z/OS® Connect provides a framework that enables
interceptors, or methods, to work with operations such as service invoke, status, start, or stop.
Interceptors are OSGi services that implement the com.ibm.wsspi.zos.connect.Interceptor
Service Provider Interface (SPI) that is provided by z/OS Connect.
About this task
You can use interceptors for various purposes. z/OS Connect has no visibility into what an
interceptor is used for. For example, an interceptor might be written to perform some infrastructure
setup that is based on the message payload before the request is processed. z/OS Connect provides a
copy of the input request payload to all interceptors.
z/OS Connect provides the <zosConnectService>
configuration element that
enables the administrator to configure a set of attributes that apply to a particular service. One
of these attributes is interceptorsRef
, which points to a configuration element
that lists one or more interceptors to run for a specific service.
This task describes how to define a z/OS Connect interceptor and a list of interceptors and also
explains how to associate the interceptors with one or more services in the configuration for a
server. This task also includes a description of how to enable the z/OS Connect-provided audit and
authorization interceptors for services.
Procedure
- Update the
<zosConnectService>
element for each service in your
server.xml configuration for which you want to enable an interceptor or list of
interceptors for.
<!--z/OS Connect service definitions -->
<zosConnectService id="zcs1"
serviceName="recordOpsCreate"
serviceRef="wolaOpsCreateService"
interceptorsRef="opsCreateInterceptorList"/>
-
Create the associated
<zosConnectInterceptors>
element.
<!-- User Interceptor definitions -->
<usr_userInterceptorOne id="userI1" sequence="1"/>
<usr_userInterceptorTwo id="userI2" sequence="2"/>
<zosConnectInterceptors id="opsCreateInterceptorList" interceptorRef="userI1, userI2"/>
The name of the interceptor list in this example is greetingsInterceptorList
.
There are two interceptors referred to here, userI1 and
userI2. Interceptor implementations use the Liberty SPI extensions. These interceptors must
define their metatypes to the Liberty server
and create an implementation of the com.ibm.wsspi.zos.connect.Interceptor
class. In this example, an implementation of this class was created with a metatype that defines the
elements usr_userInterceptorOne and usr_userInterceptorTwo . The name of the configuration element
where the list of interceptors is provided is called interceptorsRef. It is not a required
attribute.
- Optional: Create a global interceptor list and enable it in the
<zosConnectManager>
element. The globalInterceptorsRef item is the name of
the element in the configuration that describes the set of z/OS Connect interceptors that apply to
all of the services in the configuration.
<zosConnectManager id="zosConnectGlobals" globalInterceptorsRef="GlobalInterceptors"/>
<!-- User Interceptor definitions -->
<usr_userInterceptorOne id="userI1" sequence="1"/>
<usr_userInterceptorTwo id="userI2" sequence="2"/>
<zosConnectInterceptors id="globalInterceptors" interceptorRef="userI1, userI2"/>
-
Optional: Enable the z/OS Connect-provided audit, authorization, or logging interceptors for a
service or set of services.
The z/OS Connect-supplied audit interceptor implements the
com.ibm.wsspi.zos.connect.Interceptor SPI to store audit or tracking
information in the z/OS System Management Facility (SMF) data sets. The authorization interceptor
gives the ability to verify that the current authenticated user has the authority to perform the
requested action. Examples of actions that are checked include service action=invoke, start, or
stop. You enable these interceptors for one or more services in the z/OS Connect server
configuration. The following example shows how to enable both the audit and authorization
interceptors for a single service:
<!-- z/OS Connect service definition -->
<zosConnectService id="zcs1"
serviceName="recordOpsCreate"
serviceRef="wolaOpsCreateService"
interceptorsRef="opsCreateInterceptorList1"/>
<!-- Audit and authorization interceptor definitions -->
<authorizationInterceptor id="authInterceptor1" sequence="1"/>
<auditInterceptor id="auditInterceptor1" sequence="2"/>
<zosConnectInterceptors id="opsCreateInterceptorList1" interceptorRef="auditInterceptor1, authInterceptor1"/>