User management run time API configuration
You can configure the user management run time API in order to retrieve authorization information from the transaction authorization provider.
About this task
The UserManagementProvider interface defines the methods for obtaining users and roles information, as shown in the following class diagram.
This interface must be implemented by a concrete user management provider class that is responsible for retrieving user and roles information in InfoSphere MDM run time. The user management provider class must be registered with InfoSphere MDM run time by providing a fully-classified class name as a value for the Configuration Management property /IBM/DWLCommonServices/UserManagement/user_management_provider_class_name.
<service id="CustomUserManagementProvider" interface="com.ibm.mdm.common.servicefactory.api.CommonServiceFactory">
<service-properties>
<entry key="common.service" value="UserManagementProvider.my.company.CustomUserManagementProvider"/>
</service-properties>
<bean class="com.ibm.mdm.common.servicefactory.CommonServiceFactoryImpl">
<argument type="java.lang.Class" value="com.ibm.mdm.usermanagement.UserManagementProvider"/>
<argument type="java.lang.Class" value="my.company.CustomUserManagementProvider" />
<argument ref="blueprintBundle"/>
</bean>
</service>
The common.service
service
property must be prefixed with UserManagementProvider
followed
by the UserManagementProvider
class name. The first
class argument must be com.ibm.mdm.usermanagement.UserManagementProvider
,
which represents the service interface. The second class argument
must be set to the new UserManagementProvider
class.The blueprint service definition along with the user management provider class must be packaged in a bundle and deployed on the server in a Composite bundle (CBA) and set as an composition unit (CU) extension of the EBA. (Operational Server EBA).
InfoSphere MDM provides a default implementation class (DefaultUserManagementProvider) to retrieve data from the default transaction authorization provider, where authorization information is stored in relational database, with the user represented by a record in USERPROFILE table and the role represented by a record in GROUPPROFILE table:
- getRolesByUser returns the vector of the role names. The role name is a string containing the value from GROUPPROFILE.group_name field.
- getUsersByRole returns the vector of the user names. The user name is a string containing the value from the USERPROFILE.user_id field.
- isValidUser determines if the user is valid, based on whether the user name is present in USERPROFILE.user_id field.
- isValidRole determines if the role is valid, based on whether the role name is present in GROUPPROFILE.group_name field.