Implementing a custom fine-grained security provider

If your organization keeps entitlement information in an external system application, you can write your own plug-in to integrate Monitor fine-grained security filters with your external system application. You can implement your own custom fine-grained security provider using the artifacts provided by Business Monitor.

About this task

As shown in the following plugin.xml file, the fine-grained security framework provides two extension points-com.ibm.wbimonitor.repository.security-filter-provider and com.ibm.wbimonitor.repository.object-security-provider.

  <?xml version="1.0" encoding="UTF-8" ?>
  <plugin id="com.ibm.wbimonitor.repository" name="MetadataRepository" provider-name="IBM" version="7.5.0">
     <extension-point id="security-filter-provider"/>
     <extension-point id="object-security-provider"/>
   </plugin>
In addition, the framework provides an interface for security filters and object security rules:
  • Interface of security filters:
    /**
	 * @param userId 	- user id
	 * @param groupCNs 	- group common name list of current user
	 * @param userDN 	- user distinguished name
	 * @param groupDNs 	- group distinguished name list of current user
	 * @param modelId
	 * @param mcId
	 * @return the filter set defined for the model MC.
	 * @throws FGSException - any exception happens when getting the security filters
	 */
public String getMCFilterSet(String userId, List<String>groupCNs,
String userDN, List<String> groupDNs, String modelId, String mcId)
/**
	 * @param modelId
	 * @return all the security filters defined for the model.
	 * @throws FGSException - any exception happens when getting the security filters
	 */
public String getModelSecurityFilters(String modelId)
/**
	 * Get the FGS provider description.
	 * @return
	 */
public String getFGSProviderDescription()
/**
	 * Get the FGS provider name.
	 * @return
	 */
public String getFGSProviderName()
/**
	 * Return the models on which the current Fine Grain Security provider will take effect.
	 * @return the list of model ids
	 * @throws FGSRegistrationException - exception when the provider incorrectly handles the registered models. 
	 */
public List<String> getSupportedModels() throws FGSRegistrationException
  • Interface of object security rules:
    /**
	 * Return the list of hidden dimension ids
	 * @param userId 	- user id
	 * @param groupCNs 	- group common name list of current user
	 * @param userDN 	- user distinguished name
	 * @param groupDNs 	- group distinguished name list of current user
	 * @param modelId
	 * @param mcId
	 * @return the list of hidden dimension ids
	 * @throws FGSException - any exception happens when getting the object security
	 */
public List<String> getCubeHiddenDimensions(String userId, 
List<String>groupCNs,String userDN, List<String> groupDNs, 
String modelId, String mcId)
/**
 * Return the list of hidden measure ids
	 * @param userId 	- user id
	 * @param groupCNs 	- group common name list of current user
	 * @param userDN 	- user distinguished name
	 * @param groupDNs 	- group distinguished name list of current user
	 * @param modelId
	 * @param mcId
	 * @return the list of hidden measure ids
	 * @throws FGSException - any exception happens when getting the object security
	 */
public List<String> getCubeHiddenMeasures(String userId, 
List<String>groupCNs,String userDN, List<String> groupDNs, 
String modelId, String mcId)
/**
	 * Return the list of hidden metric ids
	 * @param userId 	- user id
	 * @param groupCNs 	- group common name list of current user
	 * @param userDN 	- user distinguished name
	 * @param groupDNs 	- group distinguished name list of current user
	 * @param modelId
	 * @param mcId
	 * @return the list of hidden metric ids
	 * @throws FGSException - any exception happens when getting the object security
	 */
public List<String> getMCHiddenMetrics(String userId, 
List<String>groupCNs,String userDN, List<String> groupDNs, 
String modelId, String mcId)
/**
	 * Return the list of hidden alert ids
	 * @param userId 	- user id
	 * @param groupCNs 	- group common name list of current user
	 * @param userDN 	- user distinguished name
	 * @param groupDNs 	- group distinguished name list of current user
	 * @param modelId
	 * @return the list of hidden alert ids
	 * @throws FGSException - any exception happens when getting the object security
	 */
public List<String> getModelHiddenAlerts(String userId, 
List<String>groupCNs,String userDN, List<String> groupDNs, 
String modelId, String mcId)
/**
	 * Return the list of hidden KPI ids
	 * @param userId 	- user id
	 * @param groupCNs 	- group common name list of current user
	 * @param userDN 	- user distinguished name
	 * @param groupDNs 	- group distinguished name list of current user
	 * @param modelId
	 * @return the list of hidden KPI ids
	 * @throws FGSException - any exception happens when getting the object security
	 */
public List<String> getModelHiddenKPIs(String userId, 
List<String>groupCNs,String userDN, List<String> groupDNs, 
String modelId, String mcId)throws FGSException/**
* @param modelId
* @return all the object security rules defined for specified model.
* @throws FGSException - any exception happens when getting the object security
*/

public String getModelObjSecRules(String modelId)
/**
	 * Get the FGS provider description.
	 * @return
	 */
public String getFGSProviderDescription()
/**
	 * Get the FGS provider name.
	 * @return
	 */
public String getFGSProviderName()
/**
	 * Return the models on which the current Fine Grain Security provider will take effect.
	 * @return the list of model ids
	 * @throws FGSRegistrationException - exception when the provider incorrectly handles the registered models. 
	 */
public List<String> getSupportedModels() throws FGSRegistrationException
For information on extending the extension point and implement the interface, see the plugin.xml file and the following files:
  • com.ibm.wbimonitor.security.finegrainsecurity.sample.filtersec.FGSSampleSecurityFilterImpl.java
  • com.ibm.wbimonitor.security.finegrainsecurity.sample.objectsec.FGSSampleObjectSecurityImpl.java
These files are located in the following .zip file: 
<monitor_server>/scripts.wbm/FGSecurity/SampleProvider/com.ibm.wbimonitor.security.finegrainsecurity.sample.zip
The extension point and interface are declared in the bundle com.ibm.wbimonitor.repository.jar.

Procedure

  1. Add the com.ibm.wbimonitor.repository.jar.file to the class path of the custom fine-grained security provider project during development.
  2. Add the extension points to the plugin.xml file, as shown in the following example: 
      <?xml version="1.0" encoding="UTF-8" ?>
- <plugin id="FGSSampleProvider" name="Fine grain security sample provider" provider-name="IBM" version="7.5.0">
  -  <extension id="FGSSampleSecurityFilter" name="FGS Sample Security Filter" point="com.ibm.wbimonitor.repository.security-filter-provider">
     - <components>
         <component class="com.ibm.wbimonitor.security.finegrainsecurity.sample.filtersec.FGSSampleSecurityFilterImpl" startup="1" />
       </components>
     </extension>
   - <extension id="FGSSampleObjectSecurity" name="FGS Sample Object Security" point="com.ibm.wbimonitor.repository.object-security-provider">
     - <components>
         <component class="com.ibm.wbimonitor.security.finegrainsecurity.sample.objectsec.FGSSampleObjectSecurityImpl" startup="2" />
       </components>
     </extension>
  </plugin>
  3. Implement the interfaces. Use the implementation shown in the following classes as a guide:
    • com.ibm.wbimonitor.security.finegrainsecurity.sample.filtersec.FGSSampleSecurityFilterImpl
    • com.ibm.wbimonitor.security.finegrainsecurity.sample.objectsec.FGSSampleObjectSecurityImpl
Parent topic: Configuring fine-grained security