com.ibm.websphere.security

Interface SAFRoleMapper


  1. public interface SAFRoleMapper
Map application defined role names to SAF profile names. This interface may be implemented by customers to effect the way that WebSphere for z/OS builds the SAF profile names used for authorization and to obtain a delegation user identifier for delegation.

In order to have WebSphere instantiate and call an implementation of this interface, the security custom property com.ibm.websphere.security.SAF.RoleMapper must be set to the name of the class to instantiate.

Please note that this interface is non-standard and is likely to be removed in future release.


Field Summary

Modifier and Type Field and Description
  1. static
  2. java.lang.String
CELL_NAME
The context Map key to use to obtain the cell name.
  1. static
  2. java.lang.String
CELL_SHORT_NAME
The context Map key to use to obtain the cell name.
  1. static
  2. java.lang.String
DOMAIN_NAME
Deprecated. As of WebSphere V7.0, replaced by PROFILE_PREFIX The context Map key to use to obtain the domain name.
  1. static
  2. java.lang.String
DOMAIN_TYPE
Deprecated. As of WebSphere V7.0, replaced by PROFILE_PREFIX The context Map key to use to determine whether or not to use a prefix for SAF profile names.
  1. static
  2. java.lang.String
PROFILE_PREFIX
The context Map key to use to determine the SAF profile prefix
  1. static
  2. java.lang.String
SERVER_NAME
The context Map key to use to obtain the server name.
  1. static
  2. java.lang.String
SERVER_SHORT_NAME
The context Map key to use to obtain the server short name.

Method Summary

Modifier and Type Method and Description
  1. java.lang.String
getProfileFromRole(java.lang.String applicationName,java.lang.String role)
Map a role name to a valid SAF profile.
  1. void
initialize(java.util.Properties context)
This method is called by the WebSphere security component to provide a cell and server context to the SAFRoleMapper instance.

Field Detail

SERVER_NAME

  1. static final java.lang.String SERVER_NAME
The context Map key to use to obtain the server name.

SERVER_SHORT_NAME

  1. static final java.lang.String SERVER_SHORT_NAME
The context Map key to use to obtain the server short name.

CELL_NAME

  1. static final java.lang.String CELL_NAME
The context Map key to use to obtain the cell name.

CELL_SHORT_NAME

  1. static final java.lang.String CELL_SHORT_NAME
The context Map key to use to obtain the cell name.

DOMAIN_NAME

  1. static final java.lang.String DOMAIN_NAME
Deprecated. As of WebSphere V7.0, replaced by PROFILE_PREFIX The context Map key to use to obtain the domain name.

DOMAIN_TYPE

  1. static final java.lang.String DOMAIN_TYPE
Deprecated. As of WebSphere V7.0, replaced by PROFILE_PREFIX The context Map key to use to determine whether or not to use a prefix for SAF profile names.

PROFILE_PREFIX

  1. static final java.lang.String PROFILE_PREFIX
The context Map key to use to determine the SAF profile prefix

Method Detail

initialize

  1. void initialize(java.util.Properties context)
This method is called by the WebSphere security component to provide a cell and server context to the SAFRoleMapper instance.

The context is an instance of a java.util.Properties object that contains the following information:

  • Server Name - Keyed by SERVER_NAME.
  • Server Short Name - Keyed by SERVER_SHORT_NAME.
  • Cell Name - Keyed by CELL_NAME.
  • Cell Short Name - Keyed by CELL_SHORT_NAME.
  • Domain Name - Keyed by DOMAIN_NAME. This property will be null if a z/OS security domain name was not configured.
  • Profile prefix - Keyed by PROFILE_PREFIX. This property will be null if a z/OS SAF profile prefix was not configured.

The context information can be used when building the profile used for SAF authorization and delegation.

Parameters:
context - the server instance execution context

getProfileFromRole

  1. java.lang.String getProfileFromRole( java.lang.String applicationName,
  2. java.lang.String role)
Map a role name to a valid SAF profile. This method is called by the security component to build a profile name in the EJBROLE SAF class that will be used for authorization and delegation decisions.
Parameters:
applicationName - the application name from the application deployment descriptor
role - the application defined role name from the application deployment descriptor
Returns:
the mapped profile of the role