The default IdentityManager and PolicyManager implementations are part of the org.wyona.security.impl package, for example YarepIdentityManagerImpl and PolicyManagerImplVersion2.
To create a custom IdentityManager you will need to develop your own implementations of the interfaces IdentityManagerFactory and IdentityManager which are part of the org.wyona.security.core package.
Once you have your custom implementations they need to be added to the configuration of your realm (realm.xml). Examples are shown below.
Instead of these:
org.wyona.security.impl.IdentityManagerFactoryImpl
org.wyona.security.impl.yarep.YarepIdentityManagerImpl
use these:
foo.bar.security.impl.IdentityManagerFactoryImpl
foo.bar.security.impl.IdentityManagerImpl
<ac-identities class="foo.bar.security.impl.IdentityManagerFactoryImpl">
<bar:repository-config xmlns:bar="http//www.bar.foo/security/1.0">config/ac-identities-repository.xml</bar:repository-config>
<bar:max-number-of-failed-login-attempts xmlns:bar="http//www.bar.foo/security/1.0">3</bar:max-number-of-failed-login-attempts>
</ac-identities>
<repository class="org.wyona.yarep.impl.repo.vfs.VirtualFileSystemRepository">
<name>Yanel Access Control Identities</name>
<content src="../ac-identities"/>
</repository>
Creating a custom PolicyManager is very similar to creating a custom IdentityManager.
Instead of these:
org.wyona.security.impl.PolicyManagerFactoryImpl
org.wyona.security.impl.PolicyManagerImplVersion2
use these:
foo.bar.security.impl.PolicyManagerFactoryImpl
foo.bar.security.impl.PolicyManagerImplVersion2
<ac-policies class="foo.bar.security.impl.PolicyManagerFactoryImpl">
<bar:repository-config xmlns:bar="http//www.bar.foo/security/1.0">config/ac-policies-repository.xml</bar:repository-config>
<bar:policy-caching-enabled xmlns:bar="http://www.bar.foo/security/1.0">false</bar:policy-caching-enabled>
</ac-policies>
<repository>
<name>Company Access Control Policies Repository</name>
<paths class="org.wyona.yarep.impl.VFileSystemMapImpl" src="../ac-policies"/>
<storage class="org.wyona.yarep.core.impl.vfs.VFileSystemStorage">
<content src="../ac-policies"/>
</storage>
</repository>
A custom WebAuthenticator can be necessary if custom HTTP headers shall be processed or some other custom webapp authentication functionality needs to be implemented
Instead of this:
org.wyona.yanel.servlet.security.impl.DefaultWebAuthenticatorImpl
use this:
foo.bar.yanel.servlet.security.impl.CompanyWebAuthenticatorImpl
<web-authenticator class="foo.bar.yanel.servlet.security.impl.CompanyWebAuthenticatorImpl">
<bar:proxyRedirectURI xmlns:bar="http://www.company.com/wyona/1.0">http://proxy.bar.foo</bar:proxyRedirectURI>
<bar:welcomeRedirectURI xmlns:bar="http://www.company.com/wyona/1.0">/welcome.html</bar:welcomeRedirectURI>
<bar:lockedRedirectURI xmlns:bar="http://www.company.com/wyona/1.0">/userLocked.html</bar:lockedRedirectURI>
<bar:expiredRedirectURI xmlns:bar="http://www.company.com/wyona/1.0">/login/expired.html</bar:expiredRedirectURI>
</web-authenticator>
Yanel includes a CAS based SSO web authenticator org.wyona.yanel.servlet.security.impl.CASWebAuthenticatorImpl
, whereas a sample configuration can be found at src/realms/yanel-website/realm.xml
. Also see the documentation about SSO for Yanel using CAS.