IBM WebSphere Application ServerTM
Release 8

com.ibm.websphere.security
Interface SAFRoleMapper


public interface SAFRoleMapper

Map application defined role names to SAF profile names. This interface may be implemented by customers to effect the way that WebSphere for z/OS builds the SAF profile names used for authorization and to obtain a delegation user identifier for delegation.

In order to have WebSphere instantiate and call an implementation of this interface, the security custom property com.ibm.websphere.security.SAF.RoleMapper must be set to the name of the class to instantiate.

Please note that this interface is non-standard and is likely to be removed in future release.


Field Summary
static java.lang.String CELL_NAME
          The context Map key to use to obtain the cell name.
static java.lang.String CELL_SHORT_NAME
          The context Map key to use to obtain the cell name.
static java.lang.String DOMAIN_NAME
          Deprecated. As of WebSphere V7.0, replaced by PROFILE_PREFIX The context Map key to use to obtain the domain name.
static java.lang.String DOMAIN_TYPE
          Deprecated. As of WebSphere V7.0, replaced by PROFILE_PREFIX The context Map key to use to determine whether or not to use a prefix for SAF profile names.
static java.lang.String PROFILE_PREFIX
          The context Map key to use to determine the SAF profile prefix
static java.lang.String SERVER_NAME
          The context Map key to use to obtain the server name.
static java.lang.String SERVER_SHORT_NAME
          The context Map key to use to obtain the server short name.
 
Method Summary
 java.lang.String getProfileFromRole(java.lang.String applicationName, java.lang.String role)
          Map a role name to a valid SAF profile.
 void initialize(java.util.Properties context)
          This method is called by the WebSphere security component to provide a cell and server context to the SAFRoleMapper instance.
 

Field Detail

SERVER_NAME

static final java.lang.String SERVER_NAME
The context Map key to use to obtain the server name.

See Also:
Constant Field Values

SERVER_SHORT_NAME

static final java.lang.String SERVER_SHORT_NAME
The context Map key to use to obtain the server short name.

See Also:
Constant Field Values

CELL_NAME

static final java.lang.String CELL_NAME
The context Map key to use to obtain the cell name.

See Also:
Constant Field Values

CELL_SHORT_NAME

static final java.lang.String CELL_SHORT_NAME
The context Map key to use to obtain the cell name.

See Also:
Constant Field Values

DOMAIN_NAME

static final java.lang.String DOMAIN_NAME
Deprecated. As of WebSphere V7.0, replaced by PROFILE_PREFIX The context Map key to use to obtain the domain name.
See Also:
Constant Field Values

DOMAIN_TYPE

static final java.lang.String DOMAIN_TYPE
Deprecated. As of WebSphere V7.0, replaced by PROFILE_PREFIX The context Map key to use to determine whether or not to use a prefix for SAF profile names.
See Also:
Constant Field Values

PROFILE_PREFIX

static final java.lang.String PROFILE_PREFIX
The context Map key to use to determine the SAF profile prefix

See Also:
Constant Field Values
Method Detail

initialize

void initialize(java.util.Properties context)
This method is called by the WebSphere security component to provide a cell and server context to the SAFRoleMapper instance.

The context is an instance of a java.util.Properties object that contains the following information:

  • Server Name - Keyed by SERVER_NAME.
  • Server Short Name - Keyed by SERVER_SHORT_NAME.
  • Cell Name - Keyed by CELL_NAME.
  • Cell Short Name - Keyed by CELL_SHORT_NAME.
  • Domain Name - Keyed by DOMAIN_NAME. This property will be null if a z/OS security domain name was not configured.
  • Profile prefix - Keyed by PROFILE_PREFIX. This property will be null if a z/OS SAF profile prefix was not configured.

The context information can be used when building the profile used for SAF authorization and delegation.

Parameters:
context - the server instance execution context

getProfileFromRole

java.lang.String getProfileFromRole(java.lang.String applicationName,
                                    java.lang.String role)
Map a role name to a valid SAF profile. This method is called by the security component to build a profile name in the EJBROLE SAF class that will be used for authorization and delegation decisions.

Parameters:
applicationName - the application name from the application deployment descriptor
role - the application defined role name from the application deployment descriptor
Returns:
the mapped profile of the role

IBM WebSphere Application ServerTM
Release 8