7.3 Custom User Registry

7.3 Custom User Registry

WebSphere Portal server on z/OS and OS/390 supports a Custom User Registry (CUR) using the OS/390 Lightweight Directory Access Protocol server, which is part of the SecureWay® Security Server for z/OS and OS/390. This is not a z/OS System Authorization Facility (SAF) based user registry and so does not use RACF. Portal server CUR provides an implementation of the com.ibm.websphere.security.CustomRegistry interface which is the same interface used by WebSphere Application Server V4.01 for CUR. This allows the Portal server to service requests from users or Web clients by authenticating a user ID and password against the Custom User Registry using the Portal Custom Servlet. This is how Portal server authenticates users and provides the first layer of protection to internal portal resources, such as portlets, places and pages.

Most of the CUR configuration for the installation is done by the wpsPost job or the shell script wpsPost.root.sh in Step 9.8 of the Portal installation. During that step it creates files, such as jvm.properties, webcontainer.conf and trace.dat in the directory: WebSphere390/CB390/controlinfo/envfile/SYSPLEXNAME/WPS_SRVINST_NAME

For CUR, an authorization table is provided via an XML file. You can find the following XML files under directory: /usr/lpp/PortalServer/PortalServer/libapp/config

• authtable.xml

  This XML file contains the authorizations for each Web application installed on the J2EE server for which the custom user registry is being used to authenticate requests. The authorizations are based on roleName and groupName definitions.

• authtablelist.xml

  This CUR authorization table XML file is used to define the applications and its authorization lists

The authorization table is managed by the administrator to grant users and groups access to the J2EE resources on a per application/portlet basis.