Developing a custom user repository for Liberty

You can develop a custom user repository as a user feature by implementing the com.ibm.wsspi.security.wim.CustomRepository interface in the Liberty server. The custom repository interface enables support for most types of account repository.

Before you begin

If you want to use the developer tools to implement the custom repository interface, configure the tools to use the SPI as described in Configuring the custom user repository SPI in the developer tools.

1. Create a class that implements the custom repository interface, com.ibm.wsspi.security.wim.CustomRepository.
   This class provides the repository operations. For information about the interface, see the com.ibm.websphere.appserver.spi.federatedRepository_1.0 SPI information in Programming interfaces or in the Java documentation that is provided with the product in the ${wlp.install.dir}/dev/spi/ibm/ directory.

   For an example of implementing the interface, see Repository interface example.

2. Convert the implementation class into an OSGi service. For more information, see Declaring your services to OSGi Declarative Services.
3. Package the custom user repository as an OSGi bundle and export the user repository service. For more information about creating an OSGi bundle, see Creating an OSGi service bundle.
4. Create a feature manifest file to include the OSGi bundle. For more information, see Product extension.
5. After the feature is installed into the user product extension location, add your custom repository feature in the server.xml configuration file. Also add the appSecurity-2.0 and federatedRegistry-1.0 features, which are required for the custom repository.
   For example:

   <featureManager>
   	...
   	<feature>usr:customRepositorySample-1.0</feature>
   	<feature>appSecurity-2.0</feature>
   	<feature>federatedRegistry-1.0</feature>
   </featureManager>
   

6. Optional: If you want to define customized attributes for users and groups, configure the attributes in a federatedRepository element in the server.xml file.
   In the following example, the myProp attribute is defined for the PersonAccount entity, and the myGroupProp attribute is defined for the Group entity.

   <federatedRepository>
      <primaryRealm name="sampleCustomRepositoryRealm">
          <participatingBaseEntry name="o=ibm,c=us"/>
      </primaryRealm>
      <extendedProperty dataType="String" name="myProp" entityType="PersonAccount"></extendedProperty>
      <extendedProperty dataType="String" name="myGroupProp" entityType="Group"></extendedProperty>
   </federatedRepository>