You can develop a custom user repository as a user feature by implementing the
com.ibm.wsspi.security.wim.CustomRepository
interface in the Liberty server. The custom repository interface
enables support for most types of account repository.
Procedure
-
Create a class that implements the custom repository interface,
com.ibm.wsspi.security.wim.CustomRepository
.
This class provides the repository operations. For information about the interface, see the
com.ibm.websphere.appserver.spi.federatedRepository_1.0 SPI information in
Programming interfaces or in the Java documentation that is provided with the product in the
${wlp.install.dir}/dev/spi/ibm/ directory.
For an example of implementing
the interface, see Repository interface example.
-
Convert the implementation class into an OSGi service. For more information, see Declaring your services to OSGi Declarative
Services.
-
Package the custom user repository as an OSGi bundle and export the user repository service.
For more information about creating an OSGi bundle, see Creating an OSGi service
bundle.
-
Create a feature manifest file to include the OSGi bundle. For more information, see Product extension.
-
After the feature is installed into the user product extension location, add your custom
repository feature in the server.xml configuration file. Also add the
appSecurity-2.0
and federatedRegistry-1.0
features, which are
required for the custom repository.
For example:
<featureManager>
...
<feature>usr:customRepositorySample-1.0</feature>
<feature>appSecurity-2.0</feature>
<feature>federatedRegistry-1.0</feature>
</featureManager>
- Optional:
If you want to define customized attributes for users and groups, configure the attributes in a
federatedRepository
element in the server.xml file.
In the following example, the
myProp
attribute is defined for the
PersonAccount
entity, and the
myGroupProp
attribute is defined for
the
Group
entity.
<federatedRepository>
<primaryRealm name="sampleCustomRepositoryRealm">
<participatingBaseEntry name="o=ibm,c=us"/>
</primaryRealm>
<extendedProperty dataType="String" name="myProp" entityType="PersonAccount"></extendedProperty>
<extendedProperty dataType="String" name="myGroupProp" entityType="Group"></extendedProperty>
</federatedRepository>