Configure the custom user registry

Before you begin this task, implement and build the UserRegistry interface. For more information on the developing custom user registries, see and Develop custom user registries. For a sample custom user registry code example, see Custom user registries.

The following steps are required to configure custom user registries through the administrative console:

  1. In the administrative console, click Security --> User Registries --> Custom in the left navigation panel.

  2. Enter a valid user name in the Server User ID field.

  3. Enter the password of the user in the Server User Password field.

  4. Enter the full name of the location of the implementation class file in the Custom Registry Classname field. This should be a dot (.) separated file name. For the sample, this is com.ibm.websphere.security.FileRegistrySample. The file can be located in any directory in the integrated file system as long as these conditions are true:

    To specify in the ws.ext.dir property the directory that contains your custom registry implementation class file, perform these steps in the administrative console:

    1. Expand Servers in the navigation menu, and click Application Servers.
    2. In the Application Servers page, click the name of your server.
    3. Under Additional Properties, click Process Definition.
    4. Under Additional Properties, click Java Virtual Machine.
    5. Under Additional Properties, click Custom Properties.
    6. If the ws.ext.dirs property has already been defined, click it, append a colon (:) to the value, and add the fully-qualified path of the directory that contains your implementation class.

      If the ws.ext.dirs property is not listed, click New. Specify ws.ext.dirs as the name of the property, and specify the directory which contains your implementation class or JAR file.

    7. Click OK.
    8. Click Save.

    To add the directory to the server.policy file, edit the server.policy file that is located in the properties subdirectory of your instance. Specify the following permission:

      grant codeBase "file:/CustomRegistry/-" {
        permission java.security.AllPermission;
      };

    For more information about server.policy files, see Configure the server.policy file.

  5. Select the Ignore Case checkbox for the authorization to perform a case-insensitive check. Enabling this option is necessary only when your registry is case insensitive and does not provide a consistent case when queried for users and groups.

  6. Click Apply if you have any other additional properties to enter for the registry initialization. Otherwise click OK and complete the steps required to enable security.

  7. If you need to enter additional properties to initialize your implementation, click Custom Properties at the bottom of the panel. Click New. Enter the property name and value. Click OK. Repeat this step to add other additional properties.

    For the sample, enter the following two properties: (assuming the users.props and groups.props are in myDir directory under the product installation directory).

    Property name Property value
    usersFile ${USER_INSTALL_ROOT}/myDir/users.props
    groupsFile ${USER_INSTALL_ROOT}/myDir/groups.props

    Note: The QEJBSVR user profile must have Execute (*X) authority for the directory that contains user.props and groups.props. Additionally, QEJBSVR must have Read and Execute (*RX) authority for the user.props and groups.props files.

    The Description, Required, and Validation Expression fields are not used and can be left blank.

  8. If you are enabling security for the first time, complete the remaining steps and then go to the Global Security panel. Select Custom as the Active User Registry. If security is already enabled but information on this panel is changed, make sure to go to the Global Security panel and click OK or Apply to validate your changes. If your changes are not validated, the server may not be able to start.