Migrating trust association interceptors

You can manually migrate trust associations.

Note: Data sources are not supported for use within a Trust association interceptor (TAI). Data sources are intended for use within Java Platform, Enterprise Edition applications and designed to operate within the EJB and web containers. Trust association interceptors do not run within a container, and while data sources might function in the TAI environment, they are untested and not guaranteed to function properly.

The followings sections provide information about migrating TAIs.

Changes to the custom trust association interceptors

The following changes apply to the WebSphereBaseTrustAssociationInterceptor abstract class.

Use of the public int init (String propsFile) method is deprecated

The public int init (java.util.Properties props) method in the com.ibm.websphere.security.WebSphereBaseTrustAssociationInterceptor class replaces the public int init (String propsFile) method.

The init(Properties) method accepts a java.util.Properties object, which contains the set of properties that is required to initialize the interceptor. All of the properties set for an interceptor are sent to this method. The interceptor can then use these properties to initialize itself. For example, in the product-provided implementation for the WebSEAL server, this method reads the hosts and ports so that an incoming request can be verified to come from trusted hosts and ports. A return value of zero implies that the interceptor initialization is successful. Any other value implies that the initialization is not successful and the interceptor is not used.

The init(String) method still works if you want to use it instead of implementing the init(Properties) method. The only requirement is that you enter the file name that contains the custom trust association properties by using the Custom Properties link of the interceptor in the administrative console or by using scripts. You can enter the property by using either of the following methods. The first method is used for compatibility with previous versions of WebSphere Application Server.
Method 1
[AIX Solaris HP-UX Linux Windows] The same property names that are used in the previous release are used to obtain the file name. The file name is obtained by concatenating .config to the com.ibm.websphere.security.trustassociation.types property value. If the myTAI.properties file is located in the app_server_root/properties directory, set the following properties:
  • com.ibm.websphere.security.trustassociation.types = myTAItype
  • com.ibm.websphere.security.trustassociation.myTAItype.config = app_server_root/properties/myTAI.properties
[IBM i] If the myTAI.properties file is located in the profile_root/properties directory, set the following properties:
  • com.ibm.websphere.security.trustassociation.types = myTAItype
  • com.ibm.websphere.security.trustassociation.myTAItype.config = profile_root/properties/myTAI.properties
Method 2
You can set the com.ibm.websphere.security.trustassociation.initPropsFile property in the trust association custom properties to the location of the file.
[AIX Solaris HP-UX Linux Windows] For example, set the following property.
com.ibm.websphere.security.trustassociation.initPropsFile=
app_server_root/properties/myTAI.properties
[IBM i]The following example demonstrates how to set the property on IBM i systems.
com.ibm.websphere.security.trustassociation.initPropsFile=
profile_root/properties/myTAI.properties

The previous line of code is split into two lines for illustrative purposes only. Type as one continuous line.

However, changing your implementation to implement the init(Properties) method is a better practice than relying on the init (String propsfile) method.

Init error status values are changed

If the custom interceptor extends the com.ibm.websphere.security.WebSphereBaseTrustAssociationInterceptor class, implement the new public int init (java.util.Properties props) method to initialize the interceptor as described previously.

However, if a previous implementation of the trust association interceptor returns a different error status, you can either change your implementation to match the expectations or make one of the following changes:
Method 1
Add the com.ibm.websphere.security.trustassociation.initStatus property in the trust association interceptor custom properties. Set the property to the value that indicates the interceptor is successfully initialized. All of the other possible values imply failure. If a failure occurs, the corresponding trust association interceptor is not used.
Method 2
Add the com.ibm.websphere.security.trustassociation.ignoreInitStatus property in the trust association interceptor custom properties. Set the value of this property to true, which tells WebSphere Application Server to ignore the status of this method. If you add this property to the custom properties, WebSphere Application Server does not check the return status, which is similar to previous versions of WebSphere Application Server.

Migrating custom trust association interceptors

The trust associations from previous versions of WebSphere Application Server are not automatically migrated to WebSphere Application Server Version 9.0. You can manually migrate these trust associations by using the following steps:

Procedure

  1. Recompile the implementation file, if necessary.

    For more information, see Changes to the custom trust association interceptors.

    [AIX Solaris HP-UX Linux Windows]To recompile the implementation file, type the following code:
    %WAS_HOME%/java/bin/javac -classpath %WAS_HOME%/plugins/com.ibm.ws.runtime.jar;
%WAS_HOME%/dev/JavaEE/j2ee.jar your_implementation_file.java
    The previous line of code is broken into two lines for illustrative purposes only. Type the code as one continuous line.
    [IBM i]
    1. Enter QSH from a command line to start the Qshell environment.
    2. Change to the directory that contains your Java™ source file.
    3. Enter the command to recompile the implementation file. 
      javac -Djava.version=1.6 -classpath 
app_server_root/plugins/com.ibm.ws.runtime.jar:install_root/dev/JavaEE/j2ee.jar your_implementation_file.java
  2. [AIX Solaris HP-UX Linux Windows]Identify the trust association interceptor class file for use when the server is restarted. Place the file either at the app_server_root/classes directory OR use the Java virtual machine (JVM) system property, -Dws.ext.dirs to specify where the file resides.
  3. [IBM i]Copy the custom trust association interceptor class files to a location in your product class path.
    Copy these class files into the profile_root/classes directory.
  4. Restart all the serversWebSphere Application Server.
  5. Enable security to use the trust association interceptor.
    The properties that are located in your custom trust association properties file and in the trustedserver.properties file are not migrated from previous versions of WebSphere Application Server. You must migrate the appropriate properties to WebSphere Application Server Version 9.0 using the trust association pages in the administrative console.

    For more information, see Configuring trust association interceptors.