Scenario: Developing authentication user exits

To develop authentication user exits, you must develop OSGi services that include the provided user exit APIs.

Before you begin

You must be an experienced programmer in Java™, Open Services Gateway Initiative (OSGi) services, and OSGi bundles. The BusinessDocument public user exit Java API must be exported as an OSGi service in your OSGi bundle.

About this task

To develop an authentication user exit OSGi service:

Procedure

  1. Locate the Members\resources\userexits installation directory.
  2. Set up your development environment.
    1. Download the user exit API JAR file from the Members\resources\userexits installation directory.
    2. Verify that your integrated development environment (IDE) is configured for OSGi development.
    3. Optional: Download the latest Eclipse IDE and either Equinox SDK or Apache Aries: Maven Plug-in.
    4. Optional: Download the latest WebSphere® Application Server V7 Feature pack for OSGi Applications and JPA 2.0.
    5. Modify your /META-INF/MANIFEST.MF file to match your implementation.
    6. Optional: For Maven plug-in implementations, modify your /META-INF/pom.xml and META-INF/pom.properties files to match your implementation.
    7. Optional: For Blueprint Container implementations, modify your /OSGI-INF/blueprint.xml file to match your implementation.
  3. Implement the Authentication user exit API.
    AuthenticationUserExitHandler
    Develop user exit authentication for embedded (full) X.509 certificate, SAML token, or user name token during the authentication process flow.
    BusinessDocument
    The BusinessDocument is used to handle the message, payload, attachments, transport headers, and message properties in the process flow. You must also use the BusinessDocument API to invoke the UserExitKeyPair API and retrieve the owner UserExitKeyPair for decryption of the SAML token.
  4. Debug your standard OSGi components in your local IDE.
    Restriction: User exits cannot be tested in your local development environment. You must deploy the user exit OSGi services on the system for testing.
  5. Update the service ID in the SystemConfigurationSYSLoader.properties file.
    1. Locate the Members\resources installation directory.
    2. Edit the SystemConfigurationSYSLoader.properties file with the unique service ID.
      USEREXIT_AUTHENTICATION_OUTBOUND_SERVICEID
      Outbound service ID for authentication. Unique identifier that must start with a letter or an underscore and it cannot contain spaces or special characters.
      USEREXIT_AUTHENTICATION_INBOUND_SERVICEID
      Inbound service ID for authentication. Unique identifier that must start with a letter or an underscore and cannot contain spaces or special characters.
    3. To load the updated properties file in the system, type execute config load all
  6. Assemble your authentication user exit OSGi service and prepare your userexit_bundle-SymbolicName.jar OSGi bundle for deployment on the system.
  7. To deploy your authentication user exit bundle, locate the bin directory.
    Important: You must repeat this procedure for each node that requires this user exit.
  8. To load your user exit OSGi bundle into the data grid, type execute user_exit load <path to userexit_bundle.jar>
  9. To deploy your user exit OSGi bundle on your current node, type execute user_exit config <userexit_bundle-SymbolicName>|all
    Important: If you update an existing user exit on the system, you must restart the member.
  10. Optional: Restart the member:
    1. To stop the member, type execute member stop operational
    2. To start the member, type execute member start operational or execute member start_service operational
  11. Optional: To verify your user exit deployment, type execute user_exit list
  12. Optional: To indicate the specific implementation of your authentication user exits, update the service ID in the SystemConfigurationSYSLoader.properties file.
    1. Locate the Members\resources\config installation directory.
    2. Edit the SystemConfigurationSYSLoader.properties file with the unique service ID.
      USEREXIT_AUTHENTICATION_OUTBOUND_SERVICEID
      Outbound service ID for authentication. Unique identifier that must start with a letter or an underscore and it cannot contain spaces or special characters.
      USEREXIT_AUTHENTICATION_INBOUND_SERVICEID
      Inbound service ID for authentication. Unique identifier that must start with a letter or an underscore and cannot contain spaces or special characters.
    3. To load the updated properties file in the system, type execute config load all

Example

API code snippet for destination authentication user exit points.

/**
 * Interface for authentication user exit point for destinations
 *
 */
interface AuthenticationUserExitHandler {
    public BusinessDocument invoke( BusinessDocument doc ) throws 	AuthenticationException;
}

What to do next

You can now manage and configure your authentication user exits in the process flows for conformance policy and exchange profiles.
Tip: To edit deployed user exit OSGi bundles, type execute user_exit export <userexit_bundle-SymbolicName> <directory location for exported files>. You can then edit the OSGi bundle locally and modify, debug, and test before you deploy the modified OSGi bundle again.
Parent topic: Scenarios
Related concepts:
Developing user exits
Related information:
Configuring user exits
User exit Java API reference
Build lightweight OSGi applications with Eclipse
Building OSGi applications with the Blueprint Container specification
IBM Rational Development Tools for OSGi Applications, Version 1.0.4
Developing enterprise OSGi applications for WebSphere Application Server
Apache Maven Project