Custom user registries

A custom user registry is a user registry that you implement with the UserRegistry Java interface that is provided by the product. A custom implemented user registry can support virtually any type of user registry, such as a relational database or a flat file. The custom user registry provides considerable flexibility in adapting product security to various environments where some notion of a user registry, other than Lightweight Directory Access Protocol (LDAP) or Local Operating System (LocalOS), already exists in the operational environment.

WebSphere Application Server - Express security provides an implementation that uses various local operating system based registries (Windows, AIX, Solaris, Linux, i5/OS) and various Lightweight Directory Access Protocol (LDAP) based registries. However, there might be situations where your user and group data resides in other repositories (a database, for example) and moving this information to either the LocalOS or LDAP might not be feasible. For these situations the WebSphere Application Server - Express security provides an SPI that you can implement to interact with your current registry. The SPI is the UserRegistry interface. This interface has a set of methods that need implementing in order for the product security to interact with your registries for all security-related tasks. The LocalOS and LDAP registry implementations that are provided also implement this interface. Custom user registries are sometimes called the pluggable user registries or custom registries for short.

The UserRegistry interface is a collection of methods required to authenticate individual users (using either password or certificates) and collect information about the user (privilege attributes) for authorization purposes. It also includes methods that obtain user and group information so that they can be given access to resources. The UserRegistry interface operates on the basis of the several pieces of information. When implementing the methods in the interface, you must decide how to map the information manipulated by the UserRegistry interface to the information in your registry. The methods in the UserRegistry interface operate on the following information for users:

For a description of the methods in the UserRegistry interface that need implementing, see UserRegistry interface methods.

A simple file-based registry sample is provided. The sample is intended to familiarize you with the custom user registry feature, and should not be used in an actual production environment.

See the Code example disclaimer for legal information about this code example.