ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamy_5.4.0.1/50/sec/secdcur.htm

56 lines
4.0 KiB
HTML

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
<title>Develop custom user registries</title>
</head>
<BODY>
<!-- Java sync-link -->
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
<h3><a name="secdureg"></a>Develop custom user registries</h3>
<p>WebSphere Application Server - Express security supports the use of custom registries in addition to LocalOS and LDAP registries for authentication and authorization purposes. A custom user registry is a user registry that you implement. You must implement the <a href="../program/apidocs/ae/com/ibm/websphere/security/UserRegistry.html">UserRegistry</a> <img src="api.gif" width="18" height="15" align="absbottom" alt="Go to API documentation"> interface that is provided by WebSphere Application Server - Express. A custom implemented user registry can support virtually any type of user registry, such as a relational database or a flat file. The custom user registry provides considerable flexibility in adapting WebSphere Application Server - Express security to various environments where a user registry other than LDAP or LocalOS already exists.</p>
<p>Implementing a custom user registry is a software development effort. Use the methods defined in the UserRegistry interface to make calls to the desired registry to obtain user and group information. The interface defines a very general set of methods, so it can be used to encapsulate a wide variety of registries. For more information, see <a href="secdcurm.htm">UserRegistry interface methods</a>. A custom user registry can be configured as the active user registry when configuring WebSphere Application Server - Express global security.</p>
<p><strong>Note:</strong> Make sure that your implementation of the custom registry does not depend on any WebSphere Application Server - Express components such as data sources. Do not have this dependency because security is initialized and enabled prior to most of the other WebSphere Application Server - Express components during startup. For example, if your implementation uses a data source to connect to a database, use JDBC to connect to the database instead.</p>
<p>See these code examples for a simple implementation of a custom user registry:</p>
<ul>
<li><a href="secdcurj.htm">Example: UserRegistry.java file</a></li>
<li><a href="secdcurf.htm">Example: FileRegistrySample.java file</a> (Versions 5.0 and 5.0.1)</li>
<li><a href="secdcurf2.htm">Example: FileRegistrySample.java file</a> (Version 5.0.2 and later)</li>
<li><a href="secdcurg.htm">Example: Groups.props file</a></li>
<li><a href="secdcuru.htm">Example: Users.props file</a></li>
<li><a href="secdcurr.htm">Example: Results.java file</a></li>
</ul>
<p>Perform these steps to develop a custom user registry:</p>
<ol>
<li><p>If you are not familiar with the concept of custom user registries, see <a href="seccust.htm">Custom user registries</a>. This topic explains each of the methods in the interface in detail.</p></li>
<li><p>Implement all of the methods in the interface except for the createCredential() method, which is implemented by WebSphere Application Server - Express.</p></li>
<li><p>Build your implementation.</p></li>
<li><p>To compile your code, you need the sas.jar and wssec.jar files in your classpath. For example:</p>
<pre>javac -extdirs /QIBM/ProdData/WebASE/ASE5/java/ext:/QIBM/UserData/Java400/ext:
/QIBM/ProdData/Java400/jdk13/lib/ext:/QIBM/ProdData/WebASE/ASE5/lib
-classpath /QIBM/ProdData/WebASE/ASE5/lib/sas.jar:
/QIBM/ProdData/WebASE/ASE5/lib/wssec.jar
com/ibm/websphere/security/FileRegistrySample.java</pre></li>
<li><p>Follow the steps in <a href="secccur.htm">Configure custom user registries</a> to configure your implementation using the WebSphere administrative console.</p></li>
</ol>
<p><strong>Note:</strong> As of Version 5.0.1, you can use JDBC connections to connect to the custom user registry database.</p>
</body>
</html>