开发安全应用程序(七)--开发定制用户注册表
来源:互联网 发布:java常用项目管理工具 编辑:程序博客网 时间:2024/06/04 18:39
开发定制用户注册表
除 LocalOS 和 LDAP 注册表之外,WebSphere Application Server 安全性还支持使用定制注册表来执行认证和授权。定制用户注册表是客户实现的用户注册表。您必须实现 WebSphere Application Server 提供的 UserRegistry 接口。客户实现的用户注册表能够实质地支持来自关系数据库或平面文件(以及其它文件)的任何类型或任何概念的帐户资源库。在使 WebSphere Application Server 安全性能够适应各种环境(在这些操作环境中,存在除 LDAP 或 LocalOS 之外的一些用户注册表概念)方面,定制用户注册表提供了相当大的灵活性。
实现定制用户注册表是一项软件开发工作。使用 UserRegistry 接口中定义的方法来调用期望的注册表以便获取用户和组信息。此接口定义了一组非常通用的方法,因此它可以用来对各种各样的注册表进行封装。有关更多信息, 参见UserRegistry 接口方法。在配置 WebSphere Application Server 全局安全性时,可以将定制用户注册表配置为活动用户注册表。
参见下列代码示例以获取定制用户注册表的简单实现:
示例:UserRegistry.java 文件
示例:FileRegistrySample.java 文件
示例:Groups.props 文件
示例:Users.props 文件
示例:Results.java 文件
为了向下兼容,还支持 WebSphere Application Server V4.0 定制注册表。有关迁移的更多信息,请参考迁移定制用户注册表主题。但是,建议使用新接口来实现定制注册表。
注 意:如果定制注册表实现使用数据源来连接至数据库,则在 Network Deployment 环境中,需要将定制注册表属性中的 WAS_UseDataSource 属性设置为 true。因为节点代理程序进程不包含数据源,所以这样做是必须的。相反,节点代理程序使用来自单元进程的远程注册表。在这种情况下,如果单元进程由于任 何原因而关闭,则重新启动单元进程后应重新启动节点代理程序进程。
执行下列步骤来开发定制用户注册表:
如果您不熟悉定制用户注册表的概念,参见定制用户注册表。本主题详细说明接口中的每个方法以及 4.0 发行版以来对这些方法所作的更改。
实现接口中除 createCredential() 方法(此方法由 WebSphere Application Server 实现)之外的所有方法。
构建实现。
要编译代码,类路径中需要有 sas.jar 和 wssec.jar 文件。例如:
javac -extdirs /QIBM/ProdData/WebAS5/base/java/ext:/QIBM/UserData/Java400/ext:
/QIBM/ProdData/Java400/jdk13/lib/ext:/QIBM/ProdData/WebAS5/Base/lib
-classpath /QIBM/ProdData/WebAS5/Base/lib/sas.jar:
/QIBM/ProdData/WebAS5/lib/wssec.jar
com/ibm/websphere/security/FileRegistrySample.java
通过使用管理控制台,遵循配置定制用户注册表中的步骤来配置实现。
注意:如果定制注册表使用数据源,则需要将 WAS_UseDataSource 属性设置为 true。
// 5639-D57, 5630-A36, 5630-A37, 5724-D18
// (C) COPYRIGHT International Business Machines Corp. 1997, 2002
// All Rights Reserved * Licensed Materials - Property of IBM
//
// DESCRIPTION:
//
// This module is used by User Registries in WebSphere when calling the
// getUsers and getGroups method. The user registries should use this
// to set the list of users/groups and to indicate if there are more
// users/groups in the registry than requested
//
package com.ibm.websphere.security;
import java.util.List;
/**
This module is used by User Registries in WebSphere when calling the
getUsers and getGroups method. The user registries should use this
to set the list of users/groups and to indicate if there are more
users/groups in the registry than requested
*/
public class Result implements java.io.Serializable {
/**
Default constructor
*/
public Result() {
}
/**
Returns the list of users/groups
@return the list of users/groups
*/
public List getList() {
return list;
}
/**
indicates if there are more users/groups in the registry
*/
public boolean hasMore() {
return more;
}
/**
Set the flag to indicate that there are more users/groups
in the registry to true
*/
public void setHasMore() {
more = true;
}
/*
Set the list of user/groups
@param list list of users/groups
*/
public void setList(List list) {
this.list = list;
}
private boolean more = false;
private List list;
}
除 LocalOS 和 LDAP 注册表之外,WebSphere Application Server 安全性还支持使用定制注册表来执行认证和授权。定制用户注册表是客户实现的用户注册表。您必须实现 WebSphere Application Server 提供的 UserRegistry 接口。客户实现的用户注册表能够实质地支持来自关系数据库或平面文件(以及其它文件)的任何类型或任何概念的帐户资源库。在使 WebSphere Application Server 安全性能够适应各种环境(在这些操作环境中,存在除 LDAP 或 LocalOS 之外的一些用户注册表概念)方面,定制用户注册表提供了相当大的灵活性。
实现定制用户注册表是一项软件开发工作。使用 UserRegistry 接口中定义的方法来调用期望的注册表以便获取用户和组信息。此接口定义了一组非常通用的方法,因此它可以用来对各种各样的注册表进行封装。有关更多信息, 参见UserRegistry 接口方法。在配置 WebSphere Application Server 全局安全性时,可以将定制用户注册表配置为活动用户注册表。
参见下列代码示例以获取定制用户注册表的简单实现:
示例:UserRegistry.java 文件
示例:FileRegistrySample.java 文件
示例:Groups.props 文件
示例:Users.props 文件
示例:Results.java 文件
为了向下兼容,还支持 WebSphere Application Server V4.0 定制注册表。有关迁移的更多信息,请参考迁移定制用户注册表主题。但是,建议使用新接口来实现定制注册表。
注 意:如果定制注册表实现使用数据源来连接至数据库,则在 Network Deployment 环境中,需要将定制注册表属性中的 WAS_UseDataSource 属性设置为 true。因为节点代理程序进程不包含数据源,所以这样做是必须的。相反,节点代理程序使用来自单元进程的远程注册表。在这种情况下,如果单元进程由于任 何原因而关闭,则重新启动单元进程后应重新启动节点代理程序进程。
执行下列步骤来开发定制用户注册表:
如果您不熟悉定制用户注册表的概念,参见定制用户注册表。本主题详细说明接口中的每个方法以及 4.0 发行版以来对这些方法所作的更改。
实现接口中除 createCredential() 方法(此方法由 WebSphere Application Server 实现)之外的所有方法。
构建实现。
要编译代码,类路径中需要有 sas.jar 和 wssec.jar 文件。例如:
javac -extdirs /QIBM/ProdData/WebAS5/base/java/ext:/QIBM/UserData/Java400/ext:
/QIBM/ProdData/Java400/jdk13/lib/ext:/QIBM/ProdData/WebAS5/Base/lib
-classpath /QIBM/ProdData/WebAS5/Base/lib/sas.jar:
/QIBM/ProdData/WebAS5/lib/wssec.jar
com/ibm/websphere/security/FileRegistrySample.java
通过使用管理控制台,遵循配置定制用户注册表中的步骤来配置实现。
注意:如果定制注册表使用数据源,则需要将 WAS_UseDataSource 属性设置为 true。
Copy code
示例:UserRegistry.java 文件
// 5639-D57, 5630-A36, 5630-A37, 5724-D18
// (C) COPYRIGHT International Business Machines Corp. 1997, 2002
// All Rights Reserved * Licensed Materials - Property of IBM
//
// DESCRIPTION:
//
// This is the UserRegistry interface that Custom Registries in WebSphere
// should implement to enable WebSphere Security to use the Custom Registry.
//
package com.ibm.websphere.security;
import java.util.*;
import java.rmi.*;
import java.security.cert.X509Certificate;
import com.ibm.websphere.security.cred.WSCredential;
/**
* Implementing this interface enables WebSphere Security to use Custom
* Registries. This should extend java.rmi.Remote as the registry can be in
* a remote process.
*
* Implementation of this interface must provide implementations for:
*
* -- initialize(java.util.Properties)
* -- checkPassword(String,String)
* -- mapCertificate(X509Certificate[])
* -- getRealm
* -- getUsers(String,int)
* -- getUserDisplayName(String)
* -- getUniqueUserId(String)
* -- getUserSecurityName(String)
* -- isValidUser(String)
* -- getGroups(String,int)
* -- getGroupDisplayName(String)
* -- getUniqueGroupId(String)
* -- getUniqueGroupIds(String)
* -- getGroupSecurityName(String)
* -- isValidGroup(String)
* -- getGroupsForUser(String)
* -- getUsersForGroup(String,int)
* -- createCredential(String)
**/
public interface UserRegistry extends java.rmi.Remote
{
/**
* Initializes the registry. This method is called when creating the
* registry.
*
* @param props the registry-specific properties with which to
* initialize the custom registry
* @exception CustomRegistryException
* if there is any registry specific problem
* @exception RemoteException
* as this extends java.rmi.Remote
**/
public void initialize(java.util.Properties props)
throws CustomRegistryException,
RemoteException;
/**
* Checks the password of the user. This method is called to authenticate a
* user when the user's name and password are given.
*
* @param userSecurityName the name of user
* @param password the password of the user
* @return a valid userSecurityName. Normally this is
* the name of same user whose password was checked but if the
* implementation wants to return any other valid
* userSecurityName in the registry it can do so
* @exception CheckPasswordFailedException if userSecurityName/
* password combination does not exist in the registry
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public String checkPassword(String userSecurityName, String password)
throws PasswordCheckFailedException,
CustomRegistryException,
RemoteException;
/**
* Maps a Certificate (of X509 format) to a valid user in the Registry.
* This is used to map the name in the certificate supplied by a browser
* to a valid userSecurityName in the registry
*
* @param cert the X509 certificate chain
* @return the mapped name of the user userSecurityName
* @exception CertificateMapNotSupportedException if the particular
* certificate is not supported.
* @exception CertificateMapFailedException if the mapping of the
* certificate fails.
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public String mapCertificate(X509Certificate[] cert)
throws CertificateMapNotSupportedException,
CertificateMapFailedException,
CustomRegistryException,
RemoteException;
/**
* Returns the realm of the registry.
*
* @return the realm. The realm is a registry-specific string indicating
* the realm or domain for which this registry
* applies. For example, for OS400 or AIX this would be the
* host name of the system whose user registry this object
* represents.
* If null is returned by this method realm defaults to the
* value of "customRealm".
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public String getRealm()
throws CustomRegistryException,
RemoteException;
/**
* Gets a list of users that match a pattern in the registy.
* The maximum number of users returned is defined by the limit
* argument.
* This method is called by GUI(adminConsole) and Scripting(Command Line) to
* make available the users in the registry for adding them (users) to roles.
*
* @param pattern the pattern to match. (For e.g., a* will match all
* userSecurityNames starting with a)
* @param limit the maximum number of users that should be returned.
* This is very useful in situations where there are thousands of
* users in the registry and getting all of them at once is not
* practical. A value of 0 implies get all the users and hence
* must be used with care.
* @return a Result object that contains the list of users
* requested and a flag to indicate if more users exist.
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public Result getUsers(String pattern, int limit)
throws CustomRegistryException,
RemoteException;
/**
* Returns the display name for the user specified by userSecurityName.
*
* This method may be called only when the user information is displayed
* (i.e information purposes only, for example, in GUI) and hence not used
* in the actual authentication or authorization purposes. If there are no
* display names in the registry return null or empty string.
*
* In WAS 4.0 custom registry, if you had a display name for the user and
* if it was different from the security name, the display name was
* returned for the EJB methods getCallerPrincipal() and the servlet methods
* getUserPrincipal() and getRemoteUser().
* In WAS 5.0 for the same methods the security name will be returned by
* default. This is the recommended way as the display name is not unique
* and might create security holes.
* However, for backward compatability if one needs the display name to
* be returned set the property WAS_UseDisplayName to true.
*
* See the Infocenter documentation for more information.
*
* @param userSecurityName the name of the user.
* @return the display name for the user. The display name
* is a registry-specific string that represents a descriptive, not
* necessarily unique, name for a user. If a display name does
* not exist return null or empty string.
* @exception EntryNotFoundException if userSecurityName does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public String getUserDisplayName(String userSecurityName)
throws EntryNotFoundException,
CustomRegistryException,
RemoteException;
/**
* Returns the UniqueId for a userSecurityName. This method is called when
* creating a credential for a user.
*
* @param userSecurityName the name of the user.
* @return the UniqueId of the user. The UniqueId for an user is
* the stringified form of some unique, registry-specific, data
* that serves to represent the user. For example, for the UNIX
* user registry, the UniqueId for a user can be the UID.
* @exception EntryNotFoundException if userSecurityName does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public String getUniqueUserId(String userSecurityName)
throws EntryNotFoundException,
CustomRegistryException,
RemoteException;
/**
* Returns the name for a user given its uniqueId.
*
* @param uniqueUserId the UniqueId of the user.
* @return the userSecurityName of the user.
* @exception EntryNotFoundException if the uniqueUserId does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public String getUserSecurityName(String uniqueUserId)
throws EntryNotFoundException,
CustomRegistryException,
RemoteException;
/**
* Determines if the userSecurityName exists in the registry
*
* @param userSecurityName the name of the user
* @return true if the user is valid. false otherwise
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public boolean isValidUser(String userSecurityName)
throws CustomRegistryException,
RemoteException;
/**
* Gets a list of groups that match a pattern in the registy.
* The maximum number of groups returned is defined by the limit
* argument.
* This method is called by GUI(adminConsole) and Scripting(Command Line) to
* make available the groups in the registry for adding them (groups) to
* roles.
*
* @param pattern the pattern to match. (For e.g., a* will match all
* groupSecurityNames starting with a)
* @param limit the maximum number of groups that should be returned.
* This is very useful in situations where there are thousands of
* groups in the registry and getting all of them at once is not
* practical. A value of 0 implies get all the groups and hence
* must be used with care.
* @return a Result object that contains the list of groups
* requested and a flag to indicate if more groups exist.
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public Result getGroups(String pattern, int limit)
throws CustomRegistryException,
RemoteException;
/**
* Returns the display name for the group specified by groupSecurityName.
*
* This method may be called only when the group information is displayed
* (for example, GUI) and hence not used in the actual authentication or
* authorization purposes. If there are no display names in the registry
* return null or empty string.
*
* @param groupSecurityName the name of the group.
* @return the display name for the group. The display name
* is a registry-specific string that represents a descriptive, not
* necessarily unique, name for a group. If a display name does
* not exist return null or empty string.
* @exception EntryNotFoundException if groupSecurityName does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public String getGroupDisplayName(String groupSecurityName)
throws EntryNotFoundException,
CustomRegistryException,
RemoteException;
/**
* Returns the Unique id for a group.
* @param groupSecurityName the name of the group.
* @return the Unique id of the group. The Unique id for
* a group is the stringified form of some unique,
* registry-specific, data that serves to represent the group.
* For example, for the Unix user registry, the Unique id could
* be the GID.
* @exception EntryNotFoundException if groupSecurityName does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public String getUniqueGroupId(String groupSecurityName)
throws EntryNotFoundException,
CustomRegistryException,
RemoteException;
/**
* Returns the Unique ids for all the groups that contain the UniqueId of
* a user.
* Called during creation of a user's credential.
*
* @param uniqueUserId the uniqueId of the user.
* @return a List of all the group UniqueIds that the uniqueUserId
* belongs to. The Unique id for an entry is the stringified
* form of some unique, registry-specific, data that serves
* to represent the entry. For example, for the
* Unix user registry, the Unique id for a group could be the GID
* and the Unique Id for the user could be the UID.
* @exception EntryNotFoundException if uniqueUserId does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public List getUniqueGroupIds(String uniqueUserId)
throws EntryNotFoundException,
CustomRegistryException,
RemoteException;
/**
* Returns the name for a group given its uniqueId.
*
* @param uniqueGroupId the UniqueId of the group.
* @return the name of the group.
* @exception EntryNotFoundException if the uniqueGroupId does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public String getGroupSecurityName(String uniqueGroupId)
throws EntryNotFoundException,
CustomRegistryException,
RemoteException;
/**
* Determines if the groupSecurityName exists in the registry
*
* @param groupSecurityName the name of the group
* @return true if the groups exists, false otherwise
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public boolean isValidGroup(String groupSecurityName)
throws CustomRegistryException,
RemoteException;
/**
* Returns the securityNames of all the groups that contain the user
*
* This method is called by GUI(adminConsole) and Scripting(Command Line)
* to verify the user entered for RunAsRole mapping belongs to that role
* in the roles to user mapping. Initially, the check is done to see if
* the role contains the user. If the role does not contain the user
* explicitly, this method is called to get the groups that this user
* belongs to so that check can be made on the groups that the role contains.
*
* @param userSecurityName the name of the user
* @return a List of all the group securityNames that the user
* belongs to.
* @exception EntryNotFoundException if user does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public List getGroupsForUser(String userSecurityName)
throws EntryNotFoundException,
CustomRegistryException,
RemoteException;
/**
* Gets a list of users in a group.
*
* The maximum number of users returned is defined by the limit
* argument.
*
* This method is not used by WebSphere Application Server (WAS) for
* authenticating or authorization purposes. This is, however, used by some
* of the WAS clients like Workflow.
*
* If you are working with a registry where getting all the users from
* any of your groups is not practical (for example if there are a large
* number of users) you can through the NotImplementedException. Also,
* if you implement this method, you can still throw this exception if
* the limit exceeds some practical value.
* When the NotImplementedException is thrown the client program should fall
* back to some default implementation which should be documented by the
* client.
*
* @param groupSecurityName the name of the group
* @param limit the maximum number of users that should be returned.
* This is very useful in situations where there are lot of
* users in the registry and getting all of them at once is not
* practical. A value of 0 implies get all the users and hence
* must be used with care.
* @return a Result object that contains the list of users
* requested and a flag to indicate if more users exist.
* @deprecated This method will be deprecated in future.
* @exception NotImplementedException throw this exception if it is not
* pratical to get this information from your registry.
* @exception EntryNotFoundException if the group does not exist in
* the registry
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
*
**/
public Result getUsersForGroup(String groupSecurityName, int limit)
throws NotImplementedException,
EntryNotFoundException,
CustomRegistryException,
RemoteException;
/**
* Throw the NotImplementedException for this method.
*
* Create Credential for a user.
*
* This will be implemented internally by WebSphere code and should NOT be
* implemented by the Custom Registry implementations.
*
* @exception NotImplementedException Always throw this.
**/
public WSCredential createCredential(String userSecurityName)
throws NotImplementedException,
EntryNotFoundException,
CustomRegistryException,
RemoteException;
}
Copy code
示例:FileRegistrySample.java 文件
package com.ibm.websphere.security;
//
// 5639-D57, 5630-A36, 5630-A37, 5724-D18
// (C) COPYRIGHT International Business Machines Corp. 1997, 2002
// All Rights Reserved * Licensed Materials - Property of IBM
//
//----------------------------------------------------------------------
// This program may be used, executed, copied, modified and distributed
// without royalty for the purpose of developing, using, marketing, or
// distributing.
//----------------------------------------------------------------------
//
// This sample is for the Custom User Registry feature in WebSphere
//----------------------------------------------------------------------
// The main purpose of this sample is to demonstrate the use of the
// Custom Registry feature available in WebSphere. This sample is a very
// simple File based registry sample where the users and the groups information
// is listed in files (users.props and groups.props). As such simplicity and
// not the performance was a major factor behind this. This sample should be
// used only to get familiarized with this feature. An actual implementation
// of a realistic registry should consider various factors like performance,
// scalability etc.
//----------------------------------------------------------------------
import java.util.*;
import java.io.*;
import java.security.cert.X509Certificate;
import com.ibm.websphere.security.*;
public class FileRegistrySample implements UserRegistry {
private static String USERFILENAME = null;
private static String GROUPFILENAME = null;
// Default Constructor
public FileRegistrySample() throws java.rmi.RemoteException {
}
/**
* Initializes the registry. This method is called when creating the
* registry.
*
* @param props the registry-specific properties with which to
* initialize the custom registry
* @exception CustomRegistryException
* if there is any registry specific problem
**/
public void initialize(java.util.Properties props)
throws CustomRegistryException {
try {
/* try getting the USERFILENAME and the GROUPFILENAME from
* properties that are passed in (i.e from GUI).
* These values should be set in the security center GUI in the
* Special Custom Settings in the Custom User Registry section of
* the Authentication panel.
* For example:
* usersFile c:/temp/users.props
* groupsFile c:/temp/groups.props
*/
if (props != null) {
USERFILENAME = props.getProperty("usersFile");
GROUPFILENAME = props.getProperty("groupsFile");
}
} catch(Exception ex) {
throw new CustomRegistryException(ex.getMessage());
}
if (USERFILENAME == null || GROUPFILENAME == null) {
throw new CustomRegistryException("users/groups information missing");
}
}
/**
* Checks the password of the user. This method is called to authenticate a
* user when the user's name and password are given.
*
* @param userSecurityName the name of user
* @param password the password of the user
* @return a valid <code>userSecurityName. Normally this is
* the name of same user whose password was checked but if the
* implementation wants to return any other valid
* <code>userSecurityName in the registry it can do so
* @exception CheckPasswordFailedException if <code>userSecurityName/
* <code>password combination does not exist in the registry
* @exception CustomRegistryException if there is any registry specific
* problem
**/
public String checkPassword(String userSecurityName, String passwd)
throws PasswordCheckFailedException,
CustomRegistryException {
String s,userName = null;
BufferedReader in = null;
try {
in = fileOpen(USERFILENAME);
while ((s=in.readLine())!=null)
{
if (!(s.startsWith("#") || s.trim().length() <=0 )) {
int index = s.indexOf(":");
int index1 = s.indexOf(":",index+1);
// check if the userSecurityName:passwd combination exists
if ((s.substring(0,index)).equals(userSecurityName) &&
s.substring(index+1,index1).equals(passwd)) {
// Authentication successful, return the userId.
userName = userSecurityName;
break;
}
}
}
} catch(Exception ex) {
throw new CustomRegistryException(ex.getMessage());
} finally {
fileClose(in);
}
if (userName == null) {
throw new PasswordCheckFailedException(userSecurityName);
}
return userName;
}
/**
* Maps a Certificate (of X509 format) to a valid user in the Registry.
* This is used to map the name in the certificate supplied by a browser
* to a valid <code>passworduserSecurityName in the registry
*
* @param cert the X509 certificate chain
* @return the mapped name of the user <code>userSecurityName
* @exception CertificateMapNotSupportedException if the particular
* certificate is not supported.
* @exception CertificateMapFailedException if the mapping of the
* certificate fails.
* @exception CustomRegistryException if there is any registry specific
* problem
**/
public String mapCertificate(X509Certificate[] cert)
throws CertificateMapNotSupportedException,
CertificateMapFailedException,
CustomRegistryException {
String name=null;
X509Certificate cert1 = cert[0];
try {
// map the SubjectDN in the certificate to a userID.
name = cert1.getSubjectDN().getName();
} catch(Exception ex) {
throw new CertificateMapNotSupportedException(ex.getMessage());
}
if(!isValidUser(name)) {
throw new CertificateMapFailedException(name);
}
return name;
}
/**
* Returns the realm of the registry.
*
* @return the realm. The realm is a registry-specific string indicating
* the realm or domain for which this registry
* applies. For example, for OS400 or AIX this would be the
* host name of the system whose user registry this object
* represents.
* If null is returned by this method realm defaults to the
* value of "customRealm".
* @exception CustomRegistryException if there is any registry specific
* problem
**/
public String getRealm()
throws CustomRegistryException {
String name = "customRealm";
return name;
}
/**
* Gets a list of users that match a <code>pattern in the registy.
* The maximum number of users returned is defined by the <code>limit
* argument.
* This method is called by GUI(adminConsole) and Scripting(Command Line) to
* make available the users in the registry for adding them (users) to roles.
*
* @param pattern the pattern to match. (For e.g., a* will match all
* userSecurityNames starting with a)
* @param limit the maximum number of users that should be returned.
* This is very useful in situations where there are thousands of
* users in the registry and getting all of them at once is not
* practical. The default is 100. A value of 0 implies get all the
* users and hence must be used with care.
* @return a <code>Result object that contains the list of users
* requested and a flag to indicate if more users exist.
* @exception CustomRegistryException if there is any registry specific
* problem
**/
public Result getUsers(String pattern, int limit)
throws CustomRegistryException {
String s;
BufferedReader in = null;
List allUsers = new ArrayList();
Result result = new Result();
int count = 0;
int newLimit = limit+1;
try {
in = fileOpen(USERFILENAME);
while ((s=in.readLine())!=null)
{
if (!(s.startsWith("#") || s.trim().length() <=0 )) {
int index = s.indexOf(":");
String user = s.substring(0,index);
if (match(user,pattern)) {
allUsers.add(user);
if (limit !=0 && ++count == newLimit) {
allUsers.remove(user);
result.setHasMore();
break;
}
}
}
}
} catch (Exception ex) {
throw new CustomRegistryException(ex.getMessage());
} finally {
fileClose(in);
}
result.setList(allUsers);
return result;
}
/**
* Returns the display name for the user specified by userSecurityName.
*
* This method may be called only when the user information is displayed
* (i.e information purposes only, for example, in GUI) and hence not used
* in the actual authentication or authorization purposes. If there are no
* display names in the registry return null or empty string.
*
* In WAS 4.0 custom registry, if you had a display name for the user and
* if it was different from the security name, the display name was
* returned for the EJB methods getCallerPrincipal() and the servlet methods
* getUserPrincipal() and getRemoteUser().
* In WAS 5.0 for the same methods the security name will be returned by
* default. This is the recommended way as the display name is not unique
* and might create security holes.
* However, for backward compatability if one needs the display name to
* be returned set the property WAS_UseDisplayName to true.
*
* See the Infocenter documentation for more information.
*
* @param userSecurityName the name of the user.
* @return the display name for the user. The display name
* is a registry-specific string that represents a descriptive, not
* necessarily unique, name for a user. If a display name does
* not exist return null or empty string.
* @exception EntryNotFoundException if userSecurityName does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
**/
public String getUserDisplayName(String userSecurityName)
throws CustomRegistryException,
EntryNotFoundException {
String s,displayName = null;
BufferedReader in = null;
if(!isValidUser(userSecurityName)) {
EntryNotFoundException nsee = new EntryNotFoundException(userSecurityName);
throw nsee;
}
try {
in = fileOpen(USERFILENAME);
while ((s=in.readLine())!=null)
{
if (!(s.startsWith("#") || s.trim().length() <=0 )) {
int index = s.indexOf(":");
int index1 = s.lastIndexOf(":");
if ((s.substring(0,index)).equals(userSecurityName)) {
displayName = s.substring(index1+1);
break;
}
}
}
} catch(Exception ex) {
throw new CustomRegistryException(ex.getMessage());
} finally {
fileClose(in);
}
return displayName;
}
/**
* Returns the UniqueId for a userSecurityName. This method is called when
* creating a credential for a user.
*
* @param userSecurityName the name of the user.
* @return the UniqueId of the user. The UniqueId for an user is
* the stringified form of some unique, registry-specific, data
* that serves to represent the user. For example, for the UNIX
* user registry, the UniqueId for a user can be the UID.
* @exception EntryNotFoundException if userSecurityName does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
**/
public String getUniqueUserId(String userSecurityName)
throws CustomRegistryException,
EntryNotFoundException {
String s,uniqueUsrId = null;
BufferedReader in = null;
try {
in = fileOpen(USERFILENAME);
while ((s=in.readLine())!=null)
{
if (!(s.startsWith("#") || s.trim().length() <=0 )) {
int index = s.indexOf(":");
int index1 = s.indexOf(":", index+1);
if ((s.substring(0,index)).equals(userSecurityName)) {
int index2 = s.indexOf(":", index1+1);
uniqueUsrId = s.substring(index1+1,index2);
break;
}
}
}
} catch(Exception ex) {
throw new CustomRegistryException(ex.getMessage());
} finally {
fileClose(in);
}
if (uniqueUsrId == null) {
EntryNotFoundException nsee = new EntryNotFoundException(userSecurityName);
throw nsee;
}
return uniqueUsrId;
}
/**
* Returns the name for a user given its uniqueId.
*
* @param uniqueUserId the UniqueId of the user.
* @return the userSecurityName of the user.
* @exception EntryNotFoundException if the uniqueUserId does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
**/
public String getUserSecurityName(String uniqueUserId)
throws CustomRegistryException,
EntryNotFoundException {
String s,usrSecName = null;
BufferedReader in = null;
try {
in = fileOpen(USERFILENAME);
while ((s=in.readLine())!=null)
{
if (!(s.startsWith("#") || s.trim().length() <=0 )) {
int index = s.indexOf(":");
int index1 = s.indexOf(":", index+1);
int index2 = s.indexOf(":", index1+1);
if ((s.substring(index1+1,index2)).equals(uniqueUserId)) {
usrSecName = s.substring(0,index);
break;
}
}
}
} catch (Exception ex) {
throw new CustomRegistryException(ex.getMessage());
} finally {
fileClose(in);
}
if (usrSecName == null) {
EntryNotFoundException ex =
new EntryNotFoundException(uniqueUserId);
throw ex;
}
return usrSecName;
}
/**
* Determines if the <code>userSecurityName exists in the registry
*
* @param userSecurityName the name of the user
* @return true if the user is valid. false otherwise
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public boolean isValidUser(String userSecurityName)
throws CustomRegistryException {
String s;
boolean isValid = false;
BufferedReader in = null;
try {
in = fileOpen(USERFILENAME);
while ((s=in.readLine())!=null)
{
if (!(s.startsWith("#") || s.trim().length() <=0 )) {
int index = s.indexOf(":");
if ((s.substring(0,index)).equals(userSecurityName)) {
isValid=true;
break;
}
}
}
} catch (Exception ex) {
throw new CustomRegistryException(ex.getMessage());
} finally {
fileClose(in);
}
return isValid;
}
/**
* Gets a list of groups that match a <code>pattern in the registy.
* The maximum number of groups returned is defined by the <code>limit
* argument.
* This method is called by GUI(adminConsole) and Scripting(Command Line) to
* make available the groups in the registry for adding them (groups) to
* roles.
*
* @param pattern the pattern to match. (For e.g., a* will match all
* groupSecurityNames starting with a)
* @param limit the maximum number of groups that should be returned.
* This is very useful in situations where there are thousands of
* groups in the registry and getting all of them at once is not
* practical. The default is 100. A value of 0 implies get all the
* groups and hence must be used with care.
* @return a <code>Result object that contains the list of groups
* requested and a flag to indicate if more groups exist.
* @exception CustomRegistryException if there is any registry specific
* problem
**/
public Result getGroups(String pattern, int limit)
throws CustomRegistryException {
String s;
BufferedReader in = null;
List allGroups = new ArrayList();
Result result = new Result();
int count = 0;
int newLimit = limit+1;
try {
in = fileOpen(GROUPFILENAME);
while ((s=in.readLine())!=null)
{
if (!(s.startsWith("#") || s.trim().length() <=0 )) {
int index = s.indexOf(":");
String group = s.substring(0,index);
if (match(group,pattern)) {
allGroups.add(group);
if (limit !=0 && ++count == newLimit) {
allGroups.remove(group);
result.setHasMore();
break;
}
}
}
}
} catch (Exception ex) {
throw new CustomRegistryException(ex.getMessage());
} finally {
fileClose(in);
}
result.setList(allGroups);
return result;
}
/**
* Returns the display name for the group specified by groupSecurityName.
* For this version of WebSphere the only usage of this method is by the
* clients (GUI and Scripting) to present a descriptive name of the user
* if it exists.
*
* @param groupSecurityName the name of the group.
* @return the display name for the group. The display name
* is a registry-specific string that represents a descriptive, not
* necessarily unique, name for a group. If a display name does
* not exist return null or empty string.
* @exception EntryNotFoundException if groupSecurityName does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
**/
public String getGroupDisplayName(String groupSecurityName)
throws CustomRegistryException,
EntryNotFoundException {
String s,displayName = null;
BufferedReader in = null;
if(!isValidGroup(groupSecurityName)) {
EntryNotFoundException nsee = new EntryNotFoundException(groupSecurityName);
throw nsee;
}
try {
in = fileOpen(GROUPFILENAME);
while ((s=in.readLine())!=null)
{
if (!(s.startsWith("#") || s.trim().length() <=0 )) {
int index = s.indexOf(":");
int index1 = s.lastIndexOf(":");
if ((s.substring(0,index)).equals(groupSecurityName)) {
displayName = s.substring(index1+1);
break;
}
}
}
} catch(Exception ex) {
throw new CustomRegistryException(ex.getMessage());
} finally {
fileClose(in);
}
return displayName;
}
/**
* Returns the Unique id for a group.
* @param groupSecurityName the name of the group.
* @return the Unique id of the group. The Unique id for
* a group is the stringified form of some unique,
* registry-specific, data that serves to represent the group.
* For example, for the Unix user registry, the Unique id could
* be the GID.
* @exception EntryNotFoundException if groupSecurityName does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public String getUniqueGroupId(String groupSecurityName)
throws CustomRegistryException,
EntryNotFoundException {
String s,uniqueGrpId = null;
BufferedReader in = null;
try {
in = fileOpen(GROUPFILENAME);
while ((s=in.readLine())!=null)
{
if (!(s.startsWith("#") || s.trim().length() <=0 )) {
int index = s.indexOf(":");
int index1 = s.indexOf(":", index+1);
if ((s.substring(0,index)).equals(groupSecurityName)) {
uniqueGrpId = s.substring(index+1,index1);
break;
}
}
}
} catch(Exception ex) {
throw new CustomRegistryException(ex.getMessage());
} finally {
fileClose(in);
}
if (uniqueGrpId == null) {
EntryNotFoundException nsee = new EntryNotFoundException(groupSecurityName);
throw nsee;
}
return uniqueGrpId;
}
/**
* Returns the Unique ids for all the groups that contain the UniqueId of
* a user. Called during creation of a user's credential.
*
* @param uniqueUserId the uniqueId of the user.
* @return a List of all the group UniqueIds that the uniqueUserId
* belongs to. The Unique id for an entry is the stringified
* form of some unique, registry-specific, data that serves
* to represent the entry. For example, for the
* Unix user registry, the Unique id for a group could be the GID
* and the Unique Id for the user could be the UID.
* @exception EntryNotFoundException if uniqueUserId does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
**/
public List getUniqueGroupIds(String uniqueUserId)
throws CustomRegistryException,
EntryNotFoundException {
String s,uniqueGrpId = null;
BufferedReader in = null;
List uniqueGrpIds=new ArrayList();
try {
in = fileOpen(USERFILENAME);
while ((s=in.readLine())!=null)
{
if (!(s.startsWith("#") || s.trim().length() <=0 )) {
int index = s.indexOf(":");
int index1 = s.indexOf(":", index+1);
int index2 = s.indexOf(":", index1+1);
if ((s.substring(index1+1,index2)).equals(uniqueUserId)) {
int lastIndex = s.lastIndexOf(":");
String subs = s.substring(index2+1,lastIndex);
StringTokenizer st1 = new StringTokenizer(subs, ",");
while (st1.hasMoreTokens())
uniqueGrpIds.add(st1.nextToken());
break;
}
}
}
} catch(Exception ex) {
throw new CustomRegistryException(ex.getMessage());
} finally {
fileClose(in);
}
return uniqueGrpIds;
}
/**
* Returns the name for a group given its uniqueId.
*
* @param uniqueGroupId the UniqueId of the group.
* @return the name of the group.
* @exception EntryNotFoundException if the uniqueGroupId does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
**/
public String getGroupSecurityName(String uniqueGroupId)
throws CustomRegistryException,
EntryNotFoundException {
String s,grpSecName = null;
BufferedReader in = null;
try {
in = fileOpen(GROUPFILENAME);
while ((s=in.readLine())!=null)
{
if (!(s.startsWith("#") || s.trim().length() <=0 )) {
int index = s.indexOf(":");
int index1 = s.indexOf(":", index+1);
if ((s.substring(index+1,index1)).equals(uniqueGroupId)) {
grpSecName = s.substring(0,index);
break;
}
}
}
} catch (Exception ex) {
throw new CustomRegistryException(ex.getMessage());
} finally {
fileClose(in);
}
if (grpSecName == null) {
EntryNotFoundException ex =
new EntryNotFoundException(uniqueGroupId);
throw ex;
}
return grpSecName;
}
/**
* Determines if the <code>groupSecurityName exists in the registry
*
* @param groupSecurityName the name of the group
* @return true if the groups exists, false otherwise
* @exception CustomRegistryException if there is any registry specific
* problem
**/
public boolean isValidGroup(String groupSecurityName)
throws CustomRegistryException {
String s;
boolean isValid = false;
BufferedReader in = null;
try {
in = fileOpen(GROUPFILENAME);
while ((s=in.readLine())!=null)
{
if (!(s.startsWith("#") || s.trim().length() <=0 )) {
int index = s.indexOf(":");
if ((s.substring(0,index)).equals(groupSecurityName)) {
isValid=true;
break;
}
}
}
} catch (Exception ex) {
throw new CustomRegistryException(ex.getMessage());
} finally {
fileClose(in);
}
return isValid;
}
/**
* Returns the securityNames of all the groups that contain the user
*
* This method is called by GUI(adminConsole) and Scripting(Command Line)
* to verify the user entered for RunAsRole mapping belongs to that role
* in the roles to user mapping. Initially, the check is done to see if
* the role contains the user. If the role does not contain the user
* explicitly, this method is called to get the groups that this user
* belongs to so that check can be made on the groups that the role contains.
*
* @param userSecurityName the name of the user
* @return a List of all the group securityNames that the user
* belongs to.
* @exception EntryNotFoundException if user does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
* @exception RemoteException as this extends java.rmi.Remote
**/
public List getGroupsForUser(String userName)
throws CustomRegistryException,
EntryNotFoundException {
String s;
List grpsForUser = new ArrayList();
BufferedReader in = null;
try {
in = fileOpen(GROUPFILENAME);
while ((s=in.readLine())!=null)
{
if (!(s.startsWith("#") || s.trim().length() <=0 )) {
StringTokenizer st = new StringTokenizer(s, ":");
for (int i=0; i<2; i++)
st.nextToken();
String subs = st.nextToken();
StringTokenizer st1 = new StringTokenizer(subs, ",");
while (st1.hasMoreTokens()) {
if((st1.nextToken()).equals(userName)) {
int index = s.indexOf(":");
grpsForUser.add(s.substring(0,index));
}
}
}
}
} catch (Exception ex) {
if (!isValidUser(userName)) {
throw new EntryNotFoundException(userName);
}
throw new CustomRegistryException(ex.getMessage());
} finally {
fileClose(in);
}
return grpsForUser;
}
/**
* Gets a list of users in a group.
*
* The maximum number of users returned is defined by the limit
* argument.
*
* This method is not used by WebSphere Application Server (WAS) for
* authenticating or authorization purposes. This is, however, used by some
* of the WAS clients like Workflow.
*
* If you are working with a registry where getting all the users from
* any of your groups is not practical (for example if there are a large
* number of users) you can through the NotImplementedException. Also,
* if you implement this method, you can still throw this exception if
* the limit exceeds some practical value.
* When the NotImplementedException is thrown the client program should fall
* back to some default implementation which should be documented by the
* client.
*
* @param groupSecurityName the name of the group
* @param limit the maximum number of users that should be returned.
* This is very useful in situations where there are lot of
* users in the registry and getting all of them at once is not
* practical. A value of 0 implies get all the users and hence
* must be used with care.
* @return a Result object that contains the list of users
* requested and a flag to indicate if more users exist.
* @deprecated This method will be deprecated in future.
* @exception NotImplementedException throw this exception if it is not
* pratical to get this information from your registry.
* @exception EntryNotFoundException if the group does not exist in
* the registry
* @exception CustomRegistryException if there is any registry specific
* problem
**/
public Result getUsersForGroup(String groupSecurityName, int limit)
throws NotImplementedException,
EntryNotFoundException,
CustomRegistryException {
String s, user;
BufferedReader in = null;
List usrsForGroup = new ArrayList();
int count = 0;
int newLimit = limit+1;
Result result = new Result();
// As mentioned in the javadoc if the registry cannot handle a
// large limit value it can throw the NotImplementedException.
// For eg.
if (limit > 50)
throw new NotImplementedException("Limit exceeds 50");
try {
in = fileOpen(GROUPFILENAME);
while ((s=in.readLine())!=null)
{
if (!(s.startsWith("#") || s.trim().length() <=0 )) {
int index = s.indexOf(":");
if ((s.substring(0,index)).equals(groupSecurityName))
{
StringTokenizer st = new StringTokenizer(s, ":");
for (int i=0; i<2; i++)
st.nextToken();
String subs = st.nextToken();
StringTokenizer st1 = new StringTokenizer(subs, ",");
while (st1.hasMoreTokens()) {
user = st1.nextToken();
usrsForGroup.add(user);
if (limit !=0 && ++count == newLimit) {
usrsForGroup.remove(user);
result.setHasMore();
break;
}
}
}
}
}
} catch (Exception ex) {
if (!isValidGroup(groupSecurityName)) {
throw new EntryNotFoundException(groupSecurityName);
}
throw new CustomRegistryException(ex.getMessage());
} finally {
fileClose(in);
}
result.setList(usrsForGroup);
return result;
}
/**
* Create Credential for a user. For this version of WebSphere one should
* throw an NotImplementedException. This will be implemented internally
* by WebSphere code and should not be implemented by the Custom Registry.
*
* @param userSecurityName the name of the user.
* @return com.ibm.websphere.security.cred.WSCredential
* @exception CustomRegistryException if there is any problem.
* @exception EntryNotFoundException if the uniqueGroupId does not exist.
* @exception CustomRegistryException if there is any registry specific
* problem
**/
public com.ibm.websphere.security.cred.WSCredential createCredential(String userSecurityName)
throws CustomRegistryException,
NotImplementedException,
EntryNotFoundException {
NotImplementedException ex =
new NotImplementedException("createCredential not implemented");
throw ex;
}
// private methods
private BufferedReader fileOpen(String fileName)
throws FileNotFoundException {
try {
return new BufferedReader(new FileReader(fileName));
} catch(FileNotFoundException e) {
throw e;
}
}
private void fileClose(BufferedReader in) {
try {
if (in != null) in.close();
} catch(Exception e) {
System.out.println("Error closing file" + e);
}
}
private boolean match(String name, String pattern) {
RegExpSample regexp = new RegExpSample(pattern);
boolean matches = false;
if(regexp.match(name))
matches = true;
return matches;
}
}
//----------------------------------------------------------------------
// The program provides the Regular Expression implementation used in the
// Sample for the Custom User Registry (FileRegistrySample). The pattern
// matching in the sample uses this program to search for the pattern (for
// users and groups).
//----------------------------------------------------------------------
class RegExpSample
{
private boolean match(String s, int i, int j, int k)
{
for(; k < expr.length; k++)
label0:
{
Object obj = expr[k];
if(obj == STAR)
{
if(++k >= expr.length)
return true;
if(expr[k] instanceof String)
{
String s1 = (String)expr[k++];
int l = s1.length();
for(; (i = s.indexOf(s1, i)) >= 0; i++)
if(match(s, i + l, j, k))
return true;
return false;
}
for(; i < j; i++)
if(match(s, i, j, k))
return true;
return false;
}
if(obj == ANY)
{
if(++i > j)
return false;
break label0;
}
if(obj instanceof char[][])
{
if(i >= j)
return false;
char c = s.charAt(i++);
char ac[][] = (char[][])obj;
if(ac[0] == NOT)
{
for(int j1 = 1; j1 < ac.length; j1++)
if(ac[j1][0] <= c && c <= ac[j1][1])
return false;
break label0;
}
for(int k1 = 0; k1 < ac.length; k1++)
if(ac[k1][0] <= c && c <= ac[k1][1])
break label0;
return false;
}
if(obj instanceof String)
{
String s2 = (String)obj;
int i1 = s2.length();
if(!s.regionMatches(i, s2, 0, i1))
return false;
i += i1;
}
}
return i == j;
}
public boolean match(String s)
{
return match(s, 0, s.length(), 0);
}
public boolean match(String s, int i, int j)
{
return match(s, i, j, 0);
}
public RegExpSample(String s)
{
Vector vector = new Vector();
int i = s.length();
StringBuffer stringbuffer = null;
Object obj = null;
for(int j = 0; j < i; j++)
{
char c = s.charAt(j);
switch(c)
{
case 63: /* '?' */
obj = ANY;
break;
case 42: /* '*' */
obj = STAR;
break;
case 91: /* '[' */
int k = ++j;
Vector vector1 = new Vector();
for(; j < i; j++)
{
c = s.charAt(j);
if(j == k && c == '^')
{
vector1.addElement(NOT);
continue;
}
if(c == '//')
{
if(j + 1 < i)
c = s.charAt(++j);
}
else
if(c == ']')
break;
char c1 = c;
if(j + 2 < i && s.charAt(j + 1) == '-')
c1 = s.charAt(j += 2);
char ac1[] = {
c, c1
};
vector1.addElement(ac1);
}
char ac[][] = new char[vector1.size()][];
vector1.copyInto(ac);
obj = ac;
break;
case 92: /* '//' */
if(j + 1 < i)
c = s.charAt(++j);
break;
}
if(obj != null)
{
if(stringbuffer != null)
{
vector.addElement(stringbuffer.toString());
stringbuffer = null;
}
vector.addElement(obj);
obj = null;
}
else
{
if(stringbuffer == null)
stringbuffer = new StringBuffer();
stringbuffer.append(c);
}
}
if(stringbuffer != null)
vector.addElement(stringbuffer.toString());
expr = new Object[vector.size()];
vector.copyInto(expr);
}
static final char NOT[] = new char[2];
static final Integer ANY = new Integer(0);
static final Integer STAR = new Integer(1);
Object expr[];
}
Copy code
示例:Groups.props 文件
# 5639-D57, 5630-A36, 5630-A37, 5724-D18
# (C) COPYRIGHT International Business Machines Corp. 1997, 2002
# All Rights Reserved * Licensed Materials - Property of IBM
#
# Format:
# name:gid:users:display name
# where name = groupId of the group
# gid = uniqueId of the group
# users = list of all the userIds that the group contains
# display name = a (optional) display name for the group.
admins:567:bob:Administrative group
operators:678:jay,ted,dave:Operators group
users:789:jay,jeff,vikas,bobby:
Copy code
示例:Users.props 文件
# 5639-D57, 5630-A36, 5630-A37, 5724-D18
# (C) COPYRIGHT International Business Machines Corp. 1997, 2002
# All Rights Reserved * Licensed Materials - Property of IBM
#
# Format:
# name:passwd:uid:gids:display name
# where name = userId/userName of the user
# passwd = password of the user
# uid = uniqueId of the user
# gid = groupIds of the groups that the user belongs to
# display name = a (optional) display name for the user.
bob:bob1:123:567:bob
dave:dave1:234:678:
jay:jay1:345:678,789:Jay-Jay
ted:ted1:456:678:Teddy G
jeff:jeff1:222:789:Jeff
vikas:vikas1:333:789:vikas
bobby:bobby1:444:789:
Copy code
示例:Results.java 文件// 5639-D57, 5630-A36, 5630-A37, 5724-D18
// (C) COPYRIGHT International Business Machines Corp. 1997, 2002
// All Rights Reserved * Licensed Materials - Property of IBM
//
// DESCRIPTION:
//
// This module is used by User Registries in WebSphere when calling the
// getUsers and getGroups method. The user registries should use this
// to set the list of users/groups and to indicate if there are more
// users/groups in the registry than requested
//
package com.ibm.websphere.security;
import java.util.List;
/**
This module is used by User Registries in WebSphere when calling the
getUsers and getGroups method. The user registries should use this
to set the list of users/groups and to indicate if there are more
users/groups in the registry than requested
*/
public class Result implements java.io.Serializable {
/**
Default constructor
*/
public Result() {
}
/**
Returns the list of users/groups
@return the list of users/groups
*/
public List getList() {
return list;
}
/**
indicates if there are more users/groups in the registry
*/
public boolean hasMore() {
return more;
}
/**
Set the flag to indicate that there are more users/groups
in the registry to true
*/
public void setHasMore() {
more = true;
}
/*
Set the list of user/groups
@param list list of users/groups
*/
public void setList(List list) {
this.list = list;
}
private boolean more = false;
private List list;
}
- 开发安全应用程序(七)--开发定制用户注册表
- VS2010开发应用程序读写注册表
- 开发安全应用程序(八)--为信任关联开发定制拦截器
- 开发安全应用程序
- 开发安全应用程序(一)-- 开发安全 Web 应用程序
- 开发安全的web应用程序
- 开发安全的web应用程序
- 嵌入式WinCE系统定制与应用程序开发
- 安全的应用程序开发和应用程序安全防御
- 在MapInfo平台上开发用户定制的应用程序的编程语言 MapBasic v6.0 1CD
- 七招制胜ASP.NET应用程序开发
- 七招制胜ASP.NET应用程序开发
- 七招制胜ASP.NET应用程序开发
- 七招制胜ASP.NET应用程序开发
- 七招制胜ASP.NET应用程序开发
- 七招制胜ASP.NET应用程序开发
- 七招制胜ASP.NET应用程序开发
- 七招制胜ASP.NET应用程序开发
- 浅谈数据类型转换之基本类型
- 简洁、明晰!数据库设计三大范式应用
- 2005-10-07 00:27 国庆七天
- 开发安全应用程序(六)-- 开发您自已的 J2C 主体映射模块
- 20多岁的男人与女人
- 开发安全应用程序(七)--开发定制用户注册表
- javascript 事件详解
- 什么是句柄(转)
- 第一篇
- 开发安全应用程序(八)--为信任关联开发定制拦截器
- 使用log4j建立灵活的log机制 - 1
- SQL日期和时间函数
- Hibernate3的DetachedCriteria支持
- 内部类(inner class)。
