Configure custom user registries

Before you begin this task, implement and build the UserRegistry interface. For more information on developing custom user registries refer to the article, Developing custom user registries. The following steps are required to configure custom user registries through the administrative console.

  1. In the administrative console, click Security > User Registries > Custom in the left navigation panel.

  2. Enter a valid user name in the Server User ID field.

  3. Enter the password of the user in the Server User Password field.

  4. Enter the full name of the location of the implementation class file in the Custom Registry Classname field a dot-separated file name. For the sample, this file name is com.ibm.websphere.security.FileRegistrySample. The file exists in the WAS class path (preferably in the $WAS_HOME/lib/ext directory). This file exists in all the product processes. So, if you are operating in a Network Deployment environment, this file exists in the cell class path and in all of the node class paths.

  5. Select the Ignore Case check box for the authorization to perform a case insensitive check. Enabling this option is necessary only when your registry is case insensitive and does not provide a consistent case when queried for users and groups.

  6. Click Apply if you have any other additional properties to enter for the registry initialization. Otherwise click OK and complete the steps required to turn on security.

  7. To enter additional properties to initialize your implementation, click Custom Properties at the bottom of the panel. Click New. Enter the property name and value. Click OK. Repeat this step to add other additional properties.For the sample, enter the following two properties: (assuming that the users.props and the groups.props file are in the myDir directory under the product installation directory).

    Property name Property value
    usersFile ${USER_INSTALL_ROOT}/myDir/users.props
    groupsFile ${USER_INSTALL_ROOT}/myDir/groups.props

    The Description, Required, and Validation Expression fields are not used and you can leave them blank.

    Note that In a Network Deployment environment where multiple WAS processes exist (cell and multiple nodes in different machines), these properties are available for each process. Use the relative name ${USER_INSTALL_ROOT} to locate any files, as this name expands to the product installation directory. If this name is not used, ensure that the files exist in the same location in all the nodes.

This step is required to set up the custom user registry and to enable security in WAS.

  1. Complete the remaining steps, if you are enabling security.

  2. After security is turned on, save, stop, and start all the product servers (cell, nodes and all the appservers) for any changes in this panel to take effect.

  3. If the server comes up without any problems, the setup is correct.

  4. Validate the user and password by clicking OK or Apply in the Global Security panel. Save, synchronize (in the cell environment), stop and start all the product servers.

 

See Also

Custom user registries
Configuring user registries
Developing custom user registries
UserRegistry.java files
FileRegistrySample.java file for WAS v5 and V5.1
FileRegistrySample.java file for WAS v5.0.2
UserRegistry interface methods
Result.java file
Custom user registry settings
users.props file
groups.props file