Express (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository > Virtual member manager > Develop with virtual member manager > Integrate virtual member manager into the application


Program prerequisites

Common methods, prerequisite steps, and other information required for programmers who are developing virtual member manager applications are described here.


Import virtual member manager packages

Before you integrate virtual member manager functions into the application, import virtual member manager packages and other related packages. The following example shows the packages that import and how to define the class. 

import java.util.Hashtable;
import java.util.List;

import com.ibm.websphere.wim.SchemaConstants;
import com.ibm.websphere.wim.Service;
import com.ibm.websphere.wim.client.LocalServiceProvider;
import com.ibm.websphere.wim.ras.WIMTraceHelper;

import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl;
import commonj.sdo.DataObject;


Get the virtual member manager service and other common methods

We can get the virtual member manager service either from the remote EJB or from the local JVM if the application is running inside WAS.

If you are calling virtual member manager by using remote EJB APIs then ensure that wim.ear is deployed. See Install virtual member manager.

The following sample base application contains locateService() methods that show how to obtain the virtual member manager service, as well as other common methods that are used in the code samples for various virtual member manager operations. Replace the variables shown in italics in the following code with the actual values that you require. 

/**
 * This is a base application which defines common methods that are
 * used by other code samples.
 **/
public class BaseApp implements SchemaConstants
{
    /**

    * Common variable declaration: update based on the environment
     **/
    static final String HOST = "localhost";       // host name of the WAS     static final String BOOTSTRAP_PORT = "2809";  // Bootstrap/RMI port number

    // Virtual member manager service used to make API calls
    static Service service = null;

    /**
     * Locates virtual member manager service using a remote EJB      * @param ejbJndiName JNDI name of the EJB.
     * Default EJB name is "ejb/com/ibm/websphere/wim/ejb/WIMServiceHome"
     **/
    public static Service locateService(String ejbJndiName)
    {
        try {
            // Remote access virtual member manager Service EJB             Hashtable environment = new Hashtable();
     
            String providerURL = "corbaloc:iiop:" + HOST + ":" + BOOTSTRAP_PORT;
            environment.put(LocalServiceProvider.PROVIDER_URL, providerURL);
            if (ejbJndiName == null) {
                ejbJndiName = "ejb/com/ibm/websphere/wim/ejb/WIMServiceHome";
            }
            environment.put(LocalServiceProvider.EJB_JNDI_NAME, ejbJndiName);
     
            service = new LocalServiceProvider(environment);
        }
        catch (Exception e) {
            e.printStackTrace();
        }
        return service;
    }

    /**
     * Locates virtual member manager service in local JVM
     **/
    public static Service locateService()
    {
        try {
            // Local access virtual member manager Service
            return new LocalServiceProvider(null);
        }
        catch (Exception e)
        {
            e.printStackTrace();
        }

        return null;
    }

    /**
     * Runs action as specified user
      *@param user user name
      *@param password password of the user
      *@param action Action to invoke after successful login of the user
      *@return Object returned by the action
     **/
    public static Object runAsUser(String user, String password, PrivilegedExceptionAction action) throws Exception
    {
        LoginContext loginContext;
        Subject subject;

        // Login using the userid and password that was passed, which has the required role
        loginContext = new LoginContext("WSLogin", new WSCallbackHandlerImpl(user, "", password));
        loginContext.login();
        subject = loginContext.getSubject();

        try {
            return WSSubject.doAs(subject, action);
        }
        catch (PrivilegedActionException excp) {
            throw (Exception) excp.getCause();
        }
    }

    public static String printDO(DataObject obj)
    {
        return WIMTraceHelper.printDataObject(obj);
    }

    /**
     * Loop through the entities in the DataObject and print its uniqueName
     * @param root input DataObject
     */
    @SuppressWarnings("unchecked")
    public static void printIdentifiers(DataObject root) throws Exception
    {
        // Get all entities in the DataObject
        List entities = root.getList(SchemaConstants.DO_ENTITIES);
        for (int i = 0; i
< entities.size(); i++) {
            DataObject ent = (DataObject) entities.get(i);
            // Get the entity Identifier
            DataObject id = ent.getDataObject(SchemaConstants.DO_IDENTIFIER);
            if (id != null) {
                String uniqueName = id.getString(SchemaConstants.PROP_UNIQUE_NAME);
                System.out.println("UniqueName is  -> " +uniqueName);
            }
            else {
                System.out.println("Missing Identifier");
            }
        }
    }
}

Set the following system property on the client JVM, if the application invokes virtual member manager APIs in local mode: 

org.eclipse.emf.ecore.EPackage.Registry.INSTANCE=com.ibm.ws.wim.util.VMMEMFGlobalDelegatorRegistry
If you do not set this system property, the default EMF implementation is in effect, which does not support multiple security domain environment, and might corrupt the EMF schema and schema violation error might occur.

Limitation: EMF schema corruption might also occur when a remote EJB client accesses EMF in a multiple domain security environment, if the EJB client is on a server process that is not WAS or is prior to WAS version 8.0. This is a limitation in multiple security domain environment because a remote EJB client process can use a maximum of one domain service at a time. If a remote EJB client tries to operate on multiple domain services simultaneously, the EMF schema registry of the client process gets corrupted and unexpected schema violation error occurs in the client application.


Call virtual member manager APIs

The code samples for various virtual member manager operations use the methods defined in the BaseApp class. See the code samples for instructions about how to make API calls.

To call virtual member manager APIs in the application code, be assigned one of the following roles:


Compiling code

Check your class path setting to ensure that it includes the correct JAR files, for compiling the code.


Run code

If the application code is running inside WAS as an application or a servlet, then Subject and other parameters for accessing virtual member manager APIs are implicitly used and are the same as that of the server or process on which the application is deployed.

If the application is running outside WAS, for example, from a WAS client, then use the following JVM arguments when running your compiled code. Replace the variables shown in italics in the following arguments with the actual values that you require. 

-Djava.security.auth.login.config=
WAS_HOME/properties/wsjaas_client.conf
-Dcom.ibm.CORBA.ConfigURL=
<WAS_HOME_URL>/properties/sas.client.props
-Dcom.ibm.SSL.ConfigURL=
<WAS_HOME_URL>/properties/ssl.client.props

Use the following arguments only when we have to override the credentials specified in the CORBA properties file: 

-Dcom.ibm.CORBA.loginSource=properties
-Dcom.ibm.CORBA.loginUserid=AdminUserId
-Dcom.ibm.CORBA.loginPassword=Admin Password

Some examples of JVM arguments with sample values are given here: 

-Djava.security.auth.login.config=C:/Progra~1/IBM/WebSphere/AppClient/properties/wsjaas_client.conf
-Dcom.ibm.CORBA.ConfigURL=file:/Progra~1/IBM/WebSphere/AppClient/properties/sas.client.props
-Dcom.ibm.SSL.ConfigURL=file:/Progra~1/IBM/WebSphere/AppClient/properties/ssl.client.props
-Dcom.ibm.CORBA.loginSource=properties
-Dcom.ibm.CORBA.loginUserid=admin
-Dcom.ibm.CORBA.loginPassword=admin

Check your class path setting to ensure that it includes the following JAR files before attempting to run the code:



Extend property schema

propertySchema and extensionPropertySchema data objects

The propertySchema data object is used to create a property type and add it to an existing virtual member manager entity type at run time. The new property is added to the wimxmlextension.xml file. However, if you also want to extend the database schema of the property extension repository, use the extensionPropertySchema data object. If you use the extensionPropertySchema data object, the new property is added to the existing entity type in wimxmlextension.xml file as well as stored in the property extension database.

For sample code that uses the propertySchema data object, see Sample code for extending the schema in an LDAP repository. For sample code that uses the extensionPropertySchema data object, see Sample code for extending the schema in the property extension repository.

Property data types

The syntax of data types supported for virtual member manager properties are listed here. See the SchemaConstants section of virtual member manager Javadoc information in the WAS information center.

  • DATA_TYPE_ANY_SIMPLE_TYPE
  • DATA_TYPE_ANY_URI
  • DATA_TYPE_BASE_64_BINARY
  • DATA_TYPE_BOOLEAN
  • DATA_TYPE_BYTE
  • DATA_TYPE_DATE
  • DATA_TYPE_DATE_TIME
  • DATA_TYPE_DOUBLE
  • DATA_TYPE_IDENTIFIER_TYPE
  • DATA_TYPE_INT
  • DATA_TYPE_LONG
  • DATA_TYPE_SHORT
  • DATA_TYPE_STRING
  • DATA_TYPE_TOKEN

Parent topic: Integrate virtual member manager into the application


+

Search Tips   |   Advanced Search