![[8.5.5.9 or later]](../ng_v8559.gif)
This topic applies to WebSphere Application Server Liberty V8.5.5.9 and earlier. For the latest Liberty topics, see the WebSphere Application Server Liberty documentation.
Developing a customPasswordEncryption Provider
You can develop a customPasswordEncryption provider to have custom authorization decisions for Java™ Platform, Enterprise Edition (J2EE) applications by implementing the com.ibm.wsspi.security.crypto.CustomPasswordEncryption interface that is provided in the Liberty server.
About this task
Procedure
- Create an OSGi component that provides a service that implements the
com.ibm.wsspi.security.crypto.CustomPasswordEncryption interface.
The CustomPasswordEncryption interface defines three methods, decrypt, which the Liberty server run time invokes to decrypt the string, encrypt, which the Liberty server run time invokes to encrypt the string, and initialize, which is reserved for future use.
The following example uses OSGi declarative services annotations:package com.mycompany.custom; import org.osgi.service.component.ComponentContext; import org.osgi.service.component.annotations.Activate; import org.osgi.service.component.annotations.Component; import org.osgi.service.component.annotations.ConfigurationPolicy; import org.osgi.service.component.annotations.Deactivate; import org.osgi.service.component.annotations.Modified; import com.ibm.wsspi.security.crypto.CustomPasswordEncryption; import com.ibm.wsspi.security.crypto.EncryptedInfo; import com.ibm.wsspi.security.crypto.PasswordDecryptException; import com.ibm.wsspi.security.crypto.PasswordEncryptException; /** */ @Component(service = CustomPasswordEncryption.class, immediate = true, name = "com.mycompany.CustomPasswordEncryptionImpl", configurationPolicy = ConfigurationPolicy.OPTIONAL, property = { "someKey=someValue" }) public class CustomPasswordEncryptionImpl implements CustomPasswordEncryption { @Activate protected synchronized void activate(ComponentContext cc, Map<String, Object> props) { } @Modified protected synchronized void modify(Map<String, Object> props) { } @Deactivate protected void deactivate(ComponentContext cc) { } /** * The encrypt operation takes a UTF-8 encoded String in the form of a byte[]. * The byte[] is generated from String.getBytes("UTF-8"). An encrypted byte[] * is returned from the implementation in the EncryptedInfo object. * Additionally, a logically key alias is returned in EncryptedInfo so which * is passed back into the decrypt method to determine which key was used to * encrypt this password. The WebSphere Application Server runtime has no * knowledge of the algorithm or key used to encrypt the data. * * @param decrypted_bytes * @return com.ibm.wsspi.security.crypto.EncryptedInfo * @throws com.ibm.wsspi.security.crypto.PasswordEncryptException **/ @Override public EncryptedInfo encrypt(byte[] input) throws PasswordEncryptException { byte[] output = null; String key = null; try { : <do some encryption> : return new EncryptedInfo(output, key); } catch (Exception e) { throw new PasswordEncryptException("Exception is caught", e); } } /** * The decrypt operation takes the EncryptedInfo object containing a byte[] * and the logical key alias and converts it to the decrypted byte[]. The * WebSphere Application Server runtime will convert the byte[] to a String * using new String (byte[], "UTF-8"); * * @param info * @return byte[] * @throws PasswordEncryptException * @throws com.ibm.wsspi.security.crypto.PasswordDecryptException **/ @Override public byte[] decrypt(EncryptedInfo info) throws PasswordDecryptException { byte[] input = info.getEncryptedBytes(); String key = info.getKeyAlias(); byte[] output = null; try { : <do some decryption> : return output; } catch (Exception e) { throw new PasswordEncryptException("Exception is caught", e); } } /** * This is reserved for future use and is currently not called by the * WebSphere Application Server runtime. * * @param initialization_data **/ @SuppressWarnings("rawtypes") @Override public void initialize(Map initialization_data) {} }
- Package the component into an OSGi bundle that is part of your user feature. Make sure that the
bundle includes the OSGi service manifest. The following example shows the contents of OSGi service manifest:
<?xml version="1.0" encoding="UTF-8"?> <scr:component xmlns:scr="http://www.osgi.org/xmlns/scr/v1.1.0" name="com.mycompany.custom.CustomPasswordEncryptionImpl" configuration-policy="optional" immediate="true" activate="activate" deactivate="deactivate" modified="modify"> <implementation class="com.mycompany.custom.CusomPasswordEncryptionImpl"/> <service> <provide interface="com.ibm.wsspi.security.crypto.CustomPasswordEncryption"/> </service> <property name="<someKey>" type="String" value="<someValue>"/> </scr:component>
- Ensure that your feature manifest includes the OSGi subsystem content with
start-phase:="SERVICE_EARLY". For
example:
Manifest-Version: 1.0 IBM-Feature-Version: 2 IBM-ShortName: customPasswordEncryption-1.0 Subsystem-Type: osgi.subsystem.feature Subsystem-Version: 1.0.0 Subsystem-ManifestVersion: 1.0 Subsystem-SymbolicName: customPasswordEncryption-1.0;visibility:=public Subsystem-Content: com.mycompany.custom; version="[1,1.0.100)"; start-phase:="SERVICE_EARLY"
- After the feature is installed into the user product extension location, configure the
server.xml file with the feature name.
<featureManager> ... <feature>usr:customPasswordEncryption-1.0</feature> </featureManager>


http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-libcore-mp&topic=twlp_developing_custom_passwd_encrypt
File name: twlp_developing_custom_passwd_encrypt.html