WAS 5.0 for the same methods the security name will be returned by default. This is the recommended way as the display name is not unique and might create security holes. However, for backward compatability if one needs the display name to be returned set the property WAS_UseDisplayName to true.
See the Infocenter documentation for more information.
userSecurityName
- the name of the user.EntryNotFoundException
- if userSecurityName does not exist.CustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic java.lang.String getUniqueUserId(java.lang.String userSecurityName) throws EntryNotFoundException, CustomRegistryException, java.rmi.RemoteException
userSecurityName
- the name of the user.EntryNotFoundException
- if userSecurityName does not exist.CustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic java.lang.String getUserSecurityName(java.lang.String uniqueUserId) throws EntryNotFoundException, CustomRegistryException, java.rmi.RemoteException
uniqueUserId
- the UniqueId of the user.EntryNotFoundException
- if the uniqueUserId does not exist.CustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic boolean isValidUser(java.lang.String userSecurityName) throws CustomRegistryException, java.rmi.RemoteException
userSecurityName
- the name of the userCustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic Result getGroups(java.lang.String pattern, int limit) throws CustomRegistryException, java.rmi.RemoteException
This method is called by GUI(adminConsole) and Scripting(Command Line) to make available the groups in the registry for adding them (groups) to roles.
pattern
- the pattern to match. (For e.g., a* will match all
groupSecurityNames starting with a)limit
- the maximum number of groups that should be returned.
This is very useful in situations where there are thousands of
groups in the registry and getting all of them at once is not
practical. A value of 0 implies get all the groups and hence
must be used with care.CustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic java.lang.String getGroupDisplayName(java.lang.String groupSecurityName) throws EntryNotFoundException, CustomRegistryException, java.rmi.RemoteException
This method may be called only when the group information is displayed (for example, GUI) and hence not used in the actual authentication or authorization purposes. If there are no display names in the registry return null or empty string.
groupSecurityName
- the name of the group.EntryNotFoundException
- if groupSecurityName does not exist.CustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic java.lang.String getUniqueGroupId(java.lang.String groupSecurityName) throws EntryNotFoundException, CustomRegistryException, java.rmi.RemoteException
groupSecurityName
- the name of the group.EntryNotFoundException
- if groupSecurityName does not exist.CustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic java.util.List getUniqueGroupIds(java.lang.String uniqueUserId) throws EntryNotFoundException, CustomRegistryException, java.rmi.RemoteException
Called during creation of a user's credential.
uniqueUserId
- the uniqueId of the user.EntryNotFoundException
- if uniqueUserId does not exist.CustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic java.lang.String getGroupSecurityName(java.lang.String uniqueGroupId) throws EntryNotFoundException, CustomRegistryException, java.rmi.RemoteException
uniqueGroupId
- the UniqueId of the group.EntryNotFoundException
- if the uniqueGroupId does not exist.CustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic boolean isValidGroup(java.lang.String groupSecurityName) throws CustomRegistryException, java.rmi.RemoteException
groupSecurityName
- the name of the groupCustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic java.util.List getGroupsForUser(java.lang.String userSecurityName) throws EntryNotFoundException, CustomRegistryException, java.rmi.RemoteException
This method is called by GUI(adminConsole) and Scripting(Command Line) to verify the user entered for RunAsRole mapping belongs to that role in the roles to user mapping. Initially, the check is done to see if the role contains the user. If the role does not contain the user explicitly, this method is called to get the groups that this user belongs to so that check can be made on the groups that the role contains.
userSecurityName
- the name of the userEntryNotFoundException
- if user does not exist.CustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic Result getUsersForGroup(java.lang.String groupSecurityName, int limit) throws NotImplementedException, EntryNotFoundException, CustomRegistryException, java.rmi.RemoteException
The maximum number of users returned is defined by the limit argument.
This method is being used by the WebSphere Application Server Enterprise Process Choreographer (Enterprise Edition) when staff assignments are modeled using groups.
In rare situations if you are working with a registry where getting all the users from any of your groups is not practical (for example if there are a large number of users) you can throw the NotImplementedException for that particualar group(s). Make sure that if the WAS Choreographer in installed (or if installed later) the staff assignments are not modeled using these particular groups. If there is no concern about returning the users from groups in the registry it is recommended that this method be implemented without throwing the NotImplemented exception.
groupSecurityName
- the name of the grouplimit
- the maximum number of users that should be returned.
This is very useful in situations where there are lot of
users in the registry and getting all of them at once is not
practical. A value of 0 implies get all the users and hence
must be used with care.NotImplementedException
- throw this exception in rare situations
if it is not pratical to get this information for any of the
group(s) from the registry.EntryNotFoundException
- if the group does not exist in
the registryCustomRegistryException
- if there is any registry specific
problemjava.rmi.RemoteException
- as this extends java.rmi.Remotepublic WSCredential createCredential(java.lang.String userSecurityName) throws NotImplementedException, EntryNotFoundException, CustomRegistryException, java.rmi.RemoteException
Note that since this method is not called one can also return the NotImplementedException as the previous documentation says.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: INNER | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |