89 lines
5.9 KiB
HTML
89 lines
5.9 KiB
HTML
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<html>
|
|
<head>
|
|
<META http-equiv="Content-Type" content="text/html; charset=utf-8">
|
|
<LINK rel="stylesheet" type="text/css" href="../../../rzahg/ic.css">
|
|
|
|
<title>Configure the custom user registry</title>
|
|
</head>
|
|
|
|
<BODY>
|
|
<!-- Java sync-link -->
|
|
<SCRIPT LANGUAGE="Javascript" SRC="../../../rzahg/synch.js" TYPE="text/javascript"></SCRIPT>
|
|
|
|
<h5><a name="secccur"></a>Configure the custom user registry</h5>
|
|
|
|
<p>Before you begin this task, implement and build the UserRegistry interface. For more information on the developing custom user registries, see and <a href="secdcur.htm">Develop custom user registries</a>. For a sample custom user registry code example, see <a href="seccust.htm">Custom user registries</a>.</p>
|
|
|
|
<p>The following steps are required to configure custom user registries through the administrative console:</p>
|
|
|
|
<ol>
|
|
<li><p>In the administrative console, click <strong>Security --> User Registries --> Custom</strong> in the left navigation panel.</p></li>
|
|
|
|
<li><p>Enter a valid user name in the <strong>Server User ID</strong> field.</p></li>
|
|
|
|
<li><p>Enter the password of the user in the <strong>Server User Password</strong> field.</p></li>
|
|
|
|
<li><p>Enter the full name of the location of the implementation class file in the <strong>Custom Registry Classname</strong> field. This should be a dot (.) separated file name. For the sample, this is <tt>com.ibm.websphere.security.FileRegistrySample</tt>. The file can be located in any directory in the integrated file system as long as these conditions are true:</p>
|
|
<ul>
|
|
<li>It is recommended that the directory is not located in a product directory. That is, the path name of the directory should not begin with /QIBM/ProdData.</li>
|
|
<li>The directory is specified in the ws.ext.dir property.</li>
|
|
<li>The directory is specified in the server.policy file.</li>
|
|
<li>The QEJBSVR user profile has Execute (*X) authority to the directory and Read and Execute (*RX) authority to the class file and its supporting classes. For the sample, this includes the FileRegistrySample.class and RegExpSample.class files.</li>
|
|
</ul>
|
|
|
|
<p>To specify in the ws.ext.dir property the directory that contains your custom registry implementation class file, perform these steps in the administrative console:</p>
|
|
<ol type="a">
|
|
<li>Expand <strong>Servers</strong> in the navigation menu, and click <strong>Application Servers</strong>.</li>
|
|
<li>In the Application Servers page, click the name of your server.</li>
|
|
<li>Under Additional Properties, click <strong>Process Definition</strong>.</li>
|
|
<li>Under Additional Properties, click <strong>Java Virtual Machine</strong>.</li>
|
|
<li>Under Additional Properties, click <strong>Custom Properties</strong>.</li>
|
|
<li>If the ws.ext.dirs property has already been defined, click it, append a colon (:) to the value, and add the fully-qualified path of the directory that contains your implementation class.
|
|
<p>If the ws.ext.dirs property is not listed, click <strong>New</strong>. Specify <tt>ws.ext.dirs</tt> as the name of the property, and specify the directory which contains your implementation class or JAR file.</p></li>
|
|
<li>Click <strong>OK</strong>.</li>
|
|
<li>Click <strong>Save</strong>.</li>
|
|
</ol>
|
|
|
|
<p>To add the directory to the server.policy file, edit the server.policy file that is located in the properties subdirectory of your instance. Specify the following permission:</p>
|
|
<pre> grant codeBase "file:/CustomRegistry/-" {
|
|
permission java.security.AllPermission;
|
|
};</pre>
|
|
<p>For more information about server.policy files, see <a href="seccj2se.htm">Configure the server.policy file</a>.</p></li>
|
|
|
|
<li><p>Select the <strong>Ignore Case</strong> checkbox for the authorization to perform a case-insensitive check. Enabling this option is necessary only when your registry is case insensitive and does not provide a consistent case when queried for users and groups.</p></li>
|
|
|
|
<li><p>Click <strong>Apply</strong> if you have any other additional properties to enter for the registry initialization. Otherwise click <strong>OK</strong> and complete the steps required to enable security.</p></li>
|
|
|
|
<li><p>If you need to enter additional properties to initialize your implementation, click <strong>Custom Properties</strong> at the bottom of the panel. Click <strong>New</strong>. Enter the property name and value. Click <strong>OK.</strong> Repeat this step to add other additional properties.</p>
|
|
|
|
<p>For the sample, enter the following two properties: (assuming the users.props and groups.props are in myDir directory under the product installation directory).</p>
|
|
|
|
<table border="1" cellpadding="3">
|
|
<tr>
|
|
<th>Property name</th>
|
|
<th>Property value</th>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td><tt>usersFile</tt></td>
|
|
<td><tt>${USER_INSTALL_ROOT}/myDir/users.props</tt></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td><tt>groupsFile</tt></td>
|
|
<td><tt>${USER_INSTALL_ROOT}/myDir/groups.props</tt></td>
|
|
</tr>
|
|
</table>
|
|
|
|
<p><strong>Note:</strong> The QEJBSVR user profile must have Execute (*X) authority for the directory that contains user.props and groups.props. Additionally, QEJBSVR must have Read and Execute (*RX) authority for the user.props and groups.props files.</p>
|
|
|
|
<p>The <strong>Description</strong>, <strong>Required</strong>, and <strong>Validation Expression</strong> fields are not used and can be left blank.</p></li>
|
|
|
|
<li><p>If you are enabling security for the first time, complete the remaining steps and then go to the Global Security panel. Select <tt>Custom</tt> as the <strong>Active User Registry</strong>. If security is already enabled but information on this panel is changed, make sure to go to the Global Security panel and click <strong>OK</strong> or <strong>Apply</strong> to validate your changes. If your changes are not validated, the server may not be able to start.</p></li>
|
|
</ol>
|
|
|
|
</body>
|
|
</html>
|
|
|