Custom IdentityManager, custom PolicyManager and custom WebAuthenticator

The default IdentityManager and PolicyManager implementations are part of the org.wyona.security.impl package, for example YarepIdentityManagerImpl and PolicyManagerImplVersion2.


Custom IdentityManager

To create a custom IdentityManager you will need to develop your own implementations of the interfaces IdentityManagerFactory and IdentityManager which are part of the org.wyona.security.core package.

Once you have your custom implementations they need to be added to the configuration of your realm (realm.xml). Examples are shown below.

Instead of these:

org.wyona.security.impl.IdentityManagerFactoryImpl
org.wyona.security.impl.yarep.YarepIdentityManagerImpl

use these:

foo.bar.security.impl.IdentityManagerFactoryImpl
foo.bar.security.impl.IdentityManagerImpl

Configuration example: realm.xml

<ac-identities class="foo.bar.security.impl.IdentityManagerFactoryImpl">
<bar:repository-config xmlns:bar="http//www.bar.foo/security/1.0">config/ac-identities-repository.xml</bar:repository-config>
<bar:max-number-of-failed-login-attempts xmlns:bar="http//www.bar.foo/security/1.0">3</bar:max-number-of-failed-login-attempts>
</ac-identities>

Configuration example: ac-identities-repository.xml

<repository class="org.wyona.yarep.impl.repo.vfs.VirtualFileSystemRepository">
<name>Yanel Access Control Identities</name>
<content src="../ac-identities"/>
</repository>



Custom PolicyManager

Creating a custom PolicyManager is very similar to creating a custom IdentityManager.

Instead of these:

org.wyona.security.impl.PolicyManagerFactoryImpl
org.wyona.security.impl.PolicyManagerImplVersion2

use these:

foo.bar.security.impl.PolicyManagerFactoryImpl
foo.bar.security.impl.PolicyManagerImplVersion2

Configuration example: realm.xml

<ac-policies class="foo.bar.security.impl.PolicyManagerFactoryImpl">
<bar:repository-config xmlns:bar="http//www.bar.foo/security/1.0">config/ac-policies-repository.xml</bar:repository-config>
<bar:policy-caching-enabled xmlns:bar="http://www.bar.foo/security/1.0">false</bar:policy-caching-enabled>
</ac-policies>

Configuration example (ac-policies-repository.xml)

<repository>
<name>Company Access Control Policies Repository</name>
<paths class="org.wyona.yarep.impl.VFileSystemMapImpl" src="../ac-policies"/>
<storage class="org.wyona.yarep.core.impl.vfs.VFileSystemStorage">
<content src="../ac-policies"/>
</storage>
</repository>



Custom WebAuthenticator

A custom WebAuthenticator can be necessary if custom HTTP headers shall be processed or some other custom webapp authentication functionality needs to be implemented

Instead of this:

org.wyona.yanel.servlet.security.impl.DefaultWebAuthenticatorImpl

use this:

foo.bar.yanel.servlet.security.impl.CompanyWebAuthenticatorImpl

Configuration example: realm.xml

<web-authenticator class="foo.bar.yanel.servlet.security.impl.CompanyWebAuthenticatorImpl">
<bar:proxyRedirectURI xmlns:bar="http://www.company.com/wyona/1.0">http://proxy.bar.foo</bar:proxyRedirectURI>
<bar:welcomeRedirectURI xmlns:bar="http://www.company.com/wyona/1.0">/welcome.html</bar:welcomeRedirectURI>
<bar:lockedRedirectURI xmlns:bar="http://www.company.com/wyona/1.0">/userLocked.html</bar:lockedRedirectURI>
<bar:expiredRedirectURI xmlns:bar="http://www.company.com/wyona/1.0">/login/expired.html</bar:expiredRedirectURI>
</web-authenticator>

Yanel includes a CAS based SSO web authenticator org.wyona.yanel.servlet.security.impl.CASWebAuthenticatorImpl, whereas a sample configuration can be found at src/realms/yanel-website/realm.xml. Also see the documentation about SSO for Yanel using CAS.



Your comments are much appreciated

Is the content of this page unclear or you think it could be improved? Please add a comment and we will try to improve it accordingly.