Interfaces used to support JACC

 

+

Search Tips   |   Advanced Search

 

Overview

WebSphere Application Server provides interfaces similar to PolicyConfigurationFactory and PolicyConfiguration so that the information that is stored in the bindings file can be propagated to the provider during installation. The interfaces are called RoleConfigurationFactory and RoleConfiguration . The implementation of these interfaces is optional.

 

RoleConfiguration

The RoleConfiguration interface is used to propagate the authorization information to the provider. This interface is similar to the PolicyConfiguration interface found in Java Authorization Contact for Containers (JACC)

RoleConfiguration
        - com.ibm.wsspi.security.authorization.RoleConfiguration
  
/**
 * This interface is used to propagate the authorization table information
 * in the binding file during application install. Implementation of this interface is
 * optional. When a JACC provider implements this interface during an application, both
 * the policy and the authorization table information are propagated to the provider.
* If this is not implemented, only the policy information is propagated as per the JACC specification. 
 *
 * @ibm-spi
 * @ibm-support-class-A1
 */


public interface RoleConfiguration

/**
 * Add the users to the role in RoleConfiguration. 
 * The role is created, if it doesn't exist in RoleConfiguration. 
 * @param role the role name.
 * @param users the list of the user names.
 * @exception RoleConfigurationException if the users cannot be added.
 */
 public void addUsersToRole(String role, List users)
 throws RoleConfigurationException

/**
 * Remove the users to the role in RoleConfiguration. 
 * @param role the role name.
 * @param users the list of the user names.
 * @exception RoleConfigurationException if the users cannot be removed.
 */
 public void removeUsersFromRole(String role, List users)
 throws RoleConfigurationException 


/**
 * Add the groups to the role in RoleConfiguration. 
 * The role is created if it doesn't exist in RoleConfiguration. 
 * @param role the role name.
 * @param groups the list of the group names.
 * @exception RoleConfigurationException if the groups cannot be added.
 */
 public void addGroupsToRole(String role, List groups)
 throws RoleConfigurationException 

/**
 * Remove the groups to the role in RoleConfiguration. 
 * @param role the role name.
 * @param groups the list of the group names.
 * @exception RoleConfigurationException if the groups cannot be removed.
 */
 public void removeGroupsFromRole( String role, List groups)
 throws RoleConfigurationException 


/**
 * Add the everyone to the role in RoleConfiguration. 
 * The role is created if it doesn't exist in RoleConfiguration. 
 * @param role the role name.
 * @exception RoleConfigurationException if the everyone cannot be added.
 */ 
 public void addEveryoneToRole(String role)
 throws RoleConfigurationException 

/**
 * Remove the everyone to the role in RoleConfiguration. 
 * @param role the role name.
 * @exception RoleConfigurationException if the everyone cannot be removed.
 */
 public void removeEveryoneFromRole( String role)
 throws RoleConfigurationException 

/**
 * Add the all authenticated users to the role in RoleConfiguration. 
 * The role is created if it doesn't exist in RoleConfiguration. 
 * @param role the role name.
 * @exception RoleConfigurationException if the authentication users cannot 
 *  be added.
 */
 public void addAuthenticatedUsersToRole(String role)
 throws RoleConfigurationException 

/**
 * Remove the all authenticated users to the role in RoleConfiguration. 
 * @param role the role name.
 * @exception RoleConfigurationException if the authentication users cannot
 * be removed.
 */
 public void removeAuthenticatedUsersFromRole( String role)
 throws RoleConfigurationException

/**
 * This commits the changes in Roleconfiguration. 
 * @exception RoleConfigurationException if the changes cannot be 
 * committed.
 */   
 public void commit( )
 throws RoleConfigurationException 

/**
 * This deletes the RoleConfiguration from the RoleConfiguration Factory. 
 * @exception RoleConfigurationException if the RoleConfiguration cannot
 * be deleted.
 */  
 public void delete( )
 throws RoleConfigurationException 

/**
 * This returns the contextID of the RoleConfiguration.
 * @exception RoleConfigurationException if the contextID cannot be 
 * obtained.
 */  
 public String getContextID( )
 throws RoleConfigurationException 

 

RoleConfigurationFactory

The RoleConfigurationFactory interface is similar to the PolicyConfigurationFactory interface introduced by JACC, and is used to obtain RoleConfiguration objects based on the contextIDs

RoleConfigurationFactory
 - com.ibm.wsspi.security.authorization.RoleConfigurationFactory

/**
 * This interface is used to instantiate the com.ibm.wsspi.security.authorization.RoleConfiguration
 * objects based on the context identifier similar to the policy context identifier.
 * Implementation of this interface is required only if the RoleConfiguration interface is implemented. 
 *
 * @ibm-spi
 * @ibm-support-class-A1
 */

public interface RoleConfigurationFactory 
/**
 * This gets a RoleConfiguration with contextID from the
 * RoleConfigurationfactory. If the RoleConfiguration doesn't exist 
 * for the contextID in the RoleConfigurationFactory, a new 
 * RoleConfiguration with contextID is created in the
 * RoleConfigurationFactory. The contextID is similar to
 * PolicyContextID, but it doesn't contain the module name. 
 * If remove is true, the old RoleConfiguration is removed and a new 
 * RoleConfiguration is created, and returns with the contextID.
 * @return the RoleConfiguration object for this contextID
 * @param contextID the context ID of RoleConfiguration
 * @param remove true or false
 * @exception RoleConfigurationException if RoleConfiguration 
 * can't be obtained.
 **/
public abstract com.ibm.ws.security.policy.RoleConfiguration
           getRoleConfiguration(String contextID, boolean remove)
         throws RoleConfigurationException

 

InitializeJACCProvider

When implemented by the provider, this interface is called by every process where the JACC provider can be used for authorization. All additional properties that are entered during the authorization check are passed to the provider. For example, the provider can use this information to initialize their client code to communicate with their server or repository. The cleanup method is called during server shutdown to clean up the configuration.

Declaration:

public interface InitializeJACCProvider

This interface has two methods. The JACC provider can implement it, and WAS calls it to initialize the JACC provider. The name of the implementation class is obtained from the value of the initializeJACCProviderClassName system property.

This class must reside in a JAR file on the class path of each server that uses this provider.

InitializeJACCProvider
      - com.ibm.wsspi.security.authorization.InitializeJACCProvider

    /**
     * Initializes the JACC provider
      * @return 0 for success.
     * @param props the custom properties that are included for this provider will
     * pass to the implementation class.
     * @exception Exception for any problems encountered.
     **/
    public int initialize(java.util.Properties props)
    throws Exception

    /**
     * This method is for the JACC provider cleanup and will be called during a process stop.
     **/
    public void cleanup()


 

See Also

Authorization
Tivoli Access Manager integration as the JACC provider
JACC providers
JACC support

 

Related Tasks


Enable an external JACC provider
Configure a JACC provider
Propagate security policy of installed applications to a JACC provider using wsadmin script

 

See Also


Troubleshoot authorization providers