Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

creating custom user registry - poss doc from WASdev? #2949

Closed
lauracowen opened this issue Oct 23, 2020 · 1 comment
Closed

creating custom user registry - poss doc from WASdev? #2949

lauracowen opened this issue Oct 23, 2020 · 1 comment

Comments

@lauracowen
Copy link
Member

lauracowen commented Oct 23, 2020
edited
Loading

https://github.ibm.com/was-WASdev/WASdevnet-website/tree/master/developer.ibm.com/wasdev/docs/creating-a-custom-user-registry-as-a-liberty-user-feature

Though the more up-to-date way of doing it would be with BELLs, I think (which we never published for some reason - think the intern left and no one finished it):

<p class="wasdev-excerpt">How to create a Liberty user feature for a Custom User Registry implementation and configure it in a Liberty profile as a user registry for authentication.</p>

A custom registry is a registry that you implement using the <code>com.ibm.websphere.security.UserRegistry</code> Java interface, as provided by the product. A custom registry can support virtually any type of account repository from a relational database, flat file, and so on. For this sample, a file-based user registry is implemented by the <code>FileRegistrySample.java</code> file and users and groups are defined in the <code>users.props</code> and <code>groups.props</code> files (see the <a href="/wasdev/downloads/#asset/samples-Custom_User_Registry">Custom User Registry sample</a> to download the files).

In this sample, WebSphere Application Server Developer Tools are used to create a Liberty feature for the custom user registry implementation. An OSGi bundle is created with bundle activation and <code>FileRegistrySample.java</code> file is imported. The Activation class is modified to register it as an OSGi service and to receive configuration data. The Liberty feature is created with the OSGi bundle which can be installed into an existing Liberty profile server and used to configure a custom user registry for user applications.

<strong>Attention: The sample provided is intended to familiarize you with this feature. Do not use this sample in an actual production environment.</strong>

<h2>Procedure</h2>

<ol>
    <li>Implement the custom user registry (<code>FileRegistrySample.java</code> file). For more information, see <a href="http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&amp;product=was-nd-mp&amp;topic=tsec_users">Developing the UserRegistry interface for using custom registries</a>.</li>
    <li>Creating an OSGi bundle with Bundle Activation. This can be achieved by using Eclipse and the WDT tool. For more information, see <a href="http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&amp;product=was-libcore-mp&amp;topic=twlp_bundle_simple_activation">Developing an OSGi bundle with simple activation</a>
<ol>
    <li>Create an OSGi Bundle Project and choose to create an <code>Activator</code> class</li>
    <li>Import the <code>FileRegistrysample.java</code> file</li>
    <li>Change the <code>Activator</code> class to extend the <code>FileRegistrySample</code> class and implement <code>BundleActivator, ManagedService</code></li>
    <li>Register the services. Add processing so that user and groups files defined in the <code>server.xml</code> file are passed to the <code>FileRegistrySample.java</code> file. The Liberty profile configuration is managed by the OSGi Configuration Admin service and can be accessed according to the OSGi Configuration Admin service specification.</li>
    <li>Make sure that correct import statements are added for the bundle.</li>
</ol>
</li>
    <li>Create the Liberty Feature using the tool:
<ol>
    <li>Click on <code>New -&gt; OSGi -&gt; Liberty Feature</code></li>
    <li>Add the OSGi bundle which was created in the above step</li>
    <li>It will create a <code>subsystem.mf</code> file which is later renamed as the <code><i>feature_name</i>.mf</code> file</li>
    <li>This feature can be installed into the runtime by right clicking the feature name in the tool and choosing <code>"Install Feature"</code></li>
    <li>For more information, see <a href="http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&amp;product=was-libcore-mp&amp;topic=cwlp_prod_ext">Liberty profile: Product extension</a></li>
</ol>
</li>
    <li>Export the Liberty feature: Right-click on the feature name and export the feature as an <code>.esa</code> file</li>
    <li>Install the feature: Install the exported <code>.esa</code> file by running the command below from the <code>bin</code> directory in the Liberty profile installation:
<pre>    featureManager install sampleCustomUserRegistry-1.0.esa</pre>
This will put the feature bundle in the <code>${wlp.user.dir}/extension/lib</code> directory and the .mf file in the <code>${wlp.user.lib}/extension/lib/features</code> directory.</li>
    <li>Configure the <code>server.xml</code> file:
<ol>
    <li>After the feature is installed into the user product extension location, configure the <code>server.xml</code> file with the feature name. For example:
[code language="xml"]
<featureManager>
      <feature>usr:sampleCustomUserRegistry-1.0</feature>
    </featureManager>
[/code]</li>
    <li>Add the configuration information:
[code language="xml"]
<customUserRegistry usersFile="${server.config.dir}/resources/security/users.props" groupsFile="${server.config.dir}/resources/security/groups.props" />
[/code]</li>
    <li>Add an application which will use this custom user registry for authentication. For example,
[code language="xml"]
<application type="ear" id="SecureEJBSample" name="SecureEJBSample" location="${server.config.dir}/apps/SecureEJBSample.ear">
      <application-bnd>
        <security-role name="servletRole">
          <special-subject type="ALL_AUTHENTICATED_USERS" />
        </security-role>
        <security-role name="ejbRole">
          <user name="user1" />
        </security-role>
      </application-bnd>
    </application>
[/code]</li>
</ol>
</li>
    <li>Execute the application:
<ol>
    <li>Access the protected resource. For example:
<pre>http://localhost:9080/SecureEJBSample/sampleServlet</pre>
</li>
    <li>At the prompt, enter the valid user from custom user registry which is also mapped to a role in the application binding for authorization:
<ul>
    <li>user: user1</li>
    <li>password: user1pwd</li>
</ul>
</li>
    <li>Confirm that the servlet output is as follows:
<pre>In SecureEJBServlet, Hello Secure EJB World.</pre>
</li>
</ol>
</li>
</ol>

<h2>Files needed for the sample:</h2>

The following files are included in the <code>CustomUserRegistrySample.jar</code> file:

<ol>
    <li>The <code>sampleCustomUserRegistry-1.0_1.0.0.201306201237.esa</code> file contains the sample custom user registry source and binaries</li>
    <li>The <code>users.props</code> file contains sample users and it is in the CustomUserRegistrySample server's <code>resources/security</code> directory</li>
    <li>The <code>groups.props</code> file contains sample groups and it is in the CustomUserRegistrySample server's <code>resources/security</code> directory</li>
    <li>The <code>SecureEJBSample.ear</code> file contains sample application and source and it is in the CustomUserRegistrySample server's <code>apps</code> directory</li>
</ol>
@dmuelle
Copy link
Member

dmuelle commented Nov 6, 2020

This is covered by a different strategic alternative in #2418

@dmuelle dmuelle closed this as completed Nov 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lauracowen @dmuelle